mail[Wesnoth-commits] r24776 - in /branches/mp_registration/src: serialization/ server/


Others Months | Index by Date | Thread Index
>>   [Date Prev] [Date Next] [Thread Prev] [Thread Next]

Header


Content

Posted by baufo on March 18, 2008 - 10:55:
Author: baufo
Date: Tue Mar 18 10:55:37 2008
New Revision: 24776

URL: http://svn.gna.org/viewcvs/wesnoth?rev=24776&view=rev
Log:
Make only valid emails and alpha-numeric password registerable

Modified:
    branches/mp_registration/src/serialization/string_utils.cpp
    branches/mp_registration/src/serialization/string_utils.hpp
    branches/mp_registration/src/server/server.cpp
    branches/mp_registration/src/server/user_handler.cpp
    branches/mp_registration/src/server/user_handler.hpp

Modified: branches/mp_registration/src/serialization/string_utils.cpp
URL: 
http://svn.gna.org/viewcvs/wesnoth/branches/mp_registration/src/serialization/string_utils.cpp?rev=24776&r1=24775&r2=24776&view=diff
==============================================================================
--- branches/mp_registration/src/serialization/string_utils.cpp (original)
+++ branches/mp_registration/src/serialization/string_utils.cpp Tue Mar 18 
10:55:37 2008
@@ -416,8 +416,35 @@
        const size_t alnum = std::count_if(username.begin(), username.end(), 
isalnum);
        const size_t valid_char =
                        std::count_if(username.begin(), username.end(), 
is_username_char);
-       if ((alnum + valid_char != username.size()) 
+       if ((alnum + valid_char != username.size())
                        || valid_char == username.size() || username.empty() )
+       {
+               return false;
+       }
+       return true;
+}
+
+bool is_email_char(char c) {
+    //Are there any other non alpha-numeric characters allowed in email 
addresses?
+       return ((c == '_') || (c == '-') || (c == '.'));
+}
+
+bool is_at_symbol(char c) {
+       return (c == '@');
+}
+
+//! Check if an email address is valid.
+//! A valid email should look like <user>@<domain>
+bool isvalid_email(const std::string& email) {
+       const size_t alnum = std::count_if(email.begin(), email.end(), 
isalnum);
+       const size_t valid_char =
+                       std::count_if(email.begin(), email.end(), 
is_email_char);
+       const size_t at_symbol =
+                       std::count_if(email.begin(), email.end(), 
is_at_symbol);
+       if ((alnum + valid_char + at_symbol != email.size())
+            //We want exaclty one @
+            || at_symbol != 1
+                       || email.empty() )
        {
                return false;
        }
@@ -494,7 +521,7 @@
        return false;
 }
 
-//! Match using '*' as any number of characters (including none), 
+//! Match using '*' as any number of characters (including none),
 //! and '?' as any one character.
 bool wildcard_string_match(const std::string& str, const std::string& match) 
{
        const bool wild_matching = (!match.empty() && match[0] == '*');
@@ -634,7 +661,7 @@
        return count;
 }
 
-utf8_iterator::utf8_iterator(const std::string& str) : 
+utf8_iterator::utf8_iterator(const std::string& str) :
        current_char(0),
        string_end(str.end()),
        current_substr(std::make_pair(str.begin(), str.begin()))
@@ -642,7 +669,7 @@
        update();
 }
 
-utf8_iterator::utf8_iterator(std::string::const_iterator const &beg, 
+utf8_iterator::utf8_iterator(std::string::const_iterator const &beg,
                std::string::const_iterator const &end) :
        current_char(0),
        string_end(end),
@@ -873,9 +900,9 @@
 //! Truncates a string.
 //!
 //! If the string send has more than size utf-8 characters it will be 
truncated
-//! to this size. 
+//! to this size.
 //! No assumptions can be made about the actual size of the string.
-//! 
+//!
 //! @param[in]  str     String which can be converted to utf-8.
 //! @param[out] str     String which contains maximal size utf-8 characters.
 //! @param size         The size to truncate at.

Modified: branches/mp_registration/src/serialization/string_utils.hpp
URL: 
http://svn.gna.org/viewcvs/wesnoth/branches/mp_registration/src/serialization/string_utils.hpp?rev=24776&r1=24775&r2=24776&view=diff
==============================================================================
--- branches/mp_registration/src/serialization/string_utils.hpp (original)
+++ branches/mp_registration/src/serialization/string_utils.hpp Tue Mar 18 
10:55:37 2008
@@ -73,11 +73,13 @@
 bool word_completion(std::string& text, std::vector<std::string>& wordlist);
 //! Check if a message contains a word.
 bool word_match(const std::string& message, const std::string& word);
-//! Match using '*' as any number of characters (including none), 
+//! Match using '*' as any number of characters (including none),
 //! and '?' as any one character.
 bool wildcard_string_match(const std::string& str, const std::string& match);
 //! Check if the username contains only valid characters.
 bool isvalid_username(const std::string &login);
+//! Check if an email address looks like <user>@<domain>
+bool isvalid_email(const std::string &email);
 
 typedef std::map< std::string, t_string > string_map;
 //! Function which will interpolate variables, starting with '$' in the 
string 'str'

