github/mage
1
0
Fork 0
mirror of https://github.com/correl/mage.git synced 2024-11-25 03:00:11 +00:00
Code Issues Projects Releases Packages Wiki Activity

Do not register users and connect users without passwords when authentication is not activated.

Browse source
This commit is contained in:
Me Car 2016-01-11 10:17:30 +09:00
parent 4eb9719769
commit 3bc8f4bec2
1 changed files with 9 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
Mage.Server/src/main/java/mage/server/Session.java
View file

@ -75,6 +75,9 @@ public class Session {
}
public String registerUser(String userName, String password, String email) throws MageException {
if (!ConfigSettings.getInstance().isAuthenticationActivated()) {
return "Registration is disabled by the server config.";
}
synchronized(AuthorizedUserRepository.instance) {
String returnMessage = validateUserName(userName);
if (returnMessage != null) {
@ -140,10 +143,13 @@ public class Session {
public String connectUserHandling(String userName, String password) throws MageException {
this.isAdmin = false;
if (ConfigSettings.getInstance().isAuthenticationActivated()) {
AuthorizedUser authorizedUser = AuthorizedUserRepository.instance.get(userName);
if (authorizedUser == null || !authorizedUser.doCredentialsMatch(userName, password)) {
return "Wrong username or password";
}
}
User user = UserManager.getInstance().createUser(userName, host);
boolean reconnect = false;