don't write achievement credentials to overrides

2025-03-29 22:20:21 +00:00 · 2021-09-08 11:34:19 -06:00 · 2021-09-08 11:34:19 -06:00 · f0a3ee6003
commit f0a3ee6003
parent 4fae4ead73
1 changed files with 18 additions and 0 deletions
--- a/configuration.c
+++ b/configuration.c
@ -4513,8 +4513,26 @@ bool config_save_overrides(enum override_type type, void *data)
      for (i = 0; i < (unsigned)array_settings_size; i++)
      {
         if (!string_is_equal(array_settings[i].ptr, array_overrides[i].ptr))
+         {
+#ifdef HAVE_CHEEVOS
+            /* As authentication doesn't occur until after content is loaded,
+             * the achievement authentication token might only exist in the
+             * override set, and therefore differ from the master config set.
+             * Storing the achievement authentication token in an override
+             * is a recipe for disaster. If it expires and the user generates
+             * a new token, then the override will be out of date and the
+             * user will have to reauthenticate for each override (and also
+             * remember to update each override). Also exclude the username
+             * as it's directly tied to the token and password.
+             */
+            if (string_is_equal(array_settings[i].ident, "cheevos_token") ||
+                string_is_equal(array_settings[i].ident, "cheevos_password") ||
+                string_is_equal(array_settings[i].ident, "cheevos_username"))
+               continue;
+#endif
            config_set_string(conf, array_overrides[i].ident,
                  array_overrides[i].ptr);
+         }
      }

      for (i = 0; i < (unsigned)path_settings_size; i++)