From 46d09f5b84872622cde16c368ef48b69442e7512 Mon Sep 17 00:00:00 2001 From: Dante Date: Mon, 12 Jun 2017 16:11:19 -0400 Subject: [PATCH 1/9] HOR-3095 --- workflow/engine/classes/Calendar.php | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/workflow/engine/classes/Calendar.php b/workflow/engine/classes/Calendar.php index 2f788a442..43e35035b 100644 --- a/workflow/engine/classes/Calendar.php +++ b/workflow/engine/classes/Calendar.php @@ -799,10 +799,6 @@ class Calendar extends CalendarDefinition return $return; } - - - - /**************SLA classes***************/ public function dashCalculateDate ($iniDate, $duration, $formatDuration, $calendarData = array()) { @@ -828,7 +824,7 @@ class Calendar extends CalendarDefinition $newDate = $onlyDate; $hoursDuration -= (float)($secondRes/3600); } else { - $newDate = date('Y-m-d H:i:s', strtotime('+' . (((float)$hoursDuration)*3600) . ' seconds', strtotime($newDate))); + $newDate = date('Y-m-d H:i:s', strtotime('+' . round((((float)$hoursDuration)*3600), 5) . ' seconds', strtotime($newDate))); $hoursDuration = 0; } } @@ -841,8 +837,6 @@ class Calendar extends CalendarDefinition if ((is_null($finDate)) || ($finDate == '')) { $finDate = date('Y-m-d H:i:s'); } - - if ((strtotime($finDate)) <= (strtotime($iniDate))) { return 0.00; } From b846a246ef90cb0bd383ff974b4a3301e890ced8 Mon Sep 17 00:00:00 2001 From: "Marco A. Nina Mena" Date: Sun, 6 Aug 2017 20:19:26 -0400 Subject: [PATCH 2/9] HOR-3548 Users can log in with just a password hash without knowing the clear text password - Check if the password contains password hashes. --- workflow/engine/methods/login/authentication.php | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/workflow/engine/methods/login/authentication.php b/workflow/engine/methods/login/authentication.php index ed7e32196..7152e29db 100644 --- a/workflow/engine/methods/login/authentication.php +++ b/workflow/engine/methods/login/authentication.php @@ -41,6 +41,18 @@ try { die(); } + //Check if the password contains the password hashes + if (!empty($_POST['form']['USR_PASSWORD']) && strlen($_POST['form']['USR_PASSWORD']) > 32) { + $pass = trim($_POST['form']['USR_PASSWORD']); + foreach (Bootstrap::getPasswordHashConfig() as $key => $hash) { + $search = substr($pass, 0, strlen($hash) + 1); + if ($search == $hash . ':') { + $pass = substr($pass, strlen($hash) + 1); + } + } + $_POST['form']['USR_PASSWORD'] = $pass; + } + $frm = $_POST['form']; if (isset($frm['USR_USERNAME'])) { From 890dd720e6231155798e10deb08af7d29003754d Mon Sep 17 00:00:00 2001 From: "Marco A. Nina Mena" Date: Sun, 6 Aug 2017 20:33:53 -0400 Subject: [PATCH 3/9] Delete changes of file. --- workflow/engine/classes/Calendar.php | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/workflow/engine/classes/Calendar.php b/workflow/engine/classes/Calendar.php index 43e35035b..2f788a442 100644 --- a/workflow/engine/classes/Calendar.php +++ b/workflow/engine/classes/Calendar.php @@ -799,6 +799,10 @@ class Calendar extends CalendarDefinition return $return; } + + + + /**************SLA classes***************/ public function dashCalculateDate ($iniDate, $duration, $formatDuration, $calendarData = array()) { @@ -824,7 +828,7 @@ class Calendar extends CalendarDefinition $newDate = $onlyDate; $hoursDuration -= (float)($secondRes/3600); } else { - $newDate = date('Y-m-d H:i:s', strtotime('+' . round((((float)$hoursDuration)*3600), 5) . ' seconds', strtotime($newDate))); + $newDate = date('Y-m-d H:i:s', strtotime('+' . (((float)$hoursDuration)*3600) . ' seconds', strtotime($newDate))); $hoursDuration = 0; } } @@ -837,6 +841,8 @@ class Calendar extends CalendarDefinition if ((is_null($finDate)) || ($finDate == '')) { $finDate = date('Y-m-d H:i:s'); } + + if ((strtotime($finDate)) <= (strtotime($iniDate))) { return 0.00; } From d0967def2b92abcfcf695cbe415d9d55e91003e9 Mon Sep 17 00:00:00 2001 From: "Marco A. Nina Mena" Date: Wed, 9 Aug 2017 10:39:26 -0400 Subject: [PATCH 4/9] Delete code for compatibility with old forms of authentication. --- gulliver/system/class.bootstrap.php | 4 ++-- workflow/engine/methods/login/authentication.php | 12 ------------ 2 files changed, 2 insertions(+), 14 deletions(-) diff --git a/gulliver/system/class.bootstrap.php b/gulliver/system/class.bootstrap.php index 267c84725..09ebbf59b 100644 --- a/gulliver/system/class.bootstrap.php +++ b/gulliver/system/class.bootstrap.php @@ -2521,10 +2521,10 @@ class Bootstrap $passwordHashConfig = Bootstrap::getPasswordHashConfig(); $hashTypeCurrent = $passwordHashConfig['current']; $hashTypePrevious = $passwordHashConfig['previous']; - if ((Bootstrap::hashPassword($pass, $hashTypeCurrent) == $userPass) || ($pass === $hashTypeCurrent . ':' . $userPass)) { + if (Bootstrap::hashPassword($pass, $hashTypeCurrent) == $userPass) { return true; } - if ((Bootstrap::hashPassword($pass, $hashTypePrevious) == $userPass) || ($pass === $hashTypePrevious . ':' . $userPass)) { + if (Bootstrap::hashPassword($pass, $hashTypePrevious) == $userPass) { return true; } return false; diff --git a/workflow/engine/methods/login/authentication.php b/workflow/engine/methods/login/authentication.php index 7152e29db..ed7e32196 100644 --- a/workflow/engine/methods/login/authentication.php +++ b/workflow/engine/methods/login/authentication.php @@ -41,18 +41,6 @@ try { die(); } - //Check if the password contains the password hashes - if (!empty($_POST['form']['USR_PASSWORD']) && strlen($_POST['form']['USR_PASSWORD']) > 32) { - $pass = trim($_POST['form']['USR_PASSWORD']); - foreach (Bootstrap::getPasswordHashConfig() as $key => $hash) { - $search = substr($pass, 0, strlen($hash) + 1); - if ($search == $hash . ':') { - $pass = substr($pass, strlen($hash) + 1); - } - } - $_POST['form']['USR_PASSWORD'] = $pass; - } - $frm = $_POST['form']; if (isset($frm['USR_USERNAME'])) { From 3bc88eaf090c476d073bff212d5671f2e9078a09 Mon Sep 17 00:00:00 2001 From: Dante Date: Mon, 12 Jun 2017 16:11:19 -0400 Subject: [PATCH 5/9] HOR-3095 --- workflow/engine/classes/Calendar.php | 6 ------ 1 file changed, 6 deletions(-) diff --git a/workflow/engine/classes/Calendar.php b/workflow/engine/classes/Calendar.php index fe49aca98..43e35035b 100644 --- a/workflow/engine/classes/Calendar.php +++ b/workflow/engine/classes/Calendar.php @@ -799,10 +799,6 @@ class Calendar extends CalendarDefinition return $return; } - - - - /**************SLA classes***************/ public function dashCalculateDate ($iniDate, $duration, $formatDuration, $calendarData = array()) { @@ -841,8 +837,6 @@ class Calendar extends CalendarDefinition if ((is_null($finDate)) || ($finDate == '')) { $finDate = date('Y-m-d H:i:s'); } - - if ((strtotime($finDate)) <= (strtotime($iniDate))) { return 0.00; } From 76bf7f3c423e45ba1907844328a0d32d439e7103 Mon Sep 17 00:00:00 2001 From: "Marco A. Nina Mena" Date: Sun, 6 Aug 2017 20:19:26 -0400 Subject: [PATCH 6/9] HOR-3548 Users can log in with just a password hash without knowing the clear text password - Check if the password contains password hashes. --- workflow/engine/methods/login/authentication.php | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/workflow/engine/methods/login/authentication.php b/workflow/engine/methods/login/authentication.php index ed7e32196..7152e29db 100644 --- a/workflow/engine/methods/login/authentication.php +++ b/workflow/engine/methods/login/authentication.php @@ -41,6 +41,18 @@ try { die(); } + //Check if the password contains the password hashes + if (!empty($_POST['form']['USR_PASSWORD']) && strlen($_POST['form']['USR_PASSWORD']) > 