I have pushed a small tweak and added some more comments.
Diff comments:
> === modified file 'src/ui_fsmenu/multiplayer.cc'
> --- src/ui_fsmenu/multiplayer.cc 2019-05-11 18:50:30 +0000
> +++ src/ui_fsmenu/multiplayer.cc 2019-05-12 11:12:04 +0000
> @@ -58,21 +58,46 @@
> vbox_.add_inf_space();
> vbox_.add(&back, UI::Box::Resizing::kFullSize);
>
> - Section& s = g_options.pull_section("global");
> - auto_log_ = s.get_bool("auto_log", false);
> - if (auto_log_) {
> - showloginbox =
> + showloginbox =
> new UI::Button(this, "login_dialog", 0, 0, 0, 0,
> UI::ButtonStyle::kFsMenuSecondary,
>
> g_gr->images().get("images/ui_basic/continue.png"), _("Show login dialog"));
> - showloginbox->sigclicked.connect(
> + showloginbox->sigclicked.connect(
> boost::bind(&FullscreenMenuMultiPlayer::show_internet_login,
> boost::ref(*this)));
> - }
> layout();
> }
>
> /// called if the showloginbox button was pressed
> void FullscreenMenuMultiPlayer::show_internet_login() {
> - auto_log_ = false;
> + Section& s = g_options.pull_section("global");
> + LoginBox lb(*this);
> + if (lb.run<UI::Panel::Returncodes>() == UI::Panel::Returncodes::kOk) {
> + nickname_ = lb.get_nickname();
> + s.set_string("nickname", nickname_);
> + /// NOTE: The password is only stored (in memory and on disk)
> and transmitted (over the
> + /// network
> + /// to the metaserver) as cryptographic hash. This does NOT
> mean that the password is
> + /// stored
> + /// securely on the local disk. While the password should be
> secure while transmitted to
> + /// the
> + /// metaserver (no-one can use the transmitted data to log in
> as the user) this is not the
> + /// case
> + /// for local storage. The stored hash of the password makes it
> hard to look at the
> + /// configuration
> + /// file and figure out the plaintext password to, e.g., log in
> on the forum. However, the
> + /// stored hash can be copied to another system and used to log
> in as the user on the
> + /// metaserver.
> + // Further note: SHA-1 is considered broken and shouldn't be
> used anymore. But since the
> + // passwords on the server are protected by SHA-1 we have to
> use it here, too
> + if (lb.get_password() != "*****") {
Better make this empty when it's not set and make the ** a function of
displaying it only.
> + password_ = crypto::sha1(lb.get_password());
> + s.set_string("password_sha1", password_);
> + }
> +
> + register_ = lb.registered();
> + s.set_bool("registered", lb.registered());
> + } else {
> + return;
> + }
> internet_login();
> }
>
>
> === modified file 'src/wui/login_box.cc'
> --- src/wui/login_box.cc 2019-05-11 18:50:30 +0000
> +++ src/wui/login_box.cc 2019-05-12 11:12:04 +0000
> @@ -113,3 +114,44 @@
> }
> return UI::Panel::handle_key(down, code);
> }
> +
> +void LoginBox::clicked_register() {
> + if (cb_register->get_state()) {
> + ta_password->set_color(UI_FONT_CLR_DISABLED);
> + eb_password->set_can_focus(false);
> + eb_password->set_text("");
When the user starts typing, the password is displayed as clear text, not as
***. This needs to be fixed in the UI::Editbox class' draw() function.
> + } else {
> + ta_password->set_color(UI_FONT_CLR_FG);
> + eb_password->set_can_focus(true);
> + eb_password->focus();
> + }
> +}
> +
> +void LoginBox::verify_input() {
> + // Check if all needed input fields are valid
> + loginbtn->set_enabled(true);
> + eb_nickname->set_tooltip("");
> + eb_password->set_tooltip("");
> + eb_nickname->set_warning(false);
> +
> + if (eb_nickname->text().empty()) {
> + eb_nickname->set_warning(true);
> + eb_nickname->set_tooltip(_("Please enter a nickname!"));
> + loginbtn->set_enabled(false);
> + } else if
> (eb_nickname->text().find_first_not_of("abcdefghijklmnopqrstuvwxyz"
We have this same complicated comparison above pull out a bool function to
ensure consistency.
> + "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890@.+-_") <=
> eb_nickname->text().size()) {
> + eb_nickname->set_warning(true);
> + eb_nickname->set_tooltip(_("Enter a valid nickname.
> This value may contain only "
> +
> "English letters, numbers, and @ . + - _
> characters."));
> + loginbtn->set_enabled(false);
> + }
> +
> + if (eb_password->text().empty() && cb_register->get_state()) {
> + eb_password->set_tooltip(_("Please enter your password!"));
> + loginbtn->set_enabled(false);
> + }
> +
> + if (eb_password->has_focus() && eb_password->text() == "*****") {
> + eb_password->set_text("");
> + }
> +}
--
https://code.launchpad.net/~widelands-dev/widelands/bug-1827786-metaserver-login-box-clean-start/+merge/367320
Your team Widelands Developers is subscribed to branch
lp:~widelands-dev/widelands/bug-1825932-open-games-clean-start.
_______________________________________________
Mailing list: https://launchpad.net/~widelands-dev
Post to : widelands-dev@lists.launchpad.net
Unsubscribe : https://launchpad.net/~widelands-dev
More help : https://help.launchpad.net/ListHelp
