1C-Bitrix 25.700.0
Загрузка...
Поиск...
Не найдено
auth.php
См. документацию.
1<?php
8
9namespace Bitrix\Rest\SessionAuth;
10
11use Bitrix\Intranet\Service\ServiceContainer;
12use Bitrix\Main\Context;
13use Bitrix\Main\Loader;
14use Bitrix\Main\UserTable;
15
16class Auth
17{
18 const AUTH_TYPE = 'sessionauth';
19
20 protected static $authQueryParams = array(
21 'sessid',
22 );
23
24 public static function isAccessAllowed(): bool
25 {
26 global $USER;
27
28 $externalAuthId = $USER->GetParam('EXTERNAL_AUTH_ID');
29
30 if ($USER->IsAdmin() || $externalAuthId === "__controller")
31 {
32 return true;
33 }
34
35 // fake user like as BOT, IMCONNECTOR, SHOP
36 $blackList = UserTable::getExternalUserTypes();
37 if (in_array($externalAuthId, $blackList, true))
38 {
39 return false;
40 }
41
42 if (!\Bitrix\Main\Loader::includeModule('intranet'))
43 {
44 return true;
45 }
46
47 if (\Bitrix\Intranet\Util::isIntranetUser())
48 {
49 return true;
50 }
51
52 if (\Bitrix\Intranet\Util::isExtranetUser())
53 {
54 return true;
55 }
56
57 return false;
58 }
59
60 public static function onRestCheckAuth(array $query, $scope, &$res)
61 {
62 global $USER;
63
64 $authKey = null;
65 foreach(static::$authQueryParams as $key)
66 {
67 if(array_key_exists($key, $query))
68 {
69 $authKey = $query[$key];
70 break;
71 }
72 }
73
74 if($authKey !== null || Context::getCurrent()->getRequest()->getHeader('X-Bitrix-Csrf-Token') !== null)
75 {
76 static::checkHttpAuth();
77 static::checkCookieAuth();
78
79 if(!$USER->isAuthorized())
80 {
81 $error = true;
82 $res = array('error' => 'access_denied', 'error_description' => 'User not authorized', 'additional' => array('sessid' => bitrix_sessid(), 'extended_error' => 'user_not_authorized'));
83 }
84 else if(check_bitrix_sessid() || $authKey === bitrix_sessid())
85 {
86 if (self::isAccessAllowed())
87 {
88 $error = false;
89 $res = array(
90 'user_id' => $USER->GetID(),
91 'scope' => implode(',', \CRestUtil::getScopeList()),
92 'parameters_clear' => static::$authQueryParams,
93 'auth_type' => static::AUTH_TYPE,
94 );
95
96 self::setLastActivityDate($USER->GetID(), $query);
97
98 if ($query['BX_SESSION_LOCK'] ?? null !== 'Y')
99 {
100 session_write_close();
101 }
102 }
103 else
104 {
105 $error = true;
106 $res = array('error' => 'access_denied', 'error_description' => 'Access denied for this type of user', 'additional' => array('type' => $USER->GetParam('EXTERNAL_AUTH_ID')));
107 }
108 }
109 else
110 {
111 $error = true;
112 $res = array('error' => 'session_failed', 'error_description' => 'Sessid check failed', 'additional' => array('sessid' => bitrix_sessid()));
113 }
114
115 return !$error;
116 }
117
118 return null;
119 }
120
121 private static function setLastActivityDate($userId, $query)
122 {
123 $query = array_change_key_case($query, CASE_UPPER);
124 if (isset($query['BX_LAST_ACTIVITY']) && $query['BX_LAST_ACTIVITY'] == 'N')
125 {
126 return false;
127 }
128
129 $useCache = isset($query['BX_LAST_ACTIVITY_USE_CACHE']) && $query['BX_LAST_ACTIVITY_USE_CACHE'] == 'N'? false: true;
130
131 if (isset($query['BX_MOBILE']) && $query['BX_MOBILE'] == 'Y')
132 {
133 if ($query['BX_MOBILE_BACKGROUND'] != 'Y' && \Bitrix\Main\Loader::includeModule('mobile'))
134 {
135 \Bitrix\Mobile\User::setOnline($userId, $useCache);
136 \CUser::SetLastActivityDate($userId, $useCache);
137 }
138 }
139 else
140 {
141 \CUser::SetLastActivityDate($userId, $useCache);
142 }
143
144 return true;
145 }
146
147 protected static function requireHttpAuth()
148 {
149 global $USER;
150 $USER->RequiredHTTPAuthBasic('Bitrix REST');
151 }
152
153 protected static function checkHttpAuth()
154 {
155 global $USER, $APPLICATION;
156
157 if(!$USER->IsAuthorized())
158 {
159 $httpAuth = $USER->LoginByHttpAuth();
160 if($httpAuth !== null)
161 {
162 $APPLICATION->SetAuthResult($httpAuth);
163 }
164 }
165 }
166
167 protected static function checkCookieAuth()
168 {
169 global $USER;
170
171 if(!$USER->IsAuthorized())
172 {
173 $USER->LoginByCookies();
174 }
175 }
176}
$APPLICATION
global $APPLICATION
Определения include.php:80
$userId
if(!is_object($USER)||! $USER->IsAuthorized()) $userId
Определения check_mail.php:18
Bitrix\Main\Loader
Определения loader.php:13
Bitrix\Main\UserTable
Определения user.php:48
Bitrix\Rest\SessionAuth\Auth\$authQueryParams
static $authQueryParams
Определения auth.php:20
Bitrix\Rest\SessionAuth\Auth\requireHttpAuth
static requireHttpAuth()
Определения auth.php:147
Bitrix\Rest\SessionAuth\Auth\AUTH_TYPE
const AUTH_TYPE
Определения auth.php:18
Bitrix\Rest\SessionAuth\Auth\checkHttpAuth
static checkHttpAuth()
Определения auth.php:153
Bitrix\Rest\SessionAuth\Auth\checkCookieAuth
static checkCookieAuth()
Определения auth.php:167
Bitrix\Rest\SessionAuth\Auth\isAccessAllowed
static isAccessAllowed()
Определения auth.php:24
Bitrix\Rest\SessionAuth\Auth\onRestCheckAuth
static onRestCheckAuth(array $query, $scope, &$res)
Определения auth.php:60
array
</td ></tr ></table ></td ></tr >< tr >< td class="bx-popup-label bx-width30"><?=GetMessage("PAGE_NEW_TAGS")?> array( $site)
Определения file_new.php:804
$res
$res
Определения filter_act.php:7
$query
$query
Определения get_search.php:11
$USER
global $USER
Определения csv_new_run.php:40
check_bitrix_sessid
check_bitrix_sessid($varname='sessid')
Определения tools.php:4686
bitrix_sessid
bitrix_sessid()
Определения tools.php:4656
Bitrix\Main\Context
Определения culture.php:9
Bitrix\Rest\SessionAuth
Определения auth.php:9
$key
if(empty($signedUserToken)) $key
Определения quickway.php:257
$error
$error
Определения subscription_card_product.php:20