IT4Change/gradido
3
0
Fork 0
mirror of https://github.com/IT4Change/gradido.git synced 2025-12-13 07:45:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

adding admin check user backups

Browse Source
This commit is contained in:
Dario 2020-02-18 11:38:14 +01:00
parent 892d9eb2e2
commit 2e426f2748
15 changed files with 684 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
src/cpp/Crypto/KeyPair.cpp
View File

@ -43,8 +43,8 @@ bool KeyPair::generateFromPassphrase(const char* passphrase, Mnemonic* word_sour
// libsodium doc: https://libsodium.gitbook.io/doc/advanced/hmac-sha2
// https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki
//crypto_auth_hmacsha512_keygen
unsigned long word_indices[PHRASE_WORD_COUNT+1];
memset(word_indices, 0, PHRASE_WORD_COUNT + 1);
unsigned long word_indices[PHRASE_WORD_COUNT];
memset(word_indices, 0, PHRASE_WORD_COUNT);
//DHASH key = DRMakeStringHash(passphrase);
size_t pass_phrase_size = strlen(passphrase);
@ -96,8 +96,10 @@ bool KeyPair::generateFromPassphrase(const char* passphrase, Mnemonic* word_sour
/*printf("word_indices: \n");
for (int i = 0; i < PHRASE_WORD_COUNT; i++) {
if (i > 0) printf(" ");
printf("%hu", word_indices[i]);
}//*/
printf("%4hu", word_indices[i]);
}
printf("\n");
//*/
//printf("\nclear passphrase: \n%s\n", clearPassphrase.data());
// printf("passphrase bin: \n%s\n\n", getHex((unsigned char*)passphrase, pass_phrase_size).data());
@ -249,3 +251,8 @@ bool KeyPair::savePrivKey(int userId)
}
return true;
}
bool KeyPair::isPubkeysTheSame(const unsigned char* pubkey) const
{
return sodium_memcmp(pubkey, mPublicKey, ed25519_pubkey_SIZE) == 0;
}

2
src/cpp/Crypto/KeyPair.h
View File

@ -32,6 +32,8 @@ public:
inline const unsigned char* getPublicKey() const { return mSodiumPublic; }
bool isPubkeysTheSame(const unsigned char* pubkey) const;
protected:
const MemoryBin* getPrivateKey() const { return mSodiumSecret; }

