diff --git a/dev/codesniffer/ruleset.xml b/dev/codesniffer/ruleset.xml
index 98935d15300..839d7549048 100755
--- a/dev/codesniffer/ruleset.xml
+++ b/dev/codesniffer/ruleset.xml
@@ -22,6 +22,9 @@
+
+ 0
+
diff --git a/htdocs/includes/login/functions_empty.php b/htdocs/includes/login/functions_empty.php
index 2417aea9c20..cf535aff82b 100644
--- a/htdocs/includes/login/functions_empty.php
+++ b/htdocs/includes/login/functions_empty.php
@@ -31,7 +31,7 @@
* @param int $entitytotest Number of instance (always 1 if module multicompany not enabled)
* @return string Login if OK, '' if KO
*/
-function check_user_password_empty($usertotest,$passwordtotest)
+function check_user_password_empty($usertotest,$passwordtotest,$entitytotest)
{
dol_syslog("functions_empty::check_user_password_empty usertotest=".$usertotest);
diff --git a/htdocs/includes/login/functions_forceuser.php b/htdocs/includes/login/functions_forceuser.php
index 49f7491f52f..8c341b76d56 100644
--- a/htdocs/includes/login/functions_forceuser.php
+++ b/htdocs/includes/login/functions_forceuser.php
@@ -32,7 +32,7 @@
* @param int $entitytotest Number of instance (always 1 if module multicompany not enabled)
* @return string Login if OK, '' if KO
*/
-function check_user_password_forceuser($usertotest,$passwordtotest)
+function check_user_password_forceuser($usertotest,$passwordtotest,$entitytotest)
{
// Variable dolibarr_auto_user must be defined in conf.php file
global $dolibarr_auto_user;
diff --git a/htdocs/includes/login/functions_http.php b/htdocs/includes/login/functions_http.php
index 2c504a01860..1e05b10db58 100644
--- a/htdocs/includes/login/functions_http.php
+++ b/htdocs/includes/login/functions_http.php
@@ -31,7 +31,7 @@
* @param int $entitytotest Number of instance (always 1 if module multicompany not enabled)
* @return string Login if OK, '' if KO
*/
-function check_user_password_http($usertotest,$passwordtotest)
+function check_user_password_http($usertotest,$passwordtotest,$entitytotest)
{
dol_syslog("functions_http::check_user_password_http _SERVER[REMOTE_USER]=".$_SERVER["REMOTE_USER"]);
diff --git a/htdocs/includes/login/functions_ldap.php b/htdocs/includes/login/functions_ldap.php
index 39f7d59fde6..dd3ddb9e340 100644
--- a/htdocs/includes/login/functions_ldap.php
+++ b/htdocs/includes/login/functions_ldap.php
@@ -32,7 +32,7 @@
* @param int $entitytotest Number of instance (always 1 if module multicompany not enabled)
* @return string Login if OK, '' if KO
*/
-function check_user_password_ldap($usertotest,$passwordtotest)
+function check_user_password_ldap($usertotest,$passwordtotest,$entitytotest)
{
global $_POST,$db,$conf,$langs;
global $dolibarr_main_auth_ldap_host,$dolibarr_main_auth_ldap_port;
diff --git a/htdocs/includes/login/functions_myopenid.php b/htdocs/includes/login/functions_myopenid.php
index 746e5baae86..ecb831465c1 100644
--- a/htdocs/includes/login/functions_myopenid.php
+++ b/htdocs/includes/login/functions_myopenid.php
@@ -32,7 +32,7 @@
* @param int $entitytotest Number of instance (always 1 if module multicompany not enabled)
* @return string Login if OK, '' if KO
*/
-function check_user_password_myopenid($usertotest,$passwordtotest)
+function check_user_password_myopenid($usertotest,$passwordtotest,$entitytotest)
{
global $_POST,$db,$conf,$langs;
diff --git a/htdocs/includes/modules/security/generate/modGeneratePassNone.class.php b/htdocs/includes/modules/security/generate/modGeneratePassNone.class.php
index b2298725ac5..8e909ec0cb1 100644
--- a/htdocs/includes/modules/security/generate/modGeneratePassNone.class.php
+++ b/htdocs/includes/modules/security/generate/modGeneratePassNone.class.php
@@ -43,10 +43,10 @@ class modGeneratePassNone extends ModeleGenPassword
/**
* Constructor
*
- * @param DoliDB $DB Database handler
- * @param conf Handler de conf
- * @param lang Handler de langue
- * @param user Handler du user connecte
+ * @param DoliDB $db Database handler
+ * @param Conf $conf Handler de conf
+ * @param Translate $langs Handler de langue
+ * @param User $user Handler du user connecte
*/
function modGeneratePassNone($db, $conf, $langs, $user)
{
@@ -61,6 +61,7 @@ class modGeneratePassNone extends ModeleGenPassword
/**
* Return description of module
+ *
* @return string Description of text
*/
function getDescription()
@@ -71,6 +72,7 @@ class modGeneratePassNone extends ModeleGenPassword
/**
* Return an example of password generated by this module
+ *
* @return string Example of password
*/
function getExample()
@@ -80,6 +82,7 @@ class modGeneratePassNone extends ModeleGenPassword
/**
* Build new password
+ *
* @return string Return a new generated password
*/
function getNewGeneratedPassword()
@@ -89,7 +92,9 @@ class modGeneratePassNone extends ModeleGenPassword
/**
* Validate a password
- * @return int 0 if KO, >0 if OK
+ *
+ * @param string $password Password to check
+ * @return int 0 if KO, >0 if OK
*/
function validatePassword($password)
{
diff --git a/htdocs/includes/modules/security/generate/modGeneratePassStandard.class.php b/htdocs/includes/modules/security/generate/modGeneratePassStandard.class.php
index 33cb97171e3..17687b914a9 100644
--- a/htdocs/includes/modules/security/generate/modGeneratePassStandard.class.php
+++ b/htdocs/includes/modules/security/generate/modGeneratePassStandard.class.php
@@ -43,10 +43,10 @@ class modGeneratePassStandard extends ModeleGenPassword
/**
* Constructor
*
- * @param DoliDB $DB Database handler
- * @param conf Handler de conf
- * @param lang Handler de langue
- * @param user Handler du user connecte
+ * @param DoliDB $db Database handler
+ * @param Conf $conf Handler de conf
+ * @param Translate $langs Handler de langue
+ * @param User $user Handler du user connecte
*/
function modGeneratePassStandard($db, $conf, $langs, $user)
{
@@ -61,6 +61,7 @@ class modGeneratePassStandard extends ModeleGenPassword
/**
* Return description of module
+ *
* @return string Description of module
*/
function getDescription()
@@ -71,6 +72,7 @@ class modGeneratePassStandard extends ModeleGenPassword
/**
* Return an example of password generated by this module
+ *
* @return string Example of password
*/
function getExample()
@@ -80,6 +82,7 @@ class modGeneratePassStandard extends ModeleGenPassword
/**
* Build new password
+ *
* @return string Return a new generated password
*/
function getNewGeneratedPassword()
@@ -115,7 +118,9 @@ class modGeneratePassStandard extends ModeleGenPassword
/**
* Validate a password
- * @return int 0 if KO, >0 if OK
+ *
+ * @param string $password Password to check
+ * @return int 0 if KO, >0 if OK
*/
function validatePassword($password)
{
diff --git a/htdocs/includes/modules/security/generate/modules_genpassword.php b/htdocs/includes/modules/security/generate/modules_genpassword.php
index e3b58d5c6a5..e462a76e850 100644
--- a/htdocs/includes/modules/security/generate/modules_genpassword.php
+++ b/htdocs/includes/modules/security/generate/modules_genpassword.php
@@ -1,5 +1,5 @@
+/* Copyright (C) 2007-2011 Laurent Destailleur
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -30,54 +30,62 @@ require_once(DOL_DOCUMENT_ROOT.'/lib/functions.lib.php');
*/
abstract class ModeleGenPassword
{
- var $error='';
+ var $error='';
- /** \brief Return if a module can be used or not
- * \return boolean true if module can be used
- */
- function isEnabled()
- {
- return true;
- }
+ /**
+ * Return if a module can be used or not
+ *
+ * @return boolean true if module can be used
+ */
+ function isEnabled()
+ {
+ return true;
+ }
- /** \brief Renvoi la description par defaut du modele
- * \return string Texte descripif
- */
- function info()
- {
- global $langs;
- $langs->load("bills");
- return $langs->trans("NoDescription");
- }
+ /**
+ * Return description of module
+ *
+ * @return string Description of text
+ */
+ function getDescription()
+ {
+ global $langs;
+ return $langs->trans("NoDescription");
+ }
- /** \brief Renvoi un exemple de generation
- * \return string Example
- */
- function getExample()
- {
- global $langs;
- $langs->load("bills");
- return $langs->trans("NoExample");
- }
+ /**
+ * Return an example of password generated by this module
+ *
+ * @return string Example of password
+ */
+ function getExample()
+ {
+ global $langs;
+ $langs->load("bills");
+ return $langs->trans("NoExample");
+ }
/**
- * \brief Build new password
- * \return string Return a new generated password
+ * Build new password
+ *
+ * @return string Return a new generated password
*/
- function getNewGeneratedPassword()
- {
- global $langs;
- return $langs->trans("NotAvailable");
- }
+ function getNewGeneratedPassword()
+ {
+ global $langs;
+ return $langs->trans("NotAvailable");
+ }
/**
- * \brief Validate a password
- * \return int 0 if KO, >0 if OK
+ * Validate a password
+ *
+ * @param string $password Password to check
+ * @return int 0 if KO, >0 if OK
*/
- function validatePassword($password)
- {
- return 1;
- }
+ function validatePassword($password)
+ {
+ return 1;
+ }
}
diff --git a/htdocs/lib/security.lib.php b/htdocs/lib/security.lib.php
index 28f26c1a187..c238533ef94 100644
--- a/htdocs/lib/security.lib.php
+++ b/htdocs/lib/security.lib.php
@@ -18,8 +18,11 @@
*/
/**
- * \file htdocs/lib/security.lib.php
- * \brief Set of function used for dolibarr security
+ * \file htdocs/lib/security.lib.php
+ * \ingroup core
+ * \brief Set of function used for dolibarr security.
+ * Warning, this file must not depends on other library files, except function.lib.php
+ * because it is used at low code level.
*/
@@ -28,8 +31,8 @@
*
* @param string $usertotest Login value to test
* @param string $passwordtotest Password value to test
- * @param string $entitytotest Instance to test
- * @param array $authmode Array list of selected authentication mode ('http', 'dolibarr', 'xxx'...)
+ * @param string $entitytotest Instance of data we must check
+ * @param array $authmode Array list of selected authentication mode array('http', 'dolibarr', 'xxx'...)
* @return string Login or ''
*/
function checkLoginPassEntity($usertotest,$passwordtotest,$entitytotest,$authmode)
@@ -44,14 +47,14 @@ function checkLoginPassEntity($usertotest,$passwordtotest,$entitytotest,$authmod
$login = '';
// Validation of login/pass/entity with a third party login module method
- if (is_array($conf->login_method_modules) && !empty($conf->login_method_modules))
+ if (! empty($conf->login_method_modules) && is_array($conf->login_method_modules))
{
foreach($conf->login_method_modules as $dir)
{
$newdir=dol_osencode($dir);
// Check if directory exists
- if (!is_dir($newdir)) continue;
+ if (! is_dir($newdir)) continue;
$handle=opendir($newdir);
if (is_resource($handle))
@@ -324,7 +327,7 @@ function dol_loginfunction($langs,$conf,$mysoc)
}
/**
- * Fonction pour initialiser un salt pour la fonction crypt
+ * Fonction pour initialiser un salt pour la fonction crypt.
