Exemple #1
0
        public override void Process(ApiServer server)
        {
            if (server.AssertServerSetup(this) || server.AssertAccountNotNull() || server.AssertUserOnline())
            {
                return;
            }
            using DatabaseManager databaseManager = new DatabaseManager(server);
            string id = databaseManager.UserIdToId(UserId, out bool success);

            if (!success)
            {
                return;
            }
            Account account = databaseManager.GetAccount(id, out success);

            if (!success)
            {
                return;
            }
            account.AccountInfo.Radius = -1;
            GetAccountInfoResponse response = new GetAccountInfoResponse(ResponseId.GetAccountInfo, account.AccountInfo);
            SerializedApiResponse  serializedApiResponse = SerializedApiResponse.Create(response);
            string json = serializedApiResponse.Serialize();

            server.Send(json);
            server.UnitTesting.MethodSuccess = true;
        }
Exemple #2
0
        public override void Process(ApiServer server)
        {
            if (server.AssertServerSetup(this) || server.AssertIdSet() || server.AssertUserOnline())
            {
                return;
            }
            using DatabaseManager databaseManager = new DatabaseManager(server);
            if (databaseManager.AssertHasPermission(Permission.CREATE_EVENT) || databaseManager.AssertEventExists(EventId))
            {
                return;
            }
            string                query              = "DELETE FROM Tbl_event WHERE hid = \'" + DatabaseEssentials.Security.Sanitize(EventId) + "\';";
            SqlApiRequest         sqlRequest         = SqlApiRequest.Create(SqlRequestId.ModifyData, query, -1);
            SqlModifyDataResponse modifyDataResponse = databaseManager.AwaitModifyDataResponse(sqlRequest, out bool success);

            if (!success)
            {
                return;
            }
            if (!modifyDataResponse.Success)
            {
                ApiError.Throw(ApiErrorCode.InternalServerError, server, "Unable to delete the requested event.");
                return;
            }
            GenericSuccessResponse response = new GenericSuccessResponse(ResponseId.DeleteEventA, true);
            SerializedApiResponse  serializedApiResponse = SerializedApiResponse.Create(response);
            string json = serializedApiResponse.Serialize();

            server.Send(json);
            server.UnitTesting.MethodSuccess = true;
        }
Exemple #3
0
        public override void Process(ApiServer server)
        {
            if (server.AssertServerSetup(this) || server.AssertUserOnline() || server.AssertIdSet())
            {
                return;
            }
            using DatabaseManager databaseManager = new DatabaseManager(server);
            if (databaseManager.OptionalAssertUserExists(server.Account.Id, true))
            {
                return;
            }
            string        sanitizedId    = DatabaseEssentials.Security.Sanitize(server.Account.Id);
            string        deleteCookies  = "DELETE FROM Tbl_cookies WHERE userid = " + sanitizedId + ";";
            string        deleteAdmin    = "DELETE FROM Tbl_admin WHERE userid = " + sanitizedId + ";";
            string        deleteEvent    = "DELETE FROM Tbl_event WHERE userid = " + sanitizedId + ";";
            string        deleteLog      = "DELETE FROM Tbl_log WHERE userid = " + sanitizedId + ";";
            string        deleteLikes    = "DELETE FROM Tbl_likes WHERE sourceid = " + sanitizedId + " OR targetid = " + sanitizedId + ";";
            string        deleteDislikes = "DELETE FROM Tbl_dislikes WHERE sourceid = " + sanitizedId + " OR targetid = " + sanitizedId + ";";
            string        deleteMatches  = "DELETE FROM Tbl_match WHERE userid1 = " + sanitizedId + " OR userid2 = " + sanitizedId + ";";
            string        query          = deleteCookies + deleteAdmin + deleteEvent + deleteLog + deleteLikes + deleteDislikes + deleteMatches;
            SqlApiRequest sqlRequest     = SqlApiRequest.Create(SqlRequestId.ModifyData, query, -1);

