mirror of
https://github.com/IT4Change/gradido.git
synced 2025-12-13 07:45:54 +00:00
more exact error message for password validation
This commit is contained in:
Dario
parent
d6e9cc19ab
commit
3de1e21259
@ -14,7 +14,11 @@ using namespace Poco::Data::Keywords;
|
||||
KeyPair::KeyPair()
|
||||
: mPrivateKey(nullptr), mSodiumSecret(nullptr)
|
||||
{
|
||||
|
||||
// TODO: set memory to zero for
|
||||
// unsigned char mPublicKey[ed25519_pubkey_SIZE];
|
||||
// unsigned char mSodiumPublic[crypto_sign_PUBLICKEYBYTES];
|
||||
memset(mPublicKey, 0, ed25519_pubkey_SIZE);
|
||||
memset(mSodiumPublic, 0, crypto_sign_PUBLICKEYBYTES);
|
||||
}
|
||||
|
||||
KeyPair::~KeyPair()
|
||||
@ -91,6 +95,14 @@ bool KeyPair::generateFromPassphrase(const char* passphrase, Mnemonic* word_sour
|
||||
}
|
||||
mSodiumSecret = new ObfusArray(crypto_sign_SECRETKEYBYTES, sodium_secret);
|
||||
|
||||
// print hex for all keys for debugging
|
||||
printf("//********** Keys *************//\n");
|
||||
printf("Public: \t%s\n", getHex(mPublicKey, ed25519_pubkey_SIZE).data());
|
||||
printf("Private: \t%s\n", getHex(*mPrivateKey, mPrivateKey->size()).data());
|
||||
printf("Sodium Public: \t%s\n", getHex(mSodiumPublic, crypto_sign_PUBLICKEYBYTES).data());
|
||||
printf("Sodium Private: \t%s\n", getHex(*mSodiumSecret, mSodiumSecret->size()).data());
|
||||
printf("//********* Keys End ************//\n");
|
||||
|
||||
// using
|
||||
return true;
|
||||
}
|
||||
@ -107,6 +119,18 @@ std::string KeyPair::getPubkeyHex()
|
||||
return pubHex;
|
||||
}
|
||||
|
||||
std::string KeyPair::getHex(const unsigned char* data, size_t size)
|
||||
{
|
||||
size_t hexSize = size * 2 + 1;
|
||||
char* hexString = (char*)malloc(hexSize);
|
||||
memset(hexString, 0, hexSize);
|
||||
sodium_bin2hex(hexString, hexSize, data, size);
|
||||
std::string hex = hexString;
|
||||
free(hexString);
|
||||
|
||||
return hex;
|
||||
}
|
||||
|
||||
bool KeyPair::savePrivKey(int userId)
|
||||
{
|
||||
auto cm = ConnectionManager::getInstance();
|
||||
|
||||
@ -19,13 +19,15 @@ public:
|
||||
bool generateFromPassphrase(const char* passphrase, Mnemonic* word_source);
|
||||
std::string getPubkeyHex();
|
||||
bool savePrivKey(int userId);
|
||||
|
||||
static std::string getHex(const unsigned char* data, size_t size);
|
||||
|
||||
inline const unsigned char* getPublicKey() const { return mSodiumPublic; }
|
||||
|
||||
protected:
|
||||
const ObfusArray* getPrivateKey() const { return mSodiumSecret; }
|
||||
|
||||
|
||||
|
||||
private:
|
||||
ObfusArray* mPrivateKey;
|
||||
ObfusArray* mSodiumSecret;
|
||||
|
||||
@ -45,6 +45,13 @@ void CheckEmailPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::
|
||||
responseStream << "<!--<link rel=\"stylesheet\" type=\"text/css\" href=\"css/styles.min.css\">-->\n";
|
||||
responseStream << "<link rel=\"stylesheet\" type=\"text/css\" href=\"https://gradido2.dario-rekowski.de/css/styles.css\">\n";
|
||||
responseStream << "<style type=\"text/css\" >\n";
|
||||
responseStream << ".grd_container\n";
|
||||
responseStream << "{\n";
|
||||
responseStream << " max-width:820px;\n";
|
||||
responseStream << " margin-left:auto;\n";
|
||||
responseStream << " margin-right:auto;\n";
|
||||
responseStream << "}\n";
|
||||
responseStream << "\n";
|
||||
responseStream << "input:not([type='radio']) {\n";
|
||||
responseStream << "\twidth:200px;\n";
|
||||
responseStream << "}\n";
|
||||
@ -57,25 +64,25 @@ void CheckEmailPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::
|
||||
responseStream << "<body>\n";
|
||||
responseStream << "<div class=\"grd_container\">\n";
|
||||
responseStream << "\t";
|
||||
#line 38 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
|
||||
#line 45 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
|
||||
if(mSession && hasErrors) { responseStream << "\n";
|
||||
responseStream << "\t\t";
|
||||
#line 39 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
|
||||
#line 46 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
|
||||
responseStream << ( mSession->getErrorsHtml() );
|
||||
responseStream << "\n";
|
||||
responseStream << "\t";
|
||||
#line 40 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
|
||||
#line 47 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
|
||||
} responseStream << "\n";
|
||||
responseStream << "\t<h1>Einen neuen Account anlegen</h1>\n";
|
||||
responseStream << "\t";
|
||||
#line 42 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
|
||||
#line 49 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
|
||||
if(mSession && mSession->getSessionState() < SESSION_STATE_EMAIL_VERIFICATION_SEND) { responseStream << "\n";
|
||||
responseStream << "\t\t<div class=\"grd_text\">\n";
|
||||
responseStream << "\t\t\t<p>Die E-Mail wurde noch nicht verschickt, bitte habe noch etwas Geduld.</p>\n";
|
||||
responseStream << "\t\t\t<p>Versuche es einfach in 1-2 Minuten erneut.</p>\n";
|
||||
responseStream << "\t\t</div>\n";
|
||||
responseStream << "\t";
|
||||
#line 47 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
|
||||
#line 54 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
|
||||
} else { responseStream << "\n";
|
||||
responseStream << "\t<form method=\"GET\">\n";
|
||||
responseStream << "\t\t<p>Bitte gebe deinen E-Mail Verification Code ein. </p>\n";
|
||||
@ -83,7 +90,7 @@ void CheckEmailPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::
|
||||
responseStream << "\t\t<input class=\"grd_bn_succeed\" type=\"submit\" value=\"Überprüfe Code\">\n";
|
||||
responseStream << "\t</form>\n";
|
||||
responseStream << "\t";
|
||||
#line 53 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
|
||||
#line 60 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
|
||||
} responseStream << "\n";
|
||||
responseStream << "</div>\n";
|
||||
responseStream << "</body>\n";
|
||||
|
||||
@ -58,12 +58,16 @@ void DashboardPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::N
|
||||
responseStream << "</p>\n";
|
||||
responseStream << "\t";
|
||||
#line 31 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp"
|
||||
if(mSession->getSessionState() == SESSION_STATE_EMAIL_VERIFICATION_SEND) responseStream << "\n";
|
||||
if(mSession->getSessionState() == SESSION_STATE_EMAIL_VERIFICATION_SEND) { responseStream << "\n";
|
||||
responseStream << "\t<p>Verification Code E-Mail wurde erfolgreich an dich verschickt, bitte schaue auch in dein Spam-Verzeichnis nach wenn du sie nicht findest und klicke auf den Link den du dort findest oder kopiere den Code hier her:</p>\n";
|
||||
responseStream << "\t<form method=\"GET\" action=\"/checkEmail\">\n";
|
||||
responseStream << "\t\t<input type=\"number\" name=\"email-verification-code\">\n";
|
||||
responseStream << "\t\t<input class=\"grd_bn_succeed\" type=\"submit\" value=\"Überprüfe Code\">\n";
|
||||
responseStream << "\t</form>\n";
|
||||
responseStream << "\t";
|
||||
#line 37 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp"
|
||||
} responseStream << "\n";
|
||||
responseStream << "\t<a class=\"grd_bn\" href=\"/logout\">Abmelden</a>\n";
|
||||
responseStream << "</div>\n";
|
||||
responseStream << "</body>\n";
|
||||
responseStream << "</html>\n";
|
||||
|
||||
@ -7,6 +7,9 @@
|
||||
|
||||
#line 4 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\login.cpsp"
|
||||
|
||||
#include "../SingletonManager/SessionManager.h"
|
||||
#include "Poco/Net/HTTPCookie.h"
|
||||
#include "Poco/Net/HTTPServerParams.h"
|
||||
|
||||
|
||||
|
||||
@ -18,6 +21,23 @@ void LoginPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net::
|
||||
if (_compressResponse) response.set("Content-Encoding", "gzip");
|
||||
|
||||
Poco::Net::HTMLForm form(request, request.stream());
|
||||
#line 10 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\login.cpsp"
|
||||
|
||||
auto session = SessionManager::getInstance()->getNewSession();
|
||||
|
||||
if(!form.empty()) {
|
||||
auto email = form.get("login-email", "");
|
||||
auto password = form.get("login-password", "");
|
||||
