diff --git a/src/cpp/HTTPInterface/AdminGroupsPage.cpp b/src/cpp/HTTPInterface/AdminGroupsPage.cpp index 7e38cfde2..ea2488e44 100644 --- a/src/cpp/HTTPInterface/AdminGroupsPage.cpp +++ b/src/cpp/HTTPInterface/AdminGroupsPage.cpp @@ -44,6 +44,7 @@ void AdminGroupsPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco: alias, form.get("group-name", ""), form.get("group-url", ""), + form.get("group-home", ""), form.get("group-desc", "") ); newGroup->getModel()->insertIntoDB(false); @@ -113,7 +114,7 @@ void AdminGroupsPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco: responseStream << "\t\t
"; // end include header_large.cpsp responseStream << "\n"; -#line 38 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\adminGroups.cpsp" +#line 39 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\adminGroups.cpsp" responseStream << ( getErrorsHtml() ); responseStream << "\n"; responseStream << "
\n"; @@ -127,39 +128,44 @@ void AdminGroupsPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco: responseStream << "\t\t\t\t
Name
\n"; responseStream << "\t\t\t\t
Alias
\n"; responseStream << "\t\t\t\t
Url
\n"; + responseStream << "\t\t\t\t
Home
\n"; responseStream << "\t\t\t\t
"; -#line 50 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\adminGroups.cpsp" +#line 52 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\adminGroups.cpsp" responseStream << ( gettext("Description") ); responseStream << "
\n"; responseStream << "\t\t\t
\n"; responseStream << "\t\t\t"; -#line 52 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\adminGroups.cpsp" +#line 54 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\adminGroups.cpsp" for(auto it = groups.begin(); it != groups.end(); it++) { auto group_model = (*it)->getModel(); responseStream << "\n"; responseStream << "\t\t\t\t
\n"; responseStream << "\t\t\t\t\t
"; -#line 55 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\adminGroups.cpsp" +#line 57 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\adminGroups.cpsp" responseStream << ( group_model->getID() ); responseStream << "
\n"; responseStream << "\t\t\t\t\t
"; -#line 56 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\adminGroups.cpsp" +#line 58 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\adminGroups.cpsp" responseStream << ( group_model->getName() ); responseStream << "
\n"; responseStream << "\t\t\t\t\t
"; -#line 57 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\adminGroups.cpsp" +#line 59 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\adminGroups.cpsp" responseStream << ( group_model->getAlias() ); responseStream << "
\n"; responseStream << "\t\t\t\t\t
"; -#line 58 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\adminGroups.cpsp" +#line 60 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\adminGroups.cpsp" responseStream << ( group_model->getUrl() ); responseStream << "
\n"; + responseStream << "\t\t\t\t\t
"; +#line 61 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\adminGroups.cpsp" + responseStream << ( group_model->getHome() ); + responseStream << "
\n"; responseStream << "\t\t\t\t\t
"; -#line 59 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\adminGroups.cpsp" +#line 62 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\adminGroups.cpsp" responseStream << ( group_model->getDescription()); responseStream << "
\n"; responseStream << "\t\t\t\t
\n"; responseStream << "\t\t\t"; -#line 61 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\adminGroups.cpsp" +#line 64 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\adminGroups.cpsp" } responseStream << "\n"; responseStream << "\t\t
\n"; responseStream << "\t\n"; @@ -174,13 +180,15 @@ void AdminGroupsPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco: responseStream << "\t\t\t\n"; responseStream << "\t\t\t\n"; responseStream << "\t\t\t\n"; + responseStream << "\t\t\t\n"; + responseStream << "\t\t\t\n"; responseStream << "\t\t\t\n"; responseStream << "\t\t\t\n"; responseStream << "\t\t\t\n"; responseStream << "\t\n"; diff --git a/src/cpp/JSONInterface/JsonAppLogin.cpp b/src/cpp/JSONInterface/JsonAppLogin.cpp new file mode 100644 index 000000000..3fe1e7d31 --- /dev/null +++ b/src/cpp/JSONInterface/JsonAppLogin.cpp @@ -0,0 +1,59 @@ +#include "JsonAppLogin.h" + +#include "Poco/URI.h" + +#include "../lib/DataTypeConverter.h" + +#include "../controller/AppAccessToken.h" +#include "../controller/User.h" + +#include "../SingletonManager/SessionManager.h" + + +Poco::JSON::Object* JsonAppLogin::handle(Poco::Dynamic::Var