*
* @param int $type 2=>renvoi un salt pour cryptage DES
* 12=>renvoi un salt pour cryptage MD5
@@ -338,7 +341,7 @@ function makesalt($type=CRYPT_SALT_LENGTH)
{
case 12: // 8 + 4
$saltlen=8; $saltprefix='$1$'; $saltsuffix='$'; break;
- case 8: // 8 + 4 (Pour compatibilite, ne devrait pas etre utilise)
+ case 8: // 8 (Pour compatibilite, ne devrait pas etre utilise)
$saltlen=8; $saltprefix='$1$'; $saltsuffix='$'; break;
case 2: // 2
default: // by default, fall back on Standard DES (should work everywhere)
@@ -497,7 +500,7 @@ function dol_decode($chain)
/**
* Return a generated password using default module
*
- * @param boolean $generic Create generic password
+ * @param boolean $generic true=Create generic password (a MD5 string), false=Use the configured password generation module
* @return string New value for password
*/
function getRandomPassword($generic=false)
diff --git a/htdocs/lib/ws.lib.php b/htdocs/lib/ws.lib.php
index 73a538e144a..c7d2c019453 100755
--- a/htdocs/lib/ws.lib.php
+++ b/htdocs/lib/ws.lib.php
@@ -18,6 +18,7 @@
/**
* \file htdocs/lib/ws.lib.php
+ * \ingroup webservices
* \brief Set of function for manipulating web services
*/
@@ -25,10 +26,11 @@
/**
* Check authentication array and set error, errorcode, errorlabel
*
- * @param authentication Array
- * @param error
- * @param errorcode
- * @param errorlabel
+ * @param array $authentication Array with authentication informations ('login'=>,'password'=>,'entity'=>,'dolibarrkey'=>)
+ * @param int &$error Number of errors
+ * @param string &$errorcode Error string code
+ * @param string &$errorlabel Error string label
+ * @return User Return user object identified by login/pass/entity into authentication array
*/
function check_authentication($authentication,&$error,&$errorcode,&$errorlabel)
{
diff --git a/test/phpunit/SecurityTest.php b/test/phpunit/SecurityTest.php
index d522eeeac0a..3b9756c21fc 100755
--- a/test/phpunit/SecurityTest.php
+++ b/test/phpunit/SecurityTest.php
@@ -178,23 +178,39 @@ class SecurityTest extends PHPUnit_Framework_TestCase
/**
*/
-/* public function testAnalyseSqlAndScript()
+ public function testEncodeDecode()
{
- global $conf,$user,$langs,$db;
- $conf=$this->savconf;
- $user=$this->savuser;
- $langs=$this->savlangs;
- $db=$this->savdb;
+ $stringtotest="This is a string to test encode/decode";
- $_GET["param1"]="azert";
- $_POST["param2"]="a/b#e(pr)qq-rr\cc";
-
- $result=analyse_sql_and_script($_GET);
- print __METHOD__." result=".$result."\n";
- $this->assertFalse($result); // False because mail send disabled
+ $encodedstring=dol_encode($stringtotest);
+ $decodedstring=dol_decode($encodedstring);
+ print __METHOD__." encodedstring=".$encodedstring." ".base64_encode($stringtotest)."\n";
+ $this->assertEquals($stringtotest,$decodedstring);
+
+ return $result;
+ }
+
+ /**
+ */
+ public function testGetRandomPassword()
+ {
+ global $conf;
+
+ $genpass1=getRandomPassword(true); // Should be a MD5 string return by dol_hash
+ print __METHOD__." genpass1=".$genpass1."\n";
+ $this->assertEquals(strlen($genpass1),32);
+
+ $conf->global->USER_PASSWORD_GENERATED='None';
+ $genpass2=getRandomPassword(false); // Should be an empty string
+ print __METHOD__." genpass2=".$genpass2."\n";
+ $this->assertEquals($genpass2,'');
+
+ $conf->global->USER_PASSWORD_GENERATED='Standard';
+ $genpass3=getRandomPassword(false);
+ print __METHOD__." genpass3=".$genpass3."\n";
+ $this->assertEquals(strlen($genpass3),8);
return $result;
}
-*/
}
?>
\ No newline at end of file