From a7d8530ec748a235cc99564c10f8d7e88709f0e6 Mon Sep 17 00:00:00 2001
From: xdrm-brackets <doowap31@gmail.com>
Date: Tue, 21 Feb 2017 15:16:21 +0100
Subject: [PATCH] [Upgrade] Ajout de la permission 'sats' :
 header(Authorization) = Digest {WAREHOUSE_TOKEN}{SATS_TOKEN}{SATS_NEXTTOKEN}

---
 build/api/core/AuthSystemDefault.php | 61 +++++++++++++++++----
 build/api/module/historyDefault.php  |  3 +-
 build/api/module/machineDefault.php  | 36 ++++++------
 config/modules.json                  | 82 ++++++++++++++--------------
 4 files changed, 110 insertions(+), 72 deletions(-)

diff --git a/build/api/core/AuthSystemDefault.php b/build/api/core/AuthSystemDefault.php
index a587750..e2df98c 100755
--- a/build/api/core/AuthSystemDefault.php
+++ b/build/api/core/AuthSystemDefault.php
@@ -43,15 +43,19 @@
 
 			/* (3) Gestion de AUTH en fonction des tokens
 			---------------------------------------------------------*/
-			/* (1) Double authentification */
-			if( preg_match('/^([a-f0-9]{64})([a-f0-9]{64})$/', $AUTH, $match) )
+			/* (1) Triple authentification (warehouse+SATS_token+SATS_nexttoken) */
+			if( preg_match('/^([a-f0-9]{128})([a-f0-9]{128})([a-f0-9]{128})$/', $AUTH, $match) )
+				$_SESSION['AUTH'] = [ $match[1], $match[2], $match[3] ];
+
+			/* (2) Double authentification (warehouse+admin) */
+			else if( preg_match('/^([a-f0-9]{128})([a-f0-9]{128})$/', $AUTH, $match) )
 				$_SESSION['AUTH'] = [ $match[1], $match[2] ];
 
-			/* (2) Authentification unique */
-			else if( preg_match('/^[a-f0-9]{64}$/', $AUTH, $match) )
+			/* (3) Authentification unique (warehouse) */
+			else if( preg_match('/^[a-f0-9]{128}$/', $AUTH, $match) )
 				$_SESSION['AUTH'] = [ $match[0] ];
 
-			/* (3) Aucune authentification */
+			/* (4) Aucune authentification */
 			else{
 				$_SESSION['AUTH']      = [];
 				$_SESSION['PERM']      = [];
@@ -78,14 +82,17 @@
 		*
 		*/
 		public static function deepCheck(){
+
 			/* [1] Si aucune authentification
 			=========================================================*/
 			if( self::auth() == 0 )
 				return false;
 
-			/* [2] Si authentification unique
+
+			/* [2] Si authentification unique -> WAREHOUSE
 			=========================================================*/
 			if( self::auth() >= 1 ){
+
 				$checkRoot = new Repo('warehouse/getByToken', [ $_SESSION['AUTH'][0] ]);
 
 				/* (1) Si le token n'existe pas, on retourne une erreur */
@@ -103,11 +110,14 @@
 				$getModules = new Repo('warehouse/getModules', [ $_SESSION['WAREHOUSE']['id'] ]);
 
 				$_SESSION['WAREHOUSE']['modules'] = $getModules->answer();
+
 			}
 
-			/* [3] Si authentification double
+
+			/* [3] Si authentification double -> WAREHOUSE + ADMIN
 			=========================================================*/
-			if( self::auth() >= 2 ){
+			if( self::auth() == 2 ){
+
 				$checkBranch = new Repo('admin/getByToken', [ $_SESSION['WAREHOUSE']['id'], $_SESSION['AUTH'][1] ]);
 
 				/* (1) Si le token n'existe pas, on retourne une erreur */
@@ -120,9 +130,33 @@
 					'username' => $checkBranch->answer()['username'],
 					'mail'     => $checkBranch->answer()['mail']
 				];
+
+
 			}
 
