scores/enrichissement
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
enrichissement/library/Scores/Ws/Server.php
Michael RICOIS c6b6d63c77 Library Update
2016-11-23 16:04:19 +01:00

1097 lines
34 KiB
PHP
Raw Blame History

<?php
use Doctrine\DBAL\Connection;
class Scores_Ws_Server
{
/**
* User information
* @var array
*/
protected $User;
/**
* Is user authenticated
* @var boolean
*/
protected $authenticated = false;
/**
* Authenticated method (Basic, SoapHeader)
* @var string
*/
protected $authMethod = null;
/**
* Nom de l'application d'ou provient la demande d'authentification
* @var string
*/
protected $authApp = null;
/**
* IP du client
* @var string
*/
protected $authIp = null;
/**
* Name of Service
* @var string
*/
public $serviceName = null;
/**
* Is a customize service
* @var boolean
*/
public $serviceClient = false;
/**
* Name of Client
* @var string
*/
public $serviceClientName = null;
/**
* Version of service
* @var string
*/
public $serviceVersion = null;
/**
* List all application IPs
* @var array
*/
protected $listApplicationIp = array (
'195.154.174.221', //Extranet - sd-46528
'91.121.157.194', //Extranet - ns359466
'78.31.45.206', //SDSL RAMBOUILLET
'127.0.0.1',
'192.168.33.10',
);
protected $listProxyIp = array(
'62.210.222.34',
);
/**
* Liste des permissions
* @var array
*/
protected $listeDroits = array();
/**
* Permissions et catégories
* @var array
*/
protected $listeCategory = array();
/**
* List preferences
* @var array
*/
protected $listePrefs = array(
'NAF4' => "Afficher les anciens NAF",
'NACE' => "Afficher les codes NACES",
'NEWS' => "Afficher les news Google&copy;",
'MAPPY' => "Afficher les fa&ccedil;ades d'immeubles",
'CARTES' => "Afficher les cartes et les plans",
'VOIRSURV' => "Afficher les entités sous surveillances",
'DEMANDEREF' => "Demande de référence par defaut",
'RECHREF' => "Afficher le formulaire de recherche par référence",
);
/**
* List logs for facturation
* @var array
*/
protected $logs = array(
'identite' => array(
'label' => "Identité"
),
'liens' => array(
'label' => "Liens Inter-Entreprise"
),
'etablissements' => array(
'label' => "Etablissements"
),
'dirigeants' => array(
'label' => "Dirigeants"
),
'annonces' => array(
'label' => "Annonces légales",
),
'indiscore' => array(
'label' => "Indiscore",
),
'indiscorep' => array(
'label' => "Indiscore+",
),
'indiscore2' => array(
'label' => "Rapport",
),
'indiscore2p' => array(
'label' => "Rapport avec suivi",
),
'indiscore3' => array(
'label' => "Rapport complet",
),
'indiscore3p' => array(
'label' => "Rapport complet avec suivi",
),
'evenements' => array(
'label' => "Modifications Insee",
),
'tva' => array(
'label' => "Numéro de TVA intracommunautaire",
),
'infosreg' => array(
'label' => "Informations réglementées",
),
'bourse' => array(
'label' => "Information boursière"
),
'bilan' => array(
'label' => "Liasse fiscale",
),
'sirenExiste' => array(
'label' => "Controle du SIREN",
),
'ratios' => array(
'label' => "Ratios",
),
'rapport1' => array(
'label' => "Rapport complet 1",
),
'rapport2' => array(
'label' => "Rapport complet 2",
),
'rapport3' => array(
'label' => "Rapport complet 3",
),
'banque' => array(
'label' => "Relations banquaires",
),
'competences' => array(
'label' => "Competences territoriales",
),
'privdetail' => array(
'label' => "Détails des privilèges",
),
'privcumul' => array(
'label' => "Privilèges cumulés",
),
'conventions' => array(
'label' => "Conventions collectives",
),
'marques' => array(
'label' => "Marques déposés",
