allow login using hashed passwords (#4464)

* Support getting a user's password salt via initial websocket connection (added to Event_ServerIdentification) * Nonsense stuff to figure out later * move passwordhasher to correct location * protobuf changes * add ext to protobuf * implement request password salt server side * add supportspasswordhash to server identification * check backwards compatibility * reset some changes to master * implement get password salt client side * implement checking hashed passwords on server login * check for registration requirement on getting password salt * properly check password salt response and show errors * remove unused property * add password salt to list of response types Co-authored-by: ZeldaZach <zahalpern+github@gmail.com>
2026-06-11 00:24:47 -07:00 · 2021-11-10 02:00:41 +01:00 · 2021-11-10 02:00:41 +01:00 · 45d86e7ab7
commit 45d86e7ab7
parent b0845837c2
23 changed files with 193 additions and 26 deletions
--- a/common/pb/CMakeLists.txt
+++ b/common/pb/CMakeLists.txt
@ -115,6 +115,7 @@ SET(PROTO_FILES
    moderator_commands.proto
    move_card_to_zone.proto
    response_activate.proto
+    response_adjust_mod.proto
    response_ban_history.proto
    response_deck_download.proto
    response_deck_list.proto
@ -126,13 +127,13 @@ SET(PROTO_FILES
    response_join_room.proto
    response_list_users.proto
    response_login.proto
+    response_password_salt.proto
    response_register.proto
    response_replay_download.proto
    response_replay_list.proto
-    response_adjust_mod.proto
+    response_viewlog_history.proto
    response_warn_history.proto
    response_warn_list.proto
-    response_viewlog_history.proto
    response.proto
    room_commands.proto
    room_event.proto
--- a/common/pb/event_server_identification.proto
+++ b/common/pb/event_server_identification.proto
@ -5,7 +5,12 @@ message Event_ServerIdentification {
    extend SessionEvent {
        optional Event_ServerIdentification ext = 500;
    }
+    enum ServerOptions {
+        NoOptions = 0;
+        SupportsPasswordHash = 1;
+    }
    optional string server_name = 1;
    optional string server_version = 2;
    optional uint32 protocol_version = 3;
+    optional ServerOptions server_options = 4 [default = NoOptions];
 }
--- a/common/pb/response.proto
+++ b/common/pb/response.proto
@ -61,6 +61,7 @@ message Response {
        WARN_LIST = 1014;
        VIEW_LOG = 1015;
        FORGOT_PASSWORD_REQUEST = 1016;
+        PASSWORD_SALT = 1017;
        REPLAY_LIST = 1100;
        REPLAY_DOWNLOAD = 1101;
    }
--- a/common/pb/response_password_salt.proto
+++ b/common/pb/response_password_salt.proto
@ -0,0 +1,9 @@
+syntax = "proto2";
+import "response.proto";
+
+message Response_PasswordSalt {
+    extend Response {
+        optional Response_PasswordSalt ext = 1017;
+    }
+    optional string password_salt = 1;
+}
--- a/common/pb/session_commands.proto
+++ b/common/pb/session_commands.proto
@ -27,6 +27,7 @@ message SessionCommand {
        FORGOT_PASSWORD_REQUEST = 1021;
        FORGOT_PASSWORD_RESET = 1022;
        FORGOT_PASSWORD_CHALLENGE = 1023;
+        REQUEST_PASSWORD_SALT = 1024;
        REPLAY_LIST = 1100;
        REPLAY_DOWNLOAD = 1101;
        REPLAY_MODIFY_MATCH = 1102;
@ -50,6 +51,7 @@ message Command_Login {
    optional string clientid = 3;
    optional string clientver = 4;
    repeated string clientfeatures = 5;
+    optional string hashed_password = 6;
 }

 message Command_Message {
@ -191,3 +193,10 @@ message Command_ForgotPasswordChallenge {
    optional string clientid = 2;
    optional string email = 3;
 }
+
+message Command_RequestPasswordSalt {
+    extend SessionCommand {
+        optional Command_RequestPasswordSalt ext = 1024;
+    }
+    required string user_name = 1;
+}