public/tt-rss
1
0
Fork 0
mirror of https://git.tt-rss.org/git/tt-rss.git synced 2025-12-25 07:21:30 +00:00
Code Issues Releases Wiki Activity

add placeholder authentication via app passwords if service is passed

Browse Source 
forbid logins via regular passwords for services
remove AUTH_DISABLE_OTP
This commit is contained in:
Andrew Dolgov
2019-11-01 13:03:06 +03:00
parent 88cd9e586e
commit 68b0380118
6 changed files with 160 additions and 143 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
classes/api.php
View File

@@ -74,10 +74,10 @@ class API extends Handler {
}
if (get_pref("ENABLE_API_ACCESS", $uid)) {
if (authenticate_user($login, $password)) { // try login with normal password
if (authenticate_user($login, $password, false, Auth_Base::AUTH_SERVICE_API)) { // try login with normal password
$this->wrap(self::STATUS_OK, array("session_id" => session_id(),
"api_level" => self::API_LEVEL));
} else if (authenticate_user($login, $password_base64)) { // else try with base64_decoded password
} else if (authenticate_user($login, $password_base64, false, Auth_Base::AUTH_SERVICE_API)) { // else try with base64_decoded password
$this->wrap(self::STATUS_OK, array("session_id" => session_id(),
"api_level" => self::API_LEVEL));
} else { // else we are not logged in