Skip to content

Commit

Permalink
Merge branch 'general-devel' of github.com:nicatronTg/TShock into gen…
Browse files Browse the repository at this point in the history
…eral-devel
hakusaro committed Oct 15, 2016
2 parents bbe0462 + f35d842 commit 4fcabd5
Showing 5 changed files with 90 additions and 86 deletions.
2 changes: 2 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -3,6 +3,8 @@
This is the rolling changelog for TShock for Terraria. Use past tense when adding new entries; sign your name off when you add or change something. This should primarily be things like user changes, not necessarily codebase changes unless it's really relevant or large.

## Upcoming Changes
* Security improvement: The auth system is now automatically disabled if a superadmin exists in the database (@Enerdy)
* Removed the `auth-verify` command since `auth` now serves its purpose when necessary (@Enerdy)

## TShock 4.3.19
* Compatibility with Terraria 1.3.3.3 (@Simon311)
6 changes: 5 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
@@ -1,4 +1,8 @@
# TShock [![Build Status](https://travis-ci.org/NyxStudios/TShock.png?branch=general-devel)](https://travis-ci.org/NyxStudios/TShock)
<p align="center">
<img src="https://tshock.co/newlogo.png" alt="TShock for Terraria"><br />
<a href="https://travis-ci.org/NyxStudios/TShock"><img src="https://travis-ci.org/NyxStudios/TShock.png?branch=general-devel" alt="Build Status"></a><br />
<hr />
</p>

TShock is a server modification for Terraria, written in C#, and based upon the [Terraria Server API](https://github.com/NyxStudios/TerrariaAPI-Server). It uses JSON for configuration management, and offers several features not present in the Terraria Server normally.

82 changes: 36 additions & 46 deletions TShockAPI/Commands.cs
Original file line number Diff line number Diff line change
@@ -213,10 +213,6 @@ public static void InitCommands()
AllowServer = false,
HelpText = "Used to authenticate as superadmin when first setting up TShock."
});
add(new Command(Permissions.authverify, AuthVerify, "auth-verify")
{
HelpText = "Used to verify that you have correctly set up TShock."
});
add(new Command(Permissions.user, ManageUsers, "user")
{
DoLog = false,
@@ -4622,61 +4618,55 @@ private static void AuthToken(CommandArgs args)
{
if (TShock.AuthToken == 0)
{
args.Player.SendWarningMessage("Auth is disabled. This incident has been logged.");
TShock.Utils.ForceKick(args.Player, "Auth system is disabled.", true, true);
TShock.Log.Warn("{0} attempted to use {1}auth even though it's disabled.", args.Player.IP, Specifier);
return;
}
int givenCode = Convert.ToInt32(args.Parameters[0]);
if (givenCode == TShock.AuthToken && args.Player.Group.Name != "superadmin")
{
try
{
args.Player.Group = TShock.Utils.GetGroup("superadmin");
args.Player.SendInfoMessage("Superadmin has been temporarily given to you. It will be removed on logout.");
args.Player.SendInfoMessage("Please use the following to create a permanent account for you.");
args.Player.SendInfoMessage("{0}user add <username> <password> superadmin", Specifier);
args.Player.SendInfoMessage("Creates: <username> with the password <password> as part of the superadmin group.");
args.Player.SendInfoMessage("Please use {0}login <username> <password> after this process.", Specifier);
args.Player.SendInfoMessage("If you understand, please {0}login <username> <password> now, and type {0}auth-verify.", Specifier);
}
catch (UserManagerException ex)
if (args.Player.Group.Name == new SuperAdminGroup().Name)
args.Player.SendInfoMessage("The auth system is already disabled.");
else
{
TShock.Log.ConsoleError(ex.ToString());
args.Player.SendErrorMessage(ex.Message);
args.Player.SendWarningMessage("The auth system is disabled. This incident has been logged.");
TShock.Utils.ForceKick(args.Player, "Auth system is disabled.", true, true);
TShock.Log.Warn("{0} attempted to use {1}auth even though it's disabled.", args.Player.IP, Specifier);
return;
}
return;
}

