aly/servatrice
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
servatrice/servatrice/src/servatrice_database_interface.h
ebbit1q 2fc85e0c08
use hashed passwords in all commands (#4493) 
* protocol changes

* server changes

* client changes for password reset and registration

* add hashed password to change password in client

* always use hashed password to log in

* add warning to client when using plain text password

* require real password for changing email on server

this is backwards compatible as users logged in with a real password on
older clients will not need this, only users logged in with a hashed
password

* implement password dialog when changing email

* require min password length

* use qstringlist to build query instead

* use clear instead of = ""

* add max to password dialog

* use proper const ness in abstractclient

* reject too long passwords instead of trimming
2022-01-16 20:32:30 -05:00

151 lines
7 KiB
C++
Raw Blame History

#ifndef SERVATRICE_DATABASE_INTERFACE_H
#define SERVATRICE_DATABASE_INTERFACE_H
#include "server.h"
#include "server_database_interface.h"
#include <QChar>
#include <QHash>
#include <QObject>
#include <QSqlDatabase>
#define DATABASE_SCHEMA_VERSION 28
class Servatrice;
class Servatrice_DatabaseInterface : public Server_DatabaseInterface
{
Q_OBJECT
private:
int instanceId;
QSqlDatabase sqlDatabase;
QHash<QString, QSqlQuery *> preparedStatements;
Servatrice *server;
ServerInfo_User evalUserQueryResult(const QSqlQuery *query, bool complete, bool withId = false);
/** Must be called after checkSql and server is known to be in auth mode. */
bool checkUserIsIdBanned(const QString &clientId, QString &banReason, int &banSecondsRemaining);
/** Must be called after checkSql and server is known to be in auth mode. */
bool checkUserIsIpBanned(const QString &ipAddress, QString &banReason, int &banSecondsRemaining);
/** Must be called after checkSql and server is known to be in auth mode. */
bool checkUserIsNameBanned(QString const &userName, QString &banReason, int &banSecondsRemaining);
protected:
AuthenticationResult checkUserPassword(Server_ProtocolHandler *handler,
const QString &user,
const QString &password,
const QString &clientId,
QString &reasonStr,
int &banSecondsLeft,
bool passwordNeedsHash);
public slots:
void initDatabase(const QSqlDatabase &_sqlDatabase);
public:
Servatrice_DatabaseInterface(int _instanceId, Servatrice *_server);
~Servatrice_DatabaseInterface();
bool initDatabase(const QString &type,
const QString &hostName,
const QString &databaseName,
const QString &userName,
const QString &password);
bool openDatabase();
bool checkSql();
QSqlQuery *prepareQuery(const QString &queryText);
bool execSqlQuery(QSqlQuery *query);
const QSqlDatabase &getDatabase()
{
return sqlDatabase;
}
bool activeUserExists(const QString &user);
bool userExists(const QString &user);
QString getUserSalt(const QString &user);
int getUserIdInDB(const QString &name);
QMap<QString, ServerInfo_User> getBuddyList(const QString &name);
QMap<QString, ServerInfo_User> getIgnoreList(const QString &name);
bool isInBuddyList(const QString &whoseList, const QString &who);
bool isInIgnoreList(const QString &whoseList, const QString &who);
ServerInfo_User getUserData(const QString &name, bool withId = false);
void storeGameInformation(const QString &roomName,
const QStringList &roomGameTypes,
const ServerInfo_Game &gameInfo,
const QSet<QString> &allPlayersEver,
const QSet<QString> &allSpectatorsEver,
const QList<GameReplay *> &replayList);
DeckList *getDeckFromDatabase(int deckId, int userId);
int getNextGameId();
int getNextReplayId();
int getActiveUserCount(QString connectionType = QString());
qint64 startSession(const QString &userName,
const QString &address,
const QString &clientId,
const QString &connectionType);
void endSession(qint64 sessionId);
void clearSessionTables();
void lockSessionTables();
void unlockSessionTables();
bool userSessionExists(const QString &userName);
bool usernameIsValid(const QString &user, QString &error);
bool checkUserIsBanned(const QString &ipAddress,
const QString &userName,
const QString &clientId,
QString &banReason,
int &banSecondsRemaining);
int checkNumberOfUserAccounts(const QString &email);
bool registerUser(const QString &userName,
const QString &realName,
const QString &password,
bool passwordNeedsHash,
const QString &emailAddress,
const QString &country,
bool active = false);
bool activateUser(const QString &userName, const QString &token);
void updateUsersClientID(const QString &userName, const QString &userClientID);
void updateUsersLastLoginData(const QString &userName, const QString &clientVersion);
void logMessage(const int senderId,
const QString &senderName,
const QString &senderIp,
const QString &logMessage,
LogMessage_TargetType targetType,
const int targetId,
const QString &targetName);
bool changeUserPassword(const QString &user, const QString &password, bool passwordNeedsHash);
bool changeUserPassword(const QString &user,
const QString &oldPassword,
bool oldPasswordNeedsHash,
const QString &newPassword,
bool newPasswordNeedsHash);
QList<ServerInfo_Ban> getUserBanHistory(const QString userName);
bool
addWarning(const QString userName, const QString adminName, const QString warningReason, const QString clientID);
QList<ServerInfo_Warning> getUserWarnHistory(const QString userName);
QList<ServerInfo_ChatMessage> getMessageLogHistory(const QString &user,
const QString &ipaddress,
const QString &gamename,
const QString &gameid,
const QString &message,
bool &chat,
bool &game,
bool &room,
int &range,
int &maxresults);
bool addForgotPassword(const QString &user);
bool removeForgotPassword(const QString &user);
bool doesForgotPasswordExist(const QString &user);
bool updateUserToken(const QString &token, const QString &user);
bool validateTableColumnStringData(const QString &table,
const QString &column,
const QString &_user,
const QString &_datatocheck);
void addAuditRecord(const QString &user,
const QString &ipaddress,
const QString &clientid,
const QString &action,
const QString &details,
const bool &results);
};
#endif
Reference in a new issue View git blame Copy permalink