),
'kbis' => array(
'label' => "Extrait RCS",
),
'dirigeantsop' => array(
'label' => "Dirigeants opérationels",
),
'groupesarbo' => array(
'label' => "Arborescence de groupes",
),
'groupeinfos' => array(
'label' => "Informations groupe",
),
'valorisation' => array(
'label' => "Valorisation",
),
'rnvp' => array(
'label' => "Normalisation postale",
),
);
/**
* List of error code send as SoapFault
* @var unknown_type
*/
public $listError = array(
'0000' => "Erreur indeterminé",
'0900' => "Identifiant ou mot de passe incorrect",
'0901' => "Accès WS non authorisé pour cet utilisateur",
'0902' => "Méthode non authorisée dans votre profil",
'0903' => "Période d'accès au service invalide",
'0904' => "Adresse IP Invalide",
'0905' => "Accès environnement de test non autorisé",
'0906' => "Erreur configuration utilisateur",
'1010' => "Siren invalide",
'1011' => "Identifiant invalide",
'1020' => "Siren inexistant",
'1021' => "Type d'identifiant inexistant",
'1030' => "Aucun résultat pour ce siren en base",
'3000' => "Service disponible",
'9000' => "Service S&D indisponible",
'9001' => "Service partenaire indisponible",
'9002' => "Méthode provisoirement indisponible",
'9003' => "Version du service désactivé",
'9004' => "Version du service inexistant",
'9010' => "Fichier indisponible",
'9020' => "Requête incorrecte",
);
/**
* PDO Connection with Doctrine
* @var \Doctrine\DBAL\Connection
*/
protected $conn;
/**
* Server SOAP
* Document/Literal Wrapped - WS-I Compliant
*/
public function __construct()
{
$this->conn = Zend_Registry::get('doctrine');
$this->listeDroits = include APPLICATION_PATH . '/../library/Scores/Account/Access.php';
$this->listeCategory = include APPLICATION_PATH . '/../library/Scores/Account/Category.php';
}
/**
* Send SoapFault with code and messade define
* @param string $code
* @throws SoapFault
*/
protected function sendError($code)
{
$message = 'Erreur inconnue';
if (array_key_exists($code, $this->listError)){
$message = $this->listError[$code];
}
throw new SoapFault($code, $message);
exit;
}
/**
* Enregistre l'appel utilisateur à une méthode
* @param $service
* @param $siret
* @param $ref
* @return void
*/
protected function wsLog($service, $siret = '', $ref = '')
{
//Is it a test
if ($this->User->clientTest=='Oui' || $this->User->typeCompte=='TEST') {
$test = 1;
} else {
$test = 0;
}
$siren = 0;
if (strlen($siret) == 14) {
$siren = substr($siret, 0, 9);
$nic = substr($siret, 9, 5);
}
elseif (strlen($siret) == 9) {
$siren = $siret;
$nic = '';
}
// Set data by default
$dataInsert = array(
'login' => $this->User->login,
'page' => $service,
'params' => $ref,
'idClient' => $this->User->idClient,
'test' => $test,
'actifInsee' => 0,
'source' => 0,
'raisonSociale' => '',
'cp' => '',
'ville' => '',
'ipClient' => $this->User->ipConnexion,
);
$pageRS = array(
'identite',
'greffe_bilans',
'greffe_actes',
'liens',
'dirigeants',
'etablissements',
'dirigeantsOp',
'kbis',
'indiscore',
'indiscore2',
'indiscore3',
'rapport2',
'rapport3'
);
if ( intval($siren)!=0 ) {
$dataInsert['siren'] = $siren;
$dataInsert['nic'] = $nic;
}
if ( intval($siren)!=0 && in_array($service, $pageRS) ) {
$qb = $this->conn->createQueryBuilder();
$qb->select(array('e.siren', 'e.nic', 'e.actif', 'e.siege', 'e.raisonSociale',
'e.adr_cp', 'e.adr_ville', 'e.source', 'COUNT(r.siren) AS nb'))
->from('jo.etablissements', 'e')
->where('e.siren = :siren')->setParameter('siren', $siren)
->rightJoin('e', 'jo.rncs_entrep', 'r', 'e.siren = r.siren');
if (intval($siren) > 1000 && intval($nic) > 9) {