223
src/cpp/HTTPInterface/AdminCheckUserBackup.cpp Normal file
View File

@ -0,0 +1,223 @@
#include "AdminCheckUserBackup.h"
#include "Poco/Net/HTTPServerRequest.h"
#include "Poco/Net/HTTPServerResponse.h"
#include "Poco/Net/HTMLForm.h"
#include "Poco/DeflatingStream.h"
#line 7 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\adminCheckUserBackup.cpsp"
#include "../crypto/KeyPair.h"
#include "../SingletonManager/ConnectionManager.h"
#include "../controller/UserBackups.h"
#include "Poco/Data/Binding.h"
using namespace Poco::Data::Keywords;
typedef Poco::Tuple<int, Poco::Nullable<Poco::Data::BLOB>, std::string> UserBackupTuple;
struct SListEntry
{
Poco::AutoPtr<controller::User> user;
std::vector<Poco::AutoPtr<controller::UserBackups>> backups;
};
#line 1 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\header_old.cpsp"
#include "../ServerConfig.h"
AdminCheckUserBackup::AdminCheckUserBackup(Session* arg):
SessionHTTPRequestHandler(arg)
{
}
void AdminCheckUserBackup::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net::HTTPServerResponse& response)
{
response.setChunkedTransferEncoding(true);
response.setContentType("text/html");
bool _compressResponse(request.hasToken("Accept-Encoding", "gzip"));
if (_compressResponse) response.set("Content-Encoding", "gzip");
Poco::Net::HTMLForm form(request, request.stream());
#line 25 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\adminCheckUserBackup.cpsp"
const char* pageName = "Admin Check User Backups";
auto cm = ConnectionManager::getInstance();
KeyPair keys;
std::list<SListEntry> notMatchingEntrys;
Poco::Data::Statement select(cm->getConnection(CONNECTION_MYSQL_LOGIN_SERVER));
std::list<UserBackupTuple> userBackupEntrys;
select << "SELECT u.id, u.pubkey, b.passphrase FROM users as u LEFT JOIN user_backups as b on(u.id = b.user_id)"
, into(userBackupEntrys);
size_t resultCount = 0;
try {
resultCount = select.execute();
for(auto it = userBackupEntrys.begin(); it != userBackupEntrys.end(); it++) {
auto tuple = *it;
auto pubkey = tuple.get<1>();
if(pubkey.isNull()) {
continue;
}
auto passphrase = KeyPair::filterPassphrase(tuple.get<2>());
auto user_id = tuple.get<0>();
Mnemonic* wordSource = nullptr;
if(!User::validatePassphrase(passphrase, &wordSource)) {
addError(new Error("admin Check user backup", "invalid passphrase"));
addError(new ParamError("admin Check user backup", "passphrase", passphrase.data()));
addError(new ParamError("admin Check user backup", "user id", user_id));
continue;
} else {
keys.generateFromPassphrase(passphrase.data(), wordSource);
}
if(keys.isPubkeysTheSame(pubkey.value().content().data())) {
continue;
}
SListEntry entry;
entry.user = controller::User::create();
entry.user->load(user_id);
entry.backups = controller::UserBackups::load(user_id);
notMatchingEntrys.push_back(entry);
}
}
catch (Poco::Exception& ex) {
addError(new ParamError("adminCheckUserBackup", "mysql error", ex.displayText().data()));
}
std::ostream& _responseStream = response.send();
Poco::DeflatingOutputStream _gzipStream(_responseStream, Poco::DeflatingStreamBuf::STREAM_GZIP, 1);
std::ostream& responseStream = _compressResponse ? _gzipStream : _responseStream;
responseStream << "\n";
// begin include header_old.cpsp
responseStream << "\n";
responseStream << "<!DOCTYPE html>\n";
responseStream << "<html>\n";
responseStream << "<head>\n";
responseStream << "<meta charset=\"UTF-8\">\n";
responseStream << "<meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\n";
responseStream << "<title>Gradido Login Server: ";
#line 9 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\header_old.cpsp"
responseStream << ( pageName );
responseStream << "</title>\n";
responseStream << "<!--<link rel=\"stylesheet\" type=\"text/css\" href=\"css/styles.min.css\">-->\n";
responseStream << "<link rel=\"stylesheet\" type=\"text/css\" href=\"";
#line 11 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\header_old.cpsp"
responseStream << ( ServerConfig::g_php_serverPath );
responseStream << "/css/styles.css\">\n";
responseStream << "<style type=\"text/css\" >\n";
responseStream << ".grd_container\n";
responseStream << "{\n";
responseStream << " max-width:820px;\n";
responseStream << " margin-left:auto;\n";
responseStream << " margin-right:auto;\n";
responseStream << "}\n";
