Email verification - protocol info

Email verification - protocol info

Discuss development of lobby clients, server, autohosts and auto-download software.

Moderators: Moderators, Lobby Developers

Post Reply
User avatar
Silentwings
Moderator
Posts: 3535
Joined: 25 Oct 2008, 00:23

Email verification - protocol info

Post by Silentwings » 21 Sep 2018, 19:33

Uberserver now supports email verification, for registration and for changing email address.

This means some unavoidably breaking changes in the lobby protocol will happen, and lobby clients will need to be updated. It isn't live yet, there will be time to update - this post provides the info of what's coming.

To verify an email address: the server sends a four or eight digit verification code to an email address, and the client must send this code back to the server. Each verification code is valid for 48h, and allows max 3 attempts at verification.

Related breaking changes / new commands:
  • REGISTER needs a valid email address. When REGISTRATIONACCEPTED is sent to the client, a verification code will be sent to that email address. This code must be returned inCONFIRMAGREEMENT, or the server will reply with DENIED.
  • To change email adress, CHANGEEMAILREQUEST should be sent first. When CHANGEEMAILREQUESTACCEPTED is sent to the client, a verification code will be sent to the new email address. This code must be returned in CHANGEEMAIL, to change the registered address.
  • To reset a password, similarly, RESETPASSWORDREQUEST and RESETPASSWORD are used. In this case the user doesn't need to be logged in first. Once the code is returned the user is sent another email informing them of their new, randomly generated, password.
  • Verification codes can be resent, up to 3 times, using RESENDVERIFICATION.
See inside the links for complete details of new parts to the protocol, and for a general outline see inside the 'sub-systems' section of the lobby protocol intro.

After the changes go live, lobby clients that do not update will still be able to log users in (as before) but will become unable to create new user accounts or change email addresses. Instead, they will be sent an error message asking the user to update.

Each new account requires a unique email address. The long term plan is that email addresses will become part of linking lobby/forum/etc accounts. (More work is needed before that can happen, on linking the forum/lobby dbs, etc.)
8 x

hokomoko
Spring Developer
Posts: 552
Joined: 02 Jun 2014, 00:46

Re: Email verification - protocol info

Post by hokomoko » 21 Sep 2018, 22:05

Absolutely marvelous!
Many thanks!
2 x

User avatar
ThinkSome
Posts: 235
Joined: 14 Jun 2015, 13:36

Re: Email verification - protocol info

Post by ThinkSome » 22 Sep 2018, 11:58

Silentwings wrote:
21 Sep 2018, 19:33
Instead, they will be sent an error message asking the user to update.
Can this error message and the email that is sent also include a link to a website where people can read the agreement and complete registration? There is no need to burn off old lobbies like that.
1 x

User avatar
Silentwings
Moderator
Posts: 3535
Joined: 25 Oct 2008, 00:23

Re: Email verification - protocol info

Post by Silentwings » 22 Sep 2018, 12:16

See the last time you asked this question - https://github.com/spring/uberserver/is ... -417661625. If that is to be done, it would be best after the forum/lobby dbs are linked, which is not going to be quick (=likely years). I've no plans to do it.

Also, it wouldn't help unmaintained lobbies; they have no facility to send an email address with REGISTER.
1 x

User avatar
ThinkSome
Posts: 235
Joined: 14 Jun 2015, 13:36

Re: Email verification - protocol info

Post by ThinkSome » 25 Jan 2019, 23:57

Add a http listener to uberserver and forward a directory on springrts.com to it?
1 x

User avatar
PicassoCT
Journeywar Developer & Mapper
Posts: 10081
Joined: 24 Jan 2006, 21:12

Re: Email verification - protocol info

Post by PicassoCT » 26 Jan 2019, 09:27

I cant wait to get banned
1 x

User avatar
PicassoCT
Journeywar Developer & Mapper
Posts: 10081
Joined: 24 Jan 2006, 21:12

Re: Email verification - protocol info

Post by PicassoCT » 30 Jan 2019, 21:26

They might be GPL Compliant...
1 x

User avatar
PicassoCT
Journeywar Developer & Mapper
Posts: 10081
Joined: 24 Jan 2006, 21:12

Re: Email verification - protocol info

Post by PicassoCT » 31 Jan 2019, 08:32

We reject the German Democratic Postapocalyptic Republic
1 x

User avatar
Silentwings
Moderator
Posts: 3535
Joined: 25 Oct 2008, 00:23

Re: Email verification - protocol info

Post by Silentwings » 02 Feb 2019, 10:23

The short answer is the document exists, but wikifying it is only coming as part of the current rounds of lobbyserver updates. Although we have always had a brief non-technical description of the servers data handing availabe in the terms, and in theory the details are checkable because the software is open source, we would like to give a much better non-technical set of info - this was in the works for a while.

It does get balanced aginst the importance of other things, as well as the practical side of fitting a change to the info provided to users on registration / acceptance of terms into lobbyserver development. Only one minor change to actual code is planned, we'll probably opt for automated deletion of replays after X years (currently it happens manually after around 3-5 years).

I think you might have asked your question in a nicer way, for example "does the document exist?".
1 x

Post Reply

Return to “Lobby Clients & Server”