Enhance: add functions for handling game character details#2252
Enhance: add functions for handling game character details#2252SlySven wants to merge 17 commits intoMudlet:developmentfrom
Conversation
`getPlayerName` takes no arguments and returns the "Character name" from the connection screen. There is no provision to change this stored setting. `sendPlayerName` takes no arguments and causes the "Character name" from the connection screen to be sent without echoing to the game server, it will return a nil plus an error message should the name not be set (is empty string). `sendPlayerPassword` takes no arguments and causes the "Password" from the connection screen to be sent without echoing to the game server, it will return a nil plus an error message should no password be set (is empty string). There is no provision to find out this stored setting. Signed-off-by: Stephen Lyons <slysven@virginmedia.com>
|
Hey there! Thanks for helping Mudlet improve. 🌟 You can find the test versions here:
No need to install anything - just unzip and run. |
|
Nice idea. Pondering the implications. Not sure how I like the lua scripting system (which may be third party) to request my Mudlet client to automatically send out my login credentials to whoever is just listening on game servers (which may be third party) without me as user confirming this at all. |
|
Can the function that called a built in lua function be identified from the C++ side? If that is possible perhaps we could have a three settings preference:
|
keneanung
left a comment
There was a problem hiding this comment.
The code looks good in general, though I, too, am still pondering whether this is an addition that's worth the trouble it might create.
Adding more knobs doesn't make it easier to use Mudlet. Retrieving the lua call stack is possible IIRC, but it's not simple and not a cureall. If I used the function, I wouldn't want to get an alert all the time, which renders the knob useless. I actually don't even want to change my settings when I write some code or install a package (maybe someone provides an auto-login script for my MUD...).
Additionally, since Mudlet automatically sends the content of those two boxes on connect, I might not even WANT to fill the boxes but instead, configure a script with user name and password, which then can send them at a time of choosing.
src/ctelnet.cpp
Outdated
| QString nothing = ""; | ||
| mpHost->mLuaInterpreter.call(func, nothing); | ||
| mConnectionTime.start(); | ||
| if ((mpHost->getLogin().size() > 0) && (mpHost->getPass().size() > 0)) { |
There was a problem hiding this comment.
A niggle about the execution: You are lumping two changes together again
There was a problem hiding this comment.
I saw it as an error in the same functional part of the code - it wouldn't allow the user to set just a character name and for that to be sent without a password being also provided. This change makes things adopt a position with a lower amount of surprise. E.g. you enter just a character name - just that gets sent; you enter both a character name and a password then both get sent; entering just a password is plainly weird and there is no change in how that works out... 😜
With the recent addition of the "don't paint my password up on the main console" bugfix (#2236) it could be an option to provide just the character name and to type in the password in the command line (or send it via a normal send(...) in an alias or something...)
If you feel that strongly I will put the changes in this file in a separate PR which will probably go first and then leave the other lua stuff to be discussed/rationalised/aborted in this PR.
There was a problem hiding this comment.
I don't feel that strongly about including it here I just wanted to give a reminder 😉.
But at the same time, I am not completely sure it's an error either and in a separate PR we could have this discussion a bit more streamlined than having it intertwined with another non-trivial discussion.
I want to add the option to disable the sending of those details on a timer - I expect to add a default-checked checkbox on the connection preferences in the same group box as those boxes - ":negative_squared_cross_mark: Send these automatically on connection" precisely for this. Overall, that with this PR would mean that the login details are stored and can be sent to the Server as the user wishes/scripts but we take a little care to not let local packages/modules/scripts ever know what the password is. |
Signed-off-by: Stephen Lyons <slysven@virginmedia.com>
|
How do you imagine this will work in practice? |
|
The default case - with such a checkbox completed would behave as currently - sending the character name if entered (and then the password if it was entered) both on timers started when the connection is made to the game server. With such a check box cleared then they are not sent on connection - instead the user or package/module creator has triggers/scripts that fire on the appropriate conditions (e.g. a trigger for receipt of "Enter your character name:" that then calls "sendPlayerName()" or an alias or script that navigates through a more complex menu if the MUD uses that.) Ironically enough, in the past there used to be applications that provided a way to use login scripts to automatic connection to all sorts of remote systems - yet Mudlet does not currently provide such a thing when it is eminently suited to respond to income text prompts! With regard to abusing the OTOH such messages will be visible to sysops and should some ne'rdowell concoct a system that abuses this function to cause the user to start writing a message, inserting their password, and then send it on to another person for them to abuse the login details is going to leave a visible trail in the Mud Game system logs. The same for messages written in game on pieces of paper... |
|
@JorMox what's your take on this? |
|
I think having some method to allow for login scripting would be great, since you have those spots for name and password but they are useless for any game that requires some other input prior to logging in (like the fairly common "Do you want color? (Y/N)"). I would imagine that the risk involved with something like this is fairly minimal, though it is certainly possible that it could be abused. I would be comfortable with this implementation. In the past I have advocated for a mini-script window in the profile setup screen, to allow for a similar degree of flexibility in automated logging in, though that sort of implementation, while simpler from a security side, obviously has a number of additional complications that would need to be considered. |
…aracterDetails Conflicts resolved in: * src/TLuaInterpreter.cpp * src/TLuaInterpreter.h Signed-off-by: Stephen Lyons <slysven@virginmedia.com>
|
What if we have this miniscript window and allow these functions to only run in that window? That would solve the security concerns. |
|
Not sure that that really represents a good use of resources - the existing trigger engine is ideal for handling the sort of scripting that a login system would need, so adding a whole new system just to handle the output from the Game Server on connection (and possibly sending it some input as well) so as to spot the point when it is actually asking for the user's character name and password seems a bit daft. 🙄 Also, at what point will the system detect that it has logged in and thus needs to switch off and revert processing to the normal trigger handling... |
|
In terms of local password vulnerability I am now aware that there is a method that might be used already to script a system to sneak a peek at all the user profiles' passwords but as this is a public place I am not going to say anything more here... ☠️ |
|
Documentation for all three functions entered into the Wiki - noting an expected introduction in Mudlet 4.9. |
SlySven
left a comment
There was a problem hiding this comment.
GitHub seems to have gone slightly screwy with me and I have to leave a review comment like this...
The Lua commands are renamed to use 'Character' rather than 'Player'. Tool-tips in the connection dialogue for Character Name and Password revised - and the one for the password moved entirely to the `dlgConnectionProfiles.cpp` so that the variable message can be constructed in a more translator friendly way. Signed-off-by: Stephen Lyons <slysven@virginmedia.com>
|
📚 Wiki updated with new function names. |
Signed-off-by: Stephen Lyons <slysven@virginmedia.com>
src/dlgConnectionProfiles.cpp
Outdated
| character_password_entry->setToolTip(tr("<p>The secret text needed to log into the game in order to play this profile's " | ||
| "player; if given, it will be supplied on connection to enable automatic log-in " | ||
| "to the game.</p>" | ||
| "<p>For more advanced situations it can be sent via a function " | ||
| "<tt>sendCharacterPasssword()</tt> in a script. For security it is not possible for " | ||
| "the script or any installed package or module to find out what the password is. " | ||
| "Further details are available in the Wiki.</p>" | ||
| "<p>%1</p>", | ||
| // Intentional comment to separate arguments | ||
| "%1 is an additional paragraph that indicates whether the password is current stored " | ||
| "EITHER: securely but not portably in the system's 'credential' store OR: insecurely " | ||
| "but portably {can be moved to another system or OS}. Note that the 'tt' tags and " | ||
| "the Lua function called 'sendCharacterPassword()' are to be left untranslated.") | ||
| .arg(mudlet::self()->storingPasswordsSecurely() | ||
| ? tr("Characters password, stored securely in the computer's credential manager.", | ||
| // Intentional comment to separate arguments) | ||
| "Additional paragraph text inserted at end of password entry tooltip when secure storage is used.") | ||
| : tr("Note that the password is <b>not</b> currently encrypted in storage.", | ||
| // Intentional comment to separate arguments) | ||
| "Additional paragraph text inserted at end of password entry tooltip when portable storage is " | ||
| "used - bold emphasis has been applied to the Engineering English word that stresses that the " | ||
| "storage method is insecure!"))); |
There was a problem hiding this comment.
Boy howdy, you implemented the long password tooltip after all. Let me compare in detail what changed from the original text...
The original texts were merely on line:
Characters password, stored securely in the computer's credential manager
or
Characters password. Note that the password isn't encrypted in storage
This is what I found you added and/or changed:
Tooltip additions:
- What is a password
- Will be used for automatic login
- There is a function sendCharacterPassword()
- How to use that function securely
- Additional info available in wiki
--> Remove 1 (irrelevant), 4 (move to wiki), 5 (standard), keep mentioning the function name
Its comment for translators:
- %1 is an additional paragraph
- Possible contents of said paragraph
- Details about secure password storage option
- Please leave tt tag and lua function name untranslated
--> Remove 1 (standard), 2 (irrelevant), 3 (move to wiki), move 4 to first place, but don't mention html as this is standard procedure
Tooltip addendum A:
- original tooltip with original typo
--> Fix typo
Its comment for translators:
- Info on where this sentence is used
- Info on when this sentence is used
-> Remove all
Tooltip addendum B:
- original tooltip sans first sentence but with added emphasis
--> add first sentence, typo fixed, keep emphasis,
--> maybe add hint on how to enable secure storage?
Its comment for translators:
- Info on where this sentence is used
- Info on when this sentence is used
- Info on why emphasis has been added
-> Remove all
Also the ) character after the // Intentional comments seems superfluous at best, hindering brackets' count at worst.
Combining all this I arrive somewhere around 2-3 lines here:
The character's password needed to log into the game either automatically, or via a special function sendCharacterPasssword() in a script.
Your password is currently not stored securely in the computer's password manager! You can activate this option in Mudlet's preferences for this profile.
Or in code:
| character_password_entry->setToolTip(tr("<p>The secret text needed to log into the game in order to play this profile's " | |
| "player; if given, it will be supplied on connection to enable automatic log-in " | |
| "to the game.</p>" | |
| "<p>For more advanced situations it can be sent via a function " | |
| "<tt>sendCharacterPasssword()</tt> in a script. For security it is not possible for " | |
| "the script or any installed package or module to find out what the password is. " | |
| "Further details are available in the Wiki.</p>" | |
| "<p>%1</p>", | |
| // Intentional comment to separate arguments | |
| "%1 is an additional paragraph that indicates whether the password is current stored " | |
| "EITHER: securely but not portably in the system's 'credential' store OR: insecurely " | |
| "but portably {can be moved to another system or OS}. Note that the 'tt' tags and " | |
| "the Lua function called 'sendCharacterPassword()' are to be left untranslated.") | |
| .arg(mudlet::self()->storingPasswordsSecurely() | |
| ? tr("Characters password, stored securely in the computer's credential manager.", | |
| // Intentional comment to separate arguments) | |
| "Additional paragraph text inserted at end of password entry tooltip when secure storage is used.") | |
| : tr("Note that the password is <b>not</b> currently encrypted in storage.", | |
| // Intentional comment to separate arguments) | |
| "Additional paragraph text inserted at end of password entry tooltip when portable storage is " | |
| "used - bold emphasis has been applied to the Engineering English word that stresses that the " | |
| "storage method is insecure!"))); | |
| character_password_entry->setToolTip(tr("<p>The character's password needed to log into the game either automatically," | |
| "or via a special function <tt>sendCharacterPasssword()</tt> in a script.</p>" | |
| "<p>%1</p>", | |
| // Intentional comment to separate arguments | |
| "Please leave the Lua function name sendCharacterPassword() untranslated.") | |
| .arg(mudlet::self()->storingPasswordsSecurely() | |
| ? tr("Your password is currently stored securely in the computer's password manager.") | |
| : tr("Your password is currently <b>not</b> stored securely encrypted in the computer's password manager!" | |
| "You can activate this option in Mudlet's preferences for this profile."))); |
There was a problem hiding this comment.
It is difficult to pick out all the details in your analysis in order to respond concisely. I will review what has been said but particularly I would contend about the following:
- Tooltip addendum B:
...
Its comment for translators [suggestion for remove of all]:- Info on where this sentence is used
- Info on when this sentence is used
- Info on why emphasis has been added
I haven't checked recently but surely each translation is listed separately in CrowdIn? That being the case where one thing is inserted into another it can be important to know the context in which the translation is used - which is why I bothered with the first two and I was aware that we have been trying to reduce the HTML tag loading on the translators - by keeping them out of the strings they have to work with but that particular pair is needed to make the formatting of the Lua function distinct.
{Although, of course in relation to some HTML tags we should be keeping them in for bold and italics as those need to be removed as I understand it for Syllable-based logographic (I was going to say ideographic but apparently that isn't the correct word for either variant of Chinese) writing scripts}.
Signed-off-by: Stephen Lyons <slysven@virginmedia.com>
…aracterDetails Conflict resolved in: * src/dlgConnectionProfiles.cpp Signed-off-by: Stephen Lyons <slysven@virginmedia.com>
vadi2
left a comment
There was a problem hiding this comment.
This looks great to me, thanks a ton for working through this :)
Will leave for others to review.
