PR feedback

This commit is contained in:
Gent Semaj 2024-09-17 20:36:09 -07:00
parent a5a15a54ff
commit babf774013
Signed by untrusted user: ycc
GPG Key ID: 2D76C57BF6BEADC4
3 changed files with 5 additions and 5 deletions

View File

@ -53,7 +53,7 @@ namespace Database {
void updateAccountLevel(int accountId, int accountLevel);
// return true iff cookie is valid for the account.
// return true if cookie is valid for the account.
// invalidates the stored cookie afterwards
bool checkCookie(int accountId, const char *cookie);

View File

@ -130,7 +130,8 @@ bool Database::checkCookie(int accountId, const char *tryCookie) {
return false;
}
/* since cookies are immediately invalidated, we don't need to be concerned about
/*
* since cookies are immediately invalidated, we don't need to be concerned about
* timing-related side channel attacks, so strcmp is fine here
*/
bool match = (strcmp(cookie, tryCookie) == 0);
@ -141,7 +142,7 @@ bool Database::checkCookie(int accountId, const char *tryCookie) {
rc = sqlite3_step(stmt);
sqlite3_finalize(stmt);
if (rc != SQLITE_DONE)
std::cout << "[WARN] Database fail on consumeCookie(): " << sqlite3_errmsg(db) << std::endl;
std::cout << "[WARN] Database fail on checkCookie(): " << sqlite3_errmsg(db) << std::endl;
return match;
}

View File

@ -682,8 +682,7 @@ bool CNLoginServer::isCharacterNameGood(std::string Firstname, std::string Lastn
bool CNLoginServer::isLoginTypeAllowed(LoginType loginType) {
// the config file specifies "comma-separated" but tbh we don't care
switch (loginType)
{
switch (loginType) {
case LoginType::PASSWORD:
return settings::AUTHMETHODS.find("password") != std::string::npos;
case LoginType::COOKIE: