com.runehive.net.session.LoginSession Class Reference

Represents a Session for authenticating users logging in. More...

Inheritance diagram for com.runehive.net.session.LoginSession:

Collaboration diagram for com.runehive.net.session.LoginSession:

Classes
class	FailedLoginAttempt
	A data class that represents a failed login attempt. More...

Public Member Functions
void	handleClientPacket (Object o)
	The method that is called when the client sends packets to the server.
void	handleUserLoginDetails (final LoginDetailsPacket packet)
	LoginSession (Channel channel)
Public Member Functions inherited from com.runehive.net.session.Session
final void	close ()
	The method to close this session.
Channel	getChannel ()
	Gets the underlying Channel for this Session.
String	getHost ()
	Gets the users host address.
	Session (Channel channel)
	Creates a new Session.

Private Member Functions
LoginResponse	authenticatedForumUser (Player player, boolean isEmail)
LoginResponse	evaluate (Player player)
boolean	isBanned (long unixTime)

Static Private Member Functions
static void	sendFailedResponse (final Channel channel, final LoginResponse response)

Static Private Attributes
static final ConcurrentMap< String, FailedLoginAttempt >	failedLogins = new ConcurrentHashMap<>()
static final Logger	logger = LoggerFactory.getLogger(LoginSession.class)

Additional Inherited Members
Protected Member Functions inherited from com.runehive.net.session.Session
void	onClose (ChannelFuture future)
	The method called after a session has been closed.
Protected Attributes inherited from com.runehive.net.session.Session
final Channel	channel
	The channel attached to this session.
final String	host
	The users host address.

Detailed Description

Represents a Session for authenticating users logging in.

Author

nshusa

Definition at line 42 of file LoginSession.java.

Constructor & Destructor Documentation

LoginSession()

com.runehive.net.session.LoginSession.LoginSession

(

Channel

channel

)

Definition at line 48 of file LoginSession.java.

                                         {
        super(channel);
    }

References com.runehive.net.session.Session.channel.

Referenced by handleUserLoginDetails().

Here is the caller graph for this function:

Member Function Documentation

authenticatedForumUser()

LoginResponse com.runehive.net.session.LoginSession.authenticatedForumUser ( Player player, boolean isEmail )

private

Definition at line 218 of file LoginSession.java.

                                                                                 {
        final String username = player.getUsername();
        try {
            final LoginResponse response = new JdbcSession(ForumService.getConnectionPool())
                    .sql(isEmail ? "SELECT member_id, members_pass_hash, name, temp_ban FROM core_members WHERE UPPER(email) = ?" : "SELECT member_id, members_pass_hash, temp_ban FROM core_members WHERE UPPER(name) = ?")
                    .set(username.toUpperCase())
                    .select((rset, stmt) -> {
                        if (rset.next()) {
                            final int memberId = rset.getInt(1);
                            final String passwordHash = rset.getString(2);
                            final String forumUsername = isEmail ? rset.getString(3) : username;
                            final long unixTime = rset.getLong(isEmail ? 4 : 3);
 
                            if (isBanned(unixTime)) {
                                return LoginResponse.ACCOUNT_DISABLED;
                            }
 
                            if (passwordHash.isEmpty()) {
                                return LoginResponse.INVALID_CREDENTIALS;
                            } else if (BCrypt.checkpw(player.getPassword(), passwordHash)) {
                                player.setMemberId(memberId);
                                player.setUsername(forumUsername);
                                player.setPassword(passwordHash);
                                return LoginResponse.NORMAL;
                            } else {
                                return LoginResponse.INVALID_CREDENTIALS;
                            }
                        }
                        return LoginResponse.FORUM_REGISTRATION;
                    });
            return response;
        } catch (Exception ex) {
            ex.printStackTrace();
        }
        return LoginResponse.LOGIN_SERVER_OFFLINE;
    }

References com.runehive.net.codec.login.LoginResponse.ACCOUNT_DISABLED, com.runehive.net.codec.login.LoginResponse.FORUM_REGISTRATION, com.runehive.game.service.ForumService.getConnectionPool(), com.runehive.game.world.entity.mob.player.Player.getPassword(), com.runehive.game.world.entity.mob.player.Player.getUsername(), com.runehive.net.codec.login.LoginResponse.INVALID_CREDENTIALS, isBanned(), com.runehive.net.codec.login.LoginResponse.LOGIN_SERVER_OFFLINE, com.runehive.net.codec.login.LoginResponse.NORMAL, com.runehive.game.world.entity.mob.player.Player.setMemberId(), com.runehive.game.world.entity.mob.player.Player.setPassword(), and com.runehive.game.world.entity.mob.player.Player.setUsername().

