5 files changed, 33 insertions, 89 deletions

diff --git a/src/account-server/account.h b/src/account-server/account.h
index 4f4b807e..8a63e9f2 100644
--- a/src/account-server/account.h
+++ b/src/account-server/account.h
@@ -81,24 +81,6 @@ class Account
         const std::string &getPassword() const
         { return mPassword; }
 
-        /**
-         * Set the random salt. This salt is sent to the client, so the client
-         * can hash its password with this random salt.
-         * This will help to protect against replay attacks.
-         *
-         * @param the new random salt to be sent out next login
-         */
-        void setRandomSalt(const std::string &salt)
-        { mRandomSalt = salt; }
-
-
-        /**
-         * Get the user random salt.
-         *
-         * @return the random salt used for next login.
-         */
-        const std::string &getRandomSalt() const
-        { return mRandomSalt; }
 
         /**
          * Set the user email address. The email address is expected to be
@@ -230,8 +212,6 @@ class Account
 
         std::string mName;        /**< User name */
         std::string mPassword;    /**< User password (hashed with salt) */
-        std::string mRandomSalt;  /**< A random sequence sent to client to
-                                       protect against replay attacks.*/
         std::string mEmail;       /**< User email address (hashed) */
         Characters mCharacters;   /**< Character data */
         int mID;                  /**< Unique id */
diff --git a/src/account-server/accountclient.cpp b/src/account-server/accountclient.cpp
index df1b034c..822cbed5 100644
--- a/src/account-server/accountclient.cpp
+++ b/src/account-server/accountclient.cpp
@@ -20,9 +20,32 @@
 
 #include "account-server/accountclient.h"
 
+/**
+ * Generates a random string containing lowercase and uppercase characters as
+ * well as numbers.
+ */
+static std::string getRandomString(int length)
+{
+    std::string s;
+    s.resize(length);
+    for (int i = 0; i < length; ++i)
+    {
+        int r = rand() % 62;
+        if (r < 10)
+            s[i] = '0' + r;
+        else if (r < 36)
+            s[i] = 'a' + r - 10;
+        else
+            s[i] = 'A' + r - 36;
+    }
+
+    return s;
+}
+
 AccountClient::AccountClient(ENetPeer *peer):
     NetComputer(peer),
     status(CLIENT_LOGIN),
-    version(0)
+    version(0),
+    token(getRandomString(8))
 {
 }
diff --git a/src/account-server/accountclient.h b/src/account-server/accountclient.h
index 5ccb0f1d..6c64e2f6 100644
--- a/src/account-server/accountclient.h
+++ b/src/account-server/accountclient.h
@@ -51,7 +51,7 @@ class AccountClient : public NetComputer
 
         AccountClientStatus status;
         int version;
-        std::string stellarToken;
+        std::string token;
 
     private:
         std::unique_ptr<Account> mAccount;
diff --git a/src/account-server/accounthandler.cpp b/src/account-server/accounthandler.cpp
index e8161fcd..54fa2dbd 100644
--- a/src/account-server/accounthandler.cpp
+++ b/src/account-server/accounthandler.cpp
@@ -107,11 +107,6 @@ private:
                                            const std::string &email);
     void addServerInfo(MessageOut &msg);
 
-    /** List of all accounts which requested a random seed, but are not logged
-     *  yet. This list will be regularly remove (after timeout) old accounts
-     */
-    std::list<std::unique_ptr<Account>> mPendingAccounts;
-
     /** List of attributes that the client can send at account creation. */
     std::vector<int> mModifiableAttributes;
 
@@ -322,52 +317,10 @@ static void sendFullCharacterData(AccountClient *client,
     client->send(msg);
 }
 