32) { + $pass = trim($_POST['form']['USR_PASSWORD']); + foreach (Bootstrap::getPasswordHashConfig() as $key => $hash) { + $search = substr($pass, 0, strlen($hash) + 1); + if ($search == $hash . ':') { + $pass = substr($pass, strlen($hash) + 1); + } + } + $_POST['form']['USR_PASSWORD'] = $pass; + } + $frm = $_POST['form']; if (isset($frm['USR_USERNAME'])) { From bcba29d7a6a27695b31086e96fbf213542022407 Mon Sep 17 00:00:00 2001 From: "Marco A. Nina Mena" Date: Sun, 6 Aug 2017 20:33:53 -0400 Subject: [PATCH 7/9] Delete changes of file. --- workflow/engine/classes/Calendar.php | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/workflow/engine/classes/Calendar.php b/workflow/engine/classes/Calendar.php index 43e35035b..2f788a442 100644 --- a/workflow/engine/classes/Calendar.php +++ b/workflow/engine/classes/Calendar.php @@ -799,6 +799,10 @@ class Calendar extends CalendarDefinition return $return; } + + + + /**************SLA classes***************/ public function dashCalculateDate ($iniDate, $duration, $formatDuration, $calendarData = array()) { @@ -824,7 +828,7 @@ class Calendar extends CalendarDefinition $newDate = $onlyDate; $hoursDuration -= (float)($secondRes/3600); } else { - $newDate = date('Y-m-d H:i:s', strtotime('+' . round((((float)$hoursDuration)*3600), 5) . ' seconds', strtotime($newDate))); + $newDate = date('Y-m-d H:i:s', strtotime('+' . (((float)$hoursDuration)*3600) . ' seconds', strtotime($newDate))); $hoursDuration = 0; } } @@ -837,6 +841,8 @@ class Calendar extends CalendarDefinition if ((is_null($finDate)) || ($finDate == '')) { $finDate = date('Y-m-d H:i:s'); } + + if ((strtotime($finDate)) <= (strtotime($iniDate))) { return 0.00; } From 5a476ab9a317cd7044ac2e09c4ed93fb35f3573e Mon Sep 17 00:00:00 2001 From: "Marco A. Nina Mena" Date: Wed, 9 Aug 2017 10:39:26 -0400 Subject: [PATCH 8/9] Delete code for compatibility with old forms of authentication. --- gulliver/system/class.bootstrap.php | 4 ++-- workflow/engine/methods/login/authentication.php | 12 ------------ 2 files changed, 2 insertions(+), 14 deletions(-) diff --git a/gulliver/system/class.bootstrap.php b/gulliver/system/class.bootstrap.php index b70b2bcef..b5b47209d 100644 --- a/gulliver/system/class.bootstrap.php +++ b/gulliver/system/class.bootstrap.php @@ -2582,10 +2582,10 @@ class Bootstrap $passwordHashConfig = Bootstrap::getPasswordHashConfig(); $hashTypeCurrent = $passwordHashConfig['current']; $hashTypePrevious = $passwordHashConfig['previous']; - if ((Bootstrap::hashPassword($pass, $hashTypeCurrent) == $userPass) || ($pass === $hashTypeCurrent . ':' . $userPass)) { + if (Bootstrap::hashPassword($pass, $hashTypeCurrent) == $userPass) { return true; } - if ((Bootstrap::hashPassword($pass, $hashTypePrevious) == $userPass) || ($pass === $hashTypePrevious . ':' . $userPass)) { + if (Bootstrap::hashPassword($pass, $hashTypePrevious) == $userPass) { return true; } return false; diff --git a/workflow/engine/methods/login/authentication.php b/workflow/engine/methods/login/authentication.php index 7152e29db..ed7e32196 100644 --- a/workflow/engine/methods/login/authentication.php +++ b/workflow/engine/methods/login/authentication.php @@ -41,18 +41,6 @@ try { die(); } - //Check if the password contains the password hashes - if (!empty($_POST['form']['USR_PASSWORD']) && strlen($_POST['form']['USR_PASSWORD']) > 32) { - $pass = trim($_POST['form']['USR_PASSWORD']); - foreach (Bootstrap::getPasswordHashConfig() as $key => $hash) { - $search = substr($pass, 0, strlen($hash) + 1); - if ($search == $hash . ':') { - $pass = substr($pass, strlen($hash) + 1); - } - } - $_POST['form']['USR_PASSWORD'] = $pass; - } - $frm = $_POST['form']; if (isset($frm['USR_USERNAME'])) { From cc778e40c92cd3a631bdb3594a8169f76b2a5fab