From 3c99551f40dc27bd25836c96b02efee31ccc64e4 Mon Sep 17 00:00:00 2001
From: Sylvain Berfini <sylvain.berfini@belledonne-communications.com>
Date: Thu, 7 Nov 2019 10:20:40 +0100
Subject: [PATCH] Removed SHA256 auto password creation

---
 src/xmlrpc/accounts.php       | 17 -----------------
 src/xmlrpc/accounts_phone.php | 13 -------------
 2 files changed, 30 deletions(-)

diff --git a/src/xmlrpc/accounts.php b/src/xmlrpc/accounts.php
index 88f4496..3e7a94e 100644
--- a/src/xmlrpc/accounts.php
+++ b/src/xmlrpc/accounts.php
@@ -120,23 +120,6 @@ function xmlrpc_recover_account_from_confirmation_key($method, $args) {
 		return $result;
 	}
 
-	if ($algo == SHA256) {
-		// When trying to log in with a phone account on an app that only supports SHA-256, create a new password for it if it doesn't exists
-		// This won't prevent already logged in users with MD5 password to use their account
-		$pwd = generate_password();
-		$sha256_password = new Password($db);
-		$sha256_password->account_id = $account->id;
-		$sha256_password->password = hash_password($account->username, $pwd, $domain, SHA256);
-		$sha256_password->algorithm = SHA256;
-		$sha256_password->create();
-
-		$result = array(
-			"password" => $sha256_password->password,
-			"algorithm" => $sha256_password->algorithm
-		);
-		return $result;
-	}
-
 	return PASSWORD_NOT_FOUND;
 }
 
diff --git a/src/xmlrpc/accounts_phone.php b/src/xmlrpc/accounts_phone.php
index 3e5db54..1406e17 100644
--- a/src/xmlrpc/accounts_phone.php
+++ b/src/xmlrpc/accounts_phone.php
@@ -208,19 +208,6 @@ function xmlrpc_activate_phone_account($method, $args) {
 		return $password->password;
 	}
 
-    if ($algo == SHA256) {
-        // When trying to log in with a phone account on an app that only supports SHA-256, create a new password for it if it doesn't exists
-        // This won't prevent already logged in users with MD5 password to use their account
-        $pwd = generate_password();
-        $sha256_password = new Password($db);
-        $sha256_password->account_id = $account->id;
-        $sha256_password->password = hash_password($account->username, $pwd, $domain, SHA256);
-        $sha256_password->algorithm = SHA256;
-        $sha256_password->create();
-
-        return $sha256_password->password;
-    }
-
     return PASSWORD_NOT_FOUND;
 }