From 86a31db52241c00dbd78304903680116f624f28d Mon Sep 17 00:00:00 2001 From: Nicolas Date: Tue, 24 Jul 2018 00:45:58 -0300 Subject: [PATCH] Stop storing the password in plain text Store auth token instead --- .../ScreenSelectMusic decorations/profile.lua | 18 +++---- Themes/Til Death/BGAnimations/_PlayerInfo.lua | 10 ++-- Themes/Til Death/Scripts/01 player_config.lua | 2 +- src/DownloadManager.cpp | 49 +++++++++++++------ src/DownloadManager.h | 1 + 5 files changed, 51 insertions(+), 29 deletions(-) diff --git a/Themes/Til Death/BGAnimations/ScreenSelectMusic decorations/profile.lua b/Themes/Til Death/BGAnimations/ScreenSelectMusic decorations/profile.lua index c6c57912d2..9f69f4a5e6 100644 --- a/Themes/Til Death/BGAnimations/ScreenSelectMusic decorations/profile.lua +++ b/Themes/Til Death/BGAnimations/ScreenSelectMusic decorations/profile.lua @@ -625,13 +625,13 @@ local profilebuttons = Def.ActorFrame{ InitCommand=function(self) self:xy(frameX+45,frameHeight + 20) user = playerConfig:get_data(pn_to_profile_slot(PLAYER_1)).UserName - pass = playerConfig:get_data(pn_to_profile_slot(PLAYER_1)).Password - if pass ~= "" and answer ~= "" then + local passToken = playerConfig:get_data(pn_to_profile_slot(PLAYER_1)).PasswordToken + if passToken ~= "" and answer ~= "" then if not DLMAN:IsLoggedIn() then - DLMAN:Login(user, pass) + DLMAN:LoginWithToken(user, passToken) end else - pass = "" + passToken = "" user = "" end end, @@ -720,6 +720,10 @@ local profilebuttons = Def.ActorFrame{ end, LoginMessageCommand=function(self) ms.ok("Succesfully logged in") + playerConfig:get_data(pn_to_profile_slot(PLAYER_1)).UserName = user + playerConfig:get_data(pn_to_profile_slot(PLAYER_1)).PasswordToken = DLMAN:GetToken() + playerConfig:set_dirty(pn_to_profile_slot(PLAYER_1)) + playerConfig:save(pn_to_profile_slot(PLAYER_1)) end, MouseLeftClickMessageCommand=function(self) if ButtonActive(self) and rankingSkillset == 1 and not SCREENMAN:get_input_redirected(PLAYER_1) then @@ -730,16 +734,12 @@ local profilebuttons = Def.ActorFrame{ password = function(answer) pass=answer DLMAN:Login(user, pass) - playerConfig:get_data(pn_to_profile_slot(PLAYER_1)).UserName = user - playerConfig:get_data(pn_to_profile_slot(PLAYER_1)).Password = pass - playerConfig:set_dirty(pn_to_profile_slot(PLAYER_1)) - playerConfig:save(pn_to_profile_slot(PLAYER_1)) end easyInputStringWithFunction("Password:", 50, true, password) easyInputStringWithFunction("Username:",50, false, username) else playerConfig:get_data(pn_to_profile_slot(PLAYER_1)).UserName = "" - playerConfig:get_data(pn_to_profile_slot(PLAYER_1)).Password = "" + playerConfig:get_data(pn_to_profile_slot(PLAYER_1)).PasswordToken = "" playerConfig:set_dirty(pn_to_profile_slot(PLAYER_1)) playerConfig:save(pn_to_profile_slot(PLAYER_1)) DLMAN:Logout() diff --git a/Themes/Til Death/BGAnimations/_PlayerInfo.lua b/Themes/Til Death/BGAnimations/_PlayerInfo.lua index e0d213ddba..8a6787947b 100644 --- a/Themes/Til Death/BGAnimations/_PlayerInfo.lua +++ b/Themes/Til Death/BGAnimations/_PlayerInfo.lua @@ -120,6 +120,10 @@ t[#t+1] = Def.ActorFrame{ ms.ok("Login failed!") end, LoginMessageCommand=function(self) + playerConfig:get_data(pn_to_profile_slot(PLAYER_1)).UserName = user + playerConfig:get_data(pn_to_profile_slot(PLAYER_1)).PasswordToken = DLMAN:GetToken() + playerConfig:set_dirty(pn_to_profile_slot(PLAYER_1)) + playerConfig:save(pn_to_profile_slot(PLAYER_1)) ms.ok("Succesfully logged in") end, MouseLeftClickMessageCommand=function(self) @@ -131,16 +135,12 @@ t[#t+1] = Def.ActorFrame{ password = function(answer) pass=answer DLMAN:Login(user, pass) - playerConfig:get_data(pn_to_profile_slot(PLAYER_1)).UserName = user - playerConfig:get_data(pn_to_profile_slot(PLAYER_1)).Password = pass - playerConfig:set_dirty(pn_to_profile_slot(PLAYER_1)) - playerConfig:save(pn_to_profile_slot(PLAYER_1)) end easyInputStringWithFunction("Password:", 50, true, password) easyInputStringWithFunction("Username:",50, false, username) else playerConfig:get_data(pn_to_profile_slot(PLAYER_1)).UserName = "" - playerConfig:get_data(pn_to_profile_slot(PLAYER_1)).Password = "" + playerConfig:get_data(pn_to_profile_slot(PLAYER_1)).PasswordToken = "" playerConfig:set_dirty(pn_to_profile_slot(PLAYER_1)) playerConfig:save(pn_to_profile_slot(PLAYER_1)) DLMAN:Logout() diff --git a/Themes/Til Death/Scripts/01 player_config.lua b/Themes/Til Death/Scripts/01 player_config.lua index 6c06db95c0..f910f2823a 100644 --- a/Themes/Til Death/Scripts/01 player_config.lua +++ b/Themes/Til Death/Scripts/01 player_config.lua @@ -23,7 +23,7 @@ local defaultConfig = { BackgroundType = 1, ProgressBarPos = 1, --moved from theme options into here, 1 = top; 0 = bottom UserName = "", - Password = "", + PasswordToken = "", CustomizeGameplay = false, CustomEvaluationWindowTimings = false, GameplayXYCoordinates = { diff --git a/src/DownloadManager.cpp b/src/DownloadManager.cpp index 6215698c76..c665df702d 100644 --- a/src/DownloadManager.cpp +++ b/src/DownloadManager.cpp @@ -1221,6 +1221,20 @@ void DownloadManager::RefreshUserData() return; } +void DownloadManager::OnLogin() +{ + DLMAN->RefreshUserRank(); + DLMAN->RefreshUserData(); + FOREACH_ENUM(Skillset, ss) + DLMAN->RefreshTop25(ss); + if (DLMAN->ShouldUploadScores()) + DLMAN->UploadScores(); + if (GAMESTATE->m_pCurSteps[PLAYER_1] != nullptr) + DLMAN->RequestChartLeaderBoard(GAMESTATE->m_pCurSteps[PLAYER_1]->GetChartKey()); + MESSAGEMAN->Broadcast("Login"); + DLMAN->loggingIn = false; +} + void DownloadManager::StartSession(string user, string pass, function callback = [](bool) {return; }) { string url = serverURL.Get() + "/login"; @@ -1258,18 +1272,7 @@ void DownloadManager::StartSession(string user, string pass, functionloggingIn = false; return; } - DLMAN->sessionUser = user; - DLMAN->sessionPass = pass; - DLMAN->RefreshUserRank(); - DLMAN->RefreshUserData(); - FOREACH_ENUM(Skillset, ss) - DLMAN->RefreshTop25(ss); - if(DLMAN->ShouldUploadScores()) - DLMAN->UploadScores(); - if (GAMESTATE->m_pCurSteps[PLAYER_1] != nullptr) - DLMAN->RequestChartLeaderBoard(GAMESTATE->m_pCurSteps[PLAYER_1]->GetChartKey()); - MESSAGEMAN->Broadcast("Login"); - DLMAN->loggingIn = false; + DLMAN->OnLogin(); callback(DLMAN->LoggedIn()); }; HTTPRequest* req = new HTTPRequest(curlHandle, done, form); @@ -1501,12 +1504,23 @@ class LunaDownloadManager : public Luna string user = SArg(1); string pass = SArg(2); DLMAN->StartSession(user, pass); - return 1; + return 0; + } + static int LoginWithToken(T* p, lua_State* L) + { + string user = SArg(1); + string token = SArg(2); + DLMAN->authToken = token; + DLMAN->sessionUser = user; + DLMAN->sessionPass = ""; + DLMAN->EndSessionIfExists(); + DLMAN->OnLogin(); + return 0; } static int Logout(T* p, lua_State* L) { DLMAN->EndSessionIfExists(); - return 1; + return 0; } static int GetLastVersion(T* p, lua_State* L) { @@ -1657,6 +1671,11 @@ class LunaDownloadManager : public Luna static int DownloadCoreBundle(T* p, lua_State* L) { DLMAN->DownloadCoreBundle(SArg(1)); + return 0; + } + static int GetToken(T* p, lua_State* L) + { + lua_pushstring(L, DLMAN->authToken.c_str()); return 1; } LunaDownloadManager() @@ -1666,8 +1685,10 @@ class LunaDownloadManager : public Luna ADD_METHOD(GetPacklist); ADD_METHOD(GetDownloadingPacks); ADD_METHOD(GetDownloads); + ADD_METHOD(GetToken); ADD_METHOD(IsLoggedIn); ADD_METHOD(Login); + ADD_METHOD(LoginWithToken); ADD_METHOD(GetUsername); ADD_METHOD(GetSkillsetRank); ADD_METHOD(GetSkillsetRating); diff --git a/src/DownloadManager.h b/src/DownloadManager.h index 67e4fe65ad..120c4c5bf5 100644 --- a/src/DownloadManager.h +++ b/src/DownloadManager.h @@ -174,6 +174,7 @@ class DownloadManager void EndSessionIfExists(); //Calls EndSession if logged in void EndSession(); //Sends session destroy request void StartSession(string user, string pass, function done); //Sends login request if not already logging in + void OnLogin(); bool UploadScores(); //Uploads all scores not yet uploaded to current server (Async, 1 request per score) void RefreshPackList(string url);