SoWeBegin
diff --git a/‎AuthServer/src/AuthService.cpp‎
Lines changed: 3 additions & 76 deletions b/‎AuthServer/src/AuthService.cpp‎
Lines changed: 3 additions & 76 deletions
diff --git a/‎MainServer/include/ChatCommands/Commands/ChangeUsername.h‎
Lines changed: 295 additions & 0 deletions b/‎MainServer/include/ChatCommands/Commands/ChangeUsername.h‎
Lines changed: 295 additions & 0 deletions
diff --git a/‎MainServer/include/Network/MainSession.h‎
Lines changed: 2 additions & 0 deletions b/‎MainServer/include/Network/MainSession.h‎
Lines changed: 2 additions & 0 deletions
@@ -195,87 +195,14 @@ namespace Auth
 
 
 	Auth::Enums::Login AuthService::authorizeUngraded(const Auth::Structures::BasicAccountInfo& ainfo,const std::optional<std::string>& token,const std::string& plainPw)
-	{
-		const bool enhancedSecurity = Common::Utils::SetupParser::getInstance().getAuthSetup().enhancedSecurity;
-		const bool passwordOk = validatePassword(plainPw, ainfo.hashedPassword);
-
-		bool tokenOk = true;
-		if (ainfo.secret.empty())
+	{	
+		if (!validatePassword(plainPw, ainfo.hashedPassword))
 		{
-			if (enhancedSecurity)
-			{
-				m_persistentDatabase.logGameEvent("AuthUngradedLogin",
-					"Failed login: missing mandatory secret for ungraded account " + std::to_string(ainfo.ainfoClient.accountId),"MEDIUM");
-				return Auth::Enums::Login::INCORRECT;
-			}
-		}
-		if (!ainfo.secret.empty())
-		{
-			tokenOk = verifyToken(ainfo.secret, token);
-		}
-
-		auto& counters = m_badLoginAttempts[ainfo.ainfoClient.accountId];
-		if (!passwordOk)
-		{
-			++counters.totalWrongPasswords;
-			m_persistentDatabase.logGameEvent("AuthUngradedLogin",
-				"Failed login: incorrect password for ungraded account " + std::to_string(ainfo.ainfoClient.accountId),"LOW");
-		}
-		else if (!tokenOk)
-		{
-			++counters.totalWrong2fas;
-			m_persistentDatabase.logGameEvent("AuthUngradedLogin",
-				"Failed login: invalid 2FA token for ungraded account " + std::to_string(ainfo.ainfoClient.accountId),"LOW");
+			return Auth::Enums::Login::INCORRECT;
 		}
 
-		constexpr std::uint32_t MAX_2FA_ATTEMPTS = 5;
 		std::uint64_t suspendedUntilEpoch = Common::Utils::datetimeToEpoch(ainfo.suspendedUntil);
 		std::uint64_t currentEpoch = static_cast<std::uint64_t>(std::chrono::duration_cast<std::chrono::seconds>(std::chrono::system_clock::now().time_since_epoch()).count());
-
-		if (counters.totalWrong2fas >= MAX_2FA_ATTEMPTS && enhancedSecurity)
-		{
-			if (suspendedUntilEpoch > currentEpoch)
-			{
-				return Auth::Enums::Login::INCORRECT;
-			}
-			if (auto decrypted = Common::Utils::decryptEmail(ainfo.encryptedEmail, Common::Utils::SetupParser::getInstance().getGeneralSetup().emailSecret))
-			{
-				m_emailDispatcher.sendEmailAsync({ decrypted.value() }, "[Security] Your ToyBattles account was banned",          
-					"This is an automatic notification. For security reasons, your TB account was suspended due to 5 wrong login attempts in the game (5 wrong 2FA tokens used).",
-					[accountId = ainfo.ainfoClient.accountId, this]() {
-						m_persistentDatabase.logGameEvent("EmailNotification",
-							"Failed to send email to target after the account was locked due to too many 2FA wrong attempts for accountID: " + std::to_string(accountId),
-							"HIGH");
-					}
-				);
-			}
-			else
-			{
-				m_persistentDatabase.logGameEvent("EmailDecryption",
-					"Failed to decrypt email to contact target after their account was locked due to too many 2FA wrong attempts for accountID: " 
-					+ std::to_string(ainfo.ainfoClient.accountId), "HIGH");
-			}
-			if (!tryLockAccount(ainfo.ainfoClient.accountId, false))
-			{
-				m_persistentDatabase.logGameEvent("AuthUngradedLogin",
-					"Account lock attempt failed for ungraded account " + std::to_string(ainfo.ainfoClient.accountId), "HIGH");
-				return Auth::Enums::Login::INCORRECT;
-			}
-
-			m_persistentDatabase.logGameEvent("AuthUngradedLogin",
-				"Account locked due to repeated failed 2FA attempts: " + std::to_string(ainfo.ainfoClient.accountId), "HIGH");
-
-			m_badLoginAttempts.erase(ainfo.ainfoClient.accountId);
-			return Auth::Enums::Login::INCORRECT;
-		}
-
-		if (!passwordOk || !tokenOk)
-		{
-			return Auth::Enums::Login::INCORRECT;
-		}
-
-		m_badLoginAttempts.erase(ainfo.ainfoClient.accountId);
-
 		if (suspendedUntilEpoch > currentEpoch)
 		{
 			m_persistentDatabase.logGameEvent("AuthUngradedLogin","Login attempt on suspended ungraded account " + std::to_string(ainfo.ainfoClient.accountId),"LOW");
 
