composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-04-21 09:38:48 +02:00
Code Issues Packages Projects Releases Wiki Activity

Properly handle external and basic authentication methods for REST web services.

Browse Source 
SVN:2.0.2[3171]
This commit is contained in:
Denis Flaven
2014-05-23 13:58:37 +00:00
parent 6703d5621d
commit f72e1dd542
2 changed files with 47 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
application/loginwebpage.class.inc.php
View File

@@ -33,6 +33,7 @@ class LoginWebPage extends NiceWebPage
{
const EXIT_PROMPT = 0;
const EXIT_HTTP_401 = 1;
const EXIT_RETURN_FALSE = 2;
protected static $sHandlerClass = __class__;
public static function RegisterHandler($sClass)
@@ -561,11 +562,17 @@ EOF
{
$sLoginMode = $aAllowedLoginTypes[0]; // First in the list...
}
if ($iOnExit == self::EXIT_HTTP_401)
if (($iOnExit == self::EXIT_HTTP_401) || ($sLoginMode == 'basic'))
{
header("HTTP/1.0 401 Unauthorized");
header('WWW-Authenticate: Basic realm="'.Dict::Format('UI:iTopVersion:Short', ITOP_VERSION));
header('HTTP/1.0 401 Unauthorized');
header('Content-type: text/html; charset=iso-8859-1');
exit;
}
else if($iOnExit == self::EXIT_RETURN_FALSE)
{
return false;
}
else
{
$oPage = self::NewLoginWebPage();
@@ -580,11 +587,17 @@ EOF
{
//echo "Check Credentials returned false for user $sAuthUser!";
self::ResetSession();
if ($iOnExit == self::EXIT_HTTP_401)
if (($iOnExit == self::EXIT_HTTP_401))
{
header("HTTP/1.0 401 Unauthorized");
header('WWW-Authenticate: Basic realm="'.Dict::Format('UI:iTopVersion:Short', ITOP_VERSION));
header('HTTP/1.0 401 Unauthorized');
header('Content-type: text/html; charset=iso-8859-1');
exit;
}
else if($iOnExit == self::EXIT_RETURN_FALSE)
{
return false;
}
else
{
$oPage = self::NewLoginWebPage();
@@ -612,6 +625,7 @@ EOF
}
}
}
return true;
}
/**
@@ -718,7 +732,7 @@ EOF
$sMessage = Dict::S('UI:Login:PasswordChanged');
}
self::Login($iOnExit);
$bRet = self::Login($iOnExit);
if ($bMustBeAdmin && !UserRights::IsAdministrator())
{
@@ -730,6 +744,13 @@ EOF
exit;
}
call_user_func(array(self::$sHandlerClass, 'ChangeLocation'), $bIsAllowedToPortalUsers);
return $sMessage;
if ($iOnExit == self::EXIT_RETURN_FALSE)
{
return $bRet;
}
else
{
return $sMessage;
}
}
} // End of class

36
webservices/rest.php
View File

@@ -61,6 +61,7 @@
if (!defined('__DIR__')) define('__DIR__', dirname(__FILE__));
require_once(__DIR__.'/../approot.inc.php');
require_once(APPROOT.'/application/application.inc.php');
require_once(APPROOT.'/application/loginwebpage.class.inc.php');
require_once(APPROOT.'/application/ajaxwebpage.class.inc.php');
require_once(APPROOT.'/application/startup.inc.php');
@@ -95,23 +96,26 @@ try
{
utils::UseParamFile();
$sAuthUser = utils::ReadParam('auth_user', null, false, 'raw_data');
if ($sAuthUser === null)
if (!LoginWebPage::DoLogin(false, false, LoginWebPage::EXIT_RETURN_FALSE))
{
throw new Exception("Missing parameter 'auth_user'", RestResult::MISSING_AUTH_USER);
}
$sAuthPwd = utils::ReadParam('auth_pwd', null, false, 'raw_data');
if ($sAuthPwd === null)
{
throw new Exception("Missing parameter 'auth_pwd'", RestResult::MISSING_AUTH_PWD);
}
if (UserRights::CheckCredentials($sAuthUser, $sAuthPwd))
{
UserRights::Login($sAuthUser); // Login & set the user's language
}
else
{
throw new Exception("Invalid login '$sAuthUser'", RestResult::UNAUTHORIZED);
$sAuthUser = utils::ReadParam('auth_user', null, false, 'raw_data');
if ($sAuthUser === null)
{
throw new Exception("Missing parameter 'auth_user'", RestResult::MISSING_AUTH_USER);
}
$sAuthPwd = utils::ReadParam('auth_pwd', null, false, 'raw_data');
if ($sAuthPwd === null)
{
throw new Exception("Missing parameter 'auth_pwd'", RestResult::MISSING_AUTH_PWD);
}
if (UserRights::CheckCredentials($sAuthUser, $sAuthPwd))
{
UserRights::Login($sAuthUser); // Login & set the user's language
}
else
{
throw new Exception("Invalid login '$sAuthUser'", RestResult::UNAUTHORIZED);
}
}
$sVersion = utils::ReadParam('version', null, false, 'raw_data');