-			/* [4] Si pas d'erreur d'authentification, on retourne TRUE
+
+			/* [4] Si authentification triple -> WAREHOUSE + SATS_token + SATS_nexttoken
+			=========================================================*/
+			if( self::auth() == 3 ){
+
+
+				$checkBranch = new Repo('machine/checkToken', [ $_SESSION['WAREHOUSE']['id'], $_SESSION['AUTH'][1], $_SESSION['AUTH'][2] ]);
+
+				/* (1) Si le token n'est pas valide, on retourne une erreur */
+				if( $checkBranch->answer() == false )
+					return false;
+
+				/* (2) On met à jour les informations de l'administrateur */
+				$_SESSION['SATS'] = [
+					'id'   => (int) $checkBranch->answer()['id_machine'],
+					'name' => $checkBranch->answer()['name']
+				];
+
+
+			}
+
+
+			/* [5] Si pas d'erreur d'authentification, on retourne TRUE
 			=========================================================*/
 			return true;
 		}
@@ -157,12 +191,19 @@
 				if( in_array('admin', $expected) && self::auth() < 2 )
 					return new Error(Err::PermissionError);
 
-				/* (3) On retire 'warehouse' et 'admin' de @expected
+				/* (3) Si SATS requis, mais manquant
+				---------------------------------------------------------*/
+				if( in_array('sats', $expected) && self::auth() < 3 )
+					return new Error(Err::TokenError);
+
+				/* (4) On retire 'warehouse', 'admin' et 'sats' de @expected
 				---------------------------------------------------------*/
 				$warehouseIndex = array_search('warehouse', $expected);
 				$adminIndex     = array_search('admin',     $expected);
+				$satsIndex      = array_search('sats',      $expected);
 				if( is_int($warehouseIndex) ) unset($expected[$warehouseIndex]);
 				if( is_int($adminIndex)     ) unset($expected[$adminIndex]);
+				if( is_int($satsIndex)      ) unset($expected[$satsIndex]);
 
 
 			/* [2] Gestion des permissions
diff --git a/build/api/module/historyDefault.php b/build/api/module/historyDefault.php
index 1269812..71429fc 100755
--- a/build/api/module/historyDefault.php
+++ b/build/api/module/historyDefault.php
@@ -4,6 +4,7 @@
 	use \database\core\DatabaseDriver;
 	use \manager\sessionManager;
 	use \error\core\Error;
+	use \error\core\Err;
 	use \database\core\Repo;
 
 	class historyDefault{
@@ -37,7 +38,7 @@
 
 			// Si une erreur est retournee, on retourne une erreur
 			if( $id_entry === false )
-				return ['error' => new Error(Err::error)];
+				return ['error' => new Error(Err::ModuleError)];
 
 
 			/* [2] Gestion du retour
diff --git a/build/api/module/machineDefault.php b/build/api/module/machineDefault.php
index 056c971..e47246b 100755
--- a/build/api/module/machineDefault.php
+++ b/build/api/module/machineDefault.php
@@ -647,45 +647,43 @@
 		public function sync($params){
 			extract($params);
 
-			/* [0] Vérification du token
-			=========================================================*/
-			$checkToken = new Repo('machine/checkToken', [ $_SESSION['WAREHOUSE']['id'], $token, $renew ]);
-			$machine = $checkToken->answer();
-
-			// Si token incorrect, on envoie une erreur
-			if( $machine === false )
-				return [ 'error' => new Error(Err::TokenError) ];
-
-
-
 			/* [1] Initialisation des variables
 			=========================================================*/
-			$fetched = [ 'testdata' => [5,2,3] ];
+			$fetched = [
+				'history' => 0, // count of registered logs
+				'feature' => [] // count of registered logs for each feature
+
+			];
 
 
 			/* [2] Gestion des données reçues
 			=========================================================*/
 			/* (1) For each history entry */
-			if( isset($data['history']) && is_array($data['history']) ){
+			if( isset($data['default']) && is_array($data['default']) ){
 
 				/* (2) Create history entry in db */
-				foreach($data['history'] as $entry){
+				foreach($data['default'] as $entry){
 
