Merge pull request #126 from AttorneyOnline/password-changing

Add /changepass
2021-05-11 08:48:04 -05:00 · 2021-05-11 08:48:04 -05:00 · 1696d13b18
commit 1696d13b18
parent 9e0d121fa4 afa6b67085
4 changed files with 80 additions and 0 deletions
--- a/include/aoclient.h
+++ b/include/aoclient.h
@ -787,6 +787,16 @@ class AOClient : public QObject {
     */
    void cmdLogout(int argc, QStringList argv);

+    /**
+     * @brief Changes a moderator's password.
+     *
+     * @details If it is called with **one argument**, that argument is the **new password** to change to.
+     *
+     * If it is called with **two arguments**, the first argument is the **new password** to change to,
+     * and the second argument is the **username** of the moderator to change the password of.
+     */
+    void cmdChangePassword(int argc, QStringList argv);
+
    ///@}

    /**
@ -2019,6 +2029,7 @@ class AOClient : public QObject {
        {"kickuid",            {ACLFlags.value("KICK"),         2, &AOClient::cmdKickUid}},
        {"kick_uid",           {ACLFlags.value("KICK"),         2, &AOClient::cmdKickUid}},
        {"firstperson",        {ACLFlags.value("NONE"),         0, &AOClient::cmdFirstPerson}},
+        {"changepass",         {ACLFlags.value("NONE"),         1, &AOClient::cmdChangePassword}},
    };

    /**
--- a/include/db_manager.h
+++ b/include/db_manager.h
@ -252,6 +252,17 @@ public:
     */
    QList<BanInfo> getBanInfo(QString lookup_type, QString id);

+    /**
+     * @brief Updates the password of the given user.
+     *
+     * @param username The username to change.
+     *
+     * @param password The new password to change to.
+     *
+     * @return True if the password change was successful.
+     */
+    bool updatePassword(QString username, QString password);
+
 private:
    /**
     * @brief The name of the database connection driver.
--- a/src/commands/authentication.cpp
+++ b/src/commands/authentication.cpp
@ -232,3 +232,33 @@ void AOClient::cmdLogout(int argc, QStringList argv)
    moderator_name = "";
    sendPacket("AUTH", {"-1"}); // Client: "You were logged out."
 }
+
+void AOClient::cmdChangePassword(int argc, QStringList argv)
+{
+    QString username;
+    QString password;
+    if (argc == 1) {
+        if (moderator_name.isEmpty()) {
+            sendServerMessage("You are not logged in.");
+            return;
+        }
+        username = moderator_name;
+        password = argv[0];
+    }
+    else if (argc == 2 && checkAuth(ACLFlags.value("SUPER"))) {
+        username = argv[0];
+        password = argv[1];
+    }
+    else {
+        sendServerMessage("Invalid command syntax.");
+        return;
+    }
+
+    if (server->db_manager->updatePassword(username, password)) {
+        sendServerMessage("Successfully changed password.");
+    }
+    else {
+        sendServerMessage("There was an error changing the password.");
+        return;
+    }
+}
--- a/src/db_manager.cpp
+++ b/src/db_manager.cpp
@ -368,6 +368,34 @@ QList<DBManager::BanInfo> DBManager::getBanInfo(QString lookup_type, QString id)
    return return_list;
 }

+bool DBManager::updatePassword(QString username, QString password)
+{
+    QString salt;
+    QSqlQuery salt_check;
+    salt_check.prepare("SELECT SALT FROM users WHERE USERNAME = ?");
+    salt_check.addBindValue(username);
+    salt_check.exec();
+
+    if (!salt_check.first())
+        return false;
+    else
+        salt = salt_check.value(0).toString();
+
+    QSqlQuery query;
+
+    QString salted_password;
+    QMessageAuthenticationCode hmac(QCryptographicHash::Sha256);
+    hmac.setKey(salt.toUtf8());
+    hmac.addData(password.toUtf8());
+    salted_password = hmac.result().toHex();
+
+    query.prepare("UPDATE users SET PASSWORD = ? WHERE USERNAME = ?");
+    query.addBindValue(salted_password);
+    query.addBindValue(username);
+    query.exec();
+    return true;
+}
+
 int DBManager::checkVersion()
 {
    QSqlQuery query;