@@ -0,0 +1,295 @@
+#ifndef CHANGE_USERNAME_COMMAND_HEADER
+#define CHANGE_USERNAME_COMMAND_HEADER
+
+#include "../ICommand.h"
+#include "../ChatCommands.h"
+#include "Utils/Utils.h"
+#include "../../MainServer.h"
+#include <source_location>
+#include <regex>
+#include <libbcrypt/include/bcrypt/BCrypt.hpp>
+#include <libcppotp/auth.h>
+
+namespace Main
+{
+    namespace Command
+    {
+        class ChangeUsername final : public ICommand
+        {
+        private:
+            std::string m_password{};
+            std::string m_2faToken{};
+            std::string m_newUsername{};
+
+            bool validatePassword(const std::string& plain, std::string hash)
+            {
+                if (BCrypt::validatePassword(plain, hash))
+                    return true;
+
+                if (hash.substr(0, 4) == "$2b$")
+                {
+                    std::string hash_2a = hash;
+                    hash_2a[2] = 'a';
+                    return BCrypt::validatePassword(plain, hash_2a);
+                }
+
+                return false;
+            }
+
+            bool parseCommand(const std::string& providedCommand) override
+            {
+                std::smatch match;
+                if (std::regex_match(providedCommand, match, this->m_pattern))
+                {
+                    m_password = match[2].str();
+                    m_2faToken = match[3].str();
+                    m_newUsername = match[4].str();
+                    return true;
+                }
+                return false;
+            }
+
+            bool verifyToken(const std::string& encryptedSecret, const std::optional<std::string>& token)
+            {
+                if (encryptedSecret.empty() || !token.has_value()) return false;
+
+                auto optSecret = Common::Utils::decrypt2FASecret(encryptedSecret,
+                    Common::Utils::SetupParser::getInstance().getGeneralSetup().twoFaSecret);
+                if (!optSecret) return false;
+
+                const int t_interval = 30;
+                std::time_t now = std::time(nullptr);
+
+                for (int i = -1; i <= 1; ++i)
+                {
+                    auto expectedToken = auth::generateToken(optSecret.value(), now + i * t_interval, t_interval);
+                    std::ostringstream oss;
+                    oss << std::setw(6) << std::setfill('0') << expectedToken;
+
+                    if (oss.str() == token.value()) return true;
+                }
+
+                return false;
+            }
+
+            bool validateUsername(const std::string& username)
+            {
+                if (username.length() < 4 || username.length() > 20)
+                    return false;
+
+                if (!std::isalpha(username[0]))
+                    return false;
+
+                for (char c : username)
+                {
+                    if (!std::isalnum(c) && c != '_')
+                        return false;
+                }
+
+                if (username.find("__") != std::string::npos)
+                    return false;
+
+                bool hasLetter = false;
+                for (char c : username)
+                {
+                    if (std::isalpha(c))
+                    {
+                        hasLetter = true;
+                        break;
+                    }
+                }
+
+                return hasLetter;
+            }
+
+        public:
+            explicit ChangeUsername(const Common::Enums::PlayerGrade requiredGrade)
+                : ICommand{ requiredGrade, "/changeusername <Password> <2faToken> <NewUsername>",
+                    R"(^(\S+)\s*(\S+)\s*(\S+)\s*(\S+)\s*$)" }
+            {
+            }
+
+            void execute(const std::string& command, std::shared_ptr<Main::Network::Session> session,
+                MN::SessionsManager& sessionsManager, MC::RoomsManager&, MP::MainScheduler& scheduler,
+                std::uint32_t, Main::MainServer& server) override
+            {
+                const auto& ainfo = session->getAccountInfo();
+                if (ainfo.playerGrade >= Common::Enums::PlayerGrade::GRADE_MOD)
+                {
+                    session->sendMessage("error: staff accounts cannot change username. Contact admins.");
+                    return;
+                }
+
+                if (!parseCommand(command))
