Profile management

2026-06-12 17:14:52 -07:00 · 2015-07-05 16:39:55 +02:00 · 2015-07-05 16:39:55 +02:00 · 7f5f290c93
commit 7f5f290c93
parent 31890450dc
21 changed files with 883 additions and 18 deletions
--- a/servatrice/src/servatrice_database_interface.cpp
+++ b/servatrice/src/servatrice_database_interface.cpp
@ -476,6 +476,10 @@ ServerInfo_User Servatrice_DatabaseInterface::evalUserQueryResult(const QSqlQuer
            qint64 accountAgeInSeconds = regDate.secsTo(QDateTime::currentDateTime());
            result.set_accountage_secs(accountAgeInSeconds);
        }
+
+        const QString email = query->value(8).toString();
+        if (!email.isEmpty())
+            result.set_email(email.toStdString());
    }
    return result;
 }
@ -490,7 +494,7 @@ ServerInfo_User Servatrice_DatabaseInterface::getUserData(const QString &name, b
        if (!checkSql())
            return result;
        
-        QSqlQuery *query = prepareQuery("select id, name, admin, country, gender, realname, avatar_bmp, registrationDate from {prefix}_users where name = :name and active = 1");
+        QSqlQuery *query = prepareQuery("select id, name, admin, country, gender, realname, avatar_bmp, registrationDate, email from {prefix}_users where name = :name and active = 1");
        query->bindValue(":name", name);
        if (!execSqlQuery(query))
            return result;
@ -761,4 +765,41 @@ void Servatrice_DatabaseInterface::logMessage(const int senderId, const QString
    query->bindValue(":target_id", (targetType == MessageTargetChat && targetId < 1) ? QVariant() : targetId);
    query->bindValue(":target_name", targetName);
    execSqlQuery(query);
+}
+
+bool Servatrice_DatabaseInterface::changeUserPassword(const QString &user, const QString &oldPassword, const QString &newPassword)
+{
+    if(server->getAuthenticationMethod() != Servatrice::AuthenticationSql)
+        return true;
+
+    if (!checkSql())
+        return true;
+
+    if (!usernameIsValid(user))
+        return true;
+
+    QSqlQuery *passwordQuery = prepareQuery("select password_sha512 from {prefix}_users where name = :name");
+    passwordQuery->bindValue(":name", user);
+    if (!execSqlQuery(passwordQuery)) {
+        qDebug("Change password denied: SQL error");
+        return true;
+    }
+        
+    if (!passwordQuery->next())
+        return true;
+
+    const QString correctPassword = passwordQuery->value(0).toString();
+    if (correctPassword != PasswordHasher::computeHash(oldPassword, correctPassword.left(16)))
+        return true;
+
+    QString passwordSha512 = PasswordHasher::computeHash(newPassword, PasswordHasher::generateRandomSalt());
+
+    passwordQuery = prepareQuery("update {prefix}_users set password_sha512=:password where name = :name");
+    passwordQuery->bindValue(":password", passwordSha512);
+    passwordQuery->bindValue(":name", user);
+    if (!execSqlQuery(passwordQuery)) {
+        qDebug("Change password denied: SQL error");
+        return true;
+    }
+    return false;
 }
--- a/servatrice/src/servatrice_database_interface.h
+++ b/servatrice/src/servatrice_database_interface.h
@ -25,7 +25,6 @@ private:
 	bool checkUserIsIpBanned(const QString &ipAddress, QString &banReason, int &banSecondsRemaining);
 	/** Must be called after checkSql and server is known to be in auth mode. */
 	bool checkUserIsNameBanned(QString const &userName, QString &banReason, int &banSecondsRemaining);
-	QChar getGenderChar(ServerInfo_User_Gender const &gender);
 protected:
 	AuthenticationResult checkUserPassword(Server_ProtocolHandler *handler, const QString &user, const QString &password, QString &reasonStr, int &secondsLeft);
 public slots:
@ -70,6 +69,8 @@ public:
 	bool activateUser(const QString &userName, const QString &token);

    void logMessage(const int senderId, const QString &senderName, const QString &senderIp, const QString &logMessage, LogMessage_TargetType targetType, const int targetId, const QString &targetName);
+	bool changeUserPassword(const QString &user, const QString &oldPassword, const QString &newPassword);
+	QChar getGenderChar(ServerInfo_User_Gender const &gender);
 };