$qb->andWhere('e.nic = :nic')->setParameter('nic', $nic);
} elseif (intval($siren) == 0 && $ref > 0) {
$qb->andWhere('e.id = :id')->setParameter('id', $ref);
} elseif (intval($siren) > 1000) {
$qb->andWhere('e.siege = 1')->orderBy('e.actif', 'DESC')->orderBy('e.nic', 'DESC');
} else {
return;
}
try {
$stmt = $qb->execute();
if ($stmt->rowCount() > 0) {
$result = $stmt->fetch(\PDO::FETCH_OBJ);
$dataInsert['raisonSociale'] = $result->raisonSociale;
$dataInsert['cp'] = $result->adr_cp;
$dataInsert['ville'] = $result->adr_ville;
$dataInsert['source'] = $result->source;
if ($result->actif == 0) {
$dataInsert['actifInsee'] = 0;
}
elseif (intval($siren) > 1000) {
$dataInsert['actifInsee'] = 1;
if ($result->nb > 0 ) {
$dataInsert['source'] = 5;
}
}
}
} catch(\Doctrine\DBAL\DBALException $e) {}
}
try {
$this->conn->insert('sdv1.logs', $dataInsert);
} catch(\Doctrine\DBAL\DBALException $e) {}
}
/**
* Authenticate with SoapHeader, Optional (Authentication could be done by sending HTTP Basic header - see the doc)
* @param string $username
* @param string $password
* @throws SoapFault
*/
public function authenticate($username = null, $password = null)
{
if ( $this->authenticated === false ) {
if ( empty($username) ) {
/**
* @todo : Digest auth
*/
$this->authMethod = 'basic';
$username = $_SERVER['PHP_AUTH_USER'];
$password = $_SERVER['PHP_AUTH_PW'];
}
else {
/**
* Auth Header in client
* $ns = 'auth';
* //Create our Auth Object to pass to the SOAP service with our values
* $auth = new StdClass();
* $auth->username = 'yourlogin';
* $auth->password = 'yourpassword';
* $creds = new SoapVar($auth, SOAP_ENC_OBJECT);
*
* //The 2nd variable, 'authenticate' is a method that exists inside of the SOAP service (you must create it, see next example)
* $authenticate = new SoapHeader($ns, 'authenticate', $creds, false);
*
* $client->__setSoapHeaders($authenticate);
*
*/
$this->authMethod = 'soapheader';
}
/**
* With proxy get the original IP
* $request->getClientIp(true);
* Si IP Proxy regarder la valeur HTTP_X_FORWARDED_FOR
*/
$ip = $_SERVER['REMOTE_ADDR'];
if ( isset($_SERVER['HTTP_X_FORWARDED_FOR']) && in_array($ip, $this->listProxyIp)) {
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
}
/**
* Lors d'une demande d'authentification depuis une application on garde l'IP en mémoire,
* c'est donc celle là qu'il faut utiliser.
*/
if ($this->authIp !== null) {
$ip = $this->authIp;
}
/**
* Check authentication from the database
*/
$this->authenticated = $this->checkAuth($username, $password, $ip);
if ( $this->authenticated === false ) {
$this->sendError('0900');
}
elseif ( is_string($this->authenticated) ) {
$this->sendError($this->authenticated);
}
}
}
/**
* Check permission
* @param string $perm
*/
protected function permission($perm)
{
if ( !$this->checkPerm($perm) ) {
$this->sendError('0902');
}
}
/**
* Check if user has the right to access WebService
* @throws SoapFault
*/
protected function checkAccesWS()
{
//Vérifier que l'utilisateur à le droit accesWS (clients/utilisateurs)
$accesWs = $this->User->accesWS;
if ($accesWs) {
$this->sendError('0901');
}
}
/**
* Check if the user has the right to acces this functionality
* @param string $perm
* @throws SoapFault
*/
protected function checkPerm($perm)
{
$output = false;
$droits = $this->User->droits;
if ( is_array($droits) ) {
if ( in_array(strtolower($perm), $droits) ){
$output = true;
}
}
else {
if ( preg_match('/\b'.$perm.'\b/i', $droits) ){
$output = true;
}
}
return $output;
}
/**
