From 68b0380118cc0ff4f8dc99125dce7d97b61e02f3 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Fri, 1 Nov 2019 13:03:06 +0300
Subject: add placeholder authentication via app passwords if service is passed
 forbid logins via regular passwords for services remove AUTH_DISABLE_OTP

---
 classes/api.php         | 4 ++--
 classes/auth/base.php   | 6 ++++--
 classes/iauthmodule.php | 2 +-
 3 files changed, 7 insertions(+), 5 deletions(-)

(limited to 'classes')

diff --git a/classes/api.php b/classes/api.php
index 01ea1970d..6fb87d04f 100755
--- a/classes/api.php
+++ b/classes/api.php
@@ -74,10 +74,10 @@ class API extends Handler {
 		}
 
 		if (get_pref("ENABLE_API_ACCESS", $uid)) {
-			if (authenticate_user($login, $password)) {               // try login with normal password
+			if (authenticate_user($login, $password, false,  Auth_Base::AUTH_SERVICE_API)) {               // try login with normal password
 				$this->wrap(self::STATUS_OK, array("session_id" => session_id(),
 					"api_level" => self::API_LEVEL));
-			} else if (authenticate_user($login, $password_base64)) { // else try with base64_decoded password
+			} else if (authenticate_user($login, $password_base64, false, Auth_Base::AUTH_SERVICE_API)) { // else try with base64_decoded password
 				$this->wrap(self::STATUS_OK,	array("session_id" => session_id(),
 					"api_level" => self::API_LEVEL));
 			} else {                                                         // else we are not logged in
diff --git a/classes/auth/base.php b/classes/auth/base.php
index dbc77f8cd..4cbc23589 100644
--- a/classes/auth/base.php
+++ b/classes/auth/base.php
@@ -2,6 +2,8 @@
 class Auth_Base {
 	private $pdo;
 
+	const AUTH_SERVICE_API = '_api';
+
 	function __construct() {
 		$this->pdo = Db::pdo();
 	}
@@ -9,14 +11,14 @@ class Auth_Base {
 	/**
 	 * @SuppressWarnings(unused)
 	 */
-	function check_password($owner_uid, $password) {
+	function check_password($owner_uid, $password, $service = '') {
 		return false;
 	}
 
 	/**
 	 * @SuppressWarnings(unused)
 	 */
-	function authenticate($login, $password) {
+	function authenticate($login, $password, $service = '') {
 		return false;
 	}
 
diff --git a/classes/iauthmodule.php b/classes/iauthmodule.php
index 9ec674078..2d0c98709 100644
--- a/classes/iauthmodule.php
+++ b/classes/iauthmodule.php
@@ -1,4 +1,4 @@
 <?php
 interface IAuthModule {
-	function authenticate($login, $password);
+	function authenticate($login, $password); // + optional third parameter: $service
 }
-- 
cgit v1.2.3-54-g00ecf