            _ = databaseManager.AwaitModifyDataResponse(sqlRequest, out bool success);
            if (!success)
            {
                return;
            }
            GenericSuccessResponse response = new GenericSuccessResponse(ResponseId.DeleteAccount, true);
            SerializedApiResponse  serializedApiResponse = SerializedApiResponse.Create(response);
            string json = serializedApiResponse.Serialize();

            server.Send(json);
            server.UnitTesting.MethodSuccess = true;
        }
Exemple #4
0
        public override void Process(ApiServer server)
        {
            if (server.AssertServerSetup(this) || server.AssertAuthenticationCodeInvalid(Code) || server.AssertUserOffline())
            {
                return;
            }
            using DatabaseManager databaseManager = new DatabaseManager(server);
            string                userid             = SecurityManager.GenerateHid();
            string                query              = DatabaseEssentials.Security.SanitizeQuery(new string[] { "INSERT INTO Tbl_user (password, hid, email) VALUES (\'", server.Account.Password, "\',\'", userid, "\', \'", server.Account.AccountInfo.Email, "\');" });
            SqlApiRequest         sqlRequets         = SqlApiRequest.Create(SqlRequestId.ModifyData, query, -1);
            SqlModifyDataResponse modifyDataResponse = databaseManager.AwaitModifyDataResponse(sqlRequets, out bool success);

            if (!success)
            {
                return;
            }
            if (!modifyDataResponse.Success)
            {
                ApiError.Throw(ApiErrorCode.InternalServerError, server, "Unable to create user.");
                return;
            }
            server.Account.AuthenticationCode = string.Empty;
            server.Account.AuthenticationId   = ApiRequestId.Invalid;
            server.Account.AuthenticationTime = -1;
            GenericSuccessResponse response = new GenericSuccessResponse(ResponseId.ConfirmAccount, true);
            SerializedApiResponse  serializedApiResponse = SerializedApiResponse.Create(response);
            string json = serializedApiResponse.Serialize();

            server.Send(json);
            server.UnitTesting.MethodSuccess = true;
        }
Exemple #5
0
        public override void Process(ApiServer server)
        {
            if (server.AssertServerSetup(this) || server.AssertIdSet() || server.AssertUserOnline() || server.AssertEventInfoNotNull(EventInfo))
            {
                return;
            }
            using DatabaseManager databaseManager = new DatabaseManager(server);
            if (databaseManager.AssertEventExists(EventInfo.EventId) || databaseManager.AssertHasPermission(Permission.CREATE_EVENT))
            {
                return;
            }
            string                query              = DatabaseEssentials.Security.SanitizeQuery(new string[] { "UPDATE Tbl_event SET userid = ", server.Account.Id, ", title = \'", EventInfo.Title, "\', expires = ", EventInfo.ExpirationDate.ToString(), ", date = \'", EventInfo.Date, "\', time = \'", EventInfo.Time, "\', location = \'", EventInfo.Location, "\', url = \'", EventInfo.Url, "\', image = \'", EventInfo.Image, "\', description = \'", EventInfo.Description, "\'  WHERE hid = \'", EventInfo.EventId, "\';" });
            SqlApiRequest         sqlRequest         = SqlApiRequest.Create(SqlRequestId.ModifyData, query, -1);
            SqlModifyDataResponse modifyDataResponse = databaseManager.AwaitModifyDataResponse(sqlRequest, out bool success);

            if (!success)
            {
                return;
            }
            if (!modifyDataResponse.Success)
            {
                ApiError.Throw(ApiErrorCode.InternalServerError, server, "Unable to update event.");
                return;
            }
            GenericSuccessResponse response = new GenericSuccessResponse(ResponseId.EditEventA, true);
            SerializedApiResponse  serializedApiResponse = SerializedApiResponse.Create(response);
            string json = serializedApiResponse.Serialize();

            server.Send(json);
            server.UnitTesting.MethodSuccess = true;
        }
Exemple #6
0
        public override void Process(ApiServer server)
        {
            if (server.AssertServerSetup(this) || server.AssertAccountNotNull() || server.AssertUserOnline() || server.AssertEmailSet())
            {
                return;
            }
            if (!EmailEssentials.IsValid(server.Account.AccountInfo.Email))
            {
                ApiError.Throw(ApiErrorCode.InvalidEmailAddress, server, "Email address is invalid.");
                return;
            }
            server.Account.AuthenticationCode = SecurityManager.GenerateSecurityCode();
            server.Account.AuthenticationId   = ApiRequestId.ConfirmPasswordChange;
            server.Account.AuthenticationTime = DatabaseEssentials.GetTimeStamp();
            server.Account.Password           = SecurityManager.ScryptHash(Password);
            string       name         = string.IsNullOrEmpty(server.Account.AccountInfo.Name) ? "user" : server.Account.AccountInfo.Name;
            EmailManager emailManager = EmailManager.Create(Subject.ChangePassword, server.Account.AccountInfo.Email, name, server.Account.AuthenticationCode);
            bool         success      = emailManager.Send();

            if (!success)
            {
                ApiError.Throw(ApiErrorCode.InternalServerError, server, "Failed to send confirmation email.");
                return;
            }
            GenericSuccessResponse apiResponse           = new GenericSuccessResponse(ResponseId.PasswordChange, true);
            SerializedApiResponse  serializedApiResponse = SerializedApiResponse.Create(apiResponse);
            string json = serializedApiResponse.Serialize();

            server.Send(json);
            server.UnitTesting.MethodSuccess = true;
        }
Exemple #7
0
        public override void Process(ApiServer server)
        {
            if (server.AssertServerSetup(this) || server.AssertIdSet() || server.AssertUserOnline() || server.AssertEventInfoNotNull(EventInfo))
            {
                return;
            }
            using DatabaseManager databaseManager = new DatabaseManager(server);
            if (databaseManager.AssertHasPermission(Permission.CREATE_EVENT))
            {
                return;
            }
            string                eventId            = SecurityManager.GenerateHid();
            string                query              = DatabaseEssentials.Security.SanitizeQuery(new string[] { "INSERT INTO Tbl_event (userid, title, expires, date, time, location, url, image, description, hid) VALUES (", server.Account.Id, ", \'", EventInfo.Title, "\', ", EventInfo.ExpirationDate.ToString(), ", \'", EventInfo.Date, "\', \'", EventInfo.Time, "\', \'", EventInfo.Location, "\', \'", EventInfo.Url, "\', \'", EventInfo.Image, "\', \'", EventInfo.Description, "\', \'", eventId, "\');" });
            SqlApiRequest         sqlRequest         = SqlApiRequest.Create(SqlRequestId.ModifyData, query, -1);
            SqlModifyDataResponse modifyDataResponse = databaseManager.AwaitModifyDataResponse(sqlRequest, out bool success);

            if (!success)
            {
                return;
            }
            if (!modifyDataResponse.Success)
            {
                ApiError.Throw(ApiErrorCode.InternalServerError, server, "Unable to create event.");
                return;
            }
            CreateEventResponseA  response = new CreateEventResponseA(ResponseId.CreateEvent, eventId);
            SerializedApiResponse serializedApiResponse = SerializedApiResponse.Create(response);
            string json = serializedApiResponse.Serialize();

            server.Send(json);
            server.UnitTesting.MethodSuccess = true;
        }
Exemple #8
0
        public override void Process(ApiServer server)
        {
            if (server.AssertServerSetup(this) || server.AssertAuthenticationCodeInvalid(Code) || server.AssertUserOnline() || server.AssertPasswordSet() || server.AssertIdSet())
            {
                return;
            }
            using DatabaseManager databaseManager = new DatabaseManager(server);
            // Check if security token is valid.
            string        query      = DatabaseEssentials.Security.SanitizeQuery(new string[] { "SELECT u.id FROM Tbl_cookies as c, Tbl_user as u WHERE c.value = \'", SecurityToken, "\' AND u.id = c.userid;" });
            SqlApiRequest sqlRequest = SqlApiRequest.Create(SqlRequestId.GetSingleOrDefault, query, 2);
            SqlSingleOrDefaultResponse singleOrDefaultResponse = databaseManager.AwaitSingleOrDefaultResponse(sqlRequest, out bool success);

