Added username and password checking to OIDC protocol. Applications are still manually added by EF at the moment, but I'm probably going to trash EF.

Author: nref-dan

src/Database/game/Patches/PatchControl.xml

@@ -0,0 +1,3 @@
+<PatchControl>
+	<SchemaPatch filename="SchemaPatch1_001.sql" version="1.001" />
+</PatchControl>

src/Database/game/Patches/SchemaPatch1_001.sql

@@ -0,0 +1,54 @@
+/*
+	************************
+	Patch Version:	1.001
+	Written By:		Marakai
+	Description:	Create the user and access rights for the API
+	Depends On:		None
+	************************
+*/
+
+begin transaction CREATE_API_USER
+set xact_abort on
+set transaction isolation level read committed
+
+if not exists (select * from sys.schemas where name = 'API')
+	exec('create schema API'); -- Allows it to run in its own batch
+
+if not exists (select * from sys.server_principals where type = 'S' and name='api_user')
+	create login api_user with password='ChangeMe';
+
+if not exists (select * from sys.database_principals where type = 'S' and name='api_user')
+	create user api_user for login api_user with default_schema=dbo;
+
+grant EXECUTE on schema :: dbo to api_user;
+grant EXECUTE on schema :: API to api_user;
+
+create table dbo.DBPatchVersion
+(
+	PatchId int not null,
+	PatchName nvarchar(500) not null,
+	VersionNumber nvarchar(30) not null,
+	DateApplied datetimeoffset not null,
+	MessageLog nvarchar(max) null,
+	constraint PK_DBPatchVersion_PatchId primary key (PatchId),
+	constraint UQ_DBPatchVersion_VersionNumber unique (VersionNumber)
+);
+
+insert into dbo.DBPatchVersion
+(
+	PatchId,
+	PatchName,
+	VersionNumber,
+	DateApplied,
+	MessageLog
+)
+values
+(
+	1000,
+	'Create_Database_Init',
+	'1.000',
+	getdate(),
+	'Initialised database with baseline settings'
+);
+
+commit transaction CREATE_API_USER;

src/Database/game/Procedures/API.AuthenticateAndGetUserInfo.sql

@@ -0,0 +1,24 @@
+if object_id('API.AuthenticateAndGetUserInfo', 'P') is not null
+	drop procedure API.AuthenticateAndGetUserInfo;
+go
+
+create procedure API.AuthenticateAndGetUserInfo
+	@Email varchar(50),
+	@Password varchar(100)
+as
+
+select
+	accountID as AccountId,
+	email as Email,
+	firstName as FirstName,
+	lastName as LastName,
+	accLevel as AccessLevel,
+	lastLoggedIn as LastLoggedIn,
+	creation as CreationDate,
+	bantime as BanDate,
+	banlength as BanLengthMinutes,
+	emailConfirmed as EmailConfirmed,
+	isactive as IsActive,
+	totalMinsOnline as TotalMinutesOnline
+from accounts
+where email = @email and [password] = @password;

src/OpenPerpetuum.Api/Controllers/AuthorisationController.cs

@@ -19,6 +19,7 @@
 using OpenPerpetuum.Core.Authorisation.Models;
 using OpenPerpetuum.Core.Authorisation.Queries;
 using OpenPerpetuum.Core.Foundation.Processing;
+using OpenPerpetuum.Core.Foundation.Security;
 
 namespace OpenPerpetuum.Api.Controllers
 {
@@ -204,11 +205,20 @@ public async Task<IActionResult> Login([FromForm] LoginViewModel viewModel)
 			if (!ModelState.IsValid)
 				return BadRequest();
 			await HttpContext.SignOutAsync("ServerCookie");
-			// Check the username and password just testing for now so allow it
+
+			UserModel user = QueryProcessor.Process(new GAME_AuthenticateAndGetUserDetailsQuery
+			{
+				Email = viewModel.Username,
+				EncryptedPassword = viewModel.Password.ToLegacyShaString()
+			});
 
 			// Create the identity principal
 			var userIdentity = new ClaimsIdentity(new List<Claim> { new Claim(ClaimTypes.Name, viewModel.Username), new Claim(ClaimTypes.NameIdentifier, Guid.NewGuid().ToString()) }, "ServerCookie");
 			ClaimsPrincipal principal = new ClaimsPrincipal(userIdentity);
+			
+			if (user == UserModel.Default)
+				return Unauthorized();
+
 			await HttpContext.SignInAsync(
 					"ServerCookie",
 					principal);

src/OpenPerpetuum.Api/appsettings.Development.json

@@ -10,17 +10,17 @@
       {
         "ProviderName": "API",
         "Username": "api_mgmt_user",
-        "Password": "MyPassword",
+        "Password": "MyPa55word",
         "DefaultDatabase": "api",
-        "Server": "tcp:10.0.0.95",
+        "Server": "tcp:192.168.1.159\\OPENPERPETUUM",
         "Type": "MicrosoftSql"
       },
       {
         "ProviderName": "Game",
         "Username": "api_user",
-        "Password": "MyOtherPassword",
-        "DefaultDatabase": "perpetuum",
-        "Server": "tcp:10.0.0.95",
+        "Password": "MyOtherPa55word",
+        "DefaultDatabase": "perpetuumsa",
+        "Server": "tcp:192.168.1.159\\OPENPERPETUUM",
         "Type": "MicrosoftSql"
       }
     ]

