From 4967b2de556df3875efb932d3ca7703def65b434 Mon Sep 17 00:00:00 2001 From: LumaLivy <7350336+LumaLivy@users.noreply.github.com> Date: Fri, 17 Dec 2021 16:29:30 -0500 Subject: [PATCH 1/7] Decode escaped HTML sequences --- ProjectLighthouse/Pages/UserPage.cshtml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/ProjectLighthouse/Pages/UserPage.cshtml b/ProjectLighthouse/Pages/UserPage.cshtml index 128a7883..ce5440d5 100644 --- a/ProjectLighthouse/Pages/UserPage.cshtml +++ b/ProjectLighthouse/Pages/UserPage.cshtml @@ -2,6 +2,8 @@ @using LBPUnion.ProjectLighthouse.Types @using LBPUnion.ProjectLighthouse.Types.Profiles @using LBPUnion.ProjectLighthouse.Types.Settings +@using System.Web; +@using System.IO; @model LBPUnion.ProjectLighthouse.Pages.UserPage @{ @@ -92,9 +94,12 @@ @foreach (Comment comment in Model.Comments!) { DateTimeOffset timestamp = DateTimeOffset.FromUnixTimeSeconds(comment.Timestamp / 1000); + StringWriter messageWriter = new StringWriter(); + HttpUtility.HtmlDecode(comment.Message, messageWriter); + String decodedMessage = messageWriter.ToString();
@comment.Poster.Username: - @comment.Message + @decodedMessage

@timestamp.ToString("MM/dd/yyyy @ h:mm tt") UTC

From 436ef8b17ea1e388fdc37677029ecc992ec948a4 Mon Sep 17 00:00:00 2001 From: jvyden Date: Mon, 13 Dec 2021 14:53:42 -0500 Subject: [PATCH 2/7] Redesign authentication page --- .../Pages/ExternalAuth/AuthenticationPage.cshtml | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/ProjectLighthouse/Pages/ExternalAuth/AuthenticationPage.cshtml b/ProjectLighthouse/Pages/ExternalAuth/AuthenticationPage.cshtml index d5a56773..ecbfb91f 100644 --- a/ProjectLighthouse/Pages/ExternalAuth/AuthenticationPage.cshtml +++ b/ProjectLighthouse/Pages/ExternalAuth/AuthenticationPage.cshtml @@ -18,6 +18,19 @@ else {

This device's IP address is @(Model.IpAddress.ToString()). If this matches with an authentication attempt below, then it's safe to assume the authentication attempt came from the same network as this device.

} + + + + + + + } From 6cc8061775d02c1ea08d2ca9405237354eac5083 Mon Sep 17 00:00:00 2001 From: jvyden Date: Mon, 13 Dec 2021 15:59:33 -0500 Subject: [PATCH 3/7] Add ability to approve an IP address --- .../Controllers/LoginController.cs | 21 +++++++------------ .../Controllers/MessageController.cs | 19 ++++++++++------- .../ExternalAuth/AuthenticationPage.cshtml | 13 ------------ 3 files changed, 19 insertions(+), 34 deletions(-) diff --git a/ProjectLighthouse/Controllers/LoginController.cs b/ProjectLighthouse/Controllers/LoginController.cs index 02ed9740..f871cd5d 100644 --- a/ProjectLighthouse/Controllers/LoginController.cs +++ b/ProjectLighthouse/Controllers/LoginController.cs @@ -1,4 +1,5 @@ #nullable enable +using System.Collections.Generic; using System.IO; using System.Linq; using System.Net; @@ -48,16 +49,8 @@ namespace LBPUnion.ProjectLighthouse.Controllers string ipAddress = remoteIpAddress.ToString(); - // Get an existing token from the IP & username - GameToken? token = await this.database.GameTokens.Include - (t => t.User) - .FirstOrDefaultAsync(t => t.UserLocation == ipAddress && t.User.Username == loginData.Username && !t.Used); - - if (token == null) // If we cant find an existing token, try to generate a new one - { - token = await