FIX Check of date of validity
This commit is contained in:
Laurent Destailleur
parent
c4245e2c05
commit
dfcba30577
@ -155,17 +155,19 @@ class DolibarrApiAccess implements iAuthenticate
|
||||
throw new RestException(503, 'Error when fetching user. This user has been locked or disabled');
|
||||
}
|
||||
|
||||
$now = dol_now();
|
||||
|
||||
// Check date start validity
|
||||
if ($fuser->datestartvalidity && $this->db->jdate($fuser->datestartvalidity) > $now) {
|
||||
throw new RestException(503, $genericmessageerroruser);
|
||||
}
|
||||
// Check date end validity
|
||||
if ($fuser->dateendvalidity && $this->db->jdate($fuser->dateendvalidity) < dol_get_first_hour($now)) {
|
||||
// Check if session was unvalidated by a password change
|
||||
if (($fuser->flagdelsessionsbefore && !empty($_SESSION["dol_logindate"]) && $fuser->flagdelsessionsbefore > $_SESSION["dol_logindate"])) {
|
||||
// Session is no more valid
|
||||
dol_syslog("The user has a date for session invalidation = ".$fuser->flagdelsessionsbefore." and a session date = ".$_SESSION["dol_logindate"].". We must invalidate its sessions.");
|
||||
throw new RestException(503, $genericmessageerroruser);
|
||||
}
|
||||
|
||||
// Check date validity
|
||||
if ($fuser->isNotIntoValidityDateRange()) {
|
||||
// User validity dates are no more valid
|
||||
dol_syslog("The user login has a validity between [".$fuser->datestartvalidity." and ".$fuser->dateendvalidity."], curren date is ".dol_now());
|
||||
throw new RestException(503, $genericmessageerroruser);
|
||||
}
|
||||
|
||||
// User seems valid
|
||||
$fuser->getrights();
|
||||
|
||||
@ -96,7 +96,8 @@ function checkLoginPassEntity($usertotest, $passwordtotest, $entitytotest, $auth
|
||||
// Call function to check user/password
|
||||
$function = 'check_user_password_'.$mode;
|
||||
$login = call_user_func($function, $usertotest, $passwordtotest, $entitytotest, $context);
|
||||
if ($login && $login != '--bad-login-validity--') { // Login is successfull
|
||||
if ($login && $login != '--bad-login-validity--') {
|
||||
// Login is successfull with this method
|
||||
$test = false; // To stop once at first login success
|
||||
$conf->authmode = $mode; // This properties is defined only when logged to say what mode was successfully used
|
||||
/*$dol_tz = GETPOST('tz');
|
||||
|
||||
@ -74,24 +74,6 @@ function check_user_password_dolibarr($usertotest, $passwordtotest, $entitytotes
|
||||
if ($resql) {
|
||||
$obj = $db->fetch_object($resql);
|
||||
if ($obj) {
|
||||
$now = dol_now();
|
||||
// Check date start validity
|
||||
if ($obj->datestartvalidity && $db->jdate($obj->datestartvalidity) > $now) {
|
||||
// Load translation files required by the page
|
||||
$langs->loadLangs(array('main', 'errors'));
|
||||
$_SESSION["dol_loginmesg"] = $langs->transnoentitiesnoconv("ErrorLoginDateValidity");
|
||||
dol_syslog("functions_dolibarr::check_user_password_dolibarr bad datestart validity", LOG_WARNING);
|
||||
return '--bad-login-validity--';
|
||||
}
|
||||
// Check date end validity
|
||||
if ($obj->dateendvalidity && $db->jdate($obj->dateendvalidity) < dol_get_first_hour($now)) {
|
||||
// Load translation files required by the page
|
||||
$langs->loadLangs(array('main', 'errors'));
|
||||
$_SESSION["dol_loginmesg"] = $langs->transnoentitiesnoconv("ErrorLoginDateValidity");
|
||||
dol_syslog("functions_dolibarr::check_user_password_dolibarr bad date end validity", LOG_WARNING);
|
||||
return '--bad-login-validity--';
|
||||
}
|
||||
|
||||
$passclear = $obj->pass;
|
||||
$passcrypted = $obj->pass_crypted;
|
||||
$passtyped = $passwordtotest;
|
||||
@ -121,7 +103,7 @@ function check_user_password_dolibarr($usertotest, $passwordtotest, $entitytotes
|
||||
if ((!$passcrypted || $passtyped)
|
||||
&& ($passclear && ($passtyped == $passclear))) {
|
||||
$passok = true;
|
||||
dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ok - found pass in database");
|
||||
dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ok - found old pass in database", LOG_WARNING);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -92,8 +92,7 @@ $tmpDir = $conf->dav->multidir_output[$entity]; // We need root dir, not a dir t
|
||||
|
||||
// Authentication callback function
|
||||
$authBackend = new \Sabre\DAV\Auth\Backend\BasicCallBack(function ($username, $password) {
|
||||
global $user;
|
||||
global $conf;
|
||||
global $user, $conf;
|
||||
global $dolibarr_main_authentication, $dolibarr_auto_user;
|
||||
|
||||
if (empty($user->login)) {
|
||||
@ -101,7 +100,7 @@ $authBackend = new \Sabre\DAV\Auth\Backend\BasicCallBack(function ($username, $p
|
||||
return false;
|
||||
}
|
||||
if ($user->socid > 0) {
|
||||
dol_syslog("Failed to authenticate to DAV, use is an external user", LOG_WARNING);
|
||||
dol_syslog("Failed to authenticate to DAV, user is an external user", LOG_WARNING);
|
||||
return false;
|
||||
}
|
||||
if ($user->login != $username) {
|
||||
@ -132,6 +131,20 @@ $authBackend = new \Sabre\DAV\Auth\Backend\BasicCallBack(function ($username, $p
|
||||
return false;
|
||||
}
|
||||
|
||||
// Check if session was unvalidated by a password change
|
||||
if (($user->flagdelsessionsbefore && !empty($_SESSION["dol_logindate"]) && $user->flagdelsessionsbefore > $_SESSION["dol_logindate"])) {
|
||||
// Session is no more valid
|
||||
dol_syslog("The user has a date for session invalidation = ".$user->flagdelsessionsbefore." and a session date = ".$_SESSION["dol_logindate"].". We must invalidate its sessions.");
|
||||
return false;
|
||||
}
|
||||
|
||||
// Check date validity
|
||||
if ($user->isNotIntoValidityDateRange()) {
|
||||
// User validity dates are no more valid
|
||||
dol_syslog("The user login has a validity between [".$user->datestartvalidity." and ".$user->dateendvalidity."], curren date is ".dol_now());
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
});
|
||||
|
||||
|
||||
@ -879,8 +879,8 @@ if (!defined('NOLOGIN')) {
|
||||
exit;
|
||||
}
|
||||
|
||||
$resultFetchUser = $user->fetch('', $login, '', 1, ($entitytotest > 0 ? $entitytotest : -1)); // login was retrieved previously when checking password.
|
||||
if ($resultFetchUser <= 0) {
|
||||
$resultFetchUser = $user->fetch('', $login, '', 1, ($entitytotest > 0 ? $entitytotest : -1)); // value for $login was retrieved previously when checking password.
|
||||
if ($resultFetchUser <= 0 || $user->isNotIntoValidityDateRange()) {
|
||||
dol_syslog('User not found, connexion refused');
|
||||
session_destroy();
|
||||
session_set_cookie_params(0, '/', null, (empty($dolibarr_main_force_https) ? false : true), true); // Add tag secure and httponly on session cookie
|
||||
@ -894,11 +894,17 @@ if (!defined('NOLOGIN')) {
|
||||
$_SESSION["dol_loginmesg"] = $langs->transnoentitiesnoconv("ErrorCantLoadUserFromDolibarrDatabase", $login);
|
||||
|
||||
$user->trigger_mesg = 'ErrorCantLoadUserFromDolibarrDatabase - login='.$login;
|
||||
}
|
||||
if ($resultFetchUser < 0) {
|
||||
} elseif ($resultFetchUser < 0) {
|
||||
$_SESSION["dol_loginmesg"] = $user->error;
|
||||
|
||||
$user->trigger_mesg = $user->error;
|
||||
} else {
|
||||
// Load translation files required by the page
|
||||
$langs->loadLangs(array('main', 'errors'));
|
||||
|
||||
$_SESSION["dol_loginmesg"] = $langs->transnoentitiesnoconv("ErrorLoginDateValidity");
|
||||
|
||||
$user->trigger_mesg = $langs->trans("ErrorLoginDateValidity").' - login='.$login;
|
||||
}
|
||||
|
||||
// Call trigger
|
||||
@ -943,13 +949,18 @@ if (!defined('NOLOGIN')) {
|
||||
