themaster1970sf/TShock
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions

Move all TShock usages to use User.VerifyPassword()

Browse source
This commit is contained in:
Lucas Nicodemus 2015-04-13 11:16:21 -06:00
parent bbf6fd2c86
commit 37b5a52fdb
5 changed files with 10 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

12
TShockAPI/Commands.cs
View file

@ -740,7 +740,7 @@ namespace TShockAPI
} }
User user = TShock.Users.GetUserByName(args.Player.Name); User user = TShock.Users.GetUserByName(args.Player.Name);
string encrPass = ""; string password = "";
bool usingUUID = false; bool usingUUID = false;
if (args.Parameters.Count == 0 && !TShock.Config.DisableUUIDLogin) if (args.Parameters.Count == 0 && !TShock.Config.DisableUUIDLogin)
{ {
@ -754,7 +754,7 @@ namespace TShockAPI
if (Hooks.PlayerHooks.OnPlayerPreLogin(args.Player, args.Player.Name, args.Parameters[0])) if (Hooks.PlayerHooks.OnPlayerPreLogin(args.Player, args.Player.Name, args.Parameters[0]))
return; return;
user = TShock.Users.GetUserByName(args.Player.Name); user = TShock.Users.GetUserByName(args.Player.Name);
encrPass = TShock.Utils.HashPassword(args.Parameters[0]); password = args.Parameters[0];
} }
else if (args.Parameters.Count == 2 && TShock.Config.AllowLoginAnyUsername) else if (args.Parameters.Count == 2 && TShock.Config.AllowLoginAnyUsername)
{ {
@ -762,7 +762,7 @@ namespace TShockAPI
return; return;
user = TShock.Users.GetUserByName(args.Parameters[0]); user = TShock.Users.GetUserByName(args.Parameters[0]);
encrPass = TShock.Utils.HashPassword(args.Parameters[1]); password = args.Parameters[1];
if (String.IsNullOrEmpty(args.Parameters[0])) if (String.IsNullOrEmpty(args.Parameters[0]))
{ {
args.Player.SendErrorMessage("Bad login attempt."); args.Player.SendErrorMessage("Bad login attempt.");
@ -783,7 +783,7 @@ namespace TShockAPI
{ {
args.Player.SendErrorMessage("A user by that name does not exist."); args.Player.SendErrorMessage("A user by that name does not exist.");
} }
else if (user.Password.ToUpper() == encrPass.ToUpper() || else if (user.VerifyPassword(password) ||
(usingUUID && user.UUID == args.Player.UUID && !TShock.Config.DisableUUIDLogin && (usingUUID && user.UUID == args.Player.UUID && !TShock.Config.DisableUUIDLogin &&
!String.IsNullOrWhiteSpace(args.Player.UUID))) !String.IsNullOrWhiteSpace(args.Player.UUID)))
{ {
@ -888,8 +888,8 @@ namespace TShockAPI
if (args.Player.IsLoggedIn && args.Parameters.Count == 2) if (args.Player.IsLoggedIn && args.Parameters.Count == 2)
{ {
var user = TShock.Users.GetUserByName(args.Player.UserAccountName); var user = TShock.Users.GetUserByName(args.Player.UserAccountName);
string encrPass = TShock.Utils.HashPassword(args.Parameters[0]); string password = args.Parameters[0];
if (user.Password.ToUpper() == encrPass.ToUpper()) if (user.VerifyPassword(password))
{ {
args.Player.SendSuccessMessage("You changed your password!"); args.Player.SendSuccessMessage("You changed your password!");
TShock.Users.SetUserPassword(user, args.Parameters[1]); // SetUserPassword will hash it for you. TShock.Users.SetUserPassword(user, args.Parameters[1]); // SetUserPassword will hash it for you.

2
TShockAPI/DB/UserManager.cs
View file

@ -115,7 +115,7 @@ namespace TShockAPI.DB
try try
{ {
if ( if (
database.Query("UPDATE Users SET Password = @0 WHERE Username = @1;", TShock.Utils.HashPassword(password), database.Query("UPDATE Users SET Password = @0 WHERE Username = @1;", user.Password,
user.Name) == 0) user.Name) == 0)
throw new UserNotExistException(user.Name); throw new UserNotExistException(user.Name);
} }

3
TShockAPI/GetDataHandlers.cs
View file

@ -1512,8 +1512,7 @@ namespace TShockAPI
var user = TShock.Users.GetUserByName(args.Player.Name); var user = TShock.Users.GetUserByName(args.Player.Name);
if (user != null && !TShock.Config.DisableLoginBeforeJoin) if (user != null && !TShock.Config.DisableLoginBeforeJoin)
{ {
string encrPass = TShock.Utils.HashPassword(password); if (user.VerifyPassword(password))
if (user.Password.ToUpper() == encrPass.ToUpper())
{ {
args.Player.RequiresPassword = false; args.Player.RequiresPassword = false;
args.Player.PlayerData = TShock.CharacterDB.GetPlayerData(args.Player, TShock.Users.GetUserID(args.Player.Name)); args.Player.PlayerData = TShock.CharacterDB.GetPlayerData(args.Player, TShock.Users.GetUserID(args.Player.Name));

2
TShockAPI/Rest/SecureRest.cs
View file

@ -132,7 +132,7 @@ namespace Rests
if (userAccount == null) if (userAccount == null)
return new RestObject("401") { Error = "Invalid username/password combination provided. Please re-submit your query with a correct pair." }; return new RestObject("401") { Error = "Invalid username/password combination provided. Please re-submit your query with a correct pair." };
if (!TShock.Utils.HashPassword(password).Equals(userAccount.Password, StringComparison.InvariantCultureIgnoreCase)) if (!userAccount.VerifyPassword(password))
return new RestObject("401") return new RestObject("401")
{ Error = "Invalid username/password combination provided. Please re-submit your query with a correct pair." }; { Error = "Invalid username/password combination provided. Please re-submit your query with a correct pair." };

2
TShockAPI/Utils.cs
View file

@ -723,7 +723,7 @@ namespace TShockAPI
/// <summary> /// <summary>
/// Default hashing algorithm. /// Default hashing algorithm.
/// </summary> /// </summary>
[Obsolete("This is no longer necessary, please use TShock.Config.HashAlgorithm instead.")] [Obsolete("This is no longer necessary, please use TShock.Config.HashAlgorithm instead if you really need it (but use User.VerifyPassword(password)) for verifying passwords.")]
public string HashAlgo = "sha512"; public string HashAlgo = "sha512";
/// <summary> /// <summary>