From f8f7c4fbff5e304c0ed2cfdd7b09f9198aa2c41c Mon Sep 17 00:00:00 2001
From: Yuri Kuznetsov <yurikuzn@users.noreply.github.com>
Date: Wed, 8 Jul 2020 17:30:25 +0300
Subject: [PATCH] dev

---
 application/Espo/Core/Api/Auth.php    | 30 +++++++++++++--------------
 application/Espo/Core/Application.php |  2 +-
 application/Espo/Core/Utils/Auth.php  | 14 +++++++++----
 3 files changed, 25 insertions(+), 21 deletions(-)

diff --git a/application/Espo/Core/Api/Auth.php b/application/Espo/Core/Api/Auth.php
index a0e797e54e..6d68c4bef8 100644
--- a/application/Espo/Core/Api/Auth.php
+++ b/application/Espo/Core/Api/Auth.php
@@ -93,10 +93,8 @@ class Auth
             list($username, $password) = $this->decodeAuthorizationString($request->getHeader('Espo-Authorization'));
         } else if ($request->hasHeader('X-Hmac-Authorization')) {
             $authenticationMethod = 'Hmac';
-            $username = $this->decodeAuthorizationString($request->getHeader('X-Hmac-Authorization'))[0];
         } else if ($request->hasHeader('X-Api-Key')) {
             $authenticationMethod = 'ApiKey';
-            $username = $request->getHeader('X-Api-Key');
         }
 
         if (!$authenticationMethod) {
@@ -115,33 +113,33 @@ class Auth
             }
 
             if (!$username) {
-                $espoCgiAuth = $request->getHeader('Http-Espo-Cgi-Auth') ?? $request->getHeader('Redirect-Http-Espo-Cgi-Auth');
+                $cgiAuthString = $request->getHeader('Http-Espo-Cgi-Auth') ?? $request->getHeader('Redirect-Http-Espo-Cgi-Auth');
                 if ($cgiAuthString) {
                     list($username, $password) = $this->decodeAuthorizationString(substr($cgiAuthString, 6));
                 }
             }
         }
 
+        $hasAuthData = $username || $authenticationMethod;
+
         if (!$this->authRequired) {
-            if (!$this->isEntryPoint) {
-                if ($username && $password) {
-                    try {
-                        $isAuthenticated = $this->auth->login($username, $password, $request);
-                    } catch (Exception $e) {
-                        $this->processException($response, $e);
-                        return;
-                    }
-                    if ($isAuthenticated) {
-                        $this->resolve();
-                        return;
-                    }
+            if (!$this->isEntryPoint && $hasAuthData) {
+                try {
+                    $isAuthenticated = $this->auth->login($username, $password, $request, $authenticationMethod);
+                } catch (Exception $e) {
+                    $this->processException($response, $e);
+                    return;
+                }
+                if ($isAuthenticated) {
+                    $this->resolve();
+                    return;
                 }
             }
             $this->resolveUseNoAuth();
             return;
         }
 
-        if ($username) {
+        if ($hasAuthData) {
             try {
                 $authResult = $this->auth->login($username, $password, $request, $authenticationMethod);
             } catch (Exception $e) {
diff --git a/application/Espo/Core/Application.php b/application/Espo/Core/Application.php
index 005283a96f..87ca2c2d84 100644
--- a/application/Espo/Core/Application.php
+++ b/application/Espo/Core/Application.php
@@ -205,7 +205,7 @@ class Application
                     $apiAuth->process($requestWrapped, $responseWrapped);
 
                     if (!$apiAuth->isResolved()) {
-                        $requestWrapped->getResponse();
+                        return $responseWrapped->getResponse();
                     }
                     if ($apiAuth->isResolvedUseNoAuth()) {
                         $this->setupSystemUser();
diff --git a/application/Espo/Core/Utils/Auth.php b/application/Espo/Core/Utils/Auth.php
index aba4113736..9a0f44454b 100644
--- a/application/Espo/Core/Utils/Auth.php
+++ b/application/Espo/Core/Utils/Auth.php
@@ -137,12 +137,12 @@ class Auth
     }
 
     /**
-     * Process a username and password check.
+     * Process a credentials check.
      *
      * @return Status and additional data. NULL if failed.
      */
     public function login(
-        string $username, ?string $password = null, Request $request, ?string $authenticationMethod = null
+        ?string $username, ?string $password = null, Request $request, ?string $authenticationMethod = null
     ) : ?array {
         $isByTokenOnly = false;
 
@@ -208,7 +208,9 @@ class Auth
         }
 
         if ($isByTokenOnly && !$authToken) {
-            $GLOBALS['log']->info("AUTH: Trying to login as user '{$username}' by token but token is not found.");
+            if ($username) {
+                $GLOBALS['log']->info("AUTH: Trying to login as user '{$username}' by token but token is not found.");
+            }
             return null;
         }
 
@@ -450,7 +452,7 @@ class Auth
     }
 
     protected function createAuthLogRecord(
-        string $username, ?User $user, Request $request, ?string $authenticationMethod = null
+        ?string $username, ?User $user, Request $request, ?string $authenticationMethod = null
     ) : ?AuthLogRecord {
         if ($username === '**logout') return null;
 
@@ -458,6 +460,10 @@ class Auth
 
         $requestUrl = $request->getUri()->getScheme() . '://' . $request->getUri()->getHost() . $request->getUri()->getPath();
 
+        if (!$username && $user) {
+            $username = $user->get('userName');
+        }
+
         $authLogRecord->set([
             'username' => $username,
             'ipAddress' => $request->getServerParam('REMOTE_ADDR'),