Stuff
This commit is contained in:
@@ -1,75 +0,0 @@
|
||||
import { Prompt } from "../prompt.js";
|
||||
import { Security } from "../../utils/security.js";
|
||||
import { Config } from "../../config.js";
|
||||
|
||||
export class CreatePasswordPrompt extends Prompt {
|
||||
//
|
||||
message = ["Enter a password"];
|
||||
|
||||
//
|
||||
// Let the client know that we're asking for a password
|
||||
// so it can set <input type="password">
|
||||
options = { password: true };
|
||||
|
||||
get player() {
|
||||
return this.scene.player;
|
||||
}
|
||||
|
||||
onReply(text) {
|
||||
//
|
||||
// Check of the password is sane. This is both bad from a security point
|
||||
// of view, and technically not necessary as insane passwords couldn't
|
||||
// reside in the player lists. However, let's save some CPU cycles on
|
||||
// not hashing an insane password 1000+ times.
|
||||
// This is technically bad practice, but since this is just a game,
|
||||
// do it anyway.
|
||||
if (!Security.isPasswordSane(text)) {
|
||||
this.sendError("Insane password");
|
||||
this.execute();
|
||||
return;
|
||||
}
|
||||
|
||||
//
|
||||
// Block users who enter bad passwords too many times.
|
||||
if (this.player.failedPasswordsSinceLastLogin > Config.maxFailedLogins) {
|
||||
this.blockedUntil = Date.now() + Config.accountLockoutSeconds;
|
||||
this.calamity("You have been locked out for too many failed password attempts, come back later");
|
||||
return;
|
||||
}
|
||||
|
||||
//
|
||||
// Handle blocked users.
|
||||
// They don't even get to have their password verified.
|
||||
if (this.player.blockedUntil > Date.now()) {
|
||||
//
|
||||
// Try to re-login too soon, and your lockout lasts longer.
|
||||
this.blockedUntil += Config.accountLockoutSeconds;
|
||||
this.calamity("You have been locked out for too many failed password attempts, come back later");
|
||||
return;
|
||||
}
|
||||
|
||||
//
|
||||
// Verify the password against the hash we've stored.
|
||||
if (!Security.verifyPassword(text, this.player.passwordHash)) {
|
||||
this.sendError("Incorrect password!");
|
||||
this.player.failedPasswordsSinceLastLogin++;
|
||||
|
||||
this.session.sendDebug(`Failed login attempt #${this.player.failedPasswordsSinceLastLogin}`);
|
||||
this.execute();
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
this.player.lastSucessfulLoginAt = new Date();
|
||||
this.player.failedPasswordsSinceLastLogin = 0;
|
||||
|
||||
//
|
||||
// We do not allow a player to be logged in more than once!
|
||||
if (this.player.loggedIn) {
|
||||
this.calamity("This player is already logged in");
|
||||
return;
|
||||
}
|
||||
|
||||
this.scene.passwordAccepted();
|
||||
}
|
||||
}
|
||||
@@ -1,58 +0,0 @@
|
||||
import { Prompt } from "../prompt.js";
|
||||
import { Security } from "../../utils/security.js";
|
||||
import { gGame } from "../../models/globals.js";
|
||||
|
||||
/** @typedef {import("./playerCreationScene.js").PlayerCreationScene} PlayerCreationScene */
|
||||
|
||||
export class CreateUsernamePrompt extends Prompt {
|
||||
//
|
||||
message = [
|
||||
"Enter your username", //
|
||||
"((type *:help* for more info))", //
|
||||
];
|
||||
|
||||
//
|
||||
// When player types :help
|
||||
help = [
|
||||
"Your username.",
|
||||
"It's used, along with your password, when you log in.",
|
||||
"Other players can see it.",
|
||||
"Other players can use it to chat or trade with you",
|
||||
"It may only consist of the letters _a-z_, _A-Z_, _0-9_, and _underscore_",
|
||||
];
|
||||
|
||||
//
|
||||
// Let the client know that we're asking for a username
|
||||
