revert updated api
This commit is contained in:
2026-05-22 12:27:12 +00:00
parent e0be2c501f
commit c86768e391
17 changed files with 41 additions and 867 deletions

View File

@ -1,7 +1,5 @@
<?php
require_once __DIR__ . '/../lib/activity.php';
switch ($route) {
case 'auth/login':
@ -43,8 +41,9 @@ case 'auth/login':
);
}
qdb_discard($tmpDb, $lockFp);
if ((int)$user['mustChangePassword'] === 1) {
qdb_discard($tmpDb, $lockFp);
$tempToken = bin2hex(random_bytes(32));
token_add($tempToken, 10 * 60, [
'role' => $user['role'],
@ -60,17 +59,6 @@ case 'auth/login':
]);
}
qdb_discard($tmpDb, $lockFp);
[$pdoW, $tmpDbW, $lockFpW] = qdb_open(true);
$tokenRec = [
'role' => $user['role'],
'entityID' => $user['entityID'],
'userID' => $user['userID'],
];
log_activity($pdoW, $tokenRec, 'login', 'user', $user['userID'], "Login: $username");
qdb_save($tmpDbW, $lockFpW);
$token = bin2hex(random_bytes(32));
token_add($token, 30 * 24 * 60 * 60, [
'role' => $user['role'],
@ -85,7 +73,6 @@ case 'auth/login':
]);
} catch (Throwable $e) {
if (isset($tmpDb, $lockFp)) qdb_discard($tmpDb, $lockFp);
if (isset($tmpDbW, $lockFpW)) qdb_discard($tmpDbW, $lockFpW);
error_log($e->getMessage());
json_error('SERVER_ERROR', 'Server error', 500);
}
@ -150,15 +137,6 @@ case 'auth/change-password':
"UPDATE users SET passwordHash = :h, mustChangePassword = 0 WHERE userID = :uid"
)->execute([':h' => $newHash, ':uid' => $user['userID']]);
log_activity(
$pdo,
array_merge($tokenRec, ['role' => $user['role'], 'entityID' => $user['entityID'], 'userID' => $user['userID']]),
'password_changed',
'user',
$user['userID'],
"Password changed: $username"
);
qdb_save($tmpDb, $lockFp);
// Revoke the old (possibly temp) token and issue a fresh one