Enable app-specific password authentication for API login
This commit is contained in:
parent
8cdc0172e7
commit
cd257dc7e8
|
@ -236,7 +236,7 @@ function api_login(App $a)
|
|||
if ($addon_auth['authenticated'] && count($addon_auth['user_record'])) {
|
||||
$record = $addon_auth['user_record'];
|
||||
} else {
|
||||
$user_id = User::authenticate(trim($user), trim($password));
|
||||
$user_id = User::authenticate(trim($user), trim($password), true);
|
||||
if ($user_id !== false) {
|
||||
$record = DBA::selectFirst('user', [], ['uid' => $user_id]);
|
||||
}
|
||||
|
|
|
@ -17,6 +17,7 @@ use Friendica\Core\System;
|
|||
use Friendica\Core\Worker;
|
||||
use Friendica\Database\DBA;
|
||||
use Friendica\Model\Photo;
|
||||
use Friendica\Model\TwoFactor\AppSpecificPassword;
|
||||
use Friendica\Object\Image;
|
||||
use Friendica\Util\Crypto;
|
||||
use Friendica\Util\DateTimeFormat;
|
||||
|
@ -270,14 +271,15 @@ class User
|
|||
* @brief Authenticate a user with a clear text password
|
||||
* @param mixed $user_info
|
||||
* @param string $password
|
||||
* @param bool $third_party
|
||||
* @return int|boolean
|
||||
* @deprecated since version 3.6
|
||||
* @see User::getIdFromPasswordAuthentication()
|
||||
*/
|
||||
public static function authenticate($user_info, $password)
|
||||
public static function authenticate($user_info, $password, $third_party = false)
|
||||
{
|
||||
try {
|
||||
return self::getIdFromPasswordAuthentication($user_info, $password);
|
||||
return self::getIdFromPasswordAuthentication($user_info, $password, $third_party);
|
||||
} catch (Exception $ex) {
|
||||
return false;
|
||||
}
|
||||
|
@ -289,14 +291,20 @@ class User
|
|||
* @brief Authenticate a user with a clear text password
|
||||
* @param mixed $user_info
|
||||
* @param string $password
|
||||
* @param bool $third_party
|
||||
* @return int User Id if authentication is successful
|
||||
* @throws Exception
|
||||
*/
|
||||
public static function getIdFromPasswordAuthentication($user_info, $password)
|
||||
public static function getIdFromPasswordAuthentication($user_info, $password, $third_party = false)
|
||||
{
|
||||
$user = self::getAuthenticationInfo($user_info);
|
||||
|
||||
if (strpos($user['password'], '$') === false) {
|
||||
if ($third_party && PConfig::get($user['uid'], '2fa', 'verified')) {
|
||||
// Third-party apps can't verify two-factor authentication, we use app-specific passwords instead
|
||||
if (AppSpecificPassword::authenticateUser($user['uid'], $password)) {
|
||||
return $user['uid'];
|
||||
}
|
||||
} elseif (strpos($user['password'], '$') === false) {
|
||||
//Legacy hash that has not been replaced by a new hash yet
|
||||
if (self::hashPasswordLegacy($password) === $user['password']) {
|
||||
self::updatePasswordHashed($user['uid'], self::hashPassword($password));
|
||||
|
|
Loading…
Reference in a new issue