mirror of
https://github.com/openfrontio/OpenFrontIO.git
synced 2026-06-30 22:23:29 +00:00
FloPinguin
71d70dfb0e
## Description: When random spawn mode is active, players are supposed to receive randomly chosen spawns rather than choosing their own. However, `SpawnExecution.getSpawn()` checks `center !== undefined` first, which means if a player manually injects coordinates into the spawn intent (bypassing the client-side UI guard), the random selection logic is completely bypassed and the player gets their chosen coordinates. This was fully exploitable in singleplayer (where no pre-created `SpawnExecution` objects exist) and was a defense-in-depth gap in multiplayer (relying on execution order of pre-created spawns to block it via the `hasSpawned()` guard). The fix forces `center` to `undefined` in `getSpawn()` when random spawns are enabled, ensuring the random selection code path is always taken regardless of what the client sends. ## Changes: - `src/core/execution/SpawnExecution.ts`: Pass `undefined` to `getSpawn()` when `isRandomSpawn()` is true, ignoring any client-specified tile - `tests/core/execution/SpawnExecution.test.ts`: Added test verifying that a client-specified tile is ignored when random spawn is enabled ## Please complete the following: - [X] I have added screenshots for all UI updates - [X] I process any text displayed to the user through translateText() and I've added it to the en.json file - [X] I have added relevant tests to the test directory ## Please put your Discord username so you can be contacted if a bug or regression is found: FloPinguin
134 lines
4.2 KiB
TypeScript
134 lines
4.2 KiB
TypeScript
import { SpawnExecution } from "../../../src/core/execution/SpawnExecution";
|
|
import { PlayerInfo, PlayerType } from "../../../src/core/game/Game";
|
|
import { setup } from "../../util/Setup";
|
|
|
|
describe("Spawn execution", () => {
|
|
// Manually calculated based on number of tiles in manifest of each map
|
|
// and minimum distance between players in PlayerSpawner
|
|
test.each([
|
|
["big_plains", 49],
|
|
["half_land_half_ocean", 1],
|
|
["ocean_and_land", 1],
|
|
["plains", 9],
|
|
])(
|
|
"Spawn location is found for all players in %s map with %i players",
|
|
async (mapName, maxPlayers) => {
|
|
const players: PlayerInfo[] = [];
|
|
const spawnExecutions: SpawnExecution[] = [];
|
|
for (let i = 0; i < maxPlayers; i++) {
|
|
const playerInfo = new PlayerInfo(
|
|
`player${i}`,
|
|
PlayerType.Human,
|
|
`client_id${i}`,
|
|
`player_id${i}`,
|
|
);
|
|
players.push(playerInfo);
|
|
|
|
spawnExecutions.push(new SpawnExecution("game_id", playerInfo));
|
|
}
|
|
|
|
const game = await setup(mapName, {}, players);
|
|
|
|
game.addExecution(...spawnExecutions);
|
|
game.executeNextTick();
|
|
game.executeNextTick();
|
|
|
|
game.allPlayers().forEach((player) => {
|
|
const spawnTile = player.spawnTile()!;
|
|
expect(spawnTile).toEqual(expect.any(Number));
|
|
expect(game.isLand(spawnTile)).toBe(true);
|
|
expect(game.isBorder(spawnTile)).toBe(false);
|
|
});
|
|
|
|
for (let i = 0; i < game.allPlayers().length; i++) {
|
|
for (let j = i + 1; j < game.allPlayers().length; j++) {
|
|
const distance = game.manhattanDist(
|
|
game.allPlayers()[i].spawnTile()!,
|
|
game.allPlayers()[j].spawnTile()!,
|
|
);
|
|
expect(distance).toBeGreaterThanOrEqual(
|
|
game.config().minDistanceBetweenPlayers(),
|
|
);
|
|
}
|
|
}
|
|
},
|
|
);
|
|
|
|
test("Handles spawn failure when map is too crowded", async () => {
|
|
const players: PlayerInfo[] = [];
|
|
const spawnExecutions: SpawnExecution[] = [];
|
|
|
|
// Try to spawn more players than possible on a small map
|
|
for (let i = 0; i < 5; i++) {
|
|
const playerInfo = new PlayerInfo(
|
|
`player${i}`,
|
|
PlayerType.Human,
|
|
`client_id${i}`,
|
|
`player_id${i}`,
|
|
);
|
|
players.push(playerInfo);
|
|
|
|
spawnExecutions.push(new SpawnExecution("game_id", playerInfo));
|
|
}
|
|
|
|
const game = await setup("half_land_half_ocean", {}, players);
|
|
|
|
game.addExecution(...spawnExecutions);
|
|
game.executeNextTick();
|
|
game.executeNextTick();
|
|
|
|
// Should spawn fewer than requested when map is too small
|
|
expect(
|
|
game.allPlayers().filter((player) => player.spawnTile() !== undefined)
|
|
.length,
|
|
).toBe(1);
|
|
});
|
|
|
|
test("Spawn on specific tile", async () => {
|
|
const playerInfo = new PlayerInfo(
|
|
`player`,
|
|
PlayerType.Human,
|
|
`client_id`,
|
|
`player_id`,
|
|
);
|
|
|
|
const game = await setup("half_land_half_ocean", {}, [playerInfo]);
|
|
|
|
game.addExecution(new SpawnExecution("game_id", playerInfo, 10));
|
|
game.addExecution(new SpawnExecution("game_id", playerInfo, 20));
|
|
game.executeNextTick();
|
|
game.executeNextTick();
|
|
|
|
expect(game.playerByClientID("client_id")?.spawnTile()).toBe(20);
|
|
// Previous territory from first spawn should be relinquished
|
|
expect(game.owner(10).isPlayer()).toBe(false);
|
|
});
|
|
|
|
test("Random spawn ignores client-specified tile", async () => {
|
|
const playerInfo = new PlayerInfo(
|
|
`player`,
|
|
PlayerType.Human,
|
|
`client_id`,
|
|
`player_id`,
|
|
);
|
|
|
|
const game = await setup("half_land_half_ocean", { randomSpawn: true }, [
|
|
playerInfo,
|
|
]);
|
|
|
|
// Simulate a malicious client sending a spawn intent with a specific tile
|
|
const maliciousTile = 10;
|
|
game.addExecution(new SpawnExecution("game_id", playerInfo, maliciousTile));
|
|
game.executeNextTick();
|
|
game.executeNextTick();
|
|
|
|
const player = game.playerByClientID("client_id")!;
|
|
expect(player.hasSpawned()).toBe(true);
|
|
// The spawn tile should NOT be the client-specified tile —
|
|
// random spawn must bypass the client's choice.
|
|
expect(player.spawnTile()).not.toBe(maliciousTile);
|
|
expect(player.spawnTile()).toEqual(expect.any(Number));
|
|
expect(game.isLand(player.spawnTile()!)).toBe(true);
|
|
});
|
|
});
|