Store add-on passwords in the credentials file as well. #6543
Conversation
This allows storing add-on passwords for uploading in the same credentials file as is currently used by the client when connecting to a multiplayer server. For add-on authors that don't keep their passwords as plaintext in their _server.pbl, this removes the need for them to manually enter their password each time they upload an add-on.
github-actions
bot
added
Add-ons
|
I was reminded of #6290, which resolved issues for storing multiple accounts. But this PR doesn't appear to change any of the |
|
It can - the password is retrieved by server+username, and nobody would be able to connect to add-ons.wesnoth.org for online multiplayer or vice versa. |
|
Emails could be in scope too, so that _server.pbl could be published. |
|
Will add-on authors want to use the same passphrase for all of their add-ons? I was expecting one-per-add-on, so that ownership of individual add-ons could be passed around if another person becomes interested in maintaining them. |
|
We're inconsistent about whether to say "password" or "passphrase". At the moment it seems forum logins and private games use "password", but add-ons use "passphrase". Some of the "passphrase" strings are server-side and aren't translated, so aren't in the .pot files. |
There's nothing stopping it from being
campaignd has always called it "passphrase", and that's what it's in the _server.pbl. |
Whenever #5866 could be merged, that could be the case, since then the email would be retrieved from the forum database instead of needing to be in the _server.pbl. There isn't any way currently to store it in the credentials though. |
| id = "remember_password" | ||
| definition = "default" | ||
|
|
||
| label = _ "Save password locally (encrypted)" |
There was a problem hiding this comment.
campaignd has always called it "passphrase", and that's what it's in the _server.pbl.
But the new UI string says otherwise, unless it's this way to reuse a string from elsewhere.
There was a problem hiding this comment.
If the point of having the email is to have a method of contacting the author, maybe the forum account name should be in the _server.pbl instead of the email address. I don't think it even needs #5866, because there's no email validation, so if someone wanted to they could already put another user's email in this field. |
|
#5866 is specifically about using a user's forum account, so I don't really follow what you mean by using the forum account without that PR? |
|
IIUC, the only reason that campaignd currently needs an email address is so that an admin can contact the author, and the contents of _server.pbl's email field are only used if an admin manually looks at the data. Currently I think campaignd would accept My point is that #5866 adds authentication of the upload, however the ability to use a forum account as a contact address doesn't need that, and it doesn't need the forum server to provide email addresses to campaignd. |
|
What automated vs manual processes are you talking about? And how does any of it have anything to do with using the credentials file to store add-on passwords? Letting people put a forum account as a point of contact without validating that its actually their forum account also makes little sense, and suffers from the same issue that you yourself pointed out with the current email contact field. |
|
Some additional information perhaps:
|
My last 2 messages were replying to @ProditorMagnus 's suggestion that "Emails could be in scope too, so that _server.pbl could be published". If I've understood that right, it's a suggestion that the mechanism used in this PR for the passphrase could also be used for other fields that the author wants to keep out of a source-control system, even before #5866 is implemented. This entire thread might just be unnecessary feature-creep. |
|
Ah, my bad then. |
|
@stevecotton any issue if I merge this? |
My only question is whether it should have add-on specific passphrases. I'm okay either way, just asking to check it wasn't forgotten. |
|
My initial guess/assumption is that people generally use the same passphrase across multiple add-ons for the sake of convenience. At least from what I've seen, passing maintenance of an add-on to someone else usually either doesn't happen at all or happens with the release of a new stable series where there's a brand new add-ons server (and so knowing the password on the old add-ons server doesn't matter). |
This allows storing add-on passwords for uploading in the same credentials file as is currently used by the client when connecting to a multiplayer server. For add-on authors that don't keep their passwords as plaintext in their _server.pbl, this removes the need for them to manually enter their password each time they upload an add-on.