aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--app/Models/Auth.php17
-rw-r--r--p/api/query.php2
2 files changed, 10 insertions, 9 deletions
diff --git a/app/Models/Auth.php b/app/Models/Auth.php
index ecb8ead2f..416f3061d 100644
--- a/app/Models/Auth.php
+++ b/app/Models/Auth.php
@@ -31,15 +31,16 @@ class FreshRSS_Auth {
]);
}
- if (self::$login_ok) {
- self::giveAccess();
- } elseif (self::accessControl() && self::giveAccess()) {
+ if (self::$login_ok && self::giveAccess()) {
+ return self::$login_ok;
+ }
+ if (self::accessControl() && self::giveAccess()) {
FreshRSS_UserDAO::touch();
- } else {
- // Be sure all accesses are removed!
- self::removeAccess();
+ return self::$login_ok;
}
- return self::$login_ok;
+ // Be sure all accesses are removed!
+ self::removeAccess();
+ return false;
}
/**
@@ -103,7 +104,7 @@ class FreshRSS_Auth {
*/
public static function giveAccess(): bool {
FreshRSS_Context::initUser();
- if (!FreshRSS_Context::hasUserConf()) {
+ if (!FreshRSS_Context::hasUserConf() || !FreshRSS_Context::userConf()->enabled) {
self::$login_ok = false;
return false;
}
diff --git a/p/api/query.php b/p/api/query.php
index c95a2bf43..7d74f2313 100644
--- a/p/api/query.php
+++ b/p/api/query.php
@@ -36,7 +36,7 @@ if (!FreshRSS_Context::hasSystemConf() || !FreshRSS_Context::systemConf()->api_e
}
FreshRSS_Context::initUser($user);
-if (!FreshRSS_Context::hasUserConf()) {
+if (!FreshRSS_Context::hasUserConf() || !FreshRSS_Context::userConf()->enabled) {
usleep(rand(100, 10000)); //Primitive mitigation of scanning for users
header('HTTP/1.1 404 Not Found');
header('Content-Type: text/plain; charset=UTF-8');
generated by cgit v1.2.3 (git 2.39.1) at 2026-02-10 11:15:50 +0000