themaster1970sf/TShock
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions

API now checks user credentials before granting tokens.

Browse source 
Added new permission - 'api' that allows the group access to using the API.
This commit is contained in:
Lucas Nicodemus 2011-09-05 02:12:36 -06:00
parent 839ce793c7
commit 17683eaeaa
2 changed files with 23 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

7
TShockAPI/RestManager.cs
View file

@ -18,11 +18,18 @@ namespace TShockAPI {
public void RegisterRestfulCommands()
{
Rest.Register(new RestCommand("/status", Status) {RequiesToken = false});
Rest.Register(new RestCommand("/tokentest", TokenTest) { RequiesToken = true });
//RegisterExamples();
}
#region RestMethods
object TokenTest(RestVerbs verbs, IParameterCollection parameters)
{
return new Dictionary<string, string>
{{"status", "200"}, {"response", "Token is valid and was passed through correctly."}};
}
object Status(RestVerbs verbs, IParameterCollection parameters)
{
var ReturnBlock = new Dictionary<string, string>();

16
TShockAPI/SecureRest.cs
View file

@ -23,6 +23,22 @@ namespace TShockAPI
var user = verbs["username"];
var pass = verbs["password"];
var userAccount = TShock.Users.GetUserByName(user);
if (userAccount == null)
{
return new Dictionary<string, string> { { "status", "401" }, { "error", "Invalid username/password combination provided. Please re-submit your query with a correct pair." } };
}
if (Tools.HashPassword(pass).ToUpper() != userAccount.Password.ToUpper())
{
return new Dictionary<string, string> { { "status", "401" }, { "error", "Invalid username/password combination provided. Please re-submit your query with a correct pair." } };
}
if (!Tools.GetGroup(userAccount.Group).HasPermission("api") && userAccount.Group != "superadmin")
{
return new Dictionary<string, string> { { "status", "403" }, { "error", "Although your account was successfully found and identified, your account lacks the permission required to use the API. (api)"} };
}
if (Verify != null && !Verify(user, pass))
return new Dictionary<string, string> { { "status", "401" } , { "error", "Invalid username/password combination provided. Please re-submit your query with a correct pair." } };