bsiggel/espocrm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
root
2026-01-19 17:44:46 +01:00
commit 823af8b11d
8721 changed files with 1130846 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

67
application/Espo/Core/Authentication/AuthToken/AuthToken.php Normal file
View File

@@ -0,0 +1,67 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Core\Authentication\AuthToken;
/**
* An auth token record.
*/
interface AuthToken
{
/**
* Get a token.
*/
public function getToken(): string;
/**
* Get a user ID.
*/
public function getUserId(): string;
/**
* Get a portal ID. If a token belongs to a specific portal.
*/
public function getPortalId(): ?string;
/**
* Get a token secret. Secret is used as an additional security check.
*/
public function getSecret(): ?string;
/**
* Whether a token is active.
*/
public function isActive(): bool;
/**
* Get a password hash. If a password hash is not stored in token, then return NULL.
* If you store auth tokens remotely it's reasonable to avoid hashes being sent.
*/
public function getHash(): ?string;
}

118
application/Espo/Core/Authentication/AuthToken/Data.php Normal file
View File

@@ -0,0 +1,118 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Core\Authentication\AuthToken;
use RuntimeException;
use SensitiveParameter;
/**
* An auth token data. Used for auth token creation.
*
* Immutable.
*/
class Data
{
private string $userId;
private ?string $portalId = null;
private ?string $hash = null;
private ?string $ipAddress = null;
private bool $createSecret = false;
private function __construct()
{}
/**
* A user ID.
*/
public function getUserId(): string
{
return $this->userId;
}
/**
* A portal ID.
*/
public function getPortalId(): ?string
{
return $this->portalId;
}
/**
* A hash.
*/
public function getHash(): ?string
{
return $this->hash;
}
/**
* An ID address.
*/
public function getIpAddress(): ?string
{
return $this->ipAddress;
}
/**
* To create a secret.
*/
public function toCreateSecret(): bool
{
return $this->createSecret;
}
/**
* @param array{
* userId: string,
* portalId?: ?string,
* hash?: ?string,
* ipAddress?: ?string,
* createSecret?: ?bool,
* } $data
*/
public static function create(#[SensitiveParameter] array $data): self
{
$obj = new self();
$userId = $data['userId'] ?? null;
if (!$userId) {
throw new RuntimeException("No user ID.");
}
$obj->userId = $userId;
$obj->portalId = $data['portalId'] ?? null;
$obj->hash = $data['hash'] ?? null;
$obj->ipAddress = $data['ipAddress'] ?? null;
$obj->createSecret = $data['createSecret'] ?? false;
return $obj;
}
}

164
application/Espo/Core/Authentication/AuthToken/EspoManager.php Normal file
View File

@@ -0,0 +1,164 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Core\Authentication\AuthToken;
use Espo\Core\Name\Field;
use Espo\ORM\EntityManager;
use Espo\ORM\Repository\RDBRepository;
use Espo\Entities\AuthToken as AuthTokenEntity;
use RuntimeException;
/**
* A default auth token manager. Auth tokens are stored in database.
* Consider creating a custom implementation if you need to store auth tokens
* in another storage. E.g. a single Redis data store can be utilized with
* multiple Espo replicas (for scalability purposes).
* Defined at metadata > app > containerServices > authTokenManager.
*
* @noinspection PhpUnused
*/
class EspoManager implements Manager
{
/** @var RDBRepository<AuthTokenEntity> */
private RDBRepository $repository;
private const TOKEN_RANDOM_LENGTH = 16;
public function __construct(EntityManager $entityManager)
{
$this->repository = $entityManager->getRDBRepositoryByClass(AuthTokenEntity::class);
}
public function get(string $token): ?AuthToken
{
return $this->repository
->select([
'id',
'isActive',
'token',
'secret',
'userId',
'portalId',
'hash',
Field::CREATED_AT,
'lastAccess',
Field::MODIFIED_AT,
])
->where(['token' => $token])
->findOne();
}
public function create(Data $data): AuthToken
{
$authToken = $this->repository->getNew();
$authToken
->setUserId($data->getUserId())
->setPortalId($data->getPortalId())
->setHash($data->getHash())
->setIpAddress($data->getIpAddress())
->setToken($this->generateToken())
->setLastAccessNow();
if ($data->toCreateSecret()) {
$authToken->setSecret($this->generateToken());
}
$this->validate($authToken);
$this->repository->save($authToken);
return $authToken;
}
public function inactivate(AuthToken $authToken): void
{
/** @noinspection PhpConditionAlreadyCheckedInspection */
if (!$authToken instanceof AuthTokenEntity) {
throw new RuntimeException();
}
$this->validateNotChanged($authToken);
$authToken->setIsActive(false);
$this->repository->save($authToken);
}
public function renew(AuthToken $authToken): void
{
/** @noinspection PhpConditionAlreadyCheckedInspection */
if (!$authToken instanceof AuthTokenEntity) {
throw new RuntimeException();
}
$this->validateNotChanged($authToken);
if ($authToken->isNew()) {
throw new RuntimeException("Can renew only not new auth token.");
}
$authToken->setLastAccessNow();
$this->repository->save($authToken);
}
private function validate(AuthToken $authToken): void
{
if (!$authToken->getToken()) {
throw new RuntimeException("Empty token.");
}
if (!$authToken->getUserId()) {
throw new RuntimeException("Empty user ID.");
}
}
private function validateNotChanged(AuthTokenEntity $authToken): void
{
if (
$authToken->isAttributeChanged('token') ||
$authToken->isAttributeChanged('secret') ||
$authToken->isAttributeChanged('hash') ||
$authToken->isAttributeChanged('userId') ||
$authToken->isAttributeChanged('portalId')
) {
throw new RuntimeException("Auth token was changed.");
}
}
private function generateToken(): string
{
$length = self::TOKEN_RANDOM_LENGTH;
return bin2hex(random_bytes($length));
}
}

56
application/Espo/Core/Authentication/AuthToken/Manager.php Normal file
View File

@@ -0,0 +1,56 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Core\Authentication\AuthToken;
/**
* Fetches and stores auth tokens.
*/
interface Manager
{
/**
* Get an auth token. If it does not exist, then returns NULL.
*/
public function get(string $token): ?AuthToken;
/**
* Create an auth token and store it.
*/
public function create(Data $data): AuthToken;
/**
* Make an auth token inactive (invalid).
*/
public function inactivate(AuthToken $authToken): void;
/**
* Update a last access date. An implementation can be omitted to avoid a writing operation.
*/
public function renew(AuthToken $authToken): void;
}