diff options
Diffstat (limited to 'app/Controllers/authController.php')
| -rw-r--r-- | app/Controllers/authController.php | 49 |
1 files changed, 1 insertions, 48 deletions
diff --git a/app/Controllers/authController.php b/app/Controllers/authController.php index 61f4f5aaf..a8938228a 100644 --- a/app/Controllers/authController.php +++ b/app/Controllers/authController.php @@ -13,7 +13,6 @@ class FreshRSS_auth_Controller extends FreshRSS_ActionController { * - anon_access (default: false) * - anon_refresh (default: false) * - auth_type (default: none) - * - unsafe_autologin (default: false) * - api_enabled (default: false) */ public function indexAction(): void { @@ -33,12 +32,10 @@ class FreshRSS_auth_Controller extends FreshRSS_ActionController { $anon = Minz_Request::paramBoolean('anon_access'); $anon_refresh = Minz_Request::paramBoolean('anon_refresh'); $auth_type = Minz_Request::paramString('auth_type') ?: 'form'; - $unsafe_autologin = Minz_Request::paramBoolean('unsafe_autologin'); $api_enabled = Minz_Request::paramBoolean('api_enabled'); if ($anon !== FreshRSS_Context::systemConf()->allow_anonymous || $auth_type !== FreshRSS_Context::systemConf()->auth_type || $anon_refresh !== FreshRSS_Context::systemConf()->allow_anonymous_refresh || - $unsafe_autologin !== FreshRSS_Context::systemConf()->unsafe_autologin_enabled || $api_enabled !== FreshRSS_Context::systemConf()->api_enabled) { if (in_array($auth_type, ['form', 'http_auth', 'none'], true)) { FreshRSS_Context::systemConf()->auth_type = $auth_type; @@ -47,7 +44,6 @@ class FreshRSS_auth_Controller extends FreshRSS_ActionController { } FreshRSS_Context::systemConf()->allow_anonymous = $anon; FreshRSS_Context::systemConf()->allow_anonymous_refresh = $anon_refresh; - FreshRSS_Context::systemConf()->unsafe_autologin_enabled = $unsafe_autologin; FreshRSS_Context::systemConf()->api_enabled = $api_enabled; $ok &= FreshRSS_Context::systemConf()->save(); @@ -74,7 +70,7 @@ class FreshRSS_auth_Controller extends FreshRSS_ActionController { * the user is already connected. */ public function loginAction(): void { - if (FreshRSS_Auth::hasAccess() && !(FreshRSS_Context::systemConf()->unsafe_autologin_enabled && Minz_Request::paramString('u') !== '')) { + if (FreshRSS_Auth::hasAccess()) { Minz_Request::forward(['c' => 'index', 'a' => 'index'], true); } @@ -106,7 +102,6 @@ class FreshRSS_auth_Controller extends FreshRSS_ActionController { * - challenge (default: '') * - keep_logged_in (default: false) * - * @todo move unsafe autologin in an extension. * @throws Exception */ public function formLoginAction(): void { @@ -192,48 +187,6 @@ class FreshRSS_auth_Controller extends FreshRSS_ActionController { Minz_Request::setBadNotification(_t('feedback.auth.login.invalid')); Minz_Request::forward(['c' => 'auth', 'a' => 'login'], false); } - } elseif (FreshRSS_Context::systemConf()->unsafe_autologin_enabled) { - $username = Minz_Request::paramString('u', plaintext: true); - $password = Minz_Request::paramString('p', plaintext: true); - Minz_Request::_param('p'); - - if ($username === '') { - return; - } - - FreshRSS_FormAuth::deleteCookie(); - - FreshRSS_Context::initUser($username); - if (!FreshRSS_Context::hasUserConf()) { - return; - } - - $s = FreshRSS_Context::userConf()->passwordHash; - $ok = password_verify($password, $s); - unset($password); - if ($ok) { - Minz_Session::regenerateID('FreshRSS'); - Minz_Session::_params([ - Minz_User::CURRENT_USER => $username, - 'passwordHash' => $s, - 'csrf' => false, - ]); - FreshRSS_Auth::giveAccess(); - - Minz_Translate::init(FreshRSS_Context::userConf()->language); - - Minz_Request::good( - _t('feedback.auth.login.success'), - ['c' => 'index', 'a' => 'index'], - showNotification: FreshRSS_Context::userConf()->good_notification_timeout > 0 - ); - } else { - Minz_Log::warning('Unsafe password mismatch for user ' . $username); - Minz_Request::bad( - _t('feedback.auth.login.invalid'), - ['c' => 'auth', 'a' => 'login'] - ); - } } } |