Modified: branches/mp_registration/src/server/server.cpp
URL: 
http://svn.gna.org/viewcvs/wesnoth/branches/mp_registration/src/server/server.cpp?rev=24776&r1=24775&r2=24776&view=diff
==============================================================================
--- branches/mp_registration/src/server/server.cpp (original)
+++ branches/mp_registration/src/server/server.cpp Tue Mar 18 10:55:37 2008
@@ -725,6 +725,10 @@
            //This name is registered and an incorrect password provided
            else if(user_handler_->user_exists(username) && 
!(user_handler_->login(username, password))) {
                send_password_request(sock, "The password you provided was 
incorrect");
+
+               LOG_SERVER << network::ip_address(sock) << "\t"
+                    << "Login attempt with incorrect password for username 
'" << username << "'\n.";
+
                //! @todo Stop brute-force attacks by rejecting  further 
login attempts by
                //! this IP for a few seconds or something similar
                return;
@@ -754,7 +758,7 @@
        if(user_handler_) {
         if (!(user_handler_->user_exists(username))) {
            lobby_.send_server_message("Your username is not registered. To 
prevent others from using \
-it type \"/register <password> <email>\".", sock);
+it type '/register <password> <email>'.", sock);
         }
        }
 
@@ -1038,7 +1042,6 @@
             lobby_.send_server_message("This server does not allow to 
register on it.", sock);
             return;
            }
-           //! @todo Check if provided values are sane
            try {
                (user_handler_->add_user(pl->second.name(), 
(*data.child("register"))["mail"].to_string(),
                 (*data.child("register"))["password"].to_string()));
@@ -1065,14 +1068,13 @@
            }
 
            if(!(user_handler_->user_exists(pl->second.name()))) {
-            lobby_.send_server_message("You are not registered. Please use 
the \"/register\" command first.",
+            lobby_.send_server_message("You are not registered. Please use 
the '/register' command first.",
                     sock);
             return;
            }
 
            const simple_wml::node& update = *(data.child("update_details"));
 
-           //! @todo Check if provided values are sane
            try {
             if(!(update["mail"].to_string().empty())) {
                 user_handler_->set_mail(pl->second.name(), 
update["mail"].to_string());

Modified: branches/mp_registration/src/server/user_handler.cpp
URL: 
http://svn.gna.org/viewcvs/wesnoth/branches/mp_registration/src/server/user_handler.cpp?rev=24776&r1=24775&r2=24776&view=diff
==============================================================================
--- branches/mp_registration/src/server/user_handler.cpp (original)
+++ branches/mp_registration/src/server/user_handler.cpp Tue Mar 18 10:55:37 
2008
@@ -31,7 +31,7 @@
        try {
                read(configuration, *stream, &errors);
                if (errors.empty()) {
-                       std::cout << "Server configuration from file: '" << 
users_file_
+                       std::cout << "Read user_handler configuration from 
file: '" << users_file_
                                << "' read.\n";
                } else {
                        std::cerr << "ERROR: Errors reading configuration 
file: '"
@@ -77,13 +77,13 @@
        try {
                scoped_ostream users_file = ostream_file(users_file_);
                write(*users_file , cfg_);
+               std::cout << "Users file written to '" << users_file_ << 
"'\n";
        } catch(io_exception&) {
-               std::cerr << "error writing to users file '" << 
get_prefs_file() << "'\n";
+               std::cerr << "ERROR: Writing to users file '" << users_file_ 
<< "'\n";
        }
 }
 
 bool user_handler::send_mail(const char* to_address, const char* subject, 
const char* message) {
-    std::cout << "sending mail..." << "\n";
 
     jwsmtp::mailer m(to_address, cfg_["from_address"].c_str(), subject, 
message,
             cfg_["mail_server"].c_str(), mail_port_, false);
@@ -98,7 +98,7 @@
 
     m.send();
 
-    std::cout << m.response() << "\n";
+    std::cout << "Sent email to " << to_address << " with response '" << 
m.response() << "'\n";
 
     if(m.response().substr(0,3) != "250") {
         return false;
@@ -114,13 +114,14 @@
 void user_handler::add_user(const std::string& name,
         const std::string& mail, const std::string& password) {
 
-    //! @todo Check if provided values are sane
-    //! (e.g. the email is either empty or looks like user@domain)
-
+    // Check if provided values are sane
+    // (e.g. the email is either empty or looks like user@domain)
+    check_password(password);
+    check_mail(mail);
 
     //Check if this user already exists
     if(user_exists(name)) {
-        throw error("Could not add new user. A user with the name \"" + name 
+ "\" already exists.");
+        throw error("Could not add new user. A user with the name '" + name 
+ "' already exists.");
     }
 
     //! @todo I guess we should only allow every email address to be 
registered only once
@@ -132,6 +133,8 @@
     //! @todo To save performance it we should of course not save
     //! the whole config everytime something changes
     save_config();
+
+    std::cout << "Created new user '" << name << "'\n";
 