if(session->loadUser(email, password)) {
|
||||
auto user_host = request.clientAddress().host();
|
||||
session->setClientIp(user_host);
|
||||
response.addCookie(session->getLoginCookie());
|
||||
auto uri_start = request.serverParams().getServerName();
|
||||
response.redirect(uri_start + "/");
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
std::ostream& _responseStream = response.send();
|
||||
Poco::DeflatingOutputStream _gzipStream(_responseStream, Poco::DeflatingStreamBuf::STREAM_GZIP, 1);
|
||||
std::ostream& responseStream = _compressResponse ? _gzipStream : _responseStream;
|
||||
@ -30,11 +50,31 @@ void LoginPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net::
|
||||
responseStream << "<title>Gradido Login Server: Login</title>\n";
|
||||
responseStream << "<!--<link rel=\"stylesheet\" type=\"text/css\" href=\"css/styles.min.css\">-->\n";
|
||||
responseStream << "<link rel=\"stylesheet\" type=\"text/css\" href=\"https://gradido2.dario-rekowski.de/css/styles.css\">\n";
|
||||
responseStream << "<style type=\"text/css\" >\n";
|
||||
responseStream << ".grd_container\n";
|
||||
responseStream << "{\n";
|
||||
responseStream << " max-width:820px;\n";
|
||||
responseStream << " margin-left:auto;\n";
|
||||
responseStream << " margin-right:auto;\n";
|
||||
responseStream << "}\n";
|
||||
responseStream << "\n";
|
||||
responseStream << "input:not([type='radio']) {\n";
|
||||
responseStream << "\twidth:200px;\n";
|
||||
responseStream << "}\n";
|
||||
responseStream << "label:not(.grd_radio_label) {\n";
|
||||
responseStream << "\twidth:80px;\n";
|
||||
responseStream << "\tdisplay:inline-block;\n";
|
||||
responseStream << "}\n";
|
||||
responseStream << "</style>\n";
|
||||
responseStream << "</head>\n";
|
||||
responseStream << "<body>\n";
|
||||
responseStream << "<h1>Login</h1>\n";
|
||||
responseStream << "<form method=\"POST\">\n";
|
||||
responseStream << "\t<div class=\"grd_container\">\n";
|
||||
responseStream << "\t\t<h1>Login</h1>\n";
|
||||
responseStream << "\t\t";
|
||||
#line 56 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\login.cpsp"
|
||||
responseStream << ( session->getErrorsHtml() );
|
||||
responseStream << "\n";
|
||||
responseStream << "\t\t<fieldset class=\"grd_container_small\">\n";
|
||||
responseStream << "\t\t\t<legend>Login</legend>\n";
|
||||
responseStream << "\t\t\t<p>Bitte gebe deine Zugangsdaten ein um dich einzuloggen.</p>\n";
|
||||
|
||||
@ -51,6 +51,11 @@ Poco::Net::HTTPRequestHandler* PageRequestHandlerFactory::createRequestHandler(c
|
||||
return handleCheckEmail(s, uri, request);
|
||||
}
|
||||
if (s) {
|
||||
if(url_first_part == "/logout") {
|
||||
sm->releseSession(s);
|
||||
printf("session released\n");
|
||||
return new LoginPage;
|
||||
}
|
||||
auto sessionState = s->getSessionState();
|
||||
if(sessionState == SESSION_STATE_EMAIL_VERIFICATION_CODE_CHECKED ||
|
||||
sessionState == SESSION_STATE_PASSPHRASE_GENERATED) {
|
||||
@ -62,10 +67,12 @@ Poco::Net::HTTPRequestHandler* PageRequestHandlerFactory::createRequestHandler(c
|
||||
//else if (uri == "/saveKeys") {
|
||||
return new SaveKeysPage(s);
|
||||
}
|
||||
return new DashboardPage(s);
|
||||
if (s && s->getUser()) {
|
||||
return new DashboardPage(s);
|
||||
}
|
||||
} else {
|
||||
|
||||
if (uri == "/") {
|
||||
if (uri == "/config") {
|
||||
return new ConfigPage;
|
||||
}
|
||||
else if (uri == "/login") {
|
||||
@ -75,7 +82,8 @@ Poco::Net::HTTPRequestHandler* PageRequestHandlerFactory::createRequestHandler(c
|
||||
return new RegisterPage;
|
||||
}
|
||||
}
|
||||
return new HandleFileRequest;
|
||||
return new LoginPage;
|
||||
//return new HandleFileRequest;
|
||||
//return new PageRequestHandlerFactory;
|
||||
}
|
||||
|
||||
|
||||
@ -78,6 +78,13 @@ void PassphrasePage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::
|
||||
responseStream << "<!--<link rel=\"stylesheet\" type=\"text/css\" href=\"css/styles.min.css\">-->\n";
|
||||
