mirror of
https://github.com/IT4Change/gradido.git
synced 2025-12-13 07:45:54 +00:00
add JsonAppLogin and JsonAppLogout and AppAccessToken
This commit is contained in:
Dario
parent
768a9f2191
commit
0aa45e89d0
@ -44,6 +44,7 @@ void AdminGroupsPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco:
|
||||
alias,
|
||||
form.get("group-name", ""),
|
||||
form.get("group-url", ""),
|
||||
form.get("group-home", ""),
|
||||
form.get("group-desc", "")
|
||||
);
|
||||
newGroup->getModel()->insertIntoDB(false);
|
||||
@ -113,7 +114,7 @@ void AdminGroupsPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco:
|
||||
responseStream << "\t\t<div class=\"content\">";
|
||||
// end include header_large.cpsp
|
||||
responseStream << "\n";
|
||||
#line 38 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\adminGroups.cpsp"
|
||||
#line 39 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\adminGroups.cpsp"
|
||||
responseStream << ( getErrorsHtml() );
|
||||
responseStream << "\n";
|
||||
responseStream << "<div class=\"center-form-container\">\n";
|
||||
@ -127,39 +128,44 @@ void AdminGroupsPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco:
|
||||
responseStream << "\t\t\t\t<div class=\"cell header-cell c2\">Name</div>\n";
|
||||
responseStream << "\t\t\t\t<div class=\"cell header-cell c2\">Alias</div>\n";
|
||||
responseStream << "\t\t\t\t<div class=\"cell header-cell c3\">Url</div>\n";
|
||||
responseStream << "\t\t\t\t<div class=\"cell header-cell c2\">Home</div>\n";
|
||||
responseStream << "\t\t\t\t<div class=\"cell header-cell c5\">";
|
||||
#line 50 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\adminGroups.cpsp"
|
||||
#line 52 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\adminGroups.cpsp"
|
||||
responseStream << ( gettext("Description") );
|
||||
responseStream << "</div>\n";
|
||||
responseStream << "\t\t\t</div>\n";
|
||||
responseStream << "\t\t\t";
|
||||
#line 52 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\adminGroups.cpsp"
|
||||
#line 54 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\adminGroups.cpsp"
|
||||
for(auto it = groups.begin(); it != groups.end(); it++) {
|
||||
auto group_model = (*it)->getModel(); responseStream << "\n";
|
||||
responseStream << "\t\t\t\t<div class=\"row\">\n";
|
||||
responseStream << "\t\t\t\t\t<div class=\"cell c0\">";
|
||||
#line 55 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\adminGroups.cpsp"
|
||||
#line 57 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\adminGroups.cpsp"
|
||||
responseStream << ( group_model->getID() );
|
||||
responseStream << "</div>\n";
|
||||
responseStream << "\t\t\t\t\t<div class=\"cell c2\">";
|
||||
#line 56 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\adminGroups.cpsp"
|
||||
#line 58 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\adminGroups.cpsp"
|
||||
responseStream << ( group_model->getName() );
|
||||
responseStream << "</div>\n";
|
||||
responseStream << "\t\t\t\t\t<div class=\"cell c2\">";
|
||||
#line 57 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\adminGroups.cpsp"
|
||||
#line 59 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\adminGroups.cpsp"
|
||||
responseStream << ( group_model->getAlias() );
|
||||
responseStream << "</div>\n";
|
||||
responseStream << "\t\t\t\t\t<div class=\"cell c3\">";
|
||||
#line 58 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\adminGroups.cpsp"
|
||||
#line 60 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\adminGroups.cpsp"
|
||||
responseStream << ( group_model->getUrl() );
|
||||
responseStream << "</div>\n";
|
||||
responseStream << "\t\t\t\t\t<div class=\"cell c2\">";
|
||||
#line 61 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\adminGroups.cpsp"
|
||||
responseStream << ( group_model->getHome() );
|
||||
responseStream << "</div>\n";
|
||||
responseStream << "\t\t\t\t\t<div class=\"cell c5\">";
|
||||
