mirror of
https://github.com/HifiExperiments/overte.git
synced 2025-08-09 08:56:25 +02:00
clean up some code, add some debugging prints
This commit is contained in:
Seth Alves
parent
3a3b1489c6
commit
390ee9aaeb
1 changed files with 36 additions and 22 deletions
|
|
@ -310,24 +310,30 @@ SharedNodePointer DomainGatekeeper::processAgentConnectRequest(const NodeConnect
|
||||||
bool isLocalUser =
|
bool isLocalUser =
|
||||||
(senderHostAddress == limitedNodeList->getLocalSockAddr().getAddress() || senderHostAddress == QHostAddress::LocalHost);
|
(senderHostAddress == limitedNodeList->getLocalSockAddr().getAddress() || senderHostAddress == QHostAddress::LocalHost);
|
||||||
|
|
||||||
if (!username.isEmpty() && usernameSignature.isEmpty()) {
|
QString verifiedUsername; // if this remains empty, consider this an anonymous connection attempt
|
||||||
// user is attempting to prove their identity to us, but we don't have enough information
|
if (!username.isEmpty()) {
|
||||||
sendConnectionTokenPacket(username, nodeConnection.senderSockAddr);
|
if (usernameSignature.isEmpty()) {
|
||||||
// ask for their public key right now to make sure we have it
|
// user is attempting to prove their identity to us, but we don't have enough information
|
||||||
requestUserPublicKey(username);
|
sendConnectionTokenPacket(username, nodeConnection.senderSockAddr);
|
||||||
getGroupMemberships(username); // optimistically get started on group memberships
|
// ask for their public key right now to make sure we have it
|
||||||
return SharedNodePointer();
|
requestUserPublicKey(username);
|
||||||
}
|
getGroupMemberships(username); // optimistically get started on group memberships
|
||||||
|
#ifdef WANT_DEBUG
|
||||||
QString verifiedUsername;
|
qDebug() << "stalling login because we have no username-signature:" << username;
|
||||||
if (!username.isEmpty() && verifyUserSignature(username, usernameSignature, nodeConnection.senderSockAddr)) {
|
#endif
|
||||||
// they sent us a username and the signature verifies it
|
return SharedNodePointer();
|
||||||
verifiedUsername = username;
|
} else if (verifyUserSignature(username, usernameSignature, nodeConnection.senderSockAddr)) {
|
||||||
getGroupMemberships(username);
|
// they sent us a username and the signature verifies it
|
||||||
} else if (!username.isEmpty()) {
|
getGroupMemberships(username);
|
||||||
// they sent us a username, but it didn't check out
|
verifiedUsername = username;
|
||||||
requestUserPublicKey(username);
|
} else {
|
||||||
return SharedNodePointer();
|
// they sent us a username, but it didn't check out
|
||||||
|
requestUserPublicKey(username);
|
||||||
|
#ifdef WANT_DEBUG
|
||||||
|
qDebug() << "stalling login because signature verification failed:" << username;
|
||||||
|
#endif
|
||||||
|
return SharedNodePointer();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
userPerms = setPermissionsForUser(isLocalUser, verifiedUsername);
|
userPerms = setPermissionsForUser(isLocalUser, verifiedUsername);
|
||||||
|
|
@ -335,6 +341,9 @@ SharedNodePointer DomainGatekeeper::processAgentConnectRequest(const NodeConnect
|
||||||
if (!userPerms.can(NodePermissions::Permission::canConnectToDomain)) {
|
if (!userPerms.can(NodePermissions::Permission::canConnectToDomain)) {
|
||||||
sendConnectionDeniedPacket("You lack the required permissions to connect to this domain.",
|
sendConnectionDeniedPacket("You lack the required permissions to connect to this domain.",
|
||||||
nodeConnection.senderSockAddr, DomainHandler::ConnectionRefusedReason::TooManyUsers);
|
