public AccountInfo CreateAccount(string username, string password, string ip, Privilege privileges)
{
string bcryptPassword = BCryptProvider.HashPassword(password);
(int rowsEffected, long lastInsertedId) = ExecutePreparedStatement(PreparedStatementId.AccountInsert, username, bcryptPassword, ip, (ushort)privileges);
var account = new AccountInfo();
account.Read((uint)lastInsertedId, username, bcryptPassword, privileges);
return(account);
}
public void AccountCreateCommandHandler(ICommandContext context, string username, string password)
{
string encryptedPassword = BCryptProvider.HashPassword(password);
if (DatabaseManager.Instance.AuthDatabase.CreateAccount(username.ToLower(), encryptedPassword))
{
context.SendMessage($"Successfully created Account {username}.");
}
else
{
context.SendError($"Failed to create account {username}!");
}
}
public static bool PasswordMatches(this Account account, string password)
{
if (account.PasswordSalt == "use bcrypt") // Account password is using bcrypt
{
if (Common.ConfigManager.Config.Server.Accounts.ForceWorkFactorMigration &&
(BCryptProvider.GetPasswordWorkFactor(account.PasswordHash) != Common.ConfigManager.Config.Server.Accounts.PasswordHashWorkFactor))
// Upgrade (or downgrade) Password workfactor if not the same as config specifies, ForceWorkFactorMigration is TRUE and Password Matches
{
if (BCryptProvider.Verify(password, account.PasswordHash))
{
account.SetPassword(password);
account.SetSaltForBCrypt();
DatabaseManager.Authentication.UpdateAccount(account);
return(true);
}
else
{
return(false);
}
}
else
{
return(BCryptProvider.Verify(password, account.PasswordHash));
}
}
else // Account password is using SHA512 salt
{
log.Debug($"{account.AccountName} password verified using SHA512 hash/salt, migrating to bcrypt.");
var input = GetPasswordHash(account, password);
if (input == account.PasswordHash) // If password matches, migrate to bcrypt
{
account.SetPassword(password);
account.SetSaltForBCrypt();
DatabaseManager.Authentication.UpdateAccount(account);
return(true);
}
else
{
return(false);
}
}
}
public static Account CreateAccount(string username, string password, IPAddress ip, Privilege privileges)
{
using (var context = new DatabaseContext())
{
context.Account.Add(new Account
{
Username = username,
Password = BCryptProvider.HashPassword(password),
CreateIp = ip.ToString(),
Privileges = (short)privileges
});
context.SaveChanges();
return(context.Account.SingleOrDefault(a => a.Username == username));
}
}
private static string GetPasswordHash(string password)
{
var workFactor = Common.ConfigManager.Config.Server.Accounts.PasswordHashWorkFactor;
if (workFactor < 4)
{
log.Warn("PasswordHashWorkFactor in config less than minimum value of 4, using 4 and continuing.");
workFactor = 4;
}
else if (workFactor > 31)
{
log.Warn("PasswordHashWorkFactor in config greater than minimum value of 31, using 31 and continuing.");
workFactor = 31;
}
return(BCryptProvider.HashPassword(password, workFactor));
}
public static void HandleClientLoginReq(Session session, ClientLoginReq loginReq)
{
void SendError(uint errorCode, string errorMessage = "")
{
session.SendMessage(new ServerLoginResult
{
ErrorCode = errorCode,
ErrorMessage = errorMessage
});
}
AccountModel account = DatabaseManager.Instance.AuthDatabase.GetAccount(loginReq.Username);
if (account == null || !BCryptProvider.Verify(loginReq.Password, account.Password))
{
SendError(1);
return;
}
session.Authenticate(account);
// TODO: check for bans
ulong sessionKey = RandomProvider.GenerateSessionKey();
DatabaseManager.Instance.AuthDatabase.UpdateSessionKey(account, sessionKey);
session.SendMessage(new ServerLoginResult
{
AccountId = account.Id,
SessionKey = sessionKey
});
session.SendMessage(new ServerOptionLoad
{
});
}
public static void HandleAuthenticate(Session session, NetworkObject networkObject)
{
void SendAuthenticationError(byte code)
{
var errorCode = new NetworkObject();
errorCode.AddField(0, NetworkObjectField.CreateIntField(code));
var authenticationError = new NetworkObject();
authenticationError.AddField(0, NetworkObjectField.CreateIntField((int)ObjectOpcode.AuthenticateError));
authenticationError.AddField(1, NetworkObjectField.CreateObjectField(errorCode));
session.EnqueuePacket(new ServerAuthenticationPacket(authenticationError));
}
string username = NetworkObjectField.ReadStringField(networkObject.GetField(2));
string password = NetworkObjectField.ReadStringField(networkObject.GetField(3));
string version = NetworkObjectField.ReadStringField(networkObject.GetField(5));
string accountName = NetworkObjectField.ReadStringField(networkObject.GetField(6));
CharacterObject characterObject = new CharacterObject();
characterObject.FromNetworkObject(networkObject.GetField(4).ReadObject());
if (string.IsNullOrWhiteSpace(username) ||
username.Length > 20 ||
username == "Anonymous")
{
SendAuthenticationError(0);
return;
}
// anonymous login ignored
if (version != "1.0.1.14")
{
SendAuthenticationError(1);
return;
}
AccountInfo accountInfo = DatabaseManager.Database.GetAccount(username);
if (accountInfo == null)
{
accountInfo = DatabaseManager.Database.CreateAccount(username, password, session.Remote.Address.ToString(), Privilege.All);
}
else
{
// validate existing account
if (!BCryptProvider.Verify(password, accountInfo.Password))
{
SendAuthenticationError(0);
return;
}
}
log.Info($"Account: {accountInfo.Username}, Character: {characterObject.Name} has signed in!");
DatabaseManager.Database.UpdateAccount(accountInfo.Id, session.Remote.Address.ToString());
var authentication = new NetworkObject();
authentication.AddField(0, NetworkObjectField.CreateIntField((int)ObjectOpcode.Authenticate));
authentication.AddField(1, NetworkObjectField.CreateIntField((int)accountInfo.Privileges));
session.EnqueuePacket(new ServerAuthenticationPacket(authentication));
characterObject.Sequence = NetworkManager.SessionSequence.Dequeue();
session.SignIn(accountInfo, accountName, characterObject);
}
