From 861507aa885f582ddfa9690e85efd57d1c5e41f6 Mon Sep 17 00:00:00 2001
From: Jos Groot Lipman <jos.grootlipman@aareon.nl>
Date: Mon, 21 Aug 2017 08:21:26 +0000
Subject: [PATCH] FSN#41669 Basic Auth voor API2

svn path=/Website/trunk/; revision=35019
---
 APPL/AUT/Login.inc    | 13 ++++++-------
 APPL/AUT/loginTry.asp |  3 ++-
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/APPL/AUT/Login.inc b/APPL/AUT/Login.inc
index c2c04d3982..b9e1e26532 100644
--- a/APPL/AUT/Login.inc
+++ b/APPL/AUT/Login.inc
@@ -149,7 +149,7 @@ function doLogin(prs_key, params)
     oRs.Close();
 
     // FACFAC tracken we altijd
-    if (!params.noFacSession) // fac_scan_cust genereert er anders te veel
+    if (!params.noFacSession && !params.stateless) // fac_scan_cust genereert er anders te veel
     {
         if (user.has("WEB_FACFAC"))
             shared.trackaction("PRSLOG", user_key, L("lcl_logged_on").format(Session("ASPFIXATION").slice(-6)));
@@ -611,15 +611,11 @@ function getIdentity(username, wachtwoord, params)
     }
 
     var logins = [];
+    logins.push(" prs_perslid_apikey = " + safe.quoted_sql(username, 128)); // Die mag altijd wel
     if (S("login_use_email"))
     {
         logins.push(" upper(prs_perslid_email) = " + safe.quoted_sql_upper(username));
     }
-    else if (getQParam("API", "") || getQParam("API2", ""))
-    {
-        logins.push(" prs_perslid_apikey = " + safe.quoted_sql(username, 128)); // TODO zorgen dat result.stateless gezet raakt
-        wachtwoord = null;
-    }
     else
     {
         logins.push(" prs_perslid_oslogin = " + safe.quoted_sql_upper(username, 30));
@@ -629,6 +625,7 @@ function getIdentity(username, wachtwoord, params)
             + "      , prs_perslid_flags"
             + "      , prs_perslid_otpsecret"
             + "      , prs_perslid_otpcounter"
+            + "      , prs_perslid_apikey"
             + "   FROM prs_perslid"
             + "  WHERE prs_perslid_verwijder IS NULL"
             + "    AND (" + logins.join(" OR ") + ")"
@@ -654,7 +651,9 @@ function getIdentity(username, wachtwoord, params)
     var otpcounter = oRs("prs_perslid_otpcounter").Value || -1;
 
     var found = false;
-    if (/* nog niet vanuit SAML/default.asp params.noPassword && */ wachtwoord === null) // SSO
+    if (/* nog niet vanuit SAML/default.asp params.noPassword && */ wachtwoord == null // SSO
+          || oRs("prs_perslid_apikey").Value === username
+       )
         found = true; // En zijn we verder wel klaar
     else
         found = testpassword(oRs("prs_perslid_key").Value, wachtwoord, params.mobile);
diff --git a/APPL/AUT/loginTry.asp b/APPL/AUT/loginTry.asp
index 33558a0044..5788572aff 100644
--- a/APPL/AUT/loginTry.asp
+++ b/APPL/AUT/loginTry.asp
@@ -89,7 +89,8 @@ if (user_key < 0)
     var auth = String(Request.ServerVariables("HTTP_AUTHORIZATION"));
     if (auth.match(/^Basic /))
     {
-        __Log("Found Authorization: Basic");
+        __DoLog("Found Authorization: Basic");
+        __Logging = 3;
         var b64 = auth.substring(6);
         var plain = decode_b64(b64);
         if (plain.split(":").length > 1)