[Upgrade] Ajout de la permission 'sats' : header(Authorization) = Digest {WAREHOUSE_TOKEN}{SATS_TOKEN}{SATS_NEXTTOKEN}

This commit is contained in:
xdrm-brackets 2017-02-21 15:16:21 +01:00
parent af0985735b
commit a7d8530ec7
4 changed files with 110 additions and 72 deletions

View File

@ -43,15 +43,19 @@
/* (3) Gestion de AUTH en fonction des tokens
---------------------------------------------------------*/
/* (1) Double authentification */
if( preg_match('/^([a-f0-9]{64})([a-f0-9]{64})$/', $AUTH, $match) )
/* (1) Triple authentification (warehouse+SATS_token+SATS_nexttoken) */
if( preg_match('/^([a-f0-9]{128})([a-f0-9]{128})([a-f0-9]{128})$/', $AUTH, $match) )
$_SESSION['AUTH'] = [ $match[1], $match[2], $match[3] ];
/* (2) Double authentification (warehouse+admin) */
else if( preg_match('/^([a-f0-9]{128})([a-f0-9]{128})$/', $AUTH, $match) )
$_SESSION['AUTH'] = [ $match[1], $match[2] ];
/* (2) Authentification unique */
else if( preg_match('/^[a-f0-9]{64}$/', $AUTH, $match) )
/* (3) Authentification unique (warehouse) */
else if( preg_match('/^[a-f0-9]{128}$/', $AUTH, $match) )
$_SESSION['AUTH'] = [ $match[0] ];
/* (3) Aucune authentification */
/* (4) Aucune authentification */
else{
$_SESSION['AUTH'] = [];
$_SESSION['PERM'] = [];
@ -78,14 +82,17 @@
*
*/
public static function deepCheck(){
/* [1] Si aucune authentification
=========================================================*/
if( self::auth() == 0 )
return false;
/* [2] Si authentification unique
/* [2] Si authentification unique -> WAREHOUSE
=========================================================*/
if( self::auth() >= 1 ){
$checkRoot = new Repo('warehouse/getByToken', [ $_SESSION['AUTH'][0] ]);
/* (1) Si le token n'existe pas, on retourne une erreur */
@ -103,11 +110,14 @@
$getModules = new Repo('warehouse/getModules', [ $_SESSION['WAREHOUSE']['id'] ]);
$_SESSION['WAREHOUSE']['modules'] = $getModules->answer();
}
/* [3] Si authentification double
/* [3] Si authentification double -> WAREHOUSE + ADMIN
=========================================================*/
if( self::auth() >= 2 ){
if( self::auth() == 2 ){
$checkBranch = new Repo('admin/getByToken', [ $_SESSION['WAREHOUSE']['id'], $_SESSION['AUTH'][1] ]);
/* (1) Si le token n'existe pas, on retourne une erreur */
@ -120,9 +130,33 @@
'username' => $checkBranch->answer()['username'],
'mail' => $checkBranch->answer()['mail']
];
}
/* [4] Si pas d'erreur d'authentification, on retourne TRUE
/* [4] Si authentification triple -> WAREHOUSE + SATS_token + SATS_nexttoken
=========================================================*/
if( self::auth() == 3 ){
$checkBranch = new Repo('machine/checkToken', [ $_SESSION['WAREHOUSE']['id'], $_SESSION['AUTH'][1], $_SESSION['AUTH'][2] ]);
/* (1) Si le token n'est pas valide, on retourne une erreur */
if( $checkBranch->answer() == false )
return false;
/* (2) On met à jour les informations de l'administrateur */
$_SESSION['SATS'] = [
'id' => (int) $checkBranch->answer()['id_machine'],
'name' => $checkBranch->answer()['name']
];
}
/* [5] Si pas d'erreur d'authentification, on retourne TRUE
=========================================================*/
return true;
}
@ -157,12 +191,19 @@
if( in_array('admin', $expected) && self::auth() < 2 )
return new Error(Err::PermissionError);
/* (3) On retire 'warehouse' et 'admin' de @expected
/* (3) Si SATS requis, mais manquant
---------------------------------------------------------*/
if( in_array('sats', $expected) && self::auth() < 3 )
return new Error(Err::TokenError);
/* (4) On retire 'warehouse', 'admin' et 'sats' de @expected
---------------------------------------------------------*/
$warehouseIndex = array_search('warehouse', $expected);
$adminIndex = array_search('admin', $expected);
$satsIndex = array_search('sats', $expected);
if( is_int($warehouseIndex) ) unset($expected[$warehouseIndex]);
if( is_int($adminIndex) ) unset($expected[$adminIndex]);
if( is_int($satsIndex) ) unset($expected[$satsIndex]);
/* [2] Gestion des permissions

