private RestObject NewTokenInternal(string username, string password) { User userAccount = TShock.Users.GetUserByName(username); if (userAccount == null) { return new RestObject("401") { Error = "Invalid username/password combination provided. Please re-submit your query with a correct pair." } } ; if (!userAccount.VerifyPassword(password)) { return new RestObject("401") { Error = "Invalid username/password combination provided. Please re-submit your query with a correct pair." } } ; Group userGroup = TShock.Utils.GetGroup(userAccount.Group); if (!userGroup.HasPermission(RestPermissions.restapi) && userAccount.Group != "superadmin") { return new RestObject("403") { Error = "Although your account was successfully found and identified, your account lacks the permission required to use the API. (restapi)" } } ; string tokenHash; var rand = new Random(); var randbytes = new byte[32]; do { rand.NextBytes(randbytes); tokenHash = randbytes.Aggregate("", (s, b) => s + b.ToString("X2")); } while (Tokens.ContainsKey(tokenHash)); Tokens.Add(tokenHash, new TokenData { Username = userAccount.Name, UserGroupName = userGroup.Name }); RestObject response = new RestObject() { Response = "Successful login" }; response["token"] = tokenHash; return(response); }
private object NewToken(RestRequestArgs args) { var user = args.Verbs["username"]; var pass = args.Verbs["password"]; RestObject response = this.NewTokenInternal(user, pass); response["deprecated"] = "This endpoint is depracted and will be removed in the future."; return(response); }
private object NewToken(RestVerbs verbs, IParameterCollection parameters) { var user = verbs["username"]; var pass = verbs["password"]; RestObject response = this.NewTokenInternal(user, pass); response["deprecated"] = "This endpoint is depracted and will be removed in the future."; return(response); }
private object NewToken(RestVerbs verbs, IParameterCollection parameters) { var user = verbs["username"]; var pass = verbs["password"]; RestObject obj = null; if (Verify != null) { obj = Verify(user, pass); } if (obj == null) { obj = new RestObject("401") { Error = "Invalid username/password combination provided. Please re-submit your query with a correct pair." } } ; if (obj.Error != null) { return(obj); } string hash; var rand = new Random(); var randbytes = new byte[32]; do { rand.NextBytes(randbytes); hash = randbytes.Aggregate("", (s, b) => s + b.ToString("X2")); } while (Tokens.ContainsKey(hash)); Tokens.Add(hash, user); obj["token"] = hash; obj["deprecated"] = "This method will be removed from TShock in 3.6."; return(obj); }
private RestObject NewTokenInternal(string username, string password, IHttpContext context) { int tokens = 0; if (tokenBucket.TryGetValue(context.RemoteEndPoint.Address.ToString(), out tokens)) { if (tokens >= TShock.Config.Settings.RESTMaximumRequestsPerInterval) { TShock.Log.ConsoleError("A REST login from {0} was blocked as it currently has {1} tokens", context.RemoteEndPoint.Address.ToString(), tokens); tokenBucket[context.RemoteEndPoint.Address.ToString()] += 1; // Tokens over limit, increment by one and reject request return(new RestObject("403") { Error = "Username or password may be incorrect or this account may not have sufficient privileges." }); } tokenBucket[context.RemoteEndPoint.Address.ToString()] += 1; // Tokens under limit, increment by one and process request } else { tokenBucket.Add(context.RemoteEndPoint.Address.ToString(), 1); // First time request, set to one and process request } UserAccount userAccount = TShock.UserAccounts.GetUserAccountByName(username); if (userAccount == null) { AddTokenToBucket(context.RemoteEndPoint.Address.ToString()); return(new RestObject("403") { Error = "Username or password may be incorrect or this account may not have sufficient privileges." }); } if (!userAccount.VerifyPassword(password)) { AddTokenToBucket(context.RemoteEndPoint.Address.ToString()); return(new RestObject("403") { Error = "Username or password may be incorrect or this account may not have sufficient privileges." }); } Group userGroup = TShock.Groups.GetGroupByName(userAccount.Group); if (!userGroup.HasPermission(RestPermissions.restapi) && userAccount.Group != "superadmin") { AddTokenToBucket(context.RemoteEndPoint.Address.ToString()); return(new RestObject("403") { Error = "Username or password may be incorrect or this account may not have sufficient privileges." }); } string tokenHash; var randbytes = new byte[32]; do { _rng.GetBytes(randbytes); tokenHash = randbytes.Aggregate("", (s, b) => s + b.ToString("X2")); } while (Tokens.ContainsKey(tokenHash)); Tokens.Add(tokenHash, new TokenData { Username = userAccount.Name, UserGroupName = userGroup.Name }); AddTokenToBucket(context.RemoteEndPoint.Address.ToString()); RestObject response = new RestObject() { Response = "Successful login" }; response["token"] = tokenHash; return(response); }