rudi/NightmareCoreWeb
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Working auth!

Browse Source
This commit is contained in:
Gregory Rudolph
2021-09-07 19:48:37 -04:00
parent 4e88939137
commit 0e8650d4a8
4 changed files with 49 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
Account.cs
View File

@ -13,12 +13,10 @@ namespace NightmareCoreWeb2
public string Username { get; set; }
public string Email { get; set; }
public string LastIP { get; set; }
public string Verifier { get; set; }
public byte[] Verifier { get; set; }
public DateTime LastLogin { get; set; }
public List<Character> Characters { get; set; }
public List<AccountAccess> Access { get; set; }
private readonly BigInteger g = 7;
private readonly BigInteger N = BigInteger.Parse("894B645E89E1535BBDAD5B8B290650530801B18EBFBF5E8FAB3C82872A3E9BB7", NumberStyles.HexNumber);
public static Account AccountByID(int id)
@ -47,7 +45,6 @@ namespace NightmareCoreWeb2
public Account(string username)
{
MySqlConnection conn = new MySqlConnection(Program.connStr);
conn.Open();
@ -55,7 +52,7 @@ namespace NightmareCoreWeb2
MySqlCommand cmd = new MySqlCommand(sql, conn);
cmd.Parameters.AddWithValue("username", username);
MySqlDataReader rdr = cmd.ExecuteReader();
this.Verifier = new byte[32];
while (rdr.Read())
{
try
@ -65,7 +62,7 @@ namespace NightmareCoreWeb2
this.Email = rdr.GetString(2);
this.LastIP = rdr.GetString(3);
this.LastLogin = rdr.GetDateTime(4);
this.Verifier = rdr.GetString(5);
rdr.GetBytes(5, 0, this.Verifier, 0, 32);
}
catch (Exception e)
{
@ -97,7 +94,6 @@ namespace NightmareCoreWeb2
}
}
rdr.Close();
sql = "select SecurityLevel,RealmID from account_access where AccountID=@id";
cmd = new MySqlCommand(sql, conn);
cmd.Parameters.AddWithValue("id", this.Id);
@ -159,8 +155,12 @@ namespace NightmareCoreWeb2
}
catch (Exception) { }
}
return Framework.Cryptography.SRP6.CheckLogin(this.Username, password, salt, verifier);
byte[] calculatedVerifier = Framework.Cryptography.SRP6.CalculateVerifier(this.Username, password, salt);
return calculatedVerifier.Compare(verifier);
}
public bool AuthenticateAccount(byte[] verifier)
{
return verifier.Compare(this.Verifier);
}
}

2
Pages/Account.cshtml
View File

@ -3,7 +3,7 @@
@{
}
<div class="container">
@if (string.IsNullOrEmpty(Model.AuthToken))
@if (Model.UserAccount == null)
{
<div id="LoginForm">

57
Pages/Account.cshtml.cs
View File

@ -17,6 +17,7 @@ namespace NightmareCoreWeb2.Pages
public string AuthToken { get; set; }
public string Username { get; set; }
public bool IsGM { get; set; }
public bool IsAuthenticated = false;
public Account UserAccount { get; set; }
public List<Character> OnlineCharacters = new List<Character>();
@ -28,11 +29,17 @@ namespace NightmareCoreWeb2.Pages
public AccountModel(ILogger<AccountModel> logger)
{
conn = new MySqlConnection(Program.connStr);
_logger = logger;
}
public void OnGetCharacterAction(int guid, int action)
{
if (!IsAuthenticated)
{
OnGet();
return;
}
Character c = new Character(guid);
if ((c.AtLogin & Character.AtLoginOptions.AT_LOGIN_FIRST) == 0)
{
@ -46,25 +53,30 @@ namespace NightmareCoreWeb2.Pages
{
ViewData["Title"] = "Login";
AuthToken = Request.Cookies["AuthToken"];
if (!string.IsNullOrEmpty(AuthToken))
if (Request.Cookies.Count() > 1)
{
conn.Open();
string sql = "select email from tokens.active_tokens where token=@token";
MySqlCommand cmd = new MySqlCommand(sql, conn);
cmd.Parameters.AddWithValue("token", AuthToken);
MySqlDataReader rdr = cmd.ExecuteReader();
string email = "";
while (rdr.Read())
try
{
try
this.UserAccount = new Account(Request.Cookies["Username"]);
byte[] auth = Convert.FromBase64String(Request.Cookies["AuthToken"]);
this.Username = this.UserAccount.Username;
if (!this.UserAccount.AuthenticateAccount(auth))
{
email = rdr.GetString(0);
Console.WriteLine($"Failed to authenticate {this.UserAccount.Username}");
Response.Cookies.Delete("Username");
Response.Cookies.Delete("AuthToken");
} else {
this.IsAuthenticated = true;
}
catch (Exception) { }
SetupAccount(this.UserAccount.Username);
}
SetupAccount(email.Substring(0, email.IndexOf("@")));
catch (Exception e)
{
Console.WriteLine(e);
}
}
}
public void SetupAccount(string Username)
{
@ -81,6 +93,7 @@ namespace NightmareCoreWeb2.Pages
}
ViewData["Title"] = a.Username;
CharacterListType = $"{a.Username}'s Characters";
this.UserAccount = a;
}
@ -89,22 +102,22 @@ namespace NightmareCoreWeb2.Pages
{
UserEmail = Request.Form["UserEmail"];
UserPassword = Request.Form["UserPassword"];
Username = UserEmail.Substring(0, UserEmail.IndexOf("@"));
try
{
Username = UserEmail.Substring(0, UserEmail.IndexOf("@"));
}
catch (Exception)
{
Username = UserEmail;
}
Account a = new Account(Username);
if (a.AuthenticateAccount(UserPassword))
{
Response.Cookies.Append("Username", Username);
Response.Cookies.Append("AuthToken", UserPassword);
Response.Cookies.Append("AuthToken", Convert.ToBase64String(a.Verifier));
Response.Redirect("/Account");
}
}
static string Hash(string input)
{
var hash = new SHA1Managed().ComputeHash(Encoding.UTF8.GetBytes(input));
return string.Concat(hash.Select(b => b.ToString("x2")));
}
}

4
SRP6.cs
View File

@ -64,6 +64,10 @@ namespace Framework.Cryptography
// v = BigInteger.ModPow(gBN, x, BN);
return BigInteger.ModPow(_g, new BigInteger(_sha1.ComputeHash(salt.Combine(hash)), true), _N).ToByteArray();
}
public static BigInteger CalculateBigIntVerifier(string username, string password, byte[] salt) {
byte[] hash = _sha1.ComputeHash(Encoding.UTF8.GetBytes(username.ToUpperInvariant() + ":" + password.ToUpperInvariant()));
return BigInteger.ModPow(_g, new BigInteger(_sha1.ComputeHash(salt.Combine(hash)), true), _N);
}
public static bool CheckLogin(string username, string password, byte[] salt, byte[] verifier)
{