Referenced by evaluate().

Here is the call graph for this function:

Here is the caller graph for this function:

evaluate()

LoginResponse com.runehive.net.session.LoginSession.evaluate ( Player player )

private

Definition at line 141 of file LoginSession.java.

                                                  {
        final String username = player.getUsername();
        final String password = player.getPassword();
        final boolean isEmail = username.indexOf('@') != -1;
 
        // prevents users from logging in before the server is ready to accept connections
        if (!RuneHive.serverStarted.get()) {
            return LoginResponse.SERVER_BEING_UPDATED;
        }
 
        // prevents users from using accounts with bot names
        for (String botName : BotUtility.BOT_NAMES) {
            if (username.equalsIgnoreCase(botName)) {
                return LoginResponse.INSUFFICIENT_PERMSSION;
            }
        }
 
        // the world is currently full
        if (World.getPlayerCount() == Config.MAX_PLAYERS) {
            return LoginResponse.WORLD_FULL;
        }
 
        // prevents users from logging in if the world is being updated
        if (World.update.get()) {
            return LoginResponse.SERVER_BEING_UPDATED;
        }
 
        if (BannedPlayers.bans.contains(username.toLowerCase())) {
            return LoginResponse.ACCOUNT_DISABLED;
        }
 
        if (isEmail) {
            if (!Config.FORUM_INTEGRATION) {
                return LoginResponse.BAD_USERNAME;
            }
 
            if (username.length() > Config.EMAIL_MAX_CHARACTERS || username.length() < Config.EMAIL_MIN_CHARACTERS) {
                return LoginResponse.INVALID_EMAIL;
            }
 
            // does email have illegal characters
            if (!(username.matches("^[a-zA-Z0-9.@]{1," + Config.EMAIL_MAX_CHARACTERS + "}$"))) {
                return LoginResponse.INVALID_CREDENTIALS;
            }
        } else if (username.length() < Config.USERNAME_MIN_CHARACTERS) {
            return LoginResponse.SHORT_USERNAME;
        } else if (username.length() > Config.USERNAME_MAX_CHARACTERS) {
            return LoginResponse.BAD_USERNAME;
        } else if (World.getPlayerByHash(Utility.nameToLong(username)).isPresent()) { // this user is already online
            return LoginResponse.ACCOUNT_ONLINE;
        } else if (!(username.matches("^[a-zA-Z0-9 ]{1," + Config.USERNAME_MAX_CHARACTERS + "}$"))) { // does username have illegal characters
            return LoginResponse.INVALID_CREDENTIALS;
        } else if (password.isEmpty()/* || password.length() > Config.PASSWORD_MAX_CHARACTERS*/) {
            return LoginResponse.INVALID_CREDENTIALS;
        }
 
        if (World.search(username).isPresent()) {
            return LoginResponse.ACCOUNT_ONLINE;
        }
 
        if (Config.FORUM_INTEGRATION) {
            // check username and password from client with username and password from forum
            final LoginResponse response = authenticatedForumUser(player, isEmail);
            if (response != LoginResponse.NORMAL) {
                return response;
            }
        }
 
        LoginResponse response = PlayerSerializer.load(player, password);
 
        if (World.searchAll(username).isPresent()) {
            return LoginResponse.ACCOUNT_ONLINE;
        }
 
