viking and user deletion (#19)

2025-10-11 08:18:49 -07:00 · 2023-08-19 17:16:08 +00:00 · 2023-08-19 17:16:08 +00:00 · d5fb8ce5f1
commit d5fb8ce5f1
parent c3bb769934
6 changed files with 60 additions and 6 deletions
--- a/README.md
+++ b/README.md
@ -74,6 +74,8 @@ Then run School of Dragons.
 - GetChildList
 - GetUnselectedPetByTypes
 - UseInventory
 - DeleteProfile
 - DeleteAccountNotification
 #### Implemented enough (probably)
 - GetRules (doesn't return any rules, probably doesn't need to)
--- a/mitm-redirect.py
+++ b/mitm-redirect.py
@ -69,7 +69,9 @@ methods = [
  'GetUnselectedPetByTypes',
  'GetUserGameCurrency',
  'SetAchievementByEntityIDs',
-  'UseInventory'
+  'UseInventory',
  'DeleteProfile',
  'DeleteAccountNotification'
 ]
 def routable(path):
--- a/src/Controllers/Common/AuthenticationController.cs
+++ b/src/Controllers/Common/AuthenticationController.cs
@ -136,14 +136,19 @@ public class AuthenticationController : Controller {
    public IActionResult LoginChild([FromForm] string parentApiToken) {
        User? user = ctx.Sessions.FirstOrDefault(e => e.ApiToken == parentApiToken)?.User;
        if (user is null) {
-            return Ok();
+            return Unauthorized();
        }
        // Find the viking
        string? childUserID = Request.Form["childUserID"];
        Viking? viking = ctx.Vikings.FirstOrDefault(e => e.Id == childUserID);
        if (viking is null) {
-            return Ok();
+            return Unauthorized();
        }
        // Check if user is viking parent
        if (user != viking.User) {
            return Unauthorized();
        }
        // Create session
@ -158,4 +163,18 @@ public class AuthenticationController : Controller {
        // Return back the api token
        return Ok(session.ApiToken);
    }
    [HttpPost]
    [Produces("application/xml")]
    [Route("AuthenticationWebService.asmx/DeleteAccountNotification")]
    public IActionResult DeleteAccountNotification([FromForm] string apiToken) {
        User? user = ctx.Sessions.FirstOrDefault(e => e.ApiToken == apiToken)?.User;
        if (user is null)
            return Ok(MembershipUserStatus.ValidationError);
        ctx.Users.Remove(user);
        ctx.SaveChanges();
        return Ok(MembershipUserStatus.Success);
    }
 }
--- a/src/Controllers/Common/ContentController.cs
+++ b/src/Controllers/Common/ContentController.cs
@ -913,12 +913,16 @@ public class ContentController : Controller {
    [HttpPost]
    [Produces("application/xml")]
    [Route("ContentWebService.asmx/SetNextItemState")]
-    public IActionResult SetNextItemState([FromForm] string setNextItemStateRequest) {
+    public IActionResult SetNextItemState([FromForm] string apiToken, [FromForm] string setNextItemStateRequest) {
        SetNextItemStateRequest request = XmlUtil.DeserializeXml<SetNextItemStateRequest>(setNextItemStateRequest);
        RoomItem? item = ctx.RoomItems.FirstOrDefault(x => x.Id == request.UserItemPositionID);
        if (item is null)
            return Ok();
        Viking? viking = ctx.Sessions.FirstOrDefault(e => e.ApiToken == apiToken)?.Viking;
        if (item.Room.Viking != viking)
            return Unauthorized();
        // NOTE: The game sets OverrideStateCriteria only if a speedup is used
        return Ok(roomService.NextItemState(item, request.OverrideStateCriteria));
    }
--- a/src/Controllers/Common/RegistrationController.cs
+++ b/src/Controllers/Common/RegistrationController.cs
@ -22,6 +22,30 @@ public class RegistrationController : Controller {
        this.roomService = roomService;
    }
    [HttpPost]
    [Produces("application/xml")]
    [Route("v3/RegistrationWebService.asmx/DeleteProfile")]
    public IActionResult DeleteProfile([FromForm] string apiToken, [FromForm] string userID) {
        User? user = ctx.Sessions.FirstOrDefault(e => e.ApiToken == apiToken)?.User;
        if (user is null) {
            return Ok(DeleteProfileStatus.OWNER_ID_NOT_FOUND);
        }
        Viking? viking = ctx.Vikings.FirstOrDefault(e => e.Id == userID);
        if (viking is null) {
            return Ok(DeleteProfileStatus.PROFILE_NOT_FOUND);
        }
        if (user != viking.User) {
            return Ok(DeleteProfileStatus.PROFILE_NOT_OWNED_BY_THIS_OWNER);
        }
        ctx.Vikings.Remove(viking);
        ctx.SaveChanges();
        return Ok(DeleteProfileStatus.SUCCESS);
    }
    [HttpPost]
    [Produces("application/xml")]
    [Route("v3/RegistrationWebService.asmx/RegisterParent")]
@ -93,6 +117,7 @@ public class RegistrationController : Controller {
            Name = data.ChildName,
            User = user,
            Inventory = inv,
            AchievementPoints = new List<AchievementPoints>(),
            Rooms = new List<Room>()
        };
--- a/src/Model/DBContext.cs
+++ b/src/Model/DBContext.cs
@ -28,11 +28,13 @@ public class DBContext : DbContext {
    protected override void OnModelCreating(ModelBuilder builder) {
        builder.Entity<Session>().HasOne(s => s.User)
            .WithMany(e => e.Sessions)
-            .HasForeignKey(e => e.UserId);
+            .HasForeignKey(e => e.UserId)
            .OnDelete(DeleteBehavior.Cascade);
        builder.Entity<Session>().HasOne(s => s.Viking)
            .WithMany(e => e.Sessions)
-            .HasForeignKey(e => e.VikingId);
+            .HasForeignKey(e => e.VikingId)
            .OnDelete(DeleteBehavior.Cascade);
        builder.Entity<User>().HasMany(u => u.Sessions)
            .WithOne(e => e.User);