lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

FIX add $context parameter in checkLoginPassEntity

Browse Source
This commit is contained in:
Regis Houssin 2019-08-22 10:56:07 +02:00
parent c7bec909b4
commit 90f60b0137
3 changed files with 11 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
htdocs/api/class/api_login.class.php
View File

@ -64,7 +64,9 @@ class Login
// Authentication mode
if (empty($dolibarr_main_authentication))
$dolibarr_main_authentication = 'http,dolibarr';
$dolibarr_main_authentication = preg_replace('/twofactor/', 'dolibarr', $dolibarr_main_authentication);
// this is manage directly in the module with $context parameters
//$dolibarr_main_authentication = preg_replace('/twofactor/', 'dolibarr', $dolibarr_main_authentication);
// Authentication mode: forceuser
if ($dolibarr_main_authentication == 'forceuser')
@ -87,7 +89,7 @@ class Login
if ($entity == '') $entity=1;
include_once DOL_DOCUMENT_ROOT . '/core/lib/security2.lib.php';
$login = checkLoginPassEntity($login, $password, $entity, $authmode);
$login = checkLoginPassEntity($login, $password, $entity, $authmode, 'api');
if (empty($login))
{
throw new RestException(403, 'Access denied');

5
htdocs/core/lib/security2.lib.php
View File

@ -47,9 +47,10 @@ function dol_getwebuser($mode)
* @param string $passwordtotest Password value to test
* @param string $entitytotest Instance of data we must check
* @param array $authmode Array list of selected authentication mode array('http', 'dolibarr', 'xxx'...)
* @param string $context Context checkLoginPassEntity was created for ('api', 'dav', ...)
* @return string Login or ''
*/
function checkLoginPassEntity($usertotest, $passwordtotest, $entitytotest, $authmode)
function checkLoginPassEntity($usertotest, $passwordtotest, $entitytotest, $authmode, $context = null)
{
global $conf,$langs;
//global $dolauthmode; // To return authentication finally used
@ -90,7 +91,7 @@ function checkLoginPassEntity($usertotest, $passwordtotest, $entitytotest, $auth
{
// Call function to check user/password
$function='check_user_password_'.$mode;
$login=call_user_func($function, $usertotest, $passwordtotest, $entitytotest);
$login=call_user_func($function, $usertotest, $passwordtotest, $entitytotest, $context);
if ($login) // Login is successfull
{
$test=false; // To stop once at first login success

6
htdocs/dav/fileserver.php
View File

@ -105,7 +105,9 @@ $authBackend = new \Sabre\DAV\Auth\Backend\BasicCallBack(function ($username, $p
// Authentication mode
if (empty($dolibarr_main_authentication)) $dolibarr_main_authentication='dolibarr';
$dolibarr_main_authentication = preg_replace('/twofactor/', 'dolibarr', $dolibarr_main_authentication);
// this is manage directly in the module with $context parameters
//$dolibarr_main_authentication = preg_replace('/twofactor/', 'dolibarr', $dolibarr_main_authentication);
// Authentication mode: forceuser
if ($dolibarr_main_authentication == 'forceuser')
@ -121,7 +123,7 @@ $authBackend = new \Sabre\DAV\Auth\Backend\BasicCallBack(function ($username, $p
$authmode = explode(',', $dolibarr_main_authentication);
$entity = (GETPOST('entity', 'int') ? GETPOST('entity', 'int') : (!empty($conf->entity) ? $conf->entity : 1));
if (checkLoginPassEntity($username, $password, $entity, $authmode) != $username)
if (checkLoginPassEntity($username, $password, $entity, $authmode, 'dav') != $username)
return false;
return true;