derek/auth-mistox
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix bad practice for account

Browse Source
This commit is contained in:
Derek Holloway
2025-07-24 21:07:06 -07:00
parent 36412a5139
commit 5209fd9bfc
3 changed files with 26 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files
database/mistox.sql
+3 -1
View File
@@ -9,12 +9,14 @@ CREATE TABLE IF NOT EXISTS `Account` (
`Email` varchar(255) NOT NULL,
`EmailVerified` boolean DEFAULT 0,
`PasswordHash` char(60) DEFAULT NULL,
`LoginToken` binary(16) DEFAULT NULL,
`FailedPasswordLock` boolean DEFAULT 0,
`PasswordAttempts` int(11) DEFAULT NULL,
`CurrentPasswordAttempts` int(11) DEFAULT NULL,
`Role` varchar(45) DEFAULT NULL,
`EmailToken` varchar(45) DEFAULT NULL,
`EmailTokenCreation` datetime,
`PasswordToken` varchar(45) DEFAULT NULL,
`PasswordTokenCreation` datetime,
`DataServer` varchar(200) DEFAULT NULL,
UNIQUE(`Email`),
UNIQUE(`UserName`),
src/Server/Entities/Account.cs
+3 -1
View File
@@ -5,12 +5,14 @@ namespace Auth.Entities {
public string Email { get; set; } = "";
public bool EmailVerified { get; set; } = false;
public string PasswordHash { get; set; } = "";
public Guid LoginToken { get; set; } = new Guid();
public bool FailedPasswordLock { get; set; } = false;
public int PasswordAttempts { get; set; } = 5;
public int CurrentPasswordAttempts { get; set; } = 0;
public string Role { get; set; } = "Generic";
public string EmailToken { get; set; } = "";
public DateTime EmailTokenCreated { get; set; }
public string PasswordToken { get; set; } = "";
public DateTime PasswordTokenCreated { get; set; }
public string DataServer { get; set; } = "";
}
}
src/Server/Services/DatabaseService/Account.cs
+20 -12
View File
@@ -32,21 +32,23 @@ namespace Auth.Services.DatabaseService {
int _curpasswordattempts = reader.GetInt32( "CurrentPasswordAttempts" );
string _role = reader.GetString( "Role" );
string _emailtoken = reader.GetString( "EmailToken" );
DateTime _emailtokencreated = reader.GetDateTime( "EmailTokenCreation" );
string _passwordtoken = reader.GetString( "PasswordToken" );
DateTime _passwordtokencreated = reader.GetDateTime( "PasswordTokenCreation" );
string _dataserver = reader.GetString( "DataServer" );
byte[] _loginToken = new byte[16];
reader.GetBytes( reader.GetOrdinal("LoginToken"), 0, _loginToken, 0, 16);
account = new Account() {
ID = _id,
UserName = _username,
Email = _email,
EmailVerified = _emailVerified,
PasswordHash = _passwordhash,
LoginToken = new Guid(_loginToken),
CurrentPasswordAttempts = _curpasswordattempts,
PasswordAttempts = _passwordattempts,
EmailToken = _emailtoken,
EmailTokenCreated = _emailtokencreated,
PasswordToken = _passwordtoken,
PasswordTokenCreated = _passwordtokencreated,
FailedPasswordLock = _failedpasswordlock,
Role = _role,
DataServer = _dataserver
@@ -85,21 +87,23 @@ namespace Auth.Services.DatabaseService {
int _curpasswordattempts = reader.GetInt32( "CurrentPasswordAttempts" );
string _role = reader.GetString( "Role" );
string _emailtoken = reader.GetString( "EmailToken" );
DateTime _emailtokencreated = reader.GetDateTime( "EmailTokenCreation" );