#line 59 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\adminGroups.cpsp"
|
||||
#line 62 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\adminGroups.cpsp"
|
||||
responseStream << ( group_model->getDescription());
|
||||
responseStream << "</div>\n";
|
||||
responseStream << "\t\t\t\t</div>\n";
|
||||
responseStream << "\t\t\t";
|
||||
#line 61 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\adminGroups.cpsp"
|
||||
#line 64 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\adminGroups.cpsp"
|
||||
} responseStream << "\n";
|
||||
responseStream << "\t\t</div>\n";
|
||||
responseStream << "\t</div>\n";
|
||||
@ -174,13 +180,15 @@ void AdminGroupsPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco:
|
||||
responseStream << "\t\t\t<input class=\"form-control\" id=\"group-alias\" type=\"text\" name=\"group-alias\"/>\n";
|
||||
responseStream << "\t\t\t<label class=\"form-label\" for=\"group-url\">Url</label>\n";
|
||||
responseStream << "\t\t\t<input class=\"form-control\" id=\"group-url\" type=\"text\" name=\"group-url\"/>\n";
|
||||
responseStream << "\t\t\t<label class=\"form-label\" for=\"group-home\" title=\"Startpage link\">Home</label>\n";
|
||||
responseStream << "\t\t\t<input class=\"form-control\" id=\"group-home\" type=\"text\" name=\"group-home\"/>\n";
|
||||
responseStream << "\t\t\t<label class=\"form-label\" for=\"group-desc\">";
|
||||
#line 75 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\adminGroups.cpsp"
|
||||
#line 80 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\adminGroups.cpsp"
|
||||
responseStream << ( gettext("Description"));
|
||||
responseStream << "</label>\n";
|
||||
responseStream << "\t\t\t<textarea class=\"form-control\" name=\"group-desc\" rows=\"3\" maxlength=\"150\" id=\"group-desc\"></textarea>\n";
|
||||
responseStream << "\t\t\t<input class=\"center-form-submit form-button\" type=\"submit\" name=\"submit\" value=\"";
|
||||
#line 77 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\adminGroups.cpsp"
|
||||
#line 82 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\adminGroups.cpsp"
|
||||
responseStream << ( gettext("Add Group") );
|
||||
responseStream << "\">\n";
|
||||
responseStream << "\t</form>\n";
|
||||
|
||||
59
src/cpp/JSONInterface/JsonAppLogin.cpp
Normal file
59
src/cpp/JSONInterface/JsonAppLogin.cpp
Normal file
@ -0,0 +1,59 @@
|
||||
#include "JsonAppLogin.h"
|
||||
|
||||
#include "Poco/URI.h"
|
||||
|
||||
#include "../lib/DataTypeConverter.h"
|
||||
|
||||
#include "../controller/AppAccessToken.h"
|
||||
#include "../controller/User.h"
|
||||
|
||||
#include "../SingletonManager/SessionManager.h"
|
||||
|
||||
|
||||
Poco::JSON::Object* JsonAppLogin::handle(Poco::Dynamic::Var params)
|
||||
{
|
||||
Poco::UInt64 access_token_code;
|
||||
if (params.isVector()) {
|
||||
try {
|
||||
const Poco::URI::QueryParameters queryParams = params.extract<Poco::URI::QueryParameters>();
|
||||
for (auto it = queryParams.begin(); it != queryParams.end(); it++) {
|
||||
if (it->first == "access_token") {
|
||||
auto numberParseResult = DataTypeConverter::strToInt(it->second, access_token_code);
|
||||
if (DataTypeConverter::NUMBER_PARSE_OKAY != numberParseResult) {
|
||||
return stateError("error parsing access token", DataTypeConverter::numberParseStateToString(numberParseResult));
|
||||
}
|
||||
break;
|
||||
}
|
||||
}
|
||||
//auto var = params[0];
|
||||
}
|
||||
catch (Poco::Exception& ex) {
|
||||
return stateError("error parsing query params, Poco Error", ex.displayText());
|
||||
}
|
||||
}
|
||||
auto sm = SessionManager::getInstance();
|
||||
auto access_token = controller::AppAccessToken::load(access_token_code);
|
||||
if (access_token.isNull()) {
|
||||
return stateError("access token not found");
|
||||
}
|
||||
Poco::Timespan max_age;
|
||||
max_age.assign(7, 0, 0, 0, 0);
|
||||
if (access_token->getAge() > max_age) {
|
||||
