Fixed the bug where updating the config WorkFactor would mean that users could not log into their accounts once their passwords were updated to the new WorkFactor

2015-05-28 11:51:29 +09:30 · 2015-05-28 11:51:29 +09:30 · ec178f0c4a
commit ec178f0c4a
parent e33b6ebebc
2 changed files with 9 additions and 19 deletions
--- a/TShockAPI/Commands.cs
+++ b/TShockAPI/Commands.cs
@ -746,28 +746,27 @@ namespace TShockAPI
 			{
 				if (PlayerHooks.OnPlayerPreLogin(args.Player, args.Player.Name, ""))
 					return;
-				user = TShock.Users.GetUserByName(args.Player.Name);
 				usingUUID = true;
 			}
 			else if (args.Parameters.Count == 1)
 			{
 				if (PlayerHooks.OnPlayerPreLogin(args.Player, args.Player.Name, args.Parameters[0]))
 					return;
-				user = TShock.Users.GetUserByName(args.Player.Name);
 				password = args.Parameters[0];
 			}
 			else if (args.Parameters.Count == 2 && TShock.Config.AllowLoginAnyUsername)
 			{
-				if (PlayerHooks.OnPlayerPreLogin(args.Player, args.Parameters[0], args.Parameters[1]))
-					return;
-
-				user = TShock.Users.GetUserByName(args.Parameters[0]);
-				password = args.Parameters[1];
 				if (String.IsNullOrEmpty(args.Parameters[0]))
 				{
 					args.Player.SendErrorMessage("Bad login attempt.");
 					return;
 				}
+
+				if (PlayerHooks.OnPlayerPreLogin(args.Player, args.Parameters[0], args.Parameters[1]))
+					return;
+
+				user = TShock.Users.GetUserByName(args.Parameters[0]);
+				password = args.Parameters[1];
 			}
 			else
 			{
--- a/TShockAPI/DB/UserManager.cs
+++ b/TShockAPI/DB/UserManager.cs
@ -122,7 +122,7 @@ namespace TShockAPI.DB

 				if (
 					_database.Query("UPDATE Users SET Password = @0 WHERE Username = @1;", user.Password,
-					               user.Name) == 0)
+						user.Name) == 0)
 					throw new UserNotExistException(user.Name);
 			}
 			catch (Exception ex)
@ -443,7 +443,7 @@ namespace TShockAPI.DB
 			} 
 			catch (SaltParseException)
 			{
-				if (HashPassword(password).ToUpper() == Password.ToUpper())
+				if (String.Equals(HashPassword(password), Password, StringComparison.InvariantCultureIgnoreCase))
 				{
 					// Return true to keep blank passwords working but don't convert them to bcrypt.
 					if (Password == "non-existant password") {
@ -507,16 +507,7 @@ namespace TShockAPI.DB
 			{
 				try
 				{
-					Password = BCrypt.Net.BCrypt.HashPassword(password, TShock.Config.BCryptWorkFactor);
-				}
-				catch (ArgumentOutOfRangeException)
-				{
-					TShock.Log.ConsoleError("Invalid BCrypt work factor in config file! Refusing to change work-factor on exsting password.");
-				}
-
-				try
-				{
-					TShock.Users.SetUserPassword(this, Password);
+					TShock.Users.SetUserPassword(this, password);
 				}
 				catch (UserManagerException e)
 				{