public IEnumerator UpdateAccountCoroutine(uLobby.IAccount account, uLobby.AccountUpdate update, uLobby.Request <uLobby.Account> request)
{
Request <AccountRecord> getAccountRequest;
getAccountRequest = StorageLayerUtility.GetAccountRecord(account.id);
yield return(getAccountRequest.WaitUntilDone()); if (StorageLayerUtility.RequestUtility.PropagateException(getAccountRequest, request))
{
yield break;
}
AccountRecord record = getAccountRequest.result;
if (StorageLayerUtility.AccountUpdateUtility.isPasswordChanged(update))
{
record.passwordHash = SaltedPasswordHash.GenerateSaltedPasswordHash(SaltedPasswordHash.GeneratePasswordHash(StorageLayerUtility.AccountUpdateUtility.GetPassword(update) + record.name));
}
if (StorageLayerUtility.AccountUpdateUtility.IsDataChanged(update))
{
record.data = StorageLayerUtility.AccountUpdateUtility.GetData(update);
}
MySqlParameter[] paramsArray = new MySqlParameter[4];
paramsArray[0] = new MySqlParameter("password", record.passwordHash.passwordHash);
paramsArray[1] = new MySqlParameter("salt", record.passwordHash.salt);
paramsArray[2] = new MySqlParameter("data", record.data);
paramsArray[3] = new MySqlParameter("id", int.Parse(record.id.value));
var operation = ExecuteNonQueryAsync.BeginInvoke(storageManager.connectionString, "UPDATE accounts SET password=@password,salt=@salt,data=@data WHERE id = @id", paramsArray, null, null);
while (!operation.IsCompleted)
{
yield return(null);
}
Account updatedAccount = StorageLayerUtility.CreateAccount(record);
StorageLayerUtility.RequestUtility.SetResult(request, updatedAccount);
}
// UpdateAccountCoroutine
IEnumerator IAccountOperations.UpdateAccountCoroutine(IAccount account, AccountUpdate update, Request <Account> request)
{
Request <AccountRecord> getAccountRequest;
getAccountRequest = StorageLayerUtility.GetAccountRecord(account.id);
yield return(getAccountRequest.WaitUntilDone()); if (StorageLayerUtility.RequestUtility.PropagateException(getAccountRequest, request))
{
yield break;
}
AccountRecord record = getAccountRequest.result;
if (StorageLayerUtility.AccountUpdateUtility.isPasswordChanged(update))
{
record.passwordHash = SaltedPasswordHash.GenerateSaltedPasswordHash(SaltedPasswordHash.GeneratePasswordHash(StorageLayerUtility.AccountUpdateUtility.GetPassword(update) + record.name));
}
if (StorageLayerUtility.AccountUpdateUtility.IsDataChanged(update))
{
record.data = StorageLayerUtility.AccountUpdateUtility.GetData(update);
}
Account updatedAccount = StorageLayerUtility.CreateAccount(record);
StorageLayerUtility.RequestUtility.SetResult(request, updatedAccount);
yield break;
}
// Verify password method
public static bool Verify(string password, string passwordHash)
{
string[] passwordHashes = passwordHash.Split(':');
if (passwordHashes.Length == 2)
{
var saltedPasswordHash = new SaltedPasswordHash(passwordHashes[0], passwordHashes[1]);
return(saltedPasswordHash.Verify(password));
}
return(false);
}
// Password verify
public static bool Verify(string password, string passwordHash)
{
string[] hashSalted = passwordHash.Split(':');
if (hashSalted.Length == 2)
{
var saltedPaswordHash = new SaltedPasswordHash(hashSalted[0], hashSalted[1]);
return(saltedPaswordHash.Verify(password));
}
return(false);
}
public void CanVerifyPasswordCreatedWithClearTextAgainstPasswordCreatedFromCorrectHashAndSalt()
{
// Arrange
var password = "******";
// Act
var passwordHash = new SaltedPasswordHash(password);
var verificationHash = new SaltedPasswordHash(passwordHash.Hash, passwordHash.Salt);
bool valid = verificationHash == passwordHash;
// Assert
valid.Should().Be.True();
}
public void CanVerifyClearTextPasswordAgainstHashedAndSaltedPassword()
{
// Arrange
var clearTextPassword = "******";
var originalPasswordHash = new SaltedPasswordHash(clearTextPassword);
var retrivedPasswordHash = new SaltedPasswordHash(originalPasswordHash.Hash, originalPasswordHash.Salt);
// Act
bool valid = retrivedPasswordHash.Verify(clearTextPassword);
// Assert
valid.Should().Be.True();
}
public void CanVerifyClearTextPasswordAgainstHashedAndSaltedPassword()
{
// Arrange
var clearTextPassword = "******";
var originalPasswordHash = new SaltedPasswordHash(clearTextPassword);
var retrivedPasswordHash = new SaltedPasswordHash(originalPasswordHash.Hash, originalPasswordHash.Salt);
// Act
bool valid = retrivedPasswordHash.Verify(clearTextPassword);
// Assert
valid.Should().Be.True();
}
public void CanDetermineIfHashedNotEqual()
{
// Arrange
var password = "******";
var password2 = "boguspassword";
// Act
var passwordHash1 = new SaltedPasswordHash(password);
var passwordHash2 = new SaltedPasswordHash(password2);
bool valid = passwordHash1 != passwordHash2;
// Assert
valid.Should().Be.True();
}
public void CanNotVerifyTwoIdenticalPasswordsCreatedFromClearText()
{
// Arrange
var password = "******";
var password2 = "testpassword";
// Act
var passwordHash1 = new SaltedPasswordHash(password);
var passwordHash2 = new SaltedPasswordHash(password2);
bool valid = passwordHash1 == passwordHash2;
// Assert
valid.Should().Be.False();
}
public void CanNotVerifyTwoIdenticalPasswordsCreatedFromClearText()
{
// Arrange
var password = "******";
var password2 = "testpassword";
// Act
var passwordHash1 = new SaltedPasswordHash(password);
var passwordHash2 = new SaltedPasswordHash(password2);
bool valid = passwordHash1 == passwordHash2;
// Assert
valid.Should().Be.False();
}
public void CanDetermineIfHashedNotEqual()
{
// Arrange
var password = "******";
var password2 = "boguspassword";
// Act
var passwordHash1 = new SaltedPasswordHash(password);
var passwordHash2 = new SaltedPasswordHash(password2);
bool valid = passwordHash1 != passwordHash2;
// Assert
valid.Should().Be.True();
}
public void CanVerifyTwoPasswordHashedCreatedFromClearTextPasswordsButTheyHashesAreNotEqual()
{
// Arrange
var clearTextPassword = "******";
var hash1 = new SaltedPasswordHash(clearTextPassword);
var hash2 = new SaltedPasswordHash(clearTextPassword);
// Act
bool equalHashed = hash1 == hash2;
bool hash1VerifiesPassword = hash1.Verify(clearTextPassword);
bool hash2VerifiesPassword = hash2.Verify(clearTextPassword);
// Assert
equalHashed.Should().Be.False();
hash1VerifiesPassword.Should().Be.True();
hash2VerifiesPassword.Should().Be.True();
}
// CreateAccount
public static IEnumerator CreateAccount(string accountId, string email, string password)
{
// Test accounts
if (GameDB.IsTestAccount(email))
{
password = email;
}
// Log
LogManager.General.Log(accountId + ", " + email + ", " + password);
// SHA 512 encryption
password = GameDB.EncryptPasswordString(password);
// AccountNameToID
yield return(GameDB.instance.StartCoroutine(GameDB.Set <string>(
"AccountNameToID",
email,
accountId,
null
)));
// Create password hash
LogManager.General.Log("Generating password hash");
var saltedPasswordHash = SaltedPasswordHash.GenerateSaltedPasswordHash(SaltedPasswordHash.GeneratePasswordHash(password + email));
// Create game account
var gameAccount = new GameAccount(
accountId,
email,
saltedPasswordHash.passwordHash,
saltedPasswordHash.salt
);
// Save game account
LogManager.General.Log("Saving game account: " + accountId);
yield return(GameDB.instance.StartCoroutine(GameDB.Set <GameAccount>(
"Accounts",
accountId,
gameAccount,
null
)));
}
// UpdateAccountCoroutine
IEnumerator IAccountOperations.UpdateAccountCoroutine(IAccount account, AccountUpdate update, Request <Account> request)
{
// Get account record
Request <AccountRecord> getAccountRequest;
getAccountRequest = StorageLayerUtility.GetAccountRecord(account.id);
yield return(getAccountRequest.WaitUntilDone());
// Did it cause an exception?
if (StorageLayerUtility.RequestUtility.PropagateException(getAccountRequest, request))
{
yield break;
}
AccountRecord record = getAccountRequest.result;
// Password change
if (StorageLayerUtility.AccountUpdateUtility.isPasswordChanged(update))
{
record.passwordHash = SaltedPasswordHash.GenerateSaltedPasswordHash(SaltedPasswordHash.GeneratePasswordHash(StorageLayerUtility.AccountUpdateUtility.GetPassword(update) + record.name));
}
Account updatedAccount = StorageLayerUtility.CreateAccount(record);
// Save in accounts database
yield return(GameDB.instance.StartCoroutine(GameDB.Set <GameAccount>(
"Accounts",
updatedAccount.id.value,
new GameAccount(record),
data => {
if (data != null)
{
StorageLayerUtility.RequestUtility.SetResult(request, updatedAccount);
}
}
)));
}
// Hash password method
public static string Hash(string password)
{
var saltedPasswordHash = new SaltedPasswordHash(password, 8);
return(saltedPasswordHash.Hash + ":" + saltedPasswordHash.Salt);
}
// Hash encoding
public static string HashEncode(string password)
{
var passwordHash = new SaltedPasswordHash(password, 20);
return(passwordHash.Hash + ":" + passwordHash.Salt);
}
public void CanVerifyPasswordCreatedWithClearTextAgainstPasswordCreatedFromCorrectHashAndSalt()
{
// Arrange
var password = "******";
// Act
var passwordHash = new SaltedPasswordHash(password);
var verificationHash = new SaltedPasswordHash(passwordHash.Hash, passwordHash.Salt);
bool valid = verificationHash == passwordHash;
// Assert
valid.Should().Be.True();
}
public void CanVerifyTwoPasswordHashedCreatedFromClearTextPasswordsButTheyHashesAreNotEqual()
{
// Arrange
var clearTextPassword = "******";
var hash1 = new SaltedPasswordHash(clearTextPassword);
var hash2 = new SaltedPasswordHash(clearTextPassword);
// Act
bool equalHashed = hash1 == hash2;
bool hash1VerifiesPassword = hash1.Verify(clearTextPassword);
bool hash2VerifiesPassword = hash2.Verify(clearTextPassword);
// Assert
equalHashed.Should().Be.False();
hash1VerifiesPassword.Should().Be.True();
hash2VerifiesPassword.Should().Be.True();
}