responseStream << "\n";
responseStream << "input:not([type='radio']) {\n";
responseStream << "\twidth:200px;\n";
responseStream << "}\n";
responseStream << "label:not(.grd_radio_label) {\n";
responseStream << "\twidth:80px;\n";
responseStream << "\tdisplay:inline-block;\n";
responseStream << "}\n";
responseStream << ".grd_container_small\n";
responseStream << "{\n";
responseStream << " max-width:500px;\n";
responseStream << "}\n";
responseStream << ".grd_text {\n";
responseStream << " max-width:550px;\n";
responseStream << " margin-bottom: 5px;\n";
responseStream << "}\n";
responseStream << ".dev-info {\n";
responseStream << "\tposition: fixed;\n";
responseStream << "\tcolor:grey;\n";
responseStream << "\tfont-size: smaller;\n";
responseStream << "\tleft:8px;\n";
responseStream << "}\n";
responseStream << ".grd-time-used { \n";
responseStream << " bottom:0;\n";
responseStream << "} \n";
responseStream << "\n";
responseStream << ".versionstring {\n";
responseStream << "\ttop:0;\n";
responseStream << "}\n";
responseStream << "</style>\n";
responseStream << "</head>\n";
responseStream << "<body>\n";
responseStream << "<div class=\"versionstring dev-info\">\n";
responseStream << "\t<p class=\"grd_small\">Login Server in Entwicklung</p>\n";
responseStream << "\t<p class=\"grd_small\">Alpha ";
#line 53 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\header_old.cpsp"
responseStream << ( ServerConfig::g_versionString );
responseStream << "</p>\n";
responseStream << "</div>\n";
// end include header_old.cpsp
responseStream << "\n";
responseStream << "<div class=\"grd_container\">\n";
responseStream << "\t<h1>Admin Check User Backup</h1>\n";
responseStream << "\t";
#line 78 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\adminCheckUserBackup.cpsp"
responseStream << ( getErrorsHtml() );
responseStream << "\n";
responseStream << "\t<p><b>Unmatching count: ";
#line 79 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\adminCheckUserBackup.cpsp"
responseStream << ( notMatchingEntrys.size() );
responseStream << "</b></p>\n";
responseStream << "\t<table>\n";
responseStream << "\t\t<thead>\n";
responseStream << "\t\t\t<tr><th>id</th><th>Vorname</th><th>Nachname</th><th>E-Mail</th><th>backups count</tr>\n";
responseStream << "\t\t</thead>\n";
responseStream << "\t\t<tbody>\n";
responseStream << "\t\t\t";
#line 85 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\adminCheckUserBackup.cpsp"
for(auto it = notMatchingEntrys.begin(); it != notMatchingEntrys.end(); it++) {
auto userModel = (*it).user->getModel();
responseStream << "\n";
responseStream << "\t\t\t\t<tr>\n";
responseStream << "\t\t\t\t<td>";
#line 89 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\adminCheckUserBackup.cpsp"
responseStream << ( userModel->getID() );
responseStream << "</td>\n";
responseStream << "\t\t\t\t<td>";
#line 90 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\adminCheckUserBackup.cpsp"
responseStream << ( userModel->getFirstName() );
responseStream << "</td>\n";
responseStream << "\t\t\t\t<td>";
#line 91 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\adminCheckUserBackup.cpsp"
responseStream << ( userModel->getLastName() );
responseStream << "</td>\n";
responseStream << "\t\t\t\t<td>";
#line 92 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\adminCheckUserBackup.cpsp"
responseStream << ( userModel->getEmail() );
responseStream << "</td>\n";
responseStream << "\t\t\t\t<td>";
#line 93 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\adminCheckUserBackup.cpsp"
responseStream << ( (*it).backups.size() );
responseStream << "</td>\n";
responseStream << "\t\t\t\t</tr>\n";
responseStream << "\t\t\t";
#line 95 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\adminCheckUserBackup.cpsp"
} responseStream << "\n";
responseStream << "\t\t</tbody>\n";
responseStream << "</div>\n";
// begin include footer.cpsp
responseStream << "\t<div class=\"grd-time-used dev-info\">\n";
responseStream << "\t\t\t";
#line 2 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\footer.cpsp"
responseStream << ( mTimeProfiler.string() );
responseStream << "\n";
responseStream << "\t</div>\n";
responseStream << "</body>\n";
responseStream << "</html>";
// end include footer.cpsp
responseStream << "\n";
if (_compressResponse) _gzipStream.close();
}

