Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-12-06 17:48:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix Protect DAV when $dolibarr_main_authentication is forceuser

Browse Source 
Compatibility with twoauth
This commit is contained in:
Laurent Destailleur
2019-08-20 13:46:15 +02:00
parent 54234e011f
commit 65d11704bb
3 changed files with 20 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
htdocs/api/class/api_login.class.php
View File

@@ -57,12 +57,15 @@ class Login
*/
public function index($login, $password, $entity = '', $reset = 0)
{
global $conf, $dolibarr_main_authentication, $dolibarr_auto_user;
// Authentication mode
// TODO Remove the API login. The token must be generated from backoffice only.
// Authentication mode
if (empty($dolibarr_main_authentication))
$dolibarr_main_authentication = 'http,dolibarr';
$dolibarr_main_authentication = preg_replace('/twoauth/', 'dolibarr', $dolibarr_main_authentication);
// Authentication mode: forceuser
if ($dolibarr_main_authentication == 'forceuser')
{
@@ -73,6 +76,7 @@ class Login
throw new RestException(403, "Your instance is set to use the automatic login '".$dolibarr_auto_user."' that is not the requested login. API usage is forbidden in this mode.");
}
}
// Set authmode
$authmode = explode(',', $dolibarr_main_authentication);