1
0
mirror of https://github.com/ppy/osu.git synced 2025-01-26 00:42:55 +08:00
Commit Graph

1127 Commits

Author SHA1 Message Date
cdwcgt
21b1c799f3
rename FriendAddRequest to AddFriendRequest 2024-11-01 19:16:56 +08:00
cdwcgt
729c7f11a9
add StringEnumConverter for RelationType 2024-11-01 19:15:20 +08:00
cdwcgt
0b2f4facac
add test 2024-11-01 14:05:24 +08:00
cdwcgt
69b5bd3b50
Fix existing friend logic 2024-11-01 12:53:13 +08:00
cdwcgt
bf53833b7b
add API model and request 2024-11-01 12:52:37 +08:00
Bartłomiej Dach
7e3564cb4a
Bring back matching by filename when performing online metadata lookups 2024-10-30 10:25:20 +01:00
Bartłomiej Dach
776fabd77c
Only use MD5 when performing metadata lookups
Both online and offline using the cache.

The rationale behind this change is that in the current state of
affairs, `TestPartiallyMaliciousSet()` fails in a way that cannot be
reconciled without this sort of change.

The test exercises a scenario where the beatmap being imported has an
online ID in the `.osu` file, but its hash does not match the online
hash of the beatmap. This turns out to be a more frequent scenario than
envisioned because of users doing stupid things with manual file editing
rather than reporting issues properly.

The scenario is realistic only because the behaviour of the endpoint
responsible for looking up beatmaps is such that if multiple parameters
are given (e.g. all three of beatmap MD5, online ID, and filename), it
will try the three in succession:

	f6b341813b/app/Http/Controllers/BeatmapsController.php (L260-L266)

and the local metadata cache implementation reflected this
implementation.

Because online ID and filename are inherently unreliable in this
scenario due to being directly manipulable by clueless or malicious
users, neither should not be used as a fallback.
2024-10-30 08:12:30 +01:00
Bartłomiej Dach
1744566def
Clarify xmldoc 2024-10-08 14:46:53 +02:00
Bartłomiej Dach
3d06d67fec
Add GET /users/lookup request type 2024-10-08 14:05:09 +02:00
Bartłomiej Dach
e91c8fb4bd
Properly disable comment box on beatmaps that cannot be commented on
Closes https://github.com/ppy/osu/issues/30052.

Compare:

- 83816dbe24/resources/js/components/comment-editor.tsx (L54-L60)
- 83816dbe24/resources/js/components/comment-editor.tsx (L47-L52)
2024-09-30 11:02:00 +02:00
Dean Herbert
6fc60908c0
Trigger request failure on receiving a null response for a typed APIRequest 2024-09-05 01:00:23 +09:00
Bartłomiej Dach
8ffd4aa82c
Fix NRT inspections 2024-08-30 13:41:34 +02:00
Dean Herbert
2d745fb67e
Apply NRT to APIRequest 2024-08-30 18:35:31 +09:00
Dean Herbert
07611bd8f5
Use IAPIProvider interface and correctly support scheduling from DummyAPIAccess 2024-08-30 18:35:31 +09:00
Dean Herbert
5836f497ac
Provide API context earlier to api requests in order to fix missing schedules
Closes https://github.com/ppy/osu/issues/29546.
2024-08-30 18:10:36 +09:00
Dean Herbert
310def64f4
Merge branch 'master' into user-profile-daily-challenge-streak-display 2024-08-02 15:40:46 +09:00
Dean Herbert
11265538c4
Reset online status on logout 2024-07-29 20:06:30 +09:00
Dean Herbert
c142adf926
Fix online status not persisting correctly
Regressed at some point.

I don't see much reason not to link the bindable directly with config.
It seems to work as you'd expect. Tested with logout (resets to
"Online") and connection failure (persists).

Closes https://github.com/ppy/osu/issues/29173.
2024-07-29 20:06:27 +09:00
Salman Ahmed
0c89210bd7 Add API models for daily challenge statistics 2024-07-28 05:24:05 +03:00
Bartłomiej Dach
dd8be62d07
Merge pull request #28849 from frenzibyte/custom-profile-colour
Add custom hue support to user profile overlay
2024-07-22 09:41:32 +02:00
Salman Ahmed
102da0f98c Remove incorrect [CanBeNull] attribute 2024-07-17 23:58:38 +03:00
Bartłomiej Dach
3006bae0d8
Send client-generated session GUID for identification purposes
This is the first half of a change that *may* fix
https://github.com/ppy/osu/issues/26338 (it definitely fixes *one case*
where the issue happens, but I'm not sure if it will cover all of them).

As described in the issue thread, using the `jti` claim from the JWT
used for authorisation seemed like a decent idea. However, upon closer
inspection the scheme falls over badly in a specific scenario where:

1. A client instance connects to spectator server using JWT A.

2. At some point, JWT A expires, and is silently rotated by the game in
   exchange for JWT B.

   The spectator server knows nothing of this, and continues to only
   track JWT A, including the old `jti` claim in said JWT.

3. At some later point, the client's connection to one of the spectator
   server hubs drops out. A reconnection is automatically attempted,
   *but* it is attempted using JWT B.

   The spectator server was not aware of JWT B until now, and said JWT
   has a different `jti` claim than the old one, so to the spectator
   server, it looks like a completely different client connecting, which
   boots the user out of their account.

This PR adds a per-session GUID which is sent in a HTTP header on every
connection attempt to spectator server. This GUID will be used instead
of the `jti` claim in JWTs as a persistent identifier of a single user's
single lazer session, which bypasses the failure scenario described
above.