* Check if the user could edit data
*/
protected function checkEdition()
{
if ($this->User->idClient == 1) {
return true;
}
if ($this->checkPerm('edition')) {
return true;
}
return false;
}
/**
* checkAuth
* @param string $login
* @param string $password
* @param string $ipConnexion
* @return mixed
*/
protected function checkAuth($login, $password, $ip)
{
if (empty($login)) {
$this->sendError('0900');
}
/**
* User information
*/
try {
$qb = $this->conn->createQueryBuilder();
$qb->select(array(
'u.login', 'u.id', 'u.email', 'u.password', 'u.idClient', 'u.typeCompte', 'u.actif',
'u.filtre_ip', 'u.profil', 'u.civilite', 'u.nom', 'u.prenom', 'u.tel', 'u.fax',
'u.mobile', 'u.pref', 'u.rechRefType', 'u.profil', 'u.nombreConnexions',
'u.dateDerniereConnexion', 'u.droits', 'u.referenceParDefaut', 'u.nbReponses', 'u.lang',
'u.formatMail', 'u.dateDebutCompte', 'u.dateFinCompte', 'u.accesWS', 'u.acceptationCGU',
'c.droits AS droitsClients', 'c.test AS clientTest', 'c.typeScore', 'c.timeout',
's.Service AS serviceCode', 'v.version'))
->from('sdv1.utilisateurs', 'u')
->join('u', 'sdv1.clients', 'c', 'u.idClient = c.id')
->leftJoin('u', 'sdv1.utilisateurs_service', 's', 'u.login=s.login')
->leftJoin('u', 'sdv1.clients_version', 'v', 'u.idClient=v.clientId')
->where('u.actif = 1')->andWhere('u.deleted = 0')->andWhere("c.actif = 'Oui'");
/**
* Connexion avec login = email
*/
if (strstr($login, '@') !== false) {
$qb->andWhere('u.email = :email')->setParameter('email', $login);
}
/**
* Connexion standard
*/
else {
$qb->andWhere('u.login = :login')->setParameter('login', $login);
}
$stmt = $qb->execute();
} catch (\Doctrine\DBAL\DBALException $e) {}
/**
* No user, deleted or disable
*/
if ($stmt->rowCount() == 0) {
return false;
}
/**
* Multiple compte
*/
if ($stmt->rowCount() > 1) {
return '0906';
}
/**
* Get Data
*/
try {
$result = $stmt->fetch(\PDO::FETCH_OBJ);
} catch (\Doctrine\DBAL\DBALException $e) {
$c = Zend_Registry::get('config');
file_put_contents($c->profil->path->shared.'/log/application.log',
date('Y-m-d H:i:s').'- AUTH : '.$e->getMessage()."\n", FILE_APPEND);
return '0000';
}
/**
* Date de debut de compte
*/
if ( !empty($result->dateDebutCompte) && $result->dateDebutCompte!='0000-00-00' ) {
$today = mktime(0, 0, 0, date('m'), date('d'), date('Y'));
$dateDebutCompte = mktime(0, 0, 0, substr($result->dateDebutCompte,5,2), substr($result->dateDebutCompte,8,2), substr($result->dateDebutCompte,0,4));
if ( $today < $dateDebutCompte ) {
return '0903';
}
}
/**
* Date de fin de compte
*/
if ( !empty($result->dateFinCompte) && $result->dateFinCompte!='0000-00-00' ) {
$today = mktime(0, 0, 0, date('m'), date('d'), date('Y'));
$dateFinCompte = mktime(0, 0, 0, substr($result->dateFinCompte,5,2), substr($result->dateFinCompte,8,2), substr($result->dateFinCompte,0,4));
if ( $today > $dateFinCompte) {
return '0903';
}
}
/**
* Service fallback
*/
if ($result->serviceCode === null) {
$result->serviceCode = 'DEFAULT';
}
/**
* Select authentication version
*/
if ($result->version == 2) {
$authResult = $this->authV2($result, $password, $ip);
} else {
$authResult = $this->authV1($result, $password, $ip);
}
$this->authLog($result->login, $authResult, $ip);
return $authResult;
}
/**
* Authentification v1
* @param object $userInfos
* @param string $password
* @param string $ip
* @return string|boolean
*/
protected function authV1($userInfos, $password, $ip)
{
/**
* Acces WS, block access to other apps
*/
if ($userInfos->accesWS == 1 && $userInfos->idClient != 1) {
