Ensure the player's password is encrypted immediately after their profile is loaded.

This commit is contained in:
Major-
2014-08-08 06:40:34 +01:00
parent b58826aaaf
commit caa0eda7ee
3 changed files with 2 additions and 12 deletions
@@ -52,6 +52,7 @@ public final class BinaryPlayerLoader implements PlayerLoader {
if (!file.exists()) {
Player player = new Player(credentials, SPAWN_POSITION);
player.getBank().add(995, 25); // 25 coins
credentials.setPassword(SCryptUtil.scrypt(credentials.getPassword(), 16384, 8, 1));
return new PlayerLoaderResponse(LoginConstants.STATUS_OK, player);
}
@@ -37,7 +37,7 @@ public final class BinaryPlayerSaver implements PlayerSaver {
try (DataOutputStream out = new DataOutputStream(new FileOutputStream(file))) {
// write credentials and privileges
StreamUtil.writeString(out, player.getUsername());
StreamUtil.writeString(out, player.getCredentials().getHashedPassword());
StreamUtil.writeString(out, player.getCredentials().getPassword());
out.writeByte(player.getPrivilegeLevel().toInteger());
out.writeBoolean(player.isMembers());
@@ -2,8 +2,6 @@ package org.apollo.security;
import org.apollo.util.NameUtil;
import com.lambdaworks.crypto.SCryptUtil;
/**
* Holds the credentials for a player.
*
@@ -61,15 +59,6 @@ public final class PlayerCredentials {
return encodedUsername;
}
/**
* Gets the hashed password
*
* @return The password (either the original loaded from file or scrypted)
*/
public String getHashedPassword() {
return password.startsWith("$s0$") ? password : SCryptUtil.scrypt(password, 16384, 8, 1);
}
/**
* Sets the player's password
*