            if (!success)
            {
                return;
            }
            if (!singleOrDefaultResponse.Success || !singleOrDefaultResponse.Result.Equals(server.Account.Id))
            {
                ApiError.Throw(ApiErrorCode.InvalidToken, server, "Security token was invalid.");
                return;
            }
            // Reset security token expiration timer..
            int expirationDate = DatabaseEssentials.GetTimeStamp() + MainServer.Config.WamsrvSecurityConfig.SecurityTokenExpirationTime;

            query      = DatabaseEssentials.Security.SanitizeQuery(new string[] { "UPDATE Tbl_cookies SET expires = \'", expirationDate.ToString(), "\' WHERE value = \'", SecurityToken, "\';" });
            sqlRequest = SqlApiRequest.Create(SqlRequestId.ModifyData, query, -1);
            SqlModifyDataResponse modifyDataResponse = databaseManager.AwaitModifyDataResponse(sqlRequest, out success);

            if (!success)
            {
                return;
            }
            if (!modifyDataResponse.Success)
            {
                ApiError.Throw(ApiErrorCode.InternalServerError, server, "Unable to refresh security token.");
                return;
            }
            // Delete all other security tokens associated with the account.
            if (databaseManager.DeleteSecurityTokens(new string[] { SecurityToken }))
            {
                return;
            }
            // Update password.
            if (databaseManager.UpdatePassword())
            {
                return;
            }
            server.Account.AuthenticationCode = string.Empty;
            server.Account.AuthenticationId   = ApiRequestId.Invalid;
            server.Account.AuthenticationTime = -1;
            GenericSuccessResponse response = new GenericSuccessResponse(ResponseId.ConfirmAccount, true);
            SerializedApiResponse  serializedApiResponse = SerializedApiResponse.Create(response);
            string json = serializedApiResponse.Serialize();

            server.Send(json);
            server.UnitTesting.MethodSuccess = true;
        }
        public override void Process(ApiServer server)
        {
            if (server.AssertServerSetup(this) || server.AssertAccountNull())
            {
                return;
            }
            using DatabaseManager databaseManager = new DatabaseManager(server);
            string               query             = "SELECT isOnline, name, hid, id FROM Tbl_user WHERE email = \'" + DatabaseEssentials.Security.Sanitize(Email) + "\';";
            SqlApiRequest        sqlRequest        = SqlApiRequest.Create(SqlRequestId.GetDataArray, query, 4);
            SqlDataArrayResponse dataArrayResponse = databaseManager.AwaitDataArrayResponse(sqlRequest, out bool success);

            if (!success)
            {
                return;
            }
            string[] data = dataArrayResponse.Result;
            if (!dataArrayResponse.Success || data.Length != sqlRequest.ExpectedColumns)
            {
                ApiError.Throw(ApiErrorCode.InvalidUser, server, "No account is associated with this email address.");
                return;
            }
            string isOnline      = data[0];
            string encryptedName = data[1];
            string userid        = data[2];

            server.Account = new Account(null, false, data[3]);
            if (!isOnline.Equals("0"))
            {
                ApiError.Throw(ApiErrorCode.AlreadyOnline, server, "Already logged in from another device.");
                return;
            }
            AesContext aesContext = new AesContext(userid);
            string     name       = aesContext.DecryptOrDefault(encryptedName);

            server.Account = new Account
            {
                AuthenticationCode = SecurityManager.GenerateSecurityCode(),
                AuthenticationId   = ApiRequestId.ConfirmPasswordReset,
                AuthenticationTime = DatabaseEssentials.GetTimeStamp()
            };
            EmailManager emailManager = EmailManager.Create(Subject.ResetPassword, Email, string.IsNullOrEmpty(name) ? "user" : name, server.Account.AuthenticationCode);

