PartlyAtomic
commented
9 years ago Closed with commit 7e1a111cd107e7accbf591014aadbd48441d6937
Closed PartlyAtomic closed 9 years ago
PartlyAtomic
commented
9 years ago Closed with commit 7e1a111cd107e7accbf591014aadbd48441d6937
Need a simple server authentication scheme.
I think this should work from what I've read on the internets... it's not ideal, but it will work (avoids users choosing their own passwords, which isn't something I want to deal with now, doesn't require an oauth login via browser, and persists between games).
Register (if the client does not have a .freecell_token file): client->server: Register(username) if username exists already: server->client: NameTaken(username) (END HERE) server->client: LoginToken(username) client then stores the token in .freecell_token
Login: client->server: Login(username) server->client: Nonce(random_number, salt) client->server: TokenHash(username, hash(hash(token+salt)+nonce)) if the hash matches in the database: server->client: LoggedIn(username) else: server->client: LoginFailed(username)
The connection is then passed off to the competition server