From 936f186b6b767273fdc3c01f17311981c46e102c Mon Sep 17 00:00:00 2001 From: Nathanael Sensfelder Date: Sat, 8 Sep 2018 05:28:28 +0200 Subject: Send "disconnected" cmd if user failed cred check. This (currently) does not apply to the actual login page, but just to any other action that requires being logged in. --- src/player/query/plr_load.erl | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) (limited to 'src/player') diff --git a/src/player/query/plr_load.erl b/src/player/query/plr_load.erl index 7adb114..2b15c2a 100644 --- a/src/player/query/plr_load.erl +++ b/src/player/query/plr_load.erl @@ -48,16 +48,17 @@ parse_input (Req) -> target_id = TargetID }. --spec authenticate_user (input()) -> 'ok'. +-spec authenticate_user (input()) -> ('ok' | 'error'). authenticate_user (Input) -> PlayerID = Input#input.player_id, SessionToken = Input#input.session_token, Player = shr_timed_cache:fetch(player_db, any, PlayerID), - shr_security:assert_identity(SessionToken, Player), - - ok. + case shr_security:credentials_match(SessionToken, Player) of + true -> ok; + _ -> error + end. -spec fetch_data (input()) -> query_state(). fetch_data (Input) -> @@ -82,11 +83,15 @@ generate_reply (QueryState, _Input) -> -spec handle (binary()) -> binary(). handle (Req) -> Input = parse_input(Req), - authenticate_user(Input), - shr_security:lock_queries(Input#input.player_id), - QueryState = fetch_data(Input), - shr_security:unlock_queries(Input#input.player_id), - generate_reply(QueryState, Input). + case authenticate_user(Input) of + ok -> + shr_security:lock_queries(Input#input.player_id), + QueryState = fetch_data(Input), + shr_security:unlock_queries(Input#input.player_id), + generate_reply(QueryState, Input); + + error -> jiffy:encode([shr_disconnected:generate()]) + end. %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %% EXPORTED FUNCTIONS %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -- cgit v1.2.3-70-g09d2