Add email/password authentication

reload · Sep 25, 2024 · d2e5fcd · d2e5fcd
1 parent c55d43b
commit d2e5fcd
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -8,6 +8,9 @@ and this project adheres to [Intended Effort Versioning](https://jacobtomlinson.
 
 ## 1.3.2 - [Unreleased]
 
+### Added
+- Email/password authentication for legacy endpoint.
+
 ### Fixed
 - Handle PHPs old BCrypt version.
 

diff --git a/src/controllers/legacy_entity_controller.cr b/src/controllers/legacy_entity_controller.cr
@@ -6,6 +6,8 @@ class LegacyEntityController < Amber::Controller::Base
 
  def index
  token_user = nil : User?
+
+ # Legacy "token" authentication.
  if params[:token]?
  # Timelord uses a version of bcrypt hash that's basically only
  # used by PHP, so we "fix" it to the version Crystal BCrypt
@@ -33,6 +35,16 @@ class LegacyEntityController < Amber::Controller::Base
  end
  end
 
+ # Temporary email/password authentication.
+ if params[:password]? && params[:email]?
+ token_user = User.find_by!(email: params[:email])
+ unless token_user.authenticate(params[:password])
+ halt!(403, "Forbidden")
+
+ return
+ end
+ end
+
  location = Time::Location.load("Europe/Copenhagen")
  date_from = Time.local(location).at_beginning_of_month
  date_to = Time.local(location).at_end_of_day.shift(days: -1)