From de8ccb885f38e6e182a22e80c854f9dfd7183fd2 Mon Sep 17 00:00:00 2001 From: "Paula V. Quispe" Date: Thu, 21 May 2015 11:28:38 -0400 Subject: [PATCH 1/2] PM-2795: al autenficarse con REST no verifica contra el LdapAdvanced --- workflow/engine/src/ProcessMaker/Services/OAuth2/PmPdo.php | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/workflow/engine/src/ProcessMaker/Services/OAuth2/PmPdo.php b/workflow/engine/src/ProcessMaker/Services/OAuth2/PmPdo.php index efdf78e59..f722501d5 100644 --- a/workflow/engine/src/ProcessMaker/Services/OAuth2/PmPdo.php +++ b/workflow/engine/src/ProcessMaker/Services/OAuth2/PmPdo.php @@ -190,8 +190,11 @@ class PmPdo implements \OAuth2\Storage\AuthorizationCodeInterface, /* OAuth2_Storage_UserCredentialsInterface */ public function checkUserCredentials($username, $password) { - if ($user = $this->getUser($username)) { - return $this->checkPassword($user, $password); + $RBAC = \RBAC::getSingleton(); + $RBAC->initRBAC(); + $uid = $RBAC->VerifyLogin($username , $password); + if($uid != ''){ + return true; } return false; } From b55eb92644fbe7a1a59c0be106e28c2f2818b08e Mon Sep 17 00:00:00 2001 From: "Paula V. Quispe" Date: Thu, 21 May 2015 14:01:28 -0400 Subject: [PATCH 2/2] PM-2795: I validated when is < 0 --- workflow/engine/src/ProcessMaker/Services/OAuth2/PmPdo.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/workflow/engine/src/ProcessMaker/Services/OAuth2/PmPdo.php b/workflow/engine/src/ProcessMaker/Services/OAuth2/PmPdo.php index f722501d5..89e7aeed6 100644 --- a/workflow/engine/src/ProcessMaker/Services/OAuth2/PmPdo.php +++ b/workflow/engine/src/ProcessMaker/Services/OAuth2/PmPdo.php @@ -193,6 +193,9 @@ class PmPdo implements \OAuth2\Storage\AuthorizationCodeInterface, $RBAC = \RBAC::getSingleton(); $RBAC->initRBAC(); $uid = $RBAC->VerifyLogin($username , $password); + if($uid < 0){ + return false; + } if($uid != ''){ return true; }