flightsimulatorplatfrom/pilotclient
1
0
Fork 0
mirror of https://github.com/swift-project/pilotclient.git synced 2026-03-22 14:55:36 +08:00
Code Issues Packages Projects Releases Wiki Activity

[FSD] Vatsim auth token webservice to avoid sending password as plaintext

Browse Source
This commit is contained in:
Mat Sutcliffe
2022-01-23 17:55:39 +00:00
parent 4a94f61f73
commit 872f546881
2 changed files with 51 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
src/blackcore/fsd/fsdclient.cpp
View File

@@ -293,11 +293,11 @@ namespace BlackCore::Fsd
this->clearState();
}
void CFSDClient::sendLogin()
void CFSDClient::sendLogin(const QString &token)
{
const CServer s = this->getServer();
const QString cid = s.getUser().getId();
const QString password = s.getUser().getPassword();
const QString password = token.isEmpty() ? s.getUser().getPassword() : token;
const QString name = s.getUser().getRealNameAndHomeBase(); // m_server.getUser().getRealName();
const QString callsign = m_ownCallsign.asString();
@@ -976,11 +976,54 @@ namespace BlackCore::Fsd
const QString cid = m_server.getUser().getId();
const ClientIdentification clientIdentification(getOwnCallsignAsString(), vatsim_auth_get_client_id(m_clientAuth), m_clientName, m_versionMajor, m_versionMinor, cid, sysuid.data(), fsdChallenge);
this->sendQueudedMessage(clientIdentification);
this->sendLogin();
this->updateConnectionStatus(CConnectionStatus::Connected);
if (getServer().getEcosystem().isSystem(CEcosystem::VATSIM))
{
this->getVatsimAuthToken(cid, m_server.getUser().getPassword(),
{
this, [this](const QString &token)
{
this->sendLogin(token);
this->updateConnectionStatus(CConnectionStatus::Connected);
}
});
}
else
{
this->sendLogin();
this->updateConnectionStatus(CConnectionStatus::Connected);
}
increaseStatisticsValue(QStringLiteral("sendClientIdentification"));
}
void CFSDClient::getVatsimAuthToken(const QString &cid, const QString &password, const BlackMisc::CSlot<void(const QString &)> &callback)
{
QNetworkRequest nwRequest(QUrl("https://auth.vatsim.net/api/fsd-jwt"));
nwRequest.setHeader(QNetworkRequest::ContentTypeHeader, "application/json");
const QJsonObject jsonRequest { { "cid", cid }, { "password", password } };
sApp->postToNetwork(nwRequest, CApplication::NoLogRequestId, QJsonDocument(jsonRequest).toJson(),
{
this, [ = ](QNetworkReply *nwReply)
{
nwReply->deleteLater();
const QByteArray data = nwReply->readAll();
const QJsonObject json = QJsonDocument::fromJson(data).object();
if (json.value("success").toBool())
{
callback(json.value("token").toString());
}
else
{
const QString error = json.value("error_msg").isString() ? json.value("error_msg").toString() : nwReply->errorString();
CLogMessage(this).error(u"Vatsim auth token endpoint: %1") << error;
disconnectFromServer();
}
}
});
}
void CFSDClient::sendIncrementalAircraftConfig()
{
if (!m_unitTestMode && (!this->isConnected() || !this->getSetupForServer().sendAircraftParts())) { return; }

5
src/blackcore/fsd/fsdclient.h
View File

@@ -257,7 +257,7 @@ namespace BlackCore::Fsd
//! Convenience functions for sendClientQuery
//! \remark really private, ONLY used by UNIT test, not CAirspaceMonitor
//! @{
void sendLogin();
void sendLogin(const QString &token = {});
void sendDeletePilot();
void sendDeleteAtc();
void sendPilotDataUpdate();
@@ -456,6 +456,9 @@ namespace BlackCore::Fsd
//! String withou colons
static QString noColons(const QString &input);
//! Get a short-lived, one-time-use token from Vatsim web service, to avoid sending plaintext password to FSD
void getVatsimAuthToken(const QString &cid, const QString &password, const BlackMisc::CSlot<void(const QString &)> &callback);
vatsim_auth *m_clientAuth = nullptr;
vatsim_auth *m_serverAuth = nullptr;
QString m_lastServerAuthChallenge;