# HG changeset patch # User alfadur # Date 1559513757 -10800 # Node ID 823052e666117f9692ad84a412d1f68bcf431b4b # Parent 80ff12edf5e699d05a2d1df3e403d49e09be9e0b check for account existence before asking passwords diff -r 80ff12edf5e6 -r 823052e66611 rust/hedgewars-server/src/handlers.rs --- a/rust/hedgewars-server/src/handlers.rs Sun Jun 02 23:58:12 2019 +0300 +++ b/rust/hedgewars-server/src/handlers.rs Mon Jun 03 01:15:57 2019 +0300 @@ -57,6 +57,9 @@ } pub enum IoTask { + CheckRegistered { + nick: String, + }, GetAccount { nick: String, protocol: u16, @@ -80,6 +83,7 @@ #[derive(Debug)] pub enum IoResult { + AccountRegistered(bool), Account(Option), Replay(Option), SaveRoom(RoomId, bool), @@ -328,22 +332,30 @@ io_result: IoResult, ) { match io_result { - IoResult::Account(Some(info)) => { - if !info.is_registered && server.is_registered_only() { + IoResult::AccountRegistered(is_registered) => { + if !is_registered && server.is_registered_only() { response.add( Bye("This server only allows registered users to join.".to_string()) .send_self(), ); response.remove_client(client_id); - } else { - response.add(ServerAuth(format!("{:x}", info.server_hash)).send_self()); - if let Some(client) = server.anteroom.remove_client(client_id) { - server.add_client(client_id, client); - let client = &mut server.clients[client_id]; - client.set_is_registered(info.is_registered); - client.set_is_admin(info.is_admin); - client.set_is_contributor(info.is_admin) - } + } else if is_registered { + let salt = server.anteroom.clients[client_id].server_salt.clone(); + response.add(AskPassword(salt).send_self()); + } else if let Some(client) = server.anteroom.remove_client(client_id) { + server.add_client(client_id, client); + common::join_lobby(server, response); + } + } + IoResult::Account(Some(info)) => { + response.add(ServerAuth(format!("{:x}", info.server_hash)).send_self()); + if let Some(client) = server.anteroom.remove_client(client_id) { + server.add_client(client_id, client); + let client = &mut server.clients[client_id]; + client.set_is_registered(info.is_registered); + client.set_is_admin(info.is_admin); + client.set_is_contributor(info.is_contributor); + common::join_lobby(server, response); } } IoResult::Account(None) => { diff -r 80ff12edf5e6 -r 823052e66611 rust/hedgewars-server/src/handlers/inanteroom.rs --- a/rust/hedgewars-server/src/handlers/inanteroom.rs Sun Jun 02 23:58:12 2019 +0300 +++ b/rust/hedgewars-server/src/handlers/inanteroom.rs Mon Jun 03 01:15:57 2019 +0300 @@ -47,7 +47,9 @@ } else { #[cfg(feature = "official-server")] { - response.add(AskPassword(client.server_salt.clone()).send_self()); + response.request_io(super::IoTask::CheckRegistered { + nick: client.nick.as_ref().unwrap().clone(), + }); LoginResult::Unchanged } diff -r 80ff12edf5e6 -r 823052e66611 rust/hedgewars-server/src/server/database.rs --- a/rust/hedgewars-server/src/server/database.rs Sun Jun 02 23:58:12 2019 +0300 +++ b/rust/hedgewars-server/src/server/database.rs Mon Jun 03 01:15:57 2019 +0300 @@ -4,6 +4,9 @@ use crate::handlers::{AccountInfo, Sha1Digest}; +const CHECK_ACCOUNT_EXISTS_QUERY: &str = + r"SELECT 1 FROM users WHERE users.name = :username LIMIT 1"; + const GET_ACCOUNT_QUERY: &str = r"SELECT CASE WHEN users.status = 1 THEN users.pass ELSE '' END, (SELECT COUNT(users_roles.rid) FROM users_roles WHERE users.uid = users_roles.uid AND users_roles.rid = 3), @@ -11,9 +14,9 @@ FROM users WHERE users.name = :username"; const STORE_STATS_QUERY: &str = r"INSERT INTO gameserver_stats - (players, rooms, last_update) - VALUES - (:players, :rooms, UNIX_TIMESTAMP())"; + (players, rooms, last_update) + VALUES + (:players, :rooms, UNIX_TIMESTAMP())"; const GET_REPLAY_NAME_QUERY: &str = r"SELECT filename FROM achievements WHERE id = :id"; @@ -39,6 +42,17 @@ Ok(()) } + pub fn is_registered(&mut self, nick: &str) -> Result { + if let Some(pool) = &self.pool { + let is_registered = pool + .first_exec(CHECK_ACCOUNT_EXISTS_QUERY, params! { "username" => nick })? + .is_some(); + Ok(is_registered) + } else { + Err(DriverError::SetupError.into()) + } + } + pub fn get_account( &mut self, nick: &str, @@ -101,7 +115,7 @@ if let Some(row) = pool.first_exec(GET_REPLAY_NAME_QUERY, params! { "id" => replay_id })? { - let (filename) = from_row_opt::<(String)>(row)?; + let filename = from_row_opt::<(String)>(row)?; Ok(Some(filename)) } else { Ok(None) diff -r 80ff12edf5e6 -r 823052e66611 rust/hedgewars-server/src/server/io.rs --- a/rust/hedgewars-server/src/server/io.rs Sun Jun 02 23:58:12 2019 +0300 +++ b/rust/hedgewars-server/src/server/io.rs Mon Jun 03 01:15:57 2019 +0300 @@ -31,6 +31,14 @@ thread::spawn(move || { while let Ok((request_id, task)) = io_rx.recv() { let response = match task { + IoTask::CheckRegistered { nick } => match db.is_registered(&nick) { + Ok(is_registered) => IoResult::AccountRegistered(is_registered), + Err(e) => { + warn!("Unable to check account's existence: {}", e); + IoResult::AccountRegistered(false) + } + }, + IoTask::GetAccount { nick, protocol, diff -r 80ff12edf5e6 -r 823052e66611 rust/hedgewars-server/src/server/network.rs --- a/rust/hedgewars-server/src/server/network.rs Sun Jun 02 23:58:12 2019 +0300 +++ b/rust/hedgewars-server/src/server/network.rs Mon Jun 03 01:15:57 2019 +0300 @@ -21,7 +21,7 @@ core::{server::HwServer, types::ClientId}, handlers, handlers::{IoResult, IoTask}, - protocol::{messages::*, messages::HwServerMessage::Redirect, ProtocolDecoder}, + protocol::{messages::HwServerMessage::Redirect, messages::*, ProtocolDecoder}, utils, };