|
|
|
@ -18,14 +18,13 @@ class Auth_Internal extends Plugin implements IAuthModule {
|
|
|
|
|
$host->add_hook($host::HOOK_AUTH_USER, $this);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function authenticate($login, $password) {
|
|
|
|
|
function authenticate($login, $password, $service = '') {
|
|
|
|
|
|
|
|
|
|
$pwd_hash1 = encrypt_password($password);
|
|
|
|
|
$pwd_hash2 = encrypt_password($password, $login);
|
|
|
|
|
$otp = $_REQUEST["otp"];
|
|
|
|
|
|
|
|
|
|
if (get_schema_version() > 96) {
|
|
|
|
|
if (!defined('AUTH_DISABLE_OTP') || !AUTH_DISABLE_OTP) {
|
|
|
|
|
|
|
|
|
|
$sth = $this->pdo->prepare("SELECT otp_enabled,salt FROM ttrss_users WHERE
|
|
|
|
|
login = ?");
|
|
|
|
@ -42,6 +41,12 @@ class Auth_Internal extends Plugin implements IAuthModule {
|
|
|
|
|
$otp_check = $topt->now();
|
|
|
|
|
|
|
|
|
|
if ($otp_enabled) {
|
|
|
|
|
|
|
|
|
|
// only allow app password checking if OTP is enabled
|
|
|
|
|
if ($service && get_schema_version() > 138) {
|
|
|
|
|
return $this->check_app_password($login, $password, $service);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ($otp) {
|
|
|
|
|
if ($otp != $otp_check) {
|
|
|
|
|
return false;
|
|
|
|
@ -83,6 +88,15 @@ class Auth_Internal extends Plugin implements IAuthModule {
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// check app passwords first but allow regular password as a fallback for the time being
|
|
|
|
|
// if OTP is not enabled
|
|
|
|
|
|
|
|
|
|
if ($service && get_schema_version() > 138) {
|
|
|
|
|
$user_id = $this->check_app_password($login, $password, $service);
|
|
|
|
|
|
|
|
|
|
if ($user_id)
|
|
|
|
|
return $user_id;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (get_schema_version() > 87) {
|
|
|
|
@ -162,7 +176,7 @@ class Auth_Internal extends Plugin implements IAuthModule {
|
|
|
|
|
|
|
|
|
|
function check_password($owner_uid, $password) {
|
|
|
|
|
|
|
|
|
|
$sth = $this->pdo->prepare("SELECT salt,login FROM ttrss_users WHERE
|
|
|
|
|
$sth = $this->pdo->prepare("SELECT salt,login,otp_enabled FROM ttrss_users WHERE
|
|
|
|
|
id = ?");
|
|
|
|
|
$sth->execute([$owner_uid]);
|
|
|
|
|
|
|
|
|
@ -243,9 +257,12 @@ class Auth_Internal extends Plugin implements IAuthModule {
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private function check_app_password($login, $password, $service) {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function api_version() {
|
|
|
|
|
return 2;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
?>
|
|
|
|
|