Implement auto-passwords mode

This mode is automatically enabled iff: - The password field is disabled - Normal login is disabled - Automatic login is enabled In this mode, the login hash cookie acts as the only needed authentication. It is assigned automatically when the user posts something for the first time, and allows them to redact all comments made while still in possession of said cookie.
jacobwb · Mar 5, 2018 · 208bd00 · 208bd00
1 parent 7a38fd1
commit 208bd00
Show file tree

Hide file tree

Showing 4 changed files with 45 additions and 16 deletions.
diff --git a/hashover/backend/classes/commentparser.php b/hashover/backend/classes/commentparser.php
@@ -146,9 +146,10 @@ public function parse (array $comment, $key, $key_parts, $popular = false)
 				$output['user-owned'] = true;
 
 				// Check if the comment is editable
-				if (!empty ($comment['password'])) {
-					$output['editable'] = true;
-				}
+				if ($this->setup->autoPasswords)
+					$output['editable'] = $output['user-owned'];
+				else
+					$output['editable'] = !empty ($comment['password']);
 			}
 		}
 

diff --git a/hashover/backend/classes/login.php b/hashover/backend/classes/login.php
@@ -83,8 +83,16 @@ public function prepareCredentials ()
 			$password = $password ? $password : $random_password;
 		}
 
-		// Generate a RIPEMD-160 hash to indicate user login
-		$this->loginMethod->loginHash = hash ('ripemd160', $name . $password);
+		// Don't reset the login cookie in auto-passwords mode, as
+		// that will effectively log the user out
+		if ($this->setup->autoPasswords !== false
+			&& !empty($this->loginMethod->loginHash)
+			&& $this->cookies->getValue ('login') !== null) {
+			$this->loginMethod->loginHash = $this->cookies->getValue ('login');
+		} else {
+			// Generate a RIPEMD-160 hash to indicate user login
+			$this->loginMethod->loginHash = hash ('ripemd160', $name . $password);
+		}
 
 		// Set e-mail address
 		if (isset ($this->postData['email'])) {

diff --git a/hashover/backend/classes/settings.php b/hashover/backend/classes/settings.php
@@ -134,6 +134,7 @@ class Settings extends Secrets
 	public $httpImages;
 	public $cookieExpiration;
 	public $domain;
+	public $autoPasswords;
 
 	public function __construct ()
 	{
@@ -307,8 +308,20 @@ public function syncSettings ()
 			$this->allowsLogin = false;
 		}
 
+		// Automatic passwords are enabled iff:
+		// - The password field is disabled
+		// - Normal login is disabled
+		// - Automatic login is enabled
+		// As there is no way to log in "normally", a random
+		// password will be generated nd the user will be
+		// logged in, allowing them to redact their comments
+		// as long as the cookie lasts.
+		$this->autoPasswords = $this->fieldOptions['password'] === false
+				     && $this->allowsLogin === false
+				     && $this->usesAutoLogin === true;
+
 		// Disable autologin if login is disabled
-		if ($this->allowsLogin === false) {
+		if ($this->allowsLogin === false && $this->autoPasswords === false) {
 			$this->usesAutoLogin = false;
 		}
 

diff --git a/hashover/backend/classes/writecomments.php b/hashover/backend/classes/writecomments.php
@@ -333,18 +333,25 @@ protected function commentAuthentication ()
 			return $auth;
 		}
 
-		// Check if we have both required passwords
-		if (!empty ($this->postData['password'])
-		    and !empty ($auth['comment']['password']))
-		{
-			// If so, get the user input password
-			$user_password = $this->encodeHTML ($this->postData['password']);
+		// In auto-password mode, just verify the login-id
+		if ($this->setup->autoPasswords) {
+			$auth['user-owned'] = !empty($this->login->loginHash)
+					    && !empty($auth['comment']['login_id'])
+					    && $this->login->loginHash == $auth['comment']['login_id'];
+		} else {
+			// Check if we have both required passwords
+			if (!empty ($this->postData['password'])
+			    and !empty ($auth['comment']['password']))
+			{
+				// If so, get the user input password
+				$user_password = $this->encodeHTML ($this->postData['password']);
 
-			// Get the comment password
-			$comment_password = $auth['comment']['password'];
+				// Get the comment password
+				$comment_password = $auth['comment']['password'];
 
-			// Attempt to compare the two passwords
-			$auth['user-owned'] = $this->encryption->verifyHash ($user_password, $comment_password);
+				// Attempt to compare the two passwords
+				$auth['user-owned'] = $this->encryption->verifyHash ($user_password, $comment_password);
+			}
 		}
 
 		// Set general authorization state