Business
/
NickelBox
2
0
Fork 0
Code Issues 7 Pull Requests Releases Wiki Activity

Enforce app passwords in API for users with two-factor enabled

Browse Source
master
Skylar Ittner 5 years ago
parent 7d30251cd6
commit 3ca062d995
2 changed files with 17 additions and 17 deletions
Show Stats Download Patch File Download Diff File

28
api/functions.php
Unescape Escape View File

@ -55,24 +55,22 @@ function authenticate(): bool {
global $VARS; global $VARS;
// HTTP basic auth // HTTP basic auth
if (!empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_PW'])) { if (!empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_PW'])) {
$user = User::byUsername($_SERVER['PHP_AUTH_USER']); $username = $_SERVER['PHP_AUTH_USER'];
if (!$user->checkPassword($_SERVER['PHP_AUTH_PW'])) { $password = $_SERVER['PHP_AUTH_PW'];
return false; } else if (!empty($VARS['username']) && !empty($VARS['password'])) {
}
return true;
}
// Form auth
if (empty($VARS['username']) || empty($VARS['password'])) {
return false;
} else {
$username = $VARS['username']; $username = $VARS['username'];
$password = $VARS['password']; $password = $VARS['password'];
$user = User::byUsername($username); } else {
if ($user->exists() !== true || Login::auth($username, $password) !== Login::LOGIN_OK) { return false;
return false; }
} $user = User::byUsername($username);
if (!$user->exists()) {
return false;
}
if ($user->checkPassword($password, true)) {
return true;
} }
return true; return false;
} }
/** /**

6
lib/User.lib.php
Unescape Escape View File

@ -88,10 +88,11 @@ class User {
/** /**
* Check the given plaintext password against the stored hash. * Check the given plaintext password against the stored hash.
* @param string $password * @param string $password
* @param bool $apppass Set to true to enforce app passwords when 2fa is on.
* @return bool * @return bool
*/ */
function checkPassword(string $password): bool { function checkPassword(string $password, bool $apppass = false): bool {
$resp = AccountHubApi::get("auth", ['username' => $this->username, 'password' => $password]); $resp = AccountHubApi::get("auth", ['username' => $this->username, 'password' => $password, 'apppass' => ($apppass ? "1" : "0")]);
if ($resp['status'] == "OK") { if ($resp['status'] == "OK") {
return true; return true;
} else { } else {
@ -99,6 +100,7 @@ class User {
} }
} }
function check2fa(string $code): bool { function check2fa(string $code): bool {
if (!$this->has2fa) { if (!$this->has2fa) {
return true; return true;

Write Preview
Loading…
Cancel
Save