access_token->deleteFromDB();
|
||||
return stateError("access token to old");
|
||||
}
|
||||
access_token->getModel()->update();
|
||||
auto session = sm->getNewSession();
|
||||
auto user = controller::User::create();
|
||||
if (1 != user->load(access_token->getModel()->getUserId())) {
|
||||
return stateError("access token invalid");
|
||||
}
|
||||
session->setUser(user);
|
||||
|
||||
Poco::JSON::Object* result = new Poco::JSON::Object;
|
||||
result->set("state", "success");
|
||||
result->set("session_id", session->getHandle());
|
||||
|
||||
return result;
|
||||
|
||||
}
|
||||
16
src/cpp/JSONInterface/JsonAppLogin.h
Normal file
16
src/cpp/JSONInterface/JsonAppLogin.h
Normal file
@ -0,0 +1,16 @@
|
||||
#ifndef __JSON_INTERFACE_JSON_APP_LOGIN_H_
|
||||
#define __JSON_INTERFACE_JSON_APP_LOGIN_H_
|
||||
|
||||
#include "JsonRequestHandler.h"
|
||||
|
||||
class JsonAppLogin : public JsonRequestHandler
|
||||
{
|
||||
public:
|
||||
Poco::JSON::Object* handle(Poco::Dynamic::Var params);
|
||||
|
||||
protected:
|
||||
|
||||
|
||||
};
|
||||
|
||||
#endif // __JSON_INTERFACE_JSON_APP_LOGIN_H_
|
||||
@ -1,19 +1,19 @@
|
||||
#include "JsonAquireAccessToken.h"
|
||||
#include "Poco/URI.h"
|
||||
|
||||
#include "../SingletonManager/SessionManager.h"
|
||||
#include "../SingletonManager/ErrorManager.h"
|
||||
|
||||
#include "../controller/AppAccessToken.h"
|
||||
#include "../controller/Group.h"
|
||||
|
||||
#include "../lib/DataTypeConverter.h"
|
||||
|
||||
Poco::JSON::Object* JsonAquireAccessToken::handle(Poco::Dynamic::Var params)
|
||||
{
|
||||
auto session_result = checkAndLoadSession(params);
|
||||
if (!mSession || mSession->getNewUser().isNull()) {
|
||||
auto session_result = checkAndLoadSession(params, true);
|
||||
if (session_result) {
|
||||
return session_result;
|
||||
}
|
||||
}
|
||||
Poco::JSON::Object* result = new Poco::JSON::Object;
|
||||
result->set("state", "success");
|
||||
auto user = mSession->getNewUser();
|
||||
@ -26,11 +26,21 @@ Poco::JSON::Object* JsonAquireAccessToken::handle(Poco::Dynamic::Var params)
|
||||
}
|
||||
else {
|
||||
access_token = controller::AppAccessToken::create(user_id);
|
||||
access_token->getModel()->insertIntoDB(false);
|
||||
// for a bit faster return
|
||||
UniLib::controller::TaskPtr task = new model::table::ModelInsertTask(access_token->getModel(), false, true);
|
||||
task->scheduleTask(task);
|
||||
// default
|
||||
//access_token->getModel()->insertIntoDB(false);
|
||||
}
|
||||
|
||||
result->set("access_token", std::to_string(access_token->getModel()->getCode()));
|
||||
|
||||
auto group_base_url = user->getGroupBaseUrl();
|
||||
auto group = controller::Group::load(user->getModel()->getGroupId());
|
||||
if (!group.isNull()) {
|
||||
result->set("group_base_url", group->getModel()->getUrl());
|
||||
}
|
||||
|
||||
return result;
|
||||
|
||||
}
|
||||
@ -21,6 +21,12 @@ JsonRequestHandler::JsonRequestHandler()
|
||||
|
||||
}
|
||||
|
||||
JsonRequestHandler::JsonRequestHandler(Session* session)
|
||||
: mSession(session)
|
||||
{
|
||||
|
||||
}
|
||||
|
||||
void JsonRequestHandler::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net::HTTPServerResponse& response)
|
||||
{
|
||||
|
||||
@ -147,7 +153,7 @@ Poco::JSON::Object* JsonRequestHandler::customStateError(const char* state, cons
|
||||
return result;
|
||||
}
|
||||
|
||||
Poco::JSON::Object* JsonRequestHandler::checkAndLoadSession(Poco::Dynamic::Var params)
|
||||
Poco::JSON::Object* JsonRequestHandler::checkAndLoadSession(Poco::Dynamic::Var params, bool checkIp/* = false*/)
|
||||
{
|
||||
int session_id = 0;
|
||||
auto sm = SessionManager::getInstance();
|
||||
@ -183,9 +189,14 @@ Poco::JSON::Object* JsonRequestHandler::checkAndLoadSession(Poco::Dynamic::Var p
|
||||
if (!session) {
|
||||
return customStateError("not found", "session not found");
|
||||
}
|
||||
if (checkIp) {
|
||||
if (mClientIp.isLoopback()) {
