diff options
| author | Andrew Dolgov <[email protected]> | 2019-11-01 13:03:06 +0300 |
|---|---|---|
| committer | Andrew Dolgov <[email protected]> | 2019-11-01 13:03:06 +0300 |
| commit | 68b0380118cc0ff4f8dc99125dce7d97b61e02f3 (patch) | |
| tree | baa17c8bceedb81e96269130be59b4543799bfe1 /classes | |
| parent | 88cd9e586e2e0d0ccea745018ba2f9a91e04ec93 (diff) | |
add placeholder authentication via app passwords if service is passed
forbid logins via regular passwords for services
remove AUTH_DISABLE_OTP
Diffstat (limited to 'classes')
| -rwxr-xr-x | classes/api.php | 4 | ||||
| -rw-r--r-- | classes/auth/base.php | 6 | ||||
| -rw-r--r-- | classes/iauthmodule.php | 2 |
3 files changed, 7 insertions, 5 deletions
diff --git a/classes/api.php b/classes/api.php index 01ea1970d..6fb87d04f 100755 --- a/classes/api.php +++ b/classes/api.php @@ -74,10 +74,10 @@ class API extends Handler { } if (get_pref("ENABLE_API_ACCESS", $uid)) { - if (authenticate_user($login, $password)) { // try login with normal password + if (authenticate_user($login, $password, false, Auth_Base::AUTH_SERVICE_API)) { // try login with normal password $this->wrap(self::STATUS_OK, array("session_id" => session_id(), "api_level" => self::API_LEVEL)); - } else if (authenticate_user($login, $password_base64)) { // else try with base64_decoded password + } else if (authenticate_user($login, $password_base64, false, Auth_Base::AUTH_SERVICE_API)) { // else try with base64_decoded password $this->wrap(self::STATUS_OK, array("session_id" => session_id(), "api_level" => self::API_LEVEL)); } else { // else we are not logged in diff --git a/classes/auth/base.php b/classes/auth/base.php index dbc77f8cd..4cbc23589 100644 --- a/classes/auth/base.php +++ b/classes/auth/base.php @@ -2,6 +2,8 @@ class Auth_Base { private $pdo; + const AUTH_SERVICE_API = '_api'; + function __construct() { $this->pdo = Db::pdo(); } @@ -9,14 +11,14 @@ class Auth_Base { /** * @SuppressWarnings(unused) */ - function check_password($owner_uid, $password) { + function check_password($owner_uid, $password, $service = '') { return false; } /** * @SuppressWarnings(unused) */ - function authenticate($login, $password) { + function authenticate($login, $password, $service = '') { return false; } diff --git a/classes/iauthmodule.php b/classes/iauthmodule.php index 9ec674078..2d0c98709 100644 --- a/classes/iauthmodule.php +++ b/classes/iauthmodule.php @@ -1,4 +1,4 @@ <?php interface IAuthModule { - function authenticate($login, $password); + function authenticate($login, $password); // + optional third parameter: $service } |