View File

@ -4,6 +4,7 @@
use \database\core\DatabaseDriver;
use \manager\sessionManager;
use \error\core\Error;
use \error\core\Err;
use \database\core\Repo;
class historyDefault{
@ -37,7 +38,7 @@
// Si une erreur est retournee, on retourne une erreur
if( $id_entry === false )
return ['error' => new Error(Err::error)];
return ['error' => new Error(Err::ModuleError)];
/* [2] Gestion du retour

View File

@ -647,45 +647,43 @@
public function sync($params){
extract($params);
/* [0] Vérification du token
=========================================================*/
$checkToken = new Repo('machine/checkToken', [ $_SESSION['WAREHOUSE']['id'], $token, $renew ]);
$machine = $checkToken->answer();
// Si token incorrect, on envoie une erreur
if( $machine === false )
return [ 'error' => new Error(Err::TokenError) ];
/* [1] Initialisation des variables
=========================================================*/
$fetched = [ 'testdata' => [5,2,3] ];
$fetched = [
'history' => 0, // count of registered logs
'feature' => [] // count of registered logs for each feature
];
/* [2] Gestion des données reçues
=========================================================*/
/* (1) For each history entry */
if( isset($data['history']) && is_array($data['history']) ){
if( isset($data['default']) && is_array($data['default']) ){
/* (2) Create history entry in db */
foreach($data['history'] as $entry){
foreach($data['default'] as $entry){
// {1} Build request //
$log_req = new Request('historyDefault/create', [
'id_user' => $entry[0],
'id_machine' => $entry[1],
'timestamp' => $entry[0],
'id_user' => $entry[1],
'id_action' => $entry[2],
'timestamp' => $entry[3]
'id_machine' => $_SESSION['SATS']['id']
]);
var_dump('req', $log_req->error->get());
// {2} Manage error //
if( $log_req->error->get() != Err::Success )
continue;
// {3} Process + get response //
$log_res = $log_req->dispatch();
var_dump('res', $log_res->error->get());
// {4} Register if success //
if( $log_res->error->get() == Err::Success )
$fetched['history']++;
}
}
@ -698,7 +696,7 @@
=========================================================*/
/* (1) Basic working data update
---------------------------------------------------------*/
$basis_update = self::getMachineWorkingInformation($machine['id_machine']);
$basis_update = self::getMachineWorkingInformation($_SESSION['SATS']['id']);
@ -706,7 +704,7 @@
/* [4] Envoi des données
=========================================================*/
return array_merge($basis_update, ['data' => $fetched]);
return array_merge($basis_update, ['saved' => $fetched]);
}

View File

@ -9,14 +9,14 @@
"POST::markdown": {
"description": "Retourne une description en markdown des différents modules de l'API",
"permissions": ["warehouse", "admin"],
"permissions": ["admin"],
"options": { "download": true },
"parameters": {}
},
"POST::apiBlueprint": {
"description": "Retourne une documentation de l'API au format API Blueprint.",
"permissions": ["warehouse", "admin"],
"permissions": ["admin"],
"options": { "download": true },
"parameters": {}
}
@ -88,7 +88,7 @@
"POST::create": {
"description": "Création d'un nouvel utilisateur.",
"permissions": ["warehouse", "admin"],
"permissions": ["admin"],
"parameters": {
"code": { "description": "Code RFID de l'utilisateur.", "type": "rfid" },
"username": { "description": "Identifiant de l'utilisateur.", "type": "varchar(1,30,alphanumeric)" },
@ -103,7 +103,7 @@
"POST::link": {
"description": "Ajout d'un utilisateur à un groupe.",
"permissions": ["warehouse", "admin"],
"permissions": ["admin"],
"parameters": {
"id_cluster": { "description": "UID du groupe auquel rattacher.", "type": "id" },
"id_user": { "description": "UID de l'utilisateur à rattacher.", "type": "id" }
@ -114,7 +114,7 @@
"POST::unlink": {
"description": "Retrait d'un utilisateur d'un groupe",
"permissions": ["warehouse", "admin"],
"permissions": ["admin"],
"parameters": {
"id_cluster": { "description": "UID du groupe auquel détacher.", "type": "id" },
"id_user": { "description": "UID de l'utilisateur à détacher.", "type": "id" }
@ -124,7 +124,7 @@
"POST::search": {
"description": "Recherche d'un utilisateur par mots-clés.",
"permissions": ["warehouse", "admin"],
"permissions": ["admin"],
"parameters": {
"keywords": { "description": "Mots-clés de la recherche.", "type": "text" }
},
@ -135,7 +135,7 @@
"POST::getAll": {
"description": "Liste de tous les utilisateurs",
"permissions": ["warehouse", "admin"],
"permissions": ["admin"],
"parameters": {},
"output": {
"users": { "description": "Liste de tous les utilisateurs.", "type": "array<array<mixed>>" }
@ -144,7 +144,7 @@
"POST::getById": {
"description": "Retourne un utilisateur spécifique.",
"permissions": ["warehouse", "admin"],
"permissions": ["admin"],
"parameters": {
"id_user": { "description": "UID de l'utilisateur.", "type": "id" }
},
@ -155,7 +155,7 @@
"POST::getByCode": {
"description": "Retourne un utilisateur de Code RFID donné.",
"permissions": ["warehouse", "admin"],
"permissions": ["admin"],
"parameters": {
"code": { "description": "Code RFID de l'utilisateur.", "type": "rfid" }
},
@ -166,7 +166,7 @@
"POST::getByUsername": {
"description": "Retourne un utilisateur d'identifiant donné.",
"permissions": ["warehouse", "admin"],
"permissions": ["admin"],
"parameters": {
"username": { "description": "Identifiant de l'utilisateur.", "type": "varchar(1,30,alphanumeric)" }
},
@ -177,7 +177,7 @@
"POST::getClusters": {
"description": "Retourne les groupes d'un utilisateur.",
"permissions": ["warehouse", "admin"],
"permissions": ["admin"],
"parameters": {
"id_user": { "description": "UID de l'utilisateur.", "type": "id" }
},
@ -188,7 +188,7 @@
"POST::edit": {
"description": "Modifie les attributs d'un utilisateur.",
"permissions": ["warehouse", "admin"],
"permissions": ["admin"],
"parameters": {
"id_user": { "description": "UID de l'utilisateur.", "type": "id" },
"code": { "description": "Code RFID de l'utilisateur.", "type": "rfid", "optional": true },
@ -207,7 +207,7 @@
"POST::delete": {
"description": "Suppression d'un utilisateur.",
"permissions": ["warehouse", "admin"],
"permissions": ["admin"],
"parameters": {
"id_user": { "description": "UID de l'utilisateur.", "type": "id" }
},
@ -223,11 +223,9 @@
"POST::sync": {
"description": "Synchronisation d'une machine.",
"permissions": ["warehouse"],
"permissions": ["warehouse", "sats"],
"parameters": {