if (args.Player.Group.Name == "superadmin")
// If the user account is already a superadmin (permanent), disable the system
if (args.Player.IsLoggedIn && args.Player.tempGroup == null && args.Player.Group.Name == new SuperAdminGroup().Name)
{
args.Player.SendInfoMessage("Please disable the auth system! If you need help, consult the forums. https://tshock.co/");
args.Player.SendInfoMessage("This account is superadmin, please do the following to finish your install:");
args.Player.SendInfoMessage("Please use {0}login <username> <password> to login from now on.", Specifier);
args.Player.SendInfoMessage("If you understand, please {0}login <username> <password> now, and type {0}auth-verify.", Specifier);
args.Player.SendSuccessMessage("Your new account has been verified, and the {0}auth system has been turned off.", Specifier);
args.Player.SendSuccessMessage("You can always use the {0}user command to manage players.", Specifier);
args.Player.SendSuccessMessage("The auth system will remain disabled as long as a superadmin exists (even if you delete auth.lck).");
args.Player.SendSuccessMessage("Share your server, talk with other admins, and more on our forums -- https://tshock.co/");
args.Player.SendSuccessMessage("Thank you for using TShock for Terraria!");
FileTools.CreateFile(Path.Combine(TShock.SavePath, "auth.lck"));
File.Delete(Path.Combine(TShock.SavePath, "authcode.txt"));
TShock.AuthToken = 0;
return;
}

args.Player.SendErrorMessage("Incorrect auth code. This incident has been logged.");
TShock.Log.Warn(args.Player.IP + " attempted to use an incorrect auth code.");
}
if (args.Parameters.Count == 0)
{
args.Player.SendErrorMessage("You must provide an auth code!");
return;
}

private static void AuthVerify(CommandArgs args)
{
if (TShock.AuthToken == 0)
int givenCode;
if (!Int32.TryParse(args.Parameters[0], out givenCode) || givenCode != TShock.AuthToken)
{
args.Player.SendWarningMessage("It appears that you have already turned off the auth token.");
args.Player.SendWarningMessage("If this is a mistake, delete auth.lck.");
args.Player.SendErrorMessage("Incorrect auth code. This incident has been logged.");
TShock.Log.Warn(args.Player.IP + " attempted to use an incorrect auth code.");
return;
}

args.Player.SendSuccessMessage("Your new account has been verified, and the /auth system has been turned off.");
args.Player.SendSuccessMessage("You can always use the /user command to manage players. Don't just delete the auth.lck.");
args.Player.SendSuccessMessage("Share your server, talk with other admins, and more on our forums -- https://tshock.co/");
args.Player.SendSuccessMessage("Thank you for using TShock for Terraria!");
FileTools.CreateFile(Path.Combine(TShock.SavePath, "auth.lck"));
File.Delete(Path.Combine(TShock.SavePath, "authcode.txt"));
TShock.AuthToken = 0;
if (args.Player.Group.Name != "superadmin")
args.Player.tempGroup = new SuperAdminGroup();

args.Player.SendInfoMessage("Superadmin has been temporarily given to you. It will be removed on logout.");
args.Player.SendInfoMessage("Please use the following to create a permanent account for you.");
args.Player.SendInfoMessage("{0}user add <username> <password> superadmin", Specifier);
args.Player.SendInfoMessage("Creates: <username> with the password <password> as part of the superadmin group.");
args.Player.SendInfoMessage("Please use {0}login <username> <password> after this process.", Specifier);
args.Player.SendInfoMessage("If you understand, please {0}login <username> <password> now, and then type {0}auth.", Specifier);
return;
}

private static void ThirdPerson(CommandArgs args)
37 changes: 19 additions & 18 deletions TShockAPI/Permissions.cs
Original file line number Diff line number Diff line change
@@ -29,16 +29,16 @@ public static class Permissions
{
// tshock.account nodes

[Description("User can register account in game")]
[Description("User can register account in game.")]
public static readonly string canregister = "tshock.account.register";

[Description("User can login in game")]
[Description("User can login in game.")]
public static readonly string canlogin = "tshock.account.login";

[Description("User can logout in game")]
[Description("User can logout in game.")]
public static readonly string canlogout = "tshock.account.logout";

[Description("User can change password in game")]
[Description("User can change password in game.")]
public static readonly string canchangepassword = "tshock.account.changepassword";

// tshock.admin nodes
@@ -79,10 +79,10 @@ public static class Permissions
[Description("User can manage regions.")]
public static readonly string manageregion = "tshock.admin.region";

[Description("User can mute and unmute users")]
[Description("User can mute and unmute users.")]
public static readonly string mute = "tshock.admin.mute";

[Description("User can see the id of players with /who")]
[Description("User can see the id of players with /who.")]
public static readonly string seeids = "tshock.admin.seeplayerids";

[Description("User can save all the players SSI state.")]
@@ -148,7 +148,7 @@ public static class Permissions
[Description("Prevents your actions from being ignored if damage is too high.")]
public static readonly string ignoredamagecap = "tshock.ignore.damage";

[Description("Bypass server side character checks")]
[Description("Bypass server side character checks.")]
public static readonly string bypassssc = "tshock.ignore.ssc";

[Description("Allow unrestricted SendTileSquare usage, for client side world editing.")]
@@ -200,18 +200,19 @@ public static class Permissions
[Description("User can kill all enemy npcs.")]
public static readonly string butcher = "tshock.npc.butcher";

[Description("User can summon bosses using items")]
[Description("User can summon bosses using items.")]
public static readonly string summonboss = "tshock.npc.summonboss";

[Description("User can start invasions (Goblin/Snow Legion) using items")]
[Description("User can start invasions (Goblin/Snow Legion) using items.")]
public static readonly string startinvasion = "tshock.npc.startinvasion";

[Description("User can clear the list of users who have completed an angler quest that day.")]
public static readonly string clearangler = "tshock.npc.clearanglerquests";

// tshock.superadmin nodes

[Description("Meant for super admins only.")]
[Description("This permission is no longer used.")]
[Obsolete("No longer used.")]
public static readonly string authverify = "tshock.superadmin.authverify";

[Description("Meant for super admins only.")]
@@ -252,7 +253,7 @@ public static class Permissions
[Description("User can use /spawn.")]
public static readonly string spawn = "tshock.tp.spawn";

[Description("User can use the Rod of Discor.")]
[Description("User can use the Rod of Discord.")]
public static readonly string rod = "tshock.tp.rod";

[Description("User can use wormhole potions.")]
@@ -287,7 +288,7 @@ public static class Permissions
[Description("User can change the homes of NPCs.")]
public static readonly string movenpc = "tshock.world.movenpc";

[Description("User can convert hallow into corruption and vice-versa")]
[Description("User can convert hallow into corruption and vice-versa.")]
public static readonly string converthardmode = "tshock.world.converthardmode";

[Description("User can force the server to Halloween mode.")]
@@ -322,7 +323,7 @@ public static class Permissions

[Description("User can modify the world.")]
public static readonly string canbuild = "tshock.world.modify";

[Description("User can paint tiles.")]
public static readonly string canpaint = "tshock.world.paint";

@@ -345,7 +346,7 @@ public static class Permissions

[Description("User can kill others.")]
public static readonly string kill = "tshock.kill";

[Description("Allows you to bypass the max slots for up to 5 slots above your max.")]
public static readonly string reservedslot = "tshock.reservedslot";

@@ -364,10 +365,10 @@ public static class Permissions
[Description("User can heal players.")]
public static readonly string heal = "tshock.heal";

[Description("User can use party chat in game")]
[Description("User can use party chat in game.")]
public static readonly string canpartychat = "tshock.partychat";

[Description("User can talk in third person")]
[Description("User can talk in third person.")]
public static readonly string cantalkinthird = "tshock.thirdperson";

[Description("User can get the server info.")]
@@ -376,10 +377,10 @@ public static class Permissions
[Description("Player recovers health as damage is taken. Can be one shotted.")]
public static readonly string godmode = "tshock.godmode";

[Description("User can godmode other players")]
[Description("User can godmode other players.")]
public static readonly string godmodeother = "tshock.godmode.other";

[Description("Player can chat")]
[Description("Player can chat.")]
public static readonly string canchat = "tshock.canchat";

[Description("Player can use banned projectiles.")]
49 changes: 28 additions & 21 deletions TShockAPI/TShock.cs
Original file line number Diff line number Diff line change
@@ -789,36 +789,43 @@ public static void HandleCommandLinePostConfigLoad(string[] parms)
private void OnPostInit(EventArgs args)
{
SetConsoleTitle(false);
if (!File.Exists(Path.Combine(SavePath, "auth.lck")) && !File.Exists(Path.Combine(SavePath, "authcode.txt")))

// Disable the auth system if "auth.lck" is present or a superadmin exists
if (File.Exists(Path.Combine(SavePath, "auth.lck")) || Users.GetUsers().Exists(u => u.Group == new SuperAdminGroup().Name))
{
var r = new Random((int)DateTime.Now.ToBinary());
AuthToken = r.Next(100000, 10000000);
Console.ForegroundColor = ConsoleColor.Yellow;
Console.WriteLine("TShock Notice: To become SuperAdmin, join the game and type {0}auth {1}", Commands.Specifier, AuthToken);
Console.WriteLine("This token will display until disabled by verification. ({0}auth-verify)", Commands.Specifier);
Console.ForegroundColor = ConsoleColor.Gray;
FileTools.CreateFile(Path.Combine(SavePath, "authcode.txt"));
using (var tw = new StreamWriter(Path.Combine(SavePath, "authcode.txt")))
AuthToken = 0;

if (File.Exists(Path.Combine(SavePath, "authcode.txt")))
{
tw.WriteLine(AuthToken);
Log.ConsoleInfo("A superadmin account has been detected in the user database, but authcode.txt is still present.");
Log.ConsoleInfo("TShock will now disable the auth system and remove authcode.txt as it is no longer needed.");
File.Delete(Path.Combine(SavePath, "authcode.txt"));
}
}
else if (File.Exists(Path.Combine(SavePath, "authcode.txt")))
{
using (var tr = new StreamReader(Path.Combine(SavePath, "authcode.txt")))

if (!File.Exists(Path.Combine(SavePath, "auth.lck")))
{
AuthToken = Convert.ToInt32(tr.ReadLine());
// This avoids unnecessary database work, which can get ridiculously high on old servers as all users need to be fetched
File.Create(Path.Combine(SavePath, "auth.lck"));
}
}
else if (!File.Exists(Path.Combine(SavePath, "authcode.txt")))
{
var r = new Random((int)DateTime.Now.ToBinary());
AuthToken = r.Next(100000, 10000000);
Console.ForegroundColor = ConsoleColor.Yellow;
Console.WriteLine(
"TShock Notice: authcode.txt is still present, and the AuthToken located in that file will be used.");
Console.WriteLine("To become superadmin, join the game and type {0}auth {1}", Commands.Specifier, AuthToken);
Console.WriteLine("This token will display until disabled by verification. ({0}auth-verify)", Commands.Specifier);
Console.ForegroundColor = ConsoleColor.Gray;
Console.WriteLine("TShock Notice: To become SuperAdmin, join the game and type {0}auth {1}", Commands.Specifier, AuthToken);
Console.WriteLine("This token will display until disabled by verification. ({0}auth)", Commands.Specifier);
Console.ResetColor();
File.WriteAllText(Path.Combine(SavePath, "authcode.txt"), AuthToken.ToString());
}
else
{
AuthToken = 0;
AuthToken = Convert.ToInt32(File.ReadAllText(Path.Combine(SavePath, "authcode.txt")));
Console.ForegroundColor = ConsoleColor.Yellow;
Console.WriteLine("TShock Notice: authcode.txt is still present, and the AuthToken located in that file will be used.");
Console.WriteLine("To become superadmin, join the game and type {0}auth {1}", Commands.Specifier, AuthToken);
Console.WriteLine("This token will display until disabled by verification. ({0}auth)", Commands.Specifier);
Console.ResetColor();
}

Regions.Reload();

0 comments on commit 4fcabd5

Please sign in to comment.