this.database.AuthenticateUser(loginData, ipAddress, titleId); - if (token == null) return this.StatusCode(403, ""); // If not, then 403. - } + GameToken? token = await this.database.AuthenticateUser(loginData, ipAddress, titleId); + if (token == null) return this.StatusCode(403, ""); User? user = await this.database.UserFromGameToken(token, true); if (user == null) return this.StatusCode(403, ""); @@ -79,10 +72,10 @@ namespace LBPUnion.ProjectLighthouse.Controllers } } - if (this.database.UserApprovedIpAddresses.Where(a => a.UserId == user.UserId).Select(a => a.IpAddress).Contains(ipAddress)) - { - token.Approved = true; - } + List approvedIpAddresses = await this.database.UserApprovedIpAddresses.Where(a => a.UserId == user.UserId).ToListAsync(); + bool ipAddressApproved = approvedIpAddresses.Select(a => a.IpAddress).Contains(ipAddress); + + if (ipAddressApproved) token.Approved = true; else { AuthenticationAttempt authAttempt = new() diff --git a/ProjectLighthouse/Controllers/MessageController.cs b/ProjectLighthouse/Controllers/MessageController.cs index c16f6921..77507dc2 100644 --- a/ProjectLighthouse/Controllers/MessageController.cs +++ b/ProjectLighthouse/Controllers/MessageController.cs @@ -34,10 +34,6 @@ namespace LBPUnion.ProjectLighthouse.Controllers [HttpGet("announce")] public async Task Announce() { - #if !DEBUG - User? user = await this.database.UserFromGameRequest(this.Request); - if (user == null) return this.StatusCode(403, ""); - #else (User, GameToken)? userAndToken = await this.database.UserAndGameTokenFromRequest(this.Request); if (userAndToken == null) return this.StatusCode(403, ""); @@ -45,12 +41,21 @@ namespace LBPUnion.ProjectLighthouse.Controllers // ReSharper disable once PossibleInvalidOperationException User user = userAndToken.Value.Item1; GameToken gameToken = userAndToken.Value.Item2; - #endif + + if (ServerSettings.Instance.UseExternalAuth && !gameToken.Approved) + return this.Ok + ( + "Please stay on this screen.\n" + + $"Before continuing, you must approve this session at {ServerSettings.Instance.ExternalUrl}.\n" + + "Please keep in mind that if the session is denied you may have to wait up to 5-10 minutes to try logging in again.\n" + + "Once approved, you may press X and continue.\n\n" + + ServerSettings.Instance.EulaText + ); return this.Ok ( $"You are now logged in as {user.Username}.\n\n" + - #if DEBUG +#if DEBUG "---DEBUG INFO---\n" + $"user.UserId: {user.UserId}\n" + $"token.Approved: {gameToken.Approved}\n" + @@ -58,7 +63,7 @@ namespace LBPUnion.ProjectLighthouse.Controllers $"token.UserLocation: {gameToken.UserLocation}\n" + $"token.GameVersion: {gameToken.GameVersion}\n" + "---DEBUG INFO---\n\n" + - #endif +#endif ServerSettings.Instance.EulaText ); } diff --git a/ProjectLighthouse/Pages/ExternalAuth/AuthenticationPage.cshtml b/ProjectLighthouse/Pages/ExternalAuth/AuthenticationPage.cshtml index ecbfb91f..d5a56773 100644 --- a/ProjectLighthouse/Pages/ExternalAuth/AuthenticationPage.cshtml +++ b/ProjectLighthouse/Pages/ExternalAuth/AuthenticationPage.cshtml @@ -18,19 +18,6 @@ else {

This device's IP address is @(Model.IpAddress.ToString()). If this matches with an authentication attempt below, then it's safe to assume the authentication attempt came from the same network as this device.

