mirrors/tt-rss
1
0
Fork 0
mirror of https://git.tt-rss.org/fox/tt-rss.git synced 2025-08-06 14:17:27 +02:00
Code Issues Projects Releases Wiki Activity

allow app passwords via auth_internal even if DISABLE_LOGIN_FORM is set

Browse Source
This commit is contained in:
Andrew Dolgov 2025-03-14 11:57:48 +03:00
parent 405cae963b
commit 1dc0c98c51
No known key found for this signature in database
GPG Key ID: 1A56B4FA25D4AF2A
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
plugins/auth_internal/init.php
View File

@ -15,9 +15,6 @@ class Auth_Internal extends Auth_Base implements IAuthModule2 {
/** @param string $service */
function authenticate($login, $password, $service = '') {
if (Config::get(Config::DISABLE_LOGIN_FORM))
return false;
$otp = (int) ($_REQUEST["otp"] ?? 0);
// don't bother with null/null logins for auth_external etc
@ -32,6 +29,9 @@ class Auth_Internal extends Auth_Base implements IAuthModule2 {
return $this->check_app_password($login, $password, $service);
}
if (Config::get(Config::DISABLE_LOGIN_FORM))
return false;
if ($otp) {
if ($this->check_password($user_id, $password) && UserHelper::check_otp($user_id, $otp))
return $user_id;
@ -117,6 +117,9 @@ class Auth_Internal extends Auth_Base implements IAuthModule2 {
return $user_id;
}
if (Config::get(Config::DISABLE_LOGIN_FORM))
return false;
if ($login) {
$user = ORM::for_table('ttrss_users')
->where_raw('LOWER(login) = LOWER(?)', [$login])