diff --git a/server.cc b/server.cc index 04b33f8..8263f64 100644 --- a/server.cc +++ b/server.cc @@ -58,7 +58,7 @@ int nthreads = 4; typedef std::unordered_map<std::string, std::string> StrMap; struct cred_t { - std::string password, totp; // Pass and TOTP (binary) + std::string totp; // Pass and TOTP (binary) unsigned sduration; // Duration of a valid session (seconds) unsigned digits; // Digits of TOTP unsigned period; // Period of TOTP @@ -162,12 +162,10 @@ private: bool lerror = false; if (req->method == "POST") { std::string user = req->postvars["username"]; - std::string pass = req->postvars["password"]; unsigned totp = atoi(req->postvars["totp"].c_str()); // Validate the authentication to issue a cookie or throw an error if (wcfg->users.count(user) && - wcfg->users.at(user).password == pass && totp_valid(wcfg->users.at(user), totp, wcfg->totp_generations)) { logger->log("Login successful for user " + user); @@ -378,7 +376,6 @@ int main(int argc, char **argv) { for (int j = 0; j < config_setting_length(users_cfg); j++) { config_setting_t *userentry = config_setting_get_elem(users_cfg, j); config_setting_t *user = config_setting_get_member(userentry, "username"); - config_setting_t *pass = config_setting_get_member(userentry, "password"); config_setting_t *totp = config_setting_get_member(userentry, "totp"); config_setting_t *algo = config_setting_get_member(userentry, "algorithm"); config_setting_t *digi = config_setting_get_member(userentry, "digits"); @@ -389,8 +386,8 @@ int main(int argc, char **argv) { int digits = !digi ? TOTP_DEF_DIGITS : config_setting_get_int(digi); int period = !peri ? TOTP_DEF_PERIOD : config_setting_get_int(peri); - if (!user || !pass || !totp || !durt) - RET_ERR("username, password, totp and duration must be present in the user group"); + if (!user || !totp || !durt) + RET_ERR("username, totp and duration must be present in the user group"); if (digits < 6 || digits > 9) RET_ERR("digits must be between 6 and 9 (included)"); if (period <= 0) @@ -399,7 +396,6 @@ int main(int argc, char **argv) { RET_ERR("invalid algorithm specified"); wentry.users[config_setting_get_string(user)] = cred_t { - .password = config_setting_get_string(pass), .totp = b32dec(b32pad(config_setting_get_string(totp))), .sduration = (unsigned)config_setting_get_int(durt), .digits = (unsigned)digits, diff --git a/templates/gradient.html b/templates/gradient.html index 8916b88..06dea7c 100644 --- a/templates/gradient.html +++ b/templates/gradient.html @@ -71,7 +71,6 @@ <h1>Login</h1> <form method="post" action="login"> <input type="text" name="username" placeholder="Username" required="required" /> - <input type="password" name="password" placeholder="Password" required="required" /> <input type="text" name="totp" placeholder="OTP token" required="required" /> <input type="hidden" name="follow_page" value="{{follow_page}}" /> {{loginfailed}}<h4 class="failedp">Login failed</h4>{{/loginfailed}}