responseStream << "<link rel=\"stylesheet\" type=\"text/css\" href=\"https://gradido2.dario-rekowski.de/css/styles.css\">\n";
|
||||
responseStream << "<style type=\"text/css\" >\n";
|
||||
responseStream << ".grd_container\n";
|
||||
responseStream << "{\n";
|
||||
responseStream << " max-width:820px;\n";
|
||||
responseStream << " margin-left:auto;\n";
|
||||
responseStream << " margin-right:auto;\n";
|
||||
responseStream << "}\n";
|
||||
responseStream << "\n";
|
||||
responseStream << "input:not([type='radio']) {\n";
|
||||
responseStream << "\twidth:200px;\n";
|
||||
responseStream << "}\n";
|
||||
@ -90,18 +97,18 @@ void PassphrasePage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::
|
||||
responseStream << "<body>\n";
|
||||
responseStream << "<div class=\"grd_container\">\n";
|
||||
responseStream << "\t";
|
||||
#line 71 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp"
|
||||
#line 78 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp"
|
||||
if(mSession && hasErrors) { responseStream << "\n";
|
||||
responseStream << "\t\t";
|
||||
#line 72 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp"
|
||||
#line 79 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp"
|
||||
responseStream << ( mSession->getErrorsHtml() );
|
||||
responseStream << "\n";
|
||||
responseStream << "\t";
|
||||
#line 73 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp"
|
||||
#line 80 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp"
|
||||
} responseStream << "\n";
|
||||
responseStream << "\t<h1>Einen neuen Account anlegen</h1>\n";
|
||||
responseStream << "\t";
|
||||
#line 75 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp"
|
||||
#line 82 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp"
|
||||
if(state == PAGE_SHOW_PASSPHRASE) { responseStream << "\n";
|
||||
responseStream << "\t\t<div class=\"grd_text-max-width\">\n";
|
||||
responseStream << "\t\t\t<div class=\"grd_text\">\n";
|
||||
@ -109,14 +116,14 @@ void PassphrasePage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::
|
||||
responseStream << "\t\t\t</div>\n";
|
||||
responseStream << "\t\t\t<div class=\"grd_textarea\">\n";
|
||||
responseStream << "\t\t\t\t";
|
||||
#line 81 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp"
|
||||
#line 88 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp"
|
||||
responseStream << ( mSession->getPassphrase() );
|
||||
responseStream << "\n";
|
||||
responseStream << "\t\t\t</div>\n";
|
||||
responseStream << "\t\t\t<a href=\"/saveKeys\">Weiter</a>\n";
|
||||
responseStream << "\t\t</div>\n";
|
||||
responseStream << "\t";
|
||||
#line 85 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp"
|
||||
#line 92 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp"
|
||||
} else if(state == PAGE_ASK_PASSPHRASE) { responseStream << "\n";
|
||||
responseStream << "\t<form method=\"POST\">\n";
|
||||
responseStream << "\t\t<fieldset class=\"grd_container_small\">\n";
|
||||
@ -131,7 +138,7 @@ void PassphrasePage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::
|
||||
responseStream << "\t\t\t\t<label class=\"grd_radio_label\" for=\"passphrase-new-no\">Ja, bitte wiederherstellen!</label>\n";
|
||||
responseStream << "\t\t\t</p>\n";
|
||||
responseStream << "\t\t\t<textarea style=\"width:100%;height:100px\" name=\"passphrase-existing\">";
|
||||
#line 98 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp"
|
||||
#line 105 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp"
|
||||
responseStream << ( !form.empty() ? form.get("passphrase-existing", "") : "" );
|
||||
responseStream << "</textarea>\n";
|
||||
responseStream << "\t\t</fieldset>\n";
|
||||
@ -139,13 +146,13 @@ void PassphrasePage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::
|
||||
responseStream << "\t\t\n";
|
||||
responseStream << "\t</form>\n";
|
||||
responseStream << "\t";
|
||||
#line 103 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp"
|
||||
#line 110 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp"
|
||||
} else { responseStream << "\n";
