From 3614ed691c58f067b06e755d82711d099a349a54 Mon Sep 17 00:00:00 2001 From: Dario Date: Mon, 28 Sep 2020 10:01:13 +0200 Subject: [PATCH] Add email_hash to user db, model::table::user and a json interface to search for publickey by email hash --- README | 8 +- skeema/gradido_login/users.sql | 1 + src/cpp/Gradido_LoginServer.cpp | 1 + .../JsonRequestHandlerFactory.cpp | 4 + src/cpp/JSONInterface/JsonSearch.cpp | 89 +++++++++++++++++++ src/cpp/JSONInterface/JsonSearch.h | 24 +++++ src/cpp/SingletonManager/SessionManager.cpp | 9 -- src/cpp/controller/HederaAccount.h | 2 +- src/cpp/controller/User.cpp | 59 ++++++++++++ src/cpp/controller/User.h | 4 + src/cpp/model/table/User.cpp | 44 +++++++-- src/cpp/model/table/User.h | 7 +- 12 files changed, 230 insertions(+), 22 deletions(-) create mode 100644 src/cpp/JSONInterface/JsonSearch.cpp create mode 100644 src/cpp/JSONInterface/JsonSearch.h diff --git a/README b/README index 993dd4afa..de051e742 100644 --- a/README +++ b/README @@ -21,16 +21,18 @@ cd ../../../ cd dependencies/grpc -mkdir _build -cd _build +mkdir build +cd build cmake .. make # under windows build at least release for protoc.exe and grpc c++ plugin cd ../../../ +./unix_parse_proto.sh # get more dependencies with conan (need conan from https://conan.io/) mkdir build && cd build -conan remote add inexor https://api.bintray.com/conan/inexorgame/inexor-conan +# // not used anymore +# conan remote add inexor https://api.bintray.com/conan/inexorgame/inexor-conan # conan install .. -s build_type=Debug conan install .. diff --git a/skeema/gradido_login/users.sql b/skeema/gradido_login/users.sql index e3c7deec5..783a36211 100644 --- a/skeema/gradido_login/users.sql +++ b/skeema/gradido_login/users.sql @@ -6,6 +6,7 @@ CREATE TABLE `users` ( `password` bigint unsigned NOT NULL, `pubkey` binary(32) DEFAULT NULL, `privkey` binary(80) DEFAULT NULL, + `email_hash` binary(32) DEFAULT NULL, `created` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP, `email_checked` tinyint NOT NULL DEFAULT '0', `passphrase_shown` tinyint NOT NULL DEFAULT '0', diff --git a/src/cpp/Gradido_LoginServer.cpp b/src/cpp/Gradido_LoginServer.cpp index e628a318c..1459a89b9 100644 --- a/src/cpp/Gradido_LoginServer.cpp +++ b/src/cpp/Gradido_LoginServer.cpp @@ -198,6 +198,7 @@ int Gradido_LoginServer::main(const std::vector& args) // schedule email verification resend controller::User::checkIfVerificationEmailsShouldBeResend(ServerConfig::g_CronJobsTimer); + controller::User::addMissingEmailHashes(); // HTTP Interface Server // set-up a server socket diff --git a/src/cpp/JSONInterface/JsonRequestHandlerFactory.cpp b/src/cpp/JSONInterface/JsonRequestHandlerFactory.cpp index e58f6b464..090e225ea 100644 --- a/src/cpp/JSONInterface/JsonRequestHandlerFactory.cpp +++ b/src/cpp/JSONInterface/JsonRequestHandlerFactory.cpp @@ -13,6 +13,7 @@ #include "JsonAdminEmailVerificationResend.h" #include "JsonGetUserInfos.h" #include "JsonUpdateUserInfos.h" +#include "JsonSearch.h" JsonRequestHandlerFactory::JsonRequestHandlerFactory() : mRemoveGETParameters("^/([a-zA-Z0-9_-]*)"), mLogging(Poco::Logger::get("requestLog")) @@ -56,6 +57,9 @@ Poco::Net::HTTPRequestHandler* JsonRequestHandlerFactory::createRequestHandler(c else if (url_first_part == "/updateUserInfos") { return new JsonUpdateUserInfos; } + else if (url_first_part == "/search") { + return new JsonSearch; + } return new JsonUnknown; } diff --git a/src/cpp/JSONInterface/JsonSearch.cpp b/src/cpp/JSONInterface/JsonSearch.cpp new file mode 100644 index 000000000..4b7d82ec6 --- /dev/null +++ b/src/cpp/JSONInterface/JsonSearch.cpp @@ -0,0 +1,89 @@ +#include "JsonSearch.h" + +#include "../lib/DataTypeConverter.h" +#include "../controller/User.h" +#include "../SingletonManager/SessionManager.h" + +Poco::JSON::Object* JsonSearch::handle(Poco::Dynamic::Var params) +{ + /* + 'ask' = ['account_publickey' => ''] + */ + // incoming + + Poco::JSON::Object::Ptr ask; + + // if is json object + if (params.type() == typeid(Poco::JSON::Object::Ptr)) { + Poco::JSON::Object::Ptr paramJsonObject = params.extract(); + /// Throws a RangeException if the value does not fit + /// into the result variable. + /// Throws a NotImplementedException if conversion is + /// not available for the given type. + /// Throws InvalidAccessException if Var is empty. + try { + ask = paramJsonObject->getObject("ask"); + } + catch (Poco::Exception& ex) { + return stateError("json exception", ex.displayText()); + } + } + else { + return stateError("parameter format unknown"); + } + + + if (ask.isNull()) { + return stateError("ask is zero or not an object"); + } + + + Poco::JSON::Object* result = new Poco::JSON::Object; + result->set("state", "success"); + Poco::JSON::Array jsonErrorsArray; + Poco::JSON::Object result_fields; + auto sm = SessionManager::getInstance(); + auto mm = MemoryManager::getInstance(); + for (auto it = ask->begin(); it != ask->end(); it++) { + std::string name = it->first; + auto value = it->second; + + + try { + if ("account_publickey" == name) { + if (!value.isString()) { + jsonErrorsArray.add("account_publickey isn't a string"); + } + else { + MemoryBin* email_hash = nullptr; + if (sm->isValid(value, VALIDATE_ONLY_HEX)) { + email_hash = DataTypeConverter::hexToBin(value); + } + if (!email_hash) { + email_hash = DataTypeConverter::base64ToBin(value); + } + if (!email_hash) { + jsonErrorsArray.add("account_publickey isn't valid base64 or hex"); + } + else { + auto user = controller::User::create(); + user->load(email_hash); + mm->releaseMemory(email_hash); + auto user_model = user->getModel(); + auto public_key_base64 = DataTypeConverter::binToBase64(user_model->getPublicKey(), user_model->getPublicKeySize()); + result_fields.set("account_publickey", public_key_base64); + } + } + } + } + catch (Poco::Exception& ex) { + jsonErrorsArray.add("update parameter invalid"); + } + } + + result->set("errors", jsonErrorsArray); + result->set("results", result_fields); + result->set("state", "success"); + + return result; +} \ No newline at end of file diff --git a/src/cpp/JSONInterface/JsonSearch.h b/src/cpp/JSONInterface/JsonSearch.h new file mode 100644 index 000000000..c6fa683a8 --- /dev/null +++ b/src/cpp/JSONInterface/JsonSearch.h @@ -0,0 +1,24 @@ +#ifndef __JSON_INTERFACE_JSON_SEARCH_ +#define __JSON_INTERFACE_JSON_SEARCH_ + +#include "JsonRequestHandler.h" + +/*! +* @author Dario Rekowski +* @date 2020-09-28 +* @brief search for public informations (no session_id needed), like account id for email hash +* +* +*/ + +class JsonSearch : public JsonRequestHandler +{ +public: + Poco::JSON::Object* handle(Poco::Dynamic::Var params); + +protected: + + +}; + +#endif // __JSON_INTERFACE_JSON_SEARCH_ \ No newline at end of file diff --git a/src/cpp/SingletonManager/SessionManager.cpp b/src/cpp/SingletonManager/SessionManager.cpp index e6186790c..4e99b85e4 100644 --- a/src/cpp/SingletonManager/SessionManager.cpp +++ b/src/cpp/SingletonManager/SessionManager.cpp @@ -228,16 +228,7 @@ bool SessionManager::releaseSession(int requestHandleSession) //mWorkingMutex.unlock(); return false; } - Session* session = it->second; - - // simply delete session to overcome current crashes, it is a workaround for now - mRequestSessionMap.erase(requestHandleSession); - delete session; - return true; - - - // check if dead locked if (session->tryLock()) { session->unlock(); diff --git a/src/cpp/controller/HederaAccount.h b/src/cpp/controller/HederaAccount.h index 709e84c7a..89595b3bb 100644 --- a/src/cpp/controller/HederaAccount.h +++ b/src/cpp/controller/HederaAccount.h @@ -29,7 +29,7 @@ namespace controller { inline bool deleteFromDB() { return mDBModel->deleteFromDB(); } - std::string HederaAccount::toShortSelectOptionName(); + std::string toShortSelectOptionName(); inline Poco::AutoPtr getModel() { return _getModel(); } inline const model::table::HederaAccount* getModel() const { return _getModel(); } diff --git a/src/cpp/controller/User.cpp b/src/cpp/controller/User.cpp index f425da9e0..ba07a066c 100644 --- a/src/cpp/controller/User.cpp +++ b/src/cpp/controller/User.cpp @@ -83,6 +83,11 @@ namespace controller { return getModel()->loadFromDB("pubkey", pubkey); } + int User::load(MemoryBin* emailHash) + { + Poco::Data::BLOB email_hash(*emailHash, crypto_generichash_BYTES); + return getModel()->loadFromDB("email_hash", email_hash); + } const std::string& User::getPublicHex() { if (mPublicHex != "") { @@ -404,4 +409,58 @@ namespace controller { return 0; } + int User::addMissingEmailHashes() + { + auto cm = ConnectionManager::getInstance(); + auto em = ErrorManager::getInstance(); + static const char* function_name = "User::addMissingEmailHashes"; + + auto session = cm->getConnection(CONNECTION_MYSQL_LOGIN_SERVER); + Poco::Data::Statement select(session); + std::vector> results; + + select << "select id, email from users " + << "where email_hash IS NULL " + , Poco::Data::Keywords::into(results) + ; + int result_count = 0; + try { + result_count = select.execute(); + } + catch (Poco::Exception& ex) { + em->addError(new ParamError(function_name, "mysql error by select", ex.displayText().data())); + em->sendErrorsAsEmail(); + //return -1; + } + if (0 == result_count) return 0; + std::vector> updates; + // calculate hashes + updates.reserve(results.size()); + unsigned char email_hash[crypto_generichash_BYTES]; + for (auto it = results.begin(); it != results.end(); it++) { + memset(email_hash, 0, crypto_generichash_BYTES); + auto id = it->get<0>(); + auto email = it->get<1>(); + crypto_generichash(email_hash, crypto_generichash_BYTES, + (const unsigned char*)email.data(), email.size(), + NULL, 0); + updates.push_back(Poco::Tuple(Poco::Data::BLOB(email_hash, crypto_generichash_BYTES), id)); + } + + // update db + // reuse connection, I hope it's working + Poco::Data::Statement update(session); + update << "UPDATE users set email_hash = ? where id = ?" + , Poco::Data::Keywords::use(updates); + int updated_count = 0; + try { + updated_count = update.execute(); + } + catch (Poco::Exception& ex) { + em->addError(new ParamError(function_name, "mysql error by update", ex.displayText().data())); + em->sendErrorsAsEmail(); + } + return updated_count; + } + } \ No newline at end of file diff --git a/src/cpp/controller/User.h b/src/cpp/controller/User.h index a42678739..a400d2ff5 100644 --- a/src/cpp/controller/User.h +++ b/src/cpp/controller/User.h @@ -37,6 +37,9 @@ namespace controller { // TODO: instead scheduling all, scheduling only for next day and run this function every day (own task for that) static int checkIfVerificationEmailsShouldBeResend(const Poco::Util::Timer& timer); + //! \brief go through whole db and search for user without email hash and set this in db + static int addMissingEmailHashes(); + //! \brief try to find correct passphrase for this user from db //! //! select entries from user_backups db table belonging to user @@ -53,6 +56,7 @@ namespace controller { //! \return count of found rows, should be 1 or 0 inline size_t load(int user_id) { return getModel()->loadFromDB("id", user_id); } int load(const unsigned char* pubkey_array); + int load(MemoryBin* emailHash); Poco::JSON::Object getJson(); inline Poco::AutoPtr getModel() { return _getModel(); } diff --git a/src/cpp/model/table/User.cpp b/src/cpp/model/table/User.cpp index 745982a25..11584659c 100644 --- a/src/cpp/model/table/User.cpp +++ b/src/cpp/model/table/User.cpp @@ -18,8 +18,9 @@ namespace model { } User::User(const std::string& email, const std::string& first_name, const std::string& last_name, Poco::UInt64 passwordHashed/* = 0*/, std::string languageKey/* = "de"*/) - : mEmail(email), mFirstName(first_name), mLastName(last_name), mPasswordHashed(passwordHashed), mEmailChecked(false), mLanguageKey(languageKey), mDisabled(false), mRole(ROLE_NOT_LOADED) + : mFirstName(first_name), mLastName(last_name), mPasswordHashed(passwordHashed), mEmailChecked(false), mLanguageKey(languageKey), mDisabled(false), mRole(ROLE_NOT_LOADED) { + setEmail(email); } //id, first_name, last_name, email, pubkey, created, email_checked @@ -60,18 +61,31 @@ namespace model { } } + void User::setEmail(const std::string& email) + { + std::unique_lock _lock(mSharedMutex); + mEmail = email; + + unsigned char email_hash[crypto_generichash_BYTES]; + + crypto_generichash(email_hash, crypto_generichash_BYTES, + (const unsigned char*)email.data(), email.size(), + NULL, 0); + mEmailHash = Poco::Nullable(Poco::Data::BLOB(email_hash, crypto_generichash_BYTES)); + } + Poco::Data::Statement User::_insertIntoDB(Poco::Data::Session session) { Poco::Data::Statement insert(session); if (mPasswordHashed) { - insert << "INSERT INTO users (email, first_name, last_name, password, language) VALUES(?,?,?,?,?);", - use(mEmail), use(mFirstName), use(mLastName), bind(mPasswordHashed), use(mLanguageKey); + insert << "INSERT INTO users (email, first_name, last_name, password, email_hash, language) VALUES(?,?,?,?,?,?);", + use(mEmail), use(mFirstName), use(mLastName), bind(mPasswordHashed), use(mEmailHash), use(mLanguageKey); } else { - insert << "INSERT INTO users (email, first_name, last_name, language) VALUES(?,?,?,?);", - use(mEmail), use(mFirstName), use(mLastName), use(mLanguageKey); + insert << "INSERT INTO users (email, first_name, last_name, email_hash, language) VALUES(?,?,?,?,?);", + use(mEmail), use(mFirstName), use(mLastName), use(mEmailHash), use(mLanguageKey); } return insert; @@ -84,12 +98,12 @@ namespace model { _fieldName = getTableName() + std::string(".id"); } Poco::Data::Statement select(session); - select << "SELECT " << getTableName() << ".id, email, first_name, last_name, password, pubkey, privkey, created, email_checked, language, disabled, user_roles.role_id " + select << "SELECT " << getTableName() << ".id, email, first_name, last_name, password, pubkey, privkey, email_hash, created, email_checked, language, disabled, user_roles.role_id " << " FROM " << getTableName() << " LEFT JOIN user_roles ON " << getTableName() << ".id = user_roles.user_id " << " WHERE " << _fieldName << " = ?" , into(mID), into(mEmail), into(mFirstName), into(mLastName), into(mPasswordHashed), - into(mPublicKey), into(mPrivateKey), into(mCreated), into(mEmailChecked), + into(mPublicKey), into(mPrivateKey), into(mEmailHash), into(mCreated), into(mEmailChecked), into(mLanguageKey), into(mDisabled), into(mRole); @@ -266,12 +280,14 @@ namespace model { auto mm = MemoryManager::getInstance(); auto pubkeyHex = mm->getFreeMemory(65); auto privkeyHex = mm->getFreeMemory(161); + auto email_hash = mm->getFreeMemory(crypto_generichash_BYTES+1); //char pubkeyHex[65], privkeyHex[161]; //memset(pubkeyHex, 0, 65); //memset(privkeyHex, 0, 161); memset(*pubkeyHex, 0, 65); memset(*privkeyHex, 0, 161); + memset(*email_hash, 0, crypto_generichash_BYTES + 1); std::stringstream ss; @@ -281,11 +297,16 @@ namespace model { if (!mPrivateKey.isNull()) { sodium_bin2hex(*privkeyHex, 161, mPrivateKey.value().content().data(), mPrivateKey.value().content().size()); } + if (!mEmailHash.isNull()) { + sodium_bin2hex(*email_hash, crypto_generichash_BYTES + 1, mEmailHash.value().content().data(), mEmailHash.value().content().size()); + } + ss << mFirstName << " " << mLastName << " <" << mEmail << ">" << std::endl; ss << "password hash: " << mPasswordHashed << std::endl; ss << "public key: " << (char*)*pubkeyHex << std::endl; ss << "private key: " << (char*)*privkeyHex << std::endl; + ss << "email hash: " << (char*)*email_hash << std::endl; ss << "created: " << Poco::DateTimeFormatter::format(mCreated, "%f.%m.%Y %H:%M:%S") << std::endl; ss << "email checked: " << mEmailChecked << std::endl; ss << "language key: " << mLanguageKey << std::endl; @@ -293,6 +314,7 @@ namespace model { mm->releaseMemory(pubkeyHex); mm->releaseMemory(privkeyHex); + mm->releaseMemory(email_hash); return ss.str(); } @@ -301,8 +323,10 @@ namespace model { { auto mm = MemoryManager::getInstance(); auto pubkeyHex = mm->getFreeMemory(65); + auto email_hash = mm->getFreeMemory(crypto_generichash_BYTES + 1); memset(*pubkeyHex, 0, 65); + memset(*email_hash, 0, crypto_generichash_BYTES + 1); std::stringstream ss; @@ -310,8 +334,13 @@ namespace model { sodium_bin2hex(*pubkeyHex, 65, mPublicKey.value().content().data(), mPublicKey.value().content().size()); } + if (!mEmailHash.isNull()) { + sodium_bin2hex(*email_hash, crypto_generichash_BYTES + 1, mEmailHash.value().content().data(), mEmailHash.value().content().size()); + } + ss << "" << mFirstName << " " << mLastName << " <" << mEmail << ">" << "
"; ss << "public key: " << (char*)*pubkeyHex << "
"; + ss << "email hash: " << (char*)*email_hash << "
"; ss << "created: " << Poco::DateTimeFormatter::format(mCreated, "%f.%m.%Y %H:%M:%S") << "
"; ss << "email checked: " << mEmailChecked << "
"; ss << "language key: " << mLanguageKey << "
"; @@ -319,6 +348,7 @@ namespace model { ss << "disabled: " << mDisabled << "
"; mm->releaseMemory(pubkeyHex); + mm->releaseMemory(email_hash); return ss.str(); } diff --git a/src/cpp/model/table/User.h b/src/cpp/model/table/User.h index 5fb9de668..9d95a3223 100644 --- a/src/cpp/model/table/User.h +++ b/src/cpp/model/table/User.h @@ -60,17 +60,19 @@ namespace model { inline std::string getNameWithEmailHtml() const { std::shared_lock _lock(mSharedMutex); return mFirstName + " " + mLastName + " <" + mEmail + ">"; } inline const Poco::UInt64 getPasswordHashed() const { std::shared_lock _lock(mSharedMutex); return mPasswordHashed; } inline RoleType getRole() const { std::shared_lock _lock(mSharedMutex); if (mRole.isNull()) return ROLE_NONE; return static_cast(mRole.value()); } - inline const unsigned char* getPublicKey() const { if (mPublicKey.isNull()) return nullptr; return mPublicKey.value().content().data(); } + inline const unsigned char* getPublicKey() const { std::shared_lock _lock(mSharedMutex); if (mPublicKey.isNull()) return nullptr; return mPublicKey.value().content().data(); } + inline size_t getPublicKeySize() const { std::shared_lock _lock(mSharedMutex); if (mPublicKey.isNull()) return 0; return mPublicKey.value().content().size(); } std::string getPublicKeyHex() const; inline bool hasPrivateKeyEncrypted() const { std::shared_lock _lock(mSharedMutex); return !mPrivateKey.isNull(); } + inline bool hasEmailHash() const { std::shared_lock _lock(mSharedMutex); return !mEmailHash.isNull(); } inline const std::vector& getPrivateKeyEncrypted() const { return mPrivateKey.value().content(); } inline bool isEmailChecked() const { std::shared_lock _lock(mSharedMutex); return mEmailChecked; } inline const std::string getLanguageKey() const { std::shared_lock _lock(mSharedMutex); return mLanguageKey; } inline bool isDisabled() const { std::shared_lock _lock(mSharedMutex); return mDisabled; } // default setter unlocked - inline void setEmail(const std::string& email) { std::unique_lock _lock(mSharedMutex); mEmail = email; } + void setEmail(const std::string& email); inline void setFirstName(const std::string& first_name) { std::unique_lock _lock(mSharedMutex); mFirstName = first_name; } inline void setLastName(const std::string& last_name) { std::unique_lock _lock(mSharedMutex); mLastName = last_name; } inline void setPasswordHashed(const Poco::UInt64& passwordHashed) { std::unique_lock _lock(mSharedMutex); mPasswordHashed = passwordHashed; } @@ -101,6 +103,7 @@ namespace model { Poco::Nullable mPublicKey; Poco::Nullable mPrivateKey; + Poco::Nullable mEmailHash; // sodium generic hash (currently blake2b) // created: Mysql DateTime Poco::DateTime mCreated;