Check for apppass option in login api

5 years ago · 04702f6090
parent 22fb97d0c4
commit 04702f6090
2 changed files with 13 additions and 2 deletions
--- a/api/actions/login.php
+++ b/api/actions/login.php
@ -8,7 +8,17 @@

 engageRateLimit();
 $user = User::byUsername($VARS['username']);
-if ((!$user->has2fa() && $user->checkPassword($VARS['password'])) || $user->checkAppPassword($VARS['password'])) {
+
+$ok = false;
+if (empty($VARS['apppass']) && ($user->checkPassword($VARS['password']) || $user->checkAppPassword($VARS['password']))) {
+    $ok = true;
+} else {
+    if ((!$user->has2fa() && $user->checkPassword($VARS['password'])) || $user->checkAppPassword($VARS['password'])) {
+        $ok = true;
+    }
+}
+
+if ($ok) {
    switch ($user->getStatus()->getString()) {
        case "LOCKED_OR_DISABLED":
            Log::insert(LogType::API_LOGIN_FAILED, $uid, "Username: " . strtolower($VARS['username']) . ", Key: " . getCensoredKey());
--- a/api/apisettings.php
+++ b/api/apisettings.php
@ -70,7 +70,8 @@ $APIS = [
        "load" => "login.php",
        "vars" => [
            "username" => "string",
-            "password" => "string"
+            "password" => "string",
+            "apppass (optional)" => "/[0-1]/"
        ],
        "keytype" => "AUTH"
    ],