Beispiel #1
0
        public static bool PasswordMatches(this Account account, string password)
        {
            if (account.PasswordSalt == "use bcrypt") // Account password is using bcrypt
            {
                if (Common.ConfigManager.Config.Server.Accounts.ForceWorkFactorMigration &&
                    (BCryptProvider.GetPasswordWorkFactor(account.PasswordHash) != Common.ConfigManager.Config.Server.Accounts.PasswordHashWorkFactor))
                // Upgrade (or downgrade) Password workfactor if not the same as config specifies, ForceWorkFactorMigration is TRUE and Password Matches
                {
                    if (BCryptProvider.Verify(password, account.PasswordHash))
                    {
                        account.SetPassword(password);
                        account.SetSaltForBCrypt();

                        DatabaseManager.Authentication.UpdateAccount(account);

                        return(true);
                    }
                    else
                    {
                        return(false);
                    }
                }
                else
                {
                    return(BCryptProvider.Verify(password, account.PasswordHash));
                }
            }
            else // Account password is using SHA512 salt
            {
                log.Debug($"{account.AccountName} password verified using SHA512 hash/salt, migrating to bcrypt.");

                var input = GetPasswordHash(account, password);

                if (input == account.PasswordHash) // If password matches, migrate to bcrypt
                {
                    account.SetPassword(password);
                    account.SetSaltForBCrypt();

                    DatabaseManager.Authentication.UpdateAccount(account);

                    return(true);
                }
                else
                {
                    return(false);
                }
            }
        }
Beispiel #2
0
        public static void HandleClientLoginReq(Session session, ClientLoginReq loginReq)
        {
            void SendError(uint errorCode, string errorMessage = "")
            {
                session.SendMessage(new ServerLoginResult
                {
                    ErrorCode    = errorCode,
                    ErrorMessage = errorMessage
                });
            }

            AccountModel account = DatabaseManager.Instance.AuthDatabase.GetAccount(loginReq.Username);

            if (account == null || !BCryptProvider.Verify(loginReq.Password, account.Password))
            {
                SendError(1);
                return;
            }

            session.Authenticate(account);

            // TODO: check for bans

            ulong sessionKey = RandomProvider.GenerateSessionKey();

            DatabaseManager.Instance.AuthDatabase.UpdateSessionKey(account, sessionKey);

            session.SendMessage(new ServerLoginResult
            {
                AccountId  = account.Id,
                SessionKey = sessionKey
            });

            session.SendMessage(new ServerOptionLoad
            {
            });
        }
Beispiel #3
0
        public static void HandleAuthenticate(Session session, NetworkObject networkObject)
        {
            void SendAuthenticationError(byte code)
            {
                var errorCode = new NetworkObject();

                errorCode.AddField(0, NetworkObjectField.CreateIntField(code));

                var authenticationError = new NetworkObject();

                authenticationError.AddField(0, NetworkObjectField.CreateIntField((int)ObjectOpcode.AuthenticateError));
                authenticationError.AddField(1, NetworkObjectField.CreateObjectField(errorCode));
                session.EnqueuePacket(new ServerAuthenticationPacket(authenticationError));
            }

            string username    = NetworkObjectField.ReadStringField(networkObject.GetField(2));
            string password    = NetworkObjectField.ReadStringField(networkObject.GetField(3));
            string version     = NetworkObjectField.ReadStringField(networkObject.GetField(5));
            string accountName = NetworkObjectField.ReadStringField(networkObject.GetField(6));

            CharacterObject characterObject = new CharacterObject();

            characterObject.FromNetworkObject(networkObject.GetField(4).ReadObject());

            if (string.IsNullOrWhiteSpace(username) ||
                username.Length > 20 ||
                username == "Anonymous")
            {
                SendAuthenticationError(0);
                return;
            }

            // anonymous login ignored
            if (version != "1.0.1.14")
            {
                SendAuthenticationError(1);
                return;
            }

            AccountInfo accountInfo = DatabaseManager.Database.GetAccount(username);

            if (accountInfo == null)
            {
                accountInfo = DatabaseManager.Database.CreateAccount(username, password, session.Remote.Address.ToString(), Privilege.All);
            }
            else
            {
                // validate existing account
                if (!BCryptProvider.Verify(password, accountInfo.Password))
                {
                    SendAuthenticationError(0);
                    return;
                }
            }

            log.Info($"Account: {accountInfo.Username}, Character: {characterObject.Name} has signed in!");

            DatabaseManager.Database.UpdateAccount(accountInfo.Id, session.Remote.Address.ToString());

            var authentication = new NetworkObject();

            authentication.AddField(0, NetworkObjectField.CreateIntField((int)ObjectOpcode.Authenticate));
            authentication.AddField(1, NetworkObjectField.CreateIntField((int)accountInfo.Privileges));
            session.EnqueuePacket(new ServerAuthenticationPacket(authentication));

            characterObject.Sequence = NetworkManager.SessionSequence.Dequeue();
            session.SignIn(accountInfo, accountName, characterObject);
        }