Properly handle external and basic authentication methods for REST web services.

git-svn-id: http://svn.code.sf.net/p/itop/code/trunk@3170 a333f486-631f-4898-b8df-5754b55c2be0

application/loginwebpage.class.inc.php

@@ -33,6 +33,7 @@ class LoginWebPage extends NiceWebPage
 {
 	const EXIT_PROMPT = 0;
 	const EXIT_HTTP_401 = 1;
+	const EXIT_RETURN_FALSE = 2;
 
 	protected static $sHandlerClass = __class__;
 	public static function RegisterHandler($sClass)
@@ -561,11 +562,17 @@ EOF
 				{
 					$sLoginMode = $aAllowedLoginTypes[0]; // First in the list...
 				}
-				if ($iOnExit == self::EXIT_HTTP_401)
+				if (($iOnExit == self::EXIT_HTTP_401) || ($sLoginMode == 'basic'))
 				{
-					header("HTTP/1.0 401 Unauthorized");
+					header('WWW-Authenticate: Basic realm="'.Dict::Format('UI:iTopVersion:Short', ITOP_VERSION));
+					header('HTTP/1.0 401 Unauthorized');
+					header('Content-type: text/html; charset=iso-8859-1');
 					exit;
 				}
+				else if($iOnExit == self::EXIT_RETURN_FALSE)
+				{
+					return false;
+				}
 				else
 				{
 					$oPage = self::NewLoginWebPage();
@@ -580,11 +587,17 @@ EOF
 				{
 					//echo "Check Credentials returned false for user $sAuthUser!";
 					self::ResetSession();
-					if ($iOnExit == self::EXIT_HTTP_401)
+					if (($iOnExit == self::EXIT_HTTP_401))
 					{
-						header("HTTP/1.0 401 Unauthorized");
+						header('WWW-Authenticate: Basic realm="'.Dict::Format('UI:iTopVersion:Short', ITOP_VERSION));
+						header('HTTP/1.0 401 Unauthorized');
+						header('Content-type: text/html; charset=iso-8859-1');
 						exit;
 					}
+					else if($iOnExit == self::EXIT_RETURN_FALSE)
+					{
+						return false;
+					}
 					else
 					{
 						$oPage = self::NewLoginWebPage();
@@ -612,6 +625,7 @@ EOF
 				}
 			}
 		}
+		return true;
 	}
 	
 	/**
@@ -718,7 +732,7 @@ EOF
 			$sMessage = Dict::S('UI:Login:PasswordChanged');
 		}
 		
-		self::Login($iOnExit);
+		$bRet = self::Login($iOnExit);
 
 		if ($bMustBeAdmin && !UserRights::IsAdministrator())
 		{	
@@ -730,6 +744,13 @@ EOF
 			exit;
 		}
 		call_user_func(array(self::$sHandlerClass, 'ChangeLocation'), $bIsAllowedToPortalUsers);
-		return $sMessage;
+		if ($iOnExit == self::EXIT_RETURN_FALSE)
+		{
+			return $bRet;
+		}
+		else
+		{
+			return $sMessage;
+		}
 	}	
 } // End of class

webservices/rest.php

@@ -61,6 +61,7 @@
 if (!defined('__DIR__')) define('__DIR__', dirname(__FILE__));
 require_once(__DIR__.'/../approot.inc.php');
 require_once(APPROOT.'/application/application.inc.php');
+require_once(APPROOT.'/application/loginwebpage.class.inc.php');
 require_once(APPROOT.'/application/ajaxwebpage.class.inc.php');
 require_once(APPROOT.'/application/startup.inc.php');
 
@@ -95,23 +96,26 @@ try
 {
 	utils::UseParamFile();
 
-	$sAuthUser = utils::ReadParam('auth_user', null, false, 'raw_data');
-	if ($sAuthUser === null)
+	if (!LoginWebPage::DoLogin(false, false, LoginWebPage::EXIT_RETURN_FALSE))
 	{
-		throw new Exception("Missing parameter 'auth_user'", RestResult::MISSING_AUTH_USER);
-	}
-	$sAuthPwd = utils::ReadParam('auth_pwd', null, false, 'raw_data');
-	if ($sAuthPwd === null)
-	{
-		throw new Exception("Missing parameter 'auth_pwd'", RestResult::MISSING_AUTH_PWD);
-	}
-	if (UserRights::CheckCredentials($sAuthUser, $sAuthPwd))
-	{
-		UserRights::Login($sAuthUser); // Login & set the user's language
-	}
-	else
-	{
-		throw new Exception("Invalid login '$sAuthUser'", RestResult::UNAUTHORIZED);
+		$sAuthUser = utils::ReadParam('auth_user', null, false, 'raw_data');
+		if ($sAuthUser === null)
+		{
+			throw new Exception("Missing parameter 'auth_user'", RestResult::MISSING_AUTH_USER);
+		}
+		$sAuthPwd = utils::ReadParam('auth_pwd', null, false, 'raw_data');
+		if ($sAuthPwd === null)
+		{
+			throw new Exception("Missing parameter 'auth_pwd'", RestResult::MISSING_AUTH_PWD);
+		}
+		if (UserRights::CheckCredentials($sAuthUser, $sAuthPwd))
+		{
+			UserRights::Login($sAuthUser); // Login & set the user's language
+		}
+		else
+		{
+			throw new Exception("Invalid login '$sAuthUser'", RestResult::UNAUTHORIZED);
+		}
 	}
 
 	$sVersion = utils::ReadParam('version', null, false, 'raw_data');