+                {
+                    session->sendMessage("error: invalid command format. Usage: /changeusername <Password> <2faToken> <NewUsername>");
+                    return;
+                }
+
+                if (!validateUsername(m_newUsername))
+                {
+                    session->sendMessage("error: invalid username. Must be 4-20 characters, start with a letter, and contain only letters, numbers, and underscores (no consecutive underscores)");
+                    return;
+                }
+
+                auto encryptedEmail = scheduler.immediatePersist(std::source_location::current(),
+                    &Main::Persistence::PersistentDatabase::getColumnByAid, "Email", ainfo.accountID);
+
+                if (!encryptedEmail || encryptedEmail->empty())
+                {
+                    session->sendMessage("error: account does not have a registered email. Username change not allowed.");
+                    return;
+                }
+
+                auto decryptedEmail = Common::Utils::decryptEmail(encryptedEmail.value(),
+                    Common::Utils::SetupParser::getInstance().getGeneralSetup().emailSecret);
+
+                if (!decryptedEmail)
+                {
+                    session->sendMessage("error: failed to fetch email from database.");
+                    return;
+                }
+
+                bool usernameExists = scheduler.immediatePersist(std::source_location::current(),
+                    &Main::Persistence::PersistentDatabase::checkUsernameExists, m_newUsername);
+
+                if (usernameExists)
+                {
+                    session->sendMessage("error: username already taken");
+                    return;
+                }
+
+                auto hashedPassword = scheduler.immediatePersist(std::source_location::current(),
+                    &Main::Persistence::PersistentDatabase::getColumnByAid, "Password", ainfo.accountID);
+
+                if (!hashedPassword.has_value())
+                {
+                    session->sendMessage("error: failed to retrieve account data");
+                    return;
+                }
+
+                const std::uint32_t maxAttempts = 5;
+
+                if (!validatePassword(m_password, hashedPassword.value()))
+                {
+                    session->m_totalWrongUsernameChange++;
+
+                    if (session->m_totalWrongUsernameChange >= maxAttempts)
+                    {
+                        sessionsManager.removeSession(ainfo.uniqueId.session);
+                        if (!session->banAccount(9999, "[Automatic] Too many wrong passwords while changing username",
+                            Common::Enums::GRADE_SYSTEM))
+                        {
+                            session->sendMessage("error: unknown error");
+                        }
+                        else
+                        {
+                            auto subject = "Your TB Account Was Banned";
+                            auto body = "Hello " + std::string(ainfo.nickname) +
+                                ", your TB account was automatically banned as you attempted to change your username "
+                                "but provided the wrong password " + std::to_string(maxAttempts) +
+                                " consecutive times! Contact support for help.";
+
+                            server.emailDispatcher.sendEmailAsync(
+                                { decryptedEmail.value() }, subject, body,
+                                [accountId = ainfo.accountID, &scheduler, this]() {
+                                    scheduler.immediatePersist(std::source_location::current(),
+                                    &Main::Persistence::PersistentDatabase::logGameEvent,
+                                    "EmailUsernameChange",
+                                    "Failed to send account ban email for accountID: " + std::to_string(accountId),
+                                    "HIGH");
+                                });
+                        }
+                        return;
+                    }
+
+                    session->sendMessage("error: password is incorrect");
+                    return;
+                }
+
+                auto encryptedSecret = scheduler.immediatePersist(std::source_location::current(),
