diff --git a/ProjectLighthouse.Servers.GameServer/Controllers/CommentController.cs b/ProjectLighthouse.Servers.GameServer/Controllers/CommentController.cs index 3eb709ed..81edeee7 100644 --- a/ProjectLighthouse.Servers.GameServer/Controllers/CommentController.cs +++ b/ProjectLighthouse.Servers.GameServer/Controllers/CommentController.cs @@ -36,10 +36,12 @@ public class CommentController : ControllerBase GameTokenEntity token = this.GetToken(); UserEntity? user = await this.database.UserFromGameToken(token); + if (user == null) return this.Unauthorized(); // Return bad request if both are true or both are false if ((slotId == 0 || SlotHelper.IsTypeInvalid(slotType)) == (username == null)) return this.BadRequest(); + // Return bad request on unverified email if enforcement is enabled if (emailEnforcementEnabled && !user.EmailAddressVerified) return this.BadRequest(); bool success = await this.database.RateComment(token.UserId, commentId, rating); @@ -59,6 +61,7 @@ public class CommentController : ControllerBase if ((slotId == 0 || SlotHelper.IsTypeInvalid(slotType)) == (username == null)) return this.BadRequest(); + // Return bad request on unverified email if enforcement is enabled if (emailEnforcementEnabled && !user.EmailAddressVerified) return this.BadRequest(); int originalSlotId = slotId; @@ -126,11 +129,13 @@ public class CommentController : ControllerBase GameTokenEntity token = this.GetToken(); UserEntity? user = await this.database.UserFromGameToken(token); + if (user == null) return this.Unauthorized(); // Deny request if in read-only mode if (ServerConfiguration.Instance.UserGeneratedContentLimits.ReadOnlyMode) return this.BadRequest(); - if (emailEnforcementEnabled && !user.EmailAddressVerified) return this.BadRequest(); + // Return bad request on unverified email if enforcement is enabled + if (emailEnforcementEnabled && !user.EmailAddressVerified) return this.BadRequest(); GameComment? comment = await this.DeserializeBody(); if (comment?.Message == null) return this.BadRequest(); @@ -175,7 +180,8 @@ public class CommentController : ControllerBase if ((slotId == 0 || SlotHelper.IsTypeInvalid(slotType)) == (username == null)) return this.BadRequest(); - if (emailEnforcementEnabled && !user.EmailAddressVerified) return this.BadRequest(); + // Return bad request on unverified email if enforcement is enabled + if (emailEnforcementEnabled && !user.EmailAddressVerified) return this.BadRequest(); CommentEntity? comment = await this.database.Comments.FirstOrDefaultAsync(c => c.CommentId == commentId); if (comment == null) return this.NotFound(); diff --git a/ProjectLighthouse.Servers.GameServer/Controllers/Matching/EnterLevelController.cs b/ProjectLighthouse.Servers.GameServer/Controllers/Matching/EnterLevelController.cs index bda3a349..338dea0f 100644 --- a/ProjectLighthouse.Servers.GameServer/Controllers/Matching/EnterLevelController.cs +++ b/ProjectLighthouse.Servers.GameServer/Controllers/Matching/EnterLevelController.cs @@ -37,11 +37,12 @@ public class EnterLevelController : ControllerBase GameTokenEntity token = this.GetToken(); UserEntity? user = await this.database.UserFromGameToken(token); + if (user == null) return this.Unauthorized(); if (SlotHelper.IsTypeInvalid(slotType)) return this.BadRequest(); // Return bad request on unverified email if enforcement is enabled - if (emailEnforcementEnabled && !user.EmailAddressVerified) return this.BadRequest(); + if (emailEnforcementEnabled && !user.EmailAddressVerified) return this.BadRequest(); // don't count plays for developer slots if (slotType == "developer") return this.Ok(); @@ -112,11 +113,12 @@ public class EnterLevelController : ControllerBase GameTokenEntity token = this.GetToken(); UserEntity? user = await this.database.UserFromGameToken(token); + if (user == null) return this.Unauthorized(); if (SlotHelper.IsTypeInvalid(slotType)) return this.BadRequest(); // Return bad request on unverified email if enforcement is enabled - if (emailEnforcementEnabled && !user.EmailAddressVerified) return this.BadRequest(); + if (emailEnforcementEnabled && !user.EmailAddressVerified) return this.BadRequest(); if (slotType == "developer") return this.Ok(); diff --git a/ProjectLighthouse.Servers.GameServer/Controllers/Matching/MatchController.cs b/ProjectLighthouse.Servers.GameServer/Controllers/Matching/MatchController.cs index 59703116..e0fc6afc 100644 --- a/ProjectLighthouse.Servers.GameServer/Controllers/Matching/MatchController.cs +++ b/ProjectLighthouse.Servers.GameServer/Controllers/Matching/MatchController.cs @@ -43,8 +43,9 @@ public class MatchController : ControllerBase GameTokenEntity token = this.GetToken(); UserEntity? user = await this.database.UserFromGameToken(token); - if (user == null) return this.Forbid(); + if (user == null) return this.Unauthorized(); + // Return bad request on unverified email if enforcement is enabled if (emailEnforcementEnabled && !user.EmailAddressVerified) return this.BadRequest(); await LastContactHelper.SetLastContact(this.database, user, token.GameVersion, token.Platform);