} - - - - - - - } From 23657f942d315f1f2ce0a6fbaf9e511b61bcc639 Mon Sep 17 00:00:00 2001 From: jvyden Date: Mon, 13 Dec 2021 18:36:29 -0500 Subject: [PATCH 4/7] Reject unapproved tokens on login --- ProjectLighthouse/Controllers/LoginController.cs | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ProjectLighthouse/Controllers/LoginController.cs b/ProjectLighthouse/Controllers/LoginController.cs index f871cd5d..af659692 100644 --- a/ProjectLighthouse/Controllers/LoginController.cs +++ b/ProjectLighthouse/Controllers/LoginController.cs @@ -99,6 +99,8 @@ namespace LBPUnion.ProjectLighthouse.Controllers if (!token.Approved) return this.StatusCode(403, ""); + Logger.Log($"Successfully logged in user {user.Username} as {token.GameVersion} client ({titleId})", LoggerLevelLogin.Instance); + Logger.Log($"Successfully logged in user {user.Username} as {token.GameVersion} client ({titleId})", LoggerLevelLogin.Instance); // After this point we are now considering this session as logged in. From ea6af58aa0ddc2c4f75fffa8ee869fcf2b7e1744 Mon Sep 17 00:00:00 2001 From: jvyden Date: Mon, 13 Dec 2021 20:10:17 -0500 Subject: [PATCH 5/7] Redo login process --- .../Controllers/LoginController.cs | 23 +++++++++++-------- .../Controllers/MessageController.cs | 19 ++------------- 2 files changed, 16 insertions(+), 26 deletions(-) diff --git a/ProjectLighthouse/Controllers/LoginController.cs b/ProjectLighthouse/Controllers/LoginController.cs index af659692..85c04ef5 100644 --- a/ProjectLighthouse/Controllers/LoginController.cs +++ b/ProjectLighthouse/Controllers/LoginController.cs @@ -1,5 +1,4 @@ #nullable enable -using System.Collections.Generic; using System.IO; using System.Linq; using System.Net; @@ -49,8 +48,16 @@ namespace LBPUnion.ProjectLighthouse.Controllers string ipAddress = remoteIpAddress.ToString(); - GameToken? token = await this.database.AuthenticateUser(loginData, ipAddress, titleId); - if (token == null) return this.StatusCode(403, ""); + // Get an existing token from the IP & username + GameToken? token = await this.database.GameTokens.Include + (t => t.User) + .FirstOrDefaultAsync(t => t.UserLocation == ipAddress && t.User.Username == loginData.Username && t.Approved && !t.Used); + + if (token == null) // If we cant find an existing token, try to generate a new one + { + token = await this.database.AuthenticateUser(loginData, ipAddress, titleId); + if (token == null) return this.StatusCode(403, ""); // If not, then 403. + } User? user = await this.database.UserFromGameToken(token, true); if (user == null) return this.StatusCode(403, ""); @@ -72,10 +79,10 @@ namespace LBPUnion.ProjectLighthouse.Controllers } } - List approvedIpAddresses = await this.database.UserApprovedIpAddresses.Where(a => a.UserId == user.UserId).ToListAsync(); - bool ipAddressApproved = approvedIpAddresses.Select(a => a.IpAddress).Contains(ipAddress); - - if (ipAddressApproved) token.Approved = true; + if (this.database.UserApprovedIpAddresses.Where + (a => a.UserId == user.UserId) + .Select(a => a.IpAddress) + .Contains(ipAddress)) token.Approved = true; else { AuthenticationAttempt authAttempt = new() @@ -99,8 +106,6 @@ namespace LBPUnion.ProjectLighthouse.Controllers if (!token.Approved) return this.StatusCode(403, ""); - Logger.Log($"Successfully logged in user {user.Username} as {token.GameVersion} client ({titleId})", LoggerLevelLogin.Instance); - Logger.Log($"Successfully logged in user {user.Username} as {token.GameVersion} client ({titleId})", LoggerLevelLogin.Instance); // After this point we are now considering this session as logged in. diff --git a/ProjectLighthouse/Controllers/MessageController.cs b/ProjectLighthouse/Controllers/MessageController.cs index 77507dc2..c6c55721 100644 --- a/ProjectLighthouse/Controllers/MessageController.cs +++ b/ProjectLighthouse/Controllers/MessageController.cs @@ -34,23 +34,8 @@ namespace LBPUnion.ProjectLighthouse.Controllers [HttpGet("announce")] public async Task Announce() { - (User, GameToken)? userAndToken = await this.database.UserAndGameTokenFromRequest(this.Request); - - if (userAndToken == null) return this.StatusCode(403, ""); - - // ReSharper disable once PossibleInvalidOperationException - User user = userAndToken.Value.Item1; - GameToken gameToken = userAndToken.Value.Item2; - - if (ServerSettings.Instance.UseExternalAuth && !gameToken.Approved) - return this.Ok - ( - "Please stay on this screen.\n" + - $"Before continuing, you must approve this session at {ServerSettings.Instance.ExternalUrl}.