lan/HMCL
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

check validity of YggdrasilSession response

Browse Source
This commit is contained in:
yushijinhun
2019-02-05 01:46:48 +08:00
parent 7cee25aab2
commit 5ea63273be
2 changed files with 11 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
HMCLCore/src/main/java/org/jackhuang/hmcl/auth/yggdrasil/YggdrasilAccount.java
View File

@@ -31,6 +31,7 @@ import org.jackhuang.hmcl.auth.CharacterDeletedException;
import org.jackhuang.hmcl.auth.CharacterSelector; import org.jackhuang.hmcl.auth.CharacterSelector;
import org.jackhuang.hmcl.auth.CredentialExpiredException; import org.jackhuang.hmcl.auth.CredentialExpiredException;
import org.jackhuang.hmcl.auth.NoCharacterException; import org.jackhuang.hmcl.auth.NoCharacterException;
import org.jackhuang.hmcl.auth.ServerResponseMalformedException;
import org.jackhuang.hmcl.util.gson.UUIDTypeAdapter; import org.jackhuang.hmcl.util.gson.UUIDTypeAdapter;
public class YggdrasilAccount extends Account { public class YggdrasilAccount extends Account {
@@ -65,6 +66,7 @@ public class YggdrasilAccount extends Account {
acquiredSession.getAccessToken(), acquiredSession.getAccessToken(),
acquiredSession.getClientToken(), acquiredSession.getClientToken(),
characterToSelect); characterToSelect);
// response validity has been checked in refresh()
} else { } else {
session = acquiredSession; session = acquiredSession;
} }
@@ -94,8 +96,9 @@ public class YggdrasilAccount extends Account {
if (service.validate(session.getAccessToken(), session.getClientToken())) { if (service.validate(session.getAccessToken(), session.getClientToken())) {
authenticated = true; authenticated = true;
} else { } else {
YggdrasilSession acquiredSession;
try { try {
session = service.refresh(session.getAccessToken(), session.getClientToken(), null); acquiredSession = service.refresh(session.getAccessToken(), session.getClientToken(), null);
} catch (RemoteAuthenticationException e) { } catch (RemoteAuthenticationException e) {
if ("ForbiddenOperationException".equals(e.getRemoteName())) { if ("ForbiddenOperationException".equals(e.getRemoteName())) {
throw new CredentialExpiredException(e); throw new CredentialExpiredException(e);
@@ -103,6 +106,12 @@ public class YggdrasilAccount extends Account {
throw e; throw e;
} }
} }
if (acquiredSession.getSelectedProfile() == null ||
!acquiredSession.getSelectedProfile().getId().equals(characterUUID)) {
throw new ServerResponseMalformedException("Selected profile changed");
}
session = acquiredSession;
authenticated = true; authenticated = true;
invalidate(); invalidate();

2
HMCLCore/src/main/java/org/jackhuang/hmcl/auth/yggdrasil/YggdrasilService.java
View File

@@ -110,7 +110,7 @@ public class YggdrasilService {
if (characterToSelect != null) { if (characterToSelect != null) {
if (response.getSelectedProfile() == null || if (response.getSelectedProfile() == null ||
!response.getSelectedProfile().getId().equals(characterToSelect.getId())) { !response.getSelectedProfile().getId().equals(characterToSelect.getId())) {
throw new AuthenticationException("Failed to select character"); throw new ServerResponseMalformedException("Failed to select character");
} }
} }