Send "disconnected" cmd if user failed cred check.

This (currently) does not apply to the actual login page, but just to
any other action that requires being logged in.

1 files changed, 14 insertions, 9 deletions

diff --git a/src/character/query/chr_load.erl b/src/character/query/chr_load.erl
index 290ea37..3c269d6 100644
--- a/src/character/query/chr_load.erl
+++ b/src/character/query/chr_load.erl
@@ -47,16 +47,17 @@ parse_input (Req) ->
       session_token = SessionToken
    }.
 
--spec authenticate_user (input()) -> {'ok', shr_player:type()}.
+-spec authenticate_user (input()) -> ({'ok', shr_player:type()} | 'error').
 authenticate_user (Input) ->
    PlayerID = Input#input.player_id,
    SessionToken = Input#input.session_token,
 
    Player = shr_timed_cache:fetch(player_db, any, PlayerID),
 
-   shr_security:assert_identity(SessionToken, Player),
-
-   {ok, Player}.
+   case shr_security:credentials_match(SessionToken, Player) of
+      true -> {ok, Player};
+      _ -> error
+   end.
 
 -spec fetch_data (shr_player:type(), input()) -> query_state().
 fetch_data (Player, Input) ->
@@ -94,11 +95,15 @@ generate_reply (QueryState) ->
 -spec handle (binary()) -> binary().
 handle (Req) ->
    Input = parse_input(Req),
-   {ok, Player} = authenticate_user(Input),
-   shr_security:lock_queries(Input#input.player_id),
-   QueryState = fetch_data(Player, Input),
-   shr_security:unlock_queries(Input#input.player_id),
-   generate_reply(QueryState).
+   case authenticate_user(Input) of
+      {ok, Player} ->
+         shr_security:lock_queries(Input#input.player_id),
+         QueryState = fetch_data(Player, Input),
+         shr_security:unlock_queries(Input#input.player_id),
+         generate_reply(QueryState);
+
+      error -> jiffy:encode([shr_disconnected:generate()])
+   end.
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %% EXPORTED FUNCTIONS %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%