Browse Source

Allow login using email token, while password is worked on

master
Gregory Rudolph 3 years ago
parent
commit
5d3e887ded
Signed by: rudi
GPG Key ID: EF64F3CBD1A1EBDD
  1. 25
      Account.cs
  2. 27
      Pages/Account.cshtml.cs

25
Account.cs

@ -6,7 +6,6 @@ using System.Collections.Generic; @@ -6,7 +6,6 @@ using System.Collections.Generic;
using System.Security.Cryptography;
using MySql.Data.MySqlClient;
using System.Globalization;
using MiscUtil.Conversion;
namespace NightmareCoreWeb2
{
@ -17,7 +16,7 @@ namespace NightmareCoreWeb2 @@ -17,7 +16,7 @@ namespace NightmareCoreWeb2
public string Username { get; set; }
public string Email { get; set; }
public string LastIP { get; set; }
public string Verifier {get; set;}
public string Verifier { get; set; }
public DateTime LastLogin { get; set; }
public List<Character> Characters { get; set; }
public List<AccountAccess> Access { get; set; }
@ -123,7 +122,25 @@ namespace NightmareCoreWeb2 @@ -123,7 +122,25 @@ namespace NightmareCoreWeb2
conn.Close();
}
public bool AuthenticateWithToken(string token)
{
MySqlConnection conn = new MySqlConnection(Program.connStr);
conn.Open();
string sql = "select token from tokens.active_tokens where email=@email";
MySqlCommand cmd = new MySqlCommand(sql, conn);
cmd.Parameters.AddWithValue("email", this.Email);
MySqlDataReader rdr = cmd.ExecuteReader();
string dbToken = "";
while (rdr.Read())
{
try
{
dbToken = rdr.GetString(0);
}
catch (Exception) { }
}
return token.Equals(dbToken);
}
public bool AuthenticateAccount(string password)
{
MySqlConnection conn = new MySqlConnection(Program.connStr);
@ -143,7 +160,7 @@ namespace NightmareCoreWeb2 @@ -143,7 +160,7 @@ namespace NightmareCoreWeb2
catch (Exception) { }
}
return VerifySRP6Login(this.Username, password, Encoding.ASCII.GetBytes(salt), Encoding.ASCII.GetBytes(verifier));
return VerifySRP6Login(this.Username, password, Encoding.ASCII.GetBytes(salt), Encoding.ASCII.GetBytes(verifier)) || AuthenticateWithToken(password);
}
// https://gist.github.com/Rochet2/3bb0adaf6f3e9a9fbc78ba5ce9a43e09
public static byte[] CalculateSRP6Verifier(string username, string password, byte[] salt_bytes)

27
Pages/Account.cshtml.cs

@ -31,24 +31,6 @@ namespace NightmareCoreWeb2.Pages @@ -31,24 +31,6 @@ namespace NightmareCoreWeb2.Pages
conn = new MySqlConnection(Program.connStr);
_logger = logger;
}
public void OnGetAccount(string name)
{
Account a = new Account(name);
//AuthToken = "OK";
UserAccount = a;
OnlineCharacters = a.Characters;
foreach (var access in a.Access)
{
if (access.RealmID == -1 && access.SecurityLevel >= 1)
{
this.IsGM = true;
this.Tickets = GMTicket.GetAllTickets();
}
}
ViewData["Title"] = a.Username;
CharacterListType = $"{a.Username}'s Characters";
}
public void OnGetCharacterAction(int guid, int action)
{
Character c = new Character(guid);
@ -66,9 +48,13 @@ namespace NightmareCoreWeb2.Pages @@ -66,9 +48,13 @@ namespace NightmareCoreWeb2.Pages
AuthToken = Request.Cookies["AuthToken"];
Username = Request.Cookies["Username"];
if (!string.IsNullOrEmpty(Username))
{
SetupAccount(Username);
}
}
public void SetupAccount(string Username)
{
Account a = new Account(Username);
AuthToken = "OK";
UserAccount = a;
OnlineCharacters = a.Characters;
foreach (var access in a.Access)
@ -82,7 +68,6 @@ namespace NightmareCoreWeb2.Pages @@ -82,7 +68,6 @@ namespace NightmareCoreWeb2.Pages
ViewData["Title"] = a.Username;
CharacterListType = $"{a.Username}'s Characters";
}
}
@ -97,8 +82,10 @@ namespace NightmareCoreWeb2.Pages @@ -97,8 +82,10 @@ namespace NightmareCoreWeb2.Pages
{
Response.Cookies.Append("Username", Username);
Response.Cookies.Append("AuthToken", a.Verifier);
Response.Redirect("/Account");
}
}
static string Hash(string input)

Loading…
Cancel
Save