 					// {1} Build request //
 					$log_req = new Request('historyDefault/create', [
-						'id_user'    => $entry[0],
-						'id_machine' => $entry[1],
+						'timestamp'  => $entry[0],
+						'id_user'    => $entry[1],
 						'id_action'  => $entry[2],
-						'timestamp'  => $entry[3]
+						'id_machine' => $_SESSION['SATS']['id']
 					]);
 
+					var_dump('req', $log_req->error->get());
 					// {2} Manage error //
 					if( $log_req->error->get() != Err::Success )
 						continue;
 
 					// {3} Process + get response //
 					$log_res = $log_req->dispatch();
+					var_dump('res', $log_res->error->get());
 
+					// {4} Register if success //
+					if( $log_res->error->get() == Err::Success )
+						$fetched['history']++;
 				}
 
 			}
@@ -698,7 +696,7 @@
 			=========================================================*/
 			/* (1) Basic working data update
 			---------------------------------------------------------*/
-			$basis_update = self::getMachineWorkingInformation($machine['id_machine']);
+			$basis_update = self::getMachineWorkingInformation($_SESSION['SATS']['id']);
 
 
 
@@ -706,7 +704,7 @@
 
 			/* [4] Envoi des données
 			=========================================================*/
-			return array_merge($basis_update, ['data' => $fetched]);
+			return array_merge($basis_update, ['saved' => $fetched]);
 
 		}
 
diff --git a/config/modules.json b/config/modules.json
index 71787bd..b4217b8 100755
--- a/config/modules.json
+++ b/config/modules.json
@@ -9,14 +9,14 @@
 
 		"POST::markdown": {
 			"description": "Retourne une description en markdown des différents modules de l'API",
-			"permissions": ["warehouse", "admin"],
+			"permissions": ["admin"],
 			"options": { "download": true },
 			"parameters": {}
 		},
 
 		"POST::apiBlueprint": {
 			"description": "Retourne une documentation de l'API au format API Blueprint.",
-			"permissions": ["warehouse", "admin"],
+			"permissions": ["admin"],
 			"options": { "download": true },
 			"parameters": {}
 		}
@@ -88,7 +88,7 @@
 
 		"POST::create": {
 			"description": "Création d'un nouvel utilisateur.",
-			"permissions": ["warehouse", "admin"],
+			"permissions": ["admin"],
 			"parameters": {
 				"code":      { "description": "Code RFID de l'utilisateur.",    "type": "rfid"                       },
 				"username":  { "description": "Identifiant de l'utilisateur.",  "type": "varchar(1,30,alphanumeric)" },
@@ -103,7 +103,7 @@
 
 		"POST::link": {
 			"description": "Ajout d'un utilisateur à un groupe.",
-			"permissions": ["warehouse", "admin"],
+			"permissions": ["admin"],
 			"parameters": {
 				"id_cluster": { "description": "UID du groupe auquel rattacher.",   "type": "id" },
 				"id_user":    { "description": "UID de l'utilisateur à rattacher.", "type": "id" }
@@ -114,7 +114,7 @@
 
 		"POST::unlink": {
 			"description": "Retrait d'un utilisateur d'un groupe",
-			"permissions": ["warehouse", "admin"],
+			"permissions": ["admin"],
 			"parameters": {
 				"id_cluster": { "description": "UID du groupe auquel détacher.",   "type": "id" },
 				"id_user":    { "description": "UID de l'utilisateur à détacher.", "type": "id" }
@@ -124,7 +124,7 @@
 
 		"POST::search": {
 			"description": "Recherche d'un utilisateur par mots-clés.",
-			"permissions": ["warehouse", "admin"],
+			"permissions": ["admin"],
 			"parameters": {
 				"keywords": { "description": "Mots-clés de la recherche.", "type": "text" }
 			},
@@ -135,7 +135,7 @@
 
 		"POST::getAll": {
 			"description": "Liste de tous les utilisateurs",
-			"permissions": ["warehouse", "admin"],
+			"permissions": ["admin"],
 			"parameters": {},
 			"output": {
 				"users": { "description": "Liste de tous les utilisateurs.", "type": "array<array<mixed>>" }
@@ -144,7 +144,7 @@
 
 		"POST::getById": {
 			"description": "Retourne un utilisateur spécifique.",
-			"permissions": ["warehouse", "admin"],
+			"permissions": ["admin"],
 			"parameters": {
 				"id_user": { "description": "UID de l'utilisateur.", "type": "id" }
 			},
@@ -155,7 +155,7 @@
 
 		"POST::getByCode": {
 			"description": "Retourne un utilisateur de Code RFID donné.",
-			"permissions": ["warehouse", "admin"],
+			"permissions": ["admin"],
 			"parameters": {
 				"code": { "description": "Code RFID de l'utilisateur.", "type": "rfid" }
 			},
@@ -166,7 +166,7 @@
 
 		"POST::getByUsername": {
 			"description": "Retourne un utilisateur d'identifiant donné.",
-			"permissions": ["warehouse", "admin"],
+			"permissions": ["admin"],
 			"parameters": {
 				"username": { "description": "Identifiant de l'utilisateur.", "type": "varchar(1,30,alphanumeric)" }
 			},
@@ -177,7 +177,7 @@
 
 		"POST::getClusters": {
 			"description": "Retourne les groupes d'un utilisateur.",
-			"permissions": ["warehouse", "admin"],
+			"permissions": ["admin"],
 			"parameters": {
 				"id_user": { "description": "UID de l'utilisateur.", "type": "id" }
 			},
@@ -188,7 +188,7 @@
 
 		"POST::edit": {
 			"description": "Modifie les attributs d'un utilisateur.",
-			"permissions": ["warehouse", "admin"],
+			"permissions": ["admin"],
 			"parameters": {
 				"id_user":   { "description": "UID de l'utilisateur.",          "type": "id"                                           },
 				"code":      { "description": "Code RFID de l'utilisateur.",    "type": "rfid",                       "optional": true },
@@ -207,7 +207,7 @@
 
 		"POST::delete": {
 			"description": "Suppression d'un utilisateur.",
-			"permissions": ["warehouse", "admin"],
+			"permissions": ["admin"],
 			"parameters": {
 				"id_user": { "description": "UID de l'utilisateur.", "type": "id" }
 			},
@@ -223,11 +223,9 @@
 
 		"POST::sync": {
 			"description": "Synchronisation d'une machine.",
-			"permissions": ["warehouse"],
+			"permissions": ["warehouse", "sats"],
 			"parameters": {
-				"token": { "description": "Code d'accès évolutif dynamique.", "type": "hash"                          },
-				"data":  { "description": "Données (dépendent des modules).", "type": "array<mixed>"                  },
-				"renew": { "description": "Nouveau code d'accès.",            "type": "hash",        "optional": true }
+				"data":  { "description": "Données (dépendent des modules).", "type": "array<mixed>" }
 			},
 			"output": {
 				"data": { "description": "Données (dépendent des modules).", "type": "array<mixed>" }
@@ -249,7 +247,7 @@
 
 		"POST::create": {
 			"description": "Création d'une nouvelle machine.",
-			"permissions": ["warehouse", "admin"],
+			"permissions": ["admin"],
 			"parameters": {
 				"name": { "description": "Nom de la machine.",       "type": "varchar(1,30,letters)" }
 			},
@@ -260,7 +258,7 @@
 
 		"POST::link": {
 			"description": "Ajout d'une machine à un groupe.",
-			"permissions": ["warehouse", "admin"],
+			"permissions": ["admin"],
 			"parameters": {
 				"id_machine": { "description": "UID de la machine.",           "type": "id" },
 				"id_cluster": { "description": "UID du groupe de la machine.", "type": "id" }
@@ -270,7 +268,7 @@
 
 		"POST::unlink": {
 			"description": "Retrait d'une machine d'un groupe.",
-			"permissions": ["warehouse", "admin"],
+			"permissions": ["admin"],
 			"parameters": {
 				"id_machine": { "description": "UID de la machine.",           "type": "id" },
 				"id_cluster": { "description": "UID du groupe de la machine.", "type": "id" }
@@ -280,7 +278,7 @@
 
 		"POST::search": {
 			"description": "Recherche une machine par mots-clés.",
-			"permissions": ["warehouse", "admin"],
+			"permissions": ["admin"],
 			"parameters": {
 				"keywords": { "description": "Mots-clés de recherche de machine", "type": "text" }
 			},
@@ -291,7 +289,7 @@
 
 		"POST::getAll": {
 			"description": "Retourne la liste de toutes les machines.",
-			"permissions": ["warehouse", "admin"],
+			"permissions": ["admin"],
 			"parameters": {},
 			"output": {
 				"machines": { "description": "Liste de toutes les machines.", "type": "array<array<mixed>>" }
@@ -300,7 +298,7 @@
 
 		"POST::getById": {
 			"description": "Retourne les données d'une machine.",
-			"permissions": ["warehouse", "admin"],
+			"permissions": ["admin"],
 			"parameters": {
 				"id_machine": { "description": "UID de la machine.", "type": "id" }
 			},
@@ -311,7 +309,7 @@
 
 		"POST::getByName": {
 			"description": "Retourne les données d'une machine de nom donné.",
-			"permissions": ["warehouse", "admin"],
+			"permissions": ["admin"],
 			"parameters": {
 				"name": { "description": "Nom de la machine.", "type": "varchar(1,30,letters)" }
 			},
@@ -322,7 +320,7 @@
 
 		"POST::getClusters": {
 			"description": "Retourne les groupes d'une machine.",
-			"permissions": ["warehouse", "admin"],
+			"permissions": ["admin"],
 			"parameters": {
 				"id_machine": { "description": "UID de la machine.", "type": "id" }
 			},
@@ -333,7 +331,7 @@
 
 		"POST::edit": {
 			"description": "Modifie les attributs d'une machine.",
-			"permissions": ["warehouse", "admin"],
+			"permissions": ["admin"],
 			"parameters": {
 				"id_machine": { "description": "UID de la machine.",       "type": "id"                                            },
 				"name":       { "description": "Nom de la machine.",       "type": "varchar(1,30,letters)", "optional": true  }
@@ -343,7 +341,7 @@
 
 		"POST::delete": {
 			"description": "Supprime une machine.",
-			"permissions": ["warehouse", "admin"],
+			"permissions": ["admin"],
 			"parameters": {
 				"id_machine": { "description": "UID de la machine.", "type": "id" }
 			},
@@ -354,7 +352,7 @@
 
 		"POST::getState": {
 			"description": "Retourne l'état d'une machine.",
-			"permissions": ["warehouse", "admin"],
+			"permissions": ["admin"],
 			"parameters": {
 				"id_machine": { "description": "UID de la machine", "type": "id" }
 			},
@@ -370,7 +368,7 @@
 
 		"POST::create": {
 			"description": "Création d'un nouveau groupe.",
-			"permissions": ["warehouse", "admin"],
+			"permissions": ["admin"],
 			"parameters": {
 				"name":  { "description": "Nom du groupe.",  "type": "varchar(1,30,letters)" },
 				"class": { "description": "Type de groupe.", "type": "id"                         }
@@ -382,7 +380,7 @@
 
 		"POST::search": {
 			"description": "Recherche d'un groupe par mots-clés.",
-			"permissions": ["warehouse", "admin"],
+			"permissions": ["admin"],
 			"parameters": {
 				"keywords": { "description": "Mots-clés de la recherche.", "type": "text"                  },
 				"class":    { "description": "Type de groupe.",            "type": "id",  "optional": true }
@@ -394,7 +392,7 @@
 
 		"POST::getAll": {
 			"description": "Liste de tous les groupes",
-			"permissions": ["warehouse", "admin"],
+			"permissions": ["admin"],
 			"parameters": {
 				"class": { "description": "Type de groupe.", "type": "id"                   }
 			},
@@ -405,7 +403,7 @@
 