20
src/cpp/HTTPInterface/AdminCheckUserBackup.h Normal file
View File

@ -0,0 +1,20 @@
#ifndef AdminCheckUserBackup_INCLUDED
#define AdminCheckUserBackup_INCLUDED
#include "Poco/Net/HTTPRequestHandler.h"
#include "SessionHTTPRequestHandler.h"
class AdminCheckUserBackup: public SessionHTTPRequestHandler
{
public:
AdminCheckUserBackup(Session*);
void handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net::HTTPServerResponse& response);
};
#endif // AdminCheckUserBackup_INCLUDED

37
src/cpp/HTTPInterface/DebugPassphrasePage.cpp
View File

@ -35,6 +35,7 @@ void DebugPassphrasePage::handleRequest(Poco::Net::HTTPServerRequest& request, P
std::string privKeyHex = "";
std::string privKeyCryptedHex = "";
User::passwordHashed pwdHashed = 0;
Poco::AutoPtr<controller::User> existingUser;
if(!form.empty()) {
auto passphrase = KeyPair::filterPassphrase(form.get("passphrase", ""));
Mnemonic* wordSource = nullptr;
@ -43,7 +44,14 @@ void DebugPassphrasePage::handleRequest(Poco::Net::HTTPServerRequest& request, P
} else {
keys.generateFromPassphrase(passphrase.data(), wordSource);
}
auto newUser = new User(form.get("email", "").data(), "first_name", "last_name");
auto email = form.get("email", "");
auto newUser = new User(email.data(), "first_name", "last_name");
if(email != "") {
existingUser = controller::User::create();
existingUser->load(email);
}
newUser->validatePwd(form.get("password", ""), this);
pwdHashed = newUser->getPwdHashed();
auto privKey = keys.getPrivateKey();
@ -131,7 +139,7 @@ void DebugPassphrasePage::handleRequest(Poco::Net::HTTPServerRequest& request, P
responseStream << "<div class=\"grd_container\">\n";
responseStream << "\t<h1>Debug Passphrase</h1>\n";
responseStream << "\t";
#line 45 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\debugPassphrase.cpsp"
#line 53 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\debugPassphrase.cpsp"
responseStream << ( getErrorsHtml() );
responseStream << "\n";
responseStream << "\t<form method=\"POST\">\n";
@ -140,7 +148,7 @@ void DebugPassphrasePage::handleRequest(Poco::Net::HTTPServerRequest& request, P
responseStream << "\t\t\t<p class=\"grd_small\">\n";
responseStream << "\t\t\t\t<label for=\"email\">E-Mail</label>\n";
responseStream << "\t\t\t\t<input id=\"email\" type=\"email\" name=\"email\" value=\"";
#line 51 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\debugPassphrase.cpsp"
#line 59 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\debugPassphrase.cpsp"
responseStream << ( !form.empty() ? form.get("email") : "" );
responseStream << "\"/>\n";
responseStream << "\t\t\t</p>\n";
@ -149,28 +157,41 @@ void DebugPassphrasePage::handleRequest(Poco::Net::HTTPServerRequest& request, P
responseStream << "\t\t\t\t<input id=\"password\" type=\"password\" name=\"password\"/>\n";
responseStream << "\t\t\t</p>\n";
responseStream << "\t\t\t<textarea style=\"width:100%;height:100px\" name=\"passphrase\">";
#line 57 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\debugPassphrase.cpsp"
#line 65 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\debugPassphrase.cpsp"
responseStream << ( !form.empty() ? form.get("passphrase", "") : "" );
responseStream << "</textarea>\n";
responseStream << "\t\t</fieldset>\n";
responseStream << "\t\t<input class=\"grd-form-bn grd-form-bn-succeed\" type=\"submit\" name=\"submit\" value=\"Debug\">\n";
responseStream << "\t</form>\n";
responseStream << "\t<p>Public key:<br>";
#line 61 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\debugPassphrase.cpsp"
#line 69 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\debugPassphrase.cpsp"
responseStream << ( keys.getPubkeyHex() );
responseStream << "</p>\n";
responseStream << "\t<p>Private Key:<br>";
#line 62 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\debugPassphrase.cpsp"
#line 70 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\debugPassphrase.cpsp"
responseStream << ( privKeyHex );
responseStream << "</p>\n";
responseStream << "\t<p>Passwort Hashed:<br>";
#line 63 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\debugPassphrase.cpsp"
#line 71 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\debugPassphrase.cpsp"
responseStream << ( std::to_string(pwdHashed) );
responseStream << "</p>\n";
responseStream << "\t<p>Private key crypted:<br>";
#line 64 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\debugPassphrase.cpsp"
#line 72 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\debugPassphrase.cpsp"
responseStream << ( privKeyCryptedHex );
responseStream << "</p>\n";
responseStream << "\t";
#line 73 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\debugPassphrase.cpsp"
if(!existingUser.isNull()) {
auto userModel = existingUser->getModel();
auto dbPubkey = userModel->getPublicKey();
responseStream << "\n";
responseStream << "\t\t<p>user Public: <br>";
#line 77 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\debugPassphrase.cpsp"
responseStream << ( KeyPair::getHex(dbPubkey, ed25519_pubkey_SIZE) );
responseStream << "</p>\n";
responseStream << "\t";
#line 78 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\debugPassphrase.cpsp"
} responseStream << "\n";
responseStream << "</div>\n";
// begin include footer.cpsp
responseStream << "\t<div class=\"grd-time-used dev-info\">\n";

