add support for a passwordless login token

The plan is to use this for accounts that are created implicitly, as when
a non-logged-in user subscribes to notifyemail. Such an account has no
password, and login can be accomplished by way of a url that is sent to
them in email.

When the user sets a password, the passwordless login token is disabled.

diff --git a/IkiWiki/Plugin/passwordauth.pm b/IkiWiki/Plugin/passwordauth.pm
index c167f52b5c2d11586325cfc1d51a9a3825614f9e..6a5153efd0d3be38add31947238182862aa9cc02 100644 (file)
--- a/IkiWiki/Plugin/passwordauth.pm
+++ b/IkiWiki/Plugin/passwordauth.pm
@@ -96,6 +96,12 @@ sub setpassword ($$;$) {
        else {
                IkiWiki::userinfo_set($user, $field, $password);
        }
+
+       # Setting the password clears any passwordless login token.
+       if ($field ne 'passwordless') {
+               IkiWiki::userinfo_set($user, "cryptpasswordless", "");
+               IkiWiki::userinfo_set($user, "passwordless", "");
+       }
 }
 
 sub formbuilder_setup (@) {