…ssword I can see that there are some other comboBoxes on the preferences that it would be useful to have repopulated immediately that the language is changed alongside the new one I want to put in to support the user being able to choose a fixed string that has the password and probably the character name in: * convert single row/column QGridLayouts to corresponding Q(V|H)BoxLayouts in the profile preferences form - they automatically keep their elements in order compared to the GridLayout form which randomises them if any are edited. * add buddies to those controls with associated labels which are not, actually associated in that way. * rename `(QListWidgeti) dlgProfilePreferences::dictList` to `dlgProfilePreferences::listWidget_dictionaries` * rename `(QComboBox) dlgProfilePreferences::comboBox` to `dlgProfilePreferences::comboBox_mapBackups` * refactor code that populates `dlgProfilePreferences::listWidget_dictionaries` to a separate: `dlgProfilePrefences::generateDictionaryTexts()` * refactor code that populates `dlgProfilePreferences::comboBox_encoding` to a separate: `dlgProfilePreferences::generateEncodingTexts()` * add `generateDictionaryTexts()` and `generateEncodingTexts()` to to: `slot_guiLanguageChanged(...)` Signed-off-by: Stephen Lyons <slysven@virginmedia.com>
This currently only offers one text - of the form:
"connect {character name} {password}"
and can be selected from a new comboBox on the "Special options" tab of the
preferences. It is saved with the profile data.
It is also subject to the same timeout of the `sendCharacterPassword()`
function.
The `doLogin()` function in the external `LuaGlobal.lua` file has been
modified to check whether the option to use a custom login text has been
set and will send the chosen string two seconds after a successful
connection instead of the character name and password after two and three
seconds respectively.
Obviously if a more sophisticated system is required the user could script
it or a package/module supplied by the MUD could be provided. The custom
strings could also be appended to if a compelling case is made to the
Mudlet Makers though for backwards compatibility it would not be
recommended to remove a string previously added.
For user display purposes the string shown in the preferences is expected
to be translated for the tokens "{character name}" and "{password}" however
the system is designed to not have the actual string changed on a per
locale basis.
Also, whilst editing the profile preferences dialogue/form I found some
widgets were not include in or were totally out of tab-order sequence; so
I have revised that to be more natural. In doing so I also felt that the
"Special options" tab should be re-positioned to be the last tab - so it
and the "connection" one have swapped places (and the tab order adjusted
as appropriate.
Signed-off-by: Stephen Lyons <slysven@virginmedia.com>
This closes a security hole that has been around for a very long time...! Signed-off-by: Stephen Lyons <slysven@virginmedia.com>
…aracterDetails Doen to resolve conflicts in: * src/Host.cpp * src/Host.h * src/XMLexport.cpp Signed-off-by: Stephen Lyons <slysven@virginmedia.com>
|
Withdrawing my approval - the PR is a huge mess now and it got even messier with the scope creep by the way of custom login text. I don't want to review this 😕 . |
|
The custom login control is shown below: |
|
https://uxplanet.org/tooltips-in-ui-design-f63e117aa3d1
|
|
So - I will have to throw away this PR (reading up on |
|
That would be ideal! I was good with this PR when it focused on just these functions, even though it was pretty humongous. Splitting up the code to re-submit hopefully shouldn't be too much work and it'll be a lot easier on the reviewers. |
Brief overview of PR changes/additions
getPlayerName()takes no arguments and returns the "Character name" from the connection screen. There is no provision to change this stored setting.sendPlayerName()takes no arguments and causes the "Character name" from the connection screen to be sent without echoing to the game server, it will return a nil plus an error message should the name not be set (is empty string).sendPlayerPassword()takes no arguments and causes the "Password" from the connection screen to be sent without echoing to the game server, it will return a nil plus an error message should no password be set (is empty string). There is no provision to find out this stored setting.Edit (2020/06/22) Added 2 more functions:
sendCustomLoginText()takes no arguments and causes the selected text chosen from those available in a comboBox on the "Special options" tab of the "Profile preferences" dialogue to be sent without echoing to the game server, it will return a nil plus an error message under various situations. If that control is set away from the default (disabled) option it will cause the selected text with the password and, depending on the option the character name strings inserted in the appropriate place. At present the only text provided has an id number of 1 and is:"connect {character name} {password}".getCustomLoginTextId()takes no arguments but returns the id number of the selected custom login text. It is not really expected to be of much use to the end-user but it is needed by the newdoLogin()function defined inLuaGlobal.luato switch away from the default of sending the character name 2 seconds after a successful connection is made and the password after 3 to instead send the custom login text after 2 seconds instead.Motivation for adding to Mudlet
To allow the lua subsystem to access the player details entered on the Connection Preferences and to send them again if needed.
Other info (issues closed, discussion etc)
The ability to send the Character name and Password silently to the game server is not that helpful at the moment because they are sent automatically already on a timer. (Though this PR does fix things so that if a character name is set but a password isn't the character name is still sent - which didn't happen before!)
I believe we should have an option on the Connection Preferences (defaults to being checked) to control whether those details are sent automatically on that timer - that way it will be possible to store the settings and then have allow for a server specific connection script to jump through menus or other options to log in in a more customisable manner than just assuming a default Telnet login name / password process.
Closes #2961, closes #3562 .
Edit (2020/06/22): Now also close #3920 .
Signed-off-by: Stephen Lyons slysven@virginmedia.com