Skip to content

Commit

Permalink
fix: login into another accounts (opentibiabr#2853)
Browse files Browse the repository at this point in the history
Fixes the login to other account when injecting a custom login.php
  • Loading branch information
phacUFPE authored Sep 14, 2024
1 parent e4f0cdb commit b3b19a6
Show file tree
Hide file tree
Showing 8 changed files with 61 additions and 3 deletions.
2 changes: 2 additions & 0 deletions src/account/account_repository.hpp
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,8 @@ class AccountRepository {
virtual bool loadBySession(const std::string &email, AccountInfo &acc) = 0;
virtual bool save(const AccountInfo &accInfo) = 0;

virtual bool getCharacterByAccountIdAndName(const uint32_t &id, const std::string &name) = 0;

virtual bool getPassword(const uint32_t &id, std::string &password) = 0;

virtual bool getCoins(const uint32_t &id, const uint8_t &type, uint32_t &coins) = 0;
Expand Down
10 changes: 10 additions & 0 deletions src/account/account_repository_db.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,16 @@ bool AccountRepositoryDB::save(const AccountInfo &accInfo) {
return successful;
};

bool AccountRepositoryDB::getCharacterByAccountIdAndName(const uint32_t &id, const std::string &name) {
auto result = g_database().storeQuery(fmt::format("SELECT `id` FROM `players` WHERE `account_id` = {} AND `name` = {}", id, g_database().escapeString(name)));
if (!result) {
g_logger().error("Failed to get character: [{}] from account: [{}]!", name, id);
return false;
}

return result->countResults() == 1;
}

bool AccountRepositoryDB::getPassword(const uint32_t &id, std::string &password) {
auto result = g_database().storeQuery(fmt::format("SELECT * FROM `accounts` WHERE `id` = {}", id));
if (!result) {
Expand Down
2 changes: 2 additions & 0 deletions src/account/account_repository_db.hpp
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,8 @@ class AccountRepositoryDB final : public AccountRepository {
bool loadBySession(const std::string &esseionKey, AccountInfo &acc) override;
bool save(const AccountInfo &accInfo) override;

bool getCharacterByAccountIdAndName(const uint32_t &id, const std::string &name) override;

bool getPassword(const uint32_t &id, std::string &password) override;

bool getCoins(const uint32_t &id, const uint8_t &type, uint32_t &coins) override;
Expand Down
7 changes: 6 additions & 1 deletion src/io/iologindata.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@
#include "enums/account_type.hpp"
#include "enums/account_errors.hpp"

bool IOLoginData::gameWorldAuthentication(const std::string &accountDescriptor, const std::string &password, std::string &characterName, uint32_t &accountId, bool oldProtocol) {
bool IOLoginData::gameWorldAuthentication(const std::string &accountDescriptor, const std::string &password, std::string &characterName, uint32_t &accountId, bool oldProtocol, const uint32_t ip) {
Account account(accountDescriptor);
account.setProtocolCompat(oldProtocol);

Expand All @@ -38,6 +38,11 @@ bool IOLoginData::gameWorldAuthentication(const std::string &accountDescriptor,
}
}

if (!g_accountRepository().getCharacterByAccountIdAndName(account.getID(), characterName)) {
g_logger().warn("IP [{}] trying to connect into another account character", convertIPToString(ip));
return false;
}

if (AccountErrors_t::Ok != enumFromValue<AccountErrors_t>(account.load())) {
g_logger().error("Failed to load account [{}]", accountDescriptor);
return false;
Expand Down
2 changes: 1 addition & 1 deletion src/io/iologindata.hpp
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ using ItemBlockList = std::list<std::pair<int32_t, std::shared_ptr<Item>>>;

class IOLoginData {
public:
static bool gameWorldAuthentication(const std::string &accountDescriptor, const std::string &sessionOrPassword, std::string &characterName, uint32_t &accountId, bool oldProcotol);
static bool gameWorldAuthentication(const std::string &accountDescriptor, const std::string &sessionOrPassword, std::string &characterName, uint32_t &accountId, bool oldProcotol, const uint32_t ip);
static uint8_t getAccountType(uint32_t accountId);
static void updateOnlineStatus(uint32_t guid, bool login);
static bool loadPlayerById(std::shared_ptr<Player> player, uint32_t id, bool disableIrrelevantInfo = true);
Expand Down
2 changes: 1 addition & 1 deletion src/server/network/protocol/protocolgame.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -841,7 +841,7 @@ void ProtocolGame::onRecvFirstMessage(NetworkMessage &msg) {
}

uint32_t accountId;
if (!IOLoginData::gameWorldAuthentication(accountDescriptor, password, characterName, accountId, oldProtocol)) {
if (!IOLoginData::gameWorldAuthentication(accountDescriptor, password, characterName, accountId, oldProtocol, getIP())) {
ss.str(std::string());
if (authType == "session") {
ss << "Your session has expired. Please log in again.";
Expand Down
11 changes: 11 additions & 0 deletions tests/fixture/account/in_memory_account_repository.hpp
Original file line number Diff line number Diff line change
Expand Up @@ -120,6 +120,17 @@ namespace tests {
return true;
}

bool getCharacterByAccountIdAndName(const uint32_t &id, const std::string &name) final {
for (auto it = accounts.begin(); it != accounts.end(); ++it) {
if (it->second.id == id) {
if (it->second.players.find(name) != it->second.players.end()) {
return true;
}
}
}
return false;
}

InMemoryAccountRepository &reset() {
accounts.clear();
coins_.clear();
Expand Down
28 changes: 28 additions & 0 deletions tests/unit/account/account_test.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -592,4 +592,32 @@ suite<"account"> accountTest = [] {
expect(acc.load() == enumToValue(AccountErrors_t::Ok));
expect(acc.authenticate());
};

test("Account::getCharacterByAccountIdAndName using an account with the given character.") = [&injectionFixture] {
auto [accountRepository] = injectionFixture.get<AccountRepository>();

Account acc { 1 };
accountRepository.addAccount(
"session-key",
AccountInfo { 1, 1, 1, AccountType::ACCOUNT_TYPE_GOD, { { "Canary", 1 }, { "Canary2", 2 } }, false, getTimeNow() + 24 * 60 * 60 * 1000 }
);

const auto hasCharacter = accountRepository.getCharacterByAccountIdAndName(1, "Canary");

expect(hasCharacter);
};

test("Account::getCharacterByAccountIdAndName using an account without the given character.") = [&injectionFixture] {
auto [accountRepository] = injectionFixture.get<AccountRepository>();

Account acc { 1 };
accountRepository.addAccount(
"session-key",
AccountInfo { 1, 1, 1, AccountType::ACCOUNT_TYPE_GOD, { { "Canary", 1 }, { "Canary2", 2 } }, false, getTimeNow() + 24 * 60 * 60 * 1000 }
);

const auto hasCharacter = accountRepository.getCharacterByAccountIdAndName(1, "Invalid");

expect(!hasCharacter);
};
};

0 comments on commit b3b19a6

Please sign in to comment.