        return response;
    }

References com.runehive.net.codec.login.LoginResponse.ACCOUNT_DISABLED, com.runehive.net.codec.login.LoginResponse.ACCOUNT_ONLINE, authenticatedForumUser(), com.runehive.net.codec.login.LoginResponse.BAD_USERNAME, com.runehive.game.world.entity.mob.player.BannedPlayers.bans, com.runehive.content.bot.BotUtility.BOT_NAMES, com.runehive.Config.EMAIL_MAX_CHARACTERS, com.runehive.Config.EMAIL_MIN_CHARACTERS, com.runehive.Config.FORUM_INTEGRATION, com.runehive.game.world.entity.mob.player.Player.getPassword(), com.runehive.game.world.World.getPlayerByHash(), com.runehive.game.world.World.getPlayerCount(), com.runehive.game.world.entity.mob.player.Player.getUsername(), com.runehive.net.codec.login.LoginResponse.INSUFFICIENT_PERMSSION, com.runehive.net.codec.login.LoginResponse.INVALID_CREDENTIALS, com.runehive.net.codec.login.LoginResponse.INVALID_EMAIL, com.runehive.game.world.entity.mob.player.persist.PlayerSerializer.load(), com.runehive.Config.MAX_PLAYERS, com.runehive.util.Utility.nameToLong(), com.runehive.net.codec.login.LoginResponse.NORMAL, com.runehive.game.world.World.search(), com.runehive.game.world.World.searchAll(), com.runehive.net.codec.login.LoginResponse.SERVER_BEING_UPDATED, com.runehive.RuneHive.serverStarted, com.runehive.net.codec.login.LoginResponse.SHORT_USERNAME, com.runehive.game.world.World.update, com.runehive.Config.USERNAME_MAX_CHARACTERS, com.runehive.Config.USERNAME_MIN_CHARACTERS, and com.runehive.net.codec.login.LoginResponse.WORLD_FULL.

Referenced by handleUserLoginDetails().

Here is the call graph for this function:

Here is the caller graph for this function:

handleClientPacket()

void com.runehive.net.session.LoginSession.handleClientPacket

(

Object

o

)

The method that is called when the client sends packets to the server.

Parameters

o	The vague object packet.

Reimplemented from com.runehive.net.session.Session.

Definition at line 53 of file LoginSession.java.

                                             {
        if (o instanceof LoginDetailsPacket) {
            LoginDetailsPacket packet = (LoginDetailsPacket) o;
            RuneHive.getInstance().getLoginExecutorService().execute(this, packet);
            //handleUserLoginDetails(packet);
        }
    }

References com.runehive.net.LoginExecutorService.execute(), com.runehive.RuneHive.getInstance(), and com.runehive.RuneHive.getLoginExecutorService().

Here is the call graph for this function:

handleUserLoginDetails()

void com.runehive.net.session.LoginSession.handleUserLoginDetails

(

final LoginDetailsPacket

packet

)

Definition at line 61 of file LoginSession.java.

                                                                        {
        final ConcurrentMap<String, FailedLoginAttempt> failedLogins = LoginSession.failedLogins;
 
        final String username = packet.getUsername();
 
        final FailedLoginAttempt attempt = failedLogins.get(username);
        if (attempt != null) {
            final Stopwatch stopwatch = attempt.getStopwatch();
            final AtomicInteger atomicTime = attempt.getAttempt();
            final int time = atomicTime.get();
            if (time >= Config.FAILED_LOGIN_ATTEMPTS
                    && !stopwatch.elapsed(Config.FAILED_LOGIN_TIMEOUT, TimeUnit.MINUTES)) {
                sendFailedResponse(channel, LoginResponse.LOGIN_ATTEMPTS_EXCEEDED);
                return;
            } else if (time >= Config.FAILED_LOGIN_ATTEMPTS
                    && stopwatch.elapsed(Config.FAILED_LOGIN_TIMEOUT, TimeUnit.MINUTES)) {
                failedLogins.remove(username);
            } else {
                atomicTime.incrementAndGet();
            }
        }
 
        final Player player = new Player(username);
        final String password = packet.getPassword();
        player.setPassword(password);
 
        final LoginResponse response = evaluate(player);
        if (response == LoginResponse.INVALID_CREDENTIALS) {
            if (!failedLogins.containsKey(username)) {
                failedLogins.put(username, new FailedLoginAttempt());
            }
        } else if (response == LoginResponse.NORMAL) {
            failedLogins.remove(username);
        }
 
        final Channel channel = this.channel;
 
        if (response != LoginResponse.NORMAL) {
            sendFailedResponse(channel, response);
            return;
        }
 
        final Argon2Types argon2Type = Argon2.argon2Type(player.getPassword());
        if (argon2Type != Argon2.DEFAULT_TYPE) {
            // needs rehashing (this should be moved onto another thread, as hashing is slow)
            final String passwordHash = Argon2.getDefault().hash(
                    Argon2.DEFAULT_ITERATIONS,
                    Argon2.DEFAULT_MEMORY,
                    Argon2.DEFAULT_PARALLELISM,
                    password);
            player.setPassword(passwordHash); // update password to hashed version
        }
 
