Business/AccountHub
2
0
Fork 2
Code Issues 3 Pull Requests Releases 3 Wiki Activity

Check for apppass option in login api

Browse Source
This commit is contained in:
Skylar Ittner 2019-02-11 16:10:09 -07:00
parent 22fb97d0c4
commit 04702f6090
2 changed files with 13 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
api/actions/login.php
View File

@ -8,7 +8,17 @@
engageRateLimit(); engageRateLimit();
$user = User::byUsername($VARS['username']); $user = User::byUsername($VARS['username']);
if ((!$user->has2fa() && $user->checkPassword($VARS['password'])) || $user->checkAppPassword($VARS['password'])) {
$ok = false;
if (empty($VARS['apppass']) && ($user->checkPassword($VARS['password']) || $user->checkAppPassword($VARS['password']))) {
$ok = true;
} else {
if ((!$user->has2fa() && $user->checkPassword($VARS['password'])) || $user->checkAppPassword($VARS['password'])) {
$ok = true;
}
}
if ($ok) {
switch ($user->getStatus()->getString()) { switch ($user->getStatus()->getString()) {
case "LOCKED_OR_DISABLED": case "LOCKED_OR_DISABLED":
Log::insert(LogType::API_LOGIN_FAILED, $uid, "Username: " . strtolower($VARS['username']) . ", Key: " . getCensoredKey()); Log::insert(LogType::API_LOGIN_FAILED, $uid, "Username: " . strtolower($VARS['username']) . ", Key: " . getCensoredKey());

3
api/apisettings.php
View File

@ -70,7 +70,8 @@ $APIS = [
"load" => "login.php", "load" => "login.php",
"vars" => [ "vars" => [
"username" => "string", "username" => "string",
"password" => "string" "password" => "string",
"apppass (optional)" => "/[0-1]/"
], ],
"keytype" => "AUTH" "keytype" => "AUTH"
], ],