diff options
| author |  Inverle <inverle@proton.me>
| 2025-12-04 20:10:20 +0100 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2025-12-04 20:10:20 +0100 |
| commit | 6d2bb24b3772a7b839d6911c1e1fe27151d29bfa (patch) | |
| tree | d9a4171134bc76ff6548100863f13163c55520b8 /app | |
| parent | 5e9c3617cac1e3eac246e2ae7df6f4b71c33d37c (diff) | |
Move unsafe autologin to an extension (#7958)
Completes the following TODO https://github.com/FreshRSS/FreshRSS/issues/7923:
https://github.com/FreshRSS/FreshRSS/blob/de624dc8ce63ec819c61216d9d44f828841c293e/app/Controllers/authController.php#L105
Extension PR: https://github.com/FreshRSS/Extensions/pull/364
https://github.com/FreshRSS/Extensions/tree/main/xExtension-UnsafeAutologin
Diffstat (limited to 'app')
31 files changed, 1 insertions, 89 deletions
diff --git a/app/Controllers/authController.php b/app/Controllers/authController.php index 61f4f5aaf..a8938228a 100644 --- a/app/Controllers/authController.php +++ b/app/Controllers/authController.php @@ -13,7 +13,6 @@ class FreshRSS_auth_Controller extends FreshRSS_ActionController { * - anon_access (default: false) * - anon_refresh (default: false) * - auth_type (default: none) - * - unsafe_autologin (default: false) * - api_enabled (default: false) */ public function indexAction(): void { @@ -33,12 +32,10 @@ class FreshRSS_auth_Controller extends FreshRSS_ActionController { $anon = Minz_Request::paramBoolean('anon_access'); $anon_refresh = Minz_Request::paramBoolean('anon_refresh'); $auth_type = Minz_Request::paramString('auth_type') ?: 'form'; - $unsafe_autologin = Minz_Request::paramBoolean('unsafe_autologin'); $api_enabled = Minz_Request::paramBoolean('api_enabled'); if ($anon !== FreshRSS_Context::systemConf()->allow_anonymous || $auth_type !== FreshRSS_Context::systemConf()->auth_type || $anon_refresh !== FreshRSS_Context::systemConf()->allow_anonymous_refresh || - $unsafe_autologin !== FreshRSS_Context::systemConf()->unsafe_autologin_enabled || $api_enabled !== FreshRSS_Context::systemConf()->api_enabled) { if (in_array($auth_type, ['form', 'http_auth', 'none'], true)) { FreshRSS_Context::systemConf()->auth_type = $auth_type; @@ -47,7 +44,6 @@ class FreshRSS_auth_Controller extends FreshRSS_ActionController { } FreshRSS_Context::systemConf()->allow_anonymous = $anon; FreshRSS_Context::systemConf()->allow_anonymous_refresh = $anon_refresh; - FreshRSS_Context::systemConf()->unsafe_autologin_enabled = $unsafe_autologin; FreshRSS_Context::systemConf()->api_enabled = $api_enabled; $ok &= FreshRSS_Context::systemConf()->save(); @@ -74,7 +70,7 @@ class FreshRSS_auth_Controller extends FreshRSS_ActionController { * the user is already connected. */ public function loginAction(): void { - if (FreshRSS_Auth::hasAccess() && !(FreshRSS_Context::systemConf()->unsafe_autologin_enabled && Minz_Request::paramString('u') !== '')) { + if (FreshRSS_Auth::hasAccess()) { Minz_Request::forward(['c' => 'index', 'a' => 'index'], true); } @@ -106,7 +102,6 @@ class FreshRSS_auth_Controller extends FreshRSS_ActionController { * - challenge (default: '') * - keep_logged_in (default: false) * - * @todo move unsafe autologin in an extension. * @throws Exception */ public function formLoginAction(): void { @@ -192,48 +187,6 @@ class FreshRSS_auth_Controller extends FreshRSS_ActionController { Minz_Request::setBadNotification(_t('feedback.auth.login.invalid')); Minz_Request::forward(['c' => 'auth', 'a' => 'login'], false); } - } elseif (FreshRSS_Context::systemConf()->unsafe_autologin_enabled) { - $username = Minz_Request::paramString('u', plaintext: true); - $password = Minz_Request::paramString('p', plaintext: true); - Minz_Request::_param('p'); - - if ($username === '') { - return; - } - - FreshRSS_FormAuth::deleteCookie(); - - FreshRSS_Context::initUser($username); - if (!FreshRSS_Context::hasUserConf()) { - return; - } - - $s = FreshRSS_Context::userConf()->passwordHash; - $ok = password_verify($password, $s); - unset($password); - if ($ok) { - Minz_Session::regenerateID('FreshRSS'); - Minz_Session::_params([ - Minz_User::CURRENT_USER => $username, - 'passwordHash' => $s, - 'csrf' => false, - ]); - FreshRSS_Auth::giveAccess(); - - Minz_Translate::init(FreshRSS_Context::userConf()->language); - - Minz_Request::good( - _t('feedback.auth.login.success'), - ['c' => 'index', 'a' => 'index'], - showNotification: FreshRSS_Context::userConf()->good_notification_timeout > 0 - ); - } else { - Minz_Log::warning('Unsafe password mismatch for user ' . $username); - Minz_Request::bad( - _t('feedback.auth.login.invalid'), - ['c' => 'auth', 'a' => 'login'] - ); - } } } diff --git a/app/Models/SystemConfiguration.php b/app/Models/SystemConfiguration.php index d5dd0f0d6..a11142f80 100644 --- a/app/Models/SystemConfiguration.php +++ b/app/Models/SystemConfiguration.php @@ -26,7 +26,6 @@ declare(strict_types=1); * @property-read bool $pubsubhubbub_enabled * @property-read string $salt * @property-read bool $simplepie_syslog_enabled - * @property bool $unsafe_autologin_enabled * @property-read bool $suppress_csp_warning * @property array<string> $trusted_sources * @property array<string,array<string,mixed>> $extensions diff --git a/app/Models/UserConfiguration.php b/app/Models/UserConfiguration.php index d98d85fe3..644b27bab 100644 --- a/app/Models/UserConfiguration.php +++ b/app/Models/UserConfiguration.php @@ -75,7 +75,6 @@ declare(strict_types=1); * @property string $topline_thumbnail * @property int $ttl_default * @property int $dynamic_opml_ttl_default - * @property-read bool $unsafe_autologin_enabled * @property string $view_mode * @property array<string,bool|int|string> $volatile * @property array<string,array<string,mixed>> $extensions diff --git a/app/i18n/cs/admin.php b/app/i18n/cs/admin.php index ca71625d1..5c0a55596 100644 --- a/app/i18n/cs/admin.php +++ b/app/i18n/cs/admin.php @@ -22,7 +22,6 @@ return array( 'token' => 'Hlavní ověřovací token', 'token_help' => 'Umožňuje přístup ke všem výstupům RSS uživatele i obnovování kanálů bez ověřování:', 'type' => 'Metoda ověřování', - 'unsafe_autologin' => 'Povolit nebezpečné automatické přihlášení pomocí formátu: ', ), 'check_install' => array( 'cache' => array( diff --git a/app/i18n/de/admin.php b/app/i18n/de/admin.php index 081cd9dd9..b988307f3 100644 --- a/app/i18n/de/admin.php +++ b/app/i18n/de/admin.php @@ -22,7 +22,6 @@ return array( 'token' => 'Master-Authentifizierungs-Token', 'token_help' => 'Zugriff auf alle vom Nutzer erstellten RSS-Feeds freigeben (inkl. Aktualisierung ohne Authenthentifizierung):', 'type' => 'Authentifizierungsmethode', - 'unsafe_autologin' => 'Erlaube unsicheres automatisches Anmelden mit folgendem Format: ', ), 'check_install' => array( 'cache' => array( diff --git a/app/i18n/el/admin.php