 		"POST::getById": {
 			"description": "Retourne un groupe spécifique.",
-			"permissions": ["warehouse", "admin"],
+			"permissions": ["admin"],
 			"parameters": {
 				"id_cluster": { "description": "UID du groupe.", "type": "id" },
 				"class":      { "description": "Type de groupe.", "type": "id" }
@@ -417,7 +415,7 @@
 
 		"POST::getByName": {
 			"description": "Retourne un groupe de nom donné.",
-			"permissions": ["warehouse", "admin"],
+			"permissions": ["admin"],
 			"parameters": {
 				"name":  { "description": "Nom du groupe.",  "type": "varchar(1,30,letters)" },
 				"class": { "description": "Type de groupe.", "type": "id"                         }
@@ -429,7 +427,7 @@
 
 		"POST::getMembers": {
 			"description": "Retourne les membres d'un groupe.",
-			"permissions": ["warehouse", "admin"],
+			"permissions": ["admin"],
 			"parameters": {
 				"id_cluster": { "description": "UID du groupe.", "type": "id"  },
 				"class":      { "description": "Type de groupe.", "type": "id" }
@@ -441,7 +439,7 @@
 
 		"POST::edit": {
 			"description": "Modifie le nom d'un groupe.",
-			"permissions": ["warehouse", "admin"],
+			"permissions": ["admin"],
 			"parameters": {
 				"id_cluster":   { "description": "UID du groupe.",  "type": "id"                         },
 				"class":        { "description": "Type de groupe.", "type": "id"                         },
@@ -454,7 +452,7 @@
 
 		"POST::delete": {
 			"description": "Suppression d'un groupe.",
-			"permissions": ["warehouse", "admin"],
+			"permissions": ["admin"],
 			"parameters": {
 				"id_cluster": { "description": "UID du groupe.",  "type": "id" },
 				"class":      { "description": "Type de groupe.", "type": "id" }
@@ -466,7 +464,7 @@
 
 		"POST::addPermission": {
 			"description": "Ajout d'une permission",
-			"permissions": ["warehouse", "admin"],
+			"permissions": ["admin"],
 			"parameters": {
 				"id_source": { "description": "Groupe d'utilisateur source.", "type": "id" },
 				"id_target": { "description": "Groupe de machine cible.", "type": "id" },
@@ -477,7 +475,7 @@
 
 		"POST::remPermission": {
 			"description": "Suppression d'une permission",
-			"permissions": ["warehouse", "admin"],
+			"permissions": ["admin"],
 			"parameters": {
 				"id_source": { "description": "Groupe d'utilisateur source.", "type": "id" },
 				"id_target": { "description": "Groupe de machine cible.", "type": "id" },
@@ -488,7 +486,7 @@
 
 		"POST::getPermissions": {
 			"description": "Retourne la liste des permissions",
-			"permissions": ["warehouse","admin"],
+			"permissions": ["admin"],
 			"parameters": {},
 			"output": {
 				"permissions": { "description": "Liste des permissions", "type": "array" }
@@ -497,7 +495,7 @@
 
 		"POST::getAuthenticatedClusters": {
 			"description": "Retourne les groupes d'utilisateurs ayant une action sur un groupe de machine.",
-			"permissions": ["warehouse","admin"],
+			"permissions": ["admin"],
 			"parameters": {
 				"id_target": { "description": "Groupe de machine cible.", "type": "id" },
 				"id_action": { "description": "Action en question.", "type": "id" }
@@ -512,7 +510,7 @@
 	"historyDefault": {
 		"POST::create": {
 			"description": "Retourne l'historique complet",
-			"permissions": ["warehouse", "admin"],
+			"permissions": ["admin", "sats"],
 			"parameters": {
 				"id_machine": { "description": "Machine UID", "type": "id" },
 				"id_user": { "description": "User UID", "type": "id" },
@@ -523,7 +521,7 @@
 		},
 		"POST::getAll": {
 			"description": "Retourne l'historique complet",
-			"permissions": ["warehouse", "admin"],
+			"permissions": ["admin"],
 			"parameters": {},
 			"output": {
 				"history": { "description": "Données de l'historique", "type": "array" }