diff options
| author | Andrew Dolgov <[email protected]> | 2019-11-01 13:03:06 +0300 |
|---|---|---|
| committer | Andrew Dolgov <[email protected]> | 2019-11-01 13:03:06 +0300 |
| commit | 68b0380118cc0ff4f8dc99125dce7d97b61e02f3 (patch) | |
| tree | baa17c8bceedb81e96269130be59b4543799bfe1 /classes/api.php | |
| parent | 88cd9e586e2e0d0ccea745018ba2f9a91e04ec93 (diff) | |
add placeholder authentication via app passwords if service is passed
forbid logins via regular passwords for services
remove AUTH_DISABLE_OTP
Diffstat (limited to 'classes/api.php')
| -rwxr-xr-x | classes/api.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/classes/api.php b/classes/api.php index 01ea1970d..6fb87d04f 100755 --- a/classes/api.php +++ b/classes/api.php @@ -74,10 +74,10 @@ class API extends Handler { } if (get_pref("ENABLE_API_ACCESS", $uid)) { - if (authenticate_user($login, $password)) { // try login with normal password + if (authenticate_user($login, $password, false, Auth_Base::AUTH_SERVICE_API)) { // try login with normal password $this->wrap(self::STATUS_OK, array("session_id" => session_id(), "api_level" => self::API_LEVEL)); - } else if (authenticate_user($login, $password_base64)) { // else try with base64_decoded password + } else if (authenticate_user($login, $password_base64, false, Auth_Base::AUTH_SERVICE_API)) { // else try with base64_decoded password $this->wrap(self::STATUS_OK, array("session_id" => session_id(), "api_level" => self::API_LEVEL)); } else { // else we are not logged in |