DataHandler.AccountsWithSessions

Properties:

• string Username — User’s name.
• string SessionID — Unique session identifier.
• string SessionKey — Encrypted session key.
• string Expiry — UTC expiry timestamp in ISO-8601 ("o") format.
• string IsTrusted — Encrypted payload of Expiry|IsTrustedFlag.
• string ChecksAndLastTry — Encrypted payload of FailedRecoveryCount|LastAttemptUtc.

Constructors:
ActiveSession() { }
ActiveSession(string username,
string sessionID,
string sessionKey,
string expiry,
string isTrusted,
string checksAndLastTry)

Properties (all SecureData):

• Username
• SessionKey
• SessionID
• Directory — Path to the user-data directory.

Constructors:
ConnectedSessionReturn() { }
ConnectedSessionReturn(string username,
string sessionKey,
string sessionID,
SecureData directory)

Properties:

• ConnectedSessionReturn sessionReturn
• SecureData RecoveryKey

Constructors:
ReturnCreateUser() { }
ReturnCreateUser(ConnectedSessionReturn sessionReturn,
SecureData recoveryKey)

Properties (static):

• SecureData PublicKey — Key used to encrypt session store.
• double ExpiryDuration — Untrusted session lifetime in minutes (default 540).
• double TrustedExpiryDuration — Trusted session lifetime in minutes (default 20160).
• int FailRecoveryCheck — Max allowed recovery failures before lockout (default 5).
• double TimeToNextRecovery — Lockout duration in minutes (default 20).

Methods (static):

• SetPublicKey(string newKey, bool makeReadOnly = true)
• SetExpiryDuration(double minutes)
• SetTrustedExpiryDuration(double minutes)
• SetFailRecoveryCheck(int count)
• SetTimeToNextRecovery(double minutes)

Properties:

• string Username
• PasswordCheckData Password
• string DataEncryptionKey
• string RecoveryDataKey

Constructors:
AccountData() { }
AccountData(string username,
PasswordCheckData password,
string dataEncryptionKey,
string recoveryDataKey)

Parameters:

• directory: Path to the folder for Users.json.

Returns: Task

Steps:

1. Load existing AccountsList.
2. Ensure username is unique.
3. Hash password (PasswordHandler).
4. Generate a random data-encryption key & recovery key.
5. Encrypt data key under password, and recovery key under data key.
6. Append new AccountData, save JSON.

Returns: Task — The recovery key.

Exceptions: If username already exists.

Parameters:

• username, Directory, password, IsTrusted flag.

Process:

1. Validate via private LoginCore.
2. Generate sessionKey & sessionID.
3. Encrypt sessionKey under data key.
4. Compute expiry based on IsTrusted.
5. Encrypt IsTrusted|expiry and initial ChecksAndLastTry.
6. Append new ActiveSession to Sessions array, save JSON.

Returns: Task<(SecureData dataKey, ConnectedSessionReturn sessionInfo)>

Exceptions: On invalid credentials or I/O errors.

Parameters:

• connSession: Decrypted session info.
• decryptKey: Data-encryption key from login.

Process:

1. Load Sessions and locate matching record.
2. If expired, remove it, save JSON, return false.
3. Decrypt and verify SessionKey and IsTrusted|expiry consistency.
4. If tampered, remove and throw exception.
5. Extend expiry, update encrypted session record, save JSON.
6. Return true.

Exceptions: On tampering or parsing errors.

Process: Calls ValidateSession (throws if invalid), then removes the session record and saves JSON.

Returns: Task

Process:

1. Validate session and logout.
2. Remove the matching AccountData from AccountsList.
3. Save JSON.

Returns: Task

Process:

1. Validate session.
2. Load AccountData and matching ActiveSession.
3. Decrypt ChecksAndLastTry and RecoveryDataKey.
4. Enforce failure count & lockout timings.
5. Generate new password hash, encryption key & recovery key.
6. Update AccountData, reset ChecksAndLastTry.
7. Invalidate existing session(s), save JSON.

Returns: Task

Exceptions: On recovery key failures or policy triggers.

Parameters:

• connSession, decryptKey.

Returns: Task<List>