Context Navigation

← Previous Changeset
Next Changeset →

Changeset 433

Timestamp:

May 7, 2023, 5:05:29 PM (19 months ago)

Author:

alloc

Message:

Fixed: User registration allowed same username for multiple users

Location:

binary-improvements2

Files:

: 3 added
: 9 edited
: 12 moved

WebServer/WebServer.csproj (modified) (1 diff)
WebServer/src/Permissions/AdminWebUsers.cs (modified) (1 diff)
WebServer/src/UrlHandlers/SessionHandler.cs (modified) (2 diffs)
WebServer/src/WebAPI/APIs/GameData (added)
WebServer/src/WebAPI/APIs/GameData/Item.cs (moved) (moved from binary-improvements2/WebServer/src/WebAPI/APIs/Item.cs )
WebServer/src/WebAPI/APIs/GameData/Mods.cs (moved) (moved from binary-improvements2/WebServer/src/WebAPI/APIs/Mods.cs )
WebServer/src/WebAPI/APIs/Permissions (added)
WebServer/src/WebAPI/APIs/Permissions/RegisterUser.cs (moved) (moved from binary-improvements2/WebServer/src/WebAPI/APIs/RegisterUser.cs ) (2 diffs)
WebServer/src/WebAPI/APIs/WorldState (added)
WebServer/src/WebAPI/APIs/WorldState/Animal.cs (moved) (moved from binary-improvements2/WebServer/src/WebAPI/APIs/Animal.cs )
WebServer/src/WebAPI/APIs/WorldState/GetLandClaims.cs (moved) (moved from binary-improvements2/WebServer/src/WebAPI/APIs/GetLandClaims.cs )
WebServer/src/WebAPI/APIs/WorldState/GetPlayerInventories.cs (moved) (moved from binary-improvements2/WebServer/src/WebAPI/APIs/GetPlayerInventories.cs )
WebServer/src/WebAPI/APIs/WorldState/GetPlayerInventory.cs (moved) (moved from binary-improvements2/WebServer/src/WebAPI/APIs/GetPlayerInventory.cs )
WebServer/src/WebAPI/APIs/WorldState/GetPlayerList.cs (moved) (moved from binary-improvements2/WebServer/src/WebAPI/APIs/GetPlayerList.cs )
WebServer/src/WebAPI/APIs/WorldState/GetPlayersLocation.cs (moved) (moved from binary-improvements2/WebServer/src/WebAPI/APIs/GetPlayersLocation.cs )
WebServer/src/WebAPI/APIs/WorldState/GetPlayersOnline.cs (moved) (moved from binary-improvements2/WebServer/src/WebAPI/APIs/GetPlayersOnline.cs )
WebServer/src/WebAPI/APIs/WorldState/Hostile.cs (moved) (moved from binary-improvements2/WebServer/src/WebAPI/APIs/Hostile.cs )
WebServer/src/WebAPI/APIs/WorldState/Player.cs (moved) (moved from binary-improvements2/WebServer/src/WebAPI/APIs/Player.cs )
bin/Mods/TFP_MapRendering/MapRendering.dll (modified) ( previous)
bin/Mods/TFP_MapRendering/MapRendering.pdb (modified) ( previous)
bin/Mods/TFP_WebServer/WebServer.dll (modified) ( previous)
bin/Mods/TFP_WebServer/WebServer.pdb (modified) ( previous)
bin/Mods/Xample_MarkersMod/MarkersMod.dll (modified) ( previous)
bin/Mods/Xample_MarkersMod/MarkersMod.pdb (modified) ( previous)

Legend:

: Unmodified
: Added
: Removed

binary-improvements2/WebServer/WebServer.csproj

-              r432
+              r433
     <Compile Include="src\WebAPI\AbsRestApi.cs" />
     <Compile Include="src\WebAPI\AbsWebAPI.cs" />
-    <Compile Include="src\WebAPI\APIs\Animal.cs" />
     <Compile Include="src\WebAPI\APIs\Command.cs" />
+    <Compile Include="src\WebAPI\APIs\GetLandClaims.cs" />
+    <Compile Include="src\WebAPI\APIs\GetPlayerInventories.cs" />
+    <Compile Include="src\WebAPI\APIs\GetPlayerInventory.cs" />
+    <Compile Include="src\WebAPI\APIs\GetPlayerList.cs" />
+    <Compile Include="src\WebAPI\APIs\GetPlayersLocation.cs" />
+    <Compile Include="src\WebAPI\APIs\GetPlayersOnline.cs" />
+    <Compile Include="src\WebAPI\APIs\Hostile.cs" />
+    <Compile Include="src\WebAPI\APIs\Item.cs" />
+    <Compile Include="src\WebAPI\APIs\GameData\Item.cs" />
+    <Compile Include="src\WebAPI\APIs\GameData\Mods.cs" />
     <Compile Include="src\WebAPI\APIs\Log.cs" />
+    <Compile Include="src\WebAPI\APIs\Player.cs" />
+    <Compile Include="src\WebAPI\APIs\RegisterUser.cs" />
+    <Compile Include="src\WebAPI\APIs\Permissions\RegisterUser.cs" />
     <Compile Include="src\WebAPI\APIs\ServerInfo.cs" />
     <Compile Include="src\WebAPI\APIs\ServerStats.cs" />
-    <Compile Include="src\WebAPI\APIs\Mods.cs" />
     <Compile Include="src\WebAPI\APIs\WebUiUpdates.cs" />
+    <Compile Include="src\WebAPI\APIs\WorldState\Animal.cs" />
+    <Compile Include="src\WebAPI\APIs\WorldState\GetLandClaims.cs" />
+    <Compile Include="src\WebAPI\APIs\WorldState\GetPlayerInventories.cs" />
+    <Compile Include="src\WebAPI\APIs\WorldState\GetPlayerInventory.cs" />
+    <Compile Include="src\WebAPI\APIs\WorldState\GetPlayerList.cs" />
+    <Compile Include="src\WebAPI\APIs\WorldState\GetPlayersLocation.cs" />
+    <Compile Include="src\WebAPI\APIs\WorldState\GetPlayersOnline.cs" />
+    <Compile Include="src\WebAPI\APIs\WorldState\Hostile.cs" />
+    <Compile Include="src\WebAPI\APIs\WorldState\Player.cs" />
     <Compile Include="src\WebAPI\JsonCommons.cs" />
     <Compile Include="src\WebAPI\Null.cs" />

binary-improvements2/WebServer/src/Permissions/AdminWebUsers.cs

-              r404
+              r433
+                }
                 public WebUser? GetUser (string _name, string _password) {
                         if (users.TryGetValue (_name, out WebUser user) && user.ValidatePassword (_password)) {
                                 return user;
+                public bool TryGetUser (string _name, string _password, out WebUser _result) {
+                        if (users.TryGetValue (_name, out _result) && _result.ValidatePassword (_password)) {
+                                return true;
+                        }
+                        return null;
+                        _result = default;
+                        return false;
+                }
+                public bool HasUser (PlatformUserIdentifierAbs _platformUser, PlatformUserIdentifierAbs _crossPlatformUser, out WebUser _result) {
+                        _result = default;
+                        foreach ((string _, WebUser webUser) in users) {
+                                if (!PlatformUserIdentifierAbs.Equals (webUser.PlatformUser, _platformUser) ||
+                                    !PlatformUserIdentifierAbs.Equals (webUser.CrossPlatformUser, _crossPlatformUser)) {
+                                        continue;
+                                }
+#region Specials
+                                _result = webUser;
+                                return true;
+                        }
+#endregion
+                        return false;
+                }
+        }
+}

binary-improvements2/WebServer/src/UrlHandlers/SessionHandler.cs

r422	r433
90	90	}
91	91
92		AdminWebUsers.WebUser? webUser = AdminWebUsers.Instance.GetUser (username, password);
93
94		if (!webUser.HasValue) {
	92	if (!AdminWebUsers.Instance.TryGetUser (username, password, out AdminWebUsers.WebUser webUser)) {
95	93	Log.Out ($"[Web] User/pass login failed from {_remoteEndpointString}");
96	94	WebUtils.WriteText (_context.Response, "UserPassInvalid", HttpStatusCode.Unauthorized);
…	…
98	96	}
99	97
100		HandleUserIdLogin (connectionHandler, _context, _remoteEndpointString, userPassLoginName, userPassErrorPage, webUser.~~Value.Name, webUser.Value.PlatformUser, webUser.Value~~.CrossPlatformUser);
	98	HandleUserIdLogin (connectionHandler, _context, _remoteEndpointString, userPassLoginName, userPassErrorPage, webUser.Name, webUser.PlatformUser, webUser.CrossPlatformUser);
101	99	}
102	100

binary-improvements2/WebServer/src/WebAPI/APIs/Permissions/RegisterUser.cs

-              r432
+              r433
                                 return;
+                        }
+                        if (AdminWebUsers.Instance.GetUsers ().TryGetValue (username, out AdminWebUsers.WebUser existingMapping)) {
+                                // Username already exists
+                                if (!PlatformUserIdentifierAbs.Equals (existingMapping.PlatformUser, regData.PlatformUserId) ||
+                                    !PlatformUserIdentifierAbs.Equals (existingMapping.CrossPlatformUser, regData.CrossPlatformUserId)) {
+                                        // Username already in use by another player
+                                        SendErrorResult (_context, HttpStatusCode.Unauthorized, _jsonInputData, "DUPLICATE_USERNAME");
+                                        return;
+                                }
+                                // Username used by the same player, allow overwriting his existing login
+                        }
+                        // TODO: Check if username is already used by someone else!
+                        // TODO: Remove existing username if player already had one!
+                        // Log info
+                        string crossplatformidString = regData.CrossPlatformUserId == null ? "" : $", crossplatform ID {regData.CrossPlatformUserId.CombinedString}";
+                        global::Log.Out ($"[Web] User registered: Username '{username}' for platform ID {regData.PlatformUserId.CombinedString}{crossplatformidString}");
+                        if (AdminWebUsers.Instance.HasUser (regData.PlatformUserId, regData.CrossPlatformUserId, out AdminWebUsers.WebUser existingUser)) {
+                                // Remove existing username of player, only allowing one user per player
+                                global::Log.Out ($"[Web] Re-registration, replacing existing username '{existingUser.Name}'");
+                                AdminWebUsers.Instance.RemoveUser (existingUser.Name);
+                        }
+                        // Add new user
                         AdminWebUsers.Instance.AddUser (username, password, regData.PlatformUserId, regData.CrossPlatformUserId);
+                        // Login with new user and return response
                         string remoteEndpointString = _context.Request.RemoteEndPoint!.ToString ();
                         SessionHandler.HandleUserIdLogin (ParentWeb.ConnectionHandler, _context, remoteEndpointString, SessionHandler.userPassLoginName,
 …
                         _context.Response.ContentEncoding = Encoding.UTF8;
                         _context.Response.ContentLength64 = 0;
-                        // _context.Response.OutputStream.Write (jsonData.Array!, 0, jsonData.Count);
+                }

Note: See TracChangeset for help on using the changeset viewer.