Email Enforcement

ProjectLighthouse.Localization/BaseLayout.resx

@@ -93,4 +93,13 @@
     <data name="read_only_warn" xml:space="preserve">
         <value>This instance is currently in read-only mode. Level and photo uploads, comments, reviews, and certain profile changes will be restricted until read-only mode is disabled.</value>
     </data>
+    <data name="email_enforcement_message_main" xml:space="preserve">
+        <value>This instance has email enforcement enabled. If you haven't already, you will need to set and verify an email address to use most features.</value>
+    </data>
+    <data name="email_enforcement_message_no_email" xml:space="preserve">
+        <value>You do not have an email set on your account. You can set an email by opening the text chat and typing "/setemail [youremail@example.com]" (do not include the brackets.)</value>
+    </data>
+    <data name="email_enforcement_message_verify_email" xml:space="preserve">
+        <value>You have set an email address on your account, but you have not verified it. Make sure to check your inbox for a verification email. If you have not recieved an email, please contact an instance administrator for further assistance.</value>
+    </data>
 </root>

ProjectLighthouse.Localization/StringLists/BaseLayoutStrings.cs

@@ -26,5 +26,10 @@ public static class BaseLayoutStrings
     public static readonly TranslatableString ReadOnlyWarnTitle = create("read_only_warn_title");
     public static readonly TranslatableString ReadOnlyWarn = create("read_only_warn");
 
+    public static readonly TranslatableString EmailEnforcementWarnMain = create("email_enforcement_message_main");
+    public static readonly TranslatableString EmailEnforcementWarnNoEmail = create("email_enforcement_message_no_email");
+    public static readonly TranslatableString EmailEnforcementWarnVerifyEmail = create("email_enforcement_message_verify_email");
+
+
     private static TranslatableString create(string key) => new(TranslationAreas.BaseLayout, key);
 }

ProjectLighthouse.Servers.GameServer/Controllers/CommentController.cs

@@ -1,4 +1,4 @@
 #nullable enable
 using LBPUnion.ProjectLighthouse.Configuration;
 using LBPUnion.ProjectLighthouse.Database;
 using LBPUnion.ProjectLighthouse.Extensions;
@@ -22,7 +22,7 @@
 public class CommentController : ControllerBase
 {
     private readonly DatabaseContext database;
     public CommentController(DatabaseContext database)
     {
         this.database = database;
     }
@@ -49,7 +49,7 @@
         GameTokenEntity token = this.GetToken();
 
         UserEntity? user = await this.database.UserFromGameToken(token);
-        if (user == null) return this.Unauthorized();
+        if (user == null) return this.Forbid();
 
         if ((slotId == 0 || SlotHelper.IsTypeInvalid(slotType)) == (username == null)) return this.BadRequest();
 
@@ -97,7 +97,7 @@
             .ApplyPagination(pageData)
             .ToListAsync()).ToSerializableList(c => GameComment.CreateFromEntity(c, token.UserId));
 
-        if (type == CommentType.Level && slotType == "developer" && user.IsModerator && pageData.PageStart == 1)
+        if (type == CommentType.Level && slotType == "developer" && user.IsModerator && pageData.PageStart == 1) 
         {
             comments.Insert(0, new GameComment
             {

ProjectLighthouse.Servers.GameServer/Controllers/Matching/EnterLevelController.cs

@@ -1,9 +1,10 @@
 #nullable enable
 using LBPUnion.ProjectLighthouse.Database;
 using LBPUnion.ProjectLighthouse.Extensions;
 using LBPUnion.ProjectLighthouse.Helpers;
 using LBPUnion.ProjectLighthouse.Types.Entities.Interaction;
 using LBPUnion.ProjectLighthouse.Types.Entities.Level;
+using LBPUnion.ProjectLighthouse.Types.Entities.Profile;
 using LBPUnion.ProjectLighthouse.Types.Entities.Token;
 using LBPUnion.ProjectLighthouse.Types.Users;
 using Microsoft.AspNetCore.Authorization;
@@ -20,7 +21,7 @@
 {
     private readonly DatabaseContext database;
 
     public EnterLevelController(DatabaseContext database)
     {
         this.database = database;
     }
@@ -100,6 +101,9 @@
     {
         GameTokenEntity token = this.GetToken();
 
+        UserEntity? user = await this.database.UserFromGameToken(token);
+        if (user == null) return this.Unauthorized();
+
         if (SlotHelper.IsTypeInvalid(slotType)) return this.BadRequest();
 
         if (slotType == "developer") return this.Ok();

