59 lines
2.2 KiB
PHP
Executable File
59 lines
2.2 KiB
PHP
Executable File
<?php
|
||
namespace Conmed\Authserver;
|
||
|
||
use Bitrix\Main\Context;
|
||
use Bitrix\Main\UserTable;
|
||
use Bitrix\Main\Security\Password;
|
||
|
||
trait CredentialsTrait {
|
||
/**
|
||
* Прямая проверка логина и пароля без создания сессий
|
||
* action: /api/oauth/verify.php
|
||
*/
|
||
public static function verifyAction() {
|
||
header('Content-Type: application/json');
|
||
$req = Context::getCurrent()->getRequest();
|
||
|
||
$clientId = $req->getPost("client_id");
|
||
$clientSecret = $req->getPost("client_secret");
|
||
$login = trim($req->getPost("login"));
|
||
$password = $req->getPost("password");
|
||
|
||
// 1. Проверка клиента (метод из SecurityTrait)
|
||
if(!self::checkClient($clientId, $clientSecret)) {
|
||
self::audit("VERIFY_REJECTED", $clientId, 0, "Invalid client secret");
|
||
die(json_encode(['status' => 'error', 'message' => 'Forbidden']));
|
||
}
|
||
|
||
if (empty($login) || empty($password)) {
|
||
die(json_encode(['status' => 'error', 'message' => 'Empty credentials']));
|
||
}
|
||
|
||
// 2. Ищем пользователя через объект Query (чтобы разрешить PASSWORD)
|
||
$query = UserTable::query();
|
||
$query->setSelect(['ID', 'PASSWORD', 'ACTIVE']);
|
||
$query->enablePrivateFields(); // РАЗРЕШАЕМ ДОСТУП К ПАРОЛЮ
|
||
$query->setFilter([
|
||
'LOGIC' => 'OR',
|
||
['=LOGIN' => $login],
|
||
['=EMAIL' => $login]
|
||
]);
|
||
|
||
$user = $query->exec()->fetch();
|
||
|
||
if ($user && $user['ACTIVE'] === 'Y') {
|
||
// 3. Проверяем пароль
|
||
if (Password::equals($user['PASSWORD'], $password)) {
|
||
self::audit("VERIFY_SUCCESS", $clientId, $user['ID'], "Login: $login");
|
||
echo json_encode([
|
||
'status' => 'success',
|
||
'user_id' => $user['ID']
|
||
]);
|
||
return;
|
||
}
|
||
}
|
||
|
||
self::audit("VERIFY_FAILED", $clientId, 0, "Login: $login");
|
||
echo json_encode(['status' => 'error', 'message' => 'Invalid login or password']);
|
||
}
|
||
} |