Stuck password with 2.0.19993

trulpen

@RoiEX said in Stuck password with 2.0.19993:

If you want to go the manual route (assuming you're using windows), pleaso download this zip and unzip it: Reset-Password.zip
It contains a file you should be able to double click, and confirm a dialog that pops up.
This should remove any stored A&A Forum password altogether.

If you think the "remember password" feature doesn't work all for you you can consider submitting a bug report: https://forums.triplea-game.org/topic/1708/how-to-submit-a-bug-report
Maybe there's a real bug involved somewhere, but I find this unlikely since we haven't touched this mechanism in a while now and nobody had any notable issues with it. (At least none were reported)

Thanks! I'll try it.

trulpen

I did this. The old password didn't pop up. Looked promising. Closed down the client and started it again. And there it is. Same as with Jim. Didn't work, sorry.

RoiEX

@Jim-Parker Can you test this scenario for me?

1. Clear out the password manually again.
2. Start the Game and Set the password
3. Copy the saved encrypted password somewhere
4. Restart the Game
5. Check if the encrypted password stored changed.

My suspicion is that we might have an error in the decryption algorithm on Linux systems

trulpen

@RoiEX said in Stuck password with 2.0.19993:

My suspicion is that we might have an error in the decryption algorithm on Linux systems

I use Windows.

Jim Parker

@RoiEX
Ok, I tried the test you provided and got weird results...

My AAA forum password was magically repopulated the first time as described before. But when I cleared it again and restarted the game, my username repopulated the field, but the password was blank. That's strange, but more interesting was the password hashes in the prefs.xml

the first time through I had a A&A and TripleA forum username and password. The second time
The A&A username and password were different from first time. The TripleA username was identical, but no password entry existed, which seems to indicate the dialog is pulling data from TripleA to fill A&A forum info.

Actual hashes below:

First time hashes

<entry key="A&amp;A_FORUM_PASSWORD" value="[redacted]Eg==.Ky/owSzgty5nCkT03Y0TgA=="/>
<entry key="A&amp;A_FORUM_USERNAME" value="[redacted]Rg==.Q0aH/UCxk8PmFr4YVwoCiA=="/>
<entry key="TRIPLEA_FORUM_PASSWORD" value="[redacted]kw==.rZYIYfRTCuz50R8RB0uYhw=="/>
<entry key="TRIPLEA_FORUM_USERNAME" value="[redacted]lA==.vggx546emjUyX3EzfVJrVA=="/>

Second time hash:

<entry key="A&amp;A_FORUM_PASSWORD" value="[redacted]Uw==.xFgiuzMUo13j3CE9Z3m1PQ=="/>
<entry key="A&amp;A_FORUM_USERNAME" value="[redacted]ZA==.LduQLFVWk9UyngFBJIl7nQ=="/>

<entry key="TRIPLEA_FORUM_USERNAME" value="[redacted]lA==.vggx546emjUyX3EzfVJrVA=="/>

trulpen

I've installed 2.0.20036. No change.

Panther

Has this been resolved? I am getting notifications about similar errors on A&A .org.

https://www.axisandallies.org/forums/topic/35443/password-error-with-2-0

RoiEX

I haven't looked into it so far, but it sure looks like this is a common issue, so definitely worth creating a github issue

Panther

@RoiEX https://github.com/triplea-game/triplea/issues/6806

panther2 created this issue in triplea-game/triplea

closed "Remember Password" feature for PBF is broken #6806

RoiEX

So I did some digging and I have identified a potential error source.

@Jim-Parker Could you check .userPrefs/games/strategy/security/prefs.xml for me and check if that changes as well?
If it does this would already explain a lot, but not everything. If it doesn't I'll have to check elsewhere.
Do NOT post the contents of this file here, it contains the password used to encrypt the passwords. Also I redacted them in your previous post, just to feel a little bit safer.

Jim Parker

@RoiEX Nope. ./security/prefs.xml did not change.

Jim Parker

@RoiEX Thanks for fixing my naive post of passwords.

RoiEX

Ok, next set of questions:

.userPrefs/games/strategy/security/prefs.xml has a fixed property called DEFAULT_CREDENTIAL_MANAGER_MASTER_PASSWORD right? I just want to make sure it actually saves the key it encrypts the passwords with.

When you're just looking at your engine preferences: The username you configured along with the password. Does it change as well? Or is it the same username you entered in the first place?

If it does indeed change: When does it change? After closing and reopening the game/window/tab, something else?

RoiEX

@Jim-Parker

Thanks for fixing my naive post of passwords.

If that helps: I'm "currently working" (read as "I should finish this little project soon but haven't proceeded so far") on a small change to the system so we no longer store real passwords, just encrypted Login Tokens that can be revoked and re-created at any time.

I doubt that this planned change will fix the issue you're currently experiencing, but if all attempts to nail the problem down fail that would be an option as well.

Jim Parker

Yes. security/prefs.xml does have a property DEFAULT_CREDENTIAL_MANAGER_MASTER_PASSWORD.

If I open engine preferences, I see my username and -- a 10-character password!! However, whenever I open a game it loads my username and an 8-character password...
If I load a game, and then post and quit. I still see my username in the Engine preferences, and a 10-character password. HTH.

LaFayette

The 8 character password on the UI is a dummy value, the back-end still has your original password. The problem is that there is a case where the front-end sends the dummy password to the back-end which is only supposed to happen when you are actually typing a legitimate password. The backend then dutifully stores the dummy password value.

This update fixes the problem: https://github.com/triplea-game/triplea/pull/6864

DanVanAtta created this issue in triplea-game/triplea

closed Fix PBF remember password #6864

Jim Parker

@LaFayette Yea!!! That works! Thank you.