From 68b0380118cc0ff4f8dc99125dce7d97b61e02f3 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Fri, 1 Nov 2019 13:03:06 +0300
Subject: add placeholder authentication via app passwords if service is passed
 forbid logins via regular passwords for services remove AUTH_DISABLE_OTP

---
 classes/api.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'classes/api.php')

diff --git a/classes/api.php b/classes/api.php
index 01ea1970d..6fb87d04f 100755
--- a/classes/api.php
+++ b/classes/api.php
@@ -74,10 +74,10 @@ class API extends Handler {
 		}
 
 		if (get_pref("ENABLE_API_ACCESS", $uid)) {
-			if (authenticate_user($login, $password)) {               // try login with normal password
+			if (authenticate_user($login, $password, false,  Auth_Base::AUTH_SERVICE_API)) {               // try login with normal password
 				$this->wrap(self::STATUS_OK, array("session_id" => session_id(),
 					"api_level" => self::API_LEVEL));
-			} else if (authenticate_user($login, $password_base64)) { // else try with base64_decoded password
+			} else if (authenticate_user($login, $password_base64, false, Auth_Base::AUTH_SERVICE_API)) { // else try with base64_decoded password
 				$this->wrap(self::STATUS_OK,	array("session_id" => session_id(),
 					"api_level" => self::API_LEVEL));
 			} else {                                                         // else we are not logged in
-- 
cgit v1.2.3