\n" + - "Please keep in mind that if the session is denied you may have to wait up to 5-10 minutes to try logging in again.\n" + - "Once approved, you may press X and continue.\n\n" + - ServerSettings.Instance.EulaText - ); + User? user = await this.database.UserFromGameRequest(this.Request); + if (user == null) return this.StatusCode(403, ""); return this.Ok ( From 55707e9e3ef718353f9370ecd66011729d45574c Mon Sep 17 00:00:00 2001 From: jvyden Date: Mon, 13 Dec 2021 20:52:58 -0500 Subject: [PATCH 6/7] Show debug info on announce screen --- ProjectLighthouse/Controllers/LoginController.cs | 10 +++++----- ProjectLighthouse/Controllers/MessageController.cs | 10 ++++++++++ 2 files changed, 15 insertions(+), 5 deletions(-) diff --git a/ProjectLighthouse/Controllers/LoginController.cs b/ProjectLighthouse/Controllers/LoginController.cs index 85c04ef5..02ed9740 100644 --- a/ProjectLighthouse/Controllers/LoginController.cs +++ b/ProjectLighthouse/Controllers/LoginController.cs @@ -51,7 +51,7 @@ namespace LBPUnion.ProjectLighthouse.Controllers // Get an existing token from the IP & username GameToken? token = await this.database.GameTokens.Include (t => t.User) - .FirstOrDefaultAsync(t => t.UserLocation == ipAddress && t.User.Username == loginData.Username && t.Approved && !t.Used); + .FirstOrDefaultAsync(t => t.UserLocation == ipAddress && t.User.Username == loginData.Username && !t.Used); if (token == null) // If we cant find an existing token, try to generate a new one { @@ -79,10 +79,10 @@ namespace LBPUnion.ProjectLighthouse.Controllers } } - if (this.database.UserApprovedIpAddresses.Where - (a => a.UserId == user.UserId) - .Select(a => a.IpAddress) - .Contains(ipAddress)) token.Approved = true; + if (this.database.UserApprovedIpAddresses.Where(a => a.UserId == user.UserId).Select(a => a.IpAddress).Contains(ipAddress)) + { + token.Approved = true; + } else { AuthenticationAttempt authAttempt = new() diff --git a/ProjectLighthouse/Controllers/MessageController.cs b/ProjectLighthouse/Controllers/MessageController.cs index c6c55721..3a339632 100644 --- a/ProjectLighthouse/Controllers/MessageController.cs +++ b/ProjectLighthouse/Controllers/MessageController.cs @@ -34,8 +34,18 @@ namespace LBPUnion.ProjectLighthouse.Controllers [HttpGet("announce")] public async Task Announce() { +#if !DEBUG User? user = await this.database.UserFromGameRequest(this.Request); if (user == null) return this.StatusCode(403, ""); +#else + (User, GameToken)? userAndToken = await this.database.UserAndGameTokenFromRequest(this.Request); + + if (userAndToken == null) return this.StatusCode(403, ""); + + // ReSharper disable once PossibleInvalidOperationException + User user = userAndToken.Value.Item1; + GameToken gameToken = userAndToken.Value.Item2; +#endif return this.Ok ( From 9e7af4fdd321409459e50c3588e8e1d664a9e57a Mon Sep 17 00:00:00 2001 From: LumaLivy <7350336+LumaLivy@users.noreply.github.com> Date: Fri, 17 Dec 2021 16:50:59 -0500 Subject: [PATCH 7/7] Revert weird vscode formatting --- ProjectLighthouse/Controllers/MessageController.cs | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/ProjectLighthouse/Controllers/MessageController.cs b/ProjectLighthouse/Controllers/MessageController.cs index 3a339632..c16f6921 100644 --- a/ProjectLighthouse/Controllers/MessageController.cs +++ b/ProjectLighthouse/Controllers/MessageController.cs @@ -34,10 +34,10 @@ namespace LBPUnion.ProjectLighthouse.Controllers [HttpGet("announce")] public async Task Announce() { -#if !DEBUG + #if !DEBUG User? user = await this.database.UserFromGameRequest(this.Request); if (user == null) return this.StatusCode(403, ""); -#else + #else (User, GameToken)? userAndToken = await this.database.UserAndGameTokenFromRequest(this.Request); if (userAndToken == null) return this.StatusCode(403, ""); @@ -45,12 +45,12 @@ namespace LBPUnion.ProjectLighthouse.Controllers // ReSharper disable once PossibleInvalidOperationException User user = userAndToken.Value.Item1; GameToken gameToken = userAndToken.Value.Item2; -#endif + #endif return this.Ok ( $"You are now logged in as {user.Username}.\n\n" + -#if DEBUG + #if DEBUG "---DEBUG INFO---\n" + $"user.UserId: {user.UserId}\n" + $"token.Approved: {gameToken.Approved}\n" + @@ -58,7 +58,7 @@ namespace LBPUnion.ProjectLighthouse.Controllers $"token.UserLocation: {gameToken.UserLocation}\n" + $"token.GameVersion: {gameToken.GameVersion}\n" + "---DEBUG INFO---\n\n" + -#endif + #endif ServerSettings.Instance.EulaText ); }