Bitrix-D7 23.9
 
Загрузка...
Поиск...
Не найдено
auth.php
1<?php
9namespace Bitrix\Rest\SessionAuth;
10
11use Bitrix\Main\Context;
12use Bitrix\Main\UserTable;
13
14class Auth
15{
16 const AUTH_TYPE = 'sessionauth';
17
18 protected static $authQueryParams = array(
19 'sessid',
20 );
21
22 public static function isAccessAllowed(): bool
23 {
24 global $USER;
25
26 $externalAuthId = $USER->GetParam('EXTERNAL_AUTH_ID');
27
28 if ($USER->IsAdmin() || $externalAuthId === "__controller")
29 {
30 return true;
31 }
32
33 // fake user like as BOT, IMCONNECTOR, SHOP
34 $blackList = UserTable::getExternalUserTypes();
35 if (in_array($externalAuthId, $blackList, true))
36 {
37 return false;
38 }
39
40 if (!\Bitrix\Main\Loader::includeModule('intranet'))
41 {
42 return true;
43 }
44
45 if (\Bitrix\Intranet\Util::isIntranetUser())
46 {
47 return true;
48 }
49
50 if (\Bitrix\Intranet\Util::isExtranetUser())
51 {
52 return true;
53 }
54
55 return false;
56 }
57
58 public static function onRestCheckAuth(array $query, $scope, &$res)
59 {
60 global $USER;
61
62 $authKey = null;
63 foreach(static::$authQueryParams as $key)
64 {
65 if(array_key_exists($key, $query))
66 {
67 $authKey = $query[$key];
68 break;
69 }
70 }
71
72 if($authKey !== null || Context::getCurrent()->getRequest()->getHeader('X-Bitrix-Csrf-Token') !== null)
73 {
74 static::checkHttpAuth();
75 static::checkCookieAuth();
76
77 if(!$USER->isAuthorized())
78 {
79 $error = true;
80 $res = array('error' => 'access_denied', 'error_description' => 'User not authorized', 'additional' => array('sessid' => bitrix_sessid(), 'extended_error' => 'user_not_authorized'));
81 }
82 else if(check_bitrix_sessid() || $authKey === bitrix_sessid())
83 {
84 if (self::isAccessAllowed())
85 {
86 $error = false;
87 $res = array(
88 'user_id' => $USER->GetID(),
89 'scope' => implode(',', \CRestUtil::getScopeList()),
90 'parameters_clear' => static::$authQueryParams,
91 'auth_type' => static::AUTH_TYPE,
92 );
93
94 self::setLastActivityDate($USER->GetID(), $query);
95
96 if ($query['BX_SESSION_LOCK'] ?? null !== 'Y')
97 {
98 session_write_close();
99 }
100 }
101 else
102 {
103 $error = true;
104 $res = array('error' => 'access_denied', 'error_description' => 'Access denied for this type of user', 'additional' => array('type' => $USER->GetParam('EXTERNAL_AUTH_ID')));
105 }
106 }
107 else
108 {
109 $error = true;
110 $res = array('error' => 'session_failed', 'error_description' => 'Sessid check failed', 'additional' => array('sessid' => bitrix_sessid()));
111 }
112
113 return !$error;
114 }
115
116 return null;
117 }
118
119 private static function setLastActivityDate($userId, $query)
120 {
121 $query = array_change_key_case($query, CASE_UPPER);
122 if (isset($query['BX_LAST_ACTIVITY']) && $query['BX_LAST_ACTIVITY'] == 'N')
123 {
124 return false;
125 }
126
127 $useCache = isset($query['BX_LAST_ACTIVITY_USE_CACHE']) && $query['BX_LAST_ACTIVITY_USE_CACHE'] == 'N'? false: true;
128
129 if (isset($query['BX_MOBILE']) && $query['BX_MOBILE'] == 'Y')
130 {
131 if ($query['BX_MOBILE_BACKGROUND'] != 'Y' && \Bitrix\Main\Loader::includeModule('mobile'))
132 {
133 \Bitrix\Mobile\User::setOnline($userId, $useCache);
134 \CUser::SetLastActivityDate($userId, $useCache);
135 }
136 }
137 else
138 {
139 \CUser::SetLastActivityDate($userId, $useCache);
140 }
141
142 return true;
143 }
144
145 protected static function requireHttpAuth()
146 {
147 global $USER;
148 $USER->RequiredHTTPAuthBasic('Bitrix REST');
149 }
150
151 protected static function checkHttpAuth()
152 {
153 global $USER, $APPLICATION;
154
155 if(!$USER->IsAuthorized())
156 {
157 $httpAuth = $USER->LoginByHttpAuth();
158 if($httpAuth !== null)
159 {
160 $APPLICATION->SetAuthResult($httpAuth);
161 }
162 }
163 }
164
165 protected static function checkCookieAuth()
166 {
167 global $USER;
168
169 if(!$USER->IsAuthorized())
170 {
171 $USER->LoginByCookies();
172 }
173 }
174}
Bitrix\Main\Context\getCurrent
static getCurrent()
Definition context.php:241
Bitrix\Main\Loader\includeModule
static includeModule($moduleName)
Definition loader.php:69
Bitrix\Rest\SessionAuth\Auth\onRestCheckAuth
static onRestCheckAuth(array $query, $scope, &$res)
Definition auth.php:58