options = { username: true };
|
||||
|
||||
/** @protected @type {PlayerCreationScene} */
|
||||
_scene;
|
||||
|
||||
onReply(username) {
|
||||
//
|
||||
// do basic syntax checks on usernames
|
||||
if (!Security.isUsernameSane(username)) {
|
||||
console.info("Someone entered insane username: '%s'", username);
|
||||
this.sendError("Incorrect username, try again.");
|
||||
this.execute();
|
||||
return;
|
||||
}
|
||||
|
||||
//
|
||||
// try and fetch the player object from the game
|
||||
const player = gGame.getPlayerByUsername(username);
|
||||
|
||||
//
|
||||
// handle invalid username
|
||||
if (player) {
|
||||
console.info("Someone tried to create a user with an occupied username: '%s'", username);
|
||||
this.sendError("Occupied, try something else");
|
||||
this.execute();
|
||||
return;
|
||||
}
|
||||
|
||||
//
|
||||
// Tell owner that we're done
|
||||
this._scene.usernameAccepted(username);
|
||||
}
|
||||
}
|
||||
@@ -1,8 +1,11 @@
|
||||
import { Config } from "../../config.js";
|
||||
import { gGame } from "../../models/globals.js";
|
||||
import { Security } from "../../utils/security.js";
|
||||
import { Prompt } from "../prompt.js";
|
||||
import { Scene } from "../scene.js";
|
||||
import { CreateUsernamePrompt } from "./createUsernamePrompt.js";
|
||||
import { Security } from "../../utils/security.js";
|
||||
import { gGame } from "../../models/globals.js";
|
||||
import { AuthenticationScene } from "../authentication/authenticationScene.js";
|
||||
|
||||
const MAX_PASSWORD_ATTEMPTS = 3;
|
||||
|
||||
export class PlayerCreationScene extends Scene {
|
||||
intro = "= Create Player";
|
||||
@@ -20,7 +23,7 @@ export class PlayerCreationScene extends Scene {
|
||||
this.session.calamity("Server is full, no more players can be created");
|
||||
}
|
||||
|
||||
this.showPrompt(new CreateUsernamePrompt(this));
|
||||
this.showPrompt(new UsernamePrompt(this));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -33,10 +36,10 @@ export class PlayerCreationScene extends Scene {
|
||||
this.player = player;
|
||||
|
||||
this.session.sendSystemMessage("salt", player.salt);
|
||||
this.session.sendText(`Username _*${username}*_ is available, and I've reserved it for you :)`);
|
||||
|
||||
//
|
||||
this.session.sendError("TODO: create a createPasswordPrompt and display it.");
|
||||
this.session.sendText(`Username _*${username}*_ has been reserved for you`);
|
||||
|
||||
this.show(PasswordPrompt);
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -47,7 +50,153 @@ export class PlayerCreationScene extends Scene {
|
||||
*/
|
||||
passwordAccepted(password) {
|
||||
this.password = password;
|
||||
this.session.sendText("*_Success_* ✅ You will now be asked to log in again, sorry for that ;)");
|
||||
this.player.setPasswordHash(Security.generateHash(this.password));
|
||||
this.session.sendText("*_Success_* ✅ You will now be asked to log in again, sorry about that ;)");
|
||||
this.session.setScene(new AuthenticationScene(this.session));
|
||||
}
|
||||
}
|
||||
|
||||
// _ _
|
||||
// | | | |___ ___ _ __ _ __ __ _ _ __ ___ ___
|
||||
// | | | / __|/ _ \ '__| '_ \ / _` | '_ ` _ \ / _ \
|
||||
// | |_| \__ \ __/ | | | | | (_| | | | | | | __/
|
||||
// \___/|___/\___|_| |_| |_|\__,_|_| |_| |_|\___|
|
||||
//
|
||||
// ____ _
|
||||
// | _ \ _ __ ___ _ __ ___ _ __ | |_
|
||||
// | |_) | '__/ _ \| '_ ` _ \| '_ \| __|
|
||||
// | __/| | | (_) | | | | | | |_) | |_
|
||||
// |_| |_| \___/|_| |_| |_| .__/ \__|
|
||||
// |_|
|
||||
class UsernamePrompt extends Prompt {
|
||||
//
|
||||
message = [
|
||||
"Enter your username", //
|
||||