dol_syslog("- This is an already logged session. _SESSION['dol_login']=".$login." _SESSION['dol_entity']=".$entity, LOG_DEBUG);
|
||||
|
||||
$resultFetchUser = $user->fetch('', $login, '', 1, ($entity > 0 ? $entity : -1));
|
||||
if ($resultFetchUser <= 0 || ($user->flagdelsessionsbefore && !empty($_SESSION["dol_logindate"]) && $user->flagdelsessionsbefore > $_SESSION["dol_logindate"])) {
|
||||
if ($resultFetchUser <= 0
|
||||
|| ($user->flagdelsessionsbefore && !empty($_SESSION["dol_logindate"]) && $user->flagdelsessionsbefore > $_SESSION["dol_logindate"])
|
||||
|| ($user->isNotIntoValidtyDateRange())) {
|
||||
if ($resultFetchUser <= 0) {
|
||||
// Account has been removed after login
|
||||
dol_syslog("Can't load user even if session logged. _SESSION['dol_login']=".$login, LOG_WARNING);
|
||||
} else {
|
||||
} elseif ($user->flagdelsessionsbefore && !empty($_SESSION["dol_logindate"]) && $user->flagdelsessionsbefore > $_SESSION["dol_logindate"]) {
|
||||
// Session is no more valid
|
||||
dol_syslog("The user has a date for session invalidation = ".$user->flagdelsessionsbefore." and a session date = ".$_SESSION["dol_logindate"].". We must invalidate its sessions.");
|
||||
} else {
|
||||
// User validity dates are no more valid
|
||||
dol_syslog("The user login has a validity between [".$user->datestartvalidity." and ".$user->dateendvalidity."], curren date is ".dol_now());
|
||||
}
|
||||
session_destroy();
|
||||
session_set_cookie_params(0, '/', null, (empty($dolibarr_main_force_https) ? false : true), true); // Add tag secure and httponly on session cookie
|
||||
|
||||
@ -1885,8 +1885,12 @@ class User extends CommonObject
|
||||
$this->employee = ($this->employee > 0 ? $this->employee : 0);
|
||||
$this->login = trim((string) $this->login);
|
||||
$this->gender = trim((string) $this->gender);
|
||||
|
||||
$this->pass = trim((string) $this->pass);
|
||||
$this->api_key = trim((string) $this->api_key);
|
||||
$this->datestartvalidity = empty($this->datestartvalidity) ? '' : $this->datestartvalidity;
|
||||
$this->dateendvalidity = empty($this->dateendvalidity) ? '' : $this->dateendvalidity;
|
||||
|
||||
$this->address = trim((string) $this->address);
|
||||
$this->zip = trim((string) $this->zip);
|
||||
$this->town = trim((string) $this->town);
|
||||
@ -1911,8 +1915,7 @@ class User extends CommonObject
|
||||
$this->color = trim((string) $this->color);
|
||||
$this->dateemployment = empty($this->dateemployment) ? '' : $this->dateemployment;
|
||||
$this->dateemploymentend = empty($this->dateemploymentend) ? '' : $this->dateemploymentend;
|
||||
$this->datestartvalidity = empty($this->datestartvalidity) ? '' : $this->datestartvalidity;
|
||||
$this->dateendvalidity = empty($this->dateendvalidity) ? '' : $this->dateendvalidity;
|
||||
|
||||
$this->birth = empty($this->birth) ? '' : $this->birth;
|
||||
$this->fk_warehouse = (int) $this->fk_warehouse;
|
||||
|
||||
@ -2695,6 +2698,31 @@ class User extends CommonObject
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Return a link with photo
|
||||
* Use this->id,this->photo
|
||||
*
|
||||
* @return int 0=No more valid, >0 if OK
|
||||
*/
|
||||
public function isNotIntoValidtyDateRange()
|
||||
{
|
||||
include_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php';
|
||||
|
||||
$now = dol_now();
|
||||
|
||||
// Check date start validity
|
||||
if ($this->datestartvalidity && $this->datestartvalidity > dol_get_last_hour($now)) {
|
||||
return 0;
|
||||
}
|
||||
// Check date end validity
|
||||
if ($this->dateendvalidity && $this->dateendvalidity < dol_get_first_hour($now)) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Return a link with photo
|
||||
* Use this->id,this->photo
|
||||
|
||||
Loading…
Reference in New Issue
Block a user