admin/conmed-authserver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
688d49993bf3e78532eba44b20698c2af8bb002d
conmed-authserver/local/modules/conmed.authserver/lib/credentialstrait.php

59 lines
2.2 KiB
PHP
Raw Normal View History

Initial commit: Auth Server Base
2026-03-06 19:26:11 +03:00
<?php
namespace Conmed\Authserver;
use Bitrix\Main\Context;
use Bitrix\Main\UserTable;
use Bitrix\Main\Security\Password;
trait CredentialsTrait {
/**
* Прямая проверка логина и пароля без создания сессий
* action: /api/oauth/verify.php
*/
public static function verifyAction() {
header('Content-Type: application/json');
$req = Context::getCurrent()->getRequest();
$clientId = $req->getPost("client_id");
$clientSecret = $req->getPost("client_secret");
$login = trim($req->getPost("login"));
$password = $req->getPost("password");
// 1. Проверка клиента (метод из SecurityTrait)
if(!self::checkClient($clientId, $clientSecret)) {
self::audit("VERIFY_REJECTED", $clientId, 0, "Invalid client secret");
die(json_encode(['status' => 'error', 'message' => 'Forbidden']));
}
if (empty($login) || empty($password)) {
die(json_encode(['status' => 'error', 'message' => 'Empty credentials']));
}
// 2. Ищем пользователя через объект Query (чтобы разрешить PASSWORD)
$query = UserTable::query();
$query->setSelect(['ID', 'PASSWORD', 'ACTIVE']);
$query->enablePrivateFields(); // РАЗРЕШАЕМ ДОСТУП К ПАРОЛЮ
$query->setFilter([
'LOGIC' => 'OR',
['=LOGIN' => $login],
['=EMAIL' => $login]
]);
$user = $query->exec()->fetch();
if ($user && $user['ACTIVE'] === 'Y') {
// 3. Проверяем пароль
if (Password::equals($user['PASSWORD'], $password)) {
self::audit("VERIFY_SUCCESS", $clientId, $user['ID'], "Login: $login");
echo json_encode([
'status' => 'success',
'user_id' => $user['ID']
]);
return;
}
}
self::audit("VERIFY_FAILED", $clientId, 0, "Login: $login");
echo json_encode(['status' => 'error', 'message' => 'Invalid login or password']);
}
}
Reference in New Issue Copy Permalink