Add authenticator that uses OOOUser.checkPassword.

This allows webapps (like billing) to do the same password checking that the
games do.
This commit is contained in:
Michael Bayne
2026-01-28 10:31:08 -08:00
parent adfc9a1d3d
commit 0b9822c706
@@ -15,9 +15,14 @@ import com.samskivert.jdbc.ConnectionProvider;
import com.samskivert.servlet.RedirectException;
import com.samskivert.servlet.user.AuthenticationFailedException;
import com.samskivert.servlet.user.Authenticator;
import com.samskivert.servlet.user.InvalidPasswordException;
import com.samskivert.servlet.user.Password;
import com.samskivert.servlet.user.User;
import com.samskivert.servlet.user.UserManager;
import com.samskivert.servlet.user.UserRepository;
import com.samskivert.servlet.user.UserUtil;
import static com.threerings.user.Log.log;
@@ -26,6 +31,22 @@ import static com.threerings.user.Log.log;
*/
public class OOOUserManager extends UserManager
{
/** Checks passwords using {@link OOOUser#checkPassword}. */
public static class OOOAuthenticator implements Authenticator {
public void authenticateUser (User user, String username, Password password)
throws AuthenticationFailedException
{
OOOUser ouser = (OOOUser)user;
log.info("authenticateUser", "user", user, "password", password.getCleartext());
char[] passchars = password.getCleartext().toCharArray();
boolean matched = ouser.isArgon2Hashed() ?
ouser.checkPassword(passchars) : user.passwordsMatch(password);
if (!matched) {
throw new InvalidPasswordException("error.invalid_password");
}
}
}
/**
* Creates our OOO User manager and prepares it for operation.
*/