Commit cb7e03b6 authored by Sylvain Berfini's avatar Sylvain Berfini 🎩

Removed compatibility methods + fixed digest auth white list methods

parent 019f60cf
Pipeline #7438 passed with stage
in 13 seconds
<?php
/*
Flexisip Account Manager is a set of tools to manage SIP accounts.
Copyright (C) 2019 Belledonne Communications SARL, All rights reserved.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
include_once __DIR__ . '/../database/database.php';
include_once __DIR__ . '/../objects/account.php';
include_once __DIR__ . '/../objects/password.php';
include_once __DIR__ . '/../objects/alias.php';
include_once __DIR__ . '/../misc/utilities.php';
// args = [identity]
function xmlrpc_compatibility_check_account_validated($method, $args) {
// Return 1 if account is validated, else return 0
list($login, $domain) = explode("@", $args[0]);
if (startswith($login, "sip:")) {
list($sip, $login) = explode(":", $login);
}
$database = new Database();
$db = $database->getConnection();
$account = new Account($db);
$account->username = $login;
$account->domain = $domain;
if ($account->getOne()) {
return is_activated($account->activated) ? '1' : '0';
}
return 0;
}
// args = [identity]
function xmlrpc_compatibility_check_account($method, $args) {
// Return 1 if login is already used, else return 0
list($login, $domain) = explode("@", $args[0]);
if (startswith($login, "sip:")) {
list($sip, $login) = explode(":", $login);
}
$database = new Database();
$db = $database->getConnection();
$account = new Account($db);
$account->username = $login;
$account->domain = $domain;
if ($account->getOne()) {
return 1;
}
return 0;
}
// args = [identity, password, email, useragent]
function xmlrpc_compatibility_create_account_with_useragent($method, $args) {
$newargs = array($args[0], $args[1], $args[2], 0, $args[3]);
return xmlrpc_compatibility_create_account($method, $newargs);
}
// args = [identity, password, email, newsletter, useragent?]
function xmlrpc_compatibility_create_account($method, $args) {
// Return 0 if account successfully created, else return -1
list($login, $domain) = explode("@", $args[0]);
if (startswith($login, "sip:")) {
list($sip, $login) = explode(":", $login);
}
$database = new Database();
$db = $database->getConnection();
$account = new Account($db);
$account->username = $login;
$account->domain = $domain;
if ($account->getOne()) {
return -1;
}
$account->email = $args[2];
$account->confirmation_key = uniqid();
$account->ip_address = getIp();
$account->$user_agent = 'linphone-wizard';
$account->activated = AUTO_ACTIVATE_ACCOUNT ? "1" : "0";
if (count($args) == 5) {
$account->$user_agent = $args[4];
}
$account->create();
$crypted_password = hash_password($login, $args[1], $domain, MD5);
$password = new Password($db);
$password->account_id = $account->id;
$password->password = $crypted_password;
$password->algorithm = MD5;
$password->create();
if (SEND_ACTIVATION_EMAIL && EMAIL_ENABLED) {
send_email_with_activation_link($account->email, $account->confirmation_key, $account->username);
}
return 0;
}
function xmlrpc_compatibility_register_methods($server) {
xmlrpc_server_register_method($server, 'check_account', 'xmlrpc_compatibility_check_account');
xmlrpc_server_register_method($server, 'create_account', 'xmlrpc_compatibility_create_account');
xmlrpc_server_register_method($server, 'check_account_validated', 'xmlrpc_compatibility_check_account_validated');
xmlrpc_server_register_method($server, 'create_account_with_useragent', 'xmlrpc_compatibility_create_account_with_useragent');
}
?>
\ No newline at end of file
......@@ -30,14 +30,14 @@ include_once __DIR__ . '/../misc/utilities.php';
include_once __DIR__ . '/results_values.php';
// args = [username, old hash, new hash, [domain], [algo]]
function update_password($method, $args) {
function xmlrpc_update_password($method, $args) {
$username = $args[0];
$hashed_old_password = $args[1];
$hashed_new_password = $args[2];
$domain = get_domain($args[3]);
$algo = get_algo($args[4]);
Logger::getInstance()->message("[XMLRPC] update_password(" . $username . ", " . $domain . ", " . $algo . ")");
Logger::getInstance()->message("[XMLRPC] xmlrpc_update_password(" . $username . ", " . $domain . ", " . $algo . ")");
if (!check_parameter($username)) {
return MISSING_USERNAME_PARAM;
......
......@@ -28,7 +28,6 @@ include_once __DIR__ . '/aliases.php';
include_once __DIR__ . '/devices.php';
include_once __DIR__ . '/passwords.php';
include_once __DIR__ . '/user_info.php';
include_once __DIR__ . '/compatibility.php';
$request = file_get_contents("php://input");
if (empty($request)) Logger::getInstance()->error("Request is empty");
......@@ -42,32 +41,33 @@ if (USE_DIGEST_AUTH) {
$request_type = $xml->methodName;
$unauthenticated_requests = array(
// account
// email accounts
0 => 'create_email_account',
1 => 'create_phone_account',
2 => 'get_confirmation_key',
3 => 'activate_email_account',
4 => 'activate_phone_account',
5 => 'recover_phone_account',
6 => 'recover_email_account',
7 => 'recover_account_from_confirmation_key',
1 => 'create_email_md5_sha256_account',
2 => 'activate_email_account',
3 => 'recover_email_account',
// phone accounts
4 => 'create_phone_account',
5 => 'activate_phone_account',
6 => 'recover_phone_account',
7 => 'is_phone_number_used',
8 => 'get_phone_number_for_account',
9 => 'is_account_activated',
// accounts
9 => 'get_confirmation_key',
10 => 'is_account_used',
11 => 'is_account_activated',
12 => 'recover_account_from_confirmation_key',
13 => 'get_accounts_count',
// aliases
10 => 'is_alias_used',
14 => 'is_alias_used',
15 => 'link_phone_number_with_account',
16 => 'get_alias',
// inapp
11 => 'check_payload_signature',
// misc
12 => 'add_ec_calibration_result',
// compatibility
13 => 'create_account',
14 => 'create_account_with_useragent',
15 => 'get_accounts_count',
// devices
17 => 'add_ec_calibration_result',
);
// Get authentication header if there is one
......@@ -102,7 +102,6 @@ xmlrpc_aliases_register_methods($server);
xmlrpc_devices_register_methods($server);
xmlrpc_passwords_register_methods($server);
xmlrpc_user_info_register_methods($server);
xmlrpc_compatibility_register_methods($server);
if (USE_IN_APP_PURCHASES) {
xmlrpc_inapp_register_methods($server);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment