scores/webservice
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Correction SSO

Browse Source
This commit is contained in:
Michael RICOIS 2015-01-13 20:30:40 +00:00
parent ad564ea061
commit 357a023c23
3 changed files with 41 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
library/Scores/Ws/Server.php
View File

@ -64,6 +64,7 @@ class Scores_Ws_Server
'91.121.157.194', //Extranet - ns359466
'78.31.45.206', //SDSL RAMBOUILLET
'127.0.0.1',
'192.168.*',
);
/**
@ -857,13 +858,13 @@ class Scores_Ws_Server
}
// Block WebService User on Apps
if ($result->AppWebService == 1 && $this->authApp !== null && $idClient!=1)
if ($result->AppWebservice == 1 && $this->authApp !== null && $userInfos->idClient != 1)
{
return '0901';
}
// WebService customize version
if ($result->AppWebService == 1)
if ($result->AppWebservice == 1)
{
// For customized version, check user is in the good service
$clients = include APPLICATION_PATH . '/../library/WsScore/Clients/ClientsConfig.php';
@ -983,7 +984,10 @@ class Scores_Ws_Server
*/
protected function authPasswordCrypt($userInfos, $password)
{
if (password_verify($password, $userInfos->password) === true) {
if ( substr($password, 0, 4) == '$2y$' && strlen($password) == 60 && $password == $userInfos->password ) {
return true;
}
elseif ( password_verify($password, $userInfos->password) === true ) {
return true;
}
@ -1002,8 +1006,8 @@ class Scores_Ws_Server
{
$serviceIPM = new Application_Model_Sdv1ClientsServicesIP();
$sql = $serviceIPM->select(true)->columns('IP')
->where('IdClient=?', $userInfos->idClient)
->where('Service=?', $userInfos->serviceCode);
->where('IdClient=?', $this->User->idClient)
->where('Service=?', $this->User->serviceCode);
$ipResult = $serviceIPM->fetchAll($sql);
if (count($ipResult) > 0) {
//Validation
@ -1071,10 +1075,13 @@ class Scores_Ws_Server
protected function getAccessList($clientId, $serviceCode)
{
$accesM = new Application_Model_Sdv1ClientsServicesDroits();
$sql = $accesM->select(true)->columns(array('Access'))
->where('IdClient=?', $userInfos->idClient)
->where('Service=?', $userInfos->serviceCode);
$accesResult = $accesM->fetchAll($sql);
$sql = $accesM->select(true)->columns(array('Acces'))
->where('IdClient=?', $this->User->idClient)
->where('Service=?', $this->User->serviceCode);
try {
$accesResult = $accesM->fetchAll($sql);
} catch ( Zend_Db_Exception $e ) {
}
$list = array();
if (count($accesResult) > 0 ) {

7
library/WsScore/Gestion/v0.3/Gestion.php
View File

@ -102,11 +102,12 @@ class Gestion extends Scores_Ws_Server
$result->maxFicheId = $tabRep['maxFicheId'];
} else {
/** On log l'erreur d'authentification **/
$tabInsert=array(
$tabInsert = array(
'login' => $login,
'page' => 'infosLogin',
'params' => 'Erreur Login/Password',
'ipClient' => $ipUtilisateur);
'ipClient' => $ipUtilisateur
);
$iDbCrm->insert('logs', $tabInsert);
}
}
@ -161,7 +162,7 @@ class Gestion extends Scores_Ws_Server
$result->maxFicheId = $this->User->maxFicheId;
$result->typeScore = $this->User->typeScore;
$result->acceptationCGU = $this->User->acceptationCGU;
// On log l'accès à l'authentification
if ( $this->User->clientTest=='Oui' || $this->User->typeCompte=='TEST' ) {
$test = 1;

37
library/WsScore/Gestion/v0.4/Gestion.php
View File

@ -128,7 +128,7 @@ class Gestion extends Scores_Ws_Server
$userM = new Application_Model_Sdv1Utilisateurs();
$sql = $userM->select()
->setIntegrityCheck(false)
->from(array('u'=>'utilisateurs'), array('u.login', 'u.idClient', 'u.actif',))
->from(array('u'=>'utilisateurs'), array('u.id', 'u.login', 'u.idClient', 'u.actif',))
->join(array('c'=>'clients'), 'u.idClient = c.id', array('c.actif AS clientActif'))
->joinLeft(array('s'=>'sdv1.utilisateurs_service'), 'u.login=s.login', array('Service AS serviceCode'))
->where('u.login=?', $login)
@ -180,6 +180,7 @@ class Gestion extends Scores_Ws_Server
}
}
}
/**
* Limite de temps
*/
@ -195,7 +196,11 @@ class Gestion extends Scores_Ws_Server
if ($internalToken == $token) {
//Generate random password
$hash = password_hash ( uniqid() , PASSWORD_BCRYPT );
$userM->update(array('password' => $hash), 'id='.$result->id);
try {
$userM->update(array('password' => $hash), 'id='.$result->id);
} catch (Zend_Db_Exception $e) {
throw new SoapFault('SSO', "Activation de l'utilisateur impossible");
}
return $hash;
}
@ -1003,10 +1008,10 @@ class Gestion extends Scores_Ws_Server
public function setUserSSO ( $data )
{
//Check IP application
$ip = $_SERVER['REMOTE_ADDR'];
/*$ip = $_SERVER['REMOTE_ADDR'];
if ( !in_array($ip, $this->listApplicationIp) ) {
$this->sendError('0901');
}
}*/
//Decodage
$infos = json_decode($data);
@ -1059,6 +1064,18 @@ class Gestion extends Scores_Ws_Server
'acceptationCGU' => null,
);
//Définition du service
$serviceM = new Application_Model_Sdv1UtilisateursService();
try {
$serviceM->insert(array(
'login' => $infos->login,
'idClient'=> $infos->idClient,
'Service'=> $infos->Service
));
} catch ( Zend_Db_Exception $e ) {
return false;
}
//Prepare data to insert
foreach ($infos as $key => $value) {
if (array_key_exists($key, $userData)) {
@ -1077,18 +1094,6 @@ class Gestion extends Scores_Ws_Server
return false;
}
//Définition du service
$serviceM = new Application_Model_Sdv1UtilisateursService();
try {
$serviceM->insert(array(
'login' => $infos->login,
'idClient'=> $infos->idClient,
'Service'=> $infos->Service
));
} catch ( Zend_Db_Exception $e ) {
return false;
}
return true;
}