// --- Webservice user don't need access to others apps
if ( in_array($ip, $this->listApplicationIp) ) {
return '0901';
} elseif ($ip != '127.0.0.1') {
// --- For customized version, check user is in the good service
$clients = include APPLICATION_PATH . '/../library/WsScore/Clients/ClientsConfig.php';
$wsClients = array();
foreach( $clients as $section => $params ){
if ($params['actif']) {
if (count($params['idClient']) > 0) {
foreach ($params['idClient'] as $idClient) {
$wsClients[$idClient] = $section;
}
}
}
}
if ( array_key_exists($userInfos->idClient, $wsClients) && ( $this->serviceClient === false
|| strtolower($this->serviceClientName) != $wsClients[$userInfos->idClient] ) ){
return '0901';
}
}
}
/**
* Protect staging environment
* - No webservice access
* - Not in production
* - Not idClient 1 or 147
*/
if ( APPLICATION_ENV=='staging' && !in_array($userInfos->idClient, array(1,147)) && $userInfos->accesWS==0 ) {
return '0905';
}
/**
* IP Validation
* Get an array of IP and IP range
* 192.168.3.5-192.68.3.10;192.168.3.*;192.168.3.10
*/
if ( !in_array($ip, $this->listApplicationIp) ) {
if ( !empty($userInfos->filtre_ip) ) {
$filtreIp = explode(';', trim($userInfos->filtre_ip, ';'));
if ( count($filtreIp)>0 ) {
// Extranet
if ( substr($password,0,7)=='iponly:' ) {
$ipToValidate = substr($password,7);
}
// WebService
else {
$ipToValidate = $ip;
}
//Validation
$overallIpValidate = false;
foreach ( $filtreIp as $filtre ) {
if ( strpos($filtre, '*') ) {
$filtre = str_replace('*', '0', $filtre) . '-' . str_replace('*', '255', $filtre);
}
// Is it a range ?
if ( strpos($filtre, '-') ) {
$validateIp = new Scores_Validate_IpInNetwork();
$validateIp->setNetworkNotation($filtre);
$overallIpValidate = $validateIp->isValid($ipToValidate);
}
// Ip only
else {
if ( $filtre === $ipToValidate ) {
$overallIpValidate = true;
}
}
// Break foreach
if ( $overallIpValidate === true ) {
break;
}
}
// Exit with error
if ( $overallIpValidate === false ) {
return '0904';
}
}
}
}
// Check password with database informations
if ( $userInfos->password == $password //password sent in clear
|| md5($userInfos->password) == $password //password sent with md5
|| md5($userInfos->login.'|'.$userInfos->password) == $password //password sent concat with login and crypt by md5
|| substr($password,0,7) == 'iponly:'
) {
//Timeout
$timeout = $userInfos->timeout;
if ($timeout==0) $timeout = 1800;
//Infos utilisateur
$this->User = new stdClass();
$this->User->login = $userInfos->login;
$this->User->id = $userInfos->id;
$this->User->civilite = $userInfos->civilite;
$this->User->nom = $userInfos->nom;
$this->User->prenom = $userInfos->prenom;
$this->User->tel = $userInfos->tel;
$this->User->fax = $userInfos->fax;
$this->User->mobile = $userInfos->mobile;
$this->User->email = $userInfos->email;
$this->User->typeCompte = $userInfos->typeCompte;
$this->User->idClient = $userInfos->idClient;
$this->User->serviceCode = $userInfos->serviceCode;
$this->User->filtre_ip = $userInfos->filtre_ip;
$this->User->ipConnexion = $ip;
$this->User->pref = $userInfos->pref;
$this->User->rechRefType = $userInfos->rechRefType;
$this->User->profil = $userInfos->profil;
$this->User->nombreConnexions = $userInfos->nombreConnexions;
$this->User->dateDerniereConnexion = $userInfos->dateDerniereConnexion;
// Droits
$this->User->droits = array();
$droits = explode(" ", $userInfos->droits);
if (count($droits) > 0) {
foreach($droits as $droits) {
$this->User->droits[] = $droits;
}
}
else {
//Inclure les droits du service ?
