public override void Process(ApiServer server) { if (server.AssertServerSetup(this) || server.AssertUserOnline() || server.AssertIdSet()) { return; } using DatabaseManager databaseManager = new DatabaseManager(server); if (databaseManager.OptionalAssertUserExists(server.Account.Id, true)) { return; } string sanitizedId = DatabaseEssentials.Security.Sanitize(server.Account.Id); string deleteCookies = "DELETE FROM Tbl_cookies WHERE userid = " + sanitizedId + ";"; string deleteAdmin = "DELETE FROM Tbl_admin WHERE userid = " + sanitizedId + ";"; string deleteEvent = "DELETE FROM Tbl_event WHERE userid = " + sanitizedId + ";"; string deleteLog = "DELETE FROM Tbl_log WHERE userid = " + sanitizedId + ";"; string deleteLikes = "DELETE FROM Tbl_likes WHERE sourceid = " + sanitizedId + " OR targetid = " + sanitizedId + ";"; string deleteDislikes = "DELETE FROM Tbl_dislikes WHERE sourceid = " + sanitizedId + " OR targetid = " + sanitizedId + ";"; string deleteMatches = "DELETE FROM Tbl_match WHERE userid1 = " + sanitizedId + " OR userid2 = " + sanitizedId + ";"; string query = deleteCookies + deleteAdmin + deleteEvent + deleteLog + deleteLikes + deleteDislikes + deleteMatches; SqlApiRequest sqlRequest = SqlApiRequest.Create(SqlRequestId.ModifyData, query, -1); _ = databaseManager.AwaitModifyDataResponse(sqlRequest, out bool success); if (!success) { return; } GenericSuccessResponse response = new GenericSuccessResponse(ResponseId.DeleteAccount, true); SerializedApiResponse serializedApiResponse = SerializedApiResponse.Create(response); string json = serializedApiResponse.Serialize(); server.Send(json); server.UnitTesting.MethodSuccess = true; }
public override void Process(ApiServer server) { if (server.AssertServerSetup(this) || server.AssertAuthenticationCodeInvalid(Code) || server.AssertUserOffline()) { return; } using DatabaseManager databaseManager = new DatabaseManager(server); string userid = SecurityManager.GenerateHid(); string query = DatabaseEssentials.Security.SanitizeQuery(new string[] { "INSERT INTO Tbl_user (password, hid, email) VALUES (\'", server.Account.Password, "\',\'", userid, "\', \'", server.Account.AccountInfo.Email, "\');" }); SqlApiRequest sqlRequets = SqlApiRequest.Create(SqlRequestId.ModifyData, query, -1); SqlModifyDataResponse modifyDataResponse = databaseManager.AwaitModifyDataResponse(sqlRequets, out bool success); if (!success) { return; } if (!modifyDataResponse.Success) { ApiError.Throw(ApiErrorCode.InternalServerError, server, "Unable to create user."); return; } server.Account.AuthenticationCode = string.Empty; server.Account.AuthenticationId = ApiRequestId.Invalid; server.Account.AuthenticationTime = -1; GenericSuccessResponse response = new GenericSuccessResponse(ResponseId.ConfirmAccount, true); SerializedApiResponse serializedApiResponse = SerializedApiResponse.Create(response); string json = serializedApiResponse.Serialize(); server.Send(json); server.UnitTesting.MethodSuccess = true; }
public override void Process(ApiServer server) { if (server.AssertServerSetup(this) || server.AssertAccountNotNull() || server.AssertUserOnline() || server.AssertEmailSet()) { return; } if (!EmailEssentials.IsValid(server.Account.AccountInfo.Email)) { ApiError.Throw(ApiErrorCode.InvalidEmailAddress, server, "Email address is invalid."); return; } server.Account.AuthenticationCode = SecurityManager.GenerateSecurityCode(); server.Account.AuthenticationId = ApiRequestId.ConfirmPasswordChange; server.Account.AuthenticationTime = DatabaseEssentials.GetTimeStamp(); server.Account.Password = SecurityManager.ScryptHash(Password); string name = string.IsNullOrEmpty(server.Account.AccountInfo.Name) ? "user" : server.Account.AccountInfo.Name; EmailManager emailManager = EmailManager.Create(Subject.ChangePassword, server.Account.AccountInfo.Email, name, server.Account.AuthenticationCode); bool success = emailManager.Send(); if (!success) { ApiError.Throw(ApiErrorCode.InternalServerError, server, "Failed to send confirmation email."); return; } GenericSuccessResponse apiResponse = new GenericSuccessResponse(ResponseId.PasswordChange, true); SerializedApiResponse serializedApiResponse = SerializedApiResponse.Create(apiResponse); string json = serializedApiResponse.Serialize(); server.Send(json); server.UnitTesting.MethodSuccess = true; }
public override void Process(ApiServer server) { if (server.AssertServerSetup(this) || server.AssertIdSet() || server.AssertUserOnline()) { return; } using DatabaseManager databaseManager = new DatabaseManager(server); if (databaseManager.AssertHasPermission(Permission.CREATE_EVENT) || databaseManager.AssertEventExists(EventId)) { return; } string query = "DELETE FROM Tbl_event WHERE hid = \'" + DatabaseEssentials.Security.Sanitize(EventId) + "\';"; SqlApiRequest sqlRequest = SqlApiRequest.Create(SqlRequestId.ModifyData, query, -1); SqlModifyDataResponse modifyDataResponse = databaseManager.AwaitModifyDataResponse(sqlRequest, out bool success); if (!success) { return; } if (!modifyDataResponse.Success) { ApiError.Throw(ApiErrorCode.InternalServerError, server, "Unable to delete the requested event."); return; } GenericSuccessResponse response = new GenericSuccessResponse(ResponseId.DeleteEventA, true); SerializedApiResponse serializedApiResponse = SerializedApiResponse.Create(response); string json = serializedApiResponse.Serialize(); server.Send(json); server.UnitTesting.MethodSuccess = true; }
public override void Process(ApiServer server) { if (server.AssertServerSetup(this) || server.AssertIdSet() || server.AssertUserOnline() || server.AssertEventInfoNotNull(EventInfo)) { return; } using DatabaseManager databaseManager = new DatabaseManager(server); if (databaseManager.AssertEventExists(EventInfo.EventId) || databaseManager.AssertHasPermission(Permission.CREATE_EVENT)) { return; } string query = DatabaseEssentials.Security.SanitizeQuery(new string[] { "UPDATE Tbl_event SET userid = ", server.Account.Id, ", title = \'", EventInfo.Title, "\', expires = ", EventInfo.ExpirationDate.ToString(), ", date = \'", EventInfo.Date, "\', time = \'", EventInfo.Time, "\', location = \'", EventInfo.Location, "\', url = \'", EventInfo.Url, "\', image = \'", EventInfo.Image, "\', description = \'", EventInfo.Description, "\' WHERE hid = \'", EventInfo.EventId, "\';" }); SqlApiRequest sqlRequest = SqlApiRequest.Create(SqlRequestId.ModifyData, query, -1); SqlModifyDataResponse modifyDataResponse = databaseManager.AwaitModifyDataResponse(sqlRequest, out bool success); if (!success) { return; } if (!modifyDataResponse.Success) { ApiError.Throw(ApiErrorCode.InternalServerError, server, "Unable to update event."); return; } GenericSuccessResponse response = new GenericSuccessResponse(ResponseId.EditEventA, true); SerializedApiResponse serializedApiResponse = SerializedApiResponse.Create(response); string json = serializedApiResponse.Serialize(); server.Send(json); server.UnitTesting.MethodSuccess = true; }
