From c8aa86d77a3114ccce31f55d052a733c7596be82 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Jaussoin?= Date: Tue, 27 Apr 2021 17:24:27 +0200 Subject: [PATCH] Allow aliases to be entered in the authentication Fix the authentication password check to allow "alias-accounts" --- .../Controllers/Account/AuthenticateController.php | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/flexiapi/app/Http/Controllers/Account/AuthenticateController.php b/flexiapi/app/Http/Controllers/Account/AuthenticateController.php index 6d7a080..5e96f22 100644 --- a/flexiapi/app/Http/Controllers/Account/AuthenticateController.php +++ b/flexiapi/app/Http/Controllers/Account/AuthenticateController.php @@ -44,13 +44,22 @@ class AuthenticateController extends Controller public function authenticate(Request $request) { $request->validate([ - 'username' => 'required|exists:external.accounts,username', + 'username' => 'required', 'password' => 'required' ]); $account = Account::where('username', $request->get('username')) ->first(); + // Try alias + if (!$account) { + $alias = Alias::where('alias', $request->get('username'))->first(); + + if ($alias) { + $account = $alias->account; + } + } + if (!$account) { return redirect()->back()->withErrors(['authentication' => 'The account doesn\'t exists']); } @@ -59,7 +68,7 @@ class AuthenticateController extends Controller foreach ($account->passwords as $password) { if (hash_equals( $password->password, - Utils::bchash($request->get('username'), $account->resolvedRealm, $request->get('password'), $password->algorithm) + Utils::bchash($account->username, $account->resolvedRealm, $request->get('password'), $password->algorithm) )) { Auth::login($account); return redirect()->route('account.panel');