|
||||
responseStream << "\t\t<div class=\"grd_text\">\n";
|
||||
responseStream << "\t\t\tUngültige Seite, wenn du das siehst stimmt hier etwas nicht. Bitte wende dich an den Server-Admin. \n";
|
||||
responseStream << "\t\t</div>\n";
|
||||
responseStream << "\t";
|
||||
#line 107 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp"
|
||||
#line 114 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp"
|
||||
} responseStream << "\n";
|
||||
responseStream << "</div>\n";
|
||||
responseStream << "</body>\n";
|
||||
|
||||
@ -35,12 +35,9 @@ void RegisterPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Ne
|
||||
);
|
||||
}
|
||||
if(userReturned) {
|
||||
auto cookie_id = session->getHandle();
|
||||
//auto user_host_string = request.clientAddress().toString();
|
||||
auto user_host = request.clientAddress().host();
|
||||
session->setClientIp(user_host);
|
||||
//printf("cookie: %d, user_host: %s\n", cookie_id, user_host.data());
|
||||
response.addCookie(Poco::Net::HTTPCookie("user", std::to_string(cookie_id)));
|
||||
response.addCookie(session->getLoginCookie());
|
||||
}
|
||||
}
|
||||
std::ostream& _responseStream = response.send();
|
||||
@ -56,6 +53,13 @@ void RegisterPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Ne
|
||||
responseStream << "<!--<link rel=\"stylesheet\" type=\"text/css\" href=\"css/styles.min.css\">-->\n";
|
||||
responseStream << "<link rel=\"stylesheet\" type=\"text/css\" href=\"https://gradido2.dario-rekowski.de/css/styles.css\">\n";
|
||||
responseStream << "<style type=\"text/css\" >\n";
|
||||
responseStream << ".grd_container\n";
|
||||
responseStream << "{\n";
|
||||
responseStream << " max-width:820px;\n";
|
||||
responseStream << " margin-left:auto;\n";
|
||||
responseStream << " margin-right:auto;\n";
|
||||
responseStream << "}\n";
|
||||
responseStream << "\n";
|
||||
responseStream << "input:not([type='radio']) {\n";
|
||||
responseStream << "\twidth:200px;\n";
|
||||
responseStream << "}\n";
|
||||
@ -69,7 +73,7 @@ void RegisterPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Ne
|
||||
responseStream << "<div class=\"grd_container\">\n";
|
||||
responseStream << "\t<h1>Einen neuen Account anlegen</h1>\n";
|
||||
responseStream << "\t";
|
||||
#line 53 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
|
||||
#line 57 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
|
||||
if(!form.empty() && userReturned) { responseStream << "\n";
|
||||
responseStream << "\t\t\n";
|
||||
responseStream << "\t\t<div class=\"grd_text-max-width\">\n";
|
||||
@ -79,19 +83,19 @@ void RegisterPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Ne
|
||||
responseStream << "\t\t\t</div>\n";
|
||||
responseStream << "\t\t</div>\n";
|
||||
responseStream << "\t";
|
||||
#line 61 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
|
||||
#line 65 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
|
||||
} else { responseStream << "\n";
|
||||
responseStream << "\t<form method=\"POST\">\n";
|
||||
responseStream << "\t\n";
|
||||
responseStream << "\t\t";
|
||||
#line 64 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
|
||||
#line 68 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
|
||||
if(!form.empty() && !userReturned) { responseStream << "\n";
|
||||
responseStream << "\t\t\t";
|
||||
#line 65 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
|
||||
#line 69 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
|
||||
responseStream << ( session->getErrorsHtml() );
|
||||
responseStream << "\n";
|
||||
responseStream << "\t\t";
|
||||
#line 66 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
|
||||
#line 70 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
|
||||
} responseStream << "\n";
|
||||
responseStream << "\t\t<fieldset class=\"grd_container_small\">\n";
|
||||
responseStream << "\t\t\t<legend>Account anlegen</legend>\n";
|
||||
@ -99,14 +103,14 @@ void RegisterPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Ne
|
||||