49
src/cpp/HTTPInterface/LoginPage.cpp
View File

@ -118,8 +118,15 @@ void LoginPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net::
return;
case USER_NO_PRIVATE_KEY:
case USER_COMPLETE:
auto referer = request.find("Referer");
std::string refererString;
if (referer != request.end()) {
refererString = referer->second;
}
if(lastExternReferer != "") {
response.redirect(lastExternReferer);
} else if(refererString != "") {
response.redirect(refererString);
} else {
response.redirect(ServerConfig::g_php_serverPath + "/");
}
@ -196,20 +203,20 @@ void LoginPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net::
responseStream << " <div class=\"row\">\n";
responseStream << " <div class=\"col-12 logo-section\">\n";
responseStream << " <a href=\"";
#line 137 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
#line 144 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
responseStream << ( ServerConfig::g_php_serverPath );
responseStream << "\" class=\"logo\">\n";
responseStream << "\t\t\t<picture>\n";
responseStream << "\t\t\t\t<source srcset=\"";
#line 139 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
#line 146 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
responseStream << ( ServerConfig::g_php_serverPath );
responseStream << "img/logo_schrift.webp\" type=\"image/webp\">\n";
responseStream << "\t\t\t\t<source srcset=\"";
#line 140 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
#line 147 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
responseStream << ( ServerConfig::g_php_serverPath );
responseStream << "img/logo_schrift.png\" type=\"image/png\"> \n";
responseStream << "\t\t\t\t<img src=\"";
#line 141 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
#line 148 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
responseStream << ( ServerConfig::g_php_serverPath );
responseStream << "img/logo_schrift.png\" alt=\"logo\" />\n";
responseStream << "\t\t\t</picture>\n";
@ -221,29 +228,29 @@ void LoginPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net::
responseStream << " <div class=\"grid\">\n";
responseStream << "\t\t\t<div class=\"center-ul-container\">\n";
responseStream << "\t\t\t\t";
#line 150 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
#line 157 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
responseStream << ( getErrorsHtml() );
responseStream << "\t \n";
responseStream << "\t\t\t</div>\n";
responseStream << " <div class=\"grid-body\">\n";
responseStream << " <form action=\"";
#line 153 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
#line 160 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
responseStream << ( ServerConfig::g_serverPath );
responseStream << "/\" method=\"POST\">\n";
responseStream << "\t\t\t <input type=\"hidden\" name=\"lang\" value=\"";
#line 154 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
#line 161 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
responseStream << ( LanguageManager::keyForLanguage(lang) );
responseStream << "\">\n";
responseStream << " <div class=\"row pull-right-row\">\n";
responseStream << " <div class=\"equel-grid pull-right\">\n";
responseStream << " <div class=\"grid-body-small text-center\">\n";
responseStream << " <button id=\"flag-england\" name=\"lang-btn\" value=\"en\" title=\"English\" type=\"submit\" ";
#line 158 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
#line 165 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
if(lang != LANG_EN) { responseStream << "class=\"btn btn-outline-secondary flag-btn\"";
#line 158 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
#line 165 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
}
else { responseStream << "class=\"btn btn-secondary disabled flag-btn\" disabled";
#line 159 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
#line 166 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
} responseStream << ">\n";
responseStream << " <span class=\"flag-england\"></span>\n";
responseStream << " </button>\n";
@ -252,12 +259,12 @@ void LoginPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net::
responseStream << " <div class=\"equel-grid pull-right\">\n";
responseStream << " <div class=\"grid-body-small text-center\">\n";
responseStream << " <button id=\"flag-germany\" name=\"lang-btn\" value=\"de\" title=\"Deutsch\" type=\"submit\" ";
#line 166 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
#line 173 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
if(lang != LANG_DE) { responseStream << "class=\"btn btn-outline-secondary flag-btn\"";
#line 166 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
#line 173 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
}
else { responseStream << "class=\"btn btn-secondary disabled flag-btn\" disabled";
#line 167 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
#line 174 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
} responseStream << ">\n";
responseStream << " <span class=\"flag-germany\"></span>\n";
responseStream << " </button>\n";
@ -268,39 +275,39 @@ void LoginPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net::
responseStream << " <div class=\"col-lg-7 col-md-8 col-sm-9 col-12 mx-auto form-wrapper\">\n";
responseStream << " <div class=\"form-group input-rounded\">\n";
responseStream << " <input type=\"text\" class=\"form-control\" name=\"login-email\" placeholder=\"";
#line 176 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
#line 183 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
responseStream << ( langCatalog->gettext("E-Mail") );
responseStream << "\" value=\"";
#line 176 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
#line 183 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
responseStream << ( presetEmail );
responseStream << "\"/>\n";
responseStream << " </div>\n";
responseStream << " <div class=\"form-group input-rounded\">\n";
responseStream << " <input type=\"password\" class=\"form-control\" name=\"login-password\" placeholder=\"";
#line 179 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
#line 186 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
responseStream << ( langCatalog->gettext("Password") );
responseStream << "\" />\n";
responseStream << " </div>\n";
responseStream << " <button type=\"submit\" name=\"submit\" class=\"btn btn-primary btn-block\">";
#line 181 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
#line 188 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
responseStream << ( langCatalog->gettext(" Login ") );
responseStream << "</button>\n";
responseStream << " <div class=\"signup-link\">\n";
responseStream << " <p>";
#line 183 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
#line 190 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
responseStream << ( langCatalog->gettext("You haven't any account yet? Please follow the link to create one.") );
responseStream << "</p>\n";
responseStream << " <a href=\"https://gradido.com\">";
#line 184 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
#line 191 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
responseStream << ( langCatalog->gettext("Create New Account") );
responseStream << "</a>\n";
responseStream << " </div>\n";
responseStream << "\t\t\t\t\t<div class=\"reset-pwd-link\">\n";
responseStream << "\t\t\t\t\t\t<a href=\"";
#line 187 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
#line 194 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
responseStream << ( ServerConfig::g_serverPath );
responseStream << "/resetPassword\">";
#line 187 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
#line 194 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
responseStream << ( langCatalog->gettext("Passwort vergessen") );
responseStream << "</a>\n";
responseStream << "\t\t\t\t\t</div>\n";

6
src/cpp/HTTPInterface/PageRequestHandlerFactory.cpp
View File

@ -20,6 +20,7 @@
#include "ResetPassword.h"
#include "RegisterAdminPage.h"
#include "DebugPassphrasePage.h"
#include "AdminCheckUserBackup.h"
#include "DecodeTransactionPage.h"
@ -144,6 +145,11 @@ Poco::Net::HTTPRequestHandler* PageRequestHandlerFactory::createRequestHandler(c
pageRequestHandler->setProfiler(timeUsed);
return pageRequestHandler;
}
if (url_first_part == "/checkUserBackups") {
auto pageRequestHandler = new AdminCheckUserBackup(s);
pageRequestHandler->setProfiler(timeUsed);
return pageRequestHandler;
}
}
if(url_first_part == "/logout") {

