search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
dump db version
[openemr.git] / rest_controllers / AuthRestController.php
blobccb28e29e7222630230250ed9b382d4ce1e1ee28
1 <?php
2 /**
3 * AuthRestController
4 *
5 * @package OpenEMR
6 * @link http://www.open-emr.org
7 * @author Matthew Vita <matthewvita48@gmail.com>
8 * @author Brady Miller <brady.g.miller@gmail.com>
9 * @copyright Copyright (c) 2018 Matthew Vita <matthewvita48@gmail.com>
10 * @copyright Copyright (c) 2018 Brady Miller <brady.g.miller@gmail.com>
11 * @license https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
12 */
13
14
15 namespace OpenEMR\RestControllers;
16
17 require_once("./../library/authentication/common_operations.php");
18
19 class AuthRestController
20 {
21 public function __construct()
22 {
23 }
24
25 public function authenticate($authPayload)
26 {
27 $is_valid = confirm_user_password($authPayload["username"], $authPayload["password"]);
28
29 if (!$is_valid && strtolower(trim($authPayload["grant_type"])) !== 'password') {
30 http_response_code(401);
31 return;
32 }
33 if (!empty($_SESSION['api']) && !empty($_SESSION['site_id'])) {
34 $encoded_api = bin2hex(trim($_SESSION['api']));
35 $encoded_site = bin2hex(trim($_SESSION['site_id']));
36 } else {
37 http_response_code(401);
38 return;
39 }
40
41 $user = sqlQuery("SELECT id FROM users_secure WHERE username = ?", array($authPayload['username']));
42
43 $sql = " INSERT INTO api_token SET";
44 $sql .= " user_id=?,";
45 $sql .= " token=(SELECT LEFT(SHA2(CONCAT(NOW(), RAND(), UUID()), 512), 32)),";
46 $sql .= " expiry=DATE_ADD(NOW(), INTERVAL 1 HOUR)";
47
48 sqlInsert($sql, array($user["id"]));
49
50 $token = sqlQuery("SELECT token FROM api_token WHERE user_id = ? ORDER BY id DESC", array($user["id"]));
51
52 $encoded_token = $token["token"] . $encoded_api . $encoded_site;
53 $give = array("token_type" => "Bearer", "access_token" => $encoded_token, "expires_in" => "3600");
54 http_response_code(200);
55 return $give;
56 }
57
58 public function isValidToken($token)
59 {
60 $tokenResult = sqlQuery("SELECT user_id, token, expiry FROM api_token WHERE token=?", array($token));
61
62 if (!$tokenResult) {
63 return false;
64 }
65
66 $currentDateTime = date("Y-m-d H:i:s");
67 $expiryDateTime = date("Y-m-d H:i:s", strtotime($tokenResult['expiry']));
68
69 if ($expiryDateTime <= $currentDateTime) {
70 return false;
71 }
72
73 return true;
74 }
75
76 public function getUserFromToken($token)
77 {
78 $sql = " SELECT";
79 $sql .= " u.username";
80 $sql .= " FROM api_token a";
81 $sql .= " JOIN users_secure u ON u.id = a.user_id";
82 $sql .= " WHERE a.token = ?";
83
84 $userResult = sqlQuery($sql, array($token));
85 return $userResult["username"];
86 }
87
88 public function aclCheck($token, $section, $value)
89 {
90 $username = $this->getUserFromToken($token);
91 return acl_check($section, $value, $username);
92 }
93
94 public function aclCheckByUsername($username, $section, $value)
95 {
96 return acl_check($section, $value, $username);
97 }
98
99 public function optionallyAddMoreTokenTime($token)
100 {
101 $tokenResult = sqlQuery("SELECT user_id, token, expiry FROM api_token WHERE token=?", array($token));
102
103 $currentDateTime = date("Y-m-d H:i:s");
104 $expiryDateTime = date("Y-m-d H:i:s", strtotime($tokenResult['expiry']));
105
106 $minutesLeft = round(abs(strtotime($currentDateTime) - strtotime($expiryDateTime)) / 60, 2);
107
108 if ($minutesLeft < 10) {
109 sqlStatement("UPDATE api_token SET expiry=DATE_ADD(NOW(), INTERVAL 1 HOUR) WHERE token=?", array($token));
110 }
111 }
112 }
Mirror of official OpenEMR Sourceforge repository