From 1f7c7fa192907d90a0ef6bbfbfe770a1e2fffa08 Mon Sep 17 00:00:00 2001
From: Thorbjørn Lindeijer <bjorn@lindeijer.nl>
Date: Tue, 16 May 2023 16:45:39 +0200
Subject: Allow account email to be null in the database

When using login with Stellar, the email address remains empty. This was
causing issues since the email is also required to be unique, in effect
only a single Stellar account could exist.

Resolved this by allowing the email column to be null, since the unique
requirement does not cover null values. An empty email will now be
stored as null value.

For non-Stellar logins, an email address is still required.
---
 src/account-server/accounthandler.cpp | 63 +++++++++++++++++++----------------
 src/account-server/storage.cpp        |  9 +++--
 2 files changed, 42 insertions(+), 30 deletions(-)

(limited to 'src/account-server')

diff --git a/src/account-server/accounthandler.cpp b/src/account-server/accounthandler.cpp
index 4a4c73cf..e8161fcd 100644
--- a/src/account-server/accounthandler.cpp
+++ b/src/account-server/accounthandler.cpp
@@ -591,23 +591,28 @@ void AccountHandler::handleRegisterMessage(AccountClient &client,
     {
         reply.writeInt8(REGISTER_EXISTS_USERNAME);
     }
-    else if (storage->doesEmailAddressExist(sha256(email)))
-    {
-        reply.writeInt8(REGISTER_EXISTS_EMAIL);
-    }
-    else if (!checkCaptcha(client, captcha))
-    {
-        reply.writeInt8(REGISTER_CAPTCHA_WRONG);
-    }
     else
     {
         // We hash email server-side for additional privacy. We ask for it again
         // when we need it and verify it through comparing it with the hash.
-        client.setAccount(createAccount(username, sha256(password), sha256(email)));
-        client.status = CLIENT_CONNECTED;
+        const std::string emailHash = email.empty() ? std::string() : sha256(email);
 
-        reply.writeInt8(ERRMSG_OK);
-        addServerInfo(reply);
+        if (storage->doesEmailAddressExist(emailHash))
+        {
+            reply.writeInt8(REGISTER_EXISTS_EMAIL);
+        }
+        else if (!checkCaptcha(client, captcha))
+        {
+            reply.writeInt8(REGISTER_CAPTCHA_WRONG);
+        }
+        else
+        {
+            client.setAccount(createAccount(username, sha256(password), emailHash));
+            client.status = CLIENT_CONNECTED;
+
+            reply.writeInt8(ERRMSG_OK);
+            addServerInfo(reply);
+        }
     }
 
     client.send(reply);
@@ -692,27 +697,29 @@ void AccountHandler::handleEmailChangeMessage(AccountClient &client,
     }
 
     const std::string email = msg.readString();
-    const std::string emailHash = sha256(email);
 
-    if (!stringFilter->isEmailValid(email))
-    {
-        reply.writeInt8(ERRMSG_INVALID_ARGUMENT);
-    }
-    else if (stringFilter->findDoubleQuotes(email))
+    if (!stringFilter->isEmailValid(email)
+        || stringFilter->findDoubleQuotes(email))
     {
         reply.writeInt8(ERRMSG_INVALID_ARGUMENT);
     }
-    else if (storage->doesEmailAddressExist(emailHash))
-    {
-        reply.writeInt8(ERRMSG_EMAIL_ALREADY_EXISTS);
-    }
     else
     {
-        acc->setEmail(emailHash);
-        // Keep the database up to date otherwise we will go out of sync
-        storage->flush(*acc);
-        reply.writeInt8(ERRMSG_OK);
+        const std::string emailHash = email.empty() ? std::string() : sha256(email);
+
+        if (storage->doesEmailAddressExist(emailHash))
+        {
+            reply.writeInt8(ERRMSG_EMAIL_ALREADY_EXISTS);
+        }
+        else
+        {
+            acc->setEmail(emailHash);
+            // Keep the database up to date otherwise we will go out of sync
+            storage->flush(*acc);
+            reply.writeInt8(ERRMSG_OK);
+        }
     }
+
     client.send(reply);
 }
 
@@ -996,7 +1003,7 @@ void AccountHandler::handleCharacterDeleteMessage(AccountClient &client,
     }
 
     const std::string &characterName = chars[slot]->getName();
-    LOG_INFO("Character deleted:" << characterName);
+    LOG_INFO("Character deleted: " << characterName);
 
     // Log transaction
     Transaction trans;
@@ -1110,7 +1117,7 @@ void AccountHandler::handleStellarLogin(const std::string &token, const std::str
     }
     else
     {
-        // On-demand account creation for public keys
+        // On-demand account creation, using the public key as username.
         acc = createAccount(pubKey, std::string(), std::string());
 
         LOG_INFO("Stellar login: Created account for public key " << pubKey << ", ID " << acc->getID());
diff --git a/src/account-server/storage.cpp b/src/account-server/storage.cpp
index a1270dca..38c37935 100644
--- a/src/account-server/storage.cpp
+++ b/src/account-server/storage.cpp
@@ -610,6 +610,9 @@ bool Storage::doesUserNameExist(const std::string &name)
 
 bool Storage::doesEmailAddressExist(const std::string &email)
 {
+    if (email.empty())
+        return false;
+
     try
     {
         std::ostringstream sql;
@@ -910,7 +913,8 @@ void Storage::addAccount(Account &account)
         {
             mDb->bindValue(1, account.getName());
             mDb->bindValue(2, account.getPassword());
-            mDb->bindValue(3, account.getEmail());
+            if (!account.getEmail().empty())
+                mDb->bindValue(3, account.getEmail());
 
             mDb->processSql();
             account.setID(mDb->getLastId());
@@ -948,7 +952,8 @@ void Storage::flush(Account &account)
         {
             mDb->bindValue(1, account.getName());
             mDb->bindValue(2, account.getPassword());
-            mDb->bindValue(3, account.getEmail());
+            if (!account.getEmail().empty())
+                mDb->bindValue(3, account.getEmail());
             mDb->bindValue(4, account.getLevel());
             mDb->bindValue(5, account.getLastLogin());
             mDb->bindValue(6, account.getID());
-- 
cgit v1.2.3-60-g2f50