Stop storing the password in plain text

Store auth token instead
etternagame · Jul 24, 2018 · 86a31db · 86a31db · Jousway · Jul 24, 2018
1 parent a1758a3
commit 86a31db
Show file tree

Hide file tree

Showing 5 changed files with 51 additions and 29 deletions.
diff --git a/Themes/Til Death/BGAnimations/ScreenSelectMusic decorations/profile.lua b/Themes/Til Death/BGAnimations/ScreenSelectMusic decorations/profile.lua
@@ -625,13 +625,13 @@ local profilebuttons = Def.ActorFrame{
 	InitCommand=function(self)
 		self:xy(frameX+45,frameHeight + 20)
 		user = playerConfig:get_data(pn_to_profile_slot(PLAYER_1)).UserName
-		pass = playerConfig:get_data(pn_to_profile_slot(PLAYER_1)).Password
-		if pass ~= "" and answer ~= "" then
+		local passToken = playerConfig:get_data(pn_to_profile_slot(PLAYER_1)).PasswordToken
+		if passToken ~= "" and answer ~= "" then
 			if not DLMAN:IsLoggedIn() then
-				DLMAN:Login(user, pass)
+				DLMAN:LoginWithToken(user, passToken)
 			end
 		else
-			pass = ""
+			passToken = ""
 			user = ""
 		end
 	end,
@@ -720,6 +720,10 @@ local profilebuttons = Def.ActorFrame{
 		end,
 		LoginMessageCommand=function(self)
 			ms.ok("Succesfully logged in")
+			playerConfig:get_data(pn_to_profile_slot(PLAYER_1)).UserName = user
+			playerConfig:get_data(pn_to_profile_slot(PLAYER_1)).PasswordToken = DLMAN:GetToken()
+			playerConfig:set_dirty(pn_to_profile_slot(PLAYER_1))
+			playerConfig:save(pn_to_profile_slot(PLAYER_1))
 		end,
 		MouseLeftClickMessageCommand=function(self)
 			if ButtonActive(self) and rankingSkillset == 1 and not SCREENMAN:get_input_redirected(PLAYER_1) then 
@@ -730,16 +734,12 @@ local profilebuttons = Def.ActorFrame{
 					password = function(answer) 
 							pass=answer
 							DLMAN:Login(user, pass) 
-							playerConfig:get_data(pn_to_profile_slot(PLAYER_1)).UserName = user
-							playerConfig:get_data(pn_to_profile_slot(PLAYER_1)).Password = pass
-							playerConfig:set_dirty(pn_to_profile_slot(PLAYER_1))
-							playerConfig:save(pn_to_profile_slot(PLAYER_1))
 						end
 						easyInputStringWithFunction("Password:", 50, true, password)
 						easyInputStringWithFunction("Username:",50, false, username)
 				else
 					playerConfig:get_data(pn_to_profile_slot(PLAYER_1)).UserName = ""
-					playerConfig:get_data(pn_to_profile_slot(PLAYER_1)).Password = ""
+					playerConfig:get_data(pn_to_profile_slot(PLAYER_1)).PasswordToken = ""
 					playerConfig:set_dirty(pn_to_profile_slot(PLAYER_1))
 					playerConfig:save(pn_to_profile_slot(PLAYER_1))
 					DLMAN:Logout()

diff --git a/Themes/Til Death/BGAnimations/_PlayerInfo.lua b/Themes/Til Death/BGAnimations/_PlayerInfo.lua
@@ -120,6 +120,10 @@ t[#t+1] = Def.ActorFrame{
 			ms.ok("Login failed!")
 		end,
 		LoginMessageCommand=function(self)
+			playerConfig:get_data(pn_to_profile_slot(PLAYER_1)).UserName = user
+			playerConfig:get_data(pn_to_profile_slot(PLAYER_1)).PasswordToken = DLMAN:GetToken()
+			playerConfig:set_dirty(pn_to_profile_slot(PLAYER_1))
+			playerConfig:save(pn_to_profile_slot(PLAYER_1))
 			ms.ok("Succesfully logged in")
 		end,
 		MouseLeftClickMessageCommand=function(self)
@@ -131,16 +135,12 @@ t[#t+1] = Def.ActorFrame{
 					password = function(answer) 
 							pass=answer
 							DLMAN:Login(user, pass) 
-							playerConfig:get_data(pn_to_profile_slot(PLAYER_1)).UserName = user
-							playerConfig:get_data(pn_to_profile_slot(PLAYER_1)).Password = pass
-							playerConfig:set_dirty(pn_to_profile_slot(PLAYER_1))
-							playerConfig:save(pn_to_profile_slot(PLAYER_1))
 						end
 					easyInputStringWithFunction("Password:", 50, true, password)
 					easyInputStringWithFunction("Username:",50, false, username)
 				else
 					playerConfig:get_data(pn_to_profile_slot(PLAYER_1)).UserName = ""
-					playerConfig:get_data(pn_to_profile_slot(PLAYER_1)).Password = ""
+					playerConfig:get_data(pn_to_profile_slot(PLAYER_1)).PasswordToken = ""
 					playerConfig:set_dirty(pn_to_profile_slot(PLAYER_1))
 					playerConfig:save(pn_to_profile_slot(PLAYER_1))
 					DLMAN:Logout()