ProjectLighthouse.Servers.GameServer/Controllers/Matching/MatchController.cs

@@ -1,4 +1,4 @@
 #nullable enable
 using System.Text.Json;
 using LBPUnion.ProjectLighthouse.Configuration;
 using LBPUnion.ProjectLighthouse.Database;
@@ -25,7 +25,7 @@
 {
     private readonly DatabaseContext database;
 
     public MatchController(DatabaseContext database)
     {
         this.database = database;
     }
@@ -41,7 +41,7 @@
         GameTokenEntity token = this.GetToken();
 
         UserEntity? user = await this.database.UserFromGameToken(token);
-        if (user == null) return this.Forbid();
+        if (user == null) return this.Unauthorized();
 
         await LastContactHelper.SetLastContact(this.database, user, token.GameVersion, token.Platform);
 
@@ -112,7 +112,7 @@
             }
             case CreateRoom createRoom:
             {
                 List<int> users = new();
                 foreach (string playerUsername in createRoom.Players)
                 {
                     UserEntity? player = await this.database.Users.FirstOrDefaultAsync(u => u.Username == playerUsername);
@@ -131,7 +131,7 @@
 
                 if (room != null)
                 {
                     List<UserEntity> users = new();
                     foreach (string playerUsername in updatePlayersInRoom.Players)
                     {
                         UserEntity? player = await this.database.Users.FirstOrDefaultAsync(u => u.Username == playerUsername);

ProjectLighthouse.Servers.GameServer/Controllers/MessageController.cs

@@ -42,7 +42,7 @@
 You should have received a copy of the GNU Affero General Public License
 along with this program.  If not, see <https://www.gnu.org/licenses/>.";
 
     public MessageController(DatabaseContext database)
     {
         this.database = database;
     }
@@ -55,16 +55,31 @@
     {
         GameTokenEntity token = this.GetToken();
 
-        string username = await this.database.UsernameFromGameToken(token);
+        UserEntity? user = await this.database.UserFromGameToken(token);
+        if (user == null) return this.BadRequest();
 
         StringBuilder announceText = new(ServerConfiguration.Instance.AnnounceText);
 
-        announceText.Replace("%user", username);
+        announceText.Replace("%user", user.Username);
         announceText.Replace("%id", token.UserId.ToString());
 
         if (ServerConfiguration.Instance.UserGeneratedContentLimits.ReadOnlyMode)
         {
-            announceText.Insert(0, BaseLayoutStrings.ReadOnlyWarn.Translate(LocalizationManager.DefaultLang) + "\n\n");
+            announceText.Append(BaseLayoutStrings.ReadOnlyWarn.Translate(LocalizationManager.DefaultLang) + "\n\n");
+        }
+
+        if (ServerConfiguration.Instance.EmailEnforcement.EnableEmailEnforcement)
+        {
+            announceText.Append("\n\n" + BaseLayoutStrings.EmailEnforcementWarnMain.Translate(LocalizationManager.DefaultLang) + "\n\n");
+
+            if (user.EmailAddress == null)
+            {
+                announceText.Append(BaseLayoutStrings.EmailEnforcementWarnNoEmail.Translate(LocalizationManager.DefaultLang) + "\n\n");
+            }
+            else if (!user.EmailAddressVerified)
+            {
+                announceText.Append(BaseLayoutStrings.EmailEnforcementWarnVerifyEmail.Translate(LocalizationManager.DefaultLang) + "\n\n");
+            }
         }
 
         #if DEBUG
@@ -72,7 +87,7 @@
                                   $"user.UserId: {token.UserId}\n" +
                                   $"token.GameVersion: {token.GameVersion}\n" +
                                   $"token.TicketHash: {token.TicketHash}\n" +
                                   $"token.ExpiresAt: {token.ExpiresAt.ToString()}\n" +
                                   "---DEBUG INFO---");
         #endif
 
@@ -128,13 +143,13 @@
 
         if (message.StartsWith("/setemail ") && ServerConfiguration.Instance.Mail.MailEnabled)
         {
             string email = message[(message.IndexOf(" ", StringComparison.Ordinal)+1)..];
-            if (!SanitizationHelper.IsValidEmail(email)) return this.Ok();
 
-            if (await this.database.Users.AnyAsync(u => u.EmailAddress == email)) return this.Ok();
+            // Return a bad request on invalid email address
+            if (!SMTPHelper.IsValidEmail(this.database, email)) return this.BadRequest();
 
             UserEntity? user = await this.database.UserFromGameToken(token);
-            if (user == null || user.EmailAddressVerified) return this.Ok();
+            if (user == null || user.EmailAddressVerified) return this.BadRequest();
 
             user.EmailAddress = email;
             await SMTPHelper.SendVerificationEmail(this.database, mailService, user);