|
||||
return stateError("client ip is loop back ip");
|
||||
}
|
||||
if (!session->isIPValid(mClientIp)) {
|
||||
return stateError("client ip differ from login client ip");
|
||||
}
|
||||
}
|
||||
auto userNew = session->getNewUser();
|
||||
//auto user = session->getUser();
|
||||
if (userNew.isNull()) {
|
||||
|
||||
@ -12,6 +12,7 @@ class JsonRequestHandler : public Poco::Net::HTTPRequestHandler
|
||||
public:
|
||||
|
||||
JsonRequestHandler();
|
||||
JsonRequestHandler(Session* session);
|
||||
|
||||
void handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net::HTTPServerResponse& response);
|
||||
|
||||
@ -19,12 +20,14 @@ public:
|
||||
|
||||
static Poco::Dynamic::Var parseJsonWithErrorPrintFile(std::istream& request_stream, NotificationList* errorHandler = nullptr, const char* functionName = nullptr);
|
||||
|
||||
inline void setSession(Session* session) { mSession = session; }
|
||||
|
||||
protected:
|
||||
Poco::JSON::Object* mResultJson;
|
||||
Poco::Net::IPAddress mClientIp;
|
||||
Session* mSession;
|
||||
|
||||
Poco::JSON::Object* checkAndLoadSession(Poco::Dynamic::Var params);
|
||||
Poco::JSON::Object* checkAndLoadSession(Poco::Dynamic::Var params, bool checkIp = false);
|
||||
|
||||
static Poco::JSON::Object* stateError(const char* msg, std::string details = "");
|
||||
static Poco::JSON::Object* customStateError(const char* state, const char* msg, std::string details = "");
|
||||
|
||||
@ -5,6 +5,7 @@
|
||||
#include "../SingletonManager/SessionManager.h"
|
||||
|
||||
#include "JsonAdminEmailVerificationResend.h"
|
||||
#include "JsonAppLogin.h"
|
||||
#include "JsonAquireAccessToken.h"
|
||||
#include "JsonCreateTransaction.h"
|
||||
#include "JsonCreateUser.h"
|
||||
@ -20,6 +21,7 @@
|
||||
#include "JsonLogout.h"
|
||||
#include "JsonSearch.h"
|
||||
|
||||
|
||||
JsonRequestHandlerFactory::JsonRequestHandlerFactory()
|
||||
: mRemoveGETParameters("^/([a-zA-Z0-9_-]*)"), mLogging(Poco::Logger::get("requestLog"))
|
||||
{
|
||||
@ -44,6 +46,23 @@ Poco::Net::HTTPRequestHandler* JsonRequestHandlerFactory::createRequestHandler(c
|
||||
auto client_host_string = request.get("X-Real-IP", client_host.toString());
|
||||
client_host = Poco::Net::IPAddress(client_host_string);
|
||||
|
||||
// check if user has valid session
|
||||
Poco::Net::NameValueCollection cookies;
|
||||
request.getCookies(cookies);
|
||||
|
||||
int session_id = 0;
|
||||
|
||||
try {
|
||||
session_id = atoi(cookies.get("GRADIDO_LOGIN").data());
|
||||
}
|
||||
catch (...) {}
|
||||
|
||||
auto sm = SessionManager::getInstance();
|
||||
Session* s = nullptr;
|
||||
if (!session_id) {
|
||||
s = sm->getSession(session_id);
|
||||
}
|
||||
|
||||
if (url_first_part == "/login") {
|
||||
return new JsonGetLogin;
|
||||
}
|
||||
@ -84,7 +103,17 @@ Poco::Net::HTTPRequestHandler* JsonRequestHandlerFactory::createRequestHandler(c
|
||||
return new JsonLogout(client_host);
|
||||
}
|
||||
else if (url_first_part == "/acquireAccessToken") {
|
||||
return new JsonAquireAccessToken;
|
||||
auto requestHandler = new JsonAquireAccessToken;
|
||||
requestHandler->setSession(s);
|
||||
return requestHandler;
|
||||
}
|
||||
else if (url_first_part == "/appLogin") {
|
||||
return new JsonAppLogin;
|
||||
}
|
||||
else if (url_first_part == "/appLogout") {
|
||||
if (s) {
|
||||
sm->releaseSession(s);
|
||||
}
|
||||
}
|
||||
return new JsonUnknown;
|
||||
}
|
||||
|
||||
@ -533,7 +533,8 @@ namespace controller {
|
||||
if (!servers.size()) {
|
||||
auto group = controller::Group::load(model->getGroupId());
|
||||
if (!group.isNull()) {
|
||||
mGroupBaseUrl = group->getModel()->getUrl();
|
||||
auto group_model = group->getModel();
|
||||
mGroupBaseUrl = group_model->getUrl() + group_model->getHome();
|
||||
return mGroupBaseUrl;
|
||||
}
|
||||
return ServerConfig::g_php_serverPath;
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user