6
src/cpp/controller/EmailVerificationCode.h
View File

@ -1,5 +1,5 @@
#ifndef GRADIDO_LOGIN_SERVER_MODEL_EMAIL_VERIFICATION_CODE_INCLUDE
#define GRADIDO_LOGIN_SERVER_MODEL_EMAIL_VERIFICATION_CODE_INCLUDE
#ifndef GRADIDO_LOGIN_SERVER_CONTROLLER_EMAIL_VERIFICATION_CODE_INCLUDE
#define GRADIDO_LOGIN_SERVER_CONTROLLER_EMAIL_VERIFICATION_CODE_INCLUDE
#include "../model/table/EmailOptIn.h"
@ -33,4 +33,4 @@ namespace controller {
};
}
#endif //GRADIDO_LOGIN_SERVER_MODEL_EMAIL_VERIFICATION_CODE_INCLUDE
#endif //GRADIDO_LOGIN_SERVER_CONTROLLER_EMAIL_VERIFICATION_CODE_INCLUDE

49
src/cpp/controller/UserBackups.cpp Normal file
View File

@ -0,0 +1,49 @@
#include "UserBackups.h"
namespace controller {
UserBackups::UserBackups(model::table::UserBackups* dbModel)
{
mDBModel = dbModel;
}
UserBackups::~UserBackups()
{
}
// --------------- static members -----------------------------
Poco::AutoPtr<UserBackups> UserBackups::create(int user_id, const std::string& passphrase)
{
auto db = new model::table::UserBackups(user_id, passphrase);
return Poco::AutoPtr<UserBackups>(new UserBackups(db));
}
std::vector<Poco::AutoPtr<UserBackups>> UserBackups::load(int user_id)
{
auto db = new model::table::UserBackups();
auto results = db->loadFromDB<int, model::table::UserBackupsTuple>("user_id", user_id, 1);
std::vector<Poco::AutoPtr<UserBackups>> resultObjects;
if (db->errorCount()) {
db->sendErrorsAsEmail();
db->release();
return resultObjects;
}
db->release();
if (results.size() == 0) {
return resultObjects;
}
for (auto it = results.begin(); it != results.end(); it++) {
resultObjects.push_back(new UserBackups(new model::table::UserBackups(*it)));
}
return resultObjects;
}
}

31
src/cpp/controller/UserBackups.h Normal file
View File

@ -0,0 +1,31 @@
#ifndef GRADIDO_LOGIN_SERVER_CONTROLLER_USER_BACKUPS_INCLUDE
#define GRADIDO_LOGIN_SERVER_CONTROLLER_USER_BACKUPS_INCLUDE
#include "../model/table/UserBackups.h"
#include "TableControllerBase.h"
namespace controller {
class UserBackups : public TableControllerBase
{
public:
~UserBackups();
static Poco::AutoPtr<UserBackups> create(int user_id, const std::string& passphrase);
static std::vector<Poco::AutoPtr<UserBackups>> load(int user_id);
inline bool deleteFromDB() { return mDBModel->deleteFromDB(); }
inline Poco::AutoPtr<model::table::UserBackups> getModel() { return _getModel<model::table::UserBackups>(); }
protected:
UserBackups(model::table::UserBackups* dbModel);
};
}
#endif //GRADIDO_LOGIN_SERVER_CONTROLLER_USER_BACKUPS_INCLUDE

