viscous/espocrm
1
0
Fork 0
mirror of https://github.com/espocrm/espocrm.git synced 2026-06-28 23:16:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

portal auth

Browse Source
This commit is contained in:
yuri
2016-01-05 11:49:14 +02:00
parent ef9c5da2d6
commit 3177945146
8 changed files with 93 additions and 121 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
application/Espo/Core/Application.php
View File

@@ -71,12 +71,9 @@ class Application
return $this->metadata;
}
protected function getAuth()
protected function createAuth()
{
if (empty($this->auth)) {
$this->auth = new \Espo\Core\Utils\Auth($this->container);
}
return $this->auth;
return new \Espo\Core\Utils\Auth($this->container);
}
public function getContainer()
@@ -111,7 +108,7 @@ class Application
$entryPointManager = new \Espo\Core\EntryPointManager($container);
try {
$auth = $this->getAuth();
$auth = new \Espo\Core\Utils\Auth($this->container, $entryPointManager->checkAllowPortal($entryPoint));
$apiAuth = new \Espo\Core\Utils\Api\Auth($auth, $entryPointManager->checkAuthRequired($entryPoint), true);
$slim->add($apiAuth);
@@ -127,7 +124,7 @@ class Application
public function runCron()
{
$auth = $this->getAuth();
$auth = $this->createAuth();
$auth->useNoAuth(true);
$cronManager = new \Espo\Core\CronManager($this->container);
@@ -168,7 +165,7 @@ class Application
$slim = $this->getSlim();
try {
$auth = $this->getAuth();
$auth = $this->createAuth();
} catch (\Exception $e) {
$container->get('output')->processError($e->getMessage(), $e->getCode());
}

8
application/Espo/Core/ApplicationPortal.php
View File

@@ -62,14 +62,6 @@ class ApplicationPortal extends Application
$this->initAutoloads();
}
protected function getAuth()
{
if (empty($this->auth)) {
$this->auth = new \Espo\Core\Utils\AuthPortal($this->getContainer());
}
return $this->auth;
}
protected function getPortal()
{
return $this->portal;

5
application/Espo/Core/Container.php
View File

@@ -47,7 +47,10 @@ class Container
if (empty($this->data[$name])) {
$this->load($name);
}
return $this->data[$name];
if (isset($this->data[$name])) {
return $this->data[$name];
}
return null;
}
protected function set($name, $obj)

9
application/Espo/Core/EntryPointManager.php
View File

@@ -81,6 +81,15 @@ class EntryPointManager
return $className::$authRequired;
}
public function checkAllowPortal($name)
{
$className = $this->getClassName($name);
if (!$className) {
throw new NotFound();
}
return $className::$allowPortal;
}
public function run($name)
{
$className = $this->getClassName($name);

2
application/Espo/Core/EntryPoints/Base.php
View File

@@ -39,6 +39,8 @@ abstract class Base
public static $authRequired = true;
public static $allowPortal = true;
protected function getContainer()
{
return $this->container;

