/// <summary>
/// Creates a user and adds to database
/// </summary>
/// <returns>Result of registration</returns>
internal static RegisterResult CreateUser(string email, string username, string fullname, string password, DateTime birthdate)
{
if (Users.FindByEmail(email) != null)
{
return(RegisterResult.EmailTaken);
}
if (Users.FindByUsername(username) != null)
{
return(RegisterResult.UsernameTaken);
}
Users u = new Users()
{
Email = email,
UserName = username,
FullName = fullname,
BirthDate = birthdate,
Registered = DateTime.Now,
LastLogin = DateTime.Now,
Coins = 0,
ByteDollars = 0,
TotalExp = 0,
AccessLevel = AccessLevel.Unconfirmed
};
u.UpdatePassword(password);
using (DataContext db = new DataContext())
{
db.Users.Add(u);
db.SaveChanges();
Debug.WriteLine("User creation attempted");
Users createduser = Users.FindByEmail(email, db);
createduser.UserKeyStore = KeyStore.DefaultDbKeyStore(password, createduser.Salt, createduser.UserID);
UserIPList uip = new UserIPList();
uip.UserId = createduser.UserID;
uip.UserIPStored = GetIP();
db.UserIPList.Add(uip);
db.SaveChanges();
if (createduser is Users)
{
EmailConfirm.SendEmailForConfirmation(createduser, db);
Machines.DefaultMachine(createduser, db);
ItemLogic.StoreDefaultParts(db, u.UserID);
AuthLogger.Instance.UserRegistered(u.Email, u.UserID);
return(RegisterResult.Success);
}
else
{
throw new RegistrationException("User cannot be registered due to an error (NOT_TYPE_USER)");
}
}
}
public static EmailConfirmResult ValidatePasswordReset(string email, string code)
{
if (code == null)
{
throw new ArgumentNullException("Code cannot be null");
}
using (DataContext db = new DataContext())
{
Users u = db.Users.Where(uzr => uzr.Email == email).FirstOrDefault();
if (u == null)
{
return(EmailConfirmResult.UserNotFound);
}
// Get all confirmations for this Email Address
List <Confirmations> confirms = GetAllConfirmations(email, code, db);
foreach (var c in confirms)
{
if (c.Expiry > DateTime.Now && c.Type == ConfirmType.PasswordReset)
{
c.Code = null;
string password = GenerateString();
MessageLogic.QuitAllConversations(u, db);
u.UpdatePassword(password);
db.Entry(u).Reference(usr => usr.UserKeyStore).Load();
db.Entry(u.UserKeyStore).CurrentValues.SetValues(KeyStore.DefaultDbKeyStore(password, u.Salt, u.UserID));
SendNewPassword(email, password);
db.SaveChanges();
return(EmailConfirmResult.Success);
}
}
return(EmailConfirmResult.Failed);
}
}
/// <summary>
/// Validate the user's password
/// </summary>
/// <param name="password">The user's password</param>
/// <param name="checkEmailValidity">Whether to check if the email address is verified</param>
/// <returns></returns>
internal AuthResult ValidateLogin(string password, bool checkEmailValidity = true)
{
using (DataContext db = new DataContext())
{
Users user = Users.FindByEmail(this.Email, db);
if (user == null)
{
AuthLogger.Instance.UserNotFound(Email);
return(AuthResult.UserNotFound);
}
// Check IP
string userip = GetIP();
if (UserIPList.CheckUserIPList(userip, user, db))
{
Debug.WriteLine("CHK TRUE");
MailClient m = new MailClient(Email);
m.Subject = "Unrecognised login from IP Address " + userip;
m.AddLine("An unrecognised login has been found");
m.AddLine("If this wasn't you, please contact us.");
m.Send(user.FullName, "Contact Us", "https://haxnet.azurewebsites.net/Contact");
}
else
{
Debug.WriteLine("CHK FALSE");
}
if (checkEmailValidity && !EmailConfirm.IsEmailValidated(user))
{
EmailConfirm.SendEmailForConfirmation(user, db);
return(AuthResult.EmailNotVerified);
}
byte[] bPassword = Encoding.UTF8.GetBytes(password);
byte[] bSalt = user.Salt;
byte[] bHash = Crypt.Instance.Hash(bPassword, bSalt);
if (user.Hash.SequenceEqual(bHash))
{
AuthLogger.Instance.PasswordSuccess(user.Email, user.UserID);
}
else
{
AuthLogger.Instance.PasswordFail(user.Email, user.UserID);
return(AuthResult.PasswordIncorrect);
}
try
{
db.Entry(user).Reference(usr => usr.UserKeyStore).Load();
if (user.UserKeyStore == null)
{
user.UserKeyStore = KeyStore.DefaultDbKeyStore(password, bSalt, user.UserID);
db.SaveChanges();
}
TempKeyStore = new KeyStore(user.UserKeyStore, password, bSalt);
return(AuthResult.Success);
} catch (KeyStoreException) {
return(AuthResult.KeyStoreInvalid);
}
}
throw new AuthException("Login has no result, database failure might have occured.");
}