/// <summary> /// Sends an email to a user with a token to reset their password. /// </summary> /// <param name="email"></param> /// <param name="username"></param> /// <param name="token"></param> /// <param name="confirmation_url"></param> /// <param name="expires"></param> /// <returns></returns> public bool SendPasswordResetMail(string email, string username, string token, string confirmation_url, uint expires) { ApiMail confirmMail = new ApiMail("MailPasswordReset"); confirmation_url = confirmation_url.Replace("%token%", token); confirmMail.AddString("token", token); confirmMail.AddString("expires", Epoch.HMSRemaining(expires)); confirmMail.AddString("confirmation_url", confirmation_url); return(confirmMail.Send(email, "Password Reset for " + username)); }
/// <summary> /// Sends an email to a a new user with a token to create their user. /// </summary> /// <param name="email"></param> /// <param name="token"></param> /// <param name="confirmation_url"></param> /// <param name="expires"></param> /// <returns></returns> public bool SendEmailConfirmationMail(string email, string token, string confirmation_url, uint expires) { ApiMail confirmMail = new ApiMail("MailRegistrationToken"); confirmation_url = confirmation_url.Replace("%token%", token); confirmMail.AddString("token", token); confirmMail.AddString("expires", Epoch.HMSRemaining(expires)); confirmMail.AddString("confirmation_url", confirmation_url); return(confirmMail.Send(email, "Verify your FreeSO account")); }
public IActionResult Get(string username, string password, string version, string clientid) { if (string.IsNullOrEmpty(username) || string.IsNullOrEmpty(password)) { return(ERROR_020()); } AuthTicket ticket = null; var api = Api.INSTANCE; using (var db = api.DAFactory.Get()) { var user = db.Users.GetByUsername(username); if (user == null) { return(ERROR_110()); } if (user.is_banned) { return(ERROR_150()); } if (api.Config.Maintainance && !(user.is_admin || user.is_moderator)) { return(ERROR_160()); } var ip = ApiUtils.GetIP(Request); var accLock = db.Users.GetRemainingAuth(user.user_id, ip); if (accLock != null && (accLock.active || accLock.count >= LockAttempts) && accLock.expire_time > Epoch.Now) { return(printError("INV-170", LOCK_MESSAGE + Epoch.HMSRemaining(accLock.expire_time))()); } var authSettings = db.Users.GetAuthenticationSettings(user.user_id); var isPasswordCorrect = PasswordHasher.Verify(password, new PasswordHash { data = authSettings.data, scheme = authSettings.scheme_class }); if (!isPasswordCorrect) { var failDelay = 60 * LockDuration[Math.Min(LockDuration.Length - 1, db.Users.FailedConsecutive(user.user_id, ip))]; if (accLock == null) { db.Users.NewFailedAuth(user.user_id, ip, (uint)failDelay); } else { var remaining = db.Users.FailedAuth(accLock.attempt_id, (uint)failDelay, LockAttempts); if (remaining == 0) { return(printError("INV-170", LOCK_MESSAGE + Epoch.HMSRemaining(Epoch.Now + (uint)failDelay))()); } } return(ERROR_110()); } var ban = db.Bans.GetByIP(ip); if (ban != null) { return(ERROR_110()); } db.Users.SuccessfulAuth(user.user_id, ip); db.Users.UpdateClientID(user.user_id, clientid ?? "0"); /** Make a ticket **/ ticket = new AuthTicket(); ticket.ticket_id = Guid.NewGuid().ToString().Replace("-", ""); ticket.user_id = user.user_id; ticket.date = Epoch.Now; ticket.ip = ip; db.AuthTickets.Create(ticket); db.Users.UpdateLastLogin(user.user_id, Epoch.Now); } var content = "Valid=TRUE\r\nTicket=" + ticket.ticket_id.ToString() + "\r\n"; return(ApiResponse.Plain(HttpStatusCode.OK, content)); }