From e060f55896f20b09b16c228de2db8d46a3c68975 Mon Sep 17 00:00:00 2001 From: Henry Asbridge Date: Sat, 29 Jun 2024 19:14:16 +0100 Subject: [PATCH] Base64 encode auth tokens (#1029) * Base64 encode auth tokens to prevent issues in emails This fixes #1023, which should in turn solve some issues people were having with emails. * Make test bcrypt hash things as the auth token isn't one by default * Update ProjectLighthouse/Helpers/CryptoHelper.cs Co-authored-by: Josh * Make only email tokens base64 encoded --------- Co-authored-by: Zaprit Co-authored-by: Josh --- .../Integration/DatabaseTests.cs | 4 ++-- ProjectLighthouse/Helpers/CryptoHelper.cs | 7 ++++++- ProjectLighthouse/Helpers/EmailHelper.cs | 4 ++-- 3 files changed, 10 insertions(+), 5 deletions(-) diff --git a/ProjectLighthouse.Tests.GameApiTests/Integration/DatabaseTests.cs b/ProjectLighthouse.Tests.GameApiTests/Integration/DatabaseTests.cs index cc8ddc278..fb87b6186 100644 --- a/ProjectLighthouse.Tests.GameApiTests/Integration/DatabaseTests.cs +++ b/ProjectLighthouse.Tests.GameApiTests/Integration/DatabaseTests.cs @@ -20,8 +20,8 @@ public async Task CanCreateUserTwice() int rand = new Random().Next(); - UserEntity userA = await database.CreateUser("unitTestUser" + rand, CryptoHelper.GenerateAuthToken()); - UserEntity userB = await database.CreateUser("unitTestUser" + rand, CryptoHelper.GenerateAuthToken()); + UserEntity userA = await database.CreateUser("unitTestUser" + rand, CryptoHelper.BCryptHash(CryptoHelper.GenerateAuthToken())); + UserEntity userB = await database.CreateUser("unitTestUser" + rand, CryptoHelper.BCryptHash(CryptoHelper.GenerateAuthToken())); Assert.NotNull(userA); Assert.NotNull(userB); diff --git a/ProjectLighthouse/Helpers/CryptoHelper.cs b/ProjectLighthouse/Helpers/CryptoHelper.cs index 58a5282c0..dc719bf4a 100644 --- a/ProjectLighthouse/Helpers/CryptoHelper.cs +++ b/ProjectLighthouse/Helpers/CryptoHelper.cs @@ -16,10 +16,15 @@ public static class CryptoHelper public static string GenerateAuthToken() { byte[] bytes = (byte[])GenerateRandomBytes(256); - return BCryptHash(Sha256Hash(bytes)); } + public static string GenerateUrlToken() + { + byte[] bytes = (byte[])GenerateRandomBytes(256); + return Convert.ToBase64String(Encoding.UTF8.GetBytes(BCryptHash(Sha256Hash(bytes)))); + } + public static string ComputeDigest(string path, string authCookie, byte[] body, string digestKey, bool excludeBody = false) { diff --git a/ProjectLighthouse/Helpers/EmailHelper.cs b/ProjectLighthouse/Helpers/EmailHelper.cs index 3750f41c4..52c69f9da 100644 --- a/ProjectLighthouse/Helpers/EmailHelper.cs +++ b/ProjectLighthouse/Helpers/EmailHelper.cs @@ -52,7 +52,7 @@ public static async Task SendPasswordResetEmail(DatabaseContext database, IMailS { Created = DateTime.UtcNow, UserId = user.UserId, - ResetToken = CryptoHelper.GenerateAuthToken(), + ResetToken = CryptoHelper.GenerateUrlToken(), }; database.PasswordResetTokens.Add(token); @@ -92,7 +92,7 @@ public static async Task SendVerificationEmail(DatabaseContext database, I { UserId = user.UserId, User = user, - EmailToken = CryptoHelper.GenerateAuthToken(), + EmailToken = CryptoHelper.GenerateUrlToken(), ExpiresAt = DateTime.UtcNow.AddHours(6), };