            emailManager.Send();
            GenericSuccessResponse response = new GenericSuccessResponse(ResponseId.PasswordReset, true);
            SerializedApiResponse  serializedApiResponse = SerializedApiResponse.Create(response);
            string json = serializedApiResponse.Serialize();

            server.Send(json);
            server.UnitTesting.MethodSuccess = true;
        }
Exemple #10
0
        public override void Process(ApiServer server)
        {
            if (server.AssertServerSetup(this) || server.AssertAccountNull())
            {
                return;
            }
            if (!EmailEssentials.IsValid(Email))
            {
                ApiError.Throw(ApiErrorCode.InvalidEmailAddress, server, "Email address is invalid.");
                return;
            }
            bool success;

            using (DatabaseManager databaseManager = new DatabaseManager(server))
            {
                if (!databaseManager.CheckEmailAvailable(Email, out success))
                {
                    if (!success)
                    {
                        return;
                    }
                    ApiError.Throw(ApiErrorCode.InvalidEmailAddress, server, "Email address already in use.");
                    return;
                }
            }
            string passwordHash = SecurityManager.ScryptHash(Password);

            server.Account = new Account(new AccountInfo(null, null, null, null, null, null, null, null, null, null, null, null, null, 50, null, Email, true, true), false, string.Empty)
            {
                Password           = passwordHash,
                AuthenticationCode = SecurityManager.GenerateSecurityCode(),
                AuthenticationId   = ApiRequestId.ConfirmAccount,
                AuthenticationTime = DatabaseEssentials.GetTimeStamp()
            };
            EmailManager emailManager = EmailManager.Create(Subject.CreateAccount, Email, "new user", server.Account.AuthenticationCode);

            success = emailManager.Send();
            if (!success)
            {
                ApiError.Throw(ApiErrorCode.InternalServerError, server, "Failed to send confirmation email.");
                return;
            }
            GenericSuccessResponse apiResponse           = new GenericSuccessResponse(ResponseId.CreateAccount, true);
            SerializedApiResponse  serializedApiResponse = SerializedApiResponse.Create(apiResponse);
            string json = serializedApiResponse.Serialize();

            server.Send(json);
            server.UnitTesting.MethodSuccess = true;
        }
        public override void Process(ApiServer server)
        {
            if (server.AssertServerSetup(this) || server.AssertAuthenticationCodeInvalid(Code) || server.AssertUserOffline() || server.AssertIdSet())
            {
                return;
            }
            server.Account.Password = SecurityManager.ScryptHash(Password);
            using DatabaseManager databaseManager = new DatabaseManager(server);
            if (databaseManager.UpdatePassword() || databaseManager.DeleteSecurityTokens(Array.Empty <string>()))
            {
                return;
            }
            GenericSuccessResponse response = new GenericSuccessResponse(ResponseId.ConfirmPasswordReset, true);
            SerializedApiResponse  serializedApiResponse = SerializedApiResponse.Create(response);
            string json = serializedApiResponse.Serialize();

            server.Send(json);
            server.Account = null;
            server.UnitTesting.MethodSuccess = true;
        }
        public override void Process(ApiServer server)
        {
            if (server.AssertServerSetup(this) || server.AssertUserOnline())
            {
                return;
            }
            using DatabaseManager databaseManager = new DatabaseManager(server);
            string             query              = "SELECT hid FROM Tbl_event" + (IncludeExpired ? string.Empty : " WHERE expires > " + DatabaseEssentials.GetTimeStamp().ToString()) + ";";
            SqlApiRequest      sqlRequest         = SqlApiRequest.Create(SqlRequestId.Get2DArray, query, 1);
            Sql2DArrayResponse sql2DArrayResponse = databaseManager.Await2DArrayResponse(sqlRequest, out bool success);

            if (!success)
            {
                return;
            }
            GetAllEventsResponse  response = new GetAllEventsResponse(ResponseId.GetAllEvents, sql2DArrayResponse.Result);
            SerializedApiResponse serializedApiResponse = SerializedApiResponse.Create(response);
            string json = serializedApiResponse.Serialize();

            server.Send(json);
            server.UnitTesting.MethodSuccess = true;
        }
Exemple #13
0
        public override void Process(ApiServer server)
        {
            if (server.AssertServerSetup(this) || server.AssertUserOnline())
            {
                return;
            }
            using DatabaseManager databaseManager = new DatabaseManager(server);
            if (databaseManager.AssertEventExists(EventId) || databaseManager.AssertHasPermission(Permission.QUERY_EVENT_INFO))
            {
                return;
            }
            EventInfo eventInfo = databaseManager.GetEventInfo(EventId, out bool success);

            if (!success)
            {
                return;
            }
            string        query      = "SELECT u.hid FROM Tbl_event as e, Tbl_user as u WHERE e.hid = \'" + DatabaseEssentials.Security.Sanitize(EventId) + "\' AND e.userid = u.id LIMIT 1;";
            SqlApiRequest sqlRequest = SqlApiRequest.Create(SqlRequestId.GetSingleOrDefault, query, 1);
            SqlSingleOrDefaultResponse singleOrDefaultResponse = databaseManager.AwaitSingleOrDefaultResponse(sqlRequest, out success);

            if (!success)
            {
                return;
            }
            if (!singleOrDefaultResponse.Success)
            {
                ApiError.Throw(ApiErrorCode.InternalServerError, server, "Unable to fetch event.");
                return;
            }
            GetEventResponseA     response = new GetEventResponseA(ResponseId.GetEventA, new Event(eventInfo, singleOrDefaultResponse.Result));
            SerializedApiResponse serializedApiResponse = SerializedApiResponse.Create(response);
            string json = serializedApiResponse.Serialize();

            server.Send(json);
            server.UnitTesting.MethodSuccess = true;
        }
Exemple #14
0
        public override void Process(ApiServer server)
        {
            if (server.AssertServerSetup(this) || server.AssertUserOnline())
            {
                return;
            }
            using DatabaseManager databaseManager = new DatabaseManager(server);
            if (databaseManager.AssertEventExists(EventId))
            {
                return;
            }
            EventInfo eventInfo = databaseManager.GetEventInfo(EventId, out bool success);

            if (!success)
            {
                return;
            }
            GetEventInfoResponse  response = new GetEventInfoResponse(ResponseId.GetEventInfo, eventInfo);
            SerializedApiResponse serializedApiResponse = SerializedApiResponse.Create(response);
            string json = serializedApiResponse.Serialize();

            server.Send(json);
            server.UnitTesting.MethodSuccess = true;
        }
Exemple #15
0
        public override void Process(ApiServer server)
        {
            if (server.AssertServerSetup(this) || AccountInfo == null)
            {
                ApiError.Throw(ApiErrorCode.InvalidArgument, server, "AccountInfo was null.");
                return;
            }
            if (server.AssertUserOnline() || server.AssertIdSet() || server.AssertAccountInfoNotNull())
            {
                return;
            }
            using DatabaseManager databaseManager = new DatabaseManager(server);
            string query;
            bool   success;

            if (string.IsNullOrEmpty(server.Account.AccountInfo.UserId))
            {
                query = "SELECT hid FROM Tbl_user WHERE id = " + DatabaseEssentials.Security.Sanitize(server.Account.Id);
                SqlApiRequest sqlRequest = SqlApiRequest.Create(SqlRequestId.GetSingleOrDefault, query, 1);
                SqlSingleOrDefaultResponse singleOrDefaultResponse = databaseManager.AwaitSingleOrDefaultResponse(sqlRequest, out success);
                if (!success)
                {
                    return;
                }
                if (!singleOrDefaultResponse.Success)
                {
                    ApiError.Throw(ApiErrorCode.InternalServerError, server, "Unable to determine userid.");
                    return;
                }
                server.Account.AccountInfo.UserId = singleOrDefaultResponse.Result;
            }
            AesContext    aesContext       = new AesContext(server.Account.AccountInfo.UserId);
            string        cryptoName       = aesContext.EncryptOrDefault(AccountInfo.Name);
            string        cryptoOccupation = aesContext.EncryptOrDefault(AccountInfo.Occupation);
            StringBuilder stringBuilder    = new StringBuilder();

            string[] infos = new string[] { AccountInfo.Info1, AccountInfo.Info2, AccountInfo.Info3, AccountInfo.Info4, AccountInfo.Info5, AccountInfo.Info6, AccountInfo.Info7, AccountInfo.Info8, AccountInfo.Info9, AccountInfo.Info10 };
            for (int i = 0; i < infos.Length; i++)
            {
                stringBuilder.Append(", info").Append((i + 1).ToString()).Append(" = \'").Append(aesContext.EncryptOrDefault(infos[i])).Append('\'');
            }
            query = "UPDATE Tbl_user SET name = \'" + cryptoName + "\', occupation = \'" + cryptoOccupation + "\'" + stringBuilder.ToString() + ", location = \'" + DatabaseEssentials.Security.Sanitize(AccountInfo.Location) + "\', radius = " + AccountInfo.Radius.ToString() + ", isVisible = " + (AccountInfo.IsVisible ? "1" : "0") + ", showLog = " + (AccountInfo.ShowLog ? "1" : "0") + " WHERE id = " + DatabaseEssentials.Security.Sanitize(server.Account.Id) + ";";
            SqlApiRequest         sqlApiRequest      = SqlApiRequest.Create(SqlRequestId.ModifyData, query, -1);
            SqlModifyDataResponse modifyDataResponse = databaseManager.AwaitModifyDataResponse(sqlApiRequest, out success);

            if (!success)
            {
                return;
            }
            if (!modifyDataResponse.Success)
            {
                ApiError.Throw(ApiErrorCode.InternalServerError, server, "Unable to update account info.");
                return;
            }
            GenericSuccessResponse successResponse       = new GenericSuccessResponse(ResponseId.UpdateAccountInfo, true);
            SerializedApiResponse  serializedApiResponse = SerializedApiResponse.Create(successResponse);
            string json = serializedApiResponse.Serialize();

            server.Send(json);
            server.UnitTesting.MethodSuccess = true;
        }
        public override void Process(ApiServer server)
        {
            if (server.AssertServerSetup(this) || server.AssertAccountNull())
            {
                server.UnitTesting.MethodSuccess = false;
                return;
            }
            using DatabaseManager databaseManager = new DatabaseManager(server);
            string               query             = DatabaseEssentials.Security.SanitizeQuery(new string[] { "SELECT id, password, isOnline FROM Tbl_user WHERE email = \'", Email, "\' LIMIT 1;" });
            SqlApiRequest        apiRequest        = SqlApiRequest.Create(SqlRequestId.GetDataArray, query, 3);
            SqlDataArrayResponse dataArrayResponse = databaseManager.AwaitDataArrayResponse(apiRequest, out bool success);

            string[] data = dataArrayResponse.Result;
            if (!success)
            {
                return;
            }
            if (!dataArrayResponse.Success || data.Length != 3)
            {
                ApiError.Throw(ApiErrorCode.InvalidUser, server, "No account is associated with this email address.");
                return;
            }
            string id   = data[0];
            string hash = data[1];

            if (Convert.ToInt32(data[2]) == 1)
            {
                ApiError.Throw(ApiErrorCode.AlreadyOnline, server, "Already logged in from another device.");
                return;
            }
            bool authenticationSuccessful = SecurityManager.ScryptCheck(Password, hash);

            if (!authenticationSuccessful)
            {
                ApiError.Throw(ApiErrorCode.InvalidCredentials, server, "Incorrect password.");
                return;
            }
            string securityToken = SecurityManager.GenerateSecurityToken();
            // Token should expire every month.
            int expirationDate = DatabaseEssentials.GetTimeStamp() + MainServer.Config.WamsrvSecurityConfig.SecurityTokenExpirationTime;