 #endif
--- a/servatrice/src/serversocketinterface.cpp
+++ b/servatrice/src/serversocketinterface.cpp
@ -272,6 +272,10 @@ Response::ResponseCode ServerSocketInterface::processExtendedSessionCommand(int
        case SessionCommand::REPLAY_DELETE_MATCH: return cmdReplayDeleteMatch(cmd.GetExtension(Command_ReplayDeleteMatch::ext), rc);
        case SessionCommand::REGISTER: return cmdRegisterAccount(cmd.GetExtension(Command_Register::ext), rc); break;
        case SessionCommand::ACTIVATE: return cmdActivateAccount(cmd.GetExtension(Command_Activate::ext), rc); break;
+
+        case SessionCommand::ACCOUNT_EDIT: return cmdAccountEdit(cmd.GetExtension(Command_AccountEdit::ext), rc);
+        case SessionCommand::ACCOUNT_IMAGE: return cmdAccountImage(cmd.GetExtension(Command_AccountImage::ext), rc);
+        case SessionCommand::ACCOUNT_PASSWORD: return cmdAccountPassword(cmd.GetExtension(Command_AccountPassword::ext), rc);
        default: return Response::RespFunctionNotAllowed;
    }
 }
@ -948,6 +952,75 @@ Response::ResponseCode ServerSocketInterface::cmdActivateAccount(const Command_A
    }
 }

+Response::ResponseCode ServerSocketInterface::cmdAccountEdit(const Command_AccountEdit &cmd, ResponseContainer &rc)
+{
+    if (authState != PasswordRight)
+        return Response::RespFunctionNotAllowed;
+
+    QString realName = QString::fromStdString(cmd.real_name());
+    QString emailAddress = QString::fromStdString(cmd.email());
+    ServerInfo_User_Gender gender = cmd.gender();
+    QString country = QString::fromStdString(cmd.country());
+
+    QString userName = QString::fromStdString(userInfo->name());
+
+
+    QSqlQuery *query = sqlInterface->prepareQuery("update {prefix}_users set realname=:realName, email=:email, gender=:gender, country=:country where name=:userName");
+    query->bindValue(":realName", realName);
+    query->bindValue(":email", emailAddress);
+    query->bindValue(":gender", sqlInterface->getGenderChar(gender));
+    query->bindValue(":country", country);
+    query->bindValue(":userName", userName);
+    if (!sqlInterface->execSqlQuery(query))
+        return Response::RespInternalError;
+
+    userInfo->set_real_name(cmd.real_name());
+    userInfo->set_email(cmd.email());
+    userInfo->set_gender(cmd.gender());
+    userInfo->set_country(cmd.country());
+
+    return Response::RespOk;
+}
+
+Response::ResponseCode ServerSocketInterface::cmdAccountImage(const Command_AccountImage &cmd, ResponseContainer &rc)
+{
+    if (authState != PasswordRight)
+        return Response::RespFunctionNotAllowed;
+
+    QByteArray image(cmd.image().c_str(), cmd.image().length());
+    int id = userInfo->id();
+
+    QSqlQuery *query = sqlInterface->prepareQuery("update {prefix}_users set avatar_bmp=:image where id=:id");
+    query->bindValue(":image", image);
+    query->bindValue(":id", id);
+    if (!sqlInterface->execSqlQuery(query))
+        return Response::RespInternalError;
+
+    userInfo->set_avatar_bmp(cmd.image().c_str(), cmd.image().length());
+    return Response::RespOk;
+}
+
+Response::ResponseCode ServerSocketInterface::cmdAccountPassword(const Command_AccountPassword &cmd, ResponseContainer &rc)
+{
+    if (authState != PasswordRight)
+        return Response::RespFunctionNotAllowed;
+
+    QString oldPassword = QString::fromStdString(cmd.old_password());
+    QString newPassword = QString::fromStdString(cmd.new_password());
+
+    // TODO make this configurable?
+    if(newPassword.length() < 6)
+        return Response::RespPasswordTooShort;
+
+    QString userName = QString::fromStdString(userInfo->name());
+
+    bool changeFailed = databaseInterface->changeUserPassword(userName, oldPassword, newPassword);
+
+    if(changeFailed)
+        return Response::RespWrongPassword;
+    
+    return Response::RespOk;
+}

 // ADMIN FUNCTIONS.
 // Permission is checked by the calling function.
--- a/servatrice/src/serversocketinterface.h
+++ b/servatrice/src/serversocketinterface.h
@ -49,6 +49,10 @@ class Command_UpdateServerMessage;
 class Command_ShutdownServer;
 class Command_ReloadConfig;

+class Command_AccountEdit;
+class Command_AccountImage;
+class Command_AccountPassword;
+
 class ServerSocketInterface : public Server_ProtocolHandler
 {
 	Q_OBJECT
@ -101,6 +105,10 @@ private:
 	Response::ResponseCode processExtendedModeratorCommand(int cmdType, const ModeratorCommand &cmd, ResponseContainer &rc);
 	Response::ResponseCode processExtendedAdminCommand(int cmdType, const AdminCommand &cmd, ResponseContainer &rc);

+	Response::ResponseCode cmdAccountEdit(const Command_AccountEdit &cmd, ResponseContainer &rc);
+	Response::ResponseCode cmdAccountImage(const Command_AccountImage &cmd, ResponseContainer &rc);
+	Response::ResponseCode cmdAccountPassword(const Command_AccountPassword &cmd, ResponseContainer &rc);
+
 	bool sendActivationTokenMail(const QString &nickname, const QString &recipient, const QString &token);
 public:
 	ServerSocketInterface(Servatrice *_server, Servatrice_DatabaseInterface *_databaseInterface, QObject *parent = 0);