1
0
mirror of https://github.com/ppy/osu.git synced 2025-01-22 11:12:55 +08:00
Commit Graph

1105 Commits

Author SHA1 Message Date
Bartłomiej Dach
3006bae0d8
Send client-generated session GUID for identification purposes
This is the first half of a change that *may* fix
https://github.com/ppy/osu/issues/26338 (it definitely fixes *one case*
where the issue happens, but I'm not sure if it will cover all of them).

As described in the issue thread, using the `jti` claim from the JWT
used for authorisation seemed like a decent idea. However, upon closer
inspection the scheme falls over badly in a specific scenario where:

1. A client instance connects to spectator server using JWT A.

2. At some point, JWT A expires, and is silently rotated by the game in
   exchange for JWT B.

   The spectator server knows nothing of this, and continues to only
   track JWT A, including the old `jti` claim in said JWT.

3. At some later point, the client's connection to one of the spectator
   server hubs drops out. A reconnection is automatically attempted,
   *but* it is attempted using JWT B.

   The spectator server was not aware of JWT B until now, and said JWT
   has a different `jti` claim than the old one, so to the spectator
   server, it looks like a completely different client connecting, which
   boots the user out of their account.

This PR adds a per-session GUID which is sent in a HTTP header on every
connection attempt to spectator server. This GUID will be used instead
of the `jti` claim in JWTs as a persistent identifier of a single user's
single lazer session, which bypasses the failure scenario described
above.

I don't think any stronger primitive than this is required. As far as I
can tell this is as strong a protection as the JWT was (which is to say,
not *very* strong), and doing this removes a lot of weird complexity
that would be otherwise incurred by attempting to have client ferry all
of its newly issued JWTs to the server so that it can be aware of them.
2024-07-17 15:56:41 +02:00
Dean Herbert
f3bc944ac8
Remove using statement 2024-05-30 17:45:32 +09:00
Dean Herbert
36d7775032
Fix typo in IAPIProvider xmldoc 2024-05-30 17:38:05 +09:00
Dean Herbert
2f2bc8e52e
Avoid ChatAckRequest failures flooding console in OsuGameTestScenes 2024-05-30 17:37:55 +09:00
Bartłomiej Dach
ab01fa6d45
Add xmldoc to APIAccess.APIVersion 2024-05-29 14:10:07 +02:00
Bartłomiej Dach
cc13655617
Derive API response version from game version
(Or local date, in the case of non-deployed builds).

Came up when I was looking at https://github.com/ppy/osu-web/pull/11240
and found that we were still hardcoding this.

Thankfully, this *should not* cause issues, since there don't seem to be
any (documented or undocumented) API response version checks for
versions newer than 20220705 in osu-web master.

For clarity and possible debugging needs, the API response version is
also logged.
2024-05-29 14:10:01 +02:00
Bartłomiej Dach
e11e9fe14f
Add TotalScoreWithoutMods to SoloScoreInfo
End goal being storing it server-side.
2024-04-17 09:15:51 +02:00
Dean Herbert
9474156df4
Improve equality implementations 2024-03-26 20:21:12 +08:00
Dean Herbert
057f86dd14
Add handling of expiration 2024-03-25 14:31:05 +08:00
Dean Herbert
f0614928b1
Read from new location 2024-03-25 13:19:12 +08:00
Dean Herbert
ec4a9a5fdd
Make work again for simple case 2024-03-24 14:55:45 +08:00
Dean Herbert
ef2a16dd8f
Various renaming and class updates to allow multiple menu banners 2024-03-24 14:55:43 +08:00
Berkan Diler
6fabbe2616 Use new ToDictionary() overload without delegates 2024-03-05 10:27:12 +01:00
Bartłomiej Dach
57bb0b85a1
Merge pull request #27107 from Joehuu/rank-highest-tooltip
Add highest rank tooltip to global rank display
2024-02-22 09:08:22 +01:00
Bartłomiej Dach
68247fa022
Fix typo in json property name
Would cause the mapper badge to never actually be shown in the real
world.
2024-02-14 13:21:37 +01:00
Salman Ahmed
c4e358044a Add API models for comment page metadata 2024-02-14 04:16:36 +03:00
Dean Herbert
f7a223f328
Merge pull request #27053 from frenzibyte/unranked-pp-placeholder
Add support for displaying "unranked PP" placeholder
2024-02-13 18:59:55 +08:00
Joseph Madamba
c9c39ecb2f Add RankHighest to APIUser 2024-02-09 16:06:16 -08:00
Bartłomiej Dach
9314de640f
Populate TotalScoreInfo when converting SoloScoreInfo to ScoreInfo
For use in https://github.com/ppy/osu-tools/pull/195.
2024-02-06 18:30:48 +01:00
Salman Ahmed
4be4ed7ab2 Add "ranked" attribute to scores 2024-02-05 23:29:24 +03:00
Dean Herbert
4248593289
Fix menu banner not updating as often as we want it to 2024-01-31 22:44:24 +09:00
Bartłomiej Dach
000ddc14ac
Fix broken locking in OAuth
Closes https://github.com/ppy/osu/issues/26824... I think?