        ProfileRepository.put(new Profile(username, player.lastHost, player.hostList, player.right));
 
        channel.writeAndFlush(new LoginResponsePacket(response, player.right, false))
                .addListener((ChannelFutureListener) sourceFuture -> {
                    try {
                        final ChannelPipeline pipeline = channel.pipeline();
                        pipeline.replace("login-decoder",
                                "game-decoder", new GamePacketDecoder(packet.getDecryptor()));
                        pipeline.replace("login-encoder",
                                "game-encoder", new GamePacketEncoder(packet.getEncryptor()));
 
                        final GameSession session = new GameSession(channel, player);
                        channel.attr(Config.SESSION_KEY).set(session);
                        player.setSession(session);
 
                        World.queueLogin(player);
                    } catch (final Exception e) {
                        logger.error("Failed to queue login for \"" + username + "\"", e);
                    }
                });
    }

References com.runehive.net.session.Session.channel, com.runehive.util.Stopwatch.elapsed(), evaluate(), com.runehive.Config.FAILED_LOGIN_ATTEMPTS, com.runehive.Config.FAILED_LOGIN_TIMEOUT, failedLogins, com.runehive.net.session.LoginSession.FailedLoginAttempt.getAttempt(), com.runehive.game.world.entity.mob.player.Player.getPassword(), com.runehive.net.session.LoginSession.FailedLoginAttempt.getStopwatch(), com.runehive.game.world.entity.mob.player.Player.hostList, com.runehive.net.codec.login.LoginResponse.INVALID_CREDENTIALS, com.runehive.game.world.entity.mob.player.Player.lastHost, logger, com.runehive.net.codec.login.LoginResponse.LOGIN_ATTEMPTS_EXCEEDED, LoginSession(), com.runehive.net.codec.login.LoginResponse.NORMAL, com.runehive.game.world.entity.mob.player.profile.ProfileRepository.put(), com.runehive.game.world.World.queueLogin(), com.runehive.game.world.entity.mob.player.Player.right, sendFailedResponse(), com.runehive.Config.SESSION_KEY, com.runehive.game.world.entity.mob.player.Player.setPassword(), and com.runehive.game.world.entity.mob.player.Player.setSession().

Referenced by com.runehive.net.LoginExecutorService.execute().

Here is the call graph for this function:

Here is the caller graph for this function:

isBanned()

boolean com.runehive.net.session.LoginSession.isBanned ( long unixTime )

private

Definition at line 255 of file LoginSession.java.

                                            {
        // not banned
        if (unixTime == 0) {
            return false;
        } else if (unixTime == -1) { // perm ban
            return true;
        }
 
        final Date date = Date.from(Instant.ofEpochSecond(unixTime));
 
        final Date currentDate = Date.from(Instant.now());
 
        return date.after(currentDate);
    }

Referenced by authenticatedForumUser().

Here is the caller graph for this function:

sendFailedResponse()

void com.runehive.net.session.LoginSession.sendFailedResponse ( final Channel channel, final LoginResponse response )

staticprivate

Definition at line 136 of file LoginSession.java.

                                                                                                {
        channel.writeAndFlush(new LoginResponsePacket(response))
                .addListener(ChannelFutureListener.CLOSE);
    }

References com.runehive.net.session.Session.channel.

Referenced by handleUserLoginDetails().

Here is the caller graph for this function:

Member Data Documentation

failedLogins

final ConcurrentMap<String, FailedLoginAttempt> com.runehive.net.session.LoginSession.failedLogins = new ConcurrentHashMap<>()

staticprivate

Definition at line 46 of file LoginSession.java.

Referenced by handleUserLoginDetails().

logger

final Logger com.runehive.net.session.LoginSession.logger = LoggerFactory.getLogger(LoginSession.class)

staticprivate

Definition at line 44 of file LoginSession.java.

Referenced by handleUserLoginDetails().

---

The documentation for this class was generated from the following file:

• java/com/runehive/net/session/LoginSession.java