"token": { "description": "Code d'accès évolutif dynamique.", "type": "hash" },
"data": { "description": "Données (dépendent des modules).", "type": "array<mixed>" },
"renew": { "description": "Nouveau code d'accès.", "type": "hash", "optional": true }
"data": { "description": "Données (dépendent des modules).", "type": "array<mixed>" }
},
"output": {
"data": { "description": "Données (dépendent des modules).", "type": "array<mixed>" }
@ -249,7 +247,7 @@
"POST::create": {
"description": "Création d'une nouvelle machine.",
"permissions": ["warehouse", "admin"],
"permissions": ["admin"],
"parameters": {
"name": { "description": "Nom de la machine.", "type": "varchar(1,30,letters)" }
},
@ -260,7 +258,7 @@
"POST::link": {
"description": "Ajout d'une machine à un groupe.",
"permissions": ["warehouse", "admin"],
"permissions": ["admin"],
"parameters": {
"id_machine": { "description": "UID de la machine.", "type": "id" },
"id_cluster": { "description": "UID du groupe de la machine.", "type": "id" }
@ -270,7 +268,7 @@
"POST::unlink": {
"description": "Retrait d'une machine d'un groupe.",
"permissions": ["warehouse", "admin"],
"permissions": ["admin"],
"parameters": {
"id_machine": { "description": "UID de la machine.", "type": "id" },
"id_cluster": { "description": "UID du groupe de la machine.", "type": "id" }
@ -280,7 +278,7 @@
"POST::search": {
"description": "Recherche une machine par mots-clés.",
"permissions": ["warehouse", "admin"],
"permissions": ["admin"],
"parameters": {
"keywords": { "description": "Mots-clés de recherche de machine", "type": "text" }
},
@ -291,7 +289,7 @@
"POST::getAll": {
"description": "Retourne la liste de toutes les machines.",
"permissions": ["warehouse", "admin"],
"permissions": ["admin"],
"parameters": {},
"output": {
"machines": { "description": "Liste de toutes les machines.", "type": "array<array<mixed>>" }
@ -300,7 +298,7 @@
"POST::getById": {
"description": "Retourne les données d'une machine.",
"permissions": ["warehouse", "admin"],
"permissions": ["admin"],
"parameters": {
"id_machine": { "description": "UID de la machine.", "type": "id" }
},
@ -311,7 +309,7 @@
"POST::getByName": {
"description": "Retourne les données d'une machine de nom donné.",
"permissions": ["warehouse", "admin"],
"permissions": ["admin"],
"parameters": {
"name": { "description": "Nom de la machine.", "type": "varchar(1,30,letters)" }
},
@ -322,7 +320,7 @@
"POST::getClusters": {
"description": "Retourne les groupes d'une machine.",
"permissions": ["warehouse", "admin"],
"permissions": ["admin"],
"parameters": {
"id_machine": { "description": "UID de la machine.", "type": "id" }
},
@ -333,7 +331,7 @@
"POST::edit": {
"description": "Modifie les attributs d'une machine.",
"permissions": ["warehouse", "admin"],
"permissions": ["admin"],
"parameters": {
"id_machine": { "description": "UID de la machine.", "type": "id" },
"name": { "description": "Nom de la machine.", "type": "varchar(1,30,letters)", "optional": true }
@ -343,7 +341,7 @@
"POST::delete": {
"description": "Supprime une machine.",
"permissions": ["warehouse", "admin"],
"permissions": ["admin"],
"parameters": {
"id_machine": { "description": "UID de la machine.", "type": "id" }
},
@ -354,7 +352,7 @@
"POST::getState": {
"description": "Retourne l'état d'une machine.",
"permissions": ["warehouse", "admin"],
"permissions": ["admin"],
"parameters": {
"id_machine": { "description": "UID de la machine", "type": "id" }
},
@ -370,7 +368,7 @@
"POST::create": {
"description": "Création d'un nouveau groupe.",
"permissions": ["warehouse", "admin"],
"permissions": ["admin"],
"parameters": {
"name": { "description": "Nom du groupe.", "type": "varchar(1,30,letters)" },
"class": { "description": "Type de groupe.", "type": "id" }
@ -382,7 +380,7 @@
"POST::search": {
"description": "Recherche d'un groupe par mots-clés.",
