Merge pull request #126 from AttorneyOnline/password-changing

Add /changepass
This commit is contained in:
scatterflower 2021-05-11 08:48:04 -05:00 committed by GitHub
commit 1696d13b18
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 80 additions and 0 deletions

View File

@ -787,6 +787,16 @@ class AOClient : public QObject {
*/
void cmdLogout(int argc, QStringList argv);
/**
* @brief Changes a moderator's password.
*
* @details If it is called with **one argument**, that argument is the **new password** to change to.
*
* If it is called with **two arguments**, the first argument is the **new password** to change to,
* and the second argument is the **username** of the moderator to change the password of.
*/
void cmdChangePassword(int argc, QStringList argv);
///@}
/**
@ -2019,6 +2029,7 @@ class AOClient : public QObject {
{"kickuid", {ACLFlags.value("KICK"), 2, &AOClient::cmdKickUid}},
{"kick_uid", {ACLFlags.value("KICK"), 2, &AOClient::cmdKickUid}},
{"firstperson", {ACLFlags.value("NONE"), 0, &AOClient::cmdFirstPerson}},
{"changepass", {ACLFlags.value("NONE"), 1, &AOClient::cmdChangePassword}},
};
/**

View File

@ -252,6 +252,17 @@ public:
*/
QList<BanInfo> getBanInfo(QString lookup_type, QString id);
/**
* @brief Updates the password of the given user.
*
* @param username The username to change.
*
* @param password The new password to change to.
*
* @return True if the password change was successful.
*/
bool updatePassword(QString username, QString password);
private:
/**
* @brief The name of the database connection driver.

View File

@ -232,3 +232,33 @@ void AOClient::cmdLogout(int argc, QStringList argv)
moderator_name = "";
sendPacket("AUTH", {"-1"}); // Client: "You were logged out."
}
void AOClient::cmdChangePassword(int argc, QStringList argv)
{
QString username;
QString password;
if (argc == 1) {
if (moderator_name.isEmpty()) {
sendServerMessage("You are not logged in.");
return;
}
username = moderator_name;
password = argv[0];
}
else if (argc == 2 && checkAuth(ACLFlags.value("SUPER"))) {
username = argv[0];
password = argv[1];
}
else {
sendServerMessage("Invalid command syntax.");
return;
}
if (server->db_manager->updatePassword(username, password)) {
sendServerMessage("Successfully changed password.");
}
else {
sendServerMessage("There was an error changing the password.");
return;
}
}

View File

@ -368,6 +368,34 @@ QList<DBManager::BanInfo> DBManager::getBanInfo(QString lookup_type, QString id)
return return_list;
}
bool DBManager::updatePassword(QString username, QString password)
{
QString salt;
QSqlQuery salt_check;
salt_check.prepare("SELECT SALT FROM users WHERE USERNAME = ?");
salt_check.addBindValue(username);
salt_check.exec();
if (!salt_check.first())
return false;
else
salt = salt_check.value(0).toString();
QSqlQuery query;
QString salted_password;
QMessageAuthenticationCode hmac(QCryptographicHash::Sha256);
hmac.setKey(salt.toUtf8());
hmac.addData(password.toUtf8());
salted_password = hmac.result().toHex();
query.prepare("UPDATE users SET PASSWORD = ? WHERE USERNAME = ?");
query.addBindValue(salted_password);
query.addBindValue(username);
query.exec();
return true;
}
int DBManager::checkVersion()
{
QSqlQuery query;