75
application/Espo/Core/Utils/Auth.php
View File

@@ -32,16 +32,30 @@ namespace Espo\Core\Utils;
use \Espo\Core\Exceptions\Error;
use \Espo\Core\Exceptions\Forbidden;
use \Espo\Entities\Portal;
class Auth
{
protected $container;
protected $authentication;
public function __construct(\Espo\Core\Container $container)
protected $allowAnyAccess;
const ACCESS_CRM_ONLY = 0;
const ACCESS_PORTAL_ONLY = 1;
const ACCESS_ANY = 3;
private $portal;
public function __construct(\Espo\Core\Container $container, $allowAnyAccess = false)
{
$this->container = $container;
$this->allowAnyAccess = $allowAnyAccess;
$authenticationMethod = $this->getConfig()->get('authenticationMethod', 'Espo');
$authenticationClassName = "\\Espo\\Core\\Utils\\Authentication\\" . $authenticationMethod;
$this->authentication = new $authenticationClassName($this->getConfig(), $this->getEntityManager(), $this);
@@ -54,6 +68,27 @@ class Auth
return $this->container;
}
protected function setPortal(Portal $portal)
{
$this->portal = $portal;
}
protected function isPortal()
{
if ($this->portal) {
return true;
}
return !!$this->getContainer()->get('portal');
}
protected function getPortal()
{
if ($this->portal) {
return $this->portal;
}
return $this->getContainer()->get('portal');
}
protected function getConfig()
{
return $this->getContainer()->get('config');
@@ -79,11 +114,31 @@ class Auth
$this->getContainer()->setUser($user);
}
public function login($username, $password)
{
$authToken = $this->getEntityManager()->getRepository('AuthToken')->where(array('token' => $password))->findOne();
if ($authToken) {
if (!$this->allowAnyAccess) {
if ($this->isPortal() && $authToken->get('portalId') !== $this->getPortal()->id) {
$GLOBALS['log']->debug("AUTH: Trying to login to portal with a token not related to portal.");
return false;
}
if (!$this->isPortal() && $authToken->get('portalId')) {
$GLOBALS['log']->debug("AUTH: Trying to login to crm with a token related to portal.");
return false;
}
}
if ($this->allowAnyAccess) {
if ($authToken->get('portalId') && !$this->isPortal()) {
$portal = $this->getEntityManager()->getEntity('Portal', $authToken->get('portalId'));
if ($portal) {
$this->setPortal($portal);
}
}
}
}
$user = $this->authentication->login($username, $password, $authToken);
if ($user) {
@@ -91,10 +146,21 @@ class Auth
$GLOBALS['log']->debug("AUTH: Trying to login as user '".$user->get('userName')."' which is not active.");
return false;
}
if (!$user->isAdmin() && $user->get('isPortalUser')) {
if (!$user->isAdmin() && !$this->isPortal() && $user->get('isPortalUser')) {
$GLOBALS['log']->debug("AUTH: Trying to login to crm as a portal user '".$user->get('userName')."'.");
return false;
}
if (!$user->isAdmin() && $this->isPortal() && !$user->get('isPortalUser')) {
$GLOBALS['log']->debug("AUTH: Trying to login to portal as user '".$user->get('userName')."' which is not portal user.");
return false;
}
if ($this->isPortal()) {
$user->set('portalId', $this->getPortal()->id);
}
$this->getEntityManager()->setUser($user);
$this->getContainer()->setUser($user);
@@ -106,6 +172,9 @@ class Auth
$authToken->set('hash', $user->get('password'));
$authToken->set('ipAddress', $_SERVER['REMOTE_ADDR']);
$authToken->set('userId', $user->id);
if ($this->isPortal()) {
$authToken->set('portalId', $this->getPortal()->id);
}
}
$authToken->set('lastAccess', date('Y-m-d H:i:s'));

95
application/Espo/Core/Utils/AuthPortal.php
View File

@@ -1,95 +0,0 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM - Open Source CRM application.
* Copyright (C) 2014-2015 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
* Website: http://www.espocrm.com
*
* EspoCRM is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* EspoCRM is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with EspoCRM. If not, see http://www.gnu.org/licenses/.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU General Public License version 3.
*
* In accordance with Section 7(b) of the GNU General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Core\Utils;
use \Espo\Core\Exceptions\Error;
use \Espo\Core\Exceptions\Forbidden;
class AuthPortal extends Auth
{
protected function getPortal()
{
return $this->getContainer()->get('portal');
}
public function login($username, $password)
{
$authToken = $this->getEntityManager()->getRepository('AuthToken')->where(array('token' => $password))->findOne();
if ($authToken) {
if ($authToken->get('portalId') !== $this->getPortal()->id) {
$GLOBALS['log']->debug("AUTH: Trying to login to portal with a token not related to portal.");
return false;
}
}
$user = $this->authentication->login($username, $password, $authToken);
if ($user) {
if (!$user->isActive()) {
$GLOBALS['log']->debug("AUTH: Trying to login to portal as user '".$user->get('userName')."' which is not active.");
return false;
}
if (!$user->isAdmin() && !$this->getEntityManager()->getRepository('Portal')->isRelated($this->getPortal(), 'users', $user)) {
$GLOBALS['log']->debug("AUTH: Trying to login to portal as user '".$user->get('userName')."' which is not related to portal.");
return false;
}
if (!$user->isAdmin() && !$user->get('isPortalUser')) {
$GLOBALS['log']->debug("AUTH: Trying to login to portal as user '".$user->get('userName')."' which is not portal user.");
return false;
}
$user->set('portalId', $this->getPortal()->id);
$this->getEntityManager()->setUser($user);
$this->getContainer()->setUser($user);
if ($this->request->headers->get('HTTP_ESPO_AUTHORIZATION')) {
if (!$authToken) {
$authToken = $this->getEntityManager()->getEntity('AuthToken');
$token = $this->createToken($user);
$authToken->set('token', $token);
$authToken->set('hash', $user->get('password'));
$authToken->set('ipAddress', $_SERVER['REMOTE_ADDR']);
$authToken->set('userId', $user->id);
$authToken->set('portalId', $this->getPortal()->id);
}
$authToken->set('lastAccess', date('Y-m-d H:i:s'));
$this->getEntityManager()->saveEntity($authToken);
$user->set('token', $authToken->get('token'));
}
return true;
}
}
}

7
application/Espo/Resources/metadata/app/aclPortal.json
View File

@@ -49,11 +49,6 @@
},
"scopeLevelTypesDefaults": {
"boolean": false,
"record": {
"read": "no",
"stream": "no",
"edit": "no",
"delete": "no"
}
"record": false
}
}