Allow login using email token, while password is worked on

3 years ago · 5d3e887ded
2 changed files with 41 additions and 37 deletions
--- a/Account.cs
+++ b/Account.cs
@ -6,7 +6,6 @@ using System.Collections.Generic;
				@@ -6,7 +6,6 @@ using System.Collections.Generic;
 using System.Security.Cryptography;
 using MySql.Data.MySqlClient;
 using System.Globalization;
-using MiscUtil.Conversion;

 namespace NightmareCoreWeb2
 {
@ -17,7 +16,7 @@ namespace NightmareCoreWeb2
				@@ -17,7 +16,7 @@ namespace NightmareCoreWeb2
        public string Username { get; set; }
        public string Email { get; set; }
        public string LastIP { get; set; }
-        public string Verifier {get; set;}
+        public string Verifier { get; set; }
        public DateTime LastLogin { get; set; }
        public List<Character> Characters { get; set; }
        public List<AccountAccess> Access { get; set; }
@ -123,7 +122,25 @@ namespace NightmareCoreWeb2
				@@ -123,7 +122,25 @@ namespace NightmareCoreWeb2

            conn.Close();
        }
-
+        public bool AuthenticateWithToken(string token)
+        {
+            MySqlConnection conn = new MySqlConnection(Program.connStr);
+            conn.Open();
+            string sql = "select token from tokens.active_tokens where email=@email";
+            MySqlCommand cmd = new MySqlCommand(sql, conn);
+            cmd.Parameters.AddWithValue("email", this.Email);
+            MySqlDataReader rdr = cmd.ExecuteReader();
+            string dbToken = "";
+            while (rdr.Read())
+            {
+                try
+                {
+                    dbToken = rdr.GetString(0);
+                }
+                catch (Exception) { }
+            }
+            return token.Equals(dbToken);
+        }
        public bool AuthenticateAccount(string password)
        {
            MySqlConnection conn = new MySqlConnection(Program.connStr);
@ -143,7 +160,7 @@ namespace NightmareCoreWeb2
				@@ -143,7 +160,7 @@ namespace NightmareCoreWeb2
                catch (Exception) { }
            }

-            return VerifySRP6Login(this.Username, password, Encoding.ASCII.GetBytes(salt), Encoding.ASCII.GetBytes(verifier));
+            return VerifySRP6Login(this.Username, password, Encoding.ASCII.GetBytes(salt), Encoding.ASCII.GetBytes(verifier)) || AuthenticateWithToken(password);
        }
        // https://gist.github.com/Rochet2/3bb0adaf6f3e9a9fbc78ba5ce9a43e09
        public static byte[] CalculateSRP6Verifier(string username, string password, byte[] salt_bytes)
--- a/Pages/Account.cshtml.cs
+++ b/Pages/Account.cshtml.cs
@ -31,24 +31,6 @@ namespace NightmareCoreWeb2.Pages
				@@ -31,24 +31,6 @@ namespace NightmareCoreWeb2.Pages
            conn = new MySqlConnection(Program.connStr);
            _logger = logger;
        }
-        public void OnGetAccount(string name)
-        {
-
-            Account a = new Account(name);
-            //AuthToken = "OK";
-            UserAccount = a;
-            OnlineCharacters = a.Characters;
-            foreach (var access in a.Access)
-            {
-                if (access.RealmID == -1 && access.SecurityLevel >= 1)
-                {
-                    this.IsGM = true;
-                    this.Tickets = GMTicket.GetAllTickets();
-                }
-            }
-            ViewData["Title"] = a.Username;
-            CharacterListType = $"{a.Username}'s Characters";
-        }
        public void OnGetCharacterAction(int guid, int action)
        {
            Character c = new Character(guid);
@ -67,21 +49,24 @@ namespace NightmareCoreWeb2.Pages
				@@ -67,21 +49,24 @@ namespace NightmareCoreWeb2.Pages
            Username = Request.Cookies["Username"];
            if (!string.IsNullOrEmpty(Username))
            {
-                Account a = new Account(Username);
-                AuthToken = "OK";
-                UserAccount = a;
-                OnlineCharacters = a.Characters;
-                foreach (var access in a.Access)
+                SetupAccount(Username);
+            }
+        }
+        public void SetupAccount(string Username)
+        {
+            Account a = new Account(Username);
+            UserAccount = a;
+            OnlineCharacters = a.Characters;
+            foreach (var access in a.Access)
+            {
+                if (access.RealmID == -1 && access.RealmID >= 1)
                {
-                    if (access.RealmID == -1 && access.RealmID >= 1)
-                    {
-                        this.IsGM = true;
-                        this.Tickets = GMTicket.GetAllTickets();
-                    }
+                    this.IsGM = true;
+                    this.Tickets = GMTicket.GetAllTickets();
                }
-                ViewData["Title"] = a.Username;
-                CharacterListType = $"{a.Username}'s Characters";
            }
+            ViewData["Title"] = a.Username;
+            CharacterListType = $"{a.Username}'s Characters";
        }


@ -97,8 +82,10 @@ namespace NightmareCoreWeb2.Pages
				@@ -97,8 +82,10 @@ namespace NightmareCoreWeb2.Pages
            {
                Response.Cookies.Append("Username", Username);
                Response.Cookies.Append("AuthToken", a.Verifier);
+                Response.Redirect("/Account");
            }
            
+
        }

        static string Hash(string input)