From 855796a224783117b8707014f5d7590961b53d3e Mon Sep 17 00:00:00 2001 From: turecross321 <51852312+turecross321@users.noreply.github.com> Date: Mon, 30 Sep 2024 17:30:52 +0200 Subject: [PATCH] Force finished registration to access authenticated endpoints --- ...nBannedAttribute.cs => AllowWhenBannedAttribute.cs} | 2 +- .../Database/GameDatabaseContext.Users.cs | 4 ++-- .../Endpoints/Api/ApiAuthenticationEndpoints.cs | 4 ++-- SoundShapesServer/GameAuthenticationProvider.cs | 10 ++++++---- 4 files changed, 11 insertions(+), 9 deletions(-) rename SoundShapesServer/Attributes/{AllowedWhenBannedAttribute.cs => AllowWhenBannedAttribute.cs} (50%) diff --git a/SoundShapesServer/Attributes/AllowedWhenBannedAttribute.cs b/SoundShapesServer/Attributes/AllowWhenBannedAttribute.cs similarity index 50% rename from SoundShapesServer/Attributes/AllowedWhenBannedAttribute.cs rename to SoundShapesServer/Attributes/AllowWhenBannedAttribute.cs index 7fc8cfa..60781e3 100644 --- a/SoundShapesServer/Attributes/AllowedWhenBannedAttribute.cs +++ b/SoundShapesServer/Attributes/AllowWhenBannedAttribute.cs @@ -1,6 +1,6 @@ namespace SoundShapesServer.Attributes; -public class AllowedWhenBannedAttribute: Attribute +public class AllowWhenBannedAttribute: Attribute { } \ No newline at end of file diff --git a/SoundShapesServer/Database/GameDatabaseContext.Users.cs b/SoundShapesServer/Database/GameDatabaseContext.Users.cs index dcd2c00..715b39a 100644 --- a/SoundShapesServer/Database/GameDatabaseContext.Users.cs +++ b/SoundShapesServer/Database/GameDatabaseContext.Users.cs @@ -13,9 +13,9 @@ public partial class GameDatabaseContext return this.Users.FirstOrDefault(u => u.Name == name); } - public DbUser? GetUserWithEmail(string name) + public DbUser? GetRegisteredUserWithEmail(string name) { - return this.Users.FirstOrDefault(u => u.EmailAddress == name); + return this.Users.FirstOrDefault(u => u.EmailAddress == name && u.FinishedRegistration); } public DbUser CreateUser(string name) diff --git a/SoundShapesServer/Endpoints/Api/ApiAuthenticationEndpoints.cs b/SoundShapesServer/Endpoints/Api/ApiAuthenticationEndpoints.cs index 1d6358b..2d3aaf0 100644 --- a/SoundShapesServer/Endpoints/Api/ApiAuthenticationEndpoints.cs +++ b/SoundShapesServer/Endpoints/Api/ApiAuthenticationEndpoints.cs @@ -98,7 +98,7 @@ public ApiResponse VerifyEmail(RequestContext context, Game public ApiOkResponse SendPasswordResetMail(RequestContext context, GameDatabaseContext database, EmailService email, ServerConfig config, ApiSendPasswordResetMailRequest body) { - DbUser? user = database.GetUserWithEmail(body.Email); + DbUser? user = database.GetRegisteredUserWithEmail(body.Email); if (user == null) { // Don't respond with an error to avoid email lookup security vulnerability @@ -238,7 +238,7 @@ public ApiResponse LogIn(RequestContext context, GameDatabaseC if (!CommonPatterns.Sha512Regex().IsMatch(body.PasswordSha512)) return ApiBadRequestError.PasswordIsNotHashed; - DbUser? user = database.GetUserWithEmail(body.Email); + DbUser? user = database.GetRegisteredUserWithEmail(body.Email); if (user == null) { // Do the work of checking the password if there was no user found to avoid timing attacks. diff --git a/SoundShapesServer/GameAuthenticationProvider.cs b/SoundShapesServer/GameAuthenticationProvider.cs index f879b09..35a6e8d 100644 --- a/SoundShapesServer/GameAuthenticationProvider.cs +++ b/SoundShapesServer/GameAuthenticationProvider.cs @@ -39,7 +39,7 @@ public class GameAuthenticationProvider: IAuthenticationProvider string uriPath = request.Uri.AbsolutePath; if (uriPath.StartsWith(GameEndpointAttribute.RoutePrefix) - && token.TokenType == TokenType.GameAccess) + && token is { TokenType: TokenType.GameAccess, User.FinishedRegistration: true }) { return token; } @@ -49,11 +49,13 @@ public class GameAuthenticationProvider: IAuthenticationProvider return token; } - if (uriPath.StartsWith(ApiEndpointAttribute.RoutePrefix) && token.TokenType == TokenType.ApiAccess) + if (uriPath.StartsWith(ApiEndpointAttribute.RoutePrefix) && token is + { TokenType: TokenType.ApiAccess, User.FinishedRegistration: true }) { return token; - } - + } + + return null; } } \ No newline at end of file