"((type *:help* for more info))", //
|
||||
];
|
||||
|
||||
//
|
||||
// When player types :help
|
||||
help = [
|
||||
"Your username.",
|
||||
"It's used, along with your password, when you log in.",
|
||||
"Other players can see it.",
|
||||
"Other players can use it to chat or trade with you",
|
||||
"It may only consist of the letters _a-z_, _A-Z_, _0-9_, and _underscore_",
|
||||
];
|
||||
|
||||
//
|
||||
// Let the client know that we're asking for a username
|
||||
options = { username: true };
|
||||
|
||||
/** @type {PlayerCreationScene} */
|
||||
get scene() {
|
||||
return this._scene;
|
||||
}
|
||||
|
||||
onReply(username) {
|
||||
//
|
||||
// do basic syntax checks on usernames
|
||||
if (!Security.isUsernameSane(username)) {
|
||||
console.info("Someone entered insane username: '%s'", username);
|
||||
this.sendError("Incorrect username, try again.");
|
||||
this.execute();
|
||||
return;
|
||||
}
|
||||
|
||||
//
|
||||
// try and fetch the player object from the game
|
||||
const player = gGame.getPlayerByUsername(username);
|
||||
|
||||
//
|
||||
// handle invalid username
|
||||
if (player) {
|
||||
console.info("Someone tried to create a user with an occupied username: '%s'", username);
|
||||
this.sendError("Occupied, try something else");
|
||||
this.execute();
|
||||
return;
|
||||
}
|
||||
|
||||
this.scene.usernameAccepted(username);
|
||||
}
|
||||
}
|
||||
|
||||
// ____ _
|
||||
// | _ \ __ _ ___ _____ _____ _ __ __| |
|
||||
// | |_) / _` / __/ __\ \ /\ / / _ \| '__/ _` |
|
||||
// | __/ (_| \__ \__ \\ V V / (_) | | | (_| |
|
||||
// |_| \__,_|___/___/ \_/\_/ \___/|_| \__,_|
|
||||
//
|
||||
// ____ _
|
||||
// | _ \ _ __ ___ _ __ ___ _ __ | |_
|
||||
// | |_) | '__/ _ \| '_ ` _ \| '_ \| __|
|
||||
// | __/| | | (_) | | | | | | |_) | |_
|
||||
// |_| |_| \___/|_| |_| |_| .__/ \__|
|
||||
// |_|
|
||||
class PasswordPrompt extends Prompt {
|
||||
//
|
||||
message = "Enter a password";
|
||||
|
||||
//
|
||||
// Let the client know that we're asking for a password
|
||||
// so it can set <input type="password">
|
||||
options = { password: true };
|
||||
|
||||
/** @type {string?} Password that was previously entered. */
|
||||
firstPassword = undefined;
|
||||
|
||||
errorCount = 0;
|
||||
|
||||
/** @type {PlayerCreationScene} */
|
||||
get scene() {
|
||||
return this._scene;
|
||||
}
|
||||
|
||||
beforeExecute() {
|
||||
if (this.errorCount > MAX_PASSWORD_ATTEMPTS) {
|
||||
this.firstPassword = false;
|
||||
this.errorCount = 0;
|
||||
this.message = ["Too many errors - starting over", "Enter password"];
|
||||
return;
|
||||
}
|
||||
|
||||
if (this.firstPassword && this.errorCount === 0) {
|
||||
this.message = "Repeat the password";
|
||||
return;
|
||||
}
|
||||
|
||||
if (this.firstPassword && this.errorCount > 0) {
|
||||
this.message = [
|
||||
"Repeat the password",
|
||||
`((attempt nr. ${this.errorCount + 1} of ${MAX_PASSWORD_ATTEMPTS + 1}))`,
|
||||
];
|
||||
return;
|
||||
}
|
||||
|
||||
this.errorCount = 0;
|
||||
this.message = "Enter a password";
|
||||
}
|
||||
|
||||
onReply(str) {
|
||||
if (!Security.isPasswordSane(str)) {
|
||||
this.sendError("Invalid password format.");
|
||||
this.errorCount++;
|
||||
this.execute();
|
||||
return;
|
||||
}
|
||||
|
||||
if (!this.firstPassword) {
|
||||
this.firstPassword = str;
|
||||
this.execute();
|
||||
return;
|
||||
}
|
||||
|
||||
if (this.firstPassword !== str) {
|
||||
this.errorCount++;
|
||||
this.execute();
|
||||
return;
|
||||
}
|
||||
|
||||
this.scene.passwordAccepted(str);
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user