From f0a3ee6003a5107da2561cafcc107cab5070d556 Mon Sep 17 00:00:00 2001
From: Jamiras <jamirasmt@gmail.com>
Date: Wed, 8 Sep 2021 11:34:19 -0600
Subject: [PATCH] don't write achievement credentials to overrides

---
 configuration.c | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/configuration.c b/configuration.c
index a8424fb1aa..4e7069f241 100644
--- a/configuration.c
+++ b/configuration.c
@@ -4513,8 +4513,26 @@ bool config_save_overrides(enum override_type type, void *data)
       for (i = 0; i < (unsigned)array_settings_size; i++)
       {
          if (!string_is_equal(array_settings[i].ptr, array_overrides[i].ptr))
+         {
+#ifdef HAVE_CHEEVOS
+            /* As authentication doesn't occur until after content is loaded,
+             * the achievement authentication token might only exist in the
+             * override set, and therefore differ from the master config set.
+             * Storing the achievement authentication token in an override
+             * is a recipe for disaster. If it expires and the user generates
+             * a new token, then the override will be out of date and the
+             * user will have to reauthenticate for each override (and also
+             * remember to update each override). Also exclude the username
+             * as it's directly tied to the token and password.
+             */
+            if (string_is_equal(array_settings[i].ident, "cheevos_token") ||
+                string_is_equal(array_settings[i].ident, "cheevos_password") ||
+                string_is_equal(array_settings[i].ident, "cheevos_username"))
+               continue;
+#endif
             config_set_string(conf, array_overrides[i].ident,
                   array_overrides[i].ptr);
+         }
       }
 
       for (i = 0; i < (unsigned)path_settings_size; i++)