t0w0bi/ClubPenguinServer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

cleanup of authentication

Browse Source
This commit is contained in:
Stanley Dimant
2022-06-29 23:08:44 +02:00
parent 3c2fac69c3
commit dd1a6e910e
1 changed files with 9 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
MareSynchronosServer/MareSynchronosServer/Authentication/SecretKeyAuthenticationHandler.cs
View File

@@ -21,14 +21,21 @@ namespace MareSynchronosServer.Authentication
protected override async Task<AuthenticateResult> HandleAuthenticateAsync() protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
{ {
if (!Request.Headers.ContainsKey("Authorization")) if (!Request.Headers.ContainsKey("Authorization") || !Request.Headers.ContainsKey("CharacterNameHash"))
return AuthenticateResult.Fail("Failed Authorization"); return AuthenticateResult.Fail("Failed Authorization");
var authHeader = Request.Headers["Authorization"].ToString(); var authHeader = Request.Headers["Authorization"].ToString();
var charNameHeader = Request.Headers["CharacterNameHash"].ToString();
if (string.IsNullOrEmpty(authHeader)) if (string.IsNullOrEmpty(authHeader) || string.IsNullOrEmpty(charNameHeader) || charNameHeader == "--")
return AuthenticateResult.Fail("Failed Authorization"); return AuthenticateResult.Fail("Failed Authorization");
var isBanned = await _mareDbContext.BannedUsers.AnyAsync(u => u.CharacterIdentification == charNameHeader);
if (isBanned)
{
return AuthenticateResult.Fail("Banned");
}
using var sha256 = SHA256.Create(); using var sha256 = SHA256.Create();
var hashedHeader = BitConverter.ToString(sha256.ComputeHash(Encoding.UTF8.GetBytes(authHeader))).Replace("-", ""); var hashedHeader = BitConverter.ToString(sha256.ComputeHash(Encoding.UTF8.GetBytes(authHeader))).Replace("-", "");
var user = _mareDbContext.Users.SingleOrDefault(m => m.SecretKey == hashedHeader); var user = _mareDbContext.Users.SingleOrDefault(m => m.SecretKey == hashedHeader);
@@ -38,18 +45,6 @@ namespace MareSynchronosServer.Authentication
return AuthenticateResult.Fail("Failed Authorization"); return AuthenticateResult.Fail("Failed Authorization");
} }
var charNameHeader = Request.Headers["CharacterNameHash"].ToString();
if (string.IsNullOrEmpty(charNameHeader) || charNameHeader == "--")
return AuthenticateResult.Fail("Requires CharacterNameHash");
var isBanned = await _mareDbContext.BannedUsers.AnyAsync(u => u.CharacterIdentification == charNameHeader);
if (isBanned)
{
return AuthenticateResult.Fail("Banned");
}
user.CharacterIdentification = charNameHeader; user.CharacterIdentification = charNameHeader;
_mareDbContext.Users.Update(user); _mareDbContext.Users.Update(user);
await _mareDbContext.SaveChangesAsync(); await _mareDbContext.SaveChangesAsync();