+                    &Main::Persistence::PersistentDatabase::getColumnByAid, "Secret", ainfo.accountID);
+
+                if (!encryptedSecret.has_value())
+                {
+                    session->sendMessage("error: failed to retrieve 2FA data");
+                    return;
+                }
+
+                if (!verifyToken(encryptedSecret.value(), m_2faToken))
+                {
+                    session->m_totalWrong2FaUsernameChange++;
+
+                    if (session->m_totalWrong2FaUsernameChange >= maxAttempts)
+                    {
+                        sessionsManager.removeSession(ainfo.uniqueId.session);
+                        if (!session->banAccount(9999, "[Automatic] Too many wrong 2FAs while changing username",
+                            Common::Enums::GRADE_SYSTEM))
+                        {
+                            session->sendMessage("error: unknown error");
+                        }
+                        else
+                        {
+                            auto subject = "Your TB Account Was Banned";
+                            auto body = "Hello " + std::string(ainfo.nickname) +
+                                ", your TB account was automatically banned as you attempted to change your username "
+                                "but provided the wrong 2FA token " + std::to_string(maxAttempts) +
+                                " consecutive times! Contact support for help.";
+
+                            server.emailDispatcher.sendEmailAsync(
+                                { decryptedEmail.value() }, subject, body,
+                                [accountId = ainfo.accountID, &scheduler, this]() {
+                                    scheduler.immediatePersist(std::source_location::current(),
+                                    &Main::Persistence::PersistentDatabase::logGameEvent,
+                                    "EmailUsernameChange",
+                                    "Failed to send account ban email for accountID: " + std::to_string(accountId),
+                                    "HIGH");
+                                });
+                        }
+                        return;
+                    }
+
+                    session->sendMessage("error: invalid 2FA token");
+                    return;
+                }
+
+                bool success = scheduler.immediatePersist(std::source_location::current(),
+                    &Main::Persistence::PersistentDatabase::updateUsernameByAid,
+                    ainfo.accountID, m_newUsername, ainfo.nickname); 
+
+                if (!success)
+                {
+                    session->sendMessage("error: failed to update username");
+                    return;
+                }
+
+                session->m_totalWrongUsernameChange = 0;
+                session->m_totalWrong2FaUsernameChange = 0;
+
+
+                auto subject = "Your ToyBattles Username Has Been Changed";
+                auto body = "Hello " + m_newUsername + ",\n\n"
+                    "Your username has been successfully changed " +
+                    "' to '" + m_newUsername + "'.\n\n"
+                    "If you did not make this change, please contact support immediately.\n\n"
+                    "Regards,\nToyBattles Team";
+
+                server.emailDispatcher.sendEmailAsync(
+                    { decryptedEmail.value() }, subject, body,
+                    [accountId = ainfo.accountID, &scheduler, this]() {
+                        scheduler.immediatePersist(std::source_location::current(),
+                        &Main::Persistence::PersistentDatabase::logGameEvent,
+                        "EmailUsernameChange",
+                        "Failed to send username change confirmation email for accountID: " +
+                        std::to_string(accountId), "MEDIUM");
+                    });
+
+                session->sendMessage("success: your username has been changed to '" + m_newUsername + "'. You will need to relog with your new username.");
+            }
+        };
+
+        REGISTER_CMD(ChangeUsername, Common::Enums::PlayerGrade::GRADE_NORMAL)
+    };
+}
+
+#endif
@@ -51,6 +51,8 @@ namespace Main
 			bool m_isInvisible{};
 
 			std::uint32_t m_totalWrongPasswordReset{};
+			std::uint32_t m_totalWrong2FaUsernameChange{};
+			std::uint32_t m_totalWrongUsernameChange{};
 			std::uint32_t m_totalWrong2FaReset{};
 
 			std::string m_hwid{ "" };