Ejemplos de código de DatabaseEssentials en C# (CSharp)

Ejemplo n.º 1

0

Mostrar archivo

        public override void Process(ApiServer server)
        {
            if (server.AssertServerSetup(this) || server.AssertAccountNotNull() || server.AssertUserOnline() || server.AssertEmailSet())
            {
                return;
            }
            if (!EmailEssentials.IsValid(server.Account.AccountInfo.Email))
            {
                ApiError.Throw(ApiErrorCode.InvalidEmailAddress, server, "Email address is invalid.");
                return;
            }
            server.Account.AuthenticationCode = SecurityManager.GenerateSecurityCode();
            server.Account.AuthenticationId   = ApiRequestId.ConfirmPasswordChange;
            server.Account.AuthenticationTime = DatabaseEssentials.GetTimeStamp();
            server.Account.Password           = SecurityManager.ScryptHash(Password);
            string       name         = string.IsNullOrEmpty(server.Account.AccountInfo.Name) ? "user" : server.Account.AccountInfo.Name;
            EmailManager emailManager = EmailManager.Create(Subject.ChangePassword, server.Account.AccountInfo.Email, name, server.Account.AuthenticationCode);
            bool         success      = emailManager.Send();

            if (!success)
            {
                ApiError.Throw(ApiErrorCode.InternalServerError, server, "Failed to send confirmation email.");
                return;
            }
            GenericSuccessResponse apiResponse           = new GenericSuccessResponse(ResponseId.PasswordChange, true);
            SerializedApiResponse  serializedApiResponse = SerializedApiResponse.Create(apiResponse);
            string json = serializedApiResponse.Serialize();

            server.Send(json);
            server.UnitTesting.MethodSuccess = true;
        }

Ejemplo n.º 2

0

Mostrar archivo

        public override void Process(ApiServer server)
        {
            if (server.AssertServerSetup(this) || server.AssertAuthenticationCodeInvalid(Code) || server.AssertUserOnline() || server.AssertPasswordSet() || server.AssertIdSet())
            {
                return;
            }
            using DatabaseManager databaseManager = new DatabaseManager(server);
            // Check if security token is valid.
            string        query      = DatabaseEssentials.Security.SanitizeQuery(new string[] { "SELECT u.id FROM Tbl_cookies as c, Tbl_user as u WHERE c.value = \'", SecurityToken, "\' AND u.id = c.userid;" });
            SqlApiRequest sqlRequest = SqlApiRequest.Create(SqlRequestId.GetSingleOrDefault, query, 2);
            SqlSingleOrDefaultResponse singleOrDefaultResponse = databaseManager.AwaitSingleOrDefaultResponse(sqlRequest, out bool success);

            if (!success)
            {
                return;
            }
            if (!singleOrDefaultResponse.Success || !singleOrDefaultResponse.Result.Equals(server.Account.Id))
            {
                ApiError.Throw(ApiErrorCode.InvalidToken, server, "Security token was invalid.");
                return;
            }
            // Reset security token expiration timer..
            int expirationDate = DatabaseEssentials.GetTimeStamp() + MainServer.Config.WamsrvSecurityConfig.SecurityTokenExpirationTime;

            query      = DatabaseEssentials.Security.SanitizeQuery(new string[] { "UPDATE Tbl_cookies SET expires = \'", expirationDate.ToString(), "\' WHERE value = \'", SecurityToken, "\';" });
            sqlRequest = SqlApiRequest.Create(SqlRequestId.ModifyData, query, -1);
            SqlModifyDataResponse modifyDataResponse = databaseManager.AwaitModifyDataResponse(sqlRequest, out success);

            if (!success)
            {
                return;
            }
            if (!modifyDataResponse.Success)
            {
                ApiError.Throw(ApiErrorCode.InternalServerError, server, "Unable to refresh security token.");
                return;
            }
            // Delete all other security tokens associated with the account.
            if (databaseManager.DeleteSecurityTokens(new string[] { SecurityToken }))
            {
                return;
            }
            // Update password.
            if (databaseManager.UpdatePassword())
            {
                return;
            }
            server.Account.AuthenticationCode = string.Empty;
            server.Account.AuthenticationId   = ApiRequestId.Invalid;
            server.Account.AuthenticationTime = -1;
            GenericSuccessResponse response = new GenericSuccessResponse(ResponseId.ConfirmAccount, true);
            SerializedApiResponse  serializedApiResponse = SerializedApiResponse.Create(response);
            string json = serializedApiResponse.Serialize();

            server.Send(json);
            server.UnitTesting.MethodSuccess = true;
        }

