|
<?php |
|
|
|
namespace Kanboard\Api\Middleware; |
|
|
|
use JsonRPC\Exception\AccessDeniedException; |
|
use JsonRPC\Exception\AuthenticationFailureException; |
|
use JsonRPC\MiddlewareInterface; |
|
use Kanboard\Auth\ApiAccessTokenAuth; |
|
use Kanboard\Core\Base; |
|
use Symfony\Contracts\EventDispatcher\Event; |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class AuthenticationMiddleware extends Base implements MiddlewareInterface |
|
{ |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
public function execute($username, $password, $procedureName) |
|
{ |
|
$this->dispatcher->dispatch(new Event, 'app.bootstrap'); |
|
session_set('scope', 'API'); |
|
|
|
if ($this->isUserAuthenticated($username, $password)) { |
|
$this->userSession->initialize($this->userCacheDecorator->getByUsername($username)); |
|
} elseif (! $this->isAppAuthenticated($username, $password)) { |
|
$this->logger->error('API authentication failure for '.$username); |
|
throw new AuthenticationFailureException('Wrong credentials'); |
|
} |
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
private function isUserAuthenticated($username, $password) |
|
{ |
|
if ($username === 'jsonrpc') { |
|
return false; |
|
} |
|
|
|
if ($this->userLockingModel->isLocked($username)) { |
|
return false; |
|
} |
|
|
|
if ($this->userModel->has2FA($username)) { |
|
$this->logger->info('This API user ('.$username.') as 2FA enabled: only API keys are authorized'); |
|
$this->authenticationManager->reset(); |
|
$this->authenticationManager->register(new ApiAccessTokenAuth($this->container)); |
|
} |
|
|
|
return $this->authenticationManager->passwordAuthentication($username, $password); |
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
private function isAppAuthenticated($username, $password) |
|
{ |
|
return $username === 'jsonrpc' && $password === $this->getApiToken(); |
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
private function getApiToken() |
|
{ |
|
if (defined('API_AUTHENTICATION_TOKEN')) { |
|
return API_AUTHENTICATION_TOKEN; |
|
} |
|
|
|
if (getenv('API_AUTHENTICATION_TOKEN')) { |
|
return getenv('API_AUTHENTICATION_TOKEN'); |
|
} |
|
|
|
return $this->configModel->get('api_token'); |
|
} |
|
} |
|
|