From 936f186b6b767273fdc3c01f17311981c46e102c Mon Sep 17 00:00:00 2001
From: Nathanael Sensfelder <SpamShield0@MultiAgentSystems.org>
Date: Sat, 8 Sep 2018 05:28:28 +0200
Subject: Send "disconnected" cmd if user failed cred check.

This (currently) does not apply to the actual login page, but just to
any other action that requires being logged in.
---
 src/battle/query/btl_character_turn.erl | 30 ++++++++++++++++++------------
 1 file changed, 18 insertions(+), 12 deletions(-)

(limited to 'src/battle/query/btl_character_turn.erl')

diff --git a/src/battle/query/btl_character_turn.erl b/src/battle/query/btl_character_turn.erl
index b23a02e..62d4b4b 100644
--- a/src/battle/query/btl_character_turn.erl
+++ b/src/battle/query/btl_character_turn.erl
@@ -25,17 +25,17 @@ decode_request (BinaryRequest) ->
    btl_character_turn_request:decode(JSONMap).
 
 %%%% USER AUTHENTICATION %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
--spec authenticate_user (btl_character_turn_request:type()) -> 'ok'.
+-spec authenticate_user (btl_character_turn_request:type()) -> ('ok' | 'error').
 authenticate_user (Request) ->
    PlayerID = btl_character_turn_request:get_player_id(Request),
    SessionToken = btl_character_turn_request:get_session_token(Request),
 
    Player = shr_timed_cache:fetch(player_db, any, PlayerID),
 
-   shr_security:assert_identity(SessionToken, Player),
-   shr_security:lock_queries(PlayerID),
-
-   ok.
+   case shr_security:credentials_match(SessionToken, Player) of
+      true -> ok;
+      _ -> error
+   end.
 
 %%%% MAIN LOGIC %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 -spec fetch_data
@@ -265,13 +265,19 @@ generate_reply (Update) ->
 -spec handle (binary()) -> binary().
 handle (EncodedRequest) ->
    Request = decode_request(EncodedRequest),
-   authenticate_user(Request),
-   Data = fetch_data(Request),
-   assert_user_permissions(Data, Request),
-   Update = update_data(Data, Request),
-   commit_update(Update, Request),
-   disconnect_user(Request),
-   generate_reply(Update).
+   case authenticate_user(Request) of
+      ok ->
+         PlayerID = btl_character_turn_request:get_player_id(Request),
+         shr_security:lock_queries(PlayerID),
+         Data = fetch_data(Request),
+         assert_user_permissions(Data, Request),
+         Update = update_data(Data, Request),
+         commit_update(Update, Request),
+         disconnect_user(Request),
+         generate_reply(Update);
+
+      error -> jiffy:encode([shr_disconnected:generate()])
+   end.
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %% EXPORTED FUNCTIONS %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-- 
cgit v1.2.3-70-g09d2