ProjectLighthouse.Servers.GameServer/Controllers/Resources/PhotosController.cs

@@ -1,4 +1,4 @@
 #nullable enable
 using Discord;
 using LBPUnion.ProjectLighthouse.Configuration;
 using LBPUnion.ProjectLighthouse.Database;
@@ -27,7 +27,7 @@
 {
     private readonly DatabaseContext database;
 
     public PhotosController(DatabaseContext database)
     {
         this.database = database;
     }
@@ -174,7 +174,6 @@
     [HttpGet("photos/{slotType}/{id:int}")]
     public async Task<IActionResult> SlotPhotos(string slotType, int id, [FromQuery] string? by)
     {
-
         if (SlotHelper.IsTypeInvalid(slotType)) return this.BadRequest();
 
         if (slotType == "developer") id = await SlotHelper.GetPlaceholderSlotId(this.database, id, SlotType.Developer);
@@ -202,7 +201,6 @@
     [HttpGet("photos/by")]
     public async Task<IActionResult> UserPhotosBy(string user)
     {
-
         int targetUserId = await this.database.UserIdFromUsername(user);
         if (targetUserId == 0) return this.NotFound();
 

ProjectLighthouse.Servers.GameServer/Controllers/Resources/ResourcesController.cs

@@ -1,4 +1,4 @@
 #nullable enable
 using System.Text;
 using LBPUnion.ProjectLighthouse.Configuration;
 using LBPUnion.ProjectLighthouse.Extensions;
@@ -19,7 +19,6 @@
 [Route("LITTLEBIGPLANETPS3_XML")]
 public class ResourcesController : ControllerBase
 {
-
     [HttpPost("showModerated")]
     public IActionResult ShowModerated() => this.Ok(new ResourceList());
 

ProjectLighthouse.Servers.GameServer/Controllers/Slots/CategoryController.cs

@@ -27,7 +27,7 @@
 {
     private readonly DatabaseContext database;
 
     public CategoryController(DatabaseContext database)
     {
         this.database = database;
     }
@@ -38,16 +38,13 @@
     {
         GameTokenEntity token = this.GetToken();
 
-        UserEntity? user = await this.database.UserFromGameToken(token);
-        if (user == null) return this.Forbid();
-
         PaginationData pageData = this.Request.GetPaginationData();
 
         pageData.TotalElements = CategoryHelper.Categories.Count(c => !string.IsNullOrWhiteSpace(c.Name));
 
         if (!int.TryParse(this.Request.Query["num_categories_with_results"], out int results)) results = 5;
 
         List<GameCategory> categories = new();
 
         SlotQueryBuilder queryBuilder = this.FilterFromRequest(token);
 
@@ -72,9 +69,6 @@
     {
         GameTokenEntity token = this.GetToken();
 
-        UserEntity? user = await this.database.UserFromGameToken(token);
-        if (user == null) return this.Forbid();
-
         Category? category = CategoryHelper.Categories.FirstOrDefault(c => c.Endpoint == endpointName);
         if (category == null) return this.NotFound();
 

ProjectLighthouse.Servers.GameServer/Controllers/Slots/PublishController.cs

@@ -28,7 +28,7 @@
 {
     private readonly DatabaseContext database;
 
     public PublishController(DatabaseContext database)
     {
         this.database = database;
     }
@@ -40,7 +40,7 @@
     public async Task<IActionResult> StartPublish()
     {
         GameTokenEntity token = this.GetToken();
-
+        
         UserEntity? user = await this.database.UserFromGameToken(token);
         if (user == null) return this.Forbid();
 
@@ -64,7 +64,7 @@
             return this.BadRequest();
         }
 
         if (slot.Resources?.Length == 0) slot.Resources = new[]{slot.RootLevel,};
 
         if (slot.Resources == null)
         {
@@ -100,7 +100,7 @@
             return this.Forbid();
         }
 
         HashSet<string> resources = new(slot.Resources)
         {
             slot.IconHash,
         };

ProjectLighthouse.Servers.GameServer/Controllers/UserController.cs

@@ -29,14 +29,14 @@
 {
     private readonly DatabaseContext database;
 
     public UserController(DatabaseContext database)
     {
         this.database = database;
     }
 
     [HttpGet("user/{username}")]
     public async Task<IActionResult> GetUser(string username)
-    {
+    { 
         UserEntity? user = await this.database.Users.FirstOrDefaultAsync(u => u.Username == username);
         if (user == null) return this.NotFound();
 
