From 249130e58ddd20c5ad937f75e0e6cf3e4f6792a3 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Fri, 1 Nov 2019 15:03:57 +0300
Subject: implement app password checking / management UI

---
 plugins/auth_internal/init.php | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

(limited to 'plugins/auth_internal')

diff --git a/plugins/auth_internal/init.php b/plugins/auth_internal/init.php
index 576f8ef05..a374c0948 100644
--- a/plugins/auth_internal/init.php
+++ b/plugins/auth_internal/init.php
@@ -258,6 +258,28 @@
 		}
 
 		private function check_app_password($login, $password, $service) {
+			$sth = $this->pdo->prepare("SELECT p.id, p.pwd_hash, u.id AS uid 
+				FROM ttrss_app_passwords p, ttrss_users u 
+				WHERE p.owner_uid = u.id AND u.login = ? AND service = ?");
+			$sth->execute([$login, $service]);
+
+			while ($row = $sth->fetch()) {
+				list ($algo, $hash, $salt) = explode(":", $row["pwd_hash"]);
+
+				if ($algo == "SSHA-512") {
+					$test_hash = hash('sha512', $salt . $password);
+
+					if ($test_hash == $hash) {
+						$usth = $this->pdo->prepare("UPDATE ttrss_app_passwords SET last_used = NOW() WHERE id = ?");
+						$usth->execute([$row['id']]);
+
+						return $row['uid'];
+					}
+				} else {
+					user_error("Got unknown algo of app password for user $login: $algo");
+				}
+			}
+
 			return false;
 		}
 
-- 
cgit v1.2.3