}
$this->User->droitsClients = $userInfos->droitsClients;
$this->User->timeout = $timeout;
$this->User->clientTest = $userInfos->clientTest;
$this->User->typeScore = $userInfos->typeScore;
$this->User->nbReponses = $userInfos->nbReponses;
$this->User->lang = $userInfos->lang;
$this->User->formatMail = $userInfos->formatMail;
$this->User->referenceParDefaut = $userInfos->referenceParDefaut;
$this->User->dateDebutCompte = $userInfos->dateDebutCompte;
$this->User->dateFinCompte = $userInfos->dateFinCompte;
$this->User->acceptationCGU = $userInfos->acceptationCGU;
$this->User->version = $userInfos->version;
return true;
}
return false;
}
/**
* Authentification v2
* @param object $userInfos
* @param string $credential
* @param string $ip
* @return string|boolean
*/
protected function authV2($userInfos, $credential, $ip)
{
$result = null;
try {
$sql = "SELECT * FROM sdv1.clients_services
WHERE IdClient = :client AND Code = :service";
$stmt = $this->conn->prepare($sql);
$stmt->bindValue('client', $userInfos->idClient);
$stmt->bindValue('service', $userInfos->serviceCode);
$stmt->execute();
if ($stmt->rowCount() > 0) {
$result = $stmt->fetch(\PDO::FETCH_OBJ);
}
} catch (\Doctrine\DBAL\DBALException $e) {}
// Aucun service
if ($result === null) {
return '0906';
}
// Service inactif
if ($result->Active == 0) {
return '0906';
}
// Block WebService User on Apps
if ($result->AppWebservice == 1 && $this->authApp !== null && $userInfos->idClient != 1) {
return '0901';
}
// WebService customize version
if ($result->AppWebservice == 1) {
// For customized version, check user is in the good service
$clients = include APPLICATION_PATH . '/../library/WsScore/Clients/ClientsConfig.php';
foreach( $clients as $section => $params ){
if ($params['actif']) {
$wsClients[$params['idClient']] = $section;
}
}
if ( array_key_exists($userInfos->idClient, $wsClients)
&& ( $this->serviceClient == false
|| strtolower($this->serviceClientName) != $wsClients[$userInfos->idClient] ) ){
return '0901';
}
}
// Infos utilisateur
$this->User = new stdClass();
$this->User->login = $userInfos->login;
$this->User->id = $userInfos->id;
$this->User->civilite = $userInfos->civilite;
$this->User->nom = $userInfos->nom;
$this->User->prenom = $userInfos->prenom;
$this->User->tel = $userInfos->tel;
$this->User->fax = $userInfos->fax;
$this->User->mobile = $userInfos->mobile;
$this->User->email = $userInfos->email;
$this->User->typeCompte = $userInfos->typeCompte;
$this->User->idClient = $userInfos->idClient;
$this->User->serviceCode = $userInfos->serviceCode;
$this->User->ipConnexion = $ip;
$this->User->pref = $userInfos->pref;
$this->User->rechRefType = $userInfos->rechRefType;
$this->User->profil = $userInfos->profil;
// Droits
$this->User->droits = array();
$droits = explode(" ", $userInfos->droits);
if (count($droits) > 0) {
foreach($droits as $droits) {
$this->User->droits[] = $droits;
}
}
$this->User->clientTest = $userInfos->clientTest;
$this->User->typeScore = $userInfos->typeScore;
$this->User->nbReponses = $userInfos->nbReponses;
$this->User->lang = $userInfos->lang;
$this->User->formatMail = $userInfos->formatMail;
$this->User->referenceParDefaut = $userInfos->referenceParDefaut;
$this->User->dateDebutCompte = $userInfos->dateDebutCompte;
$this->User->dateFinCompte = $userInfos->dateFinCompte;
$this->User->acceptationCGU = $userInfos->acceptationCGU;
$this->User->version = $userInfos->version;
// Add Service Parameter to user definition
$this->User->typeScore = $result->TypeScore;
$this->User->timeout = $result->Timeout;
/**
* Type de connexion
* userPassword => Vérifier le mot de passe
* userPasswordCrypt => Vérifier le mot de passe crypté
* userIP => Vérifier uniquement l'utilisateur et son IP de connexion
*/
switch($result->TypeAcces) {
case 'userPassword':
if ($this->authIP($ip) === false) {
return '0904';
}
if ($this->authPassword($userInfos, $credential) === true) {
if (count($this->User->droits) > 0) {
$this->User->droits = $this->getAccessList(