-static std::string getRandomData(int length)
+void AccountHandler::handleLoginRandTriggerMessage(AccountClient &client, MessageIn &)
 {
-    std::string s;
-    s.resize(length);
-    // No need to care about zeros. They can be handled.
-    // But care for endianness
-    for (int i = 0; i < length; ++i)
-        s[i] = (char)rand();
-
-    return s;
-}
-
-/**
- * Generates a random string containing lowercase and uppercase characters as
- * well as numbers.
- */
-static std::string getRandomString(int length)
-{
-    std::string s;
-    s.resize(length);
-    for (int i = 0; i < length; ++i)
-    {
-        int r = rand() % 62;
-        if (r < 10)
-            s[i] = '0' + r;
-        else if (r < 36)
-            s[i] = 'a' + r - 10;
-        else
-            s[i] = 'A' + r - 36;
-    }
-
-    return s;
-}
-
-void AccountHandler::handleLoginRandTriggerMessage(AccountClient &client, MessageIn &msg)
-{
-    std::string salt = getRandomData(4);
-    std::string username = msg.readString();
-
-    if (auto acc = storage->getAccount(username))
-    {
-        acc->setRandomSalt(salt);
-        mPendingAccounts.push_back(std::move(acc));
-    }
     MessageOut reply(APMSG_LOGIN_RNDTRGR_RESPONSE);
-    reply.writeString(salt);
+    reply.writeString(client.token);
     client.send(reply);
 }
 
@@ -391,11 +344,9 @@ void AccountHandler::handleStellarLoginMessage(AccountClient &client, MessageIn
         return;
     }
 
-    client.stellarToken = getRandomString(8);
-
     reply.writeInt8(ERRMSG_OK);
-    reply.writeString(client.stellarToken);
-    reply.writeString(mStellarLoginUrl + "?token=" + client.stellarToken);
+    reply.writeString(client.token);
+    reply.writeString(mStellarLoginUrl + "?token=" + client.token);
 
     client.send(reply);
 }
@@ -457,19 +408,9 @@ void AccountHandler::handleLoginMessage(AccountClient &client, MessageIn &msg)
     }
 
     // Check if the account exists
-    auto accIt = std::find_if(mPendingAccounts.begin(),
-                              mPendingAccounts.end(),
-                              [&] (const std::unique_ptr<Account> &acc) {
-        return acc->getName() == username;
-    });
-
-    std::unique_ptr<Account> acc;
-    if (accIt != mPendingAccounts.end()) {
-        acc = std::move(*accIt);
-        mPendingAccounts.erase(accIt);
-    }
+    auto acc = storage->getAccount(username);
 
-    if (!acc || sha256(acc->getPassword() + acc->getRandomSalt()) != password)
+    if (!acc || sha256(acc->getPassword() + client.token) != password)
     {
         reply.writeInt8(ERRMSG_INVALID_ARGUMENT);
         client.send(reply);
@@ -1087,7 +1028,7 @@ void AccountHandler::handleStellarLogin(const std::string &token, const std::str
                            [token](NetComputer *client) -> bool
                            {
                                auto c = static_cast<AccountClient *>(client);
-                               return c->stellarToken == token;
+                               return c->token == token;
                            });
 
     if (it == clients.end())
diff --git a/src/common/manaserv_protocol.h b/src/common/manaserv_protocol.h
index 9bb50337..67e812ac 100644
--- a/src/common/manaserv_protocol.h
+++ b/src/common/manaserv_protocol.h
@@ -77,7 +77,7 @@ enum {
     APMSG_LOGIN_RESPONSE           = 0x0012, // B error, S updatehost, S Client data URL, B Character slots, {content of APMSG_CHAR_CREATE_RESPONSE (without error code)}*
     PAMSG_LOGOUT                   = 0x0013, // -
     APMSG_LOGOUT_RESPONSE          = 0x0014, // B error
-    PAMSG_LOGIN_RNDTRGR            = 0x0015, // S username
+    PAMSG_LOGIN_RNDTRGR            = 0x0015, // -
     APMSG_LOGIN_RNDTRGR_RESPONSE   = 0x0016, // S random seed
     PAMSG_STELLAR_LOGIN            = 0x0017, // D version
     APMSG_STELLAR_LOGIN_RESPONSE   = 0x0018, // B error, S token, S url