I don't think any stronger primitive than this is required. As far as I
can tell this is as strong a protection as the JWT was (which is to say,
not *very* strong), and doing this removes a lot of weird complexity
that would be otherwise incurred by attempting to have client ferry all
of its newly issued JWTs to the server so that it can be aware of them.
2024-07-17 15:56:41 +02:00
Salman Ahmed
3eaac11b44 Add profile hue attribute to API model 2024-07-13 11:26:45 +03:00
Dean Herbert
f3bc944ac8
Remove using statement 2024-05-30 17:45:32 +09:00
Dean Herbert
36d7775032
Fix typo in IAPIProvider xmldoc 2024-05-30 17:38:05 +09:00
Dean Herbert
2f2bc8e52e
Avoid ChatAckRequest failures flooding console in OsuGameTestScenes 2024-05-30 17:37:55 +09:00
Bartłomiej Dach
ab01fa6d45
Add xmldoc to APIAccess.APIVersion 2024-05-29 14:10:07 +02:00
Bartłomiej Dach
cc13655617
Derive API response version from game version
(Or local date, in the case of non-deployed builds).

Came up when I was looking at https://github.com/ppy/osu-web/pull/11240
and found that we were still hardcoding this.

Thankfully, this *should not* cause issues, since there don't seem to be
any (documented or undocumented) API response version checks for
versions newer than 20220705 in osu-web master.

For clarity and possible debugging needs, the API response version is
also logged.
2024-05-29 14:10:01 +02:00
Bartłomiej Dach
e11e9fe14f
Add TotalScoreWithoutMods to SoloScoreInfo
End goal being storing it server-side.
2024-04-17 09:15:51 +02:00
Dean Herbert
9474156df4
Improve equality implementations 2024-03-26 20:21:12 +08:00
Dean Herbert
057f86dd14
Add handling of expiration 2024-03-25 14:31:05 +08:00
Dean Herbert
f0614928b1
Read from new location 2024-03-25 13:19:12 +08:00
Dean Herbert
ec4a9a5fdd
Make work again for simple case 2024-03-24 14:55:45 +08:00
Dean Herbert
ef2a16dd8f
Various renaming and class updates to allow multiple menu banners 2024-03-24 14:55:43 +08:00
Berkan Diler
6fabbe2616 Use new ToDictionary() overload without delegates 2024-03-05 10:27:12 +01:00
Bartłomiej Dach
57bb0b85a1
Merge pull request #27107 from Joehuu/rank-highest-tooltip
Add highest rank tooltip to global rank display
2024-02-22 09:08:22 +01:00
Bartłomiej Dach
68247fa022
Fix typo in json property name
Would cause the mapper badge to never actually be shown in the real
world.
2024-02-14 13:21:37 +01:00
Salman Ahmed
c4e358044a Add API models for comment page metadata 2024-02-14 04:16:36 +03:00
Dean Herbert
f7a223f328
Merge pull request #27053 from frenzibyte/unranked-pp-placeholder
Add support for displaying "unranked PP" placeholder
2024-02-13 18:59:55 +08:00
Joseph Madamba
c9c39ecb2f Add RankHighest to APIUser 2024-02-09 16:06:16 -08:00
Bartłomiej Dach
9314de640f
Populate TotalScoreInfo when converting SoloScoreInfo to ScoreInfo
For use in https://github.com/ppy/osu-tools/pull/195.
2024-02-06 18:30:48 +01:00
Salman Ahmed
4be4ed7ab2 Add "ranked" attribute to scores 2024-02-05 23:29:24 +03:00
Dean Herbert
4248593289
Fix menu banner not updating as often as we want it to 2024-01-31 22:44:24 +09:00
Bartłomiej Dach
000ddc14ac
Fix broken locking in OAuth
Closes https://github.com/ppy/osu/issues/26824... I think?

Can be reproduced via something like

diff --git a/osu.Game/Online/API/OAuth.cs b/osu.Game/Online/API/OAuth.cs
index 485274f349..e6e93ab4c7 100644
--- a/osu.Game/Online/API/OAuth.cs
+++ b/osu.Game/Online/API/OAuth.cs
@@ -151,6 +151,11 @@ internal string RequestAccessToken()
         {
             if (!ensureAccessToken()) return null;

+            for (int i = 0; i < 10000; ++i)
+            {
+                _ = Token.Value.AccessToken;
+            }
+
             return Token.Value.AccessToken;
         }

The cause is `SecondFactorAuthForm` calling `Logout()`, which calls
`OAuth.Clear()`, _while_ the `APIAccess` connect loop is checking if
`authentication.HasValidAccessToken` is true, which happens to
internally check `Token.Value.AccessToken`, which the clearing of
tokens can brutally interrupt.
2024-01-30 21:05:23 +01:00
Dean Herbert
6a469f2cb6
Use switch instead of if-else 2024-01-29 17:18:17 +09:00
Bartłomiej Dach
96811a8874
Fix APIAccess spamming requests while waiting for second factor 2024-01-29 09:14:30 +01:00
Dean Herbert
4a2602a775
Merge branch 'master' into 2fa 2024-01-29 16:57:29 +09:00
Dean Herbert
ef94eff574
Rename PollingChatClientConnector to better describe usage 2024-01-29 16:56:28 +09:00
Bartłomiej Dach
a2e69d37e8
Add basic testing of failure flow 2024-01-26 11:17:32 +01:00
Bartłomiej Dach
04cae874b0
Handle forced logouts due to password change too 2024-01-26 10:53:27 +01:00