Reset auth system comes back!

It has moved to authController.

3 files changed, 102 insertions, 1 deletions

diff --git a/app/Controllers/authController.php b/app/Controllers/authController.php
index 2b67e34b8..e30fa4b72 100644
--- a/app/Controllers/authController.php
+++ b/app/Controllers/authController.php
@@ -179,4 +179,72 @@ class FreshRSS_auth_Controller extends Minz_ActionController {
 		Minz_Request::good(_t('disconnected'),
 		                   array('c' => 'index', 'a' => 'index'));
 	}
+
+	/**
+	 * This action resets the authentication system.
+	 *
+	 * After reseting, form auth is set by default.
+	 */
+	public function resetAction() {
+		Minz_View::prependTitle(_t('auth_reset') . ' · ');
+
+		Minz_View::appendScript(Minz_Url::display(
+			'/scripts/bcrypt.min.js?' . @filemtime(PUBLIC_PATH . '/scripts/bcrypt.min.js')
+		));
+
+		$this->view->no_form = false;
+		// Enable changement of auth only if Persona!
+		if (Minz_Configuration::authType() != 'persona') {
+			$this->view->message = array(
+				'status' => 'bad',
+				'title' => _t('damn'),
+				'body' => _t('auth_not_persona')
+			);
+			$this->view->no_form = true;
+			return;
+		}
+
+		$conf = new FreshRSS_Configuration(Minz_Configuration::defaultUser());
+		// Admin user must have set its master password.
+		if (!$conf->passwordHash) {
+			$this->view->message = array(
+				'status' => 'bad',
+				'title' => _t('damn'),
+				'body' => _t('auth_no_password_set')
+			);
+			$this->view->no_form = true;
+			return;
+		}
+
+		invalidateHttpCache();
+
+		if (Minz_Request::isPost()) {
+			$nonce = Minz_Session::param('nonce');
+			$username = Minz_Request::param('username', '');
+			$challenge = Minz_Request::param('challenge', '');
+
+			$ok = FreshRSS_FormAuth::checkCredentials(
+				$username, $conf->passwordHash, $nonce, $challenge
+			);
+
+			if ($ok) {
+				Minz_Configuration::_authType('form');
+				$ok = Minz_Configuration::writeFile();
+
+				if ($ok) {
+					Minz_Request::good(_t('auth_form_set'));
+				} else {
+					Minz_Request::bad(_t('auth_form_not_set'),
+				                      array('c' => 'auth', 'a' => 'reset'));
+				}
+			} else {
+				Minz_Log::warning('Password mismatch for' .
+				                  ' user=' . $username .
+				                  ', nonce=' . $nonce .
+				                  ', c=' . $challenge);
+				Minz_Request::bad(_t('invalid_login'),
+				                  array('c' => 'auth', 'a' => 'reset'));
+			}
+		}
+	}
 }
diff --git a/app/views/auth/personaLogin.phtml b/app/views/auth/personaLogin.phtml
index d62fe5818..dd3e22b52 100644
--- a/app/views/auth/personaLogin.phtml
+++ b/app/views/auth/personaLogin.phtml
@@ -11,7 +11,7 @@
 
 		<?php echo _i('help'); ?>
 		<small>
-			<a href="<?php echo _url('auth', 'resetAuth'); ?>"><?php echo _t('login_persona_problem'); ?></a>
+			<a href="<?php echo _url('auth', 'reset'); ?>"><?php echo _t('login_persona_problem'); ?></a>
 		</small>
 	</p>
 
diff --git a/app/views/auth/reset.phtml b/app/views/auth/reset.phtml
new file mode 100644
index 000000000..e501555c4
--- /dev/null
+++ b/app/views/auth/reset.phtml
@@ -0,0 +1,33 @@
+<div class="prompt">
+	<h1><?php echo _t('auth_reset'); ?></h1>
+
+	<?php if (!empty($this->message)) { ?>
+	<p class="alert <?php echo $this->message['status'] === 'bad' ? 'alert-error' : 'alert-warn'; ?>">
+		<span class="alert-head"><?php echo $this->message['title']; ?></span><br />
+		<?php echo $this->message['body']; ?>
+	</p>
+	<?php } ?>
+
+	<?php if (!$this->no_form) { ?>
+	<form id="crypto-form" method="post" action="<?php echo _url('auth', 'reset'); ?>">
+		<p class="alert alert-warn">
+			<span class="alert-head"><?php echo _t('attention'); ?></span><br />
+			<?php echo _t('auth_will_reset'); ?>
+		</p>
+
+		<div>
+			<label for="username"><?php echo _t('username_admin'); ?></label>
+			<input type="text" id="username" name="username" size="16" required="required" maxlength="16" pattern="[0-9a-zA-Z]{1,16}" autofocus="autofocus" />
+		</div>
+		<div>
+			<label for="passwordPlain"><?php echo _t('password'); ?></label>
+				<input type="password" id="passwordPlain" required="required" />
+				<input type="hidden" id="challenge" name="challenge" /><br />
+				<noscript><strong><?php echo _t('javascript_should_be_activated'); ?></strong></noscript>
+		</div>
+		<div>
+			<button id="loginButton" type="submit" class="btn btn-important"><?php echo _t('submit'); ?></button>
+		</div>
+	</form>
+	<?php } ?>
+</div>