widelands-dev team mailing list archive
-
widelands-dev team
-
Mailing list archive
-
Message #16940
Re: [Merge] lp:~widelands-dev/widelands/bug-1827786-metaserver-login-box into lp:widelands
Will address the strings later. For the others see the diff comments.
Diff comments:
> === modified file 'src/ui_fsmenu/multiplayer.cc'
> --- src/ui_fsmenu/multiplayer.cc 2019-02-23 11:00:49 +0000
> +++ src/ui_fsmenu/multiplayer.cc 2019-05-08 19:59:17 +0000
> @@ -58,21 +58,46 @@
> vbox_.add_inf_space();
> vbox_.add(&back, UI::Box::Resizing::kFullSize);
>
> - Section& s = g_options.pull_section("global");
> - auto_log_ = s.get_bool("auto_log", false);
> - if (auto_log_) {
This was redundant IMHO. You had to click 2 checkboxes to actually automatically login.
Now we handle it the following way: When you click the "use a registered account" checkbox, you must enter a password. If you don't, you can't login. As soon as you enter a password it will be stored and used to log the user in automatically the moment you click the login-button. If you don't want to use your online account any more just remove the tick.
> - showloginbox =
> + showloginbox =
> new UI::Button(this, "login_dialog", 0, 0, 0, 0, UI::ButtonStyle::kFsMenuSecondary,
> g_gr->images().get("images/ui_basic/continue.png"), _("Show login dialog"));
> - showloginbox->sigclicked.connect(
> + showloginbox->sigclicked.connect(
> boost::bind(&FullscreenMenuMultiPlayer::show_internet_login, boost::ref(*this)));
> - }
> layout();
> }
>
> /// called if the showloginbox button was pressed
> void FullscreenMenuMultiPlayer::show_internet_login() {
> - auto_log_ = false;
> + Section& s = g_options.pull_section("global");
> + LoginBox lb(*this);
> + if (lb.run<UI::Panel::Returncodes>() == UI::Panel::Returncodes::kOk) {
> + nickname_ = lb.get_nickname();
> + s.set_string("nickname", nickname_);
> + /// NOTE: The password is only stored (in memory and on disk) and transmitted (over the
> + /// network
> + /// to the metaserver) as cryptographic hash. This does NOT mean that the password is
> + /// stored
> + /// securely on the local disk. While the password should be secure while transmitted to
> + /// the
> + /// metaserver (no-one can use the transmitted data to log in as the user) this is not the
> + /// case
> + /// for local storage. The stored hash of the password makes it hard to look at the
> + /// configuration
> + /// file and figure out the plaintext password to, e.g., log in on the forum. However, the
> + /// stored hash can be copied to another system and used to log in as the user on the
> + /// metaserver.
> + // Further note: SHA-1 is considered broken and shouldn't be used anymore. But since the
> + // passwords on the server are protected by SHA-1 we have to use it here, too
> + if (lb.get_password() != "*****") {
> + password_ = crypto::sha1(lb.get_password());
> + s.set_string("password_sha1", password_);
> + }
> +
> + register_ = lb.registered();
> + s.set_bool("registered", lb.registered());
> + } else {
> + return;
> + }
> internet_login();
> }
>
>
> === modified file 'src/wui/login_box.cc'
> --- src/wui/login_box.cc 2019-02-23 11:00:49 +0000
> +++ src/wui/login_box.cc 2019-05-08 19:59:17 +0000
> @@ -113,3 +112,43 @@
> }
> return UI::Panel::handle_key(down, code);
> }
> +
> +void LoginBox::verify_input() {
> + // Check if all needed input fields are valid
> + loginbtn->set_enabled(true);
> + eb_nickname->set_tooltip("");
> + eb_password->set_tooltip("");
> + eb_nickname->set_warning(false);
> + eb_password->set_warning(false);
> +
> + if (eb_nickname->text().empty()) {
> + eb_nickname->set_warning(true);
> + eb_nickname->set_tooltip(_("Please enter a nickname!"));
> + loginbtn->set_enabled(false);
> + }
> +
> + if (eb_nickname->text().find_first_not_of("abcdefghijklmnopqrstuvwxyz"
> + "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890@.+-_") <= eb_nickname->text().size()) {
> + eb_nickname->set_warning(true);
> + eb_nickname->set_tooltip(_("Enter a valid nickname. This value may contain only "
> + "English letters, numbers, and @ . + - _ characters."));
> + loginbtn->set_enabled(false);
> +
> + }
> +
> + if (eb_password->text().empty() && cb_register->get_state()) {
> + eb_password->set_warning(true);
> + eb_password->set_tooltip(_("Please enter your password!"));
> + eb_password->focus();
> + loginbtn->set_enabled(false);
> + }
> +
> + if (!eb_password->text().empty() && !cb_register->get_state()) {
> + eb_password->set_text("");
> + eb_password->set_can_focus(false);
> + }
> +
> + if (eb_password->has_focus() && eb_password->text() == "*****") {
We only save a hash. We have no idea how long the entered password was. This is just an indicator to show the user, that a password was entered. Currently, we only show an empty box.
> + eb_password->set_text("");
> + }
> +}
--
https://code.launchpad.net/~widelands-dev/widelands/bug-1827786-metaserver-login-box/+merge/367100
Your team Widelands Developers is subscribed to branch lp:~widelands-dev/widelands/bug-1825932-open-games.
References