From cb7e03b68e212bc6cf040baee6d0f4b2f8efaffb Mon Sep 17 00:00:00 2001
From: Sylvain Berfini <sylvain.berfini@belledonne-communications.com>
Date: Thu, 22 Aug 2019 15:21:09 +0200
Subject: [PATCH] Removed compatibility methods + fixed digest auth white list
 methods

---
 src/xmlrpc/compatibility.php | 129 -----------------------------------
 src/xmlrpc/passwords.php     |   4 +-
 src/xmlrpc/xmlrpc.php        |  45 ++++++------
 3 files changed, 24 insertions(+), 154 deletions(-)
 delete mode 100644 src/xmlrpc/compatibility.php

diff --git a/src/xmlrpc/compatibility.php b/src/xmlrpc/compatibility.php
deleted file mode 100644
index bb2725f..0000000
--- a/src/xmlrpc/compatibility.php
+++ /dev/null
@@ -1,129 +0,0 @@
-<?php
-
-/*
-	Flexisip Account Manager is a set of tools to manage SIP accounts.
-	Copyright (C) 2019 Belledonne Communications SARL, All rights reserved.
-
-	This program is free software: you can redistribute it and/or modify
-	it under the terms of the GNU Affero General Public License as
-	published by the Free Software Foundation, either version 3 of the
-	License, or (at your option) any later version.
-
-	This program is distributed in the hope that it will be useful,
-	but WITHOUT ANY WARRANTY; without even the implied warranty of
-	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-	GNU Affero General Public License for more details.
-
-	You should have received a copy of the GNU Affero General Public License
-	along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
-include_once __DIR__ . '/../database/database.php';
-
-include_once __DIR__ . '/../objects/account.php';
-include_once __DIR__ . '/../objects/password.php';
-include_once __DIR__ . '/../objects/alias.php';
-
-include_once __DIR__ . '/../misc/utilities.php';
-
-// args = [identity]
-function xmlrpc_compatibility_check_account_validated($method, $args) {
-	// Return 1 if account is validated, else return 0
-
-	list($login, $domain) = explode("@", $args[0]);
-	if (startswith($login, "sip:")) {
-		list($sip, $login) = explode(":", $login);
-	}
-
-	$database = new Database();
-	$db = $database->getConnection();
-	$account = new Account($db);
-	$account->username = $login;
-	$account->domain = $domain;
-
-	if ($account->getOne()) {
-		return is_activated($account->activated) ? '1' : '0';
-	}
-
-	return 0;
-}
-
-// args = [identity]
-function xmlrpc_compatibility_check_account($method, $args) {
-	// Return 1 if login is already used, else return 0
-
-	list($login, $domain) = explode("@", $args[0]);
-	if (startswith($login, "sip:")) {
-		list($sip, $login) = explode(":", $login);
-	}
-
-	$database = new Database();
-	$db = $database->getConnection();
-	$account = new Account($db);
-	$account->username = $login;
-	$account->domain = $domain;
-
-	if ($account->getOne()) {
-		return 1;
-	}
-
-	return 0;
-}
-
-// args = [identity, password, email, useragent]
-function xmlrpc_compatibility_create_account_with_useragent($method, $args) {
-	$newargs = array($args[0], $args[1], $args[2], 0, $args[3]);
-	return xmlrpc_compatibility_create_account($method, $newargs);
-}
-
-// args = [identity, password, email, newsletter, useragent?]
-function xmlrpc_compatibility_create_account($method, $args) {
-   	// Return 0 if account successfully created, else return -1
-
-	list($login, $domain) = explode("@", $args[0]);
-	if (startswith($login, "sip:")) {
-		list($sip, $login) = explode(":", $login);
-	}
-	
-	$database = new Database();
-	$db = $database->getConnection();
-	$account = new Account($db);
-	$account->username = $login;
-	$account->domain = $domain;
-
-	if ($account->getOne()) {
-		return -1;
-	}
-	
-	$account->email = $args[2];
-	$account->confirmation_key = uniqid();
-	$account->ip_address = getIp();
-	$account->$user_agent = 'linphone-wizard';
-	$account->activated = AUTO_ACTIVATE_ACCOUNT ? "1" : "0";
-	if (count($args) == 5) {
-		$account->$user_agent = $args[4];
-	}
-	$account->create();
-
-	$crypted_password = hash_password($login, $args[1], $domain, MD5);
-	$password = new Password($db);
-	$password->account_id = $account->id;
-	$password->password = $crypted_password;
-	$password->algorithm = MD5;
-	$password->create();
-	
-	if (SEND_ACTIVATION_EMAIL && EMAIL_ENABLED) {
-		send_email_with_activation_link($account->email, $account->confirmation_key, $account->username);
-	}
-	
-	return 0;
-}
-
-function xmlrpc_compatibility_register_methods($server) {
-	xmlrpc_server_register_method($server, 'check_account', 'xmlrpc_compatibility_check_account');
-	xmlrpc_server_register_method($server, 'create_account', 'xmlrpc_compatibility_create_account');
-	xmlrpc_server_register_method($server, 'check_account_validated', 'xmlrpc_compatibility_check_account_validated');
-	xmlrpc_server_register_method($server, 'create_account_with_useragent', 'xmlrpc_compatibility_create_account_with_useragent');
-}
-
-?>
\ No newline at end of file
diff --git a/src/xmlrpc/passwords.php b/src/xmlrpc/passwords.php
index f7ac0b5..9a5cb4e 100644
--- a/src/xmlrpc/passwords.php
+++ b/src/xmlrpc/passwords.php
@@ -30,14 +30,14 @@ include_once __DIR__ . '/../misc/utilities.php';
 include_once __DIR__ . '/results_values.php';
 
 // args = [username, old hash, new hash, [domain], [algo]]
-function update_password($method, $args) {
+function xmlrpc_update_password($method, $args) {
 	$username = $args[0];
 	$hashed_old_password = $args[1];
 	$hashed_new_password = $args[2];
 	$domain = get_domain($args[3]);
 	$algo = get_algo($args[4]);
 
-	Logger::getInstance()->message("[XMLRPC] update_password(" . $username . ", " . $domain . ", " . $algo . ")");
+	Logger::getInstance()->message("[XMLRPC] xmlrpc_update_password(" . $username . ", " . $domain . ", " . $algo . ")");
 
 	if (!check_parameter($username)) {
 		return MISSING_USERNAME_PARAM;
diff --git a/src/xmlrpc/xmlrpc.php b/src/xmlrpc/xmlrpc.php
index d49f665..0b26c9b 100644
--- a/src/xmlrpc/xmlrpc.php
+++ b/src/xmlrpc/xmlrpc.php
@@ -28,7 +28,6 @@ include_once __DIR__ . '/aliases.php';
 include_once __DIR__ . '/devices.php';
 include_once __DIR__ . '/passwords.php';
 include_once __DIR__ . '/user_info.php';
-include_once __DIR__ . '/compatibility.php';
 
 $request = file_get_contents("php://input");
 if (empty($request)) Logger::getInstance()->error("Request is empty");
@@ -42,32 +41,33 @@ if (USE_DIGEST_AUTH) {
 	$request_type = $xml->methodName;
 
 	$unauthenticated_requests = array(
-		// account
+		// email accounts
 		0 => 'create_email_account',
-		1 => 'create_phone_account',
-		2 => 'get_confirmation_key',
-		3 => 'activate_email_account',
-		4 => 'activate_phone_account',
-		5 => 'recover_phone_account',
-		6 => 'recover_email_account',
-		7 => 'recover_account_from_confirmation_key',
+		1 => 'create_email_md5_sha256_account',
+		2 => 'activate_email_account',
+		3 => 'recover_email_account',
+
+		// phone accounts
+		4 => 'create_phone_account',
+		5 => 'activate_phone_account',
+		6 => 'recover_phone_account',
+		7 => 'is_phone_number_used',
 		8 => 'get_phone_number_for_account',
-		9 => 'is_account_activated',
+		
+		// accounts
+		9 => 'get_confirmation_key',
+		10 => 'is_account_used',
+		11 => 'is_account_activated',
+		12 => 'recover_account_from_confirmation_key',
+		13 => 'get_accounts_count',
 	
 		// aliases
-		10 => 'is_alias_used',
+		14 => 'is_alias_used',
+		15 => 'link_phone_number_with_account',
+		16 => 'get_alias',
 	
-		// inapp
-		11 => 'check_payload_signature',
-	
-		// misc
-		12 => 'add_ec_calibration_result',
-	
-		// compatibility
-		13 => 'create_account',
-		14 => 'create_account_with_useragent',
-
-		15 => 'get_accounts_count',
+		// devices
+		17 => 'add_ec_calibration_result',
 	);
 
 	// Get authentication header if there is one
@@ -102,7 +102,6 @@ xmlrpc_aliases_register_methods($server);
 xmlrpc_devices_register_methods($server);
 xmlrpc_passwords_register_methods($server);
 xmlrpc_user_info_register_methods($server);
-xmlrpc_compatibility_register_methods($server);
 
 if (USE_IN_APP_PURCHASES) {
 	xmlrpc_inapp_register_methods($server);