diff --git a/Themes/Til Death/Scripts/01 player_config.lua b/Themes/Til Death/Scripts/01 player_config.lua
@@ -23,7 +23,7 @@ local defaultConfig = {
 	BackgroundType = 1,
 	ProgressBarPos = 1, --moved from theme options into here, 1 = top; 0 = bottom
 	UserName = "",
-	Password = "",
+	PasswordToken = "",
 	CustomizeGameplay = false,
 	CustomEvaluationWindowTimings = false,
 	GameplayXYCoordinates = {

diff --git a/src/DownloadManager.cpp b/src/DownloadManager.cpp
@@ -1221,6 +1221,20 @@ void DownloadManager::RefreshUserData()
 	return;
 }
 
+void DownloadManager::OnLogin()
+{
+	DLMAN->RefreshUserRank();
+	DLMAN->RefreshUserData();
+	FOREACH_ENUM(Skillset, ss)
+		DLMAN->RefreshTop25(ss);
+	if (DLMAN->ShouldUploadScores())
+		DLMAN->UploadScores();
+	if (GAMESTATE->m_pCurSteps[PLAYER_1] != nullptr)
+		DLMAN->RequestChartLeaderBoard(GAMESTATE->m_pCurSteps[PLAYER_1]->GetChartKey());
+	MESSAGEMAN->Broadcast("Login");
+	DLMAN->loggingIn = false;
+}
+
 void DownloadManager::StartSession(string user, string pass, function<void(bool loggedIn)> callback = [](bool) {return; })
 {
 	string url = serverURL.Get() + "/login";
@@ -1258,18 +1272,7 @@ void DownloadManager::StartSession(string user, string pass, function<void(bool
 			DLMAN->loggingIn = false;
 			return;
 		}
-		DLMAN->sessionUser = user;
-		DLMAN->sessionPass = pass;
-		DLMAN->RefreshUserRank();
-		DLMAN->RefreshUserData();
-		FOREACH_ENUM(Skillset, ss)
-			DLMAN->RefreshTop25(ss);
-		if(DLMAN->ShouldUploadScores())
-			DLMAN->UploadScores();
-		if (GAMESTATE->m_pCurSteps[PLAYER_1] != nullptr)
-			DLMAN->RequestChartLeaderBoard(GAMESTATE->m_pCurSteps[PLAYER_1]->GetChartKey());
-		MESSAGEMAN->Broadcast("Login");
-		DLMAN->loggingIn = false;
+		DLMAN->OnLogin();
 		callback(DLMAN->LoggedIn());
 	};
 	HTTPRequest* req = new HTTPRequest(curlHandle, done, form);
@@ -1501,12 +1504,23 @@ class LunaDownloadManager : public Luna<DownloadManager>
 		string user = SArg(1);
 		string pass = SArg(2);
 		DLMAN->StartSession(user, pass); 
-		return 1;
+		return 0;
+	}
+	static int LoginWithToken(T* p, lua_State* L)
+	{
+		string user = SArg(1);
+		string token = SArg(2);
+		DLMAN->authToken = token;
+		DLMAN->sessionUser = user;
+		DLMAN->sessionPass = "";
+		DLMAN->EndSessionIfExists();
+		DLMAN->OnLogin();
+		return 0;
 	}
 	static int Logout(T* p, lua_State* L)
 	{
 		DLMAN->EndSessionIfExists();
-		return 1;
+		return 0;
 	}
 	static int GetLastVersion(T* p, lua_State* L)
 	{
@@ -1657,6 +1671,11 @@ class LunaDownloadManager : public Luna<DownloadManager>
 	static int DownloadCoreBundle(T* p, lua_State* L)
 	{
 		DLMAN->DownloadCoreBundle(SArg(1));
+		return 0;
+	}
+	static int GetToken(T* p, lua_State* L)
+	{
+		lua_pushstring(L, DLMAN->authToken.c_str());
 		return 1;
 	}
 	LunaDownloadManager()
@@ -1666,8 +1685,10 @@ class LunaDownloadManager : public Luna<DownloadManager>
 		ADD_METHOD(GetPacklist);
 		ADD_METHOD(GetDownloadingPacks);
 		ADD_METHOD(GetDownloads);
+		ADD_METHOD(GetToken);
 		ADD_METHOD(IsLoggedIn);
 		ADD_METHOD(Login);
+		ADD_METHOD(LoginWithToken);
 		ADD_METHOD(GetUsername);
 		ADD_METHOD(GetSkillsetRank);
 		ADD_METHOD(GetSkillsetRating);

diff --git a/src/DownloadManager.h b/src/DownloadManager.h
@@ -174,6 +174,7 @@ class DownloadManager
 	void EndSessionIfExists(); //Calls EndSession if logged in
 	void EndSession(); //Sends session destroy request
 	void StartSession(string user, string pass, function<void(bool loggedIn)> done); //Sends login request if not already logging in
+	void OnLogin();
 	bool UploadScores(); //Uploads all scores not yet uploaded to current server (Async, 1 request per score)
 	void RefreshPackList(string url);