diff --git a/build/api/core/AuthSystemDefault.php b/build/api/core/AuthSystemDefault.php index a587750..e2df98c 100755 --- a/build/api/core/AuthSystemDefault.php +++ b/build/api/core/AuthSystemDefault.php @@ -43,15 +43,19 @@ /* (3) Gestion de AUTH en fonction des tokens ---------------------------------------------------------*/ - /* (1) Double authentification */ - if( preg_match('/^([a-f0-9]{64})([a-f0-9]{64})$/', $AUTH, $match) ) + /* (1) Triple authentification (warehouse+SATS_token+SATS_nexttoken) */ + if( preg_match('/^([a-f0-9]{128})([a-f0-9]{128})([a-f0-9]{128})$/', $AUTH, $match) ) + $_SESSION['AUTH'] = [ $match[1], $match[2], $match[3] ]; + + /* (2) Double authentification (warehouse+admin) */ + else if( preg_match('/^([a-f0-9]{128})([a-f0-9]{128})$/', $AUTH, $match) ) $_SESSION['AUTH'] = [ $match[1], $match[2] ]; - /* (2) Authentification unique */ - else if( preg_match('/^[a-f0-9]{64}$/', $AUTH, $match) ) + /* (3) Authentification unique (warehouse) */ + else if( preg_match('/^[a-f0-9]{128}$/', $AUTH, $match) ) $_SESSION['AUTH'] = [ $match[0] ]; - /* (3) Aucune authentification */ + /* (4) Aucune authentification */ else{ $_SESSION['AUTH'] = []; $_SESSION['PERM'] = []; @@ -78,14 +82,17 @@ * */ public static function deepCheck(){ + /* [1] Si aucune authentification =========================================================*/ if( self::auth() == 0 ) return false; - /* [2] Si authentification unique + + /* [2] Si authentification unique -> WAREHOUSE =========================================================*/ if( self::auth() >= 1 ){ + $checkRoot = new Repo('warehouse/getByToken', [ $_SESSION['AUTH'][0] ]); /* (1) Si le token n'existe pas, on retourne une erreur */ @@ -103,11 +110,14 @@ $getModules = new Repo('warehouse/getModules', [ $_SESSION['WAREHOUSE']['id'] ]); $_SESSION['WAREHOUSE']['modules'] = $getModules->answer(); + } - /* [3] Si authentification double + + /* [3] Si authentification double -> WAREHOUSE + ADMIN =========================================================*/ - if( self::auth() >= 2 ){ + if( self::auth() == 2 ){ + $checkBranch = new Repo('admin/getByToken', [ $_SESSION['WAREHOUSE']['id'], $_SESSION['AUTH'][1] ]); /* (1) Si le token n'existe pas, on retourne une erreur */ @@ -120,9 +130,33 @@ 'username' => $checkBranch->answer()['username'], 'mail' => $checkBranch->answer()['mail'] ]; + + } - /* [4] Si pas d'erreur d'authentification, on retourne TRUE + + /* [4] Si authentification triple -> WAREHOUSE + SATS_token + SATS_nexttoken + =========================================================*/ + if( self::auth() == 3 ){ + + + $checkBranch = new Repo('machine/checkToken', [ $_SESSION['WAREHOUSE']['id'], $_SESSION['AUTH'][1], $_SESSION['AUTH'][2] ]); + + /* (1) Si le token n'est pas valide, on retourne une erreur */ + if( $checkBranch->answer() == false ) + return false; + + /* (2) On met à jour les informations de l'administrateur */ + $_SESSION['SATS'] = [ + 'id' => (int) $checkBranch->answer()['id_machine'], + 'name' => $checkBranch->answer()['name'] + ]; + + + } + + + /* [5] Si pas d'erreur d'authentification, on retourne TRUE =========================================================*/ return true; } @@ -157,12 +191,19 @@ if( in_array('admin', $expected) && self::auth() < 2 ) return new Error(Err::PermissionError); - /* (3) On retire 'warehouse' et 'admin' de @expected + /* (3) Si SATS requis, mais manquant + ---------------------------------------------------------*/ + if( in_array('sats', $expected) && self::auth() < 3 ) + return new Error(Err::TokenError); + + /* (4) On retire 'warehouse', 'admin' et 'sats' de @expected ---------------------------------------------------------*/ $warehouseIndex = array_search('warehouse', $expected); $adminIndex = array_search('admin', $expected); + $satsIndex = array_search('sats', $expected); if( is_int($warehouseIndex) ) unset($expected[$warehouseIndex]); if( is_int($adminIndex) ) unset($expected[$adminIndex]); + if( is_int($satsIndex) ) unset($expected[$satsIndex]); /* [2] Gestion des permissions diff --git a/build/api/module/historyDefault.php b/build/api/module/historyDefault.php index 1269812..71429fc 100755 --- a/build/api/module/historyDefault.php +++ b/build/api/module/historyDefault.php @@ -4,6 +4,7 @@ use \database\core\DatabaseDriver; use \manager\sessionManager; use \error\core\Error; + use \error\core\Err; use \database\core\Repo; class historyDefault{ @@ -37,7 +38,7 @@ // Si une erreur est retournee, on retourne une erreur if( $id_entry === false ) - return ['error' => new Error(Err::error)]; + return ['error' => new Error(Err::ModuleError)]; /* [2] Gestion du retour diff --git a/build/api/module/machineDefault.php b/build/api/module/machineDefault.php index 056c971..e47246b 100755 --- a/build/api/module/machineDefault.php +++ b/build/api/module/machineDefault.php @@ -647,45 +647,43 @@ public function sync($params){ extract($params); - /* [0] Vérification du token - =========================================================*/ - $checkToken = new Repo('machine/checkToken', [ $_SESSION['WAREHOUSE']['id'], $token, $renew ]); - $machine = $checkToken->answer(); - - // Si token incorrect, on envoie une erreur - if( $machine === false ) - return [ 'error' => new Error(Err::TokenError) ]; - - - /* [1] Initialisation des variables =========================================================*/ - $fetched = [ 'testdata' => [5,2,3] ]; + $fetched = [ + 'history' => 0, // count of registered logs + 'feature' => [] // count of registered logs for each feature + + ]; /* [2] Gestion des données reçues =========================================================*/ /* (1) For each history entry */ - if( isset($data['history']) && is_array($data['history']) ){ + if( isset($data['default']) && is_array($data['default']) ){ /* (2) Create history entry in db */ - foreach($data['history'] as $entry){ + foreach($data['default'] as $entry){ // {1} Build request // $log_req = new Request('historyDefault/create', [ - 'id_user' => $entry[0], - 'id_machine' => $entry[1], + 'timestamp' => $entry[0], + 'id_user' => $entry[1], 'id_action' => $entry[2], - 'timestamp' => $entry[3] + 'id_machine' => $_SESSION['SATS']['id'] ]); + var_dump('req', $log_req->error->get()); // {2} Manage error // if( $log_req->error->get() != Err::Success ) continue; // {3} Process + get response // $log_res = $log_req->dispatch(); + var_dump('res', $log_res->error->get()); + // {4} Register if success // + if( $log_res->error->get() == Err::Success ) + $fetched['history']++; } } @@ -698,7 +696,7 @@ =========================================================*/ /* (1) Basic working data update ---------------------------------------------------------*/ - $basis_update = self::getMachineWorkingInformation($machine['id_machine']); + $basis_update = self::getMachineWorkingInformation($_SESSION['SATS']['id']); @@ -706,7 +704,7 @@ /* [4] Envoi des données =========================================================*/ - return array_merge($basis_update, ['data' => $fetched]); + return array_merge($basis_update, ['saved' => $fetched]); } diff --git a/config/modules.json b/config/modules.json index 71787bd..b4217b8 100755 --- a/config/modules.json +++ b/config/modules.json @@ -9,14 +9,14 @@ "POST::markdown": { "description": "Retourne une description en markdown des différents modules de l'API", - "permissions": ["warehouse", "admin"], + "permissions": ["admin"], "options": { "download": true }, "parameters": {} }, "POST::apiBlueprint": { "description": "Retourne une