public override void Process(ApiServer server) { if (server.AssertServerSetup(this) || server.AssertAccountNotNull() || server.AssertUserOnline() || server.AssertEmailSet()) { return; } if (!EmailEssentials.IsValid(server.Account.AccountInfo.Email)) { ApiError.Throw(ApiErrorCode.InvalidEmailAddress, server, "Email address is invalid."); return; } server.Account.AuthenticationCode = SecurityManager.GenerateSecurityCode(); server.Account.AuthenticationId = ApiRequestId.ConfirmPasswordChange; server.Account.AuthenticationTime = DatabaseEssentials.GetTimeStamp(); server.Account.Password = SecurityManager.ScryptHash(Password); string name = string.IsNullOrEmpty(server.Account.AccountInfo.Name) ? "user" : server.Account.AccountInfo.Name; EmailManager emailManager = EmailManager.Create(Subject.ChangePassword, server.Account.AccountInfo.Email, name, server.Account.AuthenticationCode); bool success = emailManager.Send(); if (!success) { ApiError.Throw(ApiErrorCode.InternalServerError, server, "Failed to send confirmation email."); return; } GenericSuccessResponse apiResponse = new GenericSuccessResponse(ResponseId.PasswordChange, true); SerializedApiResponse serializedApiResponse = SerializedApiResponse.Create(apiResponse); string json = serializedApiResponse.Serialize(); server.Send(json); server.UnitTesting.MethodSuccess = true; }
public override void Process(ApiServer server) { if (server.AssertServerSetup(this) || server.AssertAuthenticationCodeInvalid(Code) || server.AssertUserOnline() || server.AssertPasswordSet() || server.AssertIdSet()) { return; } using DatabaseManager databaseManager = new DatabaseManager(server); // Check if security token is valid. string query = DatabaseEssentials.Security.SanitizeQuery(new string[] { "SELECT u.id FROM Tbl_cookies as c, Tbl_user as u WHERE c.value = \'", SecurityToken, "\' AND u.id = c.userid;" }); SqlApiRequest sqlRequest = SqlApiRequest.Create(SqlRequestId.GetSingleOrDefault, query, 2); SqlSingleOrDefaultResponse singleOrDefaultResponse = databaseManager.AwaitSingleOrDefaultResponse(sqlRequest, out bool success); if (!success) { return; } if (!singleOrDefaultResponse.Success || !singleOrDefaultResponse.Result.Equals(server.Account.Id)) { ApiError.Throw(ApiErrorCode.InvalidToken, server, "Security token was invalid."); return; } // Reset security token expiration timer.. int expirationDate = DatabaseEssentials.GetTimeStamp() + MainServer.Config.WamsrvSecurityConfig.SecurityTokenExpirationTime; query = DatabaseEssentials.Security.SanitizeQuery(new string[] { "UPDATE Tbl_cookies SET expires = \'", expirationDate.ToString(), "\' WHERE value = \'", SecurityToken, "\';" }); sqlRequest = SqlApiRequest.Create(SqlRequestId.ModifyData, query, -1); SqlModifyDataResponse modifyDataResponse = databaseManager.AwaitModifyDataResponse(sqlRequest, out success); if (!success) { return; } if (!modifyDataResponse.Success) { ApiError.Throw(ApiErrorCode.InternalServerError, server, "Unable to refresh security token."); return; } // Delete all other security tokens associated with the account. if (databaseManager.DeleteSecurityTokens(new string[] { SecurityToken })) { return; } // Update password. if (databaseManager.UpdatePassword()) { return; } server.Account.AuthenticationCode = string.Empty; server.Account.AuthenticationId = ApiRequestId.Invalid; server.Account.AuthenticationTime = -1; GenericSuccessResponse response = new GenericSuccessResponse(ResponseId.ConfirmAccount, true); SerializedApiResponse serializedApiResponse = SerializedApiResponse.Create(response); string json = serializedApiResponse.Serialize(); server.Send(json); server.UnitTesting.MethodSuccess = true; }
