Hi cygni / maintainers of paintbot!
I am currently just going through the source code in order to automate some parts of my training model for my bot and I stumble upon how you have implemented authorization. Cool I first thought, I can use it to get the token to authorize some websocket calls. But then out of curiosity, I tried the usercredentials on the live website aswell, and yeah.. Bad news. I got authorized.
I hope this can be changed before the tournament starts, because this will break the fairness of the game, if someone outside of the organizers gets hold on an auth-token.
|
Map<String, String> users = new HashMap<String, String>() {{ |
|
put("emil", "lime"); |
|
put("chen", "nehc"); |
|
put("johannes", "sennahoj"); |
|
}}; |
Just change the usercredentials for the live server.
Thanks for hosting this, and I hope I will get a seat.
I am currently the 1st on the waiting list (Accordingly to Josefina, A.)
Hi cygni / maintainers of paintbot!
I am currently just going through the source code in order to automate some parts of my training model for my bot and I stumble upon how you have implemented authorization. Cool I first thought, I can use it to get the token to authorize some websocket calls. But then out of curiosity, I tried the usercredentials on the live website aswell, and yeah.. Bad news. I got authorized.
I hope this can be changed before the tournament starts, because this will break the fairness of the game, if someone outside of the organizers gets hold on an auth-token.
paintbot/app/src/main/java/se/cygni/paintbot/security/AuthenticationService.java
Lines 14 to 18 in 58c3546
Just change the usercredentials for the live server.
Thanks for hosting this, and I hope I will get a seat.
I am currently the 1st on the waiting list (Accordingly to Josefina, A.)