responseStream << "\t\t\t<p class=\"grd_small\">\n";
|
||||
responseStream << "\t\t\t\t<label for=\"register-name\">Vorname</label>\n";
|
||||
responseStream << "\t\t\t\t<input id=\"register-name\" type=\"text\" name=\"register-name\" value=\"";
|
||||
#line 72 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
|
||||
#line 76 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
|
||||
responseStream << ( !form.empty() ? form.get("register-name") : "" );
|
||||
responseStream << "\"/>\n";
|
||||
responseStream << "\t\t\t</p>\n";
|
||||
responseStream << "\t\t\t<p class=\"grd_small\">\n";
|
||||
responseStream << "\t\t\t\t<label for=\"register-email\">E-Mail</label>\n";
|
||||
responseStream << "\t\t\t\t<input id=\"register-email\" type=\"email\" name=\"register-email\" value=\"";
|
||||
#line 76 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
|
||||
#line 80 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
|
||||
responseStream << ( !form.empty() ? form.get("register-email") : "" );
|
||||
responseStream << "\"/>\n";
|
||||
responseStream << "\t\t\t</p>\n";
|
||||
@ -123,7 +127,7 @@ void RegisterPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Ne
|
||||
responseStream << "\t\t\n";
|
||||
responseStream << "\t</form>\n";
|
||||
responseStream << "\t";
|
||||
#line 90 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
|
||||
#line 94 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
|
||||
} responseStream << "\n";
|
||||
responseStream << "</div>\n";
|
||||
responseStream << "</body>\n";
|
||||
|
||||
@ -7,6 +7,8 @@
|
||||
|
||||
#line 7 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp"
|
||||
|
||||
#include "Poco/Net/HTTPServerParams.h"
|
||||
|
||||
enum PageState
|
||||
{
|
||||
PAGE_ASK,
|
||||
@ -30,7 +32,7 @@ void SaveKeysPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Ne
|
||||
if (_compressResponse) response.set("Content-Encoding", "gzip");
|
||||
|
||||
Poco::Net::HTMLForm form(request, request.stream());
|
||||
#line 16 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp"
|
||||
#line 18 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp"
|
||||
|
||||
|
||||
bool hasErrors = mSession->errorCount() > 0;
|
||||
@ -65,10 +67,15 @@ void SaveKeysPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Ne
|
||||
hasErrors = true;
|
||||
} else if(mSession->getSessionState() >= SESSION_STATE_KEY_PAIR_GENERATED) {
|
||||
state = PAGE_SHOW_PUBKEY;
|
||||
auto uri_start = request.serverParams().getServerName();
|
||||
printf("uri_start: %s\n", uri_start.data());
|
||||
//response.redirect(uri_start + "/");
|
||||
} else {
|
||||
state = PAGE_ERROR;
|
||||
}
|
||||
}
|
||||
printf("SaveKeysPage: hasErrors: %d, session state: %d, target state: %d\n",
|
||||
hasErrors, mSession->getSessionState(), SESSION_STATE_KEY_PAIR_GENERATED);
|
||||
}
|
||||
std::ostream& _responseStream = response.send();
|
||||
Poco::DeflatingOutputStream _gzipStream(_responseStream, Poco::DeflatingStreamBuf::STREAM_GZIP, 1);
|
||||
@ -83,6 +90,13 @@ void SaveKeysPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Ne
|
||||
responseStream << "<!--<link rel=\"stylesheet\" type=\"text/css\" href=\"css/styles.min.css\">-->\n";
|
||||
responseStream << "<link rel=\"stylesheet\" type=\"text/css\" href=\"https://gradido2.dario-rekowski.de/css/styles.css\">\n";
|
||||
responseStream << "<style type=\"text/css\" >\n";
|
||||
responseStream << ".grd_container\n";
|
||||
responseStream << "{\n";
|
||||
responseStream << " max-width:820px;\n";
|
||||
responseStream << " margin-left:auto;\n";
|
||||
responseStream << " margin-right:auto;\n";
|
||||
responseStream << "}\n";
|
||||
responseStream << "\n";
|
||||
responseStream << "input:not([type='radio']) {\n";
|
||||
responseStream << "\twidth:200px;\n";
|
||||
responseStream << "}\n";
|
||||
@ -95,18 +109,18 @@ void SaveKeysPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Ne
|
||||
responseStream << "<body>\n";
|
||||
responseStream << "<div class=\"grd_container\">\n";
|
||||
responseