From 5209fd9bfc07d19e796bbd1029c1d0dbdbc4731f Mon Sep 17 00:00:00 2001 From: Derek Holloway Date: Thu, 24 Jul 2025 21:07:06 -0700 Subject: [PATCH] Fix bad practice for account --- database/mistox.sql | 4 ++- src/Server/Entities/Account.cs | 4 ++- .../Services/DatabaseService/Account.cs | 32 ++++++++++++------- 3 files changed, 26 insertions(+), 14 deletions(-) diff --git a/database/mistox.sql b/database/mistox.sql index 08ba404..b675663 100755 --- a/database/mistox.sql +++ b/database/mistox.sql @@ -9,12 +9,14 @@ CREATE TABLE IF NOT EXISTS `Account` ( `Email` varchar(255) NOT NULL, `EmailVerified` boolean DEFAULT 0, `PasswordHash` char(60) DEFAULT NULL, - `LoginToken` binary(16) DEFAULT NULL, `FailedPasswordLock` boolean DEFAULT 0, `PasswordAttempts` int(11) DEFAULT NULL, `CurrentPasswordAttempts` int(11) DEFAULT NULL, `Role` varchar(45) DEFAULT NULL, `EmailToken` varchar(45) DEFAULT NULL, + `EmailTokenCreation` datetime, + `PasswordToken` varchar(45) DEFAULT NULL, + `PasswordTokenCreation` datetime, `DataServer` varchar(200) DEFAULT NULL, UNIQUE(`Email`), UNIQUE(`UserName`), diff --git a/src/Server/Entities/Account.cs b/src/Server/Entities/Account.cs index d2b431e..b56f9a3 100644 --- a/src/Server/Entities/Account.cs +++ b/src/Server/Entities/Account.cs @@ -5,12 +5,14 @@ namespace Auth.Entities { public string Email { get; set; } = ""; public bool EmailVerified { get; set; } = false; public string PasswordHash { get; set; } = ""; - public Guid LoginToken { get; set; } = new Guid(); public bool FailedPasswordLock { get; set; } = false; public int PasswordAttempts { get; set; } = 5; public int CurrentPasswordAttempts { get; set; } = 0; public string Role { get; set; } = "Generic"; public string EmailToken { get; set; } = ""; + public DateTime EmailTokenCreated { get; set; } + public string PasswordToken { get; set; } = ""; + public DateTime PasswordTokenCreated { get; set; } public string DataServer { get; set; } = ""; } } \ No newline at end of file diff --git a/src/Server/Services/DatabaseService/Account.cs b/src/Server/Services/DatabaseService/Account.cs index 5196c1b..c336f4f 100755 --- a/src/Server/Services/DatabaseService/Account.cs +++ b/src/Server/Services/DatabaseService/Account.cs @@ -32,21 +32,23 @@ namespace Auth.Services.DatabaseService { int _curpasswordattempts = reader.GetInt32( "CurrentPasswordAttempts" ); string _role = reader.GetString( "Role" ); string _emailtoken = reader.GetString( "EmailToken" ); + DateTime _emailtokencreated = reader.GetDateTime( "EmailTokenCreation" ); + string _passwordtoken = reader.GetString( "PasswordToken" ); + DateTime _passwordtokencreated = reader.GetDateTime( "PasswordTokenCreation" ); string _dataserver = reader.GetString( "DataServer" ); - byte[] _loginToken = new byte[16]; - reader.GetBytes( reader.GetOrdinal("LoginToken"), 0, _loginToken, 0, 16); - account = new Account() { ID = _id, UserName = _username, Email = _email, EmailVerified = _emailVerified, PasswordHash = _passwordhash, - LoginToken = new Guid(_loginToken), CurrentPasswordAttempts = _curpasswordattempts, PasswordAttempts = _passwordattempts, EmailToken = _emailtoken, + EmailTokenCreated = _emailtokencreated, + PasswordToken = _passwordtoken, + PasswordTokenCreated = _passwordtokencreated, FailedPasswordLock = _failedpasswordlock, Role = _role, DataServer = _dataserver @@ -85,21 +87,23 @@ namespace Auth.Services.DatabaseService { int _curpasswordattempts = reader.GetInt32( "CurrentPasswordAttempts" ); string _role = reader.GetString( "Role" ); string _emailtoken = reader.GetString( "EmailToken" ); + DateTime _emailtokencreated = reader.GetDateTime( "EmailTokenCreation" ); + string _passwordtoken = reader.GetString( "PasswordToken" ); + DateTime _passwordtokencreated = reader.GetDateTime( "PasswordTokenCreation" ); string _dataserver = reader.GetString("DataServer"); - byte[] _loginToken = new byte[16]; - reader.GetBytes( reader.GetOrdinal("LoginToken"), 0, _loginToken, 0, 16); - account = new Account() { ID = _id, UserName = _username, Email = _email, EmailVerified = _emailVerified, PasswordHash = _passwordhash, - LoginToken = new Guid(_loginToken), CurrentPasswordAttempts = _passwordattempts, PasswordAttempts = _passwordattempts, EmailToken = _emailtoken, + EmailTokenCreated = _emailtokencreated, + PasswordToken = _passwordtoken, + PasswordTokenCreated = _passwordtokencreated, FailedPasswordLock = _failedpasswordlock, Role = _role, DataServer = _dataserver @@ -116,20 +120,22 @@ namespace Auth.Services.DatabaseService { string command = @" INSERT INTO Account - (ID,UserName,Email,EmailVerified,PasswordHash,LoginToken,FailedPasswordLock,PasswordAttempts,CurrentPasswordAttempts,Role,EmailToken,DataServer) + (ID,UserName,Email,EmailVerified,PasswordHash,FailedPasswordLock,PasswordAttempts,CurrentPasswordAttempts,Role,EmailToken,EmailTokenCreation,PasswordToken,PasswordTokenCreation,DataServer) VALUES - (@ID,@UserName,@Email,@EmailVerified,@PasswordHash,@LoginToken,@FailedPasswordLock,@PasswordAttempts,@CurrentPasswordAttempts,@Role,@EmailToken,@DataServer) + (@ID,@UserName,@Email,@EmailVerified,@PasswordHash,@FailedPasswordLock,@PasswordAttempts,@CurrentPasswordAttempts,@Role,@EmailToken,@EmailTokenCreation,@PasswordToken,@PasswordTokenCreation,@DataServer) ON DUPLICATE KEY UPDATE UserName = @UserName, Email = @Email, EmailVerified = @EmailVerified, PasswordHash = @PasswordHash, - LoginToken = @LoginToken, FailedPasswordLock = @FailedPasswordLock, PasswordAttempts = @PasswordAttempts, CurrentPasswordAttempts = @CurrentPasswordAttempts, Role = @Role, EmailToken = @EmailToken, + EmailTokenCreation = @EmailTokenCreation, + PasswordToken = @PasswordToken, + PasswordTokenCreation = @PasswordTokenCreation, DataServer = @DataServer; "; @@ -139,12 +145,14 @@ namespace Auth.Services.DatabaseService { cmd.Parameters.AddWithValue("@Email", Profile.Email); cmd.Parameters.AddWithValue("@EmailVerified", Profile.EmailVerified); cmd.Parameters.AddWithValue("@PasswordHash", Profile.PasswordHash); - cmd.Parameters.AddWithValue("@LoginToken", Profile.LoginToken.ToByteArray()); cmd.Parameters.AddWithValue("@FailedPasswordLock", Profile.FailedPasswordLock); cmd.Parameters.AddWithValue("@PasswordAttempts", Profile.PasswordAttempts); cmd.Parameters.AddWithValue("@CurrentPasswordAttempts", Profile.CurrentPasswordAttempts); cmd.Parameters.AddWithValue("@Role", Profile.Role); cmd.Parameters.AddWithValue("@EmailToken", Profile.EmailToken); + cmd.Parameters.AddWithValue("@EmailTokenCreation", Profile.EmailTokenCreated); + cmd.Parameters.AddWithValue("@PasswordToken", Profile.PasswordToken); + cmd.Parameters.AddWithValue("@PasswordTokenCreation", Profile.PasswordTokenCreated); cmd.Parameters.AddWithValue("@DataServer", Profile.DataServer); await cmd.ExecuteNonQueryAsync();