1
1
Fork 0
mirror of https://code.mensbeam.com/MensBeam/Arsse.git synced 2024-12-22 21:22:40 +00:00

TTRSS: accept base64 passwords; fixes #130

This commit is contained in:
J. King 2017-11-30 19:31:40 -05:00
parent 3ffcd6dd97
commit 9ac2421fe3
3 changed files with 7 additions and 28 deletions

View file

@ -143,6 +143,7 @@ We are not aware of any other extensions to the TTRSS protocol. If you know of a
#### Errors and ambiguities #### Errors and ambiguities
- TTRSS accepts base64-encoded passwords, though this is undocumented; The Arsse accepts base64-encoded passwords as well
- TTRSS sometimes returns an incorrect count from the `setArticleLabel` operation; The Arsse returns a correct count in all cases - TTRSS sometimes returns an incorrect count from the `setArticleLabel` operation; The Arsse returns a correct count in all cases
- TTRSS sometimes returns out-of-date cached information; The Arsse does not use caches as TTRSS does, so information is always current - TTRSS sometimes returns out-of-date cached information; The Arsse does not use caches as TTRSS does, so information is always current
- TTRSS returns results for _feed_ ID `-3` when providing the `getHeadlines` operation with _category_ ID `-3`; The Arsse retuns the correct results - TTRSS returns results for _feed_ ID `-3` when providing the `getHeadlines` operation with _category_ ID `-3`; The Arsse retuns the correct results

View file

@ -21,32 +21,6 @@ use JKingWeb\Arsse\Db\ResultEmpty;
use JKingWeb\Arsse\Feed\Exception as FeedException; use JKingWeb\Arsse\Feed\Exception as FeedException;
use JKingWeb\Arsse\REST\Response; use JKingWeb\Arsse\REST\Response;
/*
Protocol difference so far:
- Malformed JSON data returns a different error code than login failure, for clarity
- TT-RSS accepts whitespace-only names for categories, labels, and feeds; we do not
- TT-RSS allows two folders to share the same name under the same parent; we do not
- TT-RSS requires the user to choose in the face of multiple found feeds during discovery; we use the first one (picoFeed limitation)
- Session lifetime is much shorter by default
- Categories and feeds will always be sorted alphabetically (the protocol does not allow for clients to re-order)
- The "Archived" virtual feed is non-functional (the protocol does not allow archiving)
- The "Published" virtual feed is non-functional (this will not be implemented in the near term)
- setArticleLabel responds with errors for invalid labels where TT-RSS simply returns a zero result
- The result of setArticleLabel counts only records which actually changed rather than all entries attempted
- Using both limit/skip and unread_only in getFeeds produces reliable results, unlike in TT-RSS
- Top-level categories in getFeedTree have a 'parent_id' property (set to null); in TT-RSS the property is absent
- Article hashes are SHA-256 rather than SHA-1.
- Articles have at most one attachment (enclosure), whereas TTRSS allows for several; there is also significantly less detail. These are limitations of picoFeed which should be addressed
- IDs for enclosures are always 0 as we don't give them IDs
- Searching in getHeadlines is not yet implemented
- Category -3 (all non-special feeds) is handled correctly in getHeadlines; TT-RSS returns results for feed -3 (Fresh)
- Sorting of headlines does not match TT-RSS: special feeds are not sorted specially like they should be
- The 'sanitize', 'force_update', and 'has_sandbox' parameters of getHeadlines are ignored
*/
class API extends \JKingWeb\Arsse\REST\AbstractHandler { class API extends \JKingWeb\Arsse\REST\AbstractHandler {
const LEVEL = 14; // emulated API level const LEVEL = 14; // emulated API level
const VERSION = "17.4"; // emulated TT-RSS version const VERSION = "17.4"; // emulated TT-RSS version
@ -194,7 +168,8 @@ class API extends \JKingWeb\Arsse\REST\AbstractHandler {
} }
public function opLogin(array $data): array { public function opLogin(array $data): array {
if (Arsse::$user->auth((string) $data['user'], (string) $data['password'])) { // both cleartext and base64 passwords are accepted
if (Arsse::$user->auth($data['user'], $data['password']) || Arsse::$user->auth($data['user'], base64_decode($data['password']))) {
$id = Arsse::$db->sessionCreate($data['user']); $id = Arsse::$db->sessionCreate($data['user']);
return [ return [
'session_id' => $id, 'session_id' => $id,

View file

@ -192,7 +192,8 @@ LONG_STRING;
} }
public function testLogIn() { public function testLogIn() {
Phake::when(Arsse::$user)->auth(Arsse::$user->id, "superman")->thenReturn(false); Phake::when(Arsse::$user)->auth(Arsse::$user->id, $this->anything())->thenReturn(false);
Phake::when(Arsse::$user)->auth(Arsse::$user->id, "secret")->thenReturn(true);
Phake::when(Arsse::$db)->sessionCreate->thenReturn("PriestsOfSyrinx")->thenReturn("SolarFederation"); Phake::when(Arsse::$db)->sessionCreate->thenReturn("PriestsOfSyrinx")->thenReturn("SolarFederation");
$data = [ $data = [
'op' => "login", 'op' => "login",
@ -201,6 +202,8 @@ LONG_STRING;
]; ];
$exp = $this->respGood(['session_id' => "PriestsOfSyrinx", 'api_level' => \JKingWeb\Arsse\REST\TinyTinyRSS\API::LEVEL]); $exp = $this->respGood(['session_id' => "PriestsOfSyrinx", 'api_level' => \JKingWeb\Arsse\REST\TinyTinyRSS\API::LEVEL]);
$this->assertResponse($exp, $this->req($data)); $this->assertResponse($exp, $this->req($data));
// base64 passwords are also accepted
$data['password'] = base64_encode($data['password']);
$exp = $this->respGood(['session_id' => "SolarFederation", 'api_level' => \JKingWeb\Arsse\REST\TinyTinyRSS\API::LEVEL]); $exp = $this->respGood(['session_id' => "SolarFederation", 'api_level' => \JKingWeb\Arsse\REST\TinyTinyRSS\API::LEVEL]);
$this->assertResponse($exp, $this->req($data)); $this->assertResponse($exp, $this->req($data));
// test a failed log-in // test a failed log-in