b/app/i18n/el/admin.php index a9b1bd6bb..9773bba63 100644 --- a/app/i18n/el/admin.php +++ b/app/i18n/el/admin.php @@ -22,7 +22,6 @@ return array( 'token' => 'Master authentication token', // TODO 'token_help' => 'Allows access to all RSS outputs of the user as well as refreshing feeds without authentication:', // TODO 'type' => 'Μέθοδος Πιστοποίησης', - 'unsafe_autologin' => 'Επιτρέψτε την μη ασφαλή αυτόματη σύνδεση με την χρήση της μορφής: ', ), 'check_install' => array( 'cache' => array( diff --git a/app/i18n/en-US/admin.php b/app/i18n/en-US/admin.php index 30aa5a0e8..a5d79523b 100644 --- a/app/i18n/en-US/admin.php +++ b/app/i18n/en-US/admin.php @@ -22,7 +22,6 @@ return array( 'token' => 'Master authentication token', // IGNORE 'token_help' => 'Allows access to all RSS outputs of the user as well as refreshing feeds without authentication:', // IGNORE 'type' => 'Authentication method', // IGNORE - 'unsafe_autologin' => 'Allow unsafe automatic login using the format: ', // IGNORE ), 'check_install' => array( 'cache' => array( diff --git a/app/i18n/en/admin.php b/app/i18n/en/admin.php index e5fa4245a..20e8e355a 100644 --- a/app/i18n/en/admin.php +++ b/app/i18n/en/admin.php @@ -22,7 +22,6 @@ return array( 'token' => 'Master authentication token', 'token_help' => 'Allows access to all RSS outputs of the user as well as refreshing feeds without authentication:', 'type' => 'Authentication method', - 'unsafe_autologin' => 'Allow unsafe automatic login using the format: ', ), 'check_install' => array( 'cache' => array( diff --git a/app/i18n/es/admin.php b/app/i18n/es/admin.php index 7ef5a6d32..f6e2d5028 100644 --- a/app/i18n/es/admin.php +++ b/app/i18n/es/admin.php @@ -22,7 +22,6 @@ return array( 'token' => 'Token de autentificación Master', 'token_help' => 'Permite el acceso a todas las salidas RSS del usuario así como la actualización de fuentes sin autenticación:', 'type' => 'Método de identificación', - 'unsafe_autologin' => 'Permite la identificación automática insegura usando el formato: ', ), 'check_install' => array( 'cache' => array( diff --git a/app/i18n/fa/admin.php b/app/i18n/fa/admin.php index 47aac7077..070389965 100644 --- a/app/i18n/fa/admin.php +++ b/app/i18n/fa/admin.php @@ -22,7 +22,6 @@ return array( 'token' => 'به نوعی دارایی دیجیتال اشاره دارد که از ویژگی حفظ ارزش و انتقال به دیگران برخوردار است. توکن ابزار دیجیتالی است که بر روی بلاک چین رمزگذاری میشود. میتوان گفت که توکن همان ارزدیجیتال با ویژگیهای منحصر به فرد است.', 'token_help' => 'اجازه دسترسی به تمام خروجی های ار اس اس کاربر و همچنین به روزرسانی فید ها را بدون احراز هویت می دهد', 'type' => ' روش احراز هویت', - 'unsafe_autologin' => ' اجازه ورود خودکار ناامن را با استفاده از قالب:', ), 'check_install' => array( 'cache' => array( diff --git a/app/i18n/fi/admin.php b/app/i18n/fi/admin.php index 0e05c6357..19ca5bd62 100644 --- a/app/i18n/fi/admin.php +++ b/app/i18n/fi/admin.php @@ -22,7 +22,6 @@ return array( 'token' => 'Todentamisen päätunnisteväline', 'token_help' => 'Sallii käyttäjän kaikkien RSS-tulosteiden käyttämisen sekä syötteiden päivityksen ilman todennusta:', 'type' => 'Todentamismenetelmä', - 'unsafe_autologin' => 'Salli suojaamaton automaattinen sisäänkirjaus: ', ), 'check_install' => array( 'cache' => array( diff --git a/app/i18n/fr/admin.php b/app/i18n/fr/admin.php index 47c4c55d7..c389ee846 100644 --- a/app/i18n/fr/admin.php +++ b/app/i18n/fr/admin.php @@ -22,7 +22,6 @@ return array( 'token' => 'Jeton d’identification maître', 'token_help' => 'Permet d’accéder à toutes les sorties RSS de l’utilisateur et au rafraîchissement des flux sans besoin de s’authentifier :', 'type' => 'Méthode d’authentification', - 'unsafe_autologin' => 'Autoriser les connexions automatiques non-sûres au format : ', ), 'check_install' => array( 'cache' => array( diff --git a/app/i18n/he/admin.php b/app/i18n/he/admin.php index c1f526967..1c4db255f 100644 --- a/app/i18n/he/admin.php +++ b/app/i18n/he/admin.php @@ -22,7 +22,6 @@ return array( 'token' => 'Master authentication token', // TODO 'token_help' => 'Allows access to all RSS outputs of the user as well as refreshing feeds without authentication:', // TODO 'type' => 'שיטת אימות', - 'unsafe_autologin' => 'הרשאה להתחברות אוטומטית בפורמט: ', ), 'check_install' => array( 'cache' => array( diff --git a/app/i18n/hu/admin.php b/app/i18n/hu/admin.php index 902db64cd..9fd3493b0 100644 --- a/app/i18n/hu/admin.php +++ b/app/i18n/hu/admin.php @@ -22,7 +22,6 @@ return array( 'token' => 'Fő hitelesítési token', 'token_help' => 'Lehetővé teszi a hozzáférést a felhasználó összes RSS-kimenetéhez, valamint a hírfolyamok frissítéséhez hitelesítés nélkül:', 'type' => 'Hitelesítési módszer', - 'unsafe_autologin' => 'Engedélyezze a nem biztonságos automata bejelentkezést a következő formátummal: ', ), 'check_install' => array( 'cache' => array( diff --git a/app/i18n/id/admin.php b/app/i18n/id/admin.php index 78f6dcf5d..29316b99d 100644 --- a/app/i18n/id/admin.php +++ b/app/i18n/id/admin.php @@ -22,7 +22,6 @@ return array( 'token' => 'Token autentikasi utama', 'token_help' => 'Mengizinkan akses ke semua RSS pengguna serta menyegarkan umpan tanpa autentikasi:', 'type' => 'Metode autentikasi', - 'unsafe_autologin' => 'Izinkan masuk otomatis tidak aman menggunakan format: ', ), 'check_install' => array( 'cache' => array( diff --git a/app/i18n/it/admin.php b/app/i18n/it/admin.php index 5c873fa22..db692736b 100644 --- a/app/i18n/it/admin.php +++ b/app/i18n/it/admin.php @@ -22,7 +22,6 @@ return array( 'token' => 'Token di autenticazione principale', 'token_help' => 'Consente l’accesso a tutti gli output RSS dell’utente e di aggiornare i feed senza autenticazione:', 'type' => 'Metodo di autenticazione', - 'unsafe_autologin' => 'Consenti accesso automatico non sicuro usando il formato: ', ), 'check_install' => array( 'cache' => array( diff --git a/app/i18n/ja/admin.php b/app/i18n/ja/admin.php index f3a462804..3684364e3 100644 --- a/app/i18n/ja/admin.php +++ b/app/i18n/ja/admin.php @@ -22,7 +22,6 @@ return array( 'token' => 'マスター認証用のトークン', 'token_help' => 'ユーザーのすべての RSS 出力へのアクセスと、認証なしのフィードの更新を許可します', 'type' => '認証メソッド', - 'unsafe_autologin' => '危険な自動ログインを有効にします', ), 'check_install' => array( 'cache' => array( diff --git a/app/i18n/ko/admin.php b/app/i18n/ko/admin.php index 434e401ff..eec835f5a 100644 --- a/app/i18n/ko/admin.php +++ b/app/i18n/ko/admin.php @@ -22,7 +22,6 @@ return array( 'token' => '마스터 인증 토큰', 'token_help' => '인증 없이 사용자의 모든 RSS 내용과 피드 새로고침 권한을 허용합니다.:', 'type' => '인증', - 'unsafe_autologin' => '다음과 같은 안전하지 않은 방식의 로그인을 허가합니다: ', ), 'check_install' => array( 'cache' => array( diff --git a/app/i18n/lv/admin.php b/app/i18n/lv/admin.php index 544911cc1..9bf3e1a67 100644 --- a/app/i18n/lv/admin.php +++ b/app/i18n/lv/admin.php @@ -22,7 +22,6 @@ return array( 'token' => 'Master authentication token', // TODO 'token_help' => 'Allows access to all RSS outputs of the user as well as refreshing feeds without authentication:', // TODO 'type' => 'Autentifikācijas metode', - 'unsafe_autologin' => 'Atļaut nedrošu automātisku pieteikšanos, izmantojot formātu: ', ), 'check_install' => array( 'cache' => array( diff --git a/app/i18n/nl/admin.php b/app/i18n/nl/admin.php index b80169c97..c4cf203df 100644 --- a/app/i18n/nl/admin.php +++ b/app/i18n/nl/admin.php @@ -22,7 +22,6 @@ return array( 'token' => 'Hoofdauthenticatietoken', 'token_help' => 'Geeft toegang tot alle RSS-uitvoer van de gebruiker en kan feeds verversen zonder authenticatie:', 'type' => 'Authenticatie methode', - 'unsafe_autologin' => 'Sta onveilige automatische log in toe met het volgende formaat: ', ), 'check_install' => array( 'cache' => array( diff --git a/app/i18n/oc/admin.php b/app/i18n/oc/admin.php index fcb547ba6..6104f00c9 100644 --- a/app/i18n/oc/admin.php +++ b/app/i18n/oc/admin.php @@ -22,7 +22,6 @@ return array( 'token' => 'Master authentication token', // TODO 'token_help' => 'Allows access to all RSS outputs of the user as well as refreshing feeds without authentication:', // TODO 'type' => 'Mòde d’autentification', - 'unsafe_autologin' => 'Autorizar las connexions automaticas pas seguras al format : ', ), 'check_install' => array( 'cache' => array( diff --git a/app/i18n/pl/admin.php b/app/i18n/pl/admin.php index 7fde007be..7f11728b0 100644 --- a/app/i18n/pl/admin.php +++ b/app/i18n/pl/admin.php @@ -22,7 +22,6 @@ return array( 'token' => 'Główny token uwierzytelniania', 'token_help' => 'Umożliwia dostęp do wszystkich kanałów RSS użytkownika, jak również odświeżanie kanałów bez uwierzytelnienia:', 'type' => 'Metoda uwierzytelniania', - 'unsafe_autologin' => 'Pozwól na niebezpieczne automatyczne logowanie następującym schematem: ', ), 'check_install' => array( 'cache' => array( diff --git a/app/i18n/pt-BR/admin.php b/app/i18n/pt-BR/admin.php index 341663977..fb7658b65 100644 --- a/app/i18n/pt-BR/admin.php +++ b/app/i18n/pt-BR/admin.php @@ -22,7 +22,6 @@ return array( 'token' => 'Token de autenticação principal', 'token_help' => 'Permite acesso a todos as saídas RSS do usuário bem como atualização dos feeds sem autenticação:', 'type' => 'Método de autenticação', - 'unsafe_autologin' => 'Permitir login automático inseguro usando o seguinte formato: ', ), 'check_install' => array( 'cache' => array( diff --git a/app/i18n/pt-PT/admin.php b/app/i18n/pt-PT/admin.php index 117a3cc5c..97328a06a 100644 --- a/app/i18n/pt-PT/admin.php +++ b/app/i18n/pt-PT/admin.php @@ -22,7 +22,6 @@ return array( 'token' => 'Token de autenticação principal', 'token_help' => 'Permite acesso a todos as saídas RSS do utilizador bem como atualização dos feeds sem autenticação:', 'type' => 'Método de autenticação', - 'unsafe_autologin' => 'Permitir login automático inseguro usando o seguinte formato: ', ), 'check_install' => array( 'cache' => array( diff --git a/app/i18n/ru/admin.php b/app/i18n/ru/admin.php index 3a294faa7..64ee07926 100644 --- a/app/i18n/ru/admin.php +++ b/app/i18n/ru/admin.php @@ -22,7 +22,6 @@ return array( 'token' => 'Главный токен аутентификации', 'token_help' => 'Обеспечивает доступ ко всем выходным данным RSS пользователя, а также к обновлению лент без проверки подлинности:', 'type' => 'Способ аутентификации', - 'unsafe_autologin' => 'Разрешить небезопасный автоматический вход с использованием следующего формата: ', ), 'check_install' => array( 'cache' => array( diff --git a/app/i18n/sk/admin.php b/app/i18n/sk/admin.php index 25c62db0f..80710d444 100644 --- a/app/i18n/sk/admin.php +++ b/app/i18n/sk/admin.php @@ -22,7 +22,6 @@ return array( 'token' => 'Hlavný prihlasovací token', 'token_help' => 'Povoľuje prístup k všetkým RSS výstupom, a tiež k obnove kanálov bez prihlásenia:', 'type' => 'Spôsob prihlásenia', - 'unsafe_autologin' => 'Povoliť nebezpečné automatické prihlásenie pomocou webového formulára: ', ), 'check_install' => array( 'cache' => array( diff --git a/app/i18n/tr/admin.php b/app/i18n/tr/admin.php index 6a1c110f6..8e3447a62 100644 --- a/app/i18n/tr/admin.php +++ b/app/i18n/tr/admin.php @@ -22,7 +22,6 @@ return array( 'token' => 'Ana kimlik doğrulama belirteci', 'token_help' => 'Kullanıcının tüm RSS çıktılarına ve beslemeleri kimlik doğrulaması olmadan yenilemeye erişim sağlar:', 'type' => 'Kimlik doğrulama yöntemi', - 'unsafe_autologin' => 'Güvenli olmayan otomatik girişe izin ver; şu formatı kullan: ', ), 'check_install' => array( 'cache' => array( diff --git a/app/i18n/uk/admin.php b/app/i18n/uk/admin.php index 14bbd6d71..7f7730406 100644 --- a/app/i18n/uk/admin.php +++ b/app/i18n/uk/admin.php @@ -22,7 +22,6 @@ return array( 'token' => 'Головний токен входу', 'token_help' => 'Надає доступ до всіх RSS-видач користувача, а також дає змогу оновлювати стрічки без входу:', 'type' => 'Тип входу', - 'unsafe_autologin' => 'Дозволити небезпечний автоматичний вхід у форматі: ', ), 'check_install' => array( 'cache' => array( diff --git a/app/i18n/zh-CN/admin.php b/app/i18n/zh-CN/admin.php index 70a80c09e..4d32b81d9 100644 --- a/app/i18n/zh-CN/admin.php +++ b/app/i18n/zh-CN/admin.php @@ -22,7 +22,6 @@ return array( 'token' => '主验证 token', 'token_help' => '允许不验证而访问用户的全部 RSS 输出以及刷新订阅源:', 'type' => '认证方式', - 'unsafe_autologin' => '允许不安全的自动登陆方式:', ), 'check_install' => array( 'cache' => array( diff --git a/app/i18n/zh-TW/admin.php b/app/i18n/zh-TW/admin.php index 72bf32210..ffa2948bf 100644 --- a/app/i18n/zh-TW/admin.php +++ b/app/i18n/zh-TW/admin.php @@ -22,7 +22,6 @@ return array( 'token' => '主要驗證權杖', 'token_help' => '允許存取使用者的所有 RSS 輸出以及重整源而無需身份驗證:', 'type' => '認證方式', - 'unsafe_autologin' => '允許不安全的自動登入方式:', ), 'check_install' => array( 'cache' => array( diff --git a/app/views/auth/index.phtml b/app/views/auth/index.phtml index f11d29ae4..5546541f9 100644 --- a/app/views/auth/index.phtml +++ b/app/views/auth/index.phtml @@ -48,18 +48,6 @@ <div class="form-group"> <div class="group-controls"> - <label class="checkbox" for="unsafe_autologin"> - <input type="checkbox" name="unsafe_autologin" id="unsafe_autologin" value="1"<?= - FreshRSS_Context::systemConf()->unsafe_autologin_enabled ? ' checked="checked"' : '', - FreshRSS_Auth::accessNeedsAction() ? '' : ' disabled="disabled"' ?> /> - <?= _t('admin.auth.unsafe_autologin') ?> - <kbd><?= Minz_Url::display(['c' => 'auth', 'a' => 'login', 'params' => ['u' => 'alice', 'p' => '1234']], 'html', true) ?></kbd> - </label> - </div> - </div> - - <div class="form-group"> - <div class="group-controls"> <label class="checkbox" for="api_enabled"> <input type="checkbox" name="api_enabled" id="api_enabled" value="1"<?= FreshRSS_Context::systemConf()->api_enabled ? ' checked="checked"' : '', |