Mon Sep 17 00:00:00 2001 From: "Marco A. Nina Mena" Date: Thu, 10 Aug 2017 14:30:37 -0400 Subject: [PATCH 9/9] Add functionality in rbac for enable or disable compatibility with soap login --- gulliver/system/class.bootstrap.php | 31 +++++++++++++++++---- gulliver/system/class.rbac.php | 32 ++++++++++++++++++++++ workflow/engine/bin/cron.php | 1 + workflow/engine/bin/cron_single.php | 1 + workflow/engine/classes/class.wsBase.php | 11 ++++---- workflow/engine/methods/services/soap2.php | 1 + 6 files changed, 66 insertions(+), 11 deletions(-) diff --git a/gulliver/system/class.bootstrap.php b/gulliver/system/class.bootstrap.php index b5b47209d..ed98a7616 100644 --- a/gulliver/system/class.bootstrap.php +++ b/gulliver/system/class.bootstrap.php @@ -2577,18 +2577,37 @@ class Bootstrap return $var; } + /** + * Verify Hash password with password entered + * + * @param string $pass password + * @param string $userPass hash of password + * @return bool true or false + */ public function verifyHashPassword ($pass, $userPass) { + global $RBAC; $passwordHashConfig = Bootstrap::getPasswordHashConfig(); $hashTypeCurrent = $passwordHashConfig['current']; $hashTypePrevious = $passwordHashConfig['previous']; - if (Bootstrap::hashPassword($pass, $hashTypeCurrent) == $userPass) { - return true; + $acceptance = false; + + if ($RBAC->getStatusLoginHash()) { + //To enable compatibility with soap login + if ($pass === $hashTypeCurrent . ':' . $userPass) { + $acceptance = true; + } else if ($pass === $hashTypePrevious . ':' . $userPass) { + $acceptance = true; + } + } else { + if (Bootstrap::hashPassword($pass, $hashTypeCurrent) == $userPass) { + $acceptance = true; + } else if (Bootstrap::hashPassword($pass, $hashTypePrevious) == $userPass) { + $acceptance = true; + } } - if (Bootstrap::hashPassword($pass, $hashTypePrevious) == $userPass) { - return true; - } - return false; + + return $acceptance; } /** diff --git a/gulliver/system/class.rbac.php b/gulliver/system/class.rbac.php index 253ff34b8..66388a0d6 100644 --- a/gulliver/system/class.rbac.php +++ b/gulliver/system/class.rbac.php @@ -75,6 +75,12 @@ class RBAC private static $instance = null; public $authorizedActions = array(); + /** + * To enable compatibility with soap login. + * @var bool + */ + private $enableLoginHash = false; + public function __construct () { $this->authorizedActions = array( @@ -1572,5 +1578,31 @@ class RBAC throw new RBACException('ID_ACCESS_DENIED', 403); } } + + /** + * Enable compatibility with soap login + */ + public function enableLoginSoapWithHash() + { + $this->enableLoginHash = true; + } + + /** + * Disable compatibility with soap login + */ + public function disableLoginSoapWithHash () + { + $this->enableLoginHash = false; + } + + /** + * Return status login with soap + * + * @return bool + */ + public function getStatusLoginHash () + { + return $this->enableLoginHash; + } } diff --git a/workflow/engine/bin/cron.php b/workflow/engine/bin/cron.php index 8db5a180c..34ca20fc8 100644 --- a/workflow/engine/bin/cron.php +++ b/workflow/engine/bin/cron.php @@ -1,4 +1,5 @@ enableLoginSoapWithHash(); $uid = $RBAC->VerifyLogin( $userid, $password ); switch ($uid) { @@ -113,14 +115,13 @@ class wsBase $session->Save(); //save the session in DataBase - - - return $wsResponse; } catch (Exception $e) { $wsResponse = unserialize( $e->getMessage() ); - - return $wsResponse; } + + //To enable compatibility with soap login, method disable. + $RBAC->disableLoginSoapWithHash(); + return $wsResponse; } /** diff --git a/workflow/engine/methods/services/soap2.php b/workflow/engine/methods/services/soap2.php index 758c21e2a..75a61177a 100644 --- a/workflow/engine/methods/services/soap2.php +++ b/workflow/engine/methods/services/soap2.php @@ -1,6 +1,7 @@