nodeConnection.senderSockAddr, DomainHandler::ConnectionRefusedReason::TooManyUsers);
|
||||||
|
#ifdef WANT_DEBUG
|
||||||
|
qDebug() << "stalling login due to permissions:" << username;
|
||||||
|
#endif
|
||||||
return SharedNodePointer();
|
return SharedNodePointer();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -342,6 +351,9 @@ SharedNodePointer DomainGatekeeper::processAgentConnectRequest(const NodeConnect
|
||||||
// we can't allow this user to connect because we are at max capacity
|
// we can't allow this user to connect because we are at max capacity
|
||||||
sendConnectionDeniedPacket("Too many connected users.", nodeConnection.senderSockAddr,
|
sendConnectionDeniedPacket("Too many connected users.", nodeConnection.senderSockAddr,
|
||||||
DomainHandler::ConnectionRefusedReason::TooManyUsers);
|
DomainHandler::ConnectionRefusedReason::TooManyUsers);
|
||||||
|
#ifdef WANT_DEBUG
|
||||||
|
qDebug() << "stalling login due to max capacity:" << username;
|
||||||
|
#endif
|
||||||
return SharedNodePointer();
|
return SharedNodePointer();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -355,10 +367,8 @@ SharedNodePointer DomainGatekeeper::processAgentConnectRequest(const NodeConnect
|
||||||
// we have a node that already has these exact sockets - this occurs if a node
|
// we have a node that already has these exact sockets - this occurs if a node
|
||||||
// is unable to connect to the domain
|
// is unable to connect to the domain
|
||||||
hintNodeID = node->getUUID();
|
hintNodeID = node->getUUID();
|
||||||
|
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
});
|
});
|
||||||
|
|
||||||
|
|
@ -378,6 +388,10 @@ SharedNodePointer DomainGatekeeper::processAgentConnectRequest(const NodeConnect
|
||||||
nodeData->addOverrideForKey(USERNAME_UUID_REPLACEMENT_STATS_KEY,
|
nodeData->addOverrideForKey(USERNAME_UUID_REPLACEMENT_STATS_KEY,
|
||||||
uuidStringWithoutCurlyBraces(newNode->getUUID()), username);
|
uuidStringWithoutCurlyBraces(newNode->getUUID()), username);
|
||||||
|
|
||||||
|
#ifdef WANT_DEBUG
|
||||||
|
qDebug() << "accepting login:" << username;
|
||||||
|
#endif
|
||||||
|
|
||||||
return newNode;
|
return newNode;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -417,7 +431,7 @@ bool DomainGatekeeper::verifyUserSignature(const QString& username,
|
||||||
const HifiSockAddr& senderSockAddr) {
|
const HifiSockAddr& senderSockAddr) {
|
||||||
|
|
||||||
// it's possible this user can be allowed to connect, but we need to check their username signature
|
// it's possible this user can be allowed to connect, but we need to check their username signature
|
||||||
QByteArray publicKeyArray = _userPublicKeys.value(username);
|
QByteArray publicKeyArray = _userPublicKeys.value(username.toLower());
|
||||||
|
|
||||||
const QUuid& connectionToken = _connectionTokenHash.value(username.toLower());
|
const QUuid& connectionToken = _connectionTokenHash.value(username.toLower());
|
||||||
|
|
||||||
|
|
@ -568,7 +582,7 @@ void DomainGatekeeper::publicKeyJSONCallback(QNetworkReply& requestReply) {
|
||||||
const QString JSON_DATA_KEY = "data";
|
const QString JSON_DATA_KEY = "data";
|
||||||
const QString JSON_PUBLIC_KEY_KEY = "public_key";
|
const QString JSON_PUBLIC_KEY_KEY = "public_key";
|
||||||
|
|
||||||
_userPublicKeys[username] =
|
_userPublicKeys[username.toLower()] =
|
||||||
QByteArray::fromBase64(jsonObject[JSON_DATA_KEY].toObject()[JSON_PUBLIC_KEY_KEY].toString().toUtf8());
|
QByteArray::fromBase64(jsonObject[JSON_DATA_KEY].toObject()[JSON_PUBLIC_KEY_KEY].toString().toUtf8());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue