From 34050fda19b83bac915895f2044f4ae2cdf8192b Mon Sep 17 00:00:00 2001 From: Dario Date: Sun, 13 Oct 2019 17:15:58 +0200 Subject: [PATCH] adding some new pages, and hack into the logic of login and verify to able to use it with elopage webhook, --- src/cpp/Crypto/Obfus_array.cpp | 3 + src/cpp/HTTPInterface/CheckEmailPage.cpp | 41 ++++-- src/cpp/HTTPInterface/DashboardPage.cpp | 24 ++-- src/cpp/HTTPInterface/ElopageWebhook.cpp | 21 +-- src/cpp/HTTPInterface/ElopageWebhook.h | 2 - src/cpp/HTTPInterface/Error500Page.cpp | 90 ++++++++++++ src/cpp/HTTPInterface/Error500Page.h | 20 +++ src/cpp/HTTPInterface/LoginPage.cpp | 12 +- .../PageRequestHandlerFactory.cpp | 25 +++- src/cpp/HTTPInterface/PassphrasePage.cpp | 28 ++-- src/cpp/HTTPInterface/RegisterPage.cpp | 28 ++-- src/cpp/HTTPInterface/SaveKeysPage.cpp | 37 +++-- .../HTTPInterface/UpdateUserPasswordPage.cpp | 133 +++++++++++++++++ .../HTTPInterface/UpdateUserPasswordPage.h | 20 +++ src/cpp/SingletonManager/SessionManager.cpp | 30 +++- src/cpp/SingletonManager/SessionManager.h | 2 + src/cpp/model/Session.cpp | 55 ++----- src/cpp/model/User.cpp | 135 ++++++++++++++++-- src/cpp/model/User.h | 26 +++- src/cpsp/Error500.cpsp | 51 +++++++ src/cpsp/checkEmail.cpsp | 22 ++- src/cpsp/dashboard.cpsp | 5 + src/cpsp/login.cpsp | 5 + src/cpsp/passphrase.cpsp | 5 + src/cpsp/register.cpsp | 5 + src/cpsp/saveKeys.cpsp | 10 +- src/cpsp/updateUser.cpsp | 98 +++++++++++++ src/cpsp/updateUserPassword.cpsp | 100 +++++++++++++ 28 files changed, 901 insertions(+), 132 deletions(-) create mode 100644 src/cpp/HTTPInterface/Error500Page.cpp create mode 100644 src/cpp/HTTPInterface/Error500Page.h create mode 100644 src/cpp/HTTPInterface/UpdateUserPasswordPage.cpp create mode 100644 src/cpp/HTTPInterface/UpdateUserPasswordPage.h create mode 100644 src/cpsp/Error500.cpsp create mode 100644 src/cpsp/updateUser.cpsp create mode 100644 src/cpsp/updateUserPassword.cpsp diff --git a/src/cpp/Crypto/Obfus_array.cpp b/src/cpp/Crypto/Obfus_array.cpp index b83916622..b46c29f8c 100644 --- a/src/cpp/Crypto/Obfus_array.cpp +++ b/src/cpp/Crypto/Obfus_array.cpp @@ -2,6 +2,7 @@ #include #include #include +#include ObfusArray::ObfusArray(size_t size, const unsigned char * data) : m_arraySize(0), m_offsetSize(0), m_dataSize(size), m_Data(nullptr) @@ -10,6 +11,8 @@ ObfusArray::ObfusArray(size_t size, const unsigned char * data) m_Data = (unsigned char*)malloc(m_arraySize); m_offsetSize = randombytes_random() % (int)roundf((m_arraySize - m_dataSize) * 0.8f); + assert(m_arraySize - m_offsetSize >= size); + uint32_t* d = (uint32_t*)m_Data; for (size_t i = 0; i < (size_t)floorf(m_arraySize / 4.0f); i++) { diff --git a/src/cpp/HTTPInterface/CheckEmailPage.cpp b/src/cpp/HTTPInterface/CheckEmailPage.cpp index dd9b062dc..a374574c3 100644 --- a/src/cpp/HTTPInterface/CheckEmailPage.cpp +++ b/src/cpp/HTTPInterface/CheckEmailPage.cpp @@ -7,7 +7,13 @@ #line 7 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp" +#include "../model/Profiler.h" +enum PageState +{ + MAIL_NOT_SEND, + ASK_VERIFICATION_CODE +}; CheckEmailPage::CheckEmailPage(Session* arg): @@ -24,11 +30,16 @@ void CheckEmailPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco:: if (_compressResponse) response.set("Content-Encoding", "gzip"); Poco::Net::HTMLForm form(request, request.stream()); -#line 10 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp" +#line 16 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp" + Profiler timeUsed; bool hasErrors = false; + PageState state = ASK_VERIFICATION_CODE; if(mSession) { hasErrors = mSession->errorCount() > 0; + if(mSession->getSessionState() < SESSION_STATE_EMAIL_VERIFICATION_SEND) { + state = MAIL_NOT_SEND; + } } @@ -64,34 +75,46 @@ void CheckEmailPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco:: responseStream << "\n"; responseStream << "
\n"; responseStream << "\t"; -#line 45 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp" +#line 56 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp" if(mSession && hasErrors) { responseStream << "\n"; responseStream << "\t\t"; -#line 46 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp" +#line 57 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp" responseStream << ( mSession->getErrorsHtml() ); responseStream << "\n"; responseStream << "\t"; -#line 47 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp" +#line 58 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp" } responseStream << "\n"; responseStream << "\t

Einen neuen Account anlegen

\n"; responseStream << "\t"; -#line 49 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp" - if(mSession && mSession->getSessionState() < SESSION_STATE_EMAIL_VERIFICATION_SEND) { responseStream << "\n"; +#line 60 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp" + if(state == MAIL_NOT_SEND) { responseStream << "\n"; responseStream << "\t\t
\n"; responseStream << "\t\t\t

Die E-Mail wurde noch nicht verschickt, bitte habe noch etwas Geduld.

\n"; responseStream << "\t\t\t

Versuche es einfach in 1-2 Minuten erneut.

\n"; responseStream << "\t\t
\n"; responseStream << "\t"; -#line 54 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp" - } else { responseStream << "\n"; +#line 65 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp" + } else if(state == ASK_VERIFICATION_CODE) { responseStream << "\n"; responseStream << "\t
\n"; responseStream << "\t\t

Bitte gebe deinen E-Mail Verification Code ein.

\n"; responseStream << "\t\t\n"; responseStream << "\t\t\n"; responseStream << "\t
\n"; responseStream << "\t"; -#line 60 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp" +#line 71 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp" + } else { responseStream << "\n"; + responseStream << "\t
\n"; + responseStream << "\t\t\tUngültige Seite, wenn du das siehst stimmt hier etwas nicht. Bitte wende dich an den Server-Admin. \n"; + responseStream << "\t\t
\n"; + responseStream << "\t"; +#line 75 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp" } responseStream << "\n"; + responseStream << "
\n"; + responseStream << "
\n"; + responseStream << "\t"; +#line 78 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp" + responseStream << ( timeUsed.string() ); + responseStream << "\n"; responseStream << "
\n"; responseStream << "\n"; responseStream << "\n"; diff --git a/src/cpp/HTTPInterface/DashboardPage.cpp b/src/cpp/HTTPInterface/DashboardPage.cpp index 67d238148..9a3a1a8af 100644 --- a/src/cpp/HTTPInterface/DashboardPage.cpp +++ b/src/cpp/HTTPInterface/DashboardPage.cpp @@ -8,6 +8,7 @@ #line 7 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp" #include "../SingletonManager/SessionManager.h" +#include "../model/Profiler.h" DashboardPage::DashboardPage(Session* arg): @@ -28,8 +29,9 @@ void DashboardPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::N Poco::DeflatingOutputStream _gzipStream(_responseStream, Poco::DeflatingStreamBuf::STREAM_GZIP, 1); std::ostream& responseStream = _compressResponse ? _gzipStream : _responseStream; responseStream << "\n"; -#line 10 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp" +#line 11 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp" + Profiler timeUsed; //Poco::Net::NameValueCollection cookies; //request.getCookies(cookies); if(!form.empty()) { @@ -48,23 +50,23 @@ void DashboardPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::N responseStream << "\n"; responseStream << "
\n"; responseStream << "\t

Willkommen "; -#line 28 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp" +#line 30 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp" responseStream << ( mSession->getUser()->getFirstName() ); responseStream << " "; -#line 28 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp" +#line 30 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp" responseStream << ( mSession->getUser()->getLastName() ); responseStream << "

\n"; responseStream << "\t"; -#line 29 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp" +#line 31 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp" responseStream << ( mSession->getErrorsHtml() ); responseStream << "\n"; responseStream << "\t

Status

\n"; responseStream << "\t

"; -#line 31 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp" +#line 33 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp" responseStream << ( mSession->getSessionStateString() ); responseStream << "

\n"; responseStream << "\t"; -#line 32 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp" +#line 34 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp" if(mSession->getSessionState() == SESSION_STATE_EMAIL_VERIFICATION_SEND) { responseStream << "\n"; responseStream << "\t

Verification Code E-Mail wurde erfolgreich an dich verschickt, bitte schaue auch in dein Spam-Verzeichnis nach wenn du sie nicht findest und klicke auf den Link den du dort findest oder kopiere den Code hier her:

\n"; responseStream << "\t
\n"; @@ -72,7 +74,7 @@ void DashboardPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::N responseStream << "\t\t\n"; responseStream << "\t
\n"; responseStream << "\t"; -#line 38 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp" +#line 40 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp" } else if(mSession->getSessionState() == SESSION_STATE_EMAIL_VERIFICATION_WRITTEN) { responseStream << "\n"; responseStream << "\t

Hast du schon eine E-Mail mit einem Verification Code erhalten? Wenn ja kannst du ihn hier hinein kopieren:

\n"; responseStream << "\t
\n"; @@ -80,11 +82,17 @@ void DashboardPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::N responseStream << "\t\t\n"; responseStream << "\t
\n"; responseStream << "\t"; -#line 44 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp" +#line 46 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp" } responseStream << "\n"; responseStream << "\tAbmelden\n"; responseStream << "\tAccount löschen\n"; responseStream << "
\n"; + responseStream << "
\n"; + responseStream << "\t"; +#line 51 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp" + responseStream << ( timeUsed.string() ); + responseStream << "\n"; + responseStream << "
\n"; responseStream << "\n"; responseStream << "\n"; if (_compressResponse) _gzipStream.close(); diff --git a/src/cpp/HTTPInterface/ElopageWebhook.cpp b/src/cpp/HTTPInterface/ElopageWebhook.cpp index 29eff8087..9f4714192 100644 --- a/src/cpp/HTTPInterface/ElopageWebhook.cpp +++ b/src/cpp/HTTPInterface/ElopageWebhook.cpp @@ -162,15 +162,6 @@ int HandleElopageRequestTask::getUserIdFromDB() return user_id; } -bool HandleElopageRequestTask::createEmailVerificationCode() -{ - // create email verification code - uint32_t* code_p = (uint32_t*)&mEmailVerificationCode; - for (int i = 0; i < sizeof(mEmailVerificationCode) / 4; i++) { - code_p[i] = randombytes_random(); - } - return mEmailVerificationCode != 0; -} int HandleElopageRequestTask::run() { @@ -216,10 +207,10 @@ int HandleElopageRequestTask::run() return -3; } - EmailVerificationCode emailVerification(user_id); + Poco::AutoPtr emailVerification(new EmailVerificationCode(user_id)); // create email verification code - if (!emailVerification.getCode()) { + if (!emailVerification->getCode()) { // exit if email verification code is empty addError(new Error("Email verification", "code is empty, error in random?")); sendErrorsAsEmail(); @@ -227,7 +218,7 @@ int HandleElopageRequestTask::run() } // write email verification code into db - UniLib::controller::TaskPtr saveEmailVerificationCode(new ModelInsertTask((ModelBase*)&emailVerification)); + UniLib::controller::TaskPtr saveEmailVerificationCode(new ModelInsertTask(emailVerification)); saveEmailVerificationCode->scheduleTask(saveEmailVerificationCode); // send email to user @@ -238,9 +229,9 @@ int HandleElopageRequestTask::run() std::stringstream ss; ss << "Hallo " << mFirstName << " " << mLastName << "," << std::endl << std::endl; ss << "Du oder jemand anderes hat sich soeben mit dieser E-Mail Adresse bei Elopage für Gradido angemeldet. " << std::endl; - ss << "Um dein Gradido Konto anzulegen und deine E-Mail zu bestätigen," << std::endl; - ss << "klicke bitte auf den Link: https://gradido2.dario-rekowski.de/account/checkEmail/" << mEmailVerificationCode << std::endl; - ss << "oder kopiere den Code: " << mEmailVerificationCode << " selbst dort hinein." << std::endl << std::endl; + ss << "Um dein Gradido Konto anzulegen und deine E-Mail zu bestätigen," << std::endl; + ss << "klicke bitte auf den Link: https://gradido2.dario-rekowski.de/account/checkEmail/" << emailVerification->getCode() << std::endl; + ss << "oder kopiere den Code: " << emailVerification->getCode() << " selbst dort hinein." << std::endl << std::endl; ss << "Mit freundlichen Grüße" << std::endl; ss << "Dario, Gradido Server Admin" << std::endl; diff --git a/src/cpp/HTTPInterface/ElopageWebhook.h b/src/cpp/HTTPInterface/ElopageWebhook.h index 2f926b515..231809c4a 100644 --- a/src/cpp/HTTPInterface/ElopageWebhook.h +++ b/src/cpp/HTTPInterface/ElopageWebhook.h @@ -29,13 +29,11 @@ protected: bool validateInput(); void writeUserIntoDB(); int getUserIdFromDB(); - bool createEmailVerificationCode(); Poco::Net::NameValueCollection mRequestData; std::string mEmail; std::string mFirstName; std::string mLastName; - Poco::UInt64 mEmailVerificationCode; }; diff --git a/src/cpp/HTTPInterface/Error500Page.cpp b/src/cpp/HTTPInterface/Error500Page.cpp new file mode 100644 index 000000000..21d6fe931 --- /dev/null +++ b/src/cpp/HTTPInterface/Error500Page.cpp @@ -0,0 +1,90 @@ +#include "Error500Page.h" +#include "Poco/Net/HTTPServerRequest.h" +#include "Poco/Net/HTTPServerResponse.h" +#include "Poco/Net/HTMLForm.h" +#include "Poco/DeflatingStream.h" + + +#line 6 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\Error500.cpsp" + +#include + + + +Error500Page::Error500Page(Session* arg): + SessionHTTPRequestHandler(arg) +{ +} + + +void Error500Page::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net::HTTPServerResponse& response) +{ + response.setChunkedTransferEncoding(true); + response.setContentType("text/html"); + bool _compressResponse(request.hasToken("Accept-Encoding", "gzip")); + if (_compressResponse) response.set("Content-Encoding", "gzip"); + + Poco::Net::HTMLForm form(request, request.stream()); + std::ostream& _responseStream = response.send(); + Poco::DeflatingOutputStream _gzipStream(_responseStream, Poco::DeflatingStreamBuf::STREAM_GZIP, 1); + std::ostream& responseStream = _compressResponse ? _gzipStream : _responseStream; + responseStream << "\n"; +#line 10 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\Error500.cpsp" + + response.setStatusAndReason(Poco::Net::HTTPResponse::HTTP_INTERNAL_SERVER_ERROR); + Poco::AutoPtr user; + if(mSession) { + auto user = mSession->getUser(); + } + responseStream << "\n"; + responseStream << "\n"; + responseStream << "\n"; + responseStream << "\n"; + responseStream << "\n"; + responseStream << "\n"; + responseStream << "Gradido Login Server: Error\n"; + responseStream << "\n"; + responseStream << "\n"; + responseStream << "\n"; + responseStream << "\n"; + responseStream << "\n"; + responseStream << "\t

Ein Fehler auf dem Server trat ein, der Admin bekam eine E-Mail.

