aly/servatrice
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
servatrice/common/pb/session_commands.proto
ebbit1q 2fc85e0c08
use hashed passwords in all commands (#4493) 
* protocol changes

* server changes

* client changes for password reset and registration

* add hashed password to change password in client

* always use hashed password to log in

* add warning to client when using plain text password

* require real password for changing email on server

this is backwards compatible as users logged in with a real password on
older clients will not need this, only users logged in with a hashed
password

* implement password dialog when changing email

* require min password length

* use qstringlist to build query instead

* use clear instead of = ""

* add max to password dialog

* use proper const ness in abstractclient

* reject too long passwords instead of trimming
2022-01-16 20:32:30 -05:00

206 lines
5.2 KiB
Protocol Buffer
Raw Blame History

syntax = "proto2";
import "serverinfo_user.proto";
message SessionCommand {
enum SessionCommandType {
PING = 1000;
LOGIN = 1001;
MESSAGE = 1002;
LIST_USERS = 1003;
GET_GAMES_OF_USER = 1004;
GET_USER_INFO = 1005;
ADD_TO_LIST = 1006;
REMOVE_FROM_LIST = 1007;
DECK_LIST = 1008;
DECK_NEW_DIR = 1009;
DECK_DEL_DIR = 1010;
DECK_DEL = 1011;
DECK_DOWNLOAD = 1012;
DECK_UPLOAD = 1013;
LIST_ROOMS = 1014;
JOIN_ROOM = 1015;
REGISTER = 1016;
ACTIVATE = 1017;
ACCOUNT_EDIT = 1018;
ACCOUNT_IMAGE = 1019;
ACCOUNT_PASSWORD = 1020;
FORGOT_PASSWORD_REQUEST = 1021;
FORGOT_PASSWORD_RESET = 1022;
FORGOT_PASSWORD_CHALLENGE = 1023;
REQUEST_PASSWORD_SALT = 1024;
REPLAY_LIST = 1100;
REPLAY_DOWNLOAD = 1101;
REPLAY_MODIFY_MATCH = 1102;
REPLAY_DELETE_MATCH = 1103;
}
extensions 100 to max;
}
message Command_Ping {
extend SessionCommand {
optional Command_Ping ext = 1000;
}
}
message Command_Login {
extend SessionCommand {
optional Command_Login ext = 1001;
}
optional string user_name = 1;
optional string password = 2;
optional string clientid = 3;
optional string clientver = 4;
repeated string clientfeatures = 5;
optional string hashed_password = 6;
}
message Command_Message {
extend SessionCommand {
optional Command_Message ext = 1002;
}
optional string user_name = 1;
optional string message = 2;
}
message Command_ListUsers {
extend SessionCommand {
optional Command_ListUsers ext = 1003;
}
}
message Command_GetGamesOfUser {
extend SessionCommand {
optional Command_GetGamesOfUser ext = 1004;
}
optional string user_name = 1;
}
message Command_GetUserInfo {
extend SessionCommand {
optional Command_GetUserInfo ext = 1005;
}
optional string user_name = 1;
}
message Command_AddToList {
extend SessionCommand {
optional Command_AddToList ext = 1006;
}
optional string list = 1;
optional string user_name = 2;
}
message Command_RemoveFromList {
extend SessionCommand {
optional Command_RemoveFromList ext = 1007;
}
optional string list = 1;
optional string user_name = 2;
}
message Command_ListRooms {
extend SessionCommand {
optional Command_ListRooms ext = 1014;
}
}
message Command_JoinRoom {
extend SessionCommand {
optional Command_JoinRoom ext = 1015;
}
optional uint32 room_id = 1;
}
// User wants to register a new account
message Command_Register {
extend SessionCommand {
optional Command_Register ext = 1016;
}
// User name client wants to register
required string user_name = 1;
// Hashed password to be inserted into database
optional string password = 2;
// Email address of the client for user validation
optional string email = 3;
// gender = 4; // obsolete
// Country code of the user. 2 letter ISO format
optional string country = 5;
optional string real_name = 6;
optional string clientid = 7;
optional string hashed_password = 8;
}
// User wants to activate an account
message Command_Activate {
extend SessionCommand {
optional Command_Activate ext = 1017;
}
// User name client wants to activate
required string user_name = 1;
// Activation token
required string token = 2;
optional string clientid = 3;
}
message Command_AccountEdit {
extend SessionCommand {
optional Command_AccountEdit ext = 1018;
}
optional string real_name = 1;
optional string email = 2;
// gender = 3; // obsolete
optional string country = 4;
optional string password_check = 100; // password is required to change sensitive information
}
message Command_AccountImage {
extend SessionCommand {
optional Command_AccountImage ext = 1019;
}
optional bytes image = 1;
}
message Command_AccountPassword {
extend SessionCommand {
optional Command_AccountPassword ext = 1020;
}
optional string old_password = 1;
optional string new_password = 2;
// optional string hashed_old_password = 3; // we don't want users to steal hashed passwords and change them
optional string hashed_new_password = 4;
}
message Command_ForgotPasswordRequest {
extend SessionCommand {
optional Command_ForgotPasswordRequest ext = 1021;
}
required string user_name = 1;
optional string clientid = 2;
}
message Command_ForgotPasswordReset {
extend SessionCommand {
optional Command_ForgotPasswordReset ext = 1022;
}
required string user_name = 1;
optional string clientid = 2;
optional string token = 3;
optional string new_password = 4;
optional string hashed_new_password = 5;
}
message Command_ForgotPasswordChallenge {
extend SessionCommand {
optional Command_ForgotPasswordChallenge ext = 1023;
}
required string user_name = 1;
optional string clientid = 2;
optional string email = 3;
}
message Command_RequestPasswordSalt {
extend SessionCommand {
optional Command_RequestPasswordSalt ext = 1024;
}
required string user_name = 1;
}
Reference in a new issue View git blame Copy permalink