117
src/cpp/model/table/UserBackups.cpp Normal file
View File

@ -0,0 +1,117 @@
#include "UserBackups.h"
using namespace Poco::Data::Keywords;
namespace model {
namespace table {
UserBackups::UserBackups()
: mUserId(0)
{
}
UserBackups::UserBackups(int user_id, const std::string& passphrase)
: mUserId(user_id), mPassphrase(passphrase)
{
}
UserBackups::UserBackups(const UserBackupsTuple& tuple)
: ModelBase(tuple.get<0>()), mUserId(tuple.get<1>()), mPassphrase(tuple.get<2>())
{
}
UserBackups::~UserBackups()
{
}
Poco::Data::Statement UserBackups::_insertIntoDB(Poco::Data::Session session)
{
Poco::Data::Statement insert(session);
lock();
insert << "INSERT INTO " << getTableName()
<< " (user_id, passphrase) VALUES(?,?)"
, use(mUserId), bind(mPassphrase);
unlock();
return insert;
}
Poco::Data::Statement UserBackups::_loadFromDB(Poco::Data::Session session, const std::string& fieldName)
{
Poco::Data::Statement select(session);
select << "SELECT id, user_id, passphrase FROM " << getTableName()
<< " where " << fieldName << " = ?"
, into(mID), into(mUserId), into(mPassphrase);
return select;
}
Poco::Data::Statement UserBackups::_loadIdFromDB(Poco::Data::Session session)
{
Poco::Data::Statement select(session);
select << "SELECT id FROM " << getTableName()
<< " where user_id = ?"
, into(mID), use(mUserId);
return select;
}
Poco::Data::Statement UserBackups::_loadMultipleFromDB(Poco::Data::Session session, const std::string& fieldName)
{
Poco::Data::Statement select(session);
select << "SELECT id, user_id, passphrase FROM " << getTableName()
<< " where " << fieldName << " = ?";
return select;
}
Poco::Data::Statement UserBackups::_loadFromDB(Poco::Data::Session session, const std::vector<std::string>& fieldNames, MysqlConditionType conditionType/* = MYSQL_CONDITION_AND*/)
{
Poco::Data::Statement select(session);
if (fieldNames.size() <= 1) {
throw Poco::NullValueException("UserRoles::_loadFromDB fieldNames empty or contain only one field");
}
select << "SELECT id, user_id, passphrase FROM " << getTableName()
<< " where " << fieldNames[0] << " = ? ";
if (conditionType == MYSQL_CONDITION_AND) {
for (int i = 1; i < fieldNames.size(); i++) {
select << " AND " << fieldNames[i] << " = ? ";
}
}
else if (conditionType == MYSQL_CONDITION_OR) {
for (int i = 1; i < fieldNames.size(); i++) {
select << " OR " << fieldNames[i] << " = ? ";
}
}
else {
addError(new ParamError("UserBackups::_loadFromDB", "condition type not implemented", conditionType));
}
//<< " where " << fieldName << " = ?"
select, into(mID), into(mUserId), into(mPassphrase);
return select;
}
// generic db operations
std::string UserBackups::toString()
{
std::stringstream ss;
ss << "user_id: " << mUserId << std::endl;
ss << "passphrase: " << mPassphrase << std::endl;
return ss.str();
}
}
}

45
src/cpp/model/table/UserBackups.h Normal file
View File

@ -0,0 +1,45 @@
#ifndef GRADIDO_LOGIN_SERVER_MODEL_TABLE_USER_BACKUPS_INCLUDE
#define GRADIDO_LOGIN_SERVER_MODEL_TABLE_USER_BACKUPS_INCLUDE
#include "ModelBase.h"
namespace model {
namespace table {
typedef Poco::Tuple<int, int, std::string> UserBackupsTuple;
class UserBackups : public ModelBase
{
public:
UserBackups(int user_id, const std::string& passphrase);
UserBackups(const UserBackupsTuple& tuple);
UserBackups();
~UserBackups();
// generic db operations
const char* getTableName() const { return "user_backups"; }
std::string toString();
inline int getUserId() const { return mUserId; }
inline const std::string& getPassphrase() const { return mPassphrase; }
inline void setUserId(int user_Id) { mUserId = user_Id; }
protected:
Poco::Data::Statement _loadFromDB(Poco::Data::Session session, const std::string& fieldName);
Poco::Data::Statement _loadIdFromDB(Poco::Data::Session session);
Poco::Data::Statement _loadMultipleFromDB(Poco::Data::Session session, const std::string& fieldName);
Poco::Data::Statement _loadFromDB(Poco::Data::Session session, const std::vector<std::string>& fieldNames, MysqlConditionType conditionType = MYSQL_CONDITION_AND);
Poco::Data::Statement _insertIntoDB(Poco::Data::Session session);
int mUserId;
std::string mPassphrase;
};
}
}
#endif //GRADIDO_LOGIN_SERVER_MODEL_TABLE_USER_BACKUPS_INCLUDE

