public string SignIn(string userid, string password)
{
userid = userid.SqlSanitize();
password = password.SqlSanitize();
if (CurrentUser != null)
{
return("");
}
User u = new User();
if (!u.Load(userid))
{
return("");
}
if (u.KeyCode.Length > 0)
{
return("");
}
if (u.LogIn(password))
{
return(SecureToken.CreateToken(u.UserID));
}
return("");
}
public Login SetPassword(string value, string sessionId)
{
if (!string.IsNullOrEmpty(value))
{
if (!value.StartsWith("pw:"))
{
_password = value;
}
else
{
try
{
var data = Convert.FromBase64String(value.Substring(3));
using (var enc = new Encryption(sessionId))
using (var output = new MemoryStream(data))
using (var cryptStream = new CryptoStream(output, enc.CreateDecryptor(), CryptoStreamMode.Read))
{
_password = new SecureToken(cryptStream);
}
}
catch (FormatException)
{
_password = value;
}
}
}
return(this);
}
public void EncodesAndDecodeSecureToken()
{
SecureToken fpt = SecureToken.Create();
string urlEncodedToken = fpt.UrlEncodedValue;
byte[] decodedToken = SecureToken.Decode(urlEncodedToken);
for (int i = 0; i < fpt.Value.Length; i++)
{
Assert.IsTrue(fpt.Value[i] == decodedToken[i]);
}
}
public override NetOutgoingMessage ToNetBuffer(ref NetOutgoingMessage netOutgoingMessage)
{
base.ToNetBuffer(ref netOutgoingMessage);
// Get byte data
var guid = SecureToken.ToString();
netOutgoingMessage.Write(guid);
netOutgoingMessage.Write(RemoteEndpoint);
netOutgoingMessage.Write(SessionID);
return(netOutgoingMessage);
}
public async Task <ActionResult <SecureToken> > PostUser(User user)
{
_logger.LogInformation("Reached Post User");
if (user.Username.Length > 50)
{
return(BadRequest());
}
// prevents duplicate usernames.
if (UsernameExists(user.Username))
{
return(StatusCode(303));
}
var pw = user.PasswordHash;
// generate a 128-bit salt using a secure PRNG
byte[] salt = new byte[128 / 8];
using (var rng = RandomNumberGenerator.Create())
{
rng.GetBytes(salt);
}
user.Salt = salt;
// derive a 256-bit subkey (use HMACSHA1 with 10,000 iterations)
string hashed = Convert.ToBase64String(KeyDerivation.Pbkdf2(
password: pw,
salt: salt,
prf: KeyDerivationPrf.HMACSHA1,
iterationCount: 10000,
numBytesRequested: 256 / 8));
user.PasswordHash = hashed;
user.CreatedAt = DateTime.Now;
SecureToken token = new SecureToken(user.Id);
user.IdToken = token.IdToken;
user.TokenExpiresIn = token.ExpiresIn;
user.LastAuthed = token.LastAuthed;
try
{
_context.Users.Add(user);
await _context.SaveChangesAsync();
} catch (DbUpdateException)
{
ModelState.AddModelError("", "Unable to save changes. Try again and see if the problem persists");
return(StatusCode(StatusCodes.Status500InternalServerError));
}
token.UserId = user.Id;
return(CreatedAtAction("GetUser", "Users", new { id = user.Id }, token));
}
public async Task <ActionResult <SecureToken> > LoginUser(User user)
{
_logger.LogInformation("Reached Login Point");
var pw = user.PasswordHash;
if (!UsernameExists(user.Username))
{
return(StatusCode(303));
}
var logging_in_user = await _context.Users.Where(e => e.Username == user.Username).FirstAsync();
var salt = logging_in_user.Salt;
string hashed = Convert.ToBase64String(KeyDerivation.Pbkdf2(
password: pw,
salt: salt,
prf: KeyDerivationPrf.HMACSHA1,
iterationCount: 10000,
numBytesRequested: 256 / 8));
if (hashed != logging_in_user.PasswordHash)
{
return(Unauthorized());
}
// need to create a new id token and put it in the DB. Then return it.
SecureToken token_new = new SecureToken(logging_in_user.Id);
try
{
logging_in_user.LastAuthed = token_new.LastAuthed;
logging_in_user.IdToken = token_new.IdToken;
logging_in_user.TokenExpiresIn = token_new.ExpiresIn;
await _context.SaveChangesAsync();
} catch (DbUpdateException)
{
ModelState.AddModelError("", "Could not update user when logging in");
return(StatusCode(StatusCodes.Status500InternalServerError));
}
return(CreatedAtAction("GetUser", "Users", new { id = logging_in_user.Id }, token_new));
}
public async Task <ActionResult <SecureToken> > AutoLoginUser(SecureToken storedToken)
{
var token = await _context.Users.FindAsync(storedToken.UserId);
if (token == null)
{
return(BadRequest());
}
// incorrect GUID.
if (token.IdToken != storedToken.IdToken)
{
return(Unauthorized());
}
TimeSpan exp = new TimeSpan(0, token.TokenExpiresIn, 0);
// expired.
if (token.LastAuthed.Add(exp) < DateTime.Now)
{
return(BadRequest());
}
return(NoContent());
}
public User FindByEmailVerificationToken(string urlEncodedToken)
{
byte[] token = SecureToken.Decode(urlEncodedToken);
return(InternalFindByEmailVerificationToken(token));
}
public User FindByForgottenPasswordAssistanceToken(string urlEncodedToken)
{
byte[] token = SecureToken.Decode(urlEncodedToken);
return(InternalFindByForgottenPasswordAssistanceToken(token));
}
public Login SetPassword(string value, string sessionId)
{
if (!string.IsNullOrEmpty(value))
{
if (!value.StartsWith("pw:"))
{
_password = value;
}
else
{
try
{
var data = Convert.FromBase64String(value.Substring(3));
using (var enc = new Encryption(sessionId))
using (var output = new MemoryStream(data))
using (var cryptStream = new CryptoStream(output, enc.CreateDecryptor(), CryptoStreamMode.Read))
{
_password = new SecureToken(cryptStream);
}
}
catch (FormatException)
{
_password = value;
}
}
}
return this;
}
public ExplicitCredentials(string database, string username, SecureToken password)
{
_database = database;
_username = username;
_password = password;
}
public override void OnPacket(Packet packet)
{
if (packet.Intent != Intent.JoinGame)
{
return;
}
JoinGamePayload joinGame = packet.GetPayload <JoinGamePayload>();
// Check game exists
if (!Connection.Server.Games.ContainsKey(joinGame.GameId))
{
throw new CityAndSeekException("Game doesn't exist!");
}
ServerGame game = Connection.Server.Games[joinGame.GameId];
// Check password (not case sensitive)
if (!joinGame.GamePassword.Equals(game.Password, StringComparison.OrdinalIgnoreCase))
{
throw new CityAndSeekException("Incorrect password!");
}
// Check game state
if (game.GameState != GameState.Setup)
{
string message = "Game cannot accept new players right now.";
switch (game.GameState)
{
case GameState.Starting:
case GameState.Running:
case GameState.Paused:
message = "Game is already running.";
break;
case GameState.Ended:
message = "Game has already ended.";
break;
}
throw new CityAndSeekException(message);
}
int newId = game.Players.Count;
var player = new ServerPlayer
{
Id = newId,
Name = joinGame.Username,
Token = SecureToken.Generate(),
Game = game,
Connection = Connection
};
// Associate player with this connection
Connection.Player = player;
// Add player to the game
game.AddPlayer(player);
// Send welcome
var welcome = new WelcomePayload(game, player, player.Token);
Connection.SendPacket(new Packet(Intent.Welcome, welcome, packet.Id));
}
public void LoginToken(string database, string username, SecureToken token)
{
_httpPassword = token.UseString<string>((ref string p) => new string(p.ToCharArray()));
Login(new ExplicitCredentials(database, username, null), false);
}