\n"; + responseStream << "\t"; +#line 44 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\Error500.cpsp" + if(mSession) { responseStream << "\n"; + responseStream << "\t\t"; +#line 45 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\Error500.cpsp" + responseStream << ( mSession->getErrorsHtml() ); + responseStream << "\n"; + responseStream << "\t"; +#line 46 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\Error500.cpsp" + } responseStream << "\n"; + responseStream << "\t"; +#line 47 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\Error500.cpsp" + if(!user.isNull()) { responseStream << "\n"; + responseStream << "\t\t"; +#line 48 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\Error500.cpsp" + responseStream << ( user->getErrorsHtml() ); + responseStream << " \n"; + responseStream << "\t"; +#line 49 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\Error500.cpsp" + } responseStream << "\n"; + responseStream << "\n"; + responseStream << "\n"; + if (_compressResponse) _gzipStream.close(); +} diff --git a/src/cpp/HTTPInterface/Error500Page.h b/src/cpp/HTTPInterface/Error500Page.h new file mode 100644 index 000000000..2a48d1d11 --- /dev/null +++ b/src/cpp/HTTPInterface/Error500Page.h @@ -0,0 +1,20 @@ +#ifndef Error500Page_INCLUDED +#define Error500Page_INCLUDED + + +#include "Poco/Net/HTTPRequestHandler.h" + + +#include "SessionHTTPRequestHandler.h" + + +class Error500Page: public SessionHTTPRequestHandler +{ +public: + Error500Page(Session*); + + void handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net::HTTPServerResponse& response); +}; + + +#endif // Error500Page_INCLUDED diff --git a/src/cpp/HTTPInterface/LoginPage.cpp b/src/cpp/HTTPInterface/LoginPage.cpp index 482e057dd..9e7a190f4 100644 --- a/src/cpp/HTTPInterface/LoginPage.cpp +++ b/src/cpp/HTTPInterface/LoginPage.cpp @@ -10,6 +10,7 @@ #include "../SingletonManager/SessionManager.h" #include "Poco/Net/HTTPCookie.h" #include "Poco/Net/HTTPServerParams.h" +#include "../model/Profiler.h" @@ -21,8 +22,9 @@ void LoginPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net:: if (_compressResponse) response.set("Content-Encoding", "gzip"); Poco::Net::HTMLForm form(request, request.stream()); -#line 10 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\login.cpsp" +#line 11 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\login.cpsp" + Profiler timeUsed; auto session = SessionManager::getInstance()->getNewSession(); if(!form.empty()) { @@ -79,7 +81,7 @@ void LoginPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net:: responseStream << "\t
\n"; responseStream << "\t\t

Login

\n"; responseStream << "\t\t"; -#line 63 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\login.cpsp" +#line 65 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\login.cpsp" responseStream << ( session->getErrorsHtml() ); responseStream << "\n"; responseStream << "\t\t
\n"; @@ -99,6 +101,12 @@ void LoginPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net:: responseStream << "\t\t

Du hast noch keinen Account? Dann folge dem Link um dir einen anzulegen

\n"; responseStream << "\t\tNeuen Account anlegen\n"; responseStream << "\t
\n"; + responseStream << "\t
\n"; + responseStream << "\t\t"; +#line 84 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\login.cpsp" + responseStream << ( timeUsed.string() ); + responseStream << "\n"; + responseStream << "\t
\n"; responseStream << "\n"; responseStream << "\n"; responseStream << "\n"; diff --git a/src/cpp/HTTPInterface/PageRequestHandlerFactory.cpp b/src/cpp/HTTPInterface/PageRequestHandlerFactory.cpp index d9abec53c..f8d57b0fa 100644 --- a/src/cpp/HTTPInterface/PageRequestHandlerFactory.cpp +++ b/src/cpp/HTTPInterface/PageRequestHandlerFactory.cpp @@ -12,9 +12,14 @@ #include "PassphrasePage.h" #include "SaveKeysPage.h" #include "ElopageWebhook.h" +#include "UpdateUserPasswordPage.h" +#include "Error500Page.h" + #include "../SingletonManager/SessionManager.h" +#include "../model/Profiler.h" + PageRequestHandlerFactory::PageRequestHandlerFactory() : mRemoveGETParameters("^/([a-zA-Z0-9_-]*)") { @@ -63,7 +68,13 @@ Poco::Net::HTTPRequestHandler* PageRequestHandlerFactory::createRequestHandler(c return handleCheckEmail(s, uri, request); } } + if (s) { + auto user = s->getUser(); + if (s->errorCount() || (user && user->errorCount())) { + return new Error500Page(s); + } + if(url_first_part == "/logout") { sm->releseSession(s); // remove cookie @@ -112,6 +123,7 @@ Poco::Net::HTTPRequestHandler* PageRequestHandlerFactory::createRequestHandler(c Poco::Net::HTTPRequestHandler* PageRequestHandlerFactory::handleCheckEmail(Session* session, const std::string uri, const Poco::Net::HTTPServerRequest& request) { + Profiler timeUsed; Poco::Net::HTMLForm form(request); unsigned long long verificationCode = 0; @@ -158,16 +170,15 @@ Poco::Net::HTTPRequestHandler* PageRequestHandlerFactory::handleCheckEmail(Sessi if (!session) { session = sm->getNewSession(); if (session->loadFromEmailVerificationCode(verificationCode)) { - // login not possible in this function + // login not possible in this function, forwarded to PassphrasePage /*auto cookie_id = session->getHandle(); auto user_host = request.clientAddress().host(); session->setClientIp(user_host); response.addCookie(Poco::Net::HTTPCookie("user", std::to_string(cookie_id))); */ } - else { - sm->releseSession(session); - session = nullptr; + else { + return new CheckEmailPage(session); } } // suitable session found or created @@ -175,8 +186,14 @@ Poco::Net::HTTPRequestHandler* PageRequestHandlerFactory::handleCheckEmail(Sessi auto user_host = request.clientAddress().host(); session->setClientIp(user_host); + if (session->getUser()->isEmptyPassword()) { + // user has no password, maybe account created from elopage webhook + return new UpdateUserPasswordPage(session); + } + // update session, mark as verified if (session->updateEmailVerification(verificationCode)) { + printf("[PageRequestHandlerFactory::handleCheckEmail] timeUsed: %s\n", timeUsed.string().data()); return new PassphrasePage(session); } diff --git a/src/cpp/HTTPInterface/PassphrasePage.cpp b/src/cpp/HTTPInterface/PassphrasePage.cpp index 2da80e58d..338ef04d6 100644 --- a/src/cpp/HTTPInterface/PassphrasePage.cpp +++ b/src/cpp/HTTPInterface/PassphrasePage.cpp @@ -7,6 +7,7 @@ #line 7 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp" +#include "../model/Profiler.h" enum PageState { @@ -29,8 +30,9 @@ void PassphrasePage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco:: if (_compressResponse) response.set("Content-Encoding", "gzip"); Poco::Net::HTMLForm form(request, request.stream()); -#line 15 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp" +#line 16 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp" + Profiler timeUsed; PageState state = PAGE_ASK_PASSPHRASE; bool hasErrors = mSession->errorCount() > 0; @@ -94,18 +96,18 @@ void PassphrasePage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco:: responseStream << "\n"; responseStream << "
\n"; responseStream << "\t"; -#line 75 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp" +#line 77 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp" if(mSession && hasErrors) { responseStream << "\n"; responseStream << "\t\t"; -#line 76 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp" +#line 78 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp" responseStream << ( mSession->getErrorsHtml() ); responseStream << "\n"; responseStream << "\t"; -#line 77 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp" +#line 79 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp" } responseStream << "\n"; responseStream << "\t

Einen neuen Account anlegen

\n"; responseStream << "\t"; -#line 79 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp" +#line 81 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp" if(state == PAGE_SHOW_PASSPHRASE) { responseStream << "\n"; responseStream << "\t\t
\n"; responseStream << "\t\t\t
\n"; @@ -113,14 +115,14 @@ void PassphrasePage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco:: responseStream << "\t\t\t
\n"; responseStream << "\t\t\t
\n"; responseStream << "\t\t\t\t"; -#line 85 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp" +#line 87 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp" responseStream << ( mSession->getPassphrase() ); responseStream << "\n"; responseStream << "\t\t\t
\n"; responseStream << "\t\t\tWeiter\n"; responseStream << "\t\t
\n"; responseStream << "\t"; -#line 89 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp" +#line 91 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp" } else if(state == PAGE_ASK_PASSPHRASE) { responseStream << "\n"; responseStream << "\t

Deine E-Mail Adresse wurde erfolgreich bestätigt.

\n"; responseStream << "\t
\n"; @@ -136,7 +138,7 @@ void PassphrasePage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco:: responseStream << "\t\t\t\t\n"; responseStream << "\t\t\t

\n"; responseStream << "\t\t\t\n"; responseStream << "\t\t\n"; @@ -144,14 +146,20 @@ void PassphrasePage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco:: responseStream << "\t\t\n"; responseStream << "\t
\n"; responseStream << "\t"; -#line 108 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp" +#line 110 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp" } else { responseStream << "\n"; responseStream << "\t\t
\n"; responseStream << "\t\t\tUngültige Seite, wenn du das siehst stimmt hier etwas nicht. Bitte wende dich an den Server-Admin. \n"; responseStream << "\t\t
\n"; responseStream << "\t"; -#line 112 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp" +#line 114 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp" } responseStream << "\n"; + responseStream << "
\n"; + responseStream << "
\n"; + responseStream << "\t"; +#line 117 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp" + responseStream << ( timeUsed.string() ); + responseStream << "\n"; responseStream << "
\n"; responseStream << "\n"; responseStream << "\n"; diff --git a/src/cpp/HTTPInterface/RegisterPage.cpp b/src/cpp/HTTPInterface/RegisterPage.cpp index d3b5d72a2..60425114a 100644 --- a/src/cpp/HTTPInterface/RegisterPage.cpp +++ b/src/cpp/HTTPInterface/RegisterPage.cpp @@ -9,6 +9,7 @@ #include "../SingletonManager/SessionManager.h" #include "Poco/Net/HTTPCookie.h" +#include "../model/Profiler.h" void RegisterPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net::HTTPServerResponse& response) @@ -19,8 +20,9 @@ void RegisterPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Ne if (_compressResponse) response.set("Content-Encoding", "gzip"); Poco::Net::HTMLForm form(request, request.stream()); -#line 8 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp" +#line 9 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp" + Profiler timeUsed; auto session = SessionManager::getInstance()->getNewSession(); bool userReturned = false; @@ -74,7 +76,7 @@ void RegisterPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Ne responseStream << "
\n"; responseStream << "\t

Einen neuen Account anlegen

\n"; responseStream << "\t"; -#line 58 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp" +#line 60 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp" if(!form.empty() && userReturned) { responseStream << "\n"; responseStream << "\t\t\n"; responseStream << "\t\t
\n"; @@ -84,19 +86,19 @@ void RegisterPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Ne responseStream << "\t\t\t
\n"; responseStream << "\t\t
\n"; responseStream << "\t"; -#line 66 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp" +#line 68 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp" } else { responseStream << "\n"; responseStream << "\t
\n"; responseStream << "\t\n"; responseStream << "\t\t"; -#line 69 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp" +#line 71 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp" if(!form.empty() && !userReturned) { responseStream << "\n"; responseStream << "\t\t\t"; -#line 70 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp" +#line 72 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp" responseStream << ( session->getErrorsHtml() ); responseStream << "\n"; responseStream << "\t\t"; -#line 71 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp" +#line 73 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp" } responseStream << "\n"; responseStream << "\t\t
\n"; responseStream << "\t\t\tAccount anlegen\n"; @@ -104,21 +106,21 @@ void RegisterPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Ne responseStream << "\t\t\t

\n"; responseStream << "\t\t\t\t\n"; responseStream << "\t\t\t\t\n"; responseStream << "\t\t\t

\n"; responseStream << "\t\t\t

\n"; responseStream << "\t\t\t\t\n"; responseStream << "\t\t\t\t\n"; responseStream << "\t\t\t

\n"; responseStream << "\t\t\t

\n"; responseStream << "\t\t\t\t\n"; responseStream << "\t\t\t\t\n"; responseStream << "\t\t\t

\n"; @@ -135,8 +137,14 @@ void RegisterPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Ne responseStream << "\t\t\n"; responseStream << "\t\n"; responseStream << "\t"; -#line 99 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp" +#line 101 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp" } responseStream << "\n"; + responseStream << "\n"; + responseStream << "
\n"; + responseStream << "\t"; +#line 104 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp" + responseStream << ( timeUsed.string() ); + responseStream << "\n"; responseStream << "
\n"; responseStream << "\n"; responseStream << "\n"; diff --git a/src/cpp/HTTPInterface/SaveKeysPage.cpp b/src/cpp/HTTPInterface/SaveKeysPage.cpp index 68c0beade..13587924e 100644 --- a/src/cpp/HTTPInterface/SaveKeysPage.cpp +++ b/src/cpp/HTTPInterface/SaveKeysPage.cpp @@ -8,6 +8,7 @@ #line 7 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp" #include "Poco/Net/HTTPServerParams.h" +#include "../model/Profiler.h" enum PageState { @@ -32,10 +33,11 @@ void SaveKeysPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Ne if (_compressResponse) response.set("Content-Encoding", "gzip"); Poco::Net::HTMLForm form(request, request.stream()); -#line 18 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp" - +#line 19 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp" + Profiler timeUsed; bool hasErrors = mSession->errorCount() > 0; + // crypto key only in memory, if user has tipped in his passwort in this session bool hasPassword = mSession->getUser()->hasCryptoKey(); PageState state = PAGE_ASK; @@ -47,7 +49,8 @@ void SaveKeysPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Ne if(!hasPassword) { // check pwd auto pwd = form.get("save-privkey-password", ""); - if(!mSession->getUser()->validatePwd(pwd)) { + + if(!mSession->isPwdValid(pwd)) { mSession->addError(new Error("Passwort", "Das Passwort stimmt nicht. Bitte verwende dein Passwort von der Registrierung")); hasErrors = true; } else { @@ -109,18 +112,18 @@ void SaveKeysPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Ne responseStream << "\n"; responseStream << "
\n"; responseStream << "\t"; -#line 90 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp" +#line 93 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp" if(hasErrors) { responseStream << "\n"; responseStream << "\t\t"; -#line 91 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp" +#line 94 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp" responseStream << ( mSession->getErrorsHtml() ); responseStream << "\n"; responseStream << "\t"; -#line 92 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp" +#line 95 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp" } responseStream << "\n"; responseStream << "\t

Daten speichern

\n"; responseStream << "\t"; -#line 94 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp" +#line 97 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp" if(state == PAGE_ASK) { responseStream << "\n"; responseStream << "\t
\n"; responseStream << "\t\t
\n"; @@ -135,7 +138,7 @@ void SaveKeysPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Ne responseStream << "\t\t\t\t\n"; responseStream << "\t\t\t

\n"; responseStream << "\t\t\t"; -#line 107 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp" +#line 110 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp" if(!hasPassword) { responseStream << "\n"; responseStream << "\t\t\t\t

Ich brauche nochmal dein Passwort wenn du dich für ja entscheidest.

\n"; responseStream << "\t\t\t\t

\n"; @@ -143,7 +146,7 @@ void SaveKeysPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Ne responseStream << "\t\t\t\t\t\n"; responseStream << "\t\t\t\t

\n"; responseStream << "\t\t\t"; -#line 113 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp" +#line 116 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp" } responseStream << "\n"; responseStream << "\t\t\t

\n"; responseStream << "\t\t\t\t\n"; @@ -168,32 +171,38 @@ void SaveKeysPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Ne responseStream << "\t\t\n"; responseStream << "\t

\n"; responseStream << "\t"; -#line 136 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp" +#line 139 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp" } else if(state == PAGE_SHOW_PUBKEY) { responseStream << "\n"; responseStream << "\t\t
\n"; responseStream << "\t\t\t

Je nach Auswahl werden deine Daten nun verschlüsselt und gespeichert.

\n"; responseStream << "\t\t\t

Deine Gradido Adresse (Hex):

\n"; responseStream << "\t\t\t

\n"; responseStream << "\t\t\t\t"; -#line 141 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp" +#line 144 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp" responseStream << ( mSession->getUser()->getPublicKeyHex() ); responseStream << "\n"; responseStream << "\t\t\t

\n"; responseStream << "\t\t\tZurück zur Startseite\n"; responseStream << "\t\t
\n"; responseStream << "\t"; -#line 145 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp" +#line 148 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp" } else if(state == PAGE_ERROR) { responseStream << "\n"; responseStream << "\t\t
\n"; responseStream << "\t\t\t

Ein Fehler trat auf, bitte versuche es erneut oder wende dich an den Server-Admin

\n"; responseStream << "\t\t\t"; -#line 148 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp" +#line 151 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp" responseStream << ( mSession->getSessionStateString() ); responseStream << "\n"; responseStream << "\t\t
\n"; responseStream << "\t"; -#line 150 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp" +#line 153 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp" } responseStream << "\n"; + responseStream << "
\n"; + responseStream << "
\n"; + responseStream << "\t"; +#line 156 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp" + responseStream << ( timeUsed.string() ); + responseStream << "\n"; responseStream << "
\n"; responseStream << "\n"; responseStream << "\n"; diff --git a/src/cpp/HTTPInterface/UpdateUserPasswordPage.cpp b/src/cpp/HTTPInterface/UpdateUserPasswordPage.cpp new file mode 100644 index 000000000..1f2140849 --- /dev/null +++ b/src/cpp/HTTPInterface/UpdateUserPasswordPage.cpp @@ -0,0 +1,133 @@ +#include "UpdateUserPasswordPage.h" +#include "Poco/Net/HTTPServerRequest.h" +#include "Poco/Net/HTTPServerResponse.h" +#include "Poco/Net/HTMLForm.h" +#include "Poco/DeflatingStream.h" + + +#line 6 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\UpdateUserPassword.cpsp" + +#include "../SingletonManager/SessionManager.h" +#include "Poco/Net/HTTPCookie.h" +#include "../model/Profiler.h" + + +UpdateUserPasswordPage::UpdateUserPasswordPage(Session* arg): + SessionHTTPRequestHandler(arg) +{ +} + + +void UpdateUserPasswordPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net::HTTPServerResponse& response) +{ + response.setChunkedTransferEncoding(true); + response.setContentType("text/html"); + bool _compressResponse(request.hasToken("Accept-Encoding", "gzip")); + if (_compressResponse) response.set("Content-Encoding", "gzip"); + + Poco::Net::HTMLForm form(request, request.stream()); +#line 11 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\UpdateUserPassword.cpsp" + + Profiler timeUsed; + auto user = mSession->getUser(); + // save login cookie, because maybe we've get an new session + response.addCookie(mSession->getLoginCookie()); + + if(!form.empty()) { + auto pwd = form.get("register-password", ""); + if(pwd != "") { + if(pwd != form.get("register-password2", "")) { + mSession->addError(new Error("Passwort", "Passwörter sind nicht identisch.")); + } else if(SessionManager::getInstance()->checkPwdValidation(pwd, mSession)) { + if(user->setNewPassword(form.get("register-password"))) { + std::string referUri = request.get("Referer", "./"); + //printf("[updateUserPasswordPage] referUri: %s\n", referUri.data()); + response.redirect(referUri); + return; + } + } + } + } + std::ostream& _responseStream = response.send(); + Poco::DeflatingOutputStream _gzipStream(_responseStream, Poco::DeflatingStreamBuf::STREAM_GZIP, 1); + std::ostream& responseStream = _compressResponse ? _gzipStream : _responseStream; + responseStream << "\n"; + responseStream << "\n"; + responseStream << "\n"; + responseStream << "\n"; + responseStream << "\n"; + responseStream << "\n"; + responseStream << "Gradido Login Server: Passwort bestimmen\n"; + responseStream << "\n"; + responseStream << "\n"; + responseStream << "\n"; + responseStream << "\n"; + responseStream << "\n"; + responseStream << "
\n"; + responseStream << "\t"; +#line 75 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\UpdateUserPassword.cpsp" + responseStream << ( mSession->getErrorsHtml() ); + responseStream << "\n"; + responseStream << "\t"; +#line 76 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\UpdateUserPassword.cpsp" + responseStream << ( user->getErrorsHtml() ); + responseStream << " \n"; + responseStream << "\t

Passwort bestimmen

\n"; + responseStream << "\t
\t\n"; + responseStream << "\t\t
\n"; + responseStream << "\t\t\t
\n"; + responseStream << "\t\t\t\tBitte denke dir ein sicheres Passwort aus, das mindestens 8 Zeichen lang ist, ein Klein- und einen Großbuchstaben enthält,\n"; + responseStream << "\t\t\t\teine Zahl und eines der folgenden Sonderzeichen: @$!%*?&+-\n"; + responseStream << "\t\t\t
\n"; + responseStream << "\t\t\t

\n"; + responseStream << "\t\t\t\t\n"; + responseStream << "\t\t\t\t\n"; + responseStream << "\t\t\t

\n"; + responseStream << "\t\t\t

\n"; + responseStream << "\t\t\t\t\n"; + responseStream << "\t\t\t\t\n"; + responseStream << "\t\t\t

\n"; + responseStream << "\t\t
\n"; + responseStream << "\t\t\n"; + responseStream << "\t
\n"; + responseStream << "
\n"; + responseStream << "
\n"; + responseStream << "\t"; +#line 97 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\UpdateUserPassword.cpsp" + responseStream << ( timeUsed.string() ); + responseStream << "\n"; + responseStream << "
\n"; + responseStream << "\n"; + responseStream << "\n"; + if (_compressResponse) _gzipStream.close(); +} diff --git a/src/cpp/HTTPInterface/UpdateUserPasswordPage.h b/src/cpp/HTTPInterface/UpdateUserPasswordPage.h new file mode 100644 index 000000000..ebcf4f9c7 --- /dev/null +++ b/src/cpp/HTTPInterface/UpdateUserPasswordPage.h @@ -0,0 +1,20 @@ +#ifndef UpdateUserPasswordPage_INCLUDED +#define UpdateUserPasswordPage_INCLUDED + + +#include "Poco/Net/HTTPRequestHandler.h" + + +#include "SessionHTTPRequestHandler.h" + + +class UpdateUserPasswordPage: public SessionHTTPRequestHandler +{ +public: + UpdateUserPasswordPage(Session*); + + void handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net::HTTPServerResponse& response); +}; + + +#endif // UpdateUserPasswordPage_INCLUDED diff --git a/src/cpp/SingletonManager/SessionManager.cpp b/src/cpp/SingletonManager/SessionManager.cpp index 2bdcfc9f8..fcffe6a24 100644 --- a/src/cpp/SingletonManager/SessionManager.cpp +++ b/src/cpp/SingletonManager/SessionManager.cpp @@ -268,8 +268,36 @@ void SessionManager::checkTimeoutSession() } +bool SessionManager::checkPwdValidation(const std::string& pwd, ErrorList* errorReciver) +{ + if (!isValid(pwd, VALIDATE_PASSWORD)) { + errorReciver->addError(new Error("Passwort", "Bitte gebe ein gültiges Password ein mit mindestens 8 Zeichen, Groß- und Kleinbuchstaben, mindestens einer Zahl und einem Sonderzeichen (@$!%*?&+-) ein!")); + + // @$!%*?&+- + if (pwd.size() < 8) { + errorReciver->addError(new Error("Passwort", "Dein Passwort ist zu kurz!")); + } + else if (!isValid(pwd, VALIDATE_HAS_LOWERCASE_LETTER)) { + errorReciver->addError(new Error("Passwort", "Dein Passwort enthält keine Kleinbuchstaben!")); + } + else if (!isValid(pwd, VALIDATE_HAS_UPPERCASE_LETTER)) { + errorReciver->addError(new Error("Passwort", "Dein Passwort enthält keine Großbuchstaben!")); + } + else if (!isValid(pwd, VALIDATE_HAS_NUMBER)) { + errorReciver->addError(new Error("Passwort", "Dein Passwort enthält keine Zahlen!")); + } + else if (!isValid(pwd, VALIDATE_HAS_SPECIAL_CHARACTER)) { + errorReciver->addError(new Error("Passwort", "Dein Passwort enthält keine Sonderzeichen (@$!%*?&+-)!")); + } + + return false; + } + return true; +} + + int CheckSessionTimeouted::run() { SessionManager::getInstance()->checkTimeoutSession(); return 0; -} \ No newline at end of file +} diff --git a/src/cpp/SingletonManager/SessionManager.h b/src/cpp/SingletonManager/SessionManager.h index ad09c6736..7545f3957 100644 --- a/src/cpp/SingletonManager/SessionManager.h +++ b/src/cpp/SingletonManager/SessionManager.h @@ -54,6 +54,8 @@ public: void deinitalize(); bool isValid(const std::string& subject, SessionValidationTypes validationType); + //! \return true if password is valid + bool checkPwdValidation(const std::string& pwd, ErrorList* errorReciver); void checkTimeoutSession(); diff --git a/src/cpp/model/Session.cpp b/src/cpp/model/Session.cpp index f86c31f69..dca43da50 100644 --- a/src/cpp/model/Session.cpp +++ b/src/cpp/model/Session.cpp @@ -135,26 +135,7 @@ bool Session::createUser(const std::string& first_name, const std::string& last_ addError(new Error("E-Mail", "Bitte gebe eine gültige E-Mail Adresse an.")); return false; } - if (!sm->isValid(password, VALIDATE_PASSWORD)) { - addError(new Error("Passwort", "Bitte gebe ein gültiges Password ein mit mindestens 8 Zeichen, Groß- und Kleinbuchstaben, mindestens einer Zahl und einem Sonderzeichen (@$!%*?&+-) ein!")); - - // @$!%*?&+- - if (password.size() < 8) { - addError(new Error("Passwort", "Dein Passwort ist zu kurz!")); - } - else if (!sm->isValid(password, VALIDATE_HAS_LOWERCASE_LETTER)) { - addError(new Error("Passwort", "Dein Passwort enthält keine Kleinbuchstaben!")); - } - else if (!sm->isValid(password, VALIDATE_HAS_UPPERCASE_LETTER)) { - addError(new Error("Passwort", "Dein Passwort enthält keine Großbuchstaben!")); - } - else if (!sm->isValid(password, VALIDATE_HAS_NUMBER)) { - addError(new Error("Passwort", "Dein Passwort enthält keine Zahlen!")); - } - else if (!sm->isValid(password, VALIDATE_HAS_SPECIAL_CHARACTER)) { - addError(new Error("Passwort", "Dein Passwort enthält keine Sonderzeichen (@$!%*?&+-)!")); - } - + if (!sm->checkPwdValidation(password, this)) { return false; } /*if (passphrase.size() > 0 && !sm->isValid(passphrase, VALIDATE_PASSPHRASE)) { @@ -257,6 +238,7 @@ bool Session::updateEmailVerification(Poco::UInt64 emailVerificationCode) // load correct user from db auto dbConnection = ConnectionManager::getInstance()->getConnection(CONNECTION_MYSQL_LOGIN_SERVER); Poco::Data::Statement update(dbConnection); + update << "UPDATE users SET email_checked=1 where id = (SELECT user_id FROM email_opt_in where verification_code=?)", use(emailVerificationCode); auto updated_rows = update.execute(); if (updated_rows == 1) { @@ -297,7 +279,7 @@ bool Session::updateEmailVerification(Poco::UInt64 emailVerificationCode) bool Session::isPwdValid(const std::string& pwd) { if (mSessionUser) { - return mSessionUser->validatePwd(pwd); + return mSessionUser->validatePwd(pwd, this); } return false; } @@ -311,10 +293,14 @@ bool Session::loadUser(const std::string& email, const std::string& password) } if (mSessionUser) mSessionUser = nullptr; mSessionUser = new User(email.data()); - if (!mSessionUser->validatePwd(password)) { + if (!mSessionUser->validatePwd(password, this)) { addError(new Error("Login", "E-Mail oder Passwort nicht korrekt, bitte versuche es erneut!")); return false; } + if (!mSessionUser->isEmailChecked()) { + addError(new Error("Account", "E-Mail Adresse wurde noch nicht bestätigt, hast du schon eine E-Mail erhalten?")); + return false; + } detectSessionState(); return true; @@ -427,38 +413,25 @@ bool Session::loadFromEmailVerificationCode(Poco::UInt64 emailVerificationCode) auto em = ErrorManager::getInstance(); auto dbConnection = ConnectionManager::getInstance()->getConnection(CONNECTION_MYSQL_LOGIN_SERVER); - /*Poco::Data::Statement select(dbConnection); - int user_id = 0; - select << "SELECT user_id FROM email_opt_in WHERE verification_code=?", into(user_id), use(emailVerificationCode); - try { - if (select.execute() == 0) { - addError(new Error("E-Mail Verification", "Der Code konnte nicht in der Datenbank gefunden werden.")); - return false; - } - } - catch (Poco::Exception& ex) { - em->addError(new ParamError(funcName, "error selecting verification code entry", ex.displayText().data())); - em->sendErrorsAsEmail(); - return false; - }*/ Poco::Data::Statement select(dbConnection); std::string email, first_name, last_name; + int user_id = 0; select.reset(dbConnection); - select << "SELECT email, first_name, last_name FROM users where id = (SELECT user_id FROM email_opt_in WHERE verification_code=?)", - into(email), into(first_name), into(last_name), use(emailVerificationCode); + select << "SELECT user_id FROM email_opt_in WHERE verification_code=?", + into(user_id), use(emailVerificationCode); try { size_t rowCount = select.execute(); if (rowCount != 1) { em->addError(new ParamError(funcName, "select user by email verification code work not like expected, selected row count", rowCount)); em->sendErrorsAsEmail(); } - if (rowCount < 0) { + if (rowCount < 1) { addError(new Error("E-Mail Verification", "Konnte keinen passenden Account finden.")); return false; } - mSessionUser = new User(email.data(), first_name.data(), last_name.data()); - mSessionUser->loadEntryDBId(ConnectionManager::getInstance()->getConnection(CONNECTION_MYSQL_LOGIN_SERVER)); + mSessionUser = new User(user_id); + mEmailVerificationCode = emailVerificationCode; updateState(SESSION_STATE_EMAIL_VERIFICATION_WRITTEN); printf("[Session::loadFromEmailVerificationCode] time: %s\n", usedTime.string().data()); diff --git a/src/cpp/model/User.cpp b/src/cpp/model/User.cpp index 2f8f9d3f3..d26953da4 100644 --- a/src/cpp/model/User.cpp +++ b/src/cpp/model/User.cpp @@ -8,11 +8,13 @@ #include "../SingletonManager/ConnectionManager.h" #include "../SingletonManager/ErrorManager.h" +#include "../SingletonManager/SessionManager.h" #include "Poco/Data/Binding.h" using namespace Poco::Data::Keywords; +//#define DEBUG_USER_DELETE_ENV // ------------------------------------------------------------------------------------------------- @@ -97,18 +99,18 @@ int UserWriteKeysIntoDB::run() auto keyPairs = getParent(0).cast()->getKeyPairs(); auto pubKey = keyPairs->getPublicKey(); - printf("[UserWriteKeysIntoDB] after init\n"); + //printf("[UserWriteKeysIntoDB] after init\n"); Poco::Data::BLOB pubkey_blob(pubKey, crypto_sign_PUBLICKEYBYTES); Poco::Data::Statement update(session); Poco::Data::BLOB* pprivkey_blob = nullptr; if (mSavePrivKey) { - printf("[UserWriteKeysIntoDB] save privkey\n"); + //printf("[UserWriteKeysIntoDB] save privkey\n"); // TODO: encrypt privkey auto privKey = keyPairs->getPrivateKey(); - printf("[UserWriteKeysIntoDB] privKey hex: %s\n", KeyPair::getHex(*privKey, privKey->size()).data()); + //printf("[UserWriteKeysIntoDB] privKey hex: %s\n", KeyPair::getHex(*privKey, privKey->size()).data()); pprivkey_blob = mUser->encrypt(privKey); - printf("[UserWriteKeysIntoDB] privkey encrypted\n"); + //printf("[UserWriteKeysIntoDB] privkey encrypted\n"); //Poco::Data::BLOB privkey_blob(*privKey, privKey->size()); update << "UPDATE users SET pubkey=?, privkey=? where id=?", @@ -137,11 +139,25 @@ int UserWriteKeysIntoDB::run() } return -1; } - printf("[UserWriteKeysIntoDB] after saving into db\n"); + //printf("[UserWriteKeysIntoDB] after saving into db\n"); if (pprivkey_blob) { delete pprivkey_blob; } - printf("UserWritePrivKeyIntoDB time: %s\n", timeUsed.string().data()); + //printf("UserWritePrivKeyIntoDB time: %s\n", timeUsed.string().data()); + return 0; +} + +// -------------------------------------------------------------------------------------------------------- + +UserWriteCryptoKeyHashIntoDB::UserWriteCryptoKeyHashIntoDB(Poco::AutoPtr user, int dependencieCount/* = 0*/) + : UniLib::controller::CPUTask(ServerConfig::g_CPUScheduler, dependencieCount), mUser(user) +{ + +} + +int UserWriteCryptoKeyHashIntoDB::run() +{ + mUser->updateIntoDB("password"); return 0; } @@ -188,11 +204,46 @@ User::User(const char* email) } } +User::User(int user_id) +: mDBId(user_id), mPasswordHashed(0), mEmailChecked(false), mCryptoKey(nullptr), mReferenceCount(1) +{ + auto cm = ConnectionManager::getInstance(); + auto session = cm->getConnection(CONNECTION_MYSQL_LOGIN_SERVER); + + Poco::Nullable pubkey; + + Poco::Data::Statement select(session); + int email_checked = 0; + select << "SELECT email, first_name, last_name, password, pubkey, email_checked from users where id = ?", + into(mEmail), into(mFirstName), into(mLastName), into(mPasswordHashed), into(pubkey), into(email_checked), use(user_id); + try { + auto result = select.execute(); + int zahl = 1; + if (result == 1) { + if (!pubkey.isNull()) { + auto pubkey_value = pubkey.value(); + size_t hexSize = pubkey_value.size() * 2 + 1; + char* hexString = (char*)malloc(hexSize); + memset(hexString, 0, hexSize); + sodium_bin2hex(hexString, hexSize, pubkey_value.content().data(), pubkey_value.size()); + mPublicHex = hexString; + free(hexString); + } + if (email_checked != 0) mEmailChecked = true; + } + } + catch (Poco::Exception& ex) { + addError(new ParamError("User::User", "mysql error", ex.displayText().data())); + } +} + User::~User() { -// printf("[User::~User]\n"); +#ifdef DEBUG_USER_DELETE_ENV + printf("[User::~User]\n"); +#endif if (mCryptoKey) { delete mCryptoKey; mCryptoKey = nullptr; @@ -257,7 +308,35 @@ bool User::validatePassphrase(const std::string& passphrase) return false; } -bool User::validatePwd(const std::string& pwd) +bool User::isEmptyPassword() +{ + return mPasswordHashed == 0 && (mCreateCryptoKeyTask.isNull() || mCreateCryptoKeyTask->isTaskFinished()); +} + +// TODO: if a password and privkey already exist, load current private key and re encrypt with new crypto key +bool User::setNewPassword(const std::string& newPassword) +{ + if (newPassword == "") { + addError(new Error("Passwort", "Ist leer.")); + return false; + } + if (!mCreateCryptoKeyTask.isNull() && !mCreateCryptoKeyTask->isTaskFinished()) { + addError(new Error("Passwort", "Wird bereits erstellt, bitte in ca. 1 sekunde neuladen.")); + return false; + } + duplicate(); + mCreateCryptoKeyTask = new UserCreateCryptoKey(this, newPassword, ServerConfig::g_CPUScheduler); + mCreateCryptoKeyTask->scheduleTask(mCreateCryptoKeyTask); + + duplicate(); + UniLib::controller::TaskPtr savePassword(new UserWriteCryptoKeyHashIntoDB(this, 1)); + savePassword->setParentTaskPtrInArray(mCreateCryptoKeyTask, 0); + savePassword->scheduleTask(savePassword); + + return true; +} + +bool User::validatePwd(const std::string& pwd, ErrorList* validationErrorsToPrint) { auto cmpCryptoKey = createCryptoKey(pwd); if (sizeof(User::passwordHashed) != crypto_shorthash_BYTES) { @@ -275,6 +354,8 @@ bool User::validatePwd(const std::string& pwd) return true; } delete cmpCryptoKey; + + return false; } @@ -323,7 +404,9 @@ void User::duplicate() { mWorkingMutex.lock(); mReferenceCount++; - //printf("[User::duplicate] new value: %d\n", mReferenceCount); +#ifdef DEBUG_USER_DELETE_ENV + printf("[User::duplicate] new value: %d\n", mReferenceCount); +#endif mWorkingMutex.unlock(); } @@ -331,7 +414,9 @@ void User::release() { mWorkingMutex.lock(); mReferenceCount--; - //printf("[User::release] new value: %d\n", mReferenceCount); +#ifdef DEBUG_USER_DELETE_ENV + printf("[User::release] new value: %d\n", mReferenceCount); +#endif if (0 == mReferenceCount) { mWorkingMutex.unlock(); delete this; @@ -466,6 +551,36 @@ Poco::Data::Statement User::insertIntoDB(Poco::Data::Session session) return insert; } +bool User::updateIntoDB(const char* fieldName) +{ + + if (mDBId == 0) { + addError(new Error("User::updateIntoDB", "user id is zero")); + return false; + } + + if (strcmp(fieldName, "password") == 0 && mPasswordHashed != 0) { + auto session = ConnectionManager::getInstance()->getConnection(CONNECTION_MYSQL_LOGIN_SERVER); + Poco::Data::Statement update(session); + // UPDATE `table_name` SET `column_name` = `new_value' [WHERE condition]; + update << "UPDATE users SET password = ? where id = ?", + use(mPasswordHashed), use(mDBId); + try { + if (update.execute() == 1) return true; + addError(new ParamError("User::updateIntoDB", "update not affected 1 rows", fieldName)); + } + catch (Poco::Exception& ex) { + auto em = ErrorManager::getInstance(); + em->addError(new ParamError("User::updateIntoDB", "mysql error", ex.displayText().data())); + em->sendErrorsAsEmail(); + } + + } + + return false; + +} + bool User::loadEntryDBId(Poco::Data::Session session) { auto em = ErrorManager::getInstance(); diff --git a/src/cpp/model/User.h b/src/cpp/model/User.h index a8d9ba558..66f7154f6 100644 --- a/src/cpp/model/User.h +++ b/src/cpp/model/User.h @@ -14,17 +14,22 @@ class NewUser; class UserCreateCryptoKey; class UserWriteIntoDB; class Session; +class UserWriteCryptoKeyHashIntoDB; + class User : public ErrorList { friend NewUser; friend UserCreateCryptoKey; friend UserWriteIntoDB; + friend UserWriteCryptoKeyHashIntoDB; public: // new user User(const char* email, const char* first_name, const char* last_name); // existing user User(const char* email); + + User(int user_id); // login //User(const std::string& email, const std::string& password); @@ -51,7 +56,9 @@ public: inline std::string getPublicKeyHex() { lock(); std::string pubkeyHex = mPublicHex; unlock(); return pubkeyHex; } inline void setPublicKeyHex(const std::string& publicKeyHex) { lock(); mPublicHex = publicKeyHex; unlock(); } - bool validatePwd(const std::string& pwd); + bool isEmptyPassword(); + bool setNewPassword(const std::string& newPassword); + bool validatePwd(const std::string& pwd, ErrorList* validationErrorsToPrint); Poco::Data::BLOB* encrypt(const ObfusArray* data); @@ -62,11 +69,12 @@ protected: typedef Poco::UInt64 passwordHashed; ObfusArray* createCryptoKey(const std::string& password); - inline void setCryptoKey(ObfusArray* cryptoKey) { mCryptoKey = cryptoKey; } + inline void setCryptoKey(ObfusArray* cryptoKey) { lock(); mCryptoKey = cryptoKey; unlock(); } Poco::Data::Statement insertIntoDB(Poco::Data::Session session); + bool updateIntoDB(const char* fieldName); inline passwordHashed getPwdHashed() { lock(); auto ret = mPasswordHashed; unlock(); return ret; } inline void setPwdHashed(passwordHashed pwdHashed) { lock(); mPasswordHashed = pwdHashed; unlock(); } @@ -90,6 +98,8 @@ private: // for poco auto ptr int mReferenceCount; + + UniLib::controller::TaskPtr mCreateCryptoKeyTask; }; class UserCreateCryptoKey : public UniLib::controller::CPUTask @@ -150,4 +160,16 @@ protected: bool mSavePrivKey; }; +class UserWriteCryptoKeyHashIntoDB : public UniLib::controller::CPUTask +{ +public: + UserWriteCryptoKeyHashIntoDB(Poco::AutoPtr user, int dependencieCount = 0); + + int run(); + const char* getResourceType() const { return "UserWriteCryptoKeyHashIntoDB"; }; + +protected: + Poco::AutoPtr mUser; +}; + #endif //GRADIDO_LOGIN_SERVER_MODEL_USER_INCLUDE \ No newline at end of file diff --git a/src/cpsp/Error500.cpsp b/src/cpsp/Error500.cpsp new file mode 100644 index 000000000..1f6724d13 --- /dev/null +++ b/src/cpsp/Error500.cpsp @@ -0,0 +1,51 @@ +<%@ page class="Error500Page" %> +<%@ page baseClass="SessionHTTPRequestHandler" %> +<%@ page ctorArg="Session*" %> +<%@ header include="SessionHTTPRequestHandler.h" %> +<%@ page compressed="true" %> +<%! +#include + +%> +<% + response.setStatusAndReason(Poco::Net::HTTPResponse::HTTP_INTERNAL_SERVER_ERROR); + Poco::AutoPtr user; + if(mSession) { + auto user = mSession->getUser(); + } +%> + + + + + +Gradido Login Server: Error + + + + + +

Ein Fehler auf dem Server trat ein, der Admin bekam eine E-Mail.

+ <% if(mSession) { %> + <%= mSession->getErrorsHtml() %> + <% } %> + <% if(!user.isNull()) {%> + <%= user->getErrorsHtml() %> + <% } %> + + diff --git a/src/cpsp/checkEmail.cpsp b/src/cpsp/checkEmail.cpsp index 2e8383120..d9820a834 100644 --- a/src/cpsp/checkEmail.cpsp +++ b/src/cpsp/checkEmail.cpsp @@ -5,12 +5,23 @@ <%@ page form="true" %> <%@ page compressed="true" %> <%! +#include "../model/Profiler.h" +enum PageState +{ + MAIL_NOT_SEND, + ASK_VERIFICATION_CODE +}; %> <%% + Profiler timeUsed; bool hasErrors = false; + PageState state = ASK_VERIFICATION_CODE; if(mSession) { hasErrors = mSession->errorCount() > 0; + if(mSession->getSessionState() < SESSION_STATE_EMAIL_VERIFICATION_SEND) { + state = MAIL_NOT_SEND; + } } @@ -46,18 +57,25 @@ label:not(.grd_radio_label) { <%= mSession->getErrorsHtml() %> <%} %>

Einen neuen Account anlegen

- <% if(mSession && mSession->getSessionState() < SESSION_STATE_EMAIL_VERIFICATION_SEND) { %> + <% if(state == MAIL_NOT_SEND) { %>

Die E-Mail wurde noch nicht verschickt, bitte habe noch etwas Geduld.