params) +{ + Poco::UInt64 access_token_code; + if (params.isVector()) { + try { + const Poco::URI::QueryParameters queryParams = params.extract(); + for (auto it = queryParams.begin(); it != queryParams.end(); it++) { + if (it->first == "access_token") { + auto numberParseResult = DataTypeConverter::strToInt(it->second, access_token_code); + if (DataTypeConverter::NUMBER_PARSE_OKAY != numberParseResult) { + return stateError("error parsing access token", DataTypeConverter::numberParseStateToString(numberParseResult)); + } + break; + } + } + //auto var = params[0]; + } + catch (Poco::Exception& ex) { + return stateError("error parsing query params, Poco Error", ex.displayText()); + } + } + auto sm = SessionManager::getInstance(); + auto access_token = controller::AppAccessToken::load(access_token_code); + if (access_token.isNull()) { + return stateError("access token not found"); + } + Poco::Timespan max_age; + max_age.assign(7, 0, 0, 0, 0); + if (access_token->getAge() > max_age) { + access_token->deleteFromDB(); + return stateError("access token to old"); + } + access_token->getModel()->update(); + auto session = sm->getNewSession(); + auto user = controller::User::create(); + if (1 != user->load(access_token->getModel()->getUserId())) { + return stateError("access token invalid"); + } + session->setUser(user); + + Poco::JSON::Object* result = new Poco::JSON::Object; + result->set("state", "success"); + result->set("session_id", session->getHandle()); + + return result; + +} \ No newline at end of file diff --git a/src/cpp/JSONInterface/JsonAppLogin.h b/src/cpp/JSONInterface/JsonAppLogin.h new file mode 100644 index 000000000..c587b61e2 --- /dev/null +++ b/src/cpp/JSONInterface/JsonAppLogin.h @@ -0,0 +1,16 @@ +#ifndef __JSON_INTERFACE_JSON_APP_LOGIN_H_ +#define __JSON_INTERFACE_JSON_APP_LOGIN_H_ + +#include "JsonRequestHandler.h" + +class JsonAppLogin : public JsonRequestHandler +{ +public: + Poco::JSON::Object* handle(Poco::Dynamic::Var params); + +protected: + + +}; + +#endif // __JSON_INTERFACE_JSON_APP_LOGIN_H_ \ No newline at end of file diff --git a/src/cpp/JSONInterface/JsonAquireAccessToken.cpp b/src/cpp/JSONInterface/JsonAquireAccessToken.cpp index 99a8cb17e..5a6f8c6dc 100644 --- a/src/cpp/JSONInterface/JsonAquireAccessToken.cpp +++ b/src/cpp/JSONInterface/JsonAquireAccessToken.cpp @@ -1,18 +1,18 @@ #include "JsonAquireAccessToken.h" -#include "Poco/URI.h" #include "../SingletonManager/SessionManager.h" -#include "../SingletonManager/ErrorManager.h" #include "../controller/AppAccessToken.h" +#include "../controller/Group.h" -#include "../lib/DataTypeConverter.h" Poco::JSON::Object* JsonAquireAccessToken::handle(Poco::Dynamic::Var params) { - auto session_result = checkAndLoadSession(params); - if (session_result) { - return session_result; + if (!mSession || mSession->getNewUser().isNull()) { + auto session_result = checkAndLoadSession(params, true); + if (session_result) { + return session_result; + } } Poco::JSON::Object* result = new Poco::JSON::Object; result->set("state", "success"); @@ -26,11 +26,21 @@ Poco::JSON::Object* JsonAquireAccessToken::handle(Poco::Dynamic::Var params) } else { access_token = controller::AppAccessToken::create(user_id); - access_token->getModel()->insertIntoDB(false); + // for a bit faster return + UniLib::controller::TaskPtr task = new model::table::ModelInsertTask(access_token->getModel(), false, true); + task->scheduleTask(task); + // default + //access_token->getModel()->insertIntoDB(false); } result->set("access_token", std::to_string(access_token->getModel()->getCode())); + auto group_base_url = user->getGroupBaseUrl(); + auto group = controller::Group::load(user->getModel()->getGroupId()); + if (!group.isNull()) { + result->set("group_base_url", group->getModel()->getUrl()); + } + return result; } \ No newline at end of file diff --git a/src/cpp/JSONInterface/JsonRequestHandler.cpp b/src/cpp/JSONInterface/JsonRequestHandler.cpp index 9ddbbc98c..3fedcd01e 100644 --- a/src/cpp/JSONInterface/JsonRequestHandler.cpp +++ b/src/cpp/JSONInterface/JsonRequestHandler.cpp @@ -21,6 +21,12 @@ JsonRequestHandler::JsonRequestHandler() } +JsonRequestHandler::JsonRequestHandler(Session* session) + : mSession(session) +{ + +} + void JsonRequestHandler::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net::HTTPServerResponse& response) { @@ -147,7 +153,7 @@ Poco::JSON::Object* JsonRequestHandler::customStateError(const