Initial commit: Auth Server Base

2026-03-06 19:26:11 +03:00
commit 97bb196b29
39 changed files with 2272 additions and 0 deletions
--- a/local/modules/conmed.authserver/lib/credentialstrait.php
+++ b/local/modules/conmed.authserver/lib/credentialstrait.php
@@ -0,0 +1,59 @@
+<?php
+namespace Conmed\Authserver;
+
+use Bitrix\Main\Context;
+use Bitrix\Main\UserTable;
+use Bitrix\Main\Security\Password;
+
+trait CredentialsTrait {
+    /**
+     * Прямая проверка логина и пароля без создания сессий
+     * action: /api/oauth/verify.php
+     */
+    public static function verifyAction() {
+        header('Content-Type: application/json');
+        $req = Context::getCurrent()->getRequest();
+        
+        $clientId = $req->getPost("client_id");
+        $clientSecret = $req->getPost("client_secret");
+        $login = trim($req->getPost("login"));
+        $password = $req->getPost("password");
+
+        // 1. Проверка клиента (метод из SecurityTrait)
+        if(!self::checkClient($clientId, $clientSecret)) {
+            self::audit("VERIFY_REJECTED", $clientId, 0, "Invalid client secret");
+            die(json_encode(['status' => 'error', 'message' => 'Forbidden']));
+        }
+
+        if (empty($login) || empty($password)) {
+            die(json_encode(['status' => 'error', 'message' => 'Empty credentials']));
+        }
+
+        // 2. Ищем пользователя через объект Query (чтобы разрешить PASSWORD)
+        $query = UserTable::query();
+        $query->setSelect(['ID', 'PASSWORD', 'ACTIVE']);
+        $query->enablePrivateFields(); // РАЗРЕШАЕМ ДОСТУП К ПАРОЛЮ
+        $query->setFilter([
+            'LOGIC' => 'OR',
+            ['=LOGIN' => $login],
+            ['=EMAIL' => $login]
+        ]);
+        
+        $user = $query->exec()->fetch();
+
+        if ($user && $user['ACTIVE'] === 'Y') {
+            // 3. Проверяем пароль
+            if (Password::equals($user['PASSWORD'], $password)) {
+                self::audit("VERIFY_SUCCESS", $clientId, $user['ID'], "Login: $login");
+                echo json_encode([
+                    'status' => 'success',
+                    'user_id' => $user['ID']
+                ]);
+                return;
+            }
+        }
+
+        self::audit("VERIFY_FAILED", $clientId, 0, "Login: $login");
+        echo json_encode(['status' => 'error', 'message' => 'Invalid login or password']);
+    }
+}