DataHandler.AccountsWithSessions

A more robust account system with token verification, session checks, expiries, etc.

Types

ActiveSession

Represents a user’s active session record.

  • Properties:

    • string Username — User’s name.
    • string SessionID — Unique session identifier.
    • string SessionKey — Encrypted session key.
    • string Expiry — UTC expiry timestamp in ISO-8601 ("o") format.
    • string IsTrusted — Encrypted payload of Expiry|IsTrustedFlag.
    • string ChecksAndLastTry — Encrypted payload of FailedRecoveryCount|LastAttemptUtc.

  • Constructors:
    ActiveSession() { }
    ActiveSession(string username,
    string sessionID,
    string sessionKey,
    string expiry,
    string isTrusted,
    string checksAndLastTry)

ConnectedSessionReturn

Encapsulates the decrypted session details returned to the caller.

  • Properties (all SecureData):

    • Username
    • SessionKey
    • SessionID
    • Directory — Path to the user-data directory.

  • Constructors:
    ConnectedSessionReturn() { }
    ConnectedSessionReturn(string username,
    string sessionKey,
    string sessionID,
    SecureData directory)

ReturnCreateUser

Holds both the initial session info and recovery key when creating a new user.

  • Properties:

    • ConnectedSessionReturn sessionReturn
    • SecureData RecoveryKey

  • Constructors:
    ReturnCreateUser() { }
    ReturnCreateUser(ConnectedSessionReturn sessionReturn,
    SecureData recoveryKey)

SecuritySettings

Global configuration for session lifetimes and recovery policies.

  • Properties (static):

    • SecureData PublicKey — Key used to encrypt session store.
    • double ExpiryDuration — Untrusted session lifetime in minutes (default 540).
    • double TrustedExpiryDuration — Trusted session lifetime in minutes (default 20160).
    • int FailRecoveryCheck — Max allowed recovery failures before lockout (default 5).
    • double TimeToNextRecovery — Lockout duration in minutes (default 20).

  • Methods (static):

    • SetPublicKey(string newKey, bool makeReadOnly = true)
    • SetExpiryDuration(double minutes)
    • SetTrustedExpiryDuration(double minutes)
    • SetFailRecoveryCheck(int count)
    • SetTimeToNextRecovery(double minutes)

AccountData

Same as in Accounts, stores per-user credentials and encryption keys.

  • Properties:

    • string Username
    • PasswordCheckData Password
    • string DataEncryptionKey
    • string RecoveryDataKey

  • Constructors:
    AccountData() { }
    AccountData(string username,
    PasswordCheckData password,
    string dataEncryptionKey,
    string recoveryDataKey)

Methods

SetupFiles(string directory)

Initializes Users.json with empty AccountsList and empty Sessions arrays.

  • Parameters:

    • directory: Path to the folder for Users.json.

  • Returns: Task

CreateUser(string username, SecureData password, string Directory)

Registers a new user and returns a recovery key.

  • Steps:

    1. Load existing AccountsList.
    2. Ensure username is unique.
    3. Hash password (PasswordHandler).
    4. Generate a random data-encryption key & recovery key.
    5. Encrypt data key under password, and recovery key under data key.
    6. Append new AccountData, save JSON.

  • Returns: Task — The recovery key.

  • Exceptions: If username already exists.

LoginUser(string username, string Directory, SecureData password, bool IsTrusted)

Authenticates credentials and creates a new session.

  • Parameters:

    • username, Directory, password, IsTrusted flag.

  • Process:

    1. Validate via private LoginCore.
    2. Generate sessionKey & sessionID.
    3. Encrypt sessionKey under data key.
    4. Compute expiry based on IsTrusted.
    5. Encrypt IsTrusted|expiry and initial ChecksAndLastTry.
    6. Append new ActiveSession to Sessions array, save JSON.

  • Returns: Task<(SecureData dataKey, ConnectedSessionReturn sessionInfo)>

  • Exceptions: On invalid credentials or I/O errors.

ValidateSession(ConnectedSessionReturn connSession, SecureData decryptKey)

Checks session validity, expiry, and integrity; extends expiry if valid.

  • Parameters:

    • connSession: Decrypted session info.
    • decryptKey: Data-encryption key from login.

  • Process:

    1. Load Sessions and locate matching record.
    2. If expired, remove it, save JSON, return false.
    3. Decrypt and verify SessionKey and IsTrusted|expiry consistency.
    4. If tampered, remove and throw exception.
    5. Extend expiry, update encrypted session record, save JSON.
    6. Return true.

  • Exceptions: On tampering or parsing errors.

LogoutUser(ConnectedSessionReturn connSession, SecureData decryptKey)

Invalidates a session immediately.

  • Process: Calls ValidateSession (throws if invalid), then removes the session record and saves JSON.

  • Returns: Task

RemoveAccount(ConnectedSessionReturn connSession, SecureData decryptKey)

Deletes a user account and all its sessions.

  • Process:

    1. Validate session and logout.
    2. Remove the matching AccountData from AccountsList.
    3. Save JSON.

  • Returns: Task

ResetPassword(ConnectedSessionReturn connSession, SecureData decryptKey, SecureData NewPassword, SecureData RecoveryPass)

Allows password reset from within an active session, enforcing recovery-policy limits.

  • Process:

    1. Validate session.
    2. Load AccountData and matching ActiveSession.
    3. Decrypt ChecksAndLastTry and RecoveryDataKey.
    4. Enforce failure count & lockout timings.
    5. Generate new password hash, encryption key & recovery key.
    6. Update AccountData, reset ChecksAndLastTry.
    7. Invalidate existing session(s), save JSON.

  • Returns: Task

  • Exceptions: On recovery key failures or policy triggers.

GetAllUsernames(ConnectedSessionReturn connSession, SecureData decryptKey)

Returns the list of all registered usernames.

  • Parameters:

    • connSession, decryptKey.

  • Returns: Task<List>