public override void Process(ApiServer server) { if (server.AssertServerSetup(this) || server.AssertAccountNull()) { return; } using DatabaseManager databaseManager = new DatabaseManager(server); string query = "SELECT isOnline, name, hid, id FROM Tbl_user WHERE email = \'" + DatabaseEssentials.Security.Sanitize(Email) + "\';"; SqlApiRequest sqlRequest = SqlApiRequest.Create(SqlRequestId.GetDataArray, query, 4); SqlDataArrayResponse dataArrayResponse = databaseManager.AwaitDataArrayResponse(sqlRequest, out bool success); if (!success) { return; } string[] data = dataArrayResponse.Result; if (!dataArrayResponse.Success || data.Length != sqlRequest.ExpectedColumns) { ApiError.Throw(ApiErrorCode.InvalidUser, server, "No account is associated with this email address."); return; } string isOnline = data[0]; string encryptedName = data[1]; string userid = data[2]; server.Account = new Account(null, false, data[3]); if (!isOnline.Equals("0")) { ApiError.Throw(ApiErrorCode.AlreadyOnline, server, "Already logged in from another device."); return; } AesContext aesContext = new AesContext(userid); string name = aesContext.DecryptOrDefault(encryptedName); server.Account = new Account { AuthenticationCode = SecurityManager.GenerateSecurityCode(), AuthenticationId = ApiRequestId.ConfirmPasswordReset, AuthenticationTime = DatabaseEssentials.GetTimeStamp() }; EmailManager emailManager = EmailManager.Create(Subject.ResetPassword, Email, string.IsNullOrEmpty(name) ? "user" : name, server.Account.AuthenticationCode); emailManager.Send(); GenericSuccessResponse response = new GenericSuccessResponse(ResponseId.PasswordReset, true); SerializedApiResponse serializedApiResponse = SerializedApiResponse.Create(response); string json = serializedApiResponse.Serialize(); server.Send(json); server.UnitTesting.MethodSuccess = true; }
public override void Process(ApiServer server) { if (server.AssertServerSetup(this) || server.AssertAccountNull()) { return; } if (!EmailEssentials.IsValid(Email)) { ApiError.Throw(ApiErrorCode.InvalidEmailAddress, server, "Email address is invalid."); return; } bool success; using (DatabaseManager databaseManager = new DatabaseManager(server)) { if (!databaseManager.CheckEmailAvailable(Email, out success)) { if (!success) { return; } ApiError.Throw(ApiErrorCode.InvalidEmailAddress, server, "Email address already in use."); return; } } string passwordHash = SecurityManager.ScryptHash(Password); server.Account = new Account(new AccountInfo(null, null, null, null, null, null, null, null, null, null, null, null, null, 50, null, Email, true, true), false, string.Empty) { Password = passwordHash, AuthenticationCode = SecurityManager.GenerateSecurityCode(), AuthenticationId = ApiRequestId.ConfirmAccount, AuthenticationTime = DatabaseEssentials.GetTimeStamp() }; EmailManager emailManager = EmailManager.Create(Subject.CreateAccount, Email, "new user", server.Account.AuthenticationCode); success = emailManager.Send(); if (!success) { ApiError.Throw(ApiErrorCode.InternalServerError, server, "Failed to send confirmation email."); return; } GenericSuccessResponse apiResponse = new GenericSuccessResponse(ResponseId.CreateAccount, true); SerializedApiResponse serializedApiResponse = SerializedApiResponse.Create(apiResponse); string json = serializedApiResponse.Serialize(); server.Send(json); server.UnitTesting.MethodSuccess = true; }
public override void Process(ApiServer server) { if (server.AssertServerSetup(this) || server.AssertUserOnline()) { return; } using DatabaseManager databaseManager = new DatabaseManager(server); string query = "SELECT hid FROM Tbl_event" + (IncludeExpired ? string.Empty : " WHERE expires > " + DatabaseEssentials.GetTimeStamp().ToString()) + ";"; SqlApiRequest sqlRequest = SqlApiRequest.Create(SqlRequestId.Get2DArray, query, 1); Sql2DArrayResponse sql2DArrayResponse = databaseManager.Await2DArrayResponse(sqlRequest, out bool success); if (!success) { return; } GetAllEventsResponse response = new GetAllEventsResponse(ResponseId.GetAllEvents, sql2DArrayResponse.Result); SerializedApiResponse serializedApiResponse = SerializedApiResponse.Create(response); string json = serializedApiResponse.Serialize(); server.Send(json); server.UnitTesting.MethodSuccess = true; }
/// <summary> /// Throws an exception if the code is Invalid and returns false otherwise. /// </summary> /// <param name="server"></param> /// <param name="code"></param> /// <returns></returns> public static bool AssertAuthenticationCodeInvalid(this ApiServer server, string code) { // TODO: Implement max retry count. if (server.AssertAccountNotNull()) { return(true); } if (string.IsNullOrEmpty(server.Account.AuthenticationCode)) { ApiError.Throw(ApiErrorCode.InvalidContext, server, "The requested action is invalid in this context: server unaware of authentication event."); return(true); } if (!code.Equals(server.Account.AuthenticationCode)) { ApiError.Throw(ApiErrorCode.InvalidCode, server, "The provided authentication code was incorrect."); return(true); } if (server.Account.AuthenticationId != server.RequestId) { ApiError.Throw(ApiErrorCode.InvalidContext, server, "The requested action is invalid in this context: authentication event does not match."); return(true); } if (server.Account.AuthenticationTime + MainServer.Config.WamsrvSecurityConfig.TwoFactorExpirationTime < DatabaseEssentials.GetTimeStamp()) { ApiError.Throw(ApiErrorCode.ExpiredCode, server, "The provided authentication code has expired."); return(true); } return(false); }
public override void Process(ApiServer server) { if (server.AssertServerSetup(this) || server.AssertAccountNull()) { server.UnitTesting.MethodSuccess = false; return; } using DatabaseManager databaseManager = new DatabaseManager(server); string query = DatabaseEssentials.Security.SanitizeQuery(new string[] { "SELECT id, password, isOnline FROM Tbl_user WHERE email = \'", Email, "\' LIMIT 1;" }); SqlApiRequest apiRequest = SqlApiRequest.Create(SqlRequestId.GetDataArray, query, 3); SqlDataArrayResponse dataArrayResponse = databaseManager.AwaitDataArrayResponse(apiRequest, out bool success); string[] data = dataArrayResponse.Result; if (!success) { return; } if (!dataArrayResponse.Success || data.Length != 3) { ApiError.Throw(ApiErrorCode.InvalidUser, server, "No account is associated with this email address."); return; } string id = data[0]; string hash = data[1]; if (Convert.ToInt32(data[2]) == 1) { ApiError.Throw(ApiErrorCode.AlreadyOnline, server, "Already logged in from another device."); return; } bool authenticationSuccessful = SecurityManager.ScryptCheck(Password, hash); if (!authenticationSuccessful) { ApiError.Throw(ApiErrorCode.InvalidCredentials, server, "Incorrect password."); return; } string securityToken = SecurityManager.GenerateSecurityToken(); // Token should expire every month. int expirationDate = DatabaseEssentials.GetTimeStamp() + MainServer.Config.WamsrvSecurityConfig.SecurityTokenExpirationTime; query = DatabaseEssentials.Security.SanitizeQuery(new string[] { "INSERT INTO Tbl_cookies (userid, value, expires, info) VALUES (", id, ",\'", securityToken, "\',", expirationDate.ToString(), ",\'", Info, "\');" }); apiRequest = SqlApiRequest.Create(SqlRequestId.ModifyData, query, -1); SqlModifyDataResponse modifyDataResponse = databaseManager.AwaitModifyDataResponse(apiRequest, out success); if (!success) { return; } if (!modifyDataResponse.Success) { ApiError.Throw(ApiErrorCode.InternalServerError, server, "Unable to generate security token."); return; } if (!databaseManager.SetupAccount(id)) { return; } Permission permissions = databaseManager.GetUserPermission(server.Account.AccountInfo.UserId, out success); if (!success) { return; } CreateCookieResponse apiResponse = new CreateCookieResponse(ResponseId.CreateCookie, securityToken, permissions); SerializedApiResponse serializedApiResponse = SerializedApiResponse.Create(apiResponse); string json = serializedApiResponse.Serialize(); server.Send(json); server.UnitTesting.MethodSuccess = true; }