@@ -46,7 +46,7 @@
     [HttpGet("users")]
     public async Task<IActionResult> GetUserAlt([FromQuery(Name = "u")] string[] userList)
     {
         List<MinimalUserProfile> minimalUserList = new();
         foreach (string username in userList)
         {
             MinimalUserProfile? profile = await this.database.Users.Where(u => u.Username == username)

ProjectLighthouse.Servers.GameServer/Middlewares/EmailEnforcementMiddleware.cs

@@ -0,0 +1,62 @@
+using LBPUnion.ProjectLighthouse.Configuration;
+using LBPUnion.ProjectLighthouse.Database;
+using LBPUnion.ProjectLighthouse.Middlewares;
+using LBPUnion.ProjectLighthouse.Types.Entities.Profile;
+using LBPUnion.ProjectLighthouse.Types.Entities.Token;
+
+namespace LBPUnion.ProjectLighthouse.Servers.GameServer.Middlewares;
+
+public class EmailEnforcementMiddleware : MiddlewareDBContext
+{
+    private static readonly HashSet<string> enforcedPaths = ServerConfiguration.Instance.EmailEnforcement.BlockedEndpoints;
+
+    public EmailEnforcementMiddleware(RequestDelegate next) : base(next)
+    { }
+
+    public override async Task InvokeAsync(HttpContext context, DatabaseContext database)
+    {
+        if (ServerConfiguration.Instance.EmailEnforcement.EnableEmailEnforcement)
+        { 
+            // Split path into segments
+            string[] pathSegments = context.Request.Path.ToString().Split("/", StringSplitOptions.RemoveEmptyEntries);
+
+            if (pathSegments[0] == "LITTLEBIGPLANETPS3_XML")
+            {
+                // Get user via GameToken
+                GameTokenEntity? token = await database.GameTokenFromRequest(context.Request);
+                UserEntity? user = await database.UserFromGameToken(token);
+
+                // Check second part of path to see if client is within an enforced path
+                // This could probably be reworked, seeing as you may want to check for a deeper sub-path
+                // But it should be perfectly fine for now
+                if (enforcedPaths.Contains(pathSegments[1]))
+                {
+                    // Check if user is valid, don't want any exceptions
+                    if (user == null)
+                    {
+                        // Send bad request status
+                        context.Response.StatusCode = StatusCodes.Status403Forbidden;
+                        await context.Response.WriteAsync("Not a valid user");
+
+                        // Don't go to next in pipeline
+                        return;
+                    }
+
+                    // Check if email is there and verified
+                    if (!user.EmailAddressVerified || user.EmailAddress == null)
+                    {
+                        // Send bad request status
+                        context.Response.StatusCode = StatusCodes.Status400BadRequest;
+                        await context.Response.WriteAsync("Invalid user email address");
+
+                        // Don't go to next in pipeline
+                        return;
+                    }
+                }
+            }
+        }
+
+        // Go to next in pipeline
+        await this.next(context);
+    }
+}

ProjectLighthouse.Servers.GameServer/Startup/GameServerStartup.cs

@@ -19,7 +19,7 @@
 
 public class GameServerStartup
 {
     public GameServerStartup(IConfiguration configuration)
     {
         this.Configuration = configuration;
     }
@@ -107,6 +107,7 @@
         app.UseMiddleware<RateLimitMiddleware>();
         app.UseMiddleware<DigestMiddleware>(computeDigests);
         app.UseMiddleware<SetLastContactMiddleware>();
+        app.UseMiddleware<EmailEnforcementMiddleware>();
 
         app.UseRouting();
 

ProjectLighthouse.Servers.Website/Pages/Email/SetEmailForm.cshtml.cs

@@ -1,4 +1,4 @@
 #nullable enable
 using System.Diagnostics.CodeAnalysis;
 using LBPUnion.ProjectLighthouse.Configuration;
 using LBPUnion.ProjectLighthouse.Database;
@@ -14,7 +14,7 @@
 
 public class SetEmailForm : BaseLayout
 {
     public SetEmailForm(DatabaseContext database) : base(database)
     {}
 
     public string? Error { get; private set; }
@@ -39,13 +39,13 @@
         UserEntity? user = await this.Database.Users.FirstOrDefaultAsync(u => u.UserId == token.UserId);
         if (user == null) return this.Redirect("~/login");
 
-        if (!SanitizationHelper.IsValidEmail(emailAddress))
+        if (!SMTPHelper.IsValidEmail(this.Database, emailAddress))
         {
             this.Error = this.Translate(ErrorStrings.EmailInvalid);
             return this.Page();
         }
 
         if (await this.Database.Users.AnyAsync(u => u.EmailAddress != null && u.EmailAddress.ToLower() == emailAddress.ToLower()))
         {
             this.Error = this.Translate(ErrorStrings.EmailTaken);
             return this.Page();