Ejemplo n.º 3

0

Mostrar archivo

Archivo: PasswordResetRequest.cs Proyecto: frederik-hoeft/wamsrv

        public override void Process(ApiServer server)
        {
            if (server.AssertServerSetup(this) || server.AssertAccountNull())
            {
                return;
            }
            using DatabaseManager databaseManager = new DatabaseManager(server);
            string               query             = "SELECT isOnline, name, hid, id FROM Tbl_user WHERE email = \'" + DatabaseEssentials.Security.Sanitize(Email) + "\';";
            SqlApiRequest        sqlRequest        = SqlApiRequest.Create(SqlRequestId.GetDataArray, query, 4);
            SqlDataArrayResponse dataArrayResponse = databaseManager.AwaitDataArrayResponse(sqlRequest, out bool success);

            if (!success)
            {
                return;
            }
            string[] data = dataArrayResponse.Result;
            if (!dataArrayResponse.Success || data.Length != sqlRequest.ExpectedColumns)
            {
                ApiError.Throw(ApiErrorCode.InvalidUser, server, "No account is associated with this email address.");
                return;
            }
            string isOnline      = data[0];
            string encryptedName = data[1];
            string userid        = data[2];

            server.Account = new Account(null, false, data[3]);
            if (!isOnline.Equals("0"))
            {
                ApiError.Throw(ApiErrorCode.AlreadyOnline, server, "Already logged in from another device.");
                return;
            }
            AesContext aesContext = new AesContext(userid);
            string     name       = aesContext.DecryptOrDefault(encryptedName);

            server.Account = new Account
            {
                AuthenticationCode = SecurityManager.GenerateSecurityCode(),
                AuthenticationId   = ApiRequestId.ConfirmPasswordReset,
                AuthenticationTime = DatabaseEssentials.GetTimeStamp()
            };
            EmailManager emailManager = EmailManager.Create(Subject.ResetPassword, Email, string.IsNullOrEmpty(name) ? "user" : name, server.Account.AuthenticationCode);

            emailManager.Send();
            GenericSuccessResponse response = new GenericSuccessResponse(ResponseId.PasswordReset, true);
            SerializedApiResponse  serializedApiResponse = SerializedApiResponse.Create(response);
            string json = serializedApiResponse.Serialize();

            server.Send(json);
            server.UnitTesting.MethodSuccess = true;
        }

Ejemplo n.º 4

0

Mostrar archivo

        public override void Process(ApiServer server)
        {
            if (server.AssertServerSetup(this) || server.AssertAccountNull())
            {
                return;
            }
            if (!EmailEssentials.IsValid(Email))
            {
                ApiError.Throw(ApiErrorCode.InvalidEmailAddress, server, "Email address is invalid.");
                return;
            }
            bool success;

            using (DatabaseManager databaseManager = new DatabaseManager(server))
            {
                if (!databaseManager.CheckEmailAvailable(Email, out success))
                {
                    if (!success)
                    {
                        return;
                    }
                    ApiError.Throw(ApiErrorCode.InvalidEmailAddress, server, "Email address already in use.");
                    return;
                }
            }
            string passwordHash = SecurityManager.ScryptHash(Password);

            server.Account = new Account(new AccountInfo(null, null, null, null, null, null, null, null, null, null, null, null, null, 50, null, Email, true, true), false, string.Empty)
            {
                Password           = passwordHash,
                AuthenticationCode = SecurityManager.GenerateSecurityCode(),
                AuthenticationId   = ApiRequestId.ConfirmAccount,
                AuthenticationTime = DatabaseEssentials.GetTimeStamp()
            };
            EmailManager emailManager = EmailManager.Create(Subject.CreateAccount, Email, "new user", server.Account.AuthenticationCode);

            success = emailManager.Send();
            if (!success)
            {
                ApiError.Throw(ApiErrorCode.InternalServerError, server, "Failed to send confirmation email.");
                return;
            }
            GenericSuccessResponse apiResponse           = new GenericSuccessResponse(ResponseId.CreateAccount, true);
            SerializedApiResponse  serializedApiResponse = SerializedApiResponse.Create(apiResponse);
            string json = serializedApiResponse.Serialize();

            server.Send(json);
            server.UnitTesting.MethodSuccess = true;
        }

Ejemplo n.º 5

0

Mostrar archivo

Archivo: GetAllEventsRequest.cs Proyecto: frederik-hoeft/wamsrv

        public override void Process(ApiServer server)
        {
            if (server.AssertServerSetup(this) || server.AssertUserOnline())
            {
                return;
            }
            using DatabaseManager databaseManager = new DatabaseManager(server);
            string             query              = "SELECT hid FROM Tbl_event" + (IncludeExpired ? string.Empty : " WHERE expires > " + DatabaseEssentials.GetTimeStamp().ToString()) + ";";
            SqlApiRequest      sqlRequest         = SqlApiRequest.Create(SqlRequestId.Get2DArray, query, 1);
            Sql2DArrayResponse sql2DArrayResponse = databaseManager.Await2DArrayResponse(sqlRequest, out bool success);

            if (!success)
            {
                return;
            }
            GetAllEventsResponse  response = new GetAllEventsResponse(ResponseId.GetAllEvents, sql2DArrayResponse.Result);
            SerializedApiResponse serializedApiResponse = SerializedApiResponse.Create(response);
            string json = serializedApiResponse.Serialize();

            server.Send(json);
            server.UnitTesting.MethodSuccess = true;
        }