$userInfos->idClient,
$userInfos->serviceCode
);
}
return true;
}
break;
case 'userPasswordCrypt':
if ($this->authIP($ip) === false) {
return '0904';
}
if ($this->authPasswordCrypt($userInfos, $credential) === true) {
if (count($this->User->droits) > 0) {
$this->User->droits = $this->getAccessList(
$userInfos->idClient,
$userInfos->serviceCode
);
}
return true;
}
break;
case 'userIP':
if (substr($credential,0,7) == 'iponly:') {
$ip = substr($credential,7);
if ($this->authIP($ip) === true) {
if (count($this->User->droits) > 0) {
$this->User->droits = $this->getAccessList(
$userInfos->idClient,
$userInfos->serviceCode
);
}
return true;
}
}
break;
}
return false;
}
/**
* Check password
* @todo :
* Check how password is check
* md5 => standard method md5 ( login | password )
* key => get associated key with crypt method
* cert => get associated certificat
* @param unknown $userInfos
* @param unknown $password
* @return boolean
*/
protected function authPassword($userInfos, $password)
{
if ( md5($userInfos->login.'|'.$userInfos->password) == $password ) {
return true;
}
if ( md5($userInfos->password) == $password ) {
return true;
}
if ( $userInfos->password == $password ) {
return true;
}
return false;
}
/**
* Check password
* @param object $userInfos
* @param string $password
*/
protected function authPasswordCrypt($userInfos, $password)
{
if ( substr($password, 0, 4) == '$2y$'
&& strlen($password) == 60
&& $password == $userInfos->password ) {
return true;
}
if ( password_verify($password, $userInfos->password) === true ) {
return true;
}
return false;
}
/**
* Check ip
* @param string $ip
* @return string
*/
protected function authIP($ip)
{
//Check IP
if (!in_array($ip, $this->listApplicationIp)) {
try {
$sql = "SELECT IP FROM sdv1.clients_services_ip
WHERE IdClient = :client AND Service = :service";
$stmt = $this->conn->prepare($sql);
$stmt->bindValue('client', $this->User->idClient);
$stmt->bindValue('service', $this->User->serviceCode);
$stmt->execute();
if ($stmt->rowCount() > 0) {
$ipResult = $stmt->fetchAll(\PDO::FETCH_OBJ);
//Validation
$overallIpValidate = false;
foreach ($ipResult->IP as $filtre) {
if (trim($filtre) != '') {
// Is it a range ?
if ( strpos($filtre, '-') ) {
$validateIp = new Scores_Validate_IpInNetwork();
$validateIp->setNetworkNotation($filtre);
$overallIpValidate = $validateIp->isValid($ip);
}
// Ip only
else {
if ( $filtre === $ip ) {
$overallIpValidate = true;
}
}
// Break foreach
if ( $overallIpValidate === true ) {
break;
}
}
}
// Exit with error
if ( $overallIpValidate === false ) {
return '0904';
}
}
} catch (\Doctrine\DBAL\DBALException $e) {}
}
}
/**
* Log les erreurs d'authentification
* @param mixed $result
* @param string $ip
* @return void
*/
protected function authLog($login, $result, $ip)
{
$authenticate = null;
if ($result === false) {
$authenticate = 'KO';
}
elseif (is_string($result)) {
$authenticate = $result;
}
if ($authenticate !== null) {
$data = array(
'login' => $login,
'authenticate' => $authenticate,
'ip' => $ip,
'dateInsert' => date('YmdHis'),
);
try {
$this->conn->insert('sdv1.utilisateurs_auth_log', $data);
} catch (\Doctrine\DBAL\DBALException $e) {}
}
}
/**
* Get Service Access List
* @param int $clientId
* @param string $serviceCode
* @return array
*/
protected function getAccessList($clientId, $serviceCode)
{
$list = array();
try {
$sql = "SELECT Acces FROM sdv1.clients_services_droits
WHERE IdClient = :client AND Service = :service";
$stmt = $this->conn->prepare($sql);
$stmt->bindValue('client', $this->User->idClient);
$stmt->bindValue('service', $this->User->serviceCode);
$stmt->execute();
if ($stmt->rowCount() > 0) {
$accesResult = $stmt->fetchAll(\PDO::FETCH_OBJ);
foreach ($accesResult as $row) {
$list[] = $row->Acces;
}
}
} catch (\Doctrine\DBAL\DBALException $e) {}
return $list;
}
protected function trigger($event, $args)
{
//Est ce que l'utilisateur à un trigger
//Pour chaque trigger - Executer l'action
}
}
Reference in New Issue View Git Blame Copy Permalink