diff --git a/common/eqemu_logsys.cpp b/common/eqemu_logsys.cpp index f9b9bcb81..87d4465b4 100644 --- a/common/eqemu_logsys.cpp +++ b/common/eqemu_logsys.cpp @@ -143,7 +143,6 @@ void EQEmuLogSys::LoadLogSettingsDefaults() log_settings[Logs::Warning].log_to_console = static_cast(Logs::General); log_settings[Logs::Notice].log_to_console = static_cast(Logs::General); log_settings[Logs::Info].log_to_console = static_cast(Logs::General); - log_settings[Logs::Debug].log_to_console = static_cast(Logs::General); /** * Set Category enabled status on defaults diff --git a/loginserver/account_management.cpp b/loginserver/account_management.cpp index be17ac149..2817b09ff 100644 --- a/loginserver/account_management.cpp +++ b/loginserver/account_management.cpp @@ -189,3 +189,52 @@ bool AccountManagement::CheckLoginserverUserCredentials( return validated_credentials; } + + +/** + * @param in_account_username + * @param in_account_password + * @return + */ +bool AccountManagement::UpdateLoginserverUserCredentials( + const std::string &in_account_username, + const std::string &in_account_password, + const std::string &source_loginserver +) +{ + auto mode = server.options.GetEncryptionMode(); + + Database::DbLoginServerAccount + login_server_account = server.db->GetLoginServerAccountByAccountName( + in_account_username, + source_loginserver + ); + + if (!login_server_account.loaded) { + LogError( + "ChangeLoginserverUserCredentials account [{0}] source_loginserver [{1}] not found!", + in_account_username, + source_loginserver + ); + + return false; + } + + server.db->UpdateLoginserverAccountPasswordHash( + in_account_username, + source_loginserver, + eqcrypt_hash( + in_account_username, + in_account_password, + mode + ) + ); + + LogDebug( + "ChangeLoginserverUserCredentials account [{0}] source_loginserver [{1}] credentials updated!", + in_account_username, + source_loginserver + ); + + return true; +} diff --git a/loginserver/account_management.h b/loginserver/account_management.h index 64b22349c..3ab179405 100644 --- a/loginserver/account_management.h +++ b/loginserver/account_management.h @@ -59,6 +59,17 @@ public: const std::string &in_account_password, const std::string &source_loginserver = "local" ); + + /** + * @param in_account_username + * @param in_account_password + * @return + */ + static bool UpdateLoginserverUserCredentials( + const std::string &in_account_username, + const std::string &in_account_password, + const std::string &source_loginserver = "local" + ); }; diff --git a/loginserver/client.cpp b/loginserver/client.cpp index 5e82dea74..cd0999f5c 100644 --- a/loginserver/client.cpp +++ b/loginserver/client.cpp @@ -486,21 +486,21 @@ void Client::DoFailedLogin() /** * Verifies a login hash, will also attempt to update a login hash if needed * - * @param user - * @param loginserver - * @param cred - * @param hash + * @param account_username + * @param source_loginserver + * @param account_password + * @param password_hash * @return */ bool Client::VerifyLoginHash( - const std::string &user, - const std::string &loginserver, - const std::string &cred, - const std::string &hash + const std::string &account_username, + const std::string &source_loginserver, + const std::string &account_password, + const std::string &password_hash ) { auto mode = server.options.GetEncryptionMode(); - if (eqcrypt_verify_hash(user, cred, hash, mode)) { + if (eqcrypt_verify_hash(account_username, account_password, password_hash, mode)) { return true; } else { @@ -509,46 +509,67 @@ bool Client::VerifyLoginHash( mode = EncryptionModeArgon2; } - if (hash.length() == 32) { //md5 is insecure + if (password_hash.length() == 32) { //md5 is insecure for (int i = EncryptionModeMD5; i <= EncryptionModeMD5Triple; ++i) { - if (i != mode && eqcrypt_verify_hash(user, cred, hash, i)) { + if (i != mode && eqcrypt_verify_hash(account_username, account_password, password_hash, i)) { LogDebug( "user [{0}] loginserver [{1}] mode [{2}]", - user, - loginserver, + account_username, + source_loginserver, mode ); - server.db->UpdateLoginHash(user, loginserver, eqcrypt_hash(user, cred, mode)); + server.db->UpdateLoginserverAccountPasswordHash( + account_username, + source_loginserver, + eqcrypt_hash( + account_username, + account_password, + mode + )); return true; } } } - else if (hash.length() == 40) { //sha1 is insecure + else if (password_hash.length() == 40) { //sha1 is insecure for (int i = EncryptionModeSHA; i <= EncryptionModeSHATriple; ++i) { - if (i != mode && eqcrypt_verify_hash(user, cred, hash, i)) { + if (i != mode && eqcrypt_verify_hash(account_username, account_password, password_hash, i)) { LogDebug( "user [{0}] loginserver [{1}] mode [{2}]", - user, - loginserver, + account_username, + source_loginserver, mode ); - server.db->UpdateLoginHash(user, loginserver, eqcrypt_hash(user, cred, mode)); + server.db->UpdateLoginserverAccountPasswordHash( + account_username, + source_loginserver, + eqcrypt_hash( + account_username, + account_password, + mode + )); return true; } } } - else if (hash.length() == 128) { //sha2-512 is insecure + else if (password_hash.length() == 128) { //sha2-512 is insecure for (int i = EncryptionModeSHA512; i <= EncryptionModeSHA512Triple; ++i) { - if (i != mode && eqcrypt_verify_hash(user, cred, hash, i)) { + if (i != mode && eqcrypt_verify_hash(account_username, account_password, password_hash, i)) { LogDebug( "user [{0}] loginserver [{1}] mode [{2}]", - user, - loginserver, + account_username, + source_loginserver, mode ); - server.db->UpdateLoginHash(user, loginserver, eqcrypt_hash(user, cred, mode)); + server.db->UpdateLoginserverAccountPasswordHash( + account_username, + source_loginserver, + eqcrypt_hash( + account_username, + account_password, + mode + )); return true; } } diff --git a/loginserver/client.h b/loginserver/client.h index d95b3c286..b8f092db3 100644 --- a/loginserver/client.h +++ b/loginserver/client.h @@ -177,17 +177,17 @@ public: /** * Verifies a login hash, will also attempt to update a login hash if needed * - * @param user - * @param loginserver - * @param cred - * @param hash + * @param account_username + * @param source_loginserver + * @param account_password + * @param password_hash * @return */ bool VerifyLoginHash( - const std::string &user, - const std::string &loginserver, - const std::string &cred, - const std::string &hash + const std::string &account_username, + const std::string &source_loginserver, + const std::string &account_password, + const std::string &password_hash ); void DoSuccessfulLogin(const std::string in_account_name, int db_account_id, const std::string &db_loginserver); diff --git a/loginserver/database.cpp b/loginserver/database.cpp index b795f708a..4b224061c 100644 --- a/loginserver/database.cpp +++ b/loginserver/database.cpp @@ -330,7 +330,7 @@ bool Database::DoesLoginServerAccountExist( * @param loginserver * @param hash */ -void Database::UpdateLoginHash( +void Database::UpdateLoginserverAccountPasswordHash( const std::string &name, const std::string &loginserver, const std::string &hash diff --git a/loginserver/database.h b/loginserver/database.h index 5d8237fbd..ef1d7bfe0 100644 --- a/loginserver/database.h +++ b/loginserver/database.h @@ -121,7 +121,10 @@ public: * @param loginserver * @param hash */ - void UpdateLoginHash(const std::string &name, const std::string &loginserver, const std::string &hash); + void UpdateLoginserverAccountPasswordHash( + const std::string &name, + const std::string &loginserver, + const std::string &hash); /** * @param name diff --git a/loginserver/loginserver_command_handler.cpp b/loginserver/loginserver_command_handler.cpp index 2ba40f264..dadf93e34 100644 --- a/loginserver/loginserver_command_handler.cpp +++ b/loginserver/loginserver_command_handler.cpp @@ -50,11 +50,12 @@ namespace LoginserverCommandHandler { /** * Register commands */ - function_map["login-user:create"] = &LoginserverCommandHandler::CreateLocalLoginserverAccount; - function_map["login-user:check-credentials"] = &LoginserverCommandHandler::CheckLoginserverUserCredentials; - function_map["web-api-token:create"] = &LoginserverCommandHandler::CreateLoginserverApiToken; - function_map["web-api-token:list"] = &LoginserverCommandHandler::ListLoginserverApiTokens; - function_map["world-admin:create"] = &LoginserverCommandHandler::CreateLoginserverWorldAdminAccount; + function_map["login-user:check-credentials"] = &LoginserverCommandHandler::CheckLoginserverUserCredentials; + function_map["login-user:create"] = &LoginserverCommandHandler::CreateLocalLoginserverAccount; + function_map["login-user:update-credentials"] = &LoginserverCommandHandler::UpdateLoginserverUserCredentials; + function_map["web-api-token:create"] = &LoginserverCommandHandler::CreateLoginserverApiToken; + function_map["web-api-token:list"] = &LoginserverCommandHandler::ListLoginserverApiTokens; + function_map["world-admin:create"] = &LoginserverCommandHandler::CreateLoginserverWorldAdminAccount; EQEmuCommand::HandleMenu(function_map, cmd, argc, argv); } @@ -207,4 +208,31 @@ namespace LoginserverCommandHandler { cmd("--password").str() ); } + + /** + * @param argc + * @param argv + * @param cmd + * @param description + void UpdateLoginserverUserCredentials(int argc, char **argv, argh::parser &cmd, std::string &description) + { + description = "Change user login credentials"; + + std::vector arguments = { + "--username", + "--password" + }; + std::vector options = {}; + + if (cmd[{"-h", "--help"}]) { + return; + } + + EQEmuCommand::ValidateCmdInput(arguments, options, cmd, argc, argv); + + AccountManagement::UpdateLoginserverUserCredentials( + cmd("--username").str(), + cmd("--password").str() + ); + } } diff --git a/loginserver/loginserver_command_handler.h b/loginserver/loginserver_command_handler.h index 0e46b78eb..d155c8a0c 100644 --- a/loginserver/loginserver_command_handler.h +++ b/loginserver/loginserver_command_handler.h @@ -31,6 +31,7 @@ namespace LoginserverCommandHandler { void CreateLocalLoginserverAccount(int argc, char **argv, argh::parser &cmd, std::string &description); void CreateLoginserverWorldAdminAccount(int argc, char **argv, argh::parser &cmd, std::string &description); void CheckLoginserverUserCredentials(int argc, char **argv, argh::parser &cmd, std::string &description); + void UpdateLoginserverUserCredentials(int argc, char **argv, argh::parser &cmd, std::string &description); }; diff --git a/loginserver/loginserver_webserver.cpp b/loginserver/loginserver_webserver.cpp index a9d38a736..3c2b8c72e 100644 --- a/loginserver/loginserver_webserver.cpp +++ b/loginserver/loginserver_webserver.cpp @@ -94,7 +94,6 @@ namespace LoginserverWebserver { Json::Value request_body = LoginserverWebserver::ParseRequestBody(request); std::string username = request_body.get("username", "").asString(); std::string password = request_body.get("password", "").asString(); - std::string email = request_body.get("email", "").asString(); Json::Value response; if (username.empty() || password.empty()) { @@ -118,6 +117,47 @@ namespace LoginserverWebserver { LoginserverWebserver::SendResponse(response, res); } ); + + api.Post( + "/account/credentials/update/local", [](const httplib::Request &request, httplib::Response &res) { + LoginserverWebserver::TokenManager::AuthCanWrite(request, res); + Json::Value request_body = LoginserverWebserver::ParseRequestBody(request); + std::string username = request_body.get("username", "").asString(); + std::string password = request_body.get("password", "").asString(); + + Json::Value response; + if (username.empty() || password.empty()) { + response["message"] = "Username or password not set"; + LoginserverWebserver::SendResponse(response, res); + return; + } + + Database::DbLoginServerAccount + login_server_account = server.db->GetLoginServerAccountByAccountName( + username + ); + + if (!login_server_account.loaded) { + response["error"] = "Failed to find associated loginserver account!"; + LoginserverWebserver::SendResponse(response, res); + return; + } + + bool credentials_valid = AccountManagement::UpdateLoginserverUserCredentials( + username, + password + ); + + if (credentials_valid) { + response["message"] = "Loginserver account credentials updated!"; + } + else { + response["error"] = "Failed to update loginserver account credentials!"; + } + + LoginserverWebserver::SendResponse(response, res); + } + ); } /** diff --git a/loginserver/main.cpp b/loginserver/main.cpp index 9884e6c2a..217929ea2 100644 --- a/loginserver/main.cpp +++ b/loginserver/main.cpp @@ -43,7 +43,7 @@ void CatchSignal(int sig_num) { } -int main(int argc, char** argv) +int main(int argc, char **argv) { RegisterExecutablePlatform(ExePlatformLogin); set_exception_handler(); @@ -68,7 +68,12 @@ int main(int argc, char** argv) /** * options: worldservers */ - server.options.RejectDuplicateServers(server.config.GetVariableBool("worldservers", "reject_duplicate_servers", false)); + server.options.RejectDuplicateServers( + server.config.GetVariableBool( + "worldservers", + "reject_duplicate_servers", + false + )); server.options.AllowUnregistered(server.config.GetVariableBool("worldservers", "unregistered_allowed", true)); /** @@ -154,7 +159,7 @@ int main(int argc, char** argv) * create client manager */ LogInfo("Client Manager Init"); - server.client_manager = new ClientManager(); + server.client_manager = new ClientManager(); if (!server.client_manager) { LogError("Client Manager Failed to Start"); LogInfo("Server Manager Shutdown"); @@ -192,6 +197,9 @@ int main(int argc, char** argv) if (argc > 1) { LogSys.LoadLogSettingsDefaults(); + LogSys.log_settings[Logs::Debug].log_to_console = static_cast(Logs::General); + LogSys.log_settings[Logs::Debug].is_category_enabled = 1; + LoginserverCommandHandler::CommandHandler(argc, argv); }