public static AuthSession Create(Account account)
{
AuthSession sess = new AuthSession() {
AccountID = account.AccountID,
SessionCode = Tools.GenerateHash(16),
LastRefresh = DateTime.Now,
Rank = account.Rank
};
if (stSessions.ContainsKey(account.AccountID))
stSessions[account.AccountID] = sess;
else
stSessions.Add(account.AccountID, sess);
return sess;
}
public void DeleteTest()
{
Account acc = new Account()
{
Username = "******",
Email = "*****@*****.**",
PasswordHash = "0123456789abcdef0123456789abcdef".ToCharArray(),
Rank = Rank.Verified
};
DatabaseManager.Insert( acc );
acc = DatabaseManager.SelectFirst<Account>( x => x.Username == acc.Username );
DatabaseManager.Delete<Account>( x => x.Username == acc.Username );
acc = DatabaseManager.SelectFirst<Account>( x => x.Username == acc.Username );
Assert.IsNull( acc, "Entity not deleted" );
}
public static void Remove(Account account)
{
Remove(account.AccountID);
}
public static AuthSession Get(Account account)
{
return Get(account.AccountID);
}
public bool HasBlocked(Account account)
{
return Player.GetPlayer(account).MessageSettings == MessageSettings.BlockAll ||
DatabaseManager.SelectFirst<BlockedUser>(x => x.BlockerID == AccountID &&
x.BlockedID == account.AccountID) != null;
}
public static Responses.ErrorResponse AttemptRegister(String uname, String email, String phash)
{
if (uname == null || uname.Length == 0)
return new Responses.ErrorResponse("no username given");
if (!Account.IsUsernameValid(uname))
return new Responses.ErrorResponse("invalid username");
if (phash == null || phash.Length == 0)
return new Responses.ErrorResponse("no password hash given");
phash = phash.ToLower();
if (!Account.IsPasswordHashValid(phash))
return new Responses.ErrorResponse("invalid password hash");
if (email == null || email.Length == 0)
return new Responses.ErrorResponse("no email address given");
email = email.ToLower();
if (!Account.IsEmailValid(email))
return new Responses.ErrorResponse("invalid email address");
List<Account> clashes = DatabaseManager.Select<Account>(x => x.Username == uname || x.Email == email);
if (clashes.Count > 0) {
if (clashes[0].Username == uname)
return new Responses.ErrorResponse("username already in use");
else
return new Responses.ErrorResponse("email already in use");
}
Account account = new Account() {
Username = uname,
PasswordHash = phash.ToCharArray(),
Email = email,
Rank = Rank.Unverified,
RegistrationDate = DateTime.Now,
AvatarID = 2130837506
};
DatabaseManager.Insert(account);
account = DatabaseManager.Select<Account>(x => x.Email == email)[0];
DatabaseManager.Insert(new Event(EventType.Register, account.AccountID));
EmailValidationCode.Create(EmailValidationType.Activate, account).SendEmail(account);
return null;
}
public static Responses.ErrorResponse AttemptGet(EmailValidationType type,
String email, String code, out EmailValidationCode valid, out Account account)
{
valid = null;
account = null;
if (email == null || email.Length == 0)
return new Responses.ErrorResponse("no email address given");
if (!Account.IsEmailValid(email))
return new Responses.ErrorResponse("invalid email address");
if (code == null || code.Length == 0)
return new Responses.ErrorResponse("no validation code given");
if (!Account.IsPasswordHashValid(code))
return new Responses.ErrorResponse("invalid validation code");
account = DatabaseManager.SelectFirst<Account>(x => x.Email == email);
if (account == null)
return new Responses.ErrorResponse("invalid email address");
valid = EmailValidationCode.Get(type, account);
if (valid == null || !code.EqualsCharArray(valid.Code)) {
valid = null;
return new Responses.ErrorResponse("invalid validation code");
}
if (valid.IsExpired) {
valid = null;
return new Responses.ErrorResponse("expired validation code");
}
return null;
}
public bool CheckAuth(NameValueCollection args, out Account account,
out Responses.ErrorResponse error, bool acceptSession = true, bool onlyValidated = true)
{
error = new Responses.ErrorResponse("auth error");
account = null;
String sessionCode = args["session"];
String passwordHash = args["phash"];
String username = null;
int userid = -1;
if (args["uname"] != null) {
username = args["uname"];
if (username.Length == 0) {
error = new Responses.ErrorResponse("auth error: no username given");
return false;
}
if (!Account.IsUsernameValid(username)) {
error = new Responses.ErrorResponse("auth error: invalid credentials");
return false;
}
} else if (args["uid"] != null) {
if (!Int32.TryParse(args["uid"], out userid)) {
error = new Responses.ErrorResponse("auth error: invalid userid");
return false;
}
} else {
error = new Responses.ErrorResponse("auth error: no username or user id given");
return false;
}
if (acceptSession && sessionCode != null && sessionCode.Length > 0) {
if (!AuthSession.IsCodeValid(sessionCode)) {
error = new Responses.ErrorResponse("auth error: invalid session code");
return false;
}
} else if (passwordHash != null && passwordHash.Length > 0) {
if (!Account.IsPasswordHashValid(passwordHash)) {
error = new Responses.ErrorResponse("auth error: invalid credentials");
return false;
}
} else {
if (acceptSession)
error = new Responses.ErrorResponse("auth error: no password or session code given");
else
error = new Responses.ErrorResponse("auth error: no password given");
return false;
}
if (username != null) {
account = DatabaseManager.SelectFirst<Account>(x => x.Username == username);
} else {
account = DatabaseManager.SelectFirst<Account>(x => x.AccountID == userid);
}
if (account == null) {
error = new Responses.ErrorResponse("auth error: incorrect credentials");
return false;
}
if (passwordHash != null && passwordHash.Length != 0) {
if (!passwordHash.EqualsCharArray(account.PasswordHash)) {
error = new Responses.ErrorResponse("auth error: incorrect credentials");
return false;
}
} else {
AuthSession sess = AuthSession.Get(account);
if (sess == null || !sessionCode.EqualsCharArray(sess.SessionCode)) {
error = new Responses.ErrorResponse("auth error: incorrect session code");
return false;
}
if (sess.IsExpired) {
error = new Responses.ErrorResponse("auth error: session expired");
return false;
}
sess.Refresh();
}
if (onlyValidated && account.Rank < Rank.Verified) {
error = new Responses.ErrorResponse("auth error: account not activated");
return false;
}
return true;
}
public void SendEmail(Account account)
{
var link = string.Format("{0}{1}?email={2}&code={3}",
Program.ServerAddress, Type.ToString().ToLower(), account.Email, new String(Code));
var subject = string.Empty;
var message = string.Empty;
switch (Type) {
case EmailValidationType.Activate:
subject = "Foritude account activation";
message = "To finish the registration process just click this link: {0}\n\nHave fun!";
break;
case EmailValidationType.ResetPassword:
subject = "Foritude password reset";
message = "To finish the password reset process just click this link: {0}\n\nHave fun!";
break;
case EmailValidationType.Remove:
subject = "Fortitude account removal";
message = "To finish the account removal process just click this link: {0}\n\nSorry to see you go!";
break;
}
message = String.Format(message, link);
EmailManager.Send(account.Email, subject, String.Format("Hey {0},\n{1}", account.Username, message ));
}
public static void Remove(EmailValidationType type, Account account)
{
Remove(type, account.AccountID);
}
public static EmailValidationCode Get(EmailValidationType type, Account account)
{
if (stCodes[type].ContainsKey(account.AccountID)) {
EmailValidationCode code = stCodes[type][account.AccountID];
if (!code.IsExpired)
return code;
stCodes[type].Remove(account.AccountID);
}
return null;
}
public static EmailValidationCode Create(EmailValidationType type, Account account)
{
if (type == EmailValidationType.Activate && account.IsVerified)
return null;
EmailValidationCode code = new EmailValidationCode() {
Type = type,
AccountID = account.AccountID,
Code = Tools.GenerateHash(),
SentDate = DateTime.Now
};
if (stCodes[type].ContainsKey(account.AccountID))
stCodes[type][account.AccountID] = code;
else
stCodes[type].Add(account.AccountID, code);
return code;
}
public static Player GetPlayer(Account acc)
{
return GetPlayer(acc.AccountID);
}