public override void Process(ApiServer server) { if (server.AssertServerSetup(this) || server.AssertAuthenticationCodeInvalid(Code) || server.AssertUserOnline() || server.AssertPasswordSet() || server.AssertIdSet()) { return; } using DatabaseManager databaseManager = new DatabaseManager(server); // Check if security token is valid. string query = DatabaseEssentials.Security.SanitizeQuery(new string[] { "SELECT u.id FROM Tbl_cookies as c, Tbl_user as u WHERE c.value = \'", SecurityToken, "\' AND u.id = c.userid;" }); SqlApiRequest sqlRequest = SqlApiRequest.Create(SqlRequestId.GetSingleOrDefault, query, 2); SqlSingleOrDefaultResponse singleOrDefaultResponse = databaseManager.AwaitSingleOrDefaultResponse(sqlRequest, out bool success); if (!success) { return; } if (!singleOrDefaultResponse.Success || !singleOrDefaultResponse.Result.Equals(server.Account.Id)) { ApiError.Throw(ApiErrorCode.InvalidToken, server, "Security token was invalid."); return; } // Reset security token expiration timer.. int expirationDate = DatabaseEssentials.GetTimeStamp() + MainServer.Config.WamsrvSecurityConfig.SecurityTokenExpirationTime; query = DatabaseEssentials.Security.SanitizeQuery(new string[] { "UPDATE Tbl_cookies SET expires = \'", expirationDate.ToString(), "\' WHERE value = \'", SecurityToken, "\';" }); sqlRequest = SqlApiRequest.Create(SqlRequestId.ModifyData, query, -1); SqlModifyDataResponse modifyDataResponse = databaseManager.AwaitModifyDataResponse(sqlRequest, out success); if (!success) { return; } if (!modifyDataResponse.Success) { ApiError.Throw(ApiErrorCode.InternalServerError, server, "Unable to refresh security token."); return; } // Delete all other security tokens associated with the account. if (databaseManager.DeleteSecurityTokens(new string[] { SecurityToken })) { return; } // Update password. if (databaseManager.UpdatePassword()) { return; } server.Account.AuthenticationCode = string.Empty; server.Account.AuthenticationId = ApiRequestId.Invalid; server.Account.AuthenticationTime = -1; GenericSuccessResponse response = new GenericSuccessResponse(ResponseId.ConfirmAccount, true); SerializedApiResponse serializedApiResponse = SerializedApiResponse.Create(response); string json = serializedApiResponse.Serialize(); server.Send(json); server.UnitTesting.MethodSuccess = true; }
public override void Process(ApiServer server) { if (server.AssertServerSetup(this) || server.AssertAccountNull()) { return; } using DatabaseManager databaseManager = new DatabaseManager(server); string query = "SELECT isOnline, name, hid, id FROM Tbl_user WHERE email = \'" + DatabaseEssentials.Security.Sanitize(Email) + "\';"; SqlApiRequest sqlRequest = SqlApiRequest.Create(SqlRequestId.GetDataArray, query, 4); SqlDataArrayResponse dataArrayResponse = databaseManager.AwaitDataArrayResponse(sqlRequest, out bool success); if (!success) { return; } string[] data = dataArrayResponse.Result; if (!dataArrayResponse.Success || data.Length != sqlRequest.ExpectedColumns) { ApiError.Throw(ApiErrorCode.InvalidUser, server, "No account is associated with this email address."); return; } string isOnline = data[0]; string encryptedName = data[1]; string userid = data[2]; server.Account = new Account(null, false, data[3]); if (!isOnline.Equals("0")) { ApiError.Throw(ApiErrorCode.AlreadyOnline, server, "Already logged in from another device."); return; } AesContext aesContext = new AesContext(userid); string name = aesContext.DecryptOrDefault(encryptedName); server.Account = new Account { AuthenticationCode = SecurityManager.GenerateSecurityCode(), AuthenticationId = ApiRequestId.ConfirmPasswordReset, AuthenticationTime = DatabaseEssentials.GetTimeStamp() }; EmailManager emailManager = EmailManager.Create(Subject.ResetPassword, Email, string.IsNullOrEmpty(name) ? "user" : name, server.Account.AuthenticationCode); emailManager.Send(); GenericSuccessResponse response = new GenericSuccessResponse(ResponseId.PasswordReset, true); SerializedApiResponse serializedApiResponse = SerializedApiResponse.Create(response); string json = serializedApiResponse.Serialize(); server.Send(json); server.UnitTesting.MethodSuccess = true; }
public override void Process(ApiServer server) { if (server.AssertServerSetup(this) || server.AssertAccountNull()) { return; } if (!EmailEssentials.IsValid(Email)) { ApiError.Throw(ApiErrorCode.InvalidEmailAddress, server, "Email address is invalid."); return; } bool success; using (DatabaseManager databaseManager = new DatabaseManager(server)) { if (!databaseManager.CheckEmailAvailable(Email, out success)) { if (!success) { return; } ApiError.Throw(ApiErrorCode.InvalidEmailAddress, server, "Email address already in use."); return; } } string passwordHash = SecurityManager.ScryptHash(Password); server.Account = new Account(new AccountInfo(null, null, null, null, null, null, null, null, null, null, null, null, null, 50, null, Email, true, true), false, string.Empty) { Password = passwordHash, AuthenticationCode = SecurityManager.GenerateSecurityCode(), AuthenticationId = ApiRequestId.ConfirmAccount, AuthenticationTime = DatabaseEssentials.GetTimeStamp() }; EmailManager emailManager = EmailManager.Create(Subject.CreateAccount, Email, "new user", server.Account.AuthenticationCode); success = emailManager.Send(); if (!success) { ApiError.Throw(ApiErrorCode.InternalServerError, server, "Failed to send confirmation email."); return; } GenericSuccessResponse apiResponse = new GenericSuccessResponse(ResponseId.CreateAccount, true); SerializedApiResponse serializedApiResponse = SerializedApiResponse.Create(apiResponse); string json = serializedApiResponse.Serialize(); server.Send(json); server.UnitTesting.MethodSuccess = true; }
public override void Process(ApiServer server) { if (server.AssertServerSetup(this) || server.AssertAuthenticationCodeInvalid(Code) || server.AssertUserOffline() || server.AssertIdSet()) { return; } server.Account.Password = SecurityManager.ScryptHash(Password); using DatabaseManager databaseManager = new DatabaseManager(server); if (databaseManager.UpdatePassword() || databaseManager.DeleteSecurityTokens(Array.Empty <string>())) { return; } GenericSuccessResponse response = new GenericSuccessResponse(ResponseId.ConfirmPasswordReset, true); SerializedApiResponse serializedApiResponse = SerializedApiResponse.Create(response); string json = serializedApiResponse.Serialize(); server.Send(json); server.Account = null; server.UnitTesting.MethodSuccess = true; }
public override void Process(ApiServer server) { if (server.AssertServerSetup(this) || AccountInfo == null) { ApiError.Throw(ApiErrorCode.InvalidArgument, server, "AccountInfo was null."); return; } if (server.AssertUserOnline() || server.AssertIdSet() || server.AssertAccountInfoNotNull()) { return; } using DatabaseManager databaseManager = new DatabaseManager(server); string query; bool success; if (string.IsNullOrEmpty(server.Account.AccountInfo.UserId)) { query = "SELECT hid FROM Tbl_user WHERE id = " + DatabaseEssentials.Security.Sanitize(server.Account.Id); SqlApiRequest sqlRequest = SqlApiRequest.Create(SqlRequestId.GetSingleOrDefault, query, 1); SqlSingleOrDefaultResponse singleOrDefaultResponse = databaseManager.AwaitSingleOrDefaultResponse(sqlRequest, out success); if (!success) { return; } if (!singleOrDefaultResponse.Success) { ApiError.Throw(ApiErrorCode.InternalServerError, server, "Unable to determine userid."); return; } server.Account.AccountInfo.UserId = singleOrDefaultResponse.Result; } AesContext aesContext = new AesContext(server.Account.AccountInfo.UserId); string cryptoName = aesContext.EncryptOrDefault(AccountInfo.Name); string cryptoOccupation = aesContext.EncryptOrDefault(AccountInfo.Occupation); StringBuilder stringBuilder = new StringBuilder(); string[] infos = new string[] { AccountInfo.Info1, AccountInfo.Info2, AccountInfo.Info3, AccountInfo.Info4, AccountInfo.Info5, AccountInfo.Info6, AccountInfo.Info7, AccountInfo.Info8, AccountInfo.Info9, AccountInfo.Info10 }; for (int i = 0; i < infos.Length; i++) { stringBuilder.Append(", info").Append((i + 1).ToString()).Append(" = \'").Append(aesContext.EncryptOrDefault(infos[i])).Append('\''); } query = "UPDATE Tbl_user SET name = \'" + cryptoName + "\', occupation = \'" + cryptoOccupation + "\'" + stringBuilder.ToString() + ", location = \'" + DatabaseEssentials.Security.Sanitize(AccountInfo.Location) + "\', radius = " + AccountInfo.Radius.ToString() + ", isVisible = " + (AccountInfo.IsVisible ? "1" : "0") + ", showLog = " + (AccountInfo.ShowLog ? "1" : "0") + " WHERE id = " + DatabaseEssentials.Security.Sanitize(server.Account.Id) + ";"; SqlApiRequest sqlApiRequest = SqlApiRequest.Create(SqlRequestId.ModifyData, query, -1); SqlModifyDataResponse modifyDataResponse = databaseManager.AwaitModifyDataResponse(sqlApiRequest, out success); if (!success) { return; } if (!modifyDataResponse.Success) { ApiError.Throw(ApiErrorCode.InternalServerError, server, "Unable to update account info."); return; } GenericSuccessResponse successResponse = new GenericSuccessResponse(ResponseId.UpdateAccountInfo, true); SerializedApiResponse serializedApiResponse = SerializedApiResponse.Create(successResponse); string json = serializedApiResponse.Serialize(); server.Send(json); server.UnitTesting.MethodSuccess = true; }
public override void Process(ApiServer server) { if (server.AssertServerSetup(this) || server.AssertUserOnline()) { return; } using DatabaseManager databaseManager = new DatabaseManager(server); if (databaseManager.AssertHasPermission(Permission.ADJUST_PRIVILEGES)) { return; } bool userExists = databaseManager.CheckUserExists(TargetUserId, out bool success); if (!success) { return; } if (!userExists) { ApiError.Throw(ApiErrorCode.NotFound, server, "User not found."); return; } bool targetIsRoot = databaseManager.UserIsRoot(TargetUserId, out success); if (!success) { return; } if (targetIsRoot) { ApiError.Throw(ApiErrorCode.InsufficientPermissions, server, "Cannot adjust permissions of root: is fixed to " + Permission.ALL_ACCESS.ToString()); return; } Permission currentPermissions = databaseManager.GetUserPermission(TargetUserId, out success); if (!success) { return; } if (currentPermissions != Permissions) { string targetId = databaseManager.UserIdToId(TargetUserId, out success); if (!success) { return; } string query; if (Permissions == Permission.NONE) { query = "DELETE FROM Tbl_admin WHERE userid = " + targetId + ";"; } else if (currentPermissions == Permission.NONE) { query = "INSERT INTO Tbl_admin (userid, permissions) VALUES (" + targetId + ", " + ((int)Permissions).ToString() + ");"; } else { query = "UPDATE Tbl_admin SET permissions = " + ((int)Permissions).ToString() + " WHERE userid = " + targetId + ";"; } SqlApiRequest sqlRequest = SqlApiRequest.Create(SqlRequestId.ModifyData, query, -1); SqlModifyDataResponse modifyDataResponse = databaseManager.AwaitModifyDataResponse(sqlRequest, out success); if (!success) { return; } } GenericSuccessResponse response = new GenericSuccessResponse(ResponseId.ChangeUserPermissionsA, true); SerializedApiResponse serializedApiResponse = SerializedApiResponse.Create(response); string json = serializedApiResponse.Serialize(); server.Send(json); server.UnitTesting.MethodSuccess = true; return; }