PR feedback

This commit is contained in:
Gent Semaj 2024-09-17 20:36:09 -07:00
parent a5a15a54ff
commit babf774013
Signed by untrusted user: ycc
GPG Key ID: 2D76C57BF6BEADC4
3 changed files with 5 additions and 5 deletions

View File

@ -53,7 +53,7 @@ namespace Database {
void updateAccountLevel(int accountId, int accountLevel); void updateAccountLevel(int accountId, int accountLevel);
// return true iff cookie is valid for the account. // return true if cookie is valid for the account.
// invalidates the stored cookie afterwards // invalidates the stored cookie afterwards
bool checkCookie(int accountId, const char *cookie); bool checkCookie(int accountId, const char *cookie);

View File

@ -130,7 +130,8 @@ bool Database::checkCookie(int accountId, const char *tryCookie) {
return false; return false;
} }
/* since cookies are immediately invalidated, we don't need to be concerned about /*
* since cookies are immediately invalidated, we don't need to be concerned about
* timing-related side channel attacks, so strcmp is fine here * timing-related side channel attacks, so strcmp is fine here
*/ */
bool match = (strcmp(cookie, tryCookie) == 0); bool match = (strcmp(cookie, tryCookie) == 0);
@ -141,7 +142,7 @@ bool Database::checkCookie(int accountId, const char *tryCookie) {
rc = sqlite3_step(stmt); rc = sqlite3_step(stmt);
sqlite3_finalize(stmt); sqlite3_finalize(stmt);
if (rc != SQLITE_DONE) if (rc != SQLITE_DONE)
std::cout << "[WARN] Database fail on consumeCookie(): " << sqlite3_errmsg(db) << std::endl; std::cout << "[WARN] Database fail on checkCookie(): " << sqlite3_errmsg(db) << std::endl;
return match; return match;
} }

View File

@ -682,8 +682,7 @@ bool CNLoginServer::isCharacterNameGood(std::string Firstname, std::string Lastn
bool CNLoginServer::isLoginTypeAllowed(LoginType loginType) { bool CNLoginServer::isLoginTypeAllowed(LoginType loginType) {
// the config file specifies "comma-separated" but tbh we don't care // the config file specifies "comma-separated" but tbh we don't care
switch (loginType) switch (loginType) {
{
case LoginType::PASSWORD: case LoginType::PASSWORD:
return settings::AUTHMETHODS.find("password") != std::string::npos; return settings::AUTHMETHODS.find("password") != std::string::npos;
case LoginType::COOKIE: case LoginType::COOKIE: