lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add option API_DISABLE_LOGIN_API

Browse Source
This commit is contained in:
Laurent Destailleur 2021-04-07 19:07:22 +02:00
parent f4d56c710b
commit 87d4e6e2c5
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
htdocs/api/class/api_login.class.php
View File

@ -58,7 +58,11 @@ class Login
{
global $conf, $dolibarr_main_authentication, $dolibarr_auto_user;
// TODO Remove the API login. The token must be generated from backoffice only.
// Is the login API disabled ? The token must be generated from backoffice only.
if (! empty($conf->global->API_DISABLE_LOGIN_API)) {
dol_syslog("Warning: A try to use the login API has been done while the login API is disabled. You must generate or get the token from the backoffice.", LOG_WARNING);
throw new RestException(403, "Error, the login API has been disabled for security purpose. You must generate or get the token from the backoffice.");
}
// Authentication mode
if (empty($dolibarr_main_authentication)) {
@ -87,7 +91,7 @@ class Login
}
include_once DOL_DOCUMENT_ROOT.'/core/lib/security2.lib.php';
$login = checkLoginPassEntity($login, $password, $entity, $authmode, 'api');
$login = checkLoginPassEntity($login, $password, $entity, $authmode, 'api'); // Check credentials.
if (empty($login)) {
throw new RestException(403, 'Access denied');
}