public override void Process(ApiServer server)
{
if (server.AssertServerSetup(this) || server.AssertAccountNull())
{
return;
}
using DatabaseManager databaseManager = new DatabaseManager(server);
string query = "SELECT isOnline, name, hid, id FROM Tbl_user WHERE email = \'" + DatabaseEssentials.Security.Sanitize(Email) + "\';";
SqlApiRequest sqlRequest = SqlApiRequest.Create(SqlRequestId.GetDataArray, query, 4);
SqlDataArrayResponse dataArrayResponse = databaseManager.AwaitDataArrayResponse(sqlRequest, out bool success);
if (!success)
{
return;
}
string[] data = dataArrayResponse.Result;
if (!dataArrayResponse.Success || data.Length != sqlRequest.ExpectedColumns)
{
ApiError.Throw(ApiErrorCode.InvalidUser, server, "No account is associated with this email address.");
return;
}
string isOnline = data[0];
string encryptedName = data[1];
string userid = data[2];
server.Account = new Account(null, false, data[3]);
if (!isOnline.Equals("0"))
{
ApiError.Throw(ApiErrorCode.AlreadyOnline, server, "Already logged in from another device.");
return;
}
AesContext aesContext = new AesContext(userid);
string name = aesContext.DecryptOrDefault(encryptedName);
server.Account = new Account
{
AuthenticationCode = SecurityManager.GenerateSecurityCode(),
AuthenticationId = ApiRequestId.ConfirmPasswordReset,
AuthenticationTime = DatabaseEssentials.GetTimeStamp()
};
EmailManager emailManager = EmailManager.Create(Subject.ResetPassword, Email, string.IsNullOrEmpty(name) ? "user" : name, server.Account.AuthenticationCode);
emailManager.Send();
GenericSuccessResponse response = new GenericSuccessResponse(ResponseId.PasswordReset, true);
SerializedApiResponse serializedApiResponse = SerializedApiResponse.Create(response);
string json = serializedApiResponse.Serialize();
server.Send(json);
server.UnitTesting.MethodSuccess = true;
}
public override void Process(ApiServer server)
{
if (server.AssertServerSetup(this) || server.AssertAccountNull())
{
return;
}
if (!EmailEssentials.IsValid(Email))
{
ApiError.Throw(ApiErrorCode.InvalidEmailAddress, server, "Email address is invalid.");
return;
}
bool success;
using (DatabaseManager databaseManager = new DatabaseManager(server))
{
if (!databaseManager.CheckEmailAvailable(Email, out success))
{
if (!success)
{
return;
}
ApiError.Throw(ApiErrorCode.InvalidEmailAddress, server, "Email address already in use.");
return;
}
}
string passwordHash = SecurityManager.ScryptHash(Password);
server.Account = new Account(new AccountInfo(null, null, null, null, null, null, null, null, null, null, null, null, null, 50, null, Email, true, true), false, string.Empty)
{
Password = passwordHash,
AuthenticationCode = SecurityManager.GenerateSecurityCode(),
AuthenticationId = ApiRequestId.ConfirmAccount,
AuthenticationTime = DatabaseEssentials.GetTimeStamp()
};
EmailManager emailManager = EmailManager.Create(Subject.CreateAccount, Email, "new user", server.Account.AuthenticationCode);
success = emailManager.Send();
if (!success)
{
ApiError.Throw(ApiErrorCode.InternalServerError, server, "Failed to send confirmation email.");
return;
}
GenericSuccessResponse apiResponse = new GenericSuccessResponse(ResponseId.CreateAccount, true);
SerializedApiResponse serializedApiResponse = SerializedApiResponse.Create(apiResponse);
string json = serializedApiResponse.Serialize();
server.Send(json);
server.UnitTesting.MethodSuccess = true;
}
public override void Process(ApiServer server)
{
if (server.AssertServerSetup(this) || server.AssertAccountNull())
{
server.UnitTesting.MethodSuccess = false;
return;
}
using DatabaseManager databaseManager = new DatabaseManager(server);
string query = DatabaseEssentials.Security.SanitizeQuery(new string[] { "SELECT id, password, isOnline FROM Tbl_user WHERE email = \'", Email, "\' LIMIT 1;" });
SqlApiRequest apiRequest = SqlApiRequest.Create(SqlRequestId.GetDataArray, query, 3);
SqlDataArrayResponse dataArrayResponse = databaseManager.AwaitDataArrayResponse(apiRequest, out bool success);
string[] data = dataArrayResponse.Result;
if (!success)
{
return;
}
if (!dataArrayResponse.Success || data.Length != 3)
{
ApiError.Throw(ApiErrorCode.InvalidUser, server, "No account is associated with this email address.");
return;
}
string id = data[0];
string hash = data[1];
if (Convert.ToInt32(data[2]) == 1)
{
ApiError.Throw(ApiErrorCode.AlreadyOnline, server, "Already logged in from another device.");
return;
}
bool authenticationSuccessful = SecurityManager.ScryptCheck(Password, hash);
if (!authenticationSuccessful)
{
ApiError.Throw(ApiErrorCode.InvalidCredentials, server, "Incorrect password.");
return;
}
string securityToken = SecurityManager.GenerateSecurityToken();
// Token should expire every month.
int expirationDate = DatabaseEssentials.GetTimeStamp() + MainServer.Config.WamsrvSecurityConfig.SecurityTokenExpirationTime;
query = DatabaseEssentials.Security.SanitizeQuery(new string[] { "INSERT INTO Tbl_cookies (userid, value, expires, info) VALUES (", id, ",\'", securityToken, "\',", expirationDate.ToString(), ",\'", Info, "\');" });
apiRequest = SqlApiRequest.Create(SqlRequestId.ModifyData, query, -1);
SqlModifyDataResponse modifyDataResponse = databaseManager.AwaitModifyDataResponse(apiRequest, out success);
if (!success)
{
return;
}
if (!modifyDataResponse.Success)
{
ApiError.Throw(ApiErrorCode.InternalServerError, server, "Unable to generate security token.");
return;
}
if (!databaseManager.SetupAccount(id))
{
return;
}
Permission permissions = databaseManager.GetUserPermission(server.Account.AccountInfo.UserId, out success);
if (!success)
{
return;
}
CreateCookieResponse apiResponse = new CreateCookieResponse(ResponseId.CreateCookie, securityToken, permissions);
SerializedApiResponse serializedApiResponse = SerializedApiResponse.Create(apiResponse);
string json = serializedApiResponse.Serialize();
server.Send(json);
server.UnitTesting.MethodSuccess = true;
}