documentation de l'API au format API Blueprint.", - "permissions": ["warehouse", "admin"], + "permissions": ["admin"], "options": { "download": true }, "parameters": {} } @@ -88,7 +88,7 @@ "POST::create": { "description": "Création d'un nouvel utilisateur.", - "permissions": ["warehouse", "admin"], + "permissions": ["admin"], "parameters": { "code": { "description": "Code RFID de l'utilisateur.", "type": "rfid" }, "username": { "description": "Identifiant de l'utilisateur.", "type": "varchar(1,30,alphanumeric)" }, @@ -103,7 +103,7 @@ "POST::link": { "description": "Ajout d'un utilisateur à un groupe.", - "permissions": ["warehouse", "admin"], + "permissions": ["admin"], "parameters": { "id_cluster": { "description": "UID du groupe auquel rattacher.", "type": "id" }, "id_user": { "description": "UID de l'utilisateur à rattacher.", "type": "id" } @@ -114,7 +114,7 @@ "POST::unlink": { "description": "Retrait d'un utilisateur d'un groupe", - "permissions": ["warehouse", "admin"], + "permissions": ["admin"], "parameters": { "id_cluster": { "description": "UID du groupe auquel détacher.", "type": "id" }, "id_user": { "description": "UID de l'utilisateur à détacher.", "type": "id" } @@ -124,7 +124,7 @@ "POST::search": { "description": "Recherche d'un utilisateur par mots-clés.", - "permissions": ["warehouse", "admin"], + "permissions": ["admin"], "parameters": { "keywords": { "description": "Mots-clés de la recherche.", "type": "text" } }, @@ -135,7 +135,7 @@ "POST::getAll": { "description": "Liste de tous les utilisateurs", - "permissions": ["warehouse", "admin"], + "permissions": ["admin"], "parameters": {}, "output": { "users": { "description": "Liste de tous les utilisateurs.", "type": "array>" } @@ -144,7 +144,7 @@ "POST::getById": { "description": "Retourne un utilisateur spécifique.", - "permissions": ["warehouse", "admin"], + "permissions": ["admin"], "parameters": { "id_user": { "description": "UID de l'utilisateur.", "type": "id" } }, @@ -155,7 +155,7 @@ "POST::getByCode": { "description": "Retourne un utilisateur de Code RFID donné.", - "permissions": ["warehouse", "admin"], + "permissions": ["admin"], "parameters": { "code": { "description": "Code RFID de l'utilisateur.", "type": "rfid" } }, @@ -166,7 +166,7 @@ "POST::getByUsername": { "description": "Retourne un utilisateur d'identifiant donné.", - "permissions": ["warehouse", "admin"], + "permissions": ["admin"], "parameters": { "username": { "description": "Identifiant de l'utilisateur.", "type": "varchar(1,30,alphanumeric)" } }, @@ -177,7 +177,7 @@ "POST::getClusters": { "description": "Retourne les groupes d'un utilisateur.", - "permissions": ["warehouse", "admin"], + "permissions": ["admin"], "parameters": { "id_user": { "description": "UID de l'utilisateur.", "type": "id" } }, @@ -188,7 +188,7 @@ "POST::edit": { "description": "Modifie les attributs d'un utilisateur.", - "permissions": ["warehouse", "admin"], + "permissions": ["admin"], "parameters": { "id_user": { "description": "UID de l'utilisateur.", "type": "id" }, "code": { "description": "Code RFID de l'utilisateur.", "type": "rfid", "optional": true }, @@ -207,7 +207,7 @@ "POST::delete": { "description": "Suppression d'un utilisateur.", - "permissions": ["warehouse", "admin"], + "permissions": ["admin"], "parameters": { "id_user": { "description": "UID de l'utilisateur.", "type": "id" } }, @@ -223,11 +223,9 @@ "POST::sync": { "description": "Synchronisation d'une machine.", - "permissions": ["warehouse"], + "permissions": ["warehouse", "sats"], "parameters": { - "token": { "description": "Code d'accès évolutif dynamique.", "type": "hash" }, - "data": { "description": "Données (dépendent des modules).", "type": "array" }, - "renew": { "description": "Nouveau code