98
src/cpsp/adminCheckUserBackup.cpsp Normal file
View File

@ -0,0 +1,98 @@
<%@ page class="AdminCheckUserBackup" %>
<%@ page form="true" %>
<%@ page compressed="true" %>
<%@ page baseClass="SessionHTTPRequestHandler" %>
<%@ page ctorArg="Session*" %>
<%@ header include="SessionHTTPRequestHandler.h" %>
<%!
#include "../crypto/KeyPair.h"
#include "../SingletonManager/ConnectionManager.h"
#include "../controller/UserBackups.h"
#include "Poco/Data/Binding.h"
using namespace Poco::Data::Keywords;
typedef Poco::Tuple<int, Poco::Nullable<Poco::Data::BLOB>, std::string> UserBackupTuple;
struct SListEntry
{
Poco::AutoPtr<controller::User> user;
std::vector<Poco::AutoPtr<controller::UserBackups>> backups;
};
%>
<%%
const char* pageName = "Admin Check User Backups";
auto cm = ConnectionManager::getInstance();
KeyPair keys;
std::list<SListEntry> notMatchingEntrys;
Poco::Data::Statement select(cm->getConnection(CONNECTION_MYSQL_LOGIN_SERVER));
std::list<UserBackupTuple> userBackupEntrys;
select << "SELECT u.id, u.pubkey, b.passphrase FROM users as u LEFT JOIN user_backups as b on(u.id = b.user_id)"
, into(userBackupEntrys);
size_t resultCount = 0;
try {
resultCount = select.execute();
for(auto it = userBackupEntrys.begin(); it != userBackupEntrys.end(); it++) {
auto tuple = *it;
auto pubkey = tuple.get<1>();
if(pubkey.isNull()) {
continue;
}
auto passphrase = KeyPair::filterPassphrase(tuple.get<2>());
auto user_id = tuple.get<0>();
Mnemonic* wordSource = nullptr;
if(!User::validatePassphrase(passphrase, &wordSource)) {
addError(new Error("admin Check user backup", "invalid passphrase"));
addError(new ParamError("admin Check user backup", "passphrase", passphrase.data()));
addError(new ParamError("admin Check user backup", "user id", user_id));
continue;
} else {
keys.generateFromPassphrase(passphrase.data(), wordSource);
}
if(keys.isPubkeysTheSame(pubkey.value().content().data())) {
continue;
}
SListEntry entry;
entry.user = controller::User::create();
entry.user->load(user_id);
entry.backups = controller::UserBackups::load(user_id);
notMatchingEntrys.push_back(entry);
}
}
catch (Poco::Exception& ex) {
addError(new ParamError("adminCheckUserBackup", "mysql error", ex.displayText().data()));
}
%><%@ include file="header_old.cpsp" %>
<div class="grd_container">
<h1>Admin Check User Backup</h1>
<%= getErrorsHtml() %>
<p><b>Unmatching count: <%= notMatchingEntrys.size() %></b></p>
<table>
<thead>
<tr><th>id</th><th>Vorname</th><th>Nachname</th><th>E-Mail</th><th>backups count</tr>
</thead>
<tbody>
<% for(auto it = notMatchingEntrys.begin(); it != notMatchingEntrys.end(); it++) {
auto userModel = (*it).user->getModel();
%>
<tr>
<td><%= userModel->getID() %></td>
<td><%= userModel->getFirstName() %></td>
<td><%= userModel->getLastName() %></td>
<td><%= userModel->getEmail() %></td>
<td><%= (*it).backups.size() %></td>
</tr>
<% } %>
</tbody>
</div>
<%@ include file="footer.cpsp" %>

16
src/cpsp/debugPassphrase.cpsp
View File

@ -14,6 +14,7 @@
std::string privKeyHex = "";
std::string privKeyCryptedHex = "";
User::passwordHashed pwdHashed = 0;
Poco::AutoPtr<controller::User> existingUser;
if(!form.empty()) {
auto passphrase = KeyPair::filterPassphrase(form.get("passphrase", ""));
Mnemonic* wordSource = nullptr;
@ -22,7 +23,14 @@
} else {
keys.generateFromPassphrase(passphrase.data(), wordSource);
}
auto newUser = new User(form.get("email", "").data(), "first_name", "last_name");
auto email = form.get("email", "");
auto newUser = new User(email.data(), "first_name", "last_name");
if(email != "") {
existingUser = controller::User::create();
existingUser->load(email);
}
newUser->validatePwd(form.get("password", ""), this);
pwdHashed = newUser->getPwdHashed();
auto privKey = keys.getPrivateKey();
@ -62,5 +70,11 @@
<p>Private Key:<br><%= privKeyHex %></p>
<p>Passwort Hashed:<br><%= std::to_string(pwdHashed) %></p>
<p>Private key crypted:<br><%= privKeyCryptedHex %></p>
<% if(!existingUser.isNull()) {
auto userModel = existingUser->getModel();
auto dbPubkey = userModel->getPublicKey();
%>
<p>user Public: <br><%= KeyPair::getHex(dbPubkey, ed25519_pubkey_SIZE) %></p>
<% } %>
</div>
<%@ include file="footer.cpsp" %>

7
src/cpsp/login.cpsp
View File

@ -97,8 +97,15 @@
return;
case USER_NO_PRIVATE_KEY:
case USER_COMPLETE:
auto referer = request.find("Referer");
std::string refererString;
if (referer != request.end()) {
refererString = referer->second;
}
if(lastExternReferer != "") {
response.redirect(lastExternReferer);
} else if(refererString != "") {
response.redirect(refererString);
} else {
response.redirect(ServerConfig::g_php_serverPath + "/");
}