← Back to team overview

widelands-dev team mailing list archive

Re: [Merge] lp:~widelands-dev/widelands/bug-1827786-metaserver-login-box into lp:widelands

 

Will address the strings later. For the others see the diff comments.

Diff comments:

> === modified file 'src/ui_fsmenu/multiplayer.cc'
> --- src/ui_fsmenu/multiplayer.cc	2019-02-23 11:00:49 +0000
> +++ src/ui_fsmenu/multiplayer.cc	2019-05-08 19:59:17 +0000
> @@ -58,21 +58,46 @@
>  	vbox_.add_inf_space();
>  	vbox_.add(&back, UI::Box::Resizing::kFullSize);
>  
> -	Section& s = g_options.pull_section("global");
> -	auto_log_ = s.get_bool("auto_log", false);
> -	if (auto_log_) {

This was redundant IMHO. You had to click 2 checkboxes to actually automatically login.

Now we handle it the following way: When you click the "use a registered account" checkbox, you must enter a password. If you don't, you can't login. As soon as you enter a password it will be stored and used to log the user in automatically the moment you click the login-button. If you don't want to use your online account any more just remove the tick.

> -		showloginbox =
> +	showloginbox =
>  		   new UI::Button(this, "login_dialog", 0, 0, 0, 0, UI::ButtonStyle::kFsMenuSecondary,
>  		                  g_gr->images().get("images/ui_basic/continue.png"), _("Show login dialog"));
> -		showloginbox->sigclicked.connect(
> +	showloginbox->sigclicked.connect(
>  		   boost::bind(&FullscreenMenuMultiPlayer::show_internet_login, boost::ref(*this)));
> -	}
>  	layout();
>  }
>  
>  /// called if the showloginbox button was pressed
>  void FullscreenMenuMultiPlayer::show_internet_login() {
> -	auto_log_ = false;
> +	Section& s = g_options.pull_section("global");
> +	LoginBox lb(*this);
> +	if (lb.run<UI::Panel::Returncodes>() == UI::Panel::Returncodes::kOk) {
> +		nickname_ = lb.get_nickname();
> +		s.set_string("nickname", nickname_);
> +		/// NOTE: The password is only stored (in memory and on disk) and transmitted (over the
> +		/// network
> +		/// to the metaserver) as cryptographic hash. This does NOT mean that the password is
> +		/// stored
> +		/// securely on the local disk. While the password should be secure while transmitted to
> +		/// the
> +		/// metaserver (no-one can use the transmitted data to log in as the user) this is not the
> +		/// case
> +		/// for local storage. The stored hash of the password makes it hard to look at the
> +		/// configuration
> +		/// file and figure out the plaintext password to, e.g., log in on the forum. However, the
> +		/// stored hash can be copied to another system and used to log in as the user on the
> +		/// metaserver.
> +		// Further note: SHA-1 is considered broken and shouldn't be used anymore. But since the
> +		// passwords on the server are protected by SHA-1 we have to use it here, too
> +		if (lb.get_password() != "*****") {
> +			password_ = crypto::sha1(lb.get_password());
> +			s.set_string("password_sha1", password_);
> +		}
> +
> +		register_ = lb.registered();
> +		s.set_bool("registered", lb.registered());
> +	} else {
> +		return;
> +	}
>  	internet_login();
>  }
>  
> 
> === modified file 'src/wui/login_box.cc'
> --- src/wui/login_box.cc	2019-02-23 11:00:49 +0000
> +++ src/wui/login_box.cc	2019-05-08 19:59:17 +0000
> @@ -113,3 +112,43 @@
>  	}
>  	return UI::Panel::handle_key(down, code);
>  }
> +
> +void LoginBox::verify_input() {
> +	// Check if all needed input fields are valid
> +	loginbtn->set_enabled(true);
> +	eb_nickname->set_tooltip("");
> +	eb_password->set_tooltip("");
> +	eb_nickname->set_warning(false);
> +	eb_password->set_warning(false);
> +
> +	if (eb_nickname->text().empty()) {
> +		eb_nickname->set_warning(true);
> +		eb_nickname->set_tooltip(_("Please enter a nickname!"));
> +		loginbtn->set_enabled(false);
> +	}
> +
> +	if (eb_nickname->text().find_first_not_of("abcdefghijklmnopqrstuvwxyz"
> +		"ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890@.+-_") <= eb_nickname->text().size()) {
> +			eb_nickname->set_warning(true);
> +			eb_nickname->set_tooltip(_("Enter a valid nickname. This value may contain only "
> +													  "English letters, numbers, and @ . + - _ characters."));
> +			loginbtn->set_enabled(false);
> +
> +	}
> +
> +	if (eb_password->text().empty() && cb_register->get_state()) {
> +		eb_password->set_warning(true);
> +		eb_password->set_tooltip(_("Please enter your password!"));
> +		eb_password->focus();
> +		loginbtn->set_enabled(false);
> +	}
> +
> +	if (!eb_password->text().empty() && !cb_register->get_state()) {
> +		eb_password->set_text("");
> +		eb_password->set_can_focus(false);
> +	}
> +
> +	if (eb_password->has_focus() && eb_password->text() == "*****") {

We only save a hash. We have no idea how long the entered password was. This is just an indicator to show the user, that a password was entered. Currently, we only show an empty box.

> +		eb_password->set_text("");
> +	}
> +}


-- 
https://code.launchpad.net/~widelands-dev/widelands/bug-1827786-metaserver-login-box/+merge/367100
Your team Widelands Developers is subscribed to branch lp:~widelands-dev/widelands/bug-1825932-open-games.


References