            query      = DatabaseEssentials.Security.SanitizeQuery(new string[] { "INSERT INTO Tbl_cookies (userid, value, expires, info) VALUES (", id, ",\'", securityToken, "\',", expirationDate.ToString(), ",\'", Info, "\');" });
            apiRequest = SqlApiRequest.Create(SqlRequestId.ModifyData, query, -1);
            SqlModifyDataResponse modifyDataResponse = databaseManager.AwaitModifyDataResponse(apiRequest, out success);

            if (!success)
            {
                return;
            }
            if (!modifyDataResponse.Success)
            {
                ApiError.Throw(ApiErrorCode.InternalServerError, server, "Unable to generate security token.");
                return;
            }
            if (!databaseManager.SetupAccount(id))
            {
                return;
            }
            Permission permissions = databaseManager.GetUserPermission(server.Account.AccountInfo.UserId, out success);

            if (!success)
            {
                return;
            }
            CreateCookieResponse  apiResponse           = new CreateCookieResponse(ResponseId.CreateCookie, securityToken, permissions);
            SerializedApiResponse serializedApiResponse = SerializedApiResponse.Create(apiResponse);
            string json = serializedApiResponse.Serialize();

            server.Send(json);
            server.UnitTesting.MethodSuccess = true;
        }
Exemple #17
0
        public override void Process(ApiServer server)
        {
            if (server.AssertServerSetup(this) || server.AssertUserOnline())
            {
                return;
            }
            using DatabaseManager databaseManager = new DatabaseManager(server);
            if (databaseManager.AssertHasPermission(Permission.ADJUST_PRIVILEGES))
            {
                return;
            }
            bool userExists = databaseManager.CheckUserExists(TargetUserId, out bool success);

            if (!success)
            {
                return;
            }
            if (!userExists)
            {
                ApiError.Throw(ApiErrorCode.NotFound, server, "User not found.");
                return;
            }
            bool targetIsRoot = databaseManager.UserIsRoot(TargetUserId, out success);

            if (!success)
            {
                return;
            }
            if (targetIsRoot)
            {
                ApiError.Throw(ApiErrorCode.InsufficientPermissions, server, "Cannot adjust permissions of root: is fixed to " + Permission.ALL_ACCESS.ToString());
                return;
            }
            Permission currentPermissions = databaseManager.GetUserPermission(TargetUserId, out success);

            if (!success)
            {
                return;
            }
            if (currentPermissions != Permissions)
            {
                string targetId = databaseManager.UserIdToId(TargetUserId, out success);
                if (!success)
                {
                    return;
                }
                string query;
                if (Permissions == Permission.NONE)
                {
                    query = "DELETE FROM Tbl_admin WHERE userid = " + targetId + ";";
                }
                else if (currentPermissions == Permission.NONE)
                {
                    query = "INSERT INTO Tbl_admin (userid, permissions) VALUES (" + targetId + ", " + ((int)Permissions).ToString() + ");";
                }
                else
                {
                    query = "UPDATE Tbl_admin SET permissions = " + ((int)Permissions).ToString() + " WHERE userid = " + targetId + ";";
                }
                SqlApiRequest         sqlRequest         = SqlApiRequest.Create(SqlRequestId.ModifyData, query, -1);
                SqlModifyDataResponse modifyDataResponse = databaseManager.AwaitModifyDataResponse(sqlRequest, out success);
                if (!success)
                {
                    return;
                }
            }
            GenericSuccessResponse response = new GenericSuccessResponse(ResponseId.ChangeUserPermissionsA, true);
            SerializedApiResponse  serializedApiResponse = SerializedApiResponse.Create(response);
            string json = serializedApiResponse.Serialize();

            server.Send(json);
            server.UnitTesting.MethodSuccess = true;
            return;
        }