string _passwordtoken = reader.GetString( "PasswordToken" );
DateTime _passwordtokencreated = reader.GetDateTime( "PasswordTokenCreation" );
string _dataserver = reader.GetString("DataServer");
byte[] _loginToken = new byte[16];
reader.GetBytes( reader.GetOrdinal("LoginToken"), 0, _loginToken, 0, 16);
account = new Account() {
ID = _id,
UserName = _username,
Email = _email,
EmailVerified = _emailVerified,
PasswordHash = _passwordhash,
LoginToken = new Guid(_loginToken),
CurrentPasswordAttempts = _passwordattempts,
PasswordAttempts = _passwordattempts,
EmailToken = _emailtoken,
EmailTokenCreated = _emailtokencreated,
PasswordToken = _passwordtoken,
PasswordTokenCreated = _passwordtokencreated,
FailedPasswordLock = _failedpasswordlock,
Role = _role,
DataServer = _dataserver
@@ -116,20 +120,22 @@ namespace Auth.Services.DatabaseService {
string command = @"
INSERT INTO Account
(ID,UserName,Email,EmailVerified,PasswordHash,LoginToken,FailedPasswordLock,PasswordAttempts,CurrentPasswordAttempts,Role,EmailToken,DataServer)
(ID,UserName,Email,EmailVerified,PasswordHash,FailedPasswordLock,PasswordAttempts,CurrentPasswordAttempts,Role,EmailToken,EmailTokenCreation,PasswordToken,PasswordTokenCreation,DataServer)
VALUES
(@ID,@UserName,@Email,@EmailVerified,@PasswordHash,@LoginToken,@FailedPasswordLock,@PasswordAttempts,@CurrentPasswordAttempts,@Role,@EmailToken,@DataServer)
(@ID,@UserName,@Email,@EmailVerified,@PasswordHash,@FailedPasswordLock,@PasswordAttempts,@CurrentPasswordAttempts,@Role,@EmailToken,@EmailTokenCreation,@PasswordToken,@PasswordTokenCreation,@DataServer)
ON DUPLICATE KEY UPDATE
UserName = @UserName,
Email = @Email,
EmailVerified = @EmailVerified,
PasswordHash = @PasswordHash,
LoginToken = @LoginToken,
FailedPasswordLock = @FailedPasswordLock,
PasswordAttempts = @PasswordAttempts,
CurrentPasswordAttempts = @CurrentPasswordAttempts,
Role = @Role,
EmailToken = @EmailToken,
EmailTokenCreation = @EmailTokenCreation,
PasswordToken = @PasswordToken,
PasswordTokenCreation = @PasswordTokenCreation,
DataServer = @DataServer;
";
@@ -139,12 +145,14 @@ namespace Auth.Services.DatabaseService {
cmd.Parameters.AddWithValue("@Email", Profile.Email);
cmd.Parameters.AddWithValue("@EmailVerified", Profile.EmailVerified);
cmd.Parameters.AddWithValue("@PasswordHash", Profile.PasswordHash);
cmd.Parameters.AddWithValue("@LoginToken", Profile.LoginToken.ToByteArray());
cmd.Parameters.AddWithValue("@FailedPasswordLock", Profile.FailedPasswordLock);
cmd.Parameters.AddWithValue("@PasswordAttempts", Profile.PasswordAttempts);
cmd.Parameters.AddWithValue("@CurrentPasswordAttempts", Profile.CurrentPasswordAttempts);
cmd.Parameters.AddWithValue("@Role", Profile.Role);
cmd.Parameters.AddWithValue("@EmailToken", Profile.EmailToken);
cmd.Parameters.AddWithValue("@EmailTokenCreation", Profile.EmailTokenCreated);
cmd.Parameters.AddWithValue("@PasswordToken", Profile.PasswordToken);
cmd.Parameters.AddWithValue("@PasswordTokenCreation", Profile.PasswordTokenCreated);
cmd.Parameters.AddWithValue("@DataServer", Profile.DataServer);
await cmd.ExecuteNonQueryAsync();