Changeset 433 for binary-improvements2/WebServer/src

Timestamp:

May 7, 2023, 5:05:29 PM (19 months ago)

Author:

alloc

Message:

Fixed: User registration allowed same username for multiple users

Location:

binary-improvements2/WebServer/src

Files:

• Permissions/AdminWebUsers.cs (modified) (1 diff)
• UrlHandlers/SessionHandler.cs (modified) (2 diffs)
• WebAPI/APIs/GameData (added)
• WebAPI/APIs/GameData/Item.cs (moved) (moved from binary-improvements2/WebServer/src/WebAPI/APIs/Item.cs )
• WebAPI/APIs/GameData/Mods.cs (moved) (moved from binary-improvements2/WebServer/src/WebAPI/APIs/Mods.cs )
• WebAPI/APIs/Permissions (added)
• WebAPI/APIs/Permissions/RegisterUser.cs (moved) (moved from binary-improvements2/WebServer/src/WebAPI/APIs/RegisterUser.cs ) (2 diffs)
• WebAPI/APIs/WorldState (added)
• WebAPI/APIs/WorldState/Animal.cs (moved) (moved from binary-improvements2/WebServer/src/WebAPI/APIs/Animal.cs )
• WebAPI/APIs/WorldState/GetLandClaims.cs (moved) (moved from binary-improvements2/WebServer/src/WebAPI/APIs/GetLandClaims.cs )
• WebAPI/APIs/WorldState/GetPlayerInventories.cs (moved) (moved from binary-improvements2/WebServer/src/WebAPI/APIs/GetPlayerInventories.cs )
• WebAPI/APIs/WorldState/GetPlayerInventory.cs (moved) (moved from binary-improvements2/WebServer/src/WebAPI/APIs/GetPlayerInventory.cs )
• WebAPI/APIs/WorldState/GetPlayerList.cs (moved) (moved from binary-improvements2/WebServer/src/WebAPI/APIs/GetPlayerList.cs )
• WebAPI/APIs/WorldState/GetPlayersLocation.cs (moved) (moved from binary-improvements2/WebServer/src/WebAPI/APIs/GetPlayersLocation.cs )
• WebAPI/APIs/WorldState/GetPlayersOnline.cs (moved) (moved from binary-improvements2/WebServer/src/WebAPI/APIs/GetPlayersOnline.cs )
• WebAPI/APIs/WorldState/Hostile.cs (moved) (moved from binary-improvements2/WebServer/src/WebAPI/APIs/Hostile.cs )
• WebAPI/APIs/WorldState/Player.cs (moved) (moved from binary-improvements2/WebServer/src/WebAPI/APIs/Player.cs )

binary-improvements2/WebServer/src/Permissions/AdminWebUsers.cs

@@ -133 +133 @@
                 }
 
-                public WebUser? GetUser (string _name, string _password) {
-                        if (users.TryGetValue (_name, out WebUser user) && user.ValidatePassword (_password)) {
-                                return user;
+                public bool TryGetUser (string _name, string _password, out WebUser _result) {
+                        if (users.TryGetValue (_name, out _result) && _result.ValidatePassword (_password)) {
+                                return true;
                         }
 
-                        return null;
+                        _result = default;
+                        return false;
                 }
 
+                public bool HasUser (PlatformUserIdentifierAbs _platformUser, PlatformUserIdentifierAbs _crossPlatformUser, out WebUser _result) {
+                        _result = default;
+                        
+                        foreach ((string _, WebUser webUser) in users) {
+                                if (!PlatformUserIdentifierAbs.Equals (webUser.PlatformUser, _platformUser) ||
+                                    !PlatformUserIdentifierAbs.Equals (webUser.CrossPlatformUser, _crossPlatformUser)) {
+                                        continue;
+                                }
 
-#region Specials
+                                _result = webUser;
+                                return true;
+                        }
 
-                
-#endregion
+                        return false;
+                }
+
         }
 }

binary-improvements2/WebServer/src/UrlHandlers/SessionHandler.cs

@@ -90 +90 @@
                         }
 
-                        AdminWebUsers.WebUser? webUser = AdminWebUsers.Instance.GetUser (username, password);
-
-                        if (!webUser.HasValue) {
+                        if (!AdminWebUsers.Instance.TryGetUser (username, password, out AdminWebUsers.WebUser webUser)) {
                                 Log.Out ($"[Web] User/pass login failed from {_remoteEndpointString}");
                                 WebUtils.WriteText (_context.Response, "UserPassInvalid", HttpStatusCode.Unauthorized);
@@ -98 +96 @@
                         }
 
-                        HandleUserIdLogin (connectionHandler, _context, _remoteEndpointString, userPassLoginName, userPassErrorPage, webUser.Value.Name, webUser.Value.PlatformUser, webUser.Value.CrossPlatformUser);
+                        HandleUserIdLogin (connectionHandler, _context, _remoteEndpointString, userPassLoginName, userPassErrorPage, webUser.Name, webUser.PlatformUser, webUser.CrossPlatformUser);
                 }
 

binary-improvements2/WebServer/src/WebAPI/APIs/Permissions/RegisterUser.cs

@@ -79 +79 @@
                                 return;
                         }
+
+                        if (AdminWebUsers.Instance.GetUsers ().TryGetValue (username, out AdminWebUsers.WebUser existingMapping)) {
+                                // Username already exists
+
+                                if (!PlatformUserIdentifierAbs.Equals (existingMapping.PlatformUser, regData.PlatformUserId) ||
+                                    !PlatformUserIdentifierAbs.Equals (existingMapping.CrossPlatformUser, regData.CrossPlatformUserId)) {
+                                        // Username already in use by another player
+                                        SendErrorResult (_context, HttpStatusCode.Unauthorized, _jsonInputData, "DUPLICATE_USERNAME");
+                                        return;
+                                }
+                                
+                                // Username used by the same player, allow overwriting his existing login
+                        }
                         
-                        // TODO: Check if username is already used by someone else!
-                        // TODO: Remove existing username if player already had one!
+                        // Log info
+                        string crossplatformidString = regData.CrossPlatformUserId == null ? "" : $", crossplatform ID {regData.CrossPlatformUserId.CombinedString}";
+                        global::Log.Out ($"[Web] User registered: Username '{username}' for platform ID {regData.PlatformUserId.CombinedString}{crossplatformidString}");
 
+                        if (AdminWebUsers.Instance.HasUser (regData.PlatformUserId, regData.CrossPlatformUserId, out AdminWebUsers.WebUser existingUser)) {
+                                // Remove existing username of player, only allowing one user per player
+
+                                global::Log.Out ($"[Web] Re-registration, replacing existing username '{existingUser.Name}'");
+                                AdminWebUsers.Instance.RemoveUser (existingUser.Name);
+                        }
+
+                        // Add new user
                         AdminWebUsers.Instance.AddUser (username, password, regData.PlatformUserId, regData.CrossPlatformUserId);
                         
+                        // Login with new user and return response
                         string remoteEndpointString = _context.Request.RemoteEndPoint!.ToString ();
                         SessionHandler.HandleUserIdLogin (ParentWeb.ConnectionHandler, _context, remoteEndpointString, SessionHandler.userPassLoginName,
@@ -93 +116 @@
                         _context.Response.ContentEncoding = Encoding.UTF8;
                         _context.Response.ContentLength64 = 0;
-                        // _context.Response.OutputStream.Write (jsonData.Array!, 0, jsonData.Count);
                 }