mirror of
https://github.com/2006-Scape/apollo.git
synced 2026-07-06 00:38:18 +00:00
Ensure the player's password is encrypted immediately after their profile is loaded.
This commit is contained in:
@@ -52,6 +52,7 @@ public final class BinaryPlayerLoader implements PlayerLoader {
|
|||||||
if (!file.exists()) {
|
if (!file.exists()) {
|
||||||
Player player = new Player(credentials, SPAWN_POSITION);
|
Player player = new Player(credentials, SPAWN_POSITION);
|
||||||
player.getBank().add(995, 25); // 25 coins
|
player.getBank().add(995, 25); // 25 coins
|
||||||
|
credentials.setPassword(SCryptUtil.scrypt(credentials.getPassword(), 16384, 8, 1));
|
||||||
return new PlayerLoaderResponse(LoginConstants.STATUS_OK, player);
|
return new PlayerLoaderResponse(LoginConstants.STATUS_OK, player);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -37,7 +37,7 @@ public final class BinaryPlayerSaver implements PlayerSaver {
|
|||||||
try (DataOutputStream out = new DataOutputStream(new FileOutputStream(file))) {
|
try (DataOutputStream out = new DataOutputStream(new FileOutputStream(file))) {
|
||||||
// write credentials and privileges
|
// write credentials and privileges
|
||||||
StreamUtil.writeString(out, player.getUsername());
|
StreamUtil.writeString(out, player.getUsername());
|
||||||
StreamUtil.writeString(out, player.getCredentials().getHashedPassword());
|
StreamUtil.writeString(out, player.getCredentials().getPassword());
|
||||||
out.writeByte(player.getPrivilegeLevel().toInteger());
|
out.writeByte(player.getPrivilegeLevel().toInteger());
|
||||||
out.writeBoolean(player.isMembers());
|
out.writeBoolean(player.isMembers());
|
||||||
|
|
||||||
|
|||||||
@@ -2,8 +2,6 @@ package org.apollo.security;
|
|||||||
|
|
||||||
import org.apollo.util.NameUtil;
|
import org.apollo.util.NameUtil;
|
||||||
|
|
||||||
import com.lambdaworks.crypto.SCryptUtil;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Holds the credentials for a player.
|
* Holds the credentials for a player.
|
||||||
*
|
*
|
||||||
@@ -61,15 +59,6 @@ public final class PlayerCredentials {
|
|||||||
return encodedUsername;
|
return encodedUsername;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Gets the hashed password
|
|
||||||
*
|
|
||||||
* @return The password (either the original loaded from file or scrypted)
|
|
||||||
*/
|
|
||||||
public String getHashedPassword() {
|
|
||||||
return password.startsWith("$s0$") ? password : SCryptUtil.scrypt(password, 16384, 8, 1);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Sets the player's password
|
* Sets the player's password
|
||||||
*
|
*
|
||||||
|
|||||||
Reference in New Issue
Block a user