"permissions": ["warehouse", "admin"],
"permissions": ["admin"],
"parameters": {
"keywords": { "description": "Mots-clés de la recherche.", "type": "text" },
"class": { "description": "Type de groupe.", "type": "id", "optional": true }
@ -394,7 +392,7 @@
"POST::getAll": {
"description": "Liste de tous les groupes",
"permissions": ["warehouse", "admin"],
"permissions": ["admin"],
"parameters": {
"class": { "description": "Type de groupe.", "type": "id" }
},
@ -405,7 +403,7 @@
"POST::getById": {
"description": "Retourne un groupe spécifique.",
"permissions": ["warehouse", "admin"],
"permissions": ["admin"],
"parameters": {
"id_cluster": { "description": "UID du groupe.", "type": "id" },
"class": { "description": "Type de groupe.", "type": "id" }
@ -417,7 +415,7 @@
"POST::getByName": {
"description": "Retourne un groupe de nom donné.",
"permissions": ["warehouse", "admin"],
"permissions": ["admin"],
"parameters": {
"name": { "description": "Nom du groupe.", "type": "varchar(1,30,letters)" },
"class": { "description": "Type de groupe.", "type": "id" }
@ -429,7 +427,7 @@
"POST::getMembers": {
"description": "Retourne les membres d'un groupe.",
"permissions": ["warehouse", "admin"],
"permissions": ["admin"],
"parameters": {
"id_cluster": { "description": "UID du groupe.", "type": "id" },
"class": { "description": "Type de groupe.", "type": "id" }
@ -441,7 +439,7 @@
"POST::edit": {
"description": "Modifie le nom d'un groupe.",
"permissions": ["warehouse", "admin"],
"permissions": ["admin"],
"parameters": {
"id_cluster": { "description": "UID du groupe.", "type": "id" },
"class": { "description": "Type de groupe.", "type": "id" },
@ -454,7 +452,7 @@
"POST::delete": {
"description": "Suppression d'un groupe.",
"permissions": ["warehouse", "admin"],
"permissions": ["admin"],
"parameters": {
"id_cluster": { "description": "UID du groupe.", "type": "id" },
"class": { "description": "Type de groupe.", "type": "id" }
@ -466,7 +464,7 @@
"POST::addPermission": {
"description": "Ajout d'une permission",
"permissions": ["warehouse", "admin"],
"permissions": ["admin"],
"parameters": {
"id_source": { "description": "Groupe d'utilisateur source.", "type": "id" },
"id_target": { "description": "Groupe de machine cible.", "type": "id" },
@ -477,7 +475,7 @@
"POST::remPermission": {
"description": "Suppression d'une permission",
"permissions": ["warehouse", "admin"],
"permissions": ["admin"],
"parameters": {
"id_source": { "description": "Groupe d'utilisateur source.", "type": "id" },
"id_target": { "description": "Groupe de machine cible.", "type": "id" },
@ -488,7 +486,7 @@
"POST::getPermissions": {
"description": "Retourne la liste des permissions",
"permissions": ["warehouse","admin"],
"permissions": ["admin"],
"parameters": {},
"output": {
"permissions": { "description": "Liste des permissions", "type": "array" }
@ -497,7 +495,7 @@
"POST::getAuthenticatedClusters": {
"description": "Retourne les groupes d'utilisateurs ayant une action sur un groupe de machine.",
"permissions": ["warehouse","admin"],
"permissions": ["admin"],
"parameters": {
"id_target": { "description": "Groupe de machine cible.", "type": "id" },
"id_action": { "description": "Action en question.", "type": "id" }
@ -512,7 +510,7 @@
"historyDefault": {
"POST::create": {
"description": "Retourne l'historique complet",
"permissions": ["warehouse", "admin"],
"permissions": ["admin", "sats"],
"parameters": {
"id_machine": { "description": "Machine UID", "type": "id" },
"id_user": { "description": "User UID", "type": "id" },
@ -523,7 +521,7 @@
},
"POST::getAll": {
"description": "Retourne l'historique complet",
"permissions": ["warehouse", "admin"],
"permissions": ["admin"],
"parameters": {},
"output": {
"history": { "description": "Données de l'historique", "type": "array" }