Union/ProjectLighthouse
2
0
Fork 0
mirror of https://github.com/LBPUnion/ProjectLighthouse.git synced 2025-04-19 19:14:51 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

Base64 encode auth tokens (#1029)

Browse source 
* Base64 encode auth tokens to prevent issues in emails
This fixes #1023, which should in turn solve some issues people were having with emails.

* Make test bcrypt hash things as the auth token isn't one by default

* Update ProjectLighthouse/Helpers/CryptoHelper.cs

Co-authored-by: Josh <josh@slendy.pw>

* Make only email tokens base64 encoded

---------

Co-authored-by: Zaprit <zaprit@hugespaceship.io>
Co-authored-by: Josh <josh@slendy.pw>
This commit is contained in:
Henry Asbridge 2024-06-29 19:14:16 +01:00 committed by GitHub
parent 98a7f95e65
commit e060f55896
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 10 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
ProjectLighthouse.Tests.GameApiTests/Integration/DatabaseTests.cs
View file

@ -20,8 +20,8 @@ public class DatabaseTests : LighthouseServerTest<GameServerTestStartup>
int rand = new Random().Next();
UserEntity userA = await database.CreateUser("unitTestUser" + rand, CryptoHelper.GenerateAuthToken());
UserEntity userB = await database.CreateUser("unitTestUser" + rand, CryptoHelper.GenerateAuthToken());
UserEntity userA = await database.CreateUser("unitTestUser" + rand, CryptoHelper.BCryptHash(CryptoHelper.GenerateAuthToken()));
UserEntity userB = await database.CreateUser("unitTestUser" + rand, CryptoHelper.BCryptHash(CryptoHelper.GenerateAuthToken()));
Assert.NotNull(userA);
Assert.NotNull(userB);

7
ProjectLighthouse/Helpers/CryptoHelper.cs
View file

@ -16,10 +16,15 @@ public static class CryptoHelper
public static string GenerateAuthToken()
{
byte[] bytes = (byte[])GenerateRandomBytes(256);
return BCryptHash(Sha256Hash(bytes));
}
public static string GenerateUrlToken()
{
byte[] bytes = (byte[])GenerateRandomBytes(256);
return Convert.ToBase64String(Encoding.UTF8.GetBytes(BCryptHash(Sha256Hash(bytes))));
}
public static string ComputeDigest(string path, string authCookie, byte[] body, string digestKey, bool excludeBody = false)
{

4
ProjectLighthouse/Helpers/EmailHelper.cs
View file

@ -52,7 +52,7 @@ public static class SMTPHelper
{
Created = DateTime.UtcNow,
UserId = user.UserId,
ResetToken = CryptoHelper.GenerateAuthToken(),
ResetToken = CryptoHelper.GenerateUrlToken(),
};
database.PasswordResetTokens.Add(token);
@ -92,7 +92,7 @@ public static class SMTPHelper
{
UserId = user.UserId,
User = user,
EmailToken = CryptoHelper.GenerateAuthToken(),
EmailToken = CryptoHelper.GenerateUrlToken(),
ExpiresAt = DateTime.UtcNow.AddHours(6),
};