Can be reproduced via something like

diff --git a/osu.Game/Online/API/OAuth.cs b/osu.Game/Online/API/OAuth.cs
index 485274f349..e6e93ab4c7 100644
--- a/osu.Game/Online/API/OAuth.cs
+++ b/osu.Game/Online/API/OAuth.cs
@@ -151,6 +151,11 @@ internal string RequestAccessToken()
         {
             if (!ensureAccessToken()) return null;

+            for (int i = 0; i < 10000; ++i)
+            {
+                _ = Token.Value.AccessToken;
+            }
+
             return Token.Value.AccessToken;
         }

The cause is `SecondFactorAuthForm` calling `Logout()`, which calls
`OAuth.Clear()`, _while_ the `APIAccess` connect loop is checking if
`authentication.HasValidAccessToken` is true, which happens to
internally check `Token.Value.AccessToken`, which the clearing of
tokens can brutally interrupt.
2024-01-30 21:05:23 +01:00
Dean Herbert
6a469f2cb6
Use switch instead of if-else 2024-01-29 17:18:17 +09:00
Bartłomiej Dach
96811a8874
Fix APIAccess spamming requests while waiting for second factor 2024-01-29 09:14:30 +01:00
Dean Herbert
4a2602a775
Merge branch 'master' into 2fa 2024-01-29 16:57:29 +09:00
Dean Herbert
ef94eff574
Rename PollingChatClientConnector to better describe usage 2024-01-29 16:56:28 +09:00
Bartłomiej Dach
a2e69d37e8
Add basic testing of failure flow 2024-01-26 11:17:32 +01:00
Bartłomiej Dach
04cae874b0
Handle forced logouts due to password change too 2024-01-26 10:53:27 +01:00
Bartłomiej Dach
3d3506b906
Merge branch 'decouple-notification-websocket-from-chat' into 2fa 2024-01-25 14:51:42 +01:00
Bartłomiej Dach
c463aa5ba1
xmldoc everything 2024-01-25 14:47:29 +01:00
Bartłomiej Dach
de52f0a80c
Decouple notifications websocket handling from chat operations
This is a prerequisite for https://github.com/ppy/osu/pull/25480.

The `WebSocketNotificationsClient` was tightly coupled to chat specifics
making it difficult to use in the second factor verification flow.
This commit's goal is to separate the websocket connection and message
handling concerns from specific chat logic concerns.
2024-01-25 14:47:29 +01:00
Bartłomiej Dach
e3eb7a8b42
Support verification via clicking link from e-mail 2024-01-24 21:35:58 +01:00
Bartłomiej Dach
445a7450e0
Implement verification from within client 2024-01-24 21:35:20 +01:00
Bartłomiej Dach
ddc2bbeb9b
Add session_verified attribute to /me response 2024-01-24 14:24:33 +01:00
Bartłomiej Dach
7b47215657
Split /me request from /users requests
Them being together always bothered me and led to the abject failure
that is `APIUser` and its sprawl. Now that I'm about to add a flag that
is unique to `/me` for verification purposes, I'm not repeating the
errors of the past by adding yet another flag to `APIUser` that is never
present outside of a single usage context.
2024-01-24 14:22:57 +01:00
Bartłomiej Dach
7c140408ea
Add request structures for verification endpoints 2024-01-24 13:53:40 +01:00
Bartłomiej Dach
2cfaa1c103
Merge branch 'master' into 2fa 2024-01-23 16:51:23 +01:00
Joseph Madamba
3eeefd5b7e Fix changelog stream user count only accounting for latest build 2024-01-18 16:15:52 -08:00
StanR
e240443c46 Update LocalUser statistics, add test 2024-01-03 18:15:32 +06:00
StanR
d34f30f6ad Add Statistics bindable to IAPIProvider and update it from SoloStatisticsWatcher 2024-01-03 14:37:57 +06:00
Bartłomiej Dach
f9f03ebc0f
Store user online state in config for next launch
Closes remainder of https://github.com/ppy/osu/issues/12635.
2024-01-02 14:04:40 +01:00
Dean Herbert
93a8afe96e
Add very simple cache-busting (30 minutes) 2023-12-28 14:40:10 +09:00
Bartłomiej Dach
ef39759813
More code quality inspections 2023-12-28 00:18:20 +01:00
Bartłomiej Dach
ac449131ed
CodeFileSanity does not like records in standalone files 2023-12-27 23:47:37 +01:00
Bartłomiej Dach
a3f720bc62
Retrieve system title from online source 2023-12-27 23:37:39 +01:00
Bartłomiej Dach
d9299a8a55
Implement visual appearance of "system title" message in main menu 2023-12-27 23:07:17 +01:00
Dan Balasescu
0171078052
Move object counts to BeatmapInfo 2023-12-13 17:33:24 +09:00
Dean Herbert
fdcf87569c
Merge pull request #25711 from smoogipoo/mania-convert-song-select-keycount
Display osu!mania keycount in song select carousel panels and details
2023-12-13 16:31:25 +09:00
Dan Balasescu
2abf3a55ae
Add IsLegacyScore to SoloScoreInfo 2023-12-13 16:12:12 +09:00
Dan Balasescu
767d5c8018
Add object counts to IBeatmapDifficultyInfo 2023-12-09 22:31:51 +09:00