d'accès.", "type": "hash", "optional": true } + "data": { "description": "Données (dépendent des modules).", "type": "array" } }, "output": { "data": { "description": "Données (dépendent des modules).", "type": "array" } @@ -249,7 +247,7 @@ "POST::create": { "description": "Création d'une nouvelle machine.", - "permissions": ["warehouse", "admin"], + "permissions": ["admin"], "parameters": { "name": { "description": "Nom de la machine.", "type": "varchar(1,30,letters)" } }, @@ -260,7 +258,7 @@ "POST::link": { "description": "Ajout d'une machine à un groupe.", - "permissions": ["warehouse", "admin"], + "permissions": ["admin"], "parameters": { "id_machine": { "description": "UID de la machine.", "type": "id" }, "id_cluster": { "description": "UID du groupe de la machine.", "type": "id" } @@ -270,7 +268,7 @@ "POST::unlink": { "description": "Retrait d'une machine d'un groupe.", - "permissions": ["warehouse", "admin"], + "permissions": ["admin"], "parameters": { "id_machine": { "description": "UID de la machine.", "type": "id" }, "id_cluster": { "description": "UID du groupe de la machine.", "type": "id" } @@ -280,7 +278,7 @@ "POST::search": { "description": "Recherche une machine par mots-clés.", - "permissions": ["warehouse", "admin"], + "permissions": ["admin"], "parameters": { "keywords": { "description": "Mots-clés de recherche de machine", "type": "text" } }, @@ -291,7 +289,7 @@ "POST::getAll": { "description": "Retourne la liste de toutes les machines.", - "permissions": ["warehouse", "admin"], + "permissions": ["admin"], "parameters": {}, "output": { "machines": { "description": "Liste de toutes les machines.", "type": "array>" } @@ -300,7 +298,7 @@ "POST::getById": { "description": "Retourne les données d'une machine.", - "permissions": ["warehouse", "admin"], + "permissions": ["admin"], "parameters": { "id_machine": { "description": "UID de la machine.", "type": "id" } }, @@ -311,7 +309,7 @@ "POST::getByName": { "description": "Retourne les données d'une machine de nom donné.", - "permissions": ["warehouse", "admin"], + "permissions": ["admin"], "parameters": { "name": { "description": "Nom de la machine.", "type": "varchar(1,30,letters)" } }, @@ -322,7 +320,7 @@ "POST::getClusters": { "description": "Retourne les groupes d'une machine.", - "permissions": ["warehouse", "admin"], + "permissions": ["admin"], "parameters": { "id_machine": { "description": "UID de la machine.", "type": "id" } }, @@ -333,7 +331,7 @@ "POST::edit": { "description": "Modifie les attributs d'une machine.", - "permissions": ["warehouse", "admin"], + "permissions": ["admin"], "parameters": { "id_machine": { "description": "UID de la machine.", "type": "id" }, "name": { "description": "Nom de la machine.", "type": "varchar(1,30,letters)", "optional": true } @@ -343,7 +341,7 @@ "POST::delete": { "description": "Supprime une machine.", - "permissions": ["warehouse", "admin"], + "permissions": ["admin"], "parameters": { "id_machine": { "description": "UID de la machine.", "type": "id" } }, @@ -354,7 +352,7 @@ "POST::getState": { "description": "Retourne l'état d'une machine.", - "permissions": ["warehouse", "admin"], + "permissions": ["admin"], "parameters": { "id_machine": { "description": "UID de la machine", "type": "id" } }, @@ -370,7 +368,7 @@ "POST::create": { "description": "Création d'un nouveau groupe.", - "permissions": ["warehouse", "admin"], + "permissions": ["admin"], "parameters": { "name": { "description": "Nom du groupe.", "type": "varchar(1,30,letters)" }, "class": { "description": "Type de groupe.", "type": "id" } @@ -382,7 +380,7 @@ "POST::search": { "description": "Recherche d'un groupe par mots-clés.", - "permissions": ["warehouse", "admin"], + "permissions": ["admin"], "parameters": { "keywords": { "description": "Mots-clés