jeirmeister/Cockatrice
1
0
Fork 0
mirror of https://github.com/Cockatrice/Cockatrice.git synced 2026-06-12 17:14:52 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

use hashed passwords in all commands (#4493)

Browse source 
* protocol changes

* server changes

* client changes for password reset and registration

* add hashed password to change password in client

* always use hashed password to log in

* add warning to client when using plain text password

* require real password for changing email on server

this is backwards compatible as users logged in with a real password on
older clients will not need this, only users logged in with a hashed
password

* implement password dialog when changing email

* require min password length

* use qstringlist to build query instead

* use clear instead of = ""

* add max to password dialog

* use proper const ness in abstractclient

* reject too long passwords instead of trimming
This commit is contained in:
ebbit1q 2022-01-17 02:32:30 +01:00 committed by GitHub
parent fcafcb340a
commit 2fc85e0c08
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
17 changed files with 330 additions and 96 deletions
Download patch file Download diff file Expand all files Collapse all files

7
common/pb/session_commands.proto
View file

@ -119,7 +119,7 @@ message Command_Register {
// User name client wants to register
required string user_name = 1;
// Hashed password to be inserted into database
required string password = 2;
optional string password = 2;
// Email address of the client for user validation
optional string email = 3;
// gender = 4; // obsolete
@ -127,6 +127,7 @@ message Command_Register {
optional string country = 5;
optional string real_name = 6;
optional string clientid = 7;
optional string hashed_password = 8;
}
// User wants to activate an account
@ -149,6 +150,7 @@ message Command_AccountEdit {
optional string email = 2;
// gender = 3; // obsolete
optional string country = 4;
optional string password_check = 100; // password is required to change sensitive information
}
message Command_AccountImage {
@ -164,6 +166,8 @@ message Command_AccountPassword {
}
optional string old_password = 1;
optional string new_password = 2;
// optional string hashed_old_password = 3; // we don't want users to steal hashed passwords and change them
optional string hashed_new_password = 4;
}
message Command_ForgotPasswordRequest {
@ -182,6 +186,7 @@ message Command_ForgotPasswordReset {
optional string clientid = 2;
optional string token = 3;
optional string new_password = 4;
optional string hashed_new_password = 5;
}
message Command_ForgotPasswordChallenge {