From d5fb8ce5f1736303b9413c7803f0021f12f0e1cc Mon Sep 17 00:00:00 2001 From: rpaciorek Date: Sat, 19 Aug 2023 17:16:08 +0000 Subject: [PATCH] viking and user deletion (#19) --- README.md | 2 ++ mitm-redirect.py | 4 ++- .../Common/AuthenticationController.cs | 23 +++++++++++++++-- src/Controllers/Common/ContentController.cs | 6 ++++- .../Common/RegistrationController.cs | 25 +++++++++++++++++++ src/Model/DBContext.cs | 6 +++-- 6 files changed, 60 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 1b30f3f..6f29bc3 100644 --- a/README.md +++ b/README.md @@ -74,6 +74,8 @@ Then run School of Dragons. - GetChildList - GetUnselectedPetByTypes - UseInventory +- DeleteProfile +- DeleteAccountNotification #### Implemented enough (probably) - GetRules (doesn't return any rules, probably doesn't need to) diff --git a/mitm-redirect.py b/mitm-redirect.py index ceb71ae..bf21b65 100644 --- a/mitm-redirect.py +++ b/mitm-redirect.py @@ -69,7 +69,9 @@ methods = [ 'GetUnselectedPetByTypes', 'GetUserGameCurrency', 'SetAchievementByEntityIDs', - 'UseInventory' + 'UseInventory', + 'DeleteProfile', + 'DeleteAccountNotification' ] def routable(path): diff --git a/src/Controllers/Common/AuthenticationController.cs b/src/Controllers/Common/AuthenticationController.cs index 8330520..9bb89f6 100644 --- a/src/Controllers/Common/AuthenticationController.cs +++ b/src/Controllers/Common/AuthenticationController.cs @@ -136,14 +136,19 @@ public class AuthenticationController : Controller { public IActionResult LoginChild([FromForm] string parentApiToken) { User? user = ctx.Sessions.FirstOrDefault(e => e.ApiToken == parentApiToken)?.User; if (user is null) { - return Ok(); + return Unauthorized(); } // Find the viking string? childUserID = Request.Form["childUserID"]; Viking? viking = ctx.Vikings.FirstOrDefault(e => e.Id == childUserID); if (viking is null) { - return Ok(); + return Unauthorized(); + } + + // Check if user is viking parent + if (user != viking.User) { + return Unauthorized(); } // Create session @@ -158,4 +163,18 @@ public class AuthenticationController : Controller { // Return back the api token return Ok(session.ApiToken); } + + [HttpPost] + [Produces("application/xml")] + [Route("AuthenticationWebService.asmx/DeleteAccountNotification")] + public IActionResult DeleteAccountNotification([FromForm] string apiToken) { + User? user = ctx.Sessions.FirstOrDefault(e => e.ApiToken == apiToken)?.User; + if (user is null) + return Ok(MembershipUserStatus.ValidationError); + + ctx.Users.Remove(user); + ctx.SaveChanges(); + + return Ok(MembershipUserStatus.Success); + } } diff --git a/src/Controllers/Common/ContentController.cs b/src/Controllers/Common/ContentController.cs index 137dc8e..03d7ab8 100644 --- a/src/Controllers/Common/ContentController.cs +++ b/src/Controllers/Common/ContentController.cs @@ -913,12 +913,16 @@ public class ContentController : Controller { [HttpPost] [Produces("application/xml")] [Route("ContentWebService.asmx/SetNextItemState")] - public IActionResult SetNextItemState([FromForm] string setNextItemStateRequest) { + public IActionResult SetNextItemState([FromForm] string apiToken, [FromForm] string setNextItemStateRequest) { SetNextItemStateRequest request = XmlUtil.DeserializeXml(setNextItemStateRequest); RoomItem? item = ctx.RoomItems.FirstOrDefault(x => x.Id == request.UserItemPositionID); if (item is null) return Ok(); + Viking? viking = ctx.Sessions.FirstOrDefault(e => e.ApiToken == apiToken)?.Viking; + if (item.Room.Viking != viking) + return Unauthorized(); + // NOTE: The game sets OverrideStateCriteria only if a speedup is used return Ok(roomService.NextItemState(item, request.OverrideStateCriteria)); } diff --git a/src/Controllers/Common/RegistrationController.cs b/src/Controllers/Common/RegistrationController.cs index 0e92e3f..6f5dd51 100644 --- a/src/Controllers/Common/RegistrationController.cs +++ b/src/Controllers/Common/RegistrationController.cs @@ -22,6 +22,30 @@ public class RegistrationController : Controller { this.roomService = roomService; } + [HttpPost] + [Produces("application/xml")] + [Route("v3/RegistrationWebService.asmx/DeleteProfile")] + public IActionResult DeleteProfile([FromForm] string apiToken, [FromForm] string userID) { + User? user = ctx.Sessions.FirstOrDefault(e => e.ApiToken == apiToken)?.User; + if (user is null) { + return Ok(DeleteProfileStatus.OWNER_ID_NOT_FOUND); + } + + Viking? viking = ctx.Vikings.FirstOrDefault(e => e.Id == userID); + if (viking is null) { + return Ok(DeleteProfileStatus.PROFILE_NOT_FOUND); + } + + if (user != viking.User) { + return Ok(DeleteProfileStatus.PROFILE_NOT_OWNED_BY_THIS_OWNER); + } + + ctx.Vikings.Remove(viking); + ctx.SaveChanges(); + + return Ok(DeleteProfileStatus.SUCCESS); + } + [HttpPost] [Produces("application/xml")] [Route("v3/RegistrationWebService.asmx/RegisterParent")] @@ -93,6 +117,7 @@ public class RegistrationController : Controller { Name = data.ChildName, User = user, Inventory = inv, + AchievementPoints = new List(), Rooms = new List() }; diff --git a/src/Model/DBContext.cs b/src/Model/DBContext.cs index d2ef372..a8bcb05 100644 --- a/src/Model/DBContext.cs +++ b/src/Model/DBContext.cs @@ -28,11 +28,13 @@ public class DBContext : DbContext { protected override void OnModelCreating(ModelBuilder builder) { builder.Entity().HasOne(s => s.User) .WithMany(e => e.Sessions) - .HasForeignKey(e => e.UserId); + .HasForeignKey(e => e.UserId) + .OnDelete(DeleteBehavior.Cascade); builder.Entity().HasOne(s => s.Viking) .WithMany(e => e.Sessions) - .HasForeignKey(e => e.VikingId); + .HasForeignKey(e => e.VikingId) + .OnDelete(DeleteBehavior.Cascade); builder.Entity().HasMany(u => u.Sessions) .WithOne(e => e.User);