Your IP : 3.15.147.162

Current Path : /home/bitrix/ext_www/klimatlend.ua/bitrix/modules/rest/lib/apauth/
Upload File :
Current File : /home/bitrix/ext_www/klimatlend.ua/bitrix/modules/rest/lib/apauth/auth.php

<?php
/**
 * Bitrix Framework
 * @package bitrix
 * @subpackage rest
 * @copyright 2001-2016 Bitrix
 */

namespace Bitrix\Rest\APAuth;

use Bitrix\Main\Authentication\ApplicationManager;
use Bitrix\Main\Authentication\ApplicationPasswordTable;
use Bitrix\Main\Context;
use Bitrix\Main\Type\DateTime;
use Bitrix\Main\UserTable;

class Auth
{
	const AUTH_TYPE = 'apauth';

	protected static $authQueryParams = array(
		'UID' => 'aplogin', 'PASSWORD' => 'ap',
	);

	protected static $integrationScope = array('crm', 'telephony', 'imopenlines');

	protected static $scopeCache = array();

	public static function onRestCheckAuth(array $query, $scope, &$res)
	{
		$auth = null;
		foreach(static::$authQueryParams as $key)
		{
			if(array_key_exists($key, $query))
			{
				$auth[$key] = $query[$key];
			}
		}

		if(count($auth) === count(static::$authQueryParams))
		{
			if(!defined('REST_APAUTH_ALLOW_HTTP') && !Context::getCurrent()->getRequest()->isHttps())
			{
				$res = array('error' => 'INVALID_REQUEST', 'error_description' => 'Https required.');
				return false;
			}

			$tokenInfo = static::check($auth, $scope);

			if(is_array($tokenInfo))
			{
				$error = array_key_exists('error', $tokenInfo);

				if(!$error && $tokenInfo['user_id'] > 0)
				{
					$tokenInfo['scope'] = implode(',', static::getPasswordScope($tokenInfo['password_id']));

					if(!\CRestUtil::makeAuth($tokenInfo))
					{
						$tokenInfo = array('error' => 'authorization_error', 'error_description' => 'Unable to authorize user');
						$error = true;
					}
					else
					{
						PasswordTable::update($tokenInfo['password_id'], array(
							'DATE_LOGIN' => new DateTime(),
							'LAST_IP' => Context::getCurrent()->getRequest()->getRemoteAddress(),
						));

						unset($tokenInfo['application_id']);
					}
				}

				$res = $tokenInfo;

				$res['parameters_clear'] = static::$authQueryParams;
				$res['auth_type'] = static::AUTH_TYPE;

				return !$error;
			}

			return false;
		}

		return null;
	}

	protected static function check($auth, $scope)
	{
		$result = array('error' => 'INVALID_CREDENTIALS', 'error_description' => 'Invalid request credentials');

		$uid = $auth[static::$authQueryParams['UID']];

		if(strval(intval($uid)) === $uid)
		{
			$userInfo = array('ID' => intval($uid));
		}
		else
		{
			$dbRes = UserTable::getList(array(
				'filter' => array(
					'=LOGIN' => $uid,
					'=ACTIVE' => 'Y',
				),
				'select' => array('ID'),
			));
			$userInfo = $dbRes->fetch();
		}

		if($userInfo)
		{
			$dbRes = PasswordTable::getList(array(
				'filter' => array(
					'=USER_ID' => $userInfo['ID'],
					'=PASSWORD' => $auth[static::$authQueryParams['PASSWORD']],
					'=ACTIVE' => PasswordTable::ACTIVE,
				),
				'select' => array('ID')
			));
			$passwordInfo = $dbRes->fetch();

			if(!$passwordInfo)
			{
				$passwordInfo = static::checkOldPassword($userInfo['ID'], $auth[static::$authQueryParams['PASSWORD']]);
			}

			if($passwordInfo)
			{
				if(static::checkPermission($passwordInfo["ID"], $scope) === true)
				{
					$result = array(
						'user_id' => $userInfo["ID"],
						'password_id' => $passwordInfo["ID"],
					);
				}
				else
				{
					$result = array('error' => 'insufficient_scope', 'error_description' => 'The request requires higher privileges than provided by the webhook token');
				}
			}
		}

		return $result;
	}

	protected static function checkOldPassword($userId, $password)
	{
		$appPassword = ApplicationPasswordTable::findPassword($userId, $password);
		if($appPassword !== false)
		{
			if($appPassword["APPLICATION_ID"] === Application::ID)
			{
				$appManager = ApplicationManager::getInstance();
				if($appManager->checkScope($appPassword["APPLICATION_ID"]) === true)
				{
					return static::convertOldPassword($appPassword, $password);
				}
			}
		}

		return false;
	}

	protected static function convertOldPassword($appPassword, $password)
	{
		$dbRes = ApplicationPasswordTable::getById($appPassword['ID']);
		$oldPassword = $dbRes->fetch();
		if($oldPassword)
		{
			ApplicationPasswordTable::delete($appPassword['ID']);
			$result = PasswordTable::add(array(
				'USER_ID' => $oldPassword['USER_ID'],
				'PASSWORD' => $password,
				'ACTIVE' => PasswordTable::ACTIVE,
				'TITLE' => $oldPassword['SYSCOMMENT'],
				'COMMENT' => $oldPassword['COMMENT'],
				'DATE_CREATE' => $oldPassword['DATE_CREATE'],
				'DATE_LOGIN' => $oldPassword['DATE_LOGIN'],
				'LAST_IP' => $oldPassword['LAST_IP'],
			));
			if($result->isSuccess())
			{
				$passwordId = $result->getId();

				foreach(static::$integrationScope as $scope)
				{
					PermissionTable::add(array(
						'PASSWORD_ID' => $passwordId,
						'PERM' => $scope,
					));
				}

				return array(
					'ID' => $passwordId,
				);
			}
		}

		return false;
	}

	protected static function checkPermission($passwordId, $scope)
	{
		if($scope === \CRestUtil::GLOBAL_SCOPE)
		{
			return true;
		}

		return in_array($scope, static::getPasswordScope($passwordId));
	}

	protected static function getPasswordScope($passwordId)
	{
		if(!array_key_exists($passwordId, static::$scopeCache))
		{
			static::$scopeCache[$passwordId] = array();

			$dbRes = PermissionTable::getList(array(
				'filter' => array(
					'=PASSWORD_ID' => $passwordId,
				),
				'select' => array('PERM')
			));
			while($perm = $dbRes->fetch())
			{
				static::$scopeCache[$passwordId][] = $perm['PERM'];
			}
		}

		return static::$scopeCache[$passwordId];
	}
}