Add authenticator that uses OOOUser.checkPassword.
This allows webapps (like billing) to do the same password checking that the games do.
This commit is contained in:
@@ -15,9 +15,14 @@ import com.samskivert.jdbc.ConnectionProvider;
|
||||
|
||||
import com.samskivert.servlet.RedirectException;
|
||||
|
||||
import com.samskivert.servlet.user.AuthenticationFailedException;
|
||||
import com.samskivert.servlet.user.Authenticator;
|
||||
import com.samskivert.servlet.user.InvalidPasswordException;
|
||||
import com.samskivert.servlet.user.Password;
|
||||
import com.samskivert.servlet.user.User;
|
||||
import com.samskivert.servlet.user.UserManager;
|
||||
import com.samskivert.servlet.user.UserRepository;
|
||||
import com.samskivert.servlet.user.UserUtil;
|
||||
|
||||
import static com.threerings.user.Log.log;
|
||||
|
||||
@@ -26,6 +31,22 @@ import static com.threerings.user.Log.log;
|
||||
*/
|
||||
public class OOOUserManager extends UserManager
|
||||
{
|
||||
/** Checks passwords using {@link OOOUser#checkPassword}. */
|
||||
public static class OOOAuthenticator implements Authenticator {
|
||||
public void authenticateUser (User user, String username, Password password)
|
||||
throws AuthenticationFailedException
|
||||
{
|
||||
OOOUser ouser = (OOOUser)user;
|
||||
log.info("authenticateUser", "user", user, "password", password.getCleartext());
|
||||
char[] passchars = password.getCleartext().toCharArray();
|
||||
boolean matched = ouser.isArgon2Hashed() ?
|
||||
ouser.checkPassword(passchars) : user.passwordsMatch(password);
|
||||
if (!matched) {
|
||||
throw new InvalidPasswordException("error.invalid_password");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates our OOO User manager and prepares it for operation.
|
||||
*/
|
||||
|
||||
Reference in New Issue
Block a user