char* state, cons return result; } -Poco::JSON::Object* JsonRequestHandler::checkAndLoadSession(Poco::Dynamic::Var params) +Poco::JSON::Object* JsonRequestHandler::checkAndLoadSession(Poco::Dynamic::Var params, bool checkIp/* = false*/) { int session_id = 0; auto sm = SessionManager::getInstance(); @@ -183,8 +189,13 @@ Poco::JSON::Object* JsonRequestHandler::checkAndLoadSession(Poco::Dynamic::Var p if (!session) { return customStateError("not found", "session not found"); } - if (!session->isIPValid(mClientIp)) { - return stateError("client ip differ from login client ip"); + if (checkIp) { + if (mClientIp.isLoopback()) { + return stateError("client ip is loop back ip"); + } + if (!session->isIPValid(mClientIp)) { + return stateError("client ip differ from login client ip"); + } } auto userNew = session->getNewUser(); //auto user = session->getUser(); diff --git a/src/cpp/JSONInterface/JsonRequestHandler.h b/src/cpp/JSONInterface/JsonRequestHandler.h index aaa32dba5..93e9e436b 100644 --- a/src/cpp/JSONInterface/JsonRequestHandler.h +++ b/src/cpp/JSONInterface/JsonRequestHandler.h @@ -12,6 +12,7 @@ class JsonRequestHandler : public Poco::Net::HTTPRequestHandler public: JsonRequestHandler(); + JsonRequestHandler(Session* session); void handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net::HTTPServerResponse& response); @@ -19,12 +20,14 @@ public: static Poco::Dynamic::Var parseJsonWithErrorPrintFile(std::istream& request_stream, NotificationList* errorHandler = nullptr, const char* functionName = nullptr); + inline void setSession(Session* session) { mSession = session; } + protected: Poco::JSON::Object* mResultJson; Poco::Net::IPAddress mClientIp; Session* mSession; - Poco::JSON::Object* checkAndLoadSession(Poco::Dynamic::Var params); + Poco::JSON::Object* checkAndLoadSession(Poco::Dynamic::Var params, bool checkIp = false); static Poco::JSON::Object* stateError(const char* msg, std::string details = ""); static Poco::JSON::Object* customStateError(const char* state, const char* msg, std::string details = ""); diff --git a/src/cpp/JSONInterface/JsonRequestHandlerFactory.cpp b/src/cpp/JSONInterface/JsonRequestHandlerFactory.cpp index dafb75aaf..2fd76c4b9 100644 --- a/src/cpp/JSONInterface/JsonRequestHandlerFactory.cpp +++ b/src/cpp/JSONInterface/JsonRequestHandlerFactory.cpp @@ -5,6 +5,7 @@ #include "../SingletonManager/SessionManager.h" #include "JsonAdminEmailVerificationResend.h" +#include "JsonAppLogin.h" #include "JsonAquireAccessToken.h" #include "JsonCreateTransaction.h" #include "JsonCreateUser.h" @@ -20,6 +21,7 @@ #include "JsonLogout.h" #include "JsonSearch.h" + JsonRequestHandlerFactory::JsonRequestHandlerFactory() : mRemoveGETParameters("^/([a-zA-Z0-9_-]*)"), mLogging(Poco::Logger::get("requestLog")) { @@ -44,6 +46,23 @@ Poco::Net::HTTPRequestHandler* JsonRequestHandlerFactory::createRequestHandler(c auto client_host_string = request.get("X-Real-IP", client_host.toString()); client_host = Poco::Net::IPAddress(client_host_string); + // check if user has valid session + Poco::Net::NameValueCollection cookies; + request.getCookies(cookies); + + int session_id = 0; + + try { + session_id = atoi(cookies.get("GRADIDO_LOGIN").data()); + } + catch (...) {} + + auto sm = SessionManager::getInstance(); + Session* s = nullptr; + if (!session_id) { + s = sm->getSession(session_id); + } + if (url_first_part == "/login") { return new JsonGetLogin; } @@ -84,7 +103,17 @@ Poco::Net::HTTPRequestHandler* JsonRequestHandlerFactory::createRequestHandler(c return new JsonLogout(client_host); } else if (url_first_part == "/acquireAccessToken") { - return new JsonAquireAccessToken; + auto requestHandler = new JsonAquireAccessToken; + requestHandler->setSession(s); + return requestHandler; + } + else if (url_first_part == "/appLogin") { + return new JsonAppLogin; + } + else if (url_first_part == "/appLogout") { + if (s) { + sm->releaseSession(s); + } } return new JsonUnknown; } diff --git a/src/cpp/controller/User.cpp b/src/cpp/controller/User.cpp index 19be115c8..d3dc4cbf1 100644 --- a/src/cpp/controller/User.cpp +++ b/src/cpp/controller/User.cpp @@ -533,7 +533,8 @@ namespace controller { if (!servers.size()) { auto group = controller::Group::load(model->getGroupId()); if (!group.isNull()) { - mGroupBaseUrl = group->getModel()->getUrl(); + auto group_model = group->getModel(); + mGroupBaseUrl = group_model->getUrl() + group_model->getHome(); return mGroupBaseUrl; } return ServerConfig::g_php_serverPath;