← Back to team overview

widelands-dev team mailing list archive

  1. widelands-dev team
  2. Mailing list archive
  3. Message #17115

Re: [Merge] lp:~widelands-dev/widelands/bug-1827786-metaserver-login-box-clean-start into lp:widelands

  Thread PreviousDate PreviousThread Next 
Please test again it should address all issues. The only problem is that the caret does not move properly. Help is appreciated. :)

@Gun have a look at the diff comment, please.

Diff comments:

> 
> === modified file 'src/ui_fsmenu/multiplayer.cc'
> --- src/ui_fsmenu/multiplayer.cc	2019-05-11 18:50:30 +0000
> +++ src/ui_fsmenu/multiplayer.cc	2019-05-14 13:16:07 +0000
> @@ -90,37 +107,17 @@
>   */
>  void FullscreenMenuMultiPlayer::internet_login() {
>  	Section& s = g_options.pull_section("global");
> -	if (auto_log_) {
> -		nickname_ = s.get_string("nickname", _("nobody"));
> -		password_ = s.get_string("password_sha1", "nobody");
> -		register_ = s.get_bool("registered", false);
> -	} else {
> -		LoginBox lb(*this);
> -		if (lb.run<UI::Panel::Returncodes>() == UI::Panel::Returncodes::kOk) {
> -			nickname_ = lb.get_nickname();
> -			/// NOTE: The password is only stored (in memory and on disk) and transmitted (over the
> -			/// network
> -			/// to the metaserver) as cryptographic hash. This does NOT mean that the password is
> -			/// stored
> -			/// securely on the local disk. While the password should be secure while transmitted to
> -			/// the
> -			/// metaserver (no-one can use the transmitted data to log in as the user) this is not the
> -			/// case
> -			/// for local storage. The stored hash of the password makes it hard to look at the
> -			/// configuration
> -			/// file and figure out the plaintext password to, e.g., log in on the forum. However, the
> -			/// stored hash can be copied to another system and used to log in as the user on the
> -			/// metaserver.
> -			// Further note: SHA-1 is considered broken and shouldn't be used anymore. But since the
> -			// passwords on the server are protected by SHA-1 we have to use it here, too
> -			password_ = crypto::sha1(lb.get_password());
> -			register_ = lb.registered();
> -
> -			s.set_bool("registered", lb.registered());
> -			s.set_bool("auto_log", lb.set_automaticlog());
> -		} else {
> -			return;
> -		}
> +
> +	nickname_ = s.get_string("nickname", "");
> +	password_ = s.get_string("password_sha1", "nobody");
> +	register_ = s.get_bool("registered", false);
> +
> +	// Checks can be done directly in editbox' by using valid_username().
> +	// This is just to be on the safe side, in case the user changed the password in the config file.
> +	if (nickname_.empty() || nickname_.find_first_not_of("abcdefghijklmnopqrstuvwxyz"
> +			"ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890@.+-_") <= nickname_.size()) {

As the comment says, this is just to make sure that the name is valid in case the user did a change the name directly in the config file. For all other username related checks I use valid_username(). Can this stay in?

> +		show_internet_login();
> +		return;
>  	}
>  
>  	// Try to connect to the metaserver


-- 
https://code.launchpad.net/~widelands-dev/widelands/bug-1827786-metaserver-login-box-clean-start/+merge/367320
Your team Widelands Developers is subscribed to branch lp:~widelands-dev/widelands/bug-1825932-open-games-clean-start.

References

  Thread PreviousDate PreviousThread Next