ProjectLighthouse.Servers.Website/Pages/Login/PasswordResetRequestForm.cshtml.cs

@@ -18,7 +18,7 @@
 
     public string? Status { get; private set; }
 
     public PasswordResetRequestForm(DatabaseContext database, IMailService mail) : base(database)
     {
         this.Mail = mail;
     }
@@ -38,9 +38,9 @@
             return this.Page();
         }
 
-        if (!SanitizationHelper.IsValidEmail(email))
+        if (!SMTPHelper.IsValidEmail(this.Database, email))
         {
-            this.Error = "This email is in an invalid format";
+            this.Error = "This email is invalid";
             return this.Page();
         }
 

ProjectLighthouse.Servers.Website/Pages/UserSettingsPage.cshtml.cs

@@ -1,4 +1,4 @@
 #nullable enable
 using System.Diagnostics.CodeAnalysis;
 using LBPUnion.ProjectLighthouse.Configuration;
 using LBPUnion.ProjectLighthouse.Database;
@@ -17,7 +17,7 @@
 {
 
     public UserEntity? ProfileUser;
     public UserSettingsPage(DatabaseContext database) : base(database)
     {}
 
     [SuppressMessage("ReSharper", "SpecifyStringComparison")]
@@ -64,18 +64,14 @@
             }
         }
 
-        if (ServerConfiguration.Instance.Mail.MailEnabled &&
-            SanitizationHelper.IsValidEmail(email) &&
+        if (ServerConfiguration.Instance.Mail.MailEnabled && 
+            email != null && SMTPHelper.IsValidEmail(this.Database, email) &&
             (this.User == this.ProfileUser || this.User.IsAdmin))
         {
-            // if email hasn't already been used
-            if (!await this.Database.Users.AnyAsync(u => u.EmailAddress != null && u.EmailAddress.ToLower() == email!.ToLower()))
+            if (this.ProfileUser.EmailAddress != email)
             {
-                if (this.ProfileUser.EmailAddress != email)
-                {
-                    this.ProfileUser.EmailAddress = email;
-                    this.ProfileUser.EmailAddressVerified = false;
-                }
+                this.ProfileUser.EmailAddress = email;
+                this.ProfileUser.EmailAddressVerified = false;
             }
         }
 

ProjectLighthouse.Tests.GameApiTests/Unit/Controllers/MessageControllerTests.cs

@@ -136,7 +136,7 @@
         messageController.SetupTestController(request);
 
         CensorConfiguration.Instance.UserInputFilterMode = FilterMode.Asterisks;
         CensorConfiguration.Instance.FilteredWordList = new List<string>
         {
             "bruh",
         };
@@ -167,7 +167,7 @@
         messageController.SetupTestController(request);
 
         ServerConfiguration.Instance.Mail.MailEnabled = false;
         CensorConfiguration.Instance.FilteredWordList = new List<string>();
 
         const string expected = "/setemail unittest@unittest.com";
 
@@ -203,7 +203,7 @@
     [Fact]
     public async Task Filter_ShouldNotSendEmail_WhenMailEnabled_AndEmailTaken()
     {
         List<UserEntity> users = new()
         {
             new UserEntity
             {
@@ -224,7 +224,7 @@
 
         IActionResult result = await messageController.Filter(mailMock.Object);
 
-        Assert.IsType<OkResult>(result);
+        Assert.IsType<BadRequestResult>(result);
         mailMock.Verify(x => x.SendEmailAsync(It.IsAny<string>(), It.IsAny<string>(), It.IsAny<string>()), Times.Never);
     }
 
@@ -249,7 +249,7 @@
 
         IActionResult result = await messageController.Filter(mailMock.Object);
 
-        Assert.IsType<OkResult>(result);
+        Assert.IsType<BadRequestResult>(result);
         mailMock.Verify(x => x.SendEmailAsync(It.IsAny<string>(), It.IsAny<string>(), It.IsAny<string>()), Times.Never);
     }
 
@@ -271,7 +271,7 @@
 
         IActionResult result = await messageController.Filter(mailMock.Object);
 
-        Assert.IsType<OkResult>(result);
+        Assert.IsType<BadRequestResult>(result);
         mailMock.Verify(x => x.SendEmailAsync(It.IsAny<string>(), It.IsAny<string>(), It.IsAny<string>()), Times.Never);
     }
 }