Ejemplo n.º 6

0

Mostrar archivo

 /// <summary>
 /// Throws an exception if the code is Invalid and returns false otherwise.
 /// </summary>
 /// <param name="server"></param>
 /// <param name="code"></param>
 /// <returns></returns>
 public static bool AssertAuthenticationCodeInvalid(this ApiServer server, string code)
 {
     // TODO: Implement max retry count.
     if (server.AssertAccountNotNull())
     {
         return(true);
     }
     if (string.IsNullOrEmpty(server.Account.AuthenticationCode))
     {
         ApiError.Throw(ApiErrorCode.InvalidContext, server, "The requested action is invalid in this context: server unaware of authentication event.");
         return(true);
     }
     if (!code.Equals(server.Account.AuthenticationCode))
     {
         ApiError.Throw(ApiErrorCode.InvalidCode, server, "The provided authentication code was incorrect.");
         return(true);
     }
     if (server.Account.AuthenticationId != server.RequestId)
     {
         ApiError.Throw(ApiErrorCode.InvalidContext, server, "The requested action is invalid in this context: authentication event does not match.");
         return(true);
     }
     if (server.Account.AuthenticationTime + MainServer.Config.WamsrvSecurityConfig.TwoFactorExpirationTime < DatabaseEssentials.GetTimeStamp())
     {
         ApiError.Throw(ApiErrorCode.ExpiredCode, server, "The provided authentication code has expired.");
         return(true);
     }
     return(false);
 }

Ejemplo n.º 7

0

Mostrar archivo

Archivo: CreateCookieRequest.cs Proyecto: frederik-hoeft/wamsrv

        public override void Process(ApiServer server)
        {
            if (server.AssertServerSetup(this) || server.AssertAccountNull())
            {
                server.UnitTesting.MethodSuccess = false;
                return;
            }
            using DatabaseManager databaseManager = new DatabaseManager(server);
            string               query             = DatabaseEssentials.Security.SanitizeQuery(new string[] { "SELECT id, password, isOnline FROM Tbl_user WHERE email = \'", Email, "\' LIMIT 1;" });
            SqlApiRequest        apiRequest        = SqlApiRequest.Create(SqlRequestId.GetDataArray, query, 3);
            SqlDataArrayResponse dataArrayResponse = databaseManager.AwaitDataArrayResponse(apiRequest, out bool success);

            string[] data = dataArrayResponse.Result;
            if (!success)
            {
                return;
            }
            if (!dataArrayResponse.Success || data.Length != 3)
            {
                ApiError.Throw(ApiErrorCode.InvalidUser, server, "No account is associated with this email address.");
                return;
            }
            string id   = data[0];
            string hash = data[1];

            if (Convert.ToInt32(data[2]) == 1)
            {
                ApiError.Throw(ApiErrorCode.AlreadyOnline, server, "Already logged in from another device.");
                return;
            }
            bool authenticationSuccessful = SecurityManager.ScryptCheck(Password, hash);

            if (!authenticationSuccessful)
            {
                ApiError.Throw(ApiErrorCode.InvalidCredentials, server, "Incorrect password.");
                return;
            }
            string securityToken = SecurityManager.GenerateSecurityToken();
            // Token should expire every month.
            int expirationDate = DatabaseEssentials.GetTimeStamp() + MainServer.Config.WamsrvSecurityConfig.SecurityTokenExpirationTime;

            query      = DatabaseEssentials.Security.SanitizeQuery(new string[] { "INSERT INTO Tbl_cookies (userid, value, expires, info) VALUES (", id, ",\'", securityToken, "\',", expirationDate.ToString(), ",\'", Info, "\');" });
            apiRequest = SqlApiRequest.Create(SqlRequestId.ModifyData, query, -1);
            SqlModifyDataResponse modifyDataResponse = databaseManager.AwaitModifyDataResponse(apiRequest, out success);

            if (!success)
            {
                return;
            }
            if (!modifyDataResponse.Success)
            {
                ApiError.Throw(ApiErrorCode.InternalServerError, server, "Unable to generate security token.");
                return;
            }
            if (!databaseManager.SetupAccount(id))
            {
                return;
            }
            Permission permissions = databaseManager.GetUserPermission(server.Account.AccountInfo.UserId, out success);

            if (!success)
            {
                return;
            }
            CreateCookieResponse  apiResponse           = new CreateCookieResponse(ResponseId.CreateCookie, securityToken, permissions);
            SerializedApiResponse serializedApiResponse = SerializedApiResponse.Create(apiResponse);
            string json = serializedApiResponse.Serialize();

            server.Send(json);
            server.UnitTesting.MethodSuccess = true;
        }

Ejemplos de DatabaseEssentials en C# (CSharp)