de la recherche.", "type": "text" }, "class": { "description": "Type de groupe.", "type": "id", "optional": true } @@ -394,7 +392,7 @@ "POST::getAll": { "description": "Liste de tous les groupes", - "permissions": ["warehouse", "admin"], + "permissions": ["admin"], "parameters": { "class": { "description": "Type de groupe.", "type": "id" } }, @@ -405,7 +403,7 @@ "POST::getById": { "description": "Retourne un groupe spécifique.", - "permissions": ["warehouse", "admin"], + "permissions": ["admin"], "parameters": { "id_cluster": { "description": "UID du groupe.", "type": "id" }, "class": { "description": "Type de groupe.", "type": "id" } @@ -417,7 +415,7 @@ "POST::getByName": { "description": "Retourne un groupe de nom donné.", - "permissions": ["warehouse", "admin"], + "permissions": ["admin"], "parameters": { "name": { "description": "Nom du groupe.", "type": "varchar(1,30,letters)" }, "class": { "description": "Type de groupe.", "type": "id" } @@ -429,7 +427,7 @@ "POST::getMembers": { "description": "Retourne les membres d'un groupe.", - "permissions": ["warehouse", "admin"], + "permissions": ["admin"], "parameters": { "id_cluster": { "description": "UID du groupe.", "type": "id" }, "class": { "description": "Type de groupe.", "type": "id" } @@ -441,7 +439,7 @@ "POST::edit": { "description": "Modifie le nom d'un groupe.", - "permissions": ["warehouse", "admin"], + "permissions": ["admin"], "parameters": { "id_cluster": { "description": "UID du groupe.", "type": "id" }, "class": { "description": "Type de groupe.", "type": "id" }, @@ -454,7 +452,7 @@ "POST::delete": { "description": "Suppression d'un groupe.", - "permissions": ["warehouse", "admin"], + "permissions": ["admin"], "parameters": { "id_cluster": { "description": "UID du groupe.", "type": "id" }, "class": { "description": "Type de groupe.", "type": "id" } @@ -466,7 +464,7 @@ "POST::addPermission": { "description": "Ajout d'une permission", - "permissions": ["warehouse", "admin"], + "permissions": ["admin"], "parameters": { "id_source": { "description": "Groupe d'utilisateur source.", "type": "id" }, "id_target": { "description": "Groupe de machine cible.", "type": "id" }, @@ -477,7 +475,7 @@ "POST::remPermission": { "description": "Suppression d'une permission", - "permissions": ["warehouse", "admin"], + "permissions": ["admin"], "parameters": { "id_source": { "description": "Groupe d'utilisateur source.", "type": "id" }, "id_target": { "description": "Groupe de machine cible.", "type": "id" }, @@ -488,7 +486,7 @@ "POST::getPermissions": { "description": "Retourne la liste des permissions", - "permissions": ["warehouse","admin"], + "permissions": ["admin"], "parameters": {}, "output": { "permissions": { "description": "Liste des permissions", "type": "array" } @@ -497,7 +495,7 @@ "POST::getAuthenticatedClusters": { "description": "Retourne les groupes d'utilisateurs ayant une action sur un groupe de machine.", - "permissions": ["warehouse","admin"], + "permissions": ["admin"], "parameters": { "id_target": { "description": "Groupe de machine cible.", "type": "id" }, "id_action": { "description": "Action en question.", "type": "id" } @@ -512,7 +510,7 @@ "historyDefault": { "POST::create": { "description": "Retourne l'historique complet", - "permissions": ["warehouse", "admin"], + "permissions": ["admin", "sats"], "parameters": { "id_machine": { "description": "Machine UID", "type": "id" }, "id_user": { "description": "User UID", "type": "id" }, @@ -523,7 +521,7 @@ }, "POST::getAll": { "description": "Retourne l'historique complet", - "permissions": ["warehouse", "admin"], + "permissions": ["admin"], "parameters": {}, "output": { "history": { "description": "Données de l'historique", "type": "array" }