summarylogtreecommitdiffstats
path: root/remove-password.patch
blob: cf68943f56ef26c6d4664a82c44a90f4bf5f512b (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65

diff --git a/server.cc b/server.cc
index 04b33f8..8263f64 100644
--- a/server.cc
+++ b/server.cc
@@ -58,7 +58,7 @@ int nthreads = 4;
 typedef std::unordered_map<std::string, std::string> StrMap;
 
 struct cred_t {
-	std::string password, totp;  // Pass and TOTP (binary)
+	std::string totp;  // Pass and TOTP (binary)
 	unsigned sduration;          // Duration of a valid session (seconds)
 	unsigned digits;             // Digits of TOTP
 	unsigned period;             // Period of TOTP
@@ -162,12 +162,10 @@ private:
 			bool lerror = false;
 			if (req->method == "POST") {
 				std::string user = req->postvars["username"];
-				std::string pass = req->postvars["password"];
 				unsigned    totp = atoi(req->postvars["totp"].c_str());
 
 				// Validate the authentication to issue a cookie or throw an error
 				if (wcfg->users.count(user) &&
-				    wcfg->users.at(user).password == pass &&
 				    totp_valid(wcfg->users.at(user), totp, wcfg->totp_generations)) {
 
 					logger->log("Login successful for user " + user);
@@ -378,7 +376,6 @@ int main(int argc, char **argv) {
 		for (int j = 0; j < config_setting_length(users_cfg); j++) {
 			config_setting_t *userentry = config_setting_get_elem(users_cfg, j);
 			config_setting_t *user = config_setting_get_member(userentry, "username");
-			config_setting_t *pass = config_setting_get_member(userentry, "password");
 			config_setting_t *totp = config_setting_get_member(userentry, "totp");
 			config_setting_t *algo = config_setting_get_member(userentry, "algorithm");
 			config_setting_t *digi = config_setting_get_member(userentry, "digits");
@@ -389,8 +386,8 @@ int main(int argc, char **argv) {
 			int digits = !digi ? TOTP_DEF_DIGITS : config_setting_get_int(digi);
 			int period = !peri ? TOTP_DEF_PERIOD : config_setting_get_int(peri);
 
-			if (!user || !pass || !totp || !durt)
-				RET_ERR("username, password, totp and duration must be present in the user group");
+			if (!user || !totp || !durt)
+				RET_ERR("username, totp and duration must be present in the user group");
 			if (digits < 6 || digits > 9)
 				RET_ERR("digits must be between 6 and 9 (included)");
 			if (period <= 0)
@@ -399,7 +396,6 @@ int main(int argc, char **argv) {
 				RET_ERR("invalid algorithm specified");
 
 			wentry.users[config_setting_get_string(user)] = cred_t {
-				.password = config_setting_get_string(pass),
 				.totp = b32dec(b32pad(config_setting_get_string(totp))),
 				.sduration = (unsigned)config_setting_get_int(durt),
 				.digits = (unsigned)digits,
diff --git a/templates/gradient.html b/templates/gradient.html
index 8916b88..06dea7c 100644
--- a/templates/gradient.html
+++ b/templates/gradient.html
@@ -71,7 +71,6 @@
       <h1>Login</h1>
       <form method="post" action="login">
         <input type="text" name="username" placeholder="Username" required="required" />
-        <input type="password" name="password" placeholder="Password" required="required" />
         <input type="text" name="totp" placeholder="OTP token" required="required" />
         <input type="hidden" name="follow_page" value="{{follow_page}}" />
         {{loginfailed}}<h4 class="failedp">Login failed</h4>{{/loginfailed}}