NEW Rest API token is no more reset at each call. We can reset it with
param reset=1 on login call.
This commit is contained in:
Laurent Destailleur
parent
ee3d25d9fa
commit
382df0d8f1
@ -156,7 +156,7 @@ $urlwithroot=$urlwithouturlroot.DOL_URL_ROOT; // This is to use external domain
|
||||
// Show message
|
||||
print '<br>';
|
||||
$message='';
|
||||
$url='<a href="'.$urlwithroot.'/api/index.php/login?login='.urlencode($user->login).'&password=yourpassword" target="_blank">'.$urlwithroot.'/api/index.php/login?login='.urlencode($user->login).'&password=yourpassword</a>';
|
||||
$url='<a href="'.$urlwithroot.'/api/index.php/login?login='.urlencode($user->login).'&password=yourpassword" target="_blank">'.$urlwithroot.'/api/index.php/login?login='.urlencode($user->login).'&password=yourpassword[&reset=1]</a>';
|
||||
$message.=$langs->trans("UrlToGetKeyToUseAPIs").':<br>';
|
||||
$message.=img_picto('','object_globe.png').' '.$url;
|
||||
print $message;
|
||||
|
||||
@ -43,11 +43,12 @@ class GenericApi extends DolibarrApi
|
||||
* @param string $login Username
|
||||
* @param string $password User password
|
||||
* @param int $entity User entity
|
||||
* @return array Response status and user token
|
||||
* @param int $reset Reset token
|
||||
* @return array Response status and user token
|
||||
*
|
||||
* @throws RestException
|
||||
*/
|
||||
public function login($login, $password, $entity = 0) {
|
||||
public function login($login, $password, $entity=0, $reset=0) {
|
||||
|
||||
global $conf, $dolibarr_main_authentication, $dolibarr_auto_user;
|
||||
|
||||
@ -67,27 +68,40 @@ class GenericApi extends DolibarrApi
|
||||
throw new RestException(403, 'Access denied');
|
||||
}
|
||||
|
||||
// Generate token for user
|
||||
$token = dol_hash($login.uniqid().$conf->global->MAIN_API_KEY,1);
|
||||
|
||||
// We store API token into database
|
||||
$sql = "UPDATE ".MAIN_DB_PREFIX."user";
|
||||
$sql.= " SET api_key = '".$this->db->escape($token)."'";
|
||||
$sql.= " WHERE login = '".$this->db->escape($login)."'";
|
||||
|
||||
dol_syslog(get_class($this)."::login", LOG_DEBUG); // No log
|
||||
$result = $this->db->query($sql);
|
||||
if (!$result)
|
||||
$token = 'failedtogenerateorgettoken';
|
||||
|
||||
$tmpuser=new User($this->db);
|
||||
$tmpuser->fetch(0, $login);
|
||||
|
||||
// Renew the hash
|
||||
if (empty($tmpuser->api_key) || $reset)
|
||||
{
|
||||
throw new RestException(500, 'Error when updating user :'.$this->db->error_msg);
|
||||
// Generate token for user
|
||||
$token = dol_hash($login.uniqid().$conf->global->MAIN_API_KEY,1);
|
||||
|
||||
// We store API token into database
|
||||
$sql = "UPDATE ".MAIN_DB_PREFIX."user";
|
||||
$sql.= " SET api_key = '".$this->db->escape($token)."'";
|
||||
$sql.= " WHERE login = '".$this->db->escape($login)."'";
|
||||
|
||||
dol_syslog(get_class($this)."::login", LOG_DEBUG); // No log
|
||||
$result = $this->db->query($sql);
|
||||
if (!$result)
|
||||
{
|
||||
throw new RestException(500, 'Error when updating api_key for user :'.$this->db->lasterror());
|
||||
}
|
||||
}
|
||||
|
||||
else
|
||||
{
|
||||
$token = $tmpuser->api_key;
|
||||
}
|
||||
|
||||
//return token
|
||||
return array(
|
||||
'success' => array(
|
||||
'code' => 200,
|
||||
'token' => $token,
|
||||
'message' => 'Welcome ' . $login
|
||||
'message' => 'Welcome ' . $login.($reset?' - Token is new':' - Token was generated by a previous call')
|
||||
)
|
||||
);
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user