Merged in bugfix/HOR-3548 (pull request #5872)

HOR-3548 Approved-by: Julio Cesar Laura Avendaño <contact@julio-laura.com>
2017-08-10 22:24:29 +00:00
parent ad5c0cfbc7 2820ba7de3
commit 702eb8ac9d
6 changed files with 72 additions and 13 deletions
--- a/gulliver/system/class.bootstrap.php
+++ b/gulliver/system/class.bootstrap.php
@@ -2577,18 +2577,37 @@ class Bootstrap
        return $var;
    }

-    public function verifyHashPassword ($pass, $userPass)
+    /**
+     * Verify Hash password with password entered
+     *
+     * @param string $pass password
+     * @param string $userPass hash of password
+     * @return bool true or false
+     */
+    public function verifyHashPassword($pass, $userPass)
    {
+        global $RBAC;
        $passwordHashConfig = Bootstrap::getPasswordHashConfig();
        $hashTypeCurrent = $passwordHashConfig['current'];
        $hashTypePrevious = $passwordHashConfig['previous'];
+        $acceptance = false;
+
+        if ($RBAC->loginWithHash()) {
+            //To enable compatibility with soap login
            if ((Bootstrap::hashPassword($pass, $hashTypeCurrent) == $userPass) || ($pass === $hashTypeCurrent . ':' . $userPass)) {
-            return true;
+                $acceptance = true;
+            } else if ((Bootstrap::hashPassword($pass, $hashTypePrevious) == $userPass) || ($pass === $hashTypePrevious . ':' . $userPass)) {
+                $acceptance = true;
            }
-        if ((Bootstrap::hashPassword($pass, $hashTypePrevious) == $userPass) || ($pass === $hashTypePrevious . ':' . $userPass)) {
-            return true;
+        } else {
+            if (Bootstrap::hashPassword($pass, $hashTypeCurrent) == $userPass) {
+                $acceptance = true;
+            } else if (Bootstrap::hashPassword($pass, $hashTypePrevious) == $userPass) {
+                $acceptance = true;
            }
-        return false;
+        }
+
+        return $acceptance;
    }

    /**
--- a/gulliver/system/class.rbac.php
+++ b/gulliver/system/class.rbac.php
@@ -75,6 +75,12 @@ class RBAC
    private static $instance = null;
    public $authorizedActions = array();

+    /**
+     * To enable compatibility with soap login.
+     * @var bool
+     */
+    private $enableLoginHash = false;
+
    public function __construct ()
    {
        $this->authorizedActions = array(
@@ -1572,5 +1578,31 @@ class RBAC
            throw new RBACException('ID_ACCESS_DENIED', 403);
        }
    }
+
+    /**
+     * Enable compatibility with hash login
+     */
+    public function enableLoginWithHash()
+    {
+        $this->enableLoginHash = true;
+    }
+
+    /**
+     * Disable compatibility with hash login
+     */
+    public function disableLoginWithHash()
+    {
+        $this->enableLoginHash = false;
+    }
+
+    /**
+     * Return status login with hash
+     *
+     * @return bool
+     */
+    public function loginWithHash()
+    {
+        return $this->enableLoginHash;
+    }
 }

--- a/workflow/engine/bin/cron.php
+++ b/workflow/engine/bin/cron.php
@@ -1,4 +1,5 @@
 <?php
+require_once(__DIR__ . '/../../../bootstrap/autoload.php');
 try {
    //Set variables
    $cronName = pathinfo($_SERVER['SCRIPT_FILENAME'], PATHINFO_FILENAME);
--- a/workflow/engine/bin/cron_single.php
+++ b/workflow/engine/bin/cron_single.php
@@ -1,4 +1,5 @@
 <?php
+require_once(__DIR__ . '/../../../bootstrap/autoload.php');
 register_shutdown_function(
    create_function(
        '',
--- a/workflow/engine/classes/class.wsBase.php
+++ b/workflow/engine/classes/class.wsBase.php
@@ -65,6 +65,12 @@ class wsBase
        global $RBAC;

        try {
+            //To enable compatibility with hash login, method Enable.
+            //It's necessary to enable the hash start session because there are use cases in both,
+            //the web entry and in the case planner, where the password is still used in the hash
+            //format so that is possible to start a session. Thiw way we will mantain the
+            //compatibility with this type of loggin.
+            $RBAC->enableLoginWithHash();
            $uid = $RBAC->VerifyLogin( $userid, $password );

            switch ($uid) {
@@ -113,14 +119,13 @@ class wsBase
            $session->Save();

            //save the session in DataBase
-
-
-            return $wsResponse;
        } catch (Exception $e) {
            $wsResponse = unserialize( $e->getMessage() );
-
-            return $wsResponse;
        }
+
+        //To enable compatibility with hash login, method disable.
+        $RBAC->disableLoginWithHash();
+        return $wsResponse;
    }

    /**
--- a/workflow/engine/methods/services/soap2.php
+++ b/workflow/engine/methods/services/soap2.php
@@ -1,6 +1,7 @@
 <?php
-ini_set("soap.wsdl_cache_enabled", 0); //disabling WSDL cache
+use ProcessMaker\Util\ParseSoapVariableName;

+ini_set("soap.wsdl_cache_enabled", 0); //disabling WSDL cache

 define( 'WEB_SERVICE_VERSION', '2.0' );