59 lines
2.2 KiB
PHP
59 lines
2.2 KiB
PHP
|
<?php
|
|||
|
|
namespace Conmed\Authserver;
|
|||
|
|
|
|||
|
|
use Bitrix\Main\Context;
|
|||
|
|
use Bitrix\Main\UserTable;
|
|||
|
|
use Bitrix\Main\Security\Password;
|
|||
|
|
|
|||
|
|
trait CredentialsTrait {
|
|||
|
|
/**
|
|||
|
|
* Прямая проверка логина и пароля без создания сессий
|
|||
|
|
* action: /api/oauth/verify.php
|
|||
|
|
*/
|
|||
|
|
public static function verifyAction() {
|
|||
|
|
header('Content-Type: application/json');
|
|||
|
|
$req = Context::getCurrent()->getRequest();
|
|||
|
|
|
|||
|
|
$clientId = $req->getPost("client_id");
|
|||
|
|
$clientSecret = $req->getPost("client_secret");
|
|||
|
|
$login = trim($req->getPost("login"));
|
|||
|
|
$password = $req->getPost("password");
|
|||
|
|
|
|||
|
|
// 1. Проверка клиента (метод из SecurityTrait)
|
|||
|
|
if(!self::checkClient($clientId, $clientSecret)) {
|
|||
|
|
self::audit("VERIFY_REJECTED", $clientId, 0, "Invalid client secret");
|
|||
|
|
die(json_encode(['status' => 'error', 'message' => 'Forbidden']));
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
if (empty($login) || empty($password)) {
|
|||
|
|
die(json_encode(['status' => 'error', 'message' => 'Empty credentials']));
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
// 2. Ищем пользователя через объект Query (чтобы разрешить PASSWORD)
|
|||
|
|
$query = UserTable::query();
|
|||
|
|
$query->setSelect(['ID', 'PASSWORD', 'ACTIVE']);
|
|||
|
|
$query->enablePrivateFields(); // РАЗРЕШАЕМ ДОСТУП К ПАРОЛЮ
|
|||
|
|
$query->setFilter([
|
|||
|
|
'LOGIC' => 'OR',
|
|||
|
|
['=LOGIN' => $login],
|
|||
|
|
['=EMAIL' => $login]
|
|||
|
|
]);
|
|||
|
|
|
|||
|
|
$user = $query->exec()->fetch();
|
|||
|
|
|
|||
|
|
if ($user && $user['ACTIVE'] === 'Y') {
|
|||
|
|
// 3. Проверяем пароль
|
|||
|
|
if (Password::equals($user['PASSWORD'], $password)) {
|
|||
|
|
self::audit("VERIFY_SUCCESS", $clientId, $user['ID'], "Login: $login");
|
|||
|
|
echo json_encode([
|
|||
|
|
'status' => 'success',
|
|||
|
|
'user_id' => $user['ID']
|
|||
|
|
]);
|
|||
|
|
return;
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
self::audit("VERIFY_FAILED", $clientId, 0, "Login: $login");
|
|||
|
|
echo json_encode(['status' => 'error', 'message' => 'Invalid login or password']);
|
|||
|
|
}
|
|||
|
|
}
|