1
0
mirror of https://github.com/ppy/osu.git synced 2025-01-26 02:12:57 +08:00
Commit Graph

160 Commits

Author SHA1 Message Date
Dean Herbert
07611bd8f5
Use IAPIProvider interface and correctly support scheduling from DummyAPIAccess 2024-08-30 18:35:31 +09:00
Dean Herbert
5836f497ac
Provide API context earlier to api requests in order to fix missing schedules
Closes https://github.com/ppy/osu/issues/29546.
2024-08-30 18:10:36 +09:00
Dean Herbert
11265538c4
Reset online status on logout 2024-07-29 20:06:30 +09:00
Dean Herbert
c142adf926
Fix online status not persisting correctly
Regressed at some point.

I don't see much reason not to link the bindable directly with config.
It seems to work as you'd expect. Tested with logout (resets to
"Online") and connection failure (persists).

Closes https://github.com/ppy/osu/issues/29173.
2024-07-29 20:06:27 +09:00
Bartłomiej Dach
3006bae0d8
Send client-generated session GUID for identification purposes
This is the first half of a change that *may* fix
https://github.com/ppy/osu/issues/26338 (it definitely fixes *one case*
where the issue happens, but I'm not sure if it will cover all of them).

As described in the issue thread, using the `jti` claim from the JWT
used for authorisation seemed like a decent idea. However, upon closer
inspection the scheme falls over badly in a specific scenario where:

1. A client instance connects to spectator server using JWT A.

2. At some point, JWT A expires, and is silently rotated by the game in
   exchange for JWT B.

   The spectator server knows nothing of this, and continues to only
   track JWT A, including the old `jti` claim in said JWT.

3. At some later point, the client's connection to one of the spectator
   server hubs drops out. A reconnection is automatically attempted,
   *but* it is attempted using JWT B.

   The spectator server was not aware of JWT B until now, and said JWT
   has a different `jti` claim than the old one, so to the spectator
   server, it looks like a completely different client connecting, which
   boots the user out of their account.

This PR adds a per-session GUID which is sent in a HTTP header on every
connection attempt to spectator server. This GUID will be used instead
of the `jti` claim in JWTs as a persistent identifier of a single user's
single lazer session, which bypasses the failure scenario described
above.

I don't think any stronger primitive than this is required. As far as I
can tell this is as strong a protection as the JWT was (which is to say,
not *very* strong), and doing this removes a lot of weird complexity
that would be otherwise incurred by attempting to have client ferry all
of its newly issued JWTs to the server so that it can be aware of them.
2024-07-17 15:56:41 +02:00
Bartłomiej Dach
ab01fa6d45
Add xmldoc to APIAccess.APIVersion 2024-05-29 14:10:07 +02:00
Bartłomiej Dach
cc13655617
Derive API response version from game version
(Or local date, in the case of non-deployed builds).

Came up when I was looking at https://github.com/ppy/osu-web/pull/11240
and found that we were still hardcoding this.

Thankfully, this *should not* cause issues, since there don't seem to be
any (documented or undocumented) API response version checks for
versions newer than 20220705 in osu-web master.

For clarity and possible debugging needs, the API response version is
also logged.
2024-05-29 14:10:01 +02:00
Dean Herbert
6a469f2cb6
Use switch instead of if-else 2024-01-29 17:18:17 +09:00
Bartłomiej Dach
96811a8874
Fix APIAccess spamming requests while waiting for second factor 2024-01-29 09:14:30 +01:00
Bartłomiej Dach
04cae874b0
Handle forced logouts due to password change too 2024-01-26 10:53:27 +01:00
Bartłomiej Dach
3d3506b906
Merge branch 'decouple-notification-websocket-from-chat' into 2fa 2024-01-25 14:51:42 +01:00
Bartłomiej Dach
de52f0a80c
Decouple notifications websocket handling from chat operations
This is a prerequisite for https://github.com/ppy/osu/pull/25480.

The `WebSocketNotificationsClient` was tightly coupled to chat specifics
making it difficult to use in the second factor verification flow.
This commit's goal is to separate the websocket connection and message
handling concerns from specific chat logic concerns.
2024-01-25 14:47:29 +01:00
Bartłomiej Dach
e3eb7a8b42
Support verification via clicking link from e-mail 2024-01-24 21:35:58 +01:00
Bartłomiej Dach
445a7450e0
Implement verification from within client 2024-01-24 21:35:20 +01:00
Bartłomiej Dach
7b47215657
Split /me request from /users requests
Them being together always bothered me and led to the abject failure
that is `APIUser` and its sprawl. Now that I'm about to add a flag that
is unique to `/me` for verification purposes, I'm not repeating the
errors of the past by adding yet another flag to `APIUser` that is never
present outside of a single usage context.
2024-01-24 14:22:57 +01:00
Bartłomiej Dach
2cfaa1c103
Merge branch 'master' into 2fa 2024-01-23 16:51:23 +01:00
StanR
e240443c46 Update LocalUser statistics, add test 2024-01-03 18:15:32 +06:00
StanR
d34f30f6ad Add Statistics bindable to IAPIProvider and update it from SoloStatisticsWatcher 2024-01-03 14:37:57 +06:00
Bartłomiej Dach
f9f03ebc0f
Store user online state in config for next launch
Closes remainder of https://github.com/ppy/osu/issues/12635.
2024-01-02 14:04:40 +01:00
Bartłomiej Dach
d66fa09320
Simplify UserStatus to be an enumeration type
There were absolutely no gains from having it be a reference type /
class, only complications, especially when coming from the serialisation
angle.
2023-12-06 18:52:27 +01:00
Dean Herbert
0e4244a692
Add APIAccess flow for 2fa 2023-11-16 18:18:15 +09:00
Dean Herbert
85e303ec54
Add two factor step to api state flow 2023-11-16 18:18:15 +09:00
Salman Ahmed
ab790ec96a Expose currently selected language from IAPIProvider 2023-06-08 02:59:34 +03:00
Dean Herbert
a7327b02a2 Add API level support for error message and redirect during registration flow 2023-01-13 15:32:53 +09:00
Salman Ahmed
e449d8dda0 Fix friends list duplicating on connection failure 2023-01-06 22:39:46 +03:00
Dan Balasescu
7bc8908ca9 Partial everything 2022-11-27 00:00:27 +09:00
Dean Herbert
964ceddf83 Fix API queue only being flushed once while in a failing state 2022-11-18 14:21:37 +09:00
Dan Balasescu
5b25ef5f2f Construct notifications client via IAPIProvider 2022-11-01 21:34:34 +09:00
Dean Herbert
865d63f768 Refactor APIAccess main loop to read better 2022-08-11 15:43:39 +09:00
Dean Herbert
47196b19a5 Stop setting Online state in handleRequest
This is already handled amicably by the `Failing` -> `Connecting` flow.
Having this set in `handleRequest` throws things off, potentially
leading to the `Online` state change before the user has been populated.
2022-08-11 14:36:30 +09:00
Dean Herbert
7ec67c28b9 Set Online state sooner in connection process
This isn't really required as such, but feels more correct. There was no
reason for it to wait for the friend population to complete before
deeming things to be "online".
2022-08-11 14:35:56 +09:00
Dean Herbert
e5b534bb26 Add thread safety to APIAccess.LocalUser 2022-08-11 12:45:26 +09:00
Dean Herbert
4a312d5658 Use a placeholder user with the correct username during connecting process
This allows for various components (like gameplay) to obtain a correct
username even if the API is not yet in a connected state. The most
common case is during startup, where a connection may not have been
established yet, but the user's username was restored from their config
file.

By making the change, local scores will now have the correct username
(although avatar etc. will be missing, which I think it fine) even if
the API is not yet connected. Previously, they would show up as "Guest".
2022-08-09 17:13:09 +09:00
Dean Herbert
f9d0cc3c4e Change APIAccess.IsLoggedIn to also return true when connecting
All usages of this are made with the intention of showing data when an
api is going to eventually become available. In the case of a login
failure, components are also able to display a correct state.

With this change, it makes online components display in a more correct
state during startup or initial logging in phase.
2022-08-09 17:11:44 +09:00
Salman Ahmed
b42f49aeaa Handle APIException from user request during logging in 2022-07-16 00:38:53 +03:00
Dean Herbert
1bef2d7b39 Add and consume SoloScoreInfo 2022-07-12 18:00:25 +09:00
Dan Balasescu
f8830c6850 Automated #nullable processing 2022-06-17 16:37:17 +09:00
Dean Herbert
319867f73c Mark GuestUser as system user via Id for now
Should resolve https://github.com/ppy/osu/issues/18105.

Checking through usages, it doesn't immediately look like this will
regress any other scenarios.
2022-05-06 17:37:46 +09:00
Dean Herbert
7f4cc221d2 Add API versioning 2022-02-21 19:02:03 +09:00
Dean Herbert
a69c7a9de6 Split exceptions back out to give better messaging 2022-02-03 14:09:27 +09:00
Dean Herbert
62fa915193 Standardise exception messages for local-user-logged-out flows 2022-02-03 13:58:55 +09:00
Dan Balasescu
d9a43b4c4c Fix API requests not completing when offline 2022-02-03 13:16:54 +09:00
Dean Herbert
0ecf5f201c Rename User to APIUser and move to correct namespace 2021-11-07 11:26:01 +09:00
Dean Herbert
266b4c7124 Expose login errors from IAPIProvider and show on the login form 2021-10-04 15:40:24 +09:00
Dean Herbert
da8eba9996 Return early to avoid updating state and failure count in fail cases 2021-08-20 12:11:41 +09:00
Dean Herbert
a6b7ca1a4c Ensure all request failures are correctly handled during login 2021-08-19 19:55:14 +09:00
Dean Herbert
617ff40de7 Add the ability to not use MessagePack when creating a HubConnector 2021-08-02 18:50:22 +09:00
Dean Herbert
185ea776f5 Fix incorrect authorisation loss exception handling with recent changes 2021-07-30 18:11:40 +09:00
Dean Herbert
17168b8137 Fix authentication loss not handled correctly
This handles the case where on initial API connection, the server
responds with an `Unauthorized` response. It doesn't perform this same
checking/handling on every API request, which is probably what we want
eventually.

Opting to not address the full issue because I know this is going to be
a long one (see
05c50c0f6c/osu.Game/Online/API/APIAccess.cs (L233)).
2021-07-23 19:03:19 +09:00
Bartłomiej Dach
5b2b701915 Ignore possible null in GetResponseString()
A null there indicates a deserialisation error and therefore due to the
catch block immediately succeeding the changed line everything will
continue to work as intended.
2021-05-15 00:09:34 +02:00