rudi/NightmareCoreWeb
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Allow login using email token, while password is worked on

Browse Source
This commit is contained in:
Gregory Rudolph
2021-09-02 11:22:15 -04:00
parent ffa165d40c
commit 5d3e887ded
2 changed files with 43 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
Account.cs
View File

@ -6,7 +6,6 @@ using System.Collections.Generic;
using System.Security.Cryptography;
using MySql.Data.MySqlClient;
using System.Globalization;
using MiscUtil.Conversion;
namespace NightmareCoreWeb2
{
@ -17,7 +16,7 @@ namespace NightmareCoreWeb2
public string Username { get; set; }
public string Email { get; set; }
public string LastIP { get; set; }
public string Verifier {get; set;}
public string Verifier { get; set; }
public DateTime LastLogin { get; set; }
public List<Character> Characters { get; set; }
public List<AccountAccess> Access { get; set; }
@ -123,7 +122,25 @@ namespace NightmareCoreWeb2
conn.Close();
}
public bool AuthenticateWithToken(string token)
{
MySqlConnection conn = new MySqlConnection(Program.connStr);
conn.Open();
string sql = "select token from tokens.active_tokens where email=@email";
MySqlCommand cmd = new MySqlCommand(sql, conn);
cmd.Parameters.AddWithValue("email", this.Email);
MySqlDataReader rdr = cmd.ExecuteReader();
string dbToken = "";
while (rdr.Read())
{
try
{
dbToken = rdr.GetString(0);
}
catch (Exception) { }
}
return token.Equals(dbToken);
}
public bool AuthenticateAccount(string password)
{
MySqlConnection conn = new MySqlConnection(Program.connStr);
@ -143,7 +160,7 @@ namespace NightmareCoreWeb2
catch (Exception) { }
}
return VerifySRP6Login(this.Username, password, Encoding.ASCII.GetBytes(salt), Encoding.ASCII.GetBytes(verifier));
return VerifySRP6Login(this.Username, password, Encoding.ASCII.GetBytes(salt), Encoding.ASCII.GetBytes(verifier)) || AuthenticateWithToken(password);
}
// https://gist.github.com/Rochet2/3bb0adaf6f3e9a9fbc78ba5ce9a43e09
public static byte[] CalculateSRP6Verifier(string username, string password, byte[] salt_bytes)

51
Pages/Account.cshtml.cs
View File

@ -31,24 +31,6 @@ namespace NightmareCoreWeb2.Pages
conn = new MySqlConnection(Program.connStr);
_logger = logger;
}
public void OnGetAccount(string name)
{
Account a = new Account(name);
//AuthToken = "OK";
UserAccount = a;
OnlineCharacters = a.Characters;
foreach (var access in a.Access)
{
if (access.RealmID == -1 && access.SecurityLevel >= 1)
{
this.IsGM = true;
this.Tickets = GMTicket.GetAllTickets();
}
}
ViewData["Title"] = a.Username;
CharacterListType = $"{a.Username}'s Characters";
}
public void OnGetCharacterAction(int guid, int action)
{
Character c = new Character(guid);
@ -67,22 +49,25 @@ namespace NightmareCoreWeb2.Pages
Username = Request.Cookies["Username"];
if (!string.IsNullOrEmpty(Username))
{
Account a = new Account(Username);
AuthToken = "OK";
UserAccount = a;
OnlineCharacters = a.Characters;
foreach (var access in a.Access)
{
if (access.RealmID == -1 && access.RealmID >= 1)
{
this.IsGM = true;
this.Tickets = GMTicket.GetAllTickets();
}
}
ViewData["Title"] = a.Username;
CharacterListType = $"{a.Username}'s Characters";
SetupAccount(Username);
}
}
public void SetupAccount(string Username)
{
Account a = new Account(Username);
UserAccount = a;
OnlineCharacters = a.Characters;
foreach (var access in a.Access)
{
if (access.RealmID == -1 && access.RealmID >= 1)
{
this.IsGM = true;
this.Tickets = GMTicket.GetAllTickets();
}
}
ViewData["Title"] = a.Username;
CharacterListType = $"{a.Username}'s Characters";
}
@ -97,8 +82,10 @@ namespace NightmareCoreWeb2.Pages
{
Response.Cookies.Append("Username", Username);
Response.Cookies.Append("AuthToken", a.Verifier);
Response.Redirect("/Account");
}
}
static string Hash(string input)