viking and user deletion (#19)

2025-10-11 08:18:49 -07:00 · 2023-08-19 17:16:08 +00:00 · 2023-08-19 17:16:08 +00:00 · d5fb8ce5f1
commit d5fb8ce5f1
parent c3bb769934
6 changed files with 60 additions and 6 deletions
--- a/README.md
+++ b/README.md
@ -74,6 +74,8 @@ Then run School of Dragons.
 - GetChildList
 - GetUnselectedPetByTypes
 - UseInventory
+- DeleteProfile
+- DeleteAccountNotification

 #### Implemented enough (probably)
 - GetRules (doesn't return any rules, probably doesn't need to)
--- a/mitm-redirect.py
+++ b/mitm-redirect.py
@ -69,7 +69,9 @@ methods = [
  'GetUnselectedPetByTypes',
  'GetUserGameCurrency',
  'SetAchievementByEntityIDs',
-  'UseInventory'
+  'UseInventory',
+  'DeleteProfile',
+  'DeleteAccountNotification'
 ]

 def routable(path):
--- a/src/Controllers/Common/AuthenticationController.cs
+++ b/src/Controllers/Common/AuthenticationController.cs
@ -136,14 +136,19 @@ public class AuthenticationController : Controller {
    public IActionResult LoginChild([FromForm] string parentApiToken) {
        User? user = ctx.Sessions.FirstOrDefault(e => e.ApiToken == parentApiToken)?.User;
        if (user is null) {
-            return Ok();
+            return Unauthorized();
        }

        // Find the viking
        string? childUserID = Request.Form["childUserID"];
        Viking? viking = ctx.Vikings.FirstOrDefault(e => e.Id == childUserID);
        if (viking is null) {
-            return Ok();
+            return Unauthorized();
+        }
+
+        // Check if user is viking parent
+        if (user != viking.User) {
+            return Unauthorized();
        }

        // Create session
@ -158,4 +163,18 @@ public class AuthenticationController : Controller {
        // Return back the api token
        return Ok(session.ApiToken);
    }
+
+    [HttpPost]
+    [Produces("application/xml")]
+    [Route("AuthenticationWebService.asmx/DeleteAccountNotification")]
+    public IActionResult DeleteAccountNotification([FromForm] string apiToken) {
+        User? user = ctx.Sessions.FirstOrDefault(e => e.ApiToken == apiToken)?.User;
+        if (user is null)
+            return Ok(MembershipUserStatus.ValidationError);
+
+        ctx.Users.Remove(user);
+        ctx.SaveChanges();
+
+        return Ok(MembershipUserStatus.Success);
+    }
 }
--- a/src/Controllers/Common/ContentController.cs
+++ b/src/Controllers/Common/ContentController.cs
@ -913,12 +913,16 @@ public class ContentController : Controller {
    [HttpPost]
    [Produces("application/xml")]
    [Route("ContentWebService.asmx/SetNextItemState")]
-    public IActionResult SetNextItemState([FromForm] string setNextItemStateRequest) {
+    public IActionResult SetNextItemState([FromForm] string apiToken, [FromForm] string setNextItemStateRequest) {
        SetNextItemStateRequest request = XmlUtil.DeserializeXml<SetNextItemStateRequest>(setNextItemStateRequest);
        RoomItem? item = ctx.RoomItems.FirstOrDefault(x => x.Id == request.UserItemPositionID);
        if (item is null)
            return Ok();

+        Viking? viking = ctx.Sessions.FirstOrDefault(e => e.ApiToken == apiToken)?.Viking;
+        if (item.Room.Viking != viking)
+            return Unauthorized();
+
        // NOTE: The game sets OverrideStateCriteria only if a speedup is used
        return Ok(roomService.NextItemState(item, request.OverrideStateCriteria));
    }
--- a/src/Controllers/Common/RegistrationController.cs
+++ b/src/Controllers/Common/RegistrationController.cs
@ -22,6 +22,30 @@ public class RegistrationController : Controller {
        this.roomService = roomService;
    }

+    [HttpPost]
+    [Produces("application/xml")]
+    [Route("v3/RegistrationWebService.asmx/DeleteProfile")]
+    public IActionResult DeleteProfile([FromForm] string apiToken, [FromForm] string userID) {
+        User? user = ctx.Sessions.FirstOrDefault(e => e.ApiToken == apiToken)?.User;
+        if (user is null) {
+            return Ok(DeleteProfileStatus.OWNER_ID_NOT_FOUND);
+        }
+
+        Viking? viking = ctx.Vikings.FirstOrDefault(e => e.Id == userID);
+        if (viking is null) {
+            return Ok(DeleteProfileStatus.PROFILE_NOT_FOUND);
+        }
+
+        if (user != viking.User) {
+            return Ok(DeleteProfileStatus.PROFILE_NOT_OWNED_BY_THIS_OWNER);
+        }
+
+        ctx.Vikings.Remove(viking);
+        ctx.SaveChanges();
+
+        return Ok(DeleteProfileStatus.SUCCESS);
+    }
+
    [HttpPost]
    [Produces("application/xml")]
    [Route("v3/RegistrationWebService.asmx/RegisterParent")]
@ -93,6 +117,7 @@ public class RegistrationController : Controller {
            Name = data.ChildName,
            User = user,
            Inventory = inv,
+            AchievementPoints = new List<AchievementPoints>(),
            Rooms = new List<Room>()
        };
        
--- a/src/Model/DBContext.cs
+++ b/src/Model/DBContext.cs
@ -28,11 +28,13 @@ public class DBContext : DbContext {
    protected override void OnModelCreating(ModelBuilder builder) {
        builder.Entity<Session>().HasOne(s => s.User)
            .WithMany(e => e.Sessions)
-            .HasForeignKey(e => e.UserId);
+            .HasForeignKey(e => e.UserId)
+            .OnDelete(DeleteBehavior.Cascade);

        builder.Entity<Session>().HasOne(s => s.Viking)
            .WithMany(e => e.Sessions)
-            .HasForeignKey(e => e.VikingId);
+            .HasForeignKey(e => e.VikingId)
+            .OnDelete(DeleteBehavior.Cascade);

        builder.Entity<User>().HasMany(u => u.Sessions)
            .WithOne(e => e.User);