Versuche es einfach in 1-2 Minuten erneut.

- <% } else { %> + <% } else if(state == ASK_VERIFICATION_CODE) { %>

Bitte gebe deinen E-Mail Verification Code ein.

+ <% } else { %> +
+ Ungültige Seite, wenn du das siehst stimmt hier etwas nicht. Bitte wende dich an den Server-Admin. +
<% } %> +
+ <%= timeUsed.string() %> +
diff --git a/src/cpsp/dashboard.cpsp b/src/cpsp/dashboard.cpsp index 556be065b..e343efdbc 100644 --- a/src/cpsp/dashboard.cpsp +++ b/src/cpsp/dashboard.cpsp @@ -6,8 +6,10 @@ <%@ page compressed="true" %> <%! #include "../SingletonManager/SessionManager.h" +#include "../model/Profiler.h" %> <% + Profiler timeUsed; //Poco::Net::NameValueCollection cookies; //request.getCookies(cookies); if(!form.empty()) { @@ -45,5 +47,8 @@ Abmelden Account löschen +
+ <%= timeUsed.string() %> +
diff --git a/src/cpsp/login.cpsp b/src/cpsp/login.cpsp index b38228ae3..b762437eb 100644 --- a/src/cpsp/login.cpsp +++ b/src/cpsp/login.cpsp @@ -5,9 +5,11 @@ #include "../SingletonManager/SessionManager.h" #include "Poco/Net/HTTPCookie.h" #include "Poco/Net/HTTPServerParams.h" +#include "../model/Profiler.h" %> <%% + Profiler timeUsed; auto session = SessionManager::getInstance()->getNewSession(); if(!form.empty()) { @@ -78,6 +80,9 @@ label:not(.grd_radio_label) {

Du hast noch keinen Account? Dann folge dem Link um dir einen anzulegen

Neuen Account anlegen +
+ <%= timeUsed.string() %> +
diff --git a/src/cpsp/passphrase.cpsp b/src/cpsp/passphrase.cpsp index ba284b56b..f0ad89d3c 100644 --- a/src/cpsp/passphrase.cpsp +++ b/src/cpsp/passphrase.cpsp @@ -5,6 +5,7 @@ <%@ page form="true" %> <%@ page compressed="true" %> <%! +#include "../model/Profiler.h" enum PageState { @@ -13,6 +14,7 @@ enum PageState }; %> <%% + Profiler timeUsed; PageState state = PAGE_ASK_PASSPHRASE; bool hasErrors = mSession->errorCount() > 0; @@ -111,5 +113,8 @@ label:not(.grd_radio_label) { <% } %> +
+ <%= timeUsed.string() %> +
diff --git a/src/cpsp/register.cpsp b/src/cpsp/register.cpsp index f3ba9f13f..79f6c1507 100644 --- a/src/cpsp/register.cpsp +++ b/src/cpsp/register.cpsp @@ -4,8 +4,10 @@ <%! #include "../SingletonManager/SessionManager.h" #include "Poco/Net/HTTPCookie.h" +#include "../model/Profiler.h" %> <%% + Profiler timeUsed; auto session = SessionManager::getInstance()->getNewSession(); bool userReturned = false; @@ -98,5 +100,8 @@ label:not(.grd_radio_label) { <% } %> +
+ <%= timeUsed.string() %> +
diff --git a/src/cpsp/saveKeys.cpsp b/src/cpsp/saveKeys.cpsp index e3529f0ae..2ee62e925 100644 --- a/src/cpsp/saveKeys.cpsp +++ b/src/cpsp/saveKeys.cpsp @@ -6,6 +6,7 @@ <%@ page compressed="true" %> <%! #include "Poco/Net/HTTPServerParams.h" +#include "../model/Profiler.h" enum PageState { @@ -16,8 +17,9 @@ enum PageState %> <%% - + Profiler timeUsed; bool hasErrors = mSession->errorCount() > 0; + // crypto key only in memory, if user has tipped in his passwort in this session bool hasPassword = mSession->getUser()->hasCryptoKey(); PageState state = PAGE_ASK; @@ -29,7 +31,8 @@ enum PageState if(!hasPassword) { // check pwd auto pwd = form.get("save-privkey-password", ""); - if(!mSession->getUser()->validatePwd(pwd)) { + + if(!mSession->isPwdValid(pwd)) { mSession->addError(new Error("Passwort", "Das Passwort stimmt nicht. Bitte verwende dein Passwort von der Registrierung")); hasErrors = true; } else { @@ -149,5 +152,8 @@ label:not(.grd_radio_label) { <% } %> +
+ <%= timeUsed.string() %> +
diff --git a/src/cpsp/updateUser.cpsp b/src/cpsp/updateUser.cpsp new file mode 100644 index 000000000..9553f9347 --- /dev/null +++ b/src/cpsp/updateUser.cpsp @@ -0,0 +1,98 @@ +<%@ page class="UpdateUserPage" %> +<%@ page form="true" %> +<%@ page baseClass="SessionHTTPRequestHandler" %> +<%@ page ctorArg="Session*" %> +<%@ header include="SessionHTTPRequestHandler.h" %> +<%@ page compressed="true" %> +<%! +#include "../SingletonManager/SessionManager.h" +#include "Poco/Net/HTTPCookie.h" +#include "../model/Profiler.h" +%> +<%% + Profiler timeUsed; + auto user = mSession->getUser(); + + if(!form.empty()) { + auto pwd = form.get("update-password", ""); + if(pwd != "") { + if(pwd != form.get("update-password", "")) { + session->addError(new Error("Passwort", "Passwörter sind nicht identisch.")); + } else { + userReturned = session->getUser()->setNewPassword( + form.get("update-password") + ); + } + } + } +%> + + + + + +Gradido Login Server: Register + + + + + +
+

Einen neuen Account anlegen

+ <% if(!form.empty()) {%> +
+
+ .. +
+
+ <% } else { %> +
+ + <% if(!form.empty() && !userReturned) {%> + <%= session->getErrorsHtml() %> + <%} %> +
+ Account anlegen +

Bitte gebe deine Daten um einen Account anzulegen

+

+ + "/> +

+

+ + "/> +

+

+ + +

+

+ + +

+
+ + +
+ <% } %> +
+
+ s<%= timeUsed.string() %> +
+ + diff --git a/src/cpsp/updateUserPassword.cpsp b/src/cpsp/updateUserPassword.cpsp new file mode 100644 index 000000000..f92ab8004 --- /dev/null +++ b/src/cpsp/updateUserPassword.cpsp @@ -0,0 +1,100 @@ +<%@ page class="UpdateUserPasswordPage" %> +<%@ page baseClass="SessionHTTPRequestHandler" %> +<%@ page ctorArg="Session*" %> +<%@ header include="SessionHTTPRequestHandler.h" %> +<%@ page compressed="true" %> +<%! +#include "../SingletonManager/SessionManager.h" +#include "Poco/Net/HTTPCookie.h" +#include "../model/Profiler.h" +%> +<%% + Profiler timeUsed; + auto user = mSession->getUser(); + // save login cookie, because maybe we've get an new session + response.addCookie(mSession->getLoginCookie()); + + if(!form.empty()) { + auto pwd = form.get("register-password", ""); + if(pwd != "") { + if(pwd != form.get("register-password2", "")) { + mSession->addError(new Error("Passwort", "Passwörter sind nicht identisch.")); + } else if(SessionManager::getInstance()->checkPwdValidation(pwd, mSession)) { + if(user->setNewPassword(form.get("register-password"))) { + std::string referUri = request.get("Referer", "./"); + //printf("[updateUserPasswordPage] referUri: %s\n", referUri.data()); + response.redirect(referUri); + return; + } + } + } + } +%> + + + + + +Gradido Login Server: Passwort bestimmen + + + + + +
+ <%= mSession->getErrorsHtml() %> + <%= user->getErrorsHtml() %> +

Passwort bestimmen

+
+
+
+ Bitte denke dir ein sicheres Passwort aus, das mindestens 8 Zeichen lang ist, ein Klein- und einen Großbuchstaben enthält, + eine Zahl und eines der folgenden Sonderzeichen: @$!%*?&+- +
+

+ + +

+

+ + +

+
+ +
+
+
+ <%= timeUsed.string() %> +
+ +