public static bool PasswordMatches(this Account account, string password)
{
if (account.PasswordSalt == "use bcrypt") // Account password is using bcrypt
{
if (Common.ConfigManager.Config.Server.Accounts.ForceWorkFactorMigration &&
(BCryptProvider.GetPasswordWorkFactor(account.PasswordHash) != Common.ConfigManager.Config.Server.Accounts.PasswordHashWorkFactor))
// Upgrade (or downgrade) Password workfactor if not the same as config specifies, ForceWorkFactorMigration is TRUE and Password Matches
{
if (BCryptProvider.Verify(password, account.PasswordHash))
{
account.SetPassword(password);
account.SetSaltForBCrypt();
DatabaseManager.Authentication.UpdateAccount(account);
return(true);
}
else
{
return(false);
}
}
else
{
return(BCryptProvider.Verify(password, account.PasswordHash));
}
}
else // Account password is using SHA512 salt
{
log.Debug($"{account.AccountName} password verified using SHA512 hash/salt, migrating to bcrypt.");
var input = GetPasswordHash(account, password);
if (input == account.PasswordHash) // If password matches, migrate to bcrypt
{
account.SetPassword(password);
account.SetSaltForBCrypt();
DatabaseManager.Authentication.UpdateAccount(account);
return(true);
}
else
{
return(false);
}
}
}
public static void HandleClientLoginReq(Session session, ClientLoginReq loginReq)
{
void SendError(uint errorCode, string errorMessage = "")
{
session.SendMessage(new ServerLoginResult
{
ErrorCode = errorCode,
ErrorMessage = errorMessage
});
}
AccountModel account = DatabaseManager.Instance.AuthDatabase.GetAccount(loginReq.Username);
if (account == null || !BCryptProvider.Verify(loginReq.Password, account.Password))
{
SendError(1);
return;
}
session.Authenticate(account);
// TODO: check for bans
ulong sessionKey = RandomProvider.GenerateSessionKey();
DatabaseManager.Instance.AuthDatabase.UpdateSessionKey(account, sessionKey);
session.SendMessage(new ServerLoginResult
{
AccountId = account.Id,
SessionKey = sessionKey
});
session.SendMessage(new ServerOptionLoad
{
});
}
public static void HandleAuthenticate(Session session, NetworkObject networkObject)
{
void SendAuthenticationError(byte code)
{
var errorCode = new NetworkObject();
errorCode.AddField(0, NetworkObjectField.CreateIntField(code));
var authenticationError = new NetworkObject();
authenticationError.AddField(0, NetworkObjectField.CreateIntField((int)ObjectOpcode.AuthenticateError));
authenticationError.AddField(1, NetworkObjectField.CreateObjectField(errorCode));
session.EnqueuePacket(new ServerAuthenticationPacket(authenticationError));
}
string username = NetworkObjectField.ReadStringField(networkObject.GetField(2));
string password = NetworkObjectField.ReadStringField(networkObject.GetField(3));
string version = NetworkObjectField.ReadStringField(networkObject.GetField(5));
string accountName = NetworkObjectField.ReadStringField(networkObject.GetField(6));
CharacterObject characterObject = new CharacterObject();
characterObject.FromNetworkObject(networkObject.GetField(4).ReadObject());
if (string.IsNullOrWhiteSpace(username) ||
username.Length > 20 ||
username == "Anonymous")
{
SendAuthenticationError(0);
return;
}
// anonymous login ignored
if (version != "1.0.1.14")
{
SendAuthenticationError(1);
return;
}
AccountInfo accountInfo = DatabaseManager.Database.GetAccount(username);
if (accountInfo == null)
{
accountInfo = DatabaseManager.Database.CreateAccount(username, password, session.Remote.Address.ToString(), Privilege.All);
}
else
{
// validate existing account
if (!BCryptProvider.Verify(password, accountInfo.Password))
{
SendAuthenticationError(0);
return;
}
}
log.Info($"Account: {accountInfo.Username}, Character: {characterObject.Name} has signed in!");
DatabaseManager.Database.UpdateAccount(accountInfo.Id, session.Remote.Address.ToString());
var authentication = new NetworkObject();
authentication.AddField(0, NetworkObjectField.CreateIntField((int)ObjectOpcode.Authenticate));
authentication.AddField(1, NetworkObjectField.CreateIntField((int)accountInfo.Privileges));
session.EnqueuePacket(new ServerAuthenticationPacket(authentication));
characterObject.Sequence = NetworkManager.SessionSequence.Dequeue();
session.SignIn(accountInfo, accountName, characterObject);
}