Work on authentication
This commit is contained in:
jfefe
parent
65ff78f61a
commit
8027759304
@ -16,6 +16,8 @@
|
||||
*/
|
||||
|
||||
use Luracast\Restler\Restler;
|
||||
use Luracast\Restler\RestException;
|
||||
|
||||
|
||||
/**
|
||||
* Class for API
|
||||
@ -78,7 +80,6 @@ class DolibarrApi {
|
||||
|
||||
/**
|
||||
* API init
|
||||
* This class exists to show 200 code when request url root /api/
|
||||
*
|
||||
*/
|
||||
class DolibarrApiInit extends DolibarrApi {
|
||||
@ -86,5 +87,54 @@ class DolibarrApiInit extends DolibarrApi {
|
||||
function __construct() {
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* Log user with login and password
|
||||
* @todo : to finish!
|
||||
*
|
||||
* @param string $login
|
||||
* @param string $password
|
||||
* @param int $entity
|
||||
* @throws RestException
|
||||
*/
|
||||
public function login($login, $password, $entity = '') {
|
||||
|
||||
}
|
||||
// Authentication mode
|
||||
if (empty($dolibarr_main_authentication))
|
||||
$dolibarr_main_authentication = 'http,dolibarr';
|
||||
// Authentication mode: forceuser
|
||||
if ($dolibarr_main_authentication == 'forceuser' && empty($dolibarr_auto_user))
|
||||
$dolibarr_auto_user = 'auto';
|
||||
// Set authmode
|
||||
$authmode = explode(',', $dolibarr_main_authentication);
|
||||
|
||||
include_once DOL_DOCUMENT_ROOT . '/core/lib/security2.lib.php';
|
||||
$login = checkLoginPassEntity($login, $password, $entity, $authmode);
|
||||
if (empty($login))
|
||||
{
|
||||
throw new RestException(403, 'Access denied');
|
||||
}
|
||||
|
||||
return array(
|
||||
'success' => array(
|
||||
'code' => 200,
|
||||
'message' => 'Welcome ' . $login
|
||||
)
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* @access protected
|
||||
* @class DolibarrApiAccess {@requires admin}
|
||||
*/
|
||||
public function status() {
|
||||
require_once DOL_DOCUMENT_ROOT . '/core/lib/functions.lib.php';
|
||||
return array(
|
||||
'success' => array(
|
||||
'code' => 200,
|
||||
'dolibarr_version' => DOL_VERSION
|
||||
)
|
||||
);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
83
htdocs/api/class/api_access.class.php
Normal file
83
htdocs/api/class/api_access.class.php
Normal file
@ -0,0 +1,83 @@
|
||||
<?php
|
||||
|
||||
use \Luracast\Restler\iAuthenticate;
|
||||
use \Luracast\Restler\Resources;
|
||||
use \Luracast\Restler\Defaults;
|
||||
|
||||
require_once DOL_DOCUMENT_ROOT.'/user/class/user.class.php';
|
||||
|
||||
/**
|
||||
* Description of DolibarrApiAccess
|
||||
*
|
||||
* @author jfefe
|
||||
*/
|
||||
class DolibarrApiAccess implements iAuthenticate
|
||||
{
|
||||
const REALM = 'Restricted Dolibarr API';
|
||||
const TEST_KEY = 'changeme';
|
||||
|
||||
/**
|
||||
*
|
||||
* @var string $role user / external / admin
|
||||
* @var string $requires
|
||||
*/
|
||||
public static $requires = 'user';
|
||||
public static $role = 'user';
|
||||
|
||||
public function __isAllowed()
|
||||
{
|
||||
|
||||
//@todo hardcoded api_key=>role for brevity
|
||||
//
|
||||
$roles = array('123' => 'user', '456' => 'external', '789' => 'admin');
|
||||
|
||||
$userClass = Defaults::$userIdentifierClass;
|
||||
|
||||
// for dev @todo : remove this!
|
||||
static::$role = 'user';
|
||||
|
||||
if( isset($_GET['test_key'])) {
|
||||
if( ! $_GET['test_key'] == DolibarrApiAccess::TEST_KEY) {
|
||||
$userClass::setCacheIdentifier($_GET['test_key']);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
elseif (isset($_GET['api_key'])) {
|
||||
// @todo : check from database
|
||||
if (!array_key_exists($_GET['api_key'], $roles)) {
|
||||
$userClass::setCacheIdentifier($_GET['api_key']);
|
||||
return false;
|
||||
}
|
||||
static::$role = $roles[$_GET['api_key']];
|
||||
}
|
||||
else
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
|
||||
$userClass::setCacheIdentifier(static::$role);
|
||||
Resources::$accessControlFunction = 'DolibarrApiAccess::verifyAccess';
|
||||
return static::$requires == static::$role || static::$role == 'admin';
|
||||
}
|
||||
|
||||
public function __getWWWAuthenticateString()
|
||||
{
|
||||
return 'Query name="api_key"';
|
||||
}
|
||||
|
||||
/**
|
||||
* @access private
|
||||
*/
|
||||
public static function verifyAccess(array $m)
|
||||
{
|
||||
$requires =
|
||||
isset($m['class']['DolibarrApiAccess']['properties']['requires'])
|
||||
? $m['class']['DolibarrApiAccess']['properties']['requires']
|
||||
: false;
|
||||
return $requires
|
||||
? static::$role == 'admin' || static::$role == $requires
|
||||
: true;
|
||||
}
|
||||
}
|
||||
@ -34,6 +34,7 @@ if (! $res) die("Include of main fails");
|
||||
|
||||
require_once DOL_DOCUMENT_ROOT.'/includes/restler/vendor/autoload.php';
|
||||
require_once DOL_DOCUMENT_ROOT.'/api/class/api.class.php';
|
||||
require_once DOL_DOCUMENT_ROOT.'/api/class/api_access.class.php';
|
||||
require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';
|
||||
|
||||
// Enable and test if module Api is enabled
|
||||
@ -46,11 +47,15 @@ if (empty($conf->global->MAIN_MODULE_API))
|
||||
exit;
|
||||
}
|
||||
|
||||
use Luracast\Restler\Defaults;
|
||||
|
||||
|
||||
$api = new DolibarrApi($db);
|
||||
|
||||
$api->r->setSupportedFormats('JsonFormat', 'XmlFormat');
|
||||
$api->r->addAPIClass('Luracast\\Restler\\Resources'); //this creates resources.json at API Root
|
||||
$api->r->addAPIClass('DolibarrApiInit',''); // Just for url root page
|
||||
$api->r->setSupportedFormats('JsonFormat', 'XmlFormat');
|
||||
$api->r->addAuthenticationClass('DolibarrApiAccess','');
|
||||
|
||||
$modulesdir = dolGetModulesDirs();
|
||||
foreach ($modulesdir as $dir)
|
||||
|
||||
Loading…
Reference in New Issue
Block a user