src/OpenPerpetuum.Core.Authorisation/AssemblyInfo.cs

@@ -0,0 +1,3 @@
+using System.Runtime.CompilerServices;
+
+[assembly: InternalsVisibleTo("OpenPerpetuum.Core.DataServices")]

src/OpenPerpetuum.Core.Authorisation/DatabaseResults/UserResult.cs

@@ -0,0 +1,93 @@
+using OpenPerpetuum.Core.Authorisation.Models;
+using OpenPerpetuum.Core.DataServices.Database;
+using System;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+
+namespace OpenPerpetuum.Core.Authorisation.DatabaseResults
+{
+	internal class UserData
+	{
+		public int AccountId
+		{
+			get;
+			set;
+		}
+
+		public string Email
+		{
+			get;
+			set;
+		}
+
+		public string FirstName
+		{
+			get;
+			set;
+		}
+
+		public string LastName
+		{
+			get;
+			set;
+		}
+
+		public AccessLevel AccessLevel
+		{
+			get;
+			set;
+		}
+
+		public DateTime LastLoggedIn
+		{
+			get;
+			set;
+		}
+
+		public DateTime CreationDate
+		{
+			get;
+			set;
+		}
+
+		public DateTime BanDate
+		{
+			get;
+			set;
+		}
+
+		public int BanLengthMinutes
+		{
+			get;
+			set;
+		}
+
+		public bool EmailConfirmed
+		{
+			get;
+			set;
+		}
+
+		public bool IsActive
+		{
+			get;
+			set;
+		}
+
+		public int TotalMinutesOnline
+		{
+			get;
+			set;
+		}
+	}
+
+	internal class UserResult : DatabaseResult
+	{
+		public ReadOnlyCollection<UserData> Users => ((ResultSet<UserData>)Results[0])?.Data ??  new List<UserData>().AsReadOnly();
+
+		public UserResult()
+		{
+			Results.Add(0, new ResultSet<UserData>(0));
+		}
+	}
+}

src/OpenPerpetuum.Core.Authorisation/Models/AccessLevel.cs

@@ -0,0 +1,14 @@
+namespace OpenPerpetuum.Core.Authorisation.Models
+{
+	// Ripped from the OP Server AccessLevel enum
+	public enum AccessLevel : int // This is uint in the server code but int in the database. Database should be changed but there's a long list...
+	{
+		NotDefined = 0,
+		Normal = 2,
+		GameAdmin = 6,
+		ToolAdmin = 14,
+		Owner = 30,
+		AllAdmin = ToolAdmin | GameAdmin,
+		Admin = AllAdmin
+	}
+}

src/OpenPerpetuum.Core.Authorisation/Models/UserModel.cs

@@ -0,0 +1,102 @@
+using System;
+
+namespace OpenPerpetuum.Core.Authorisation.Models
+{
+	public class UserModel
+	{
+		public static UserModel Default = new UserModel
+		{
+			AccessLevel = AccessLevel.NotDefined,
+			AccountId = -1,
+			BanDate = DateTimeOffset.MinValue,
+			BanExpires = DateTimeOffset.MaxValue,
+			BanLength = DateTimeOffset.MaxValue.Subtract(DateTimeOffset.MinValue),
+			CreationDate = DateTimeOffset.MinValue,
+			Email = string.Empty,
+			EmailConfirmed = false,
+			FirstName = string.Empty,
+			IsActive = false,
+			LastLoggedIn = DateTimeOffset.MinValue,
+			LastName = string.Empty,
+			TotalTimeOnline = TimeSpan.FromTicks(0)
+		};
+
+		public int AccountId
+		{
+			get;
+			set;
+		}
+
+		public string Email
+		{
+			get;
+			set;
+		}
+
+		public string FirstName
+		{
+			get;
+			set;
+		}
+
+		public string LastName
+		{
+			get;
+			set;
+		}
+
+		public AccessLevel AccessLevel
+		{
+			get;
+			set;
+		}
+
+		public DateTimeOffset LastLoggedIn
+		{
+			get;
+			set;
+		}
+
+		public DateTimeOffset CreationDate
+		{
+			get;
+			set;
+		}
+
+		public DateTimeOffset BanDate
+		{
+			get;
+			set;
+		}
+
+		public DateTimeOffset BanExpires
+		{
+			get;
+			set;
+		}
+
+		public TimeSpan BanLength
+		{
+			get;
+			set;
+		}
+
+		public bool EmailConfirmed
+		{
+			get;
+			set;
+		}
+
+		public bool IsActive
+		{
+			get;
+			set;
+		}
+
+		public TimeSpan TotalTimeOnline
+		{
+			get;
+			set;
+		}
+	}
+}

src/OpenPerpetuum.Core.Authorisation/OpenPerpetuum.Core.Authorisation.csproj

@@ -2,6 +2,8 @@
 
   <PropertyGroup>
     <TargetFramework>netcoreapp2.1</TargetFramework>
+    <Copyright>OpenPerpetuum 2018</Copyright>
+    <NeutralLanguage>en-GB</NeutralLanguage>
   </PropertyGroup>
 
   <ItemGroup>