     //Don't send a confirmation mail if we don't have an email
     if(mail.empty()) {
@@ -148,13 +151,13 @@
 
 void user_handler::password_reminder(const std::string& name) {
     if(!user_exists(name)) {
-        throw error("Could not send password reminder. No user with the name 
\"" + name + "\" exists.");
+        throw error("Could not send password reminder. No user with the name 
'" + name + "' exists.");
     }
 
     config& user = *(users_->child(name));
 
     if(user["mail"].empty()) {
-        throw error("Could not send password reminder. The email address of 
the user \"" + name + "\" is empty");
+        throw error("Could not send password reminder. The email address of 
the user '" + name + "' is empty");
     }
 
     std::stringstream msg;
@@ -171,13 +174,15 @@
 void user_handler::remove_user(const std::string& name) {
     //Return if the user does not exist
     if(!user_exists(name)) {
-        throw error("Could not remove user. No user with the name \"" + name 
+ "\" exists.");
+        throw error("Could not remove user. No user with the name '" + name 
+ "' exists.");
     }
     users_->remove_child(name, 0);
 
     //! @todo To save performance it we should of course not save
     //! the whole config everytime something changes
     save_config();
+
+    std::cout << "Removed user '" << name << "'\n";
 }
 
 bool user_handler::login(const std::string& name, const std::string& 
password) {
@@ -195,8 +200,8 @@
 
     //Return if the user does not exist
     if(!user_exists(name)) {
-        throw error("Could not set attribute \"" + attribute  + "\" for user 
\"" + name +
-        "\". No user with the name with this name exists.");
+        throw error("Could not set attribute '" + attribute  + "' for user 
'" + name +
+        "'. No user with the name with this name exists.");
     }
 
     config& user = *(users_->child(name));
@@ -210,3 +215,28 @@
 bool user_handler::user_exists(const std::string& name) {
     return ((users_->child(name)));
 }
+
+void user_handler::set_mail(const std::string& user, const std::string& 
mail) {
+    check_mail(mail);
+    set_user_attribute(user, "mail", mail);
+}
+
+void user_handler::set_password(const std::string& user, const std::string& 
password) {
+    check_password(password);
+    set_user_attribute(user, "password", password);
+}
+
+void user_handler::check_mail(const std::string& mail) {
+    if(!(mail.empty() ||utils::isvalid_email(mail))) {
+        throw error("The email adress '" + mail + "' appears to be 
invalid.");
+    }
+}
+
+void user_handler::check_password(const std::string& password) {
+    //I guess it is a good idea to have the same restrictions for password 
as for usernames
+    if (!utils::isvalid_username(password)) {
+        throw error( "This password contains invalid "
+            "characters. Only alpha-numeric characters, underscores and 
hyphens"
+                       "are allowed.");
+    }
+}

Modified: branches/mp_registration/src/server/user_handler.hpp
URL: 
http://svn.gna.org/viewcvs/wesnoth/branches/mp_registration/src/server/user_handler.hpp?rev=24776&r1=24775&r2=24776&view=diff
==============================================================================
--- branches/mp_registration/src/server/user_handler.hpp (original)
+++ branches/mp_registration/src/server/user_handler.hpp Tue Mar 18 10:55:37 
2008
@@ -26,27 +26,24 @@
         //! Remove users that registered but did never log in, etc.
         void clean_up();
 
-        //! @todo It might be a good idea to have all these boolean functions
-        //! rather throw exceptions to get more detailed error messages
-
         //! Adds a user.
         //! Returns false if adding fails (e.g. because a user with the same 
name already exists).
         void add_user(const std::string& name, const std::string& mail, 
const std::string& password);
+
         //! Removes a user-
-        //! Returns false if the user did not exist;
+        //! Returns false if the user does not exist
         void remove_user(const std::string& name);
 
+        //! Send a password reminder email to the given user
         void password_reminder(const std::string& name);
 
-        void set_mail(const std::string& user, const std::string& mail) {
-            set_user_attribute(user, "mail", mail);
-        }
+        void set_mail(const std::string& user, const std::string& mail);
+        void set_password(const std::string& user, const std::string& 
password);
 
-        void set_password(const std::string& user, const std::string& 
password) {
-            set_user_attribute(user, "password", password);
-        }
+        //! Returns true if the given password equals the password for the 
given user
+        bool login(const std::string& name, const std::string& password);
 
-        bool login(const std::string& name, const std::string& password);
+        //! Returns true if a user with the given name exists
         bool user_exists(const std::string& name);
 
 
@@ -63,6 +60,9 @@
         void set_user_attribute(const std::string& name,
                 const std::string& attribute, const std::string& value);
 
+        void check_mail(const std::string& mail);
+        void check_password(const std::string& password);
+
         std::string users_file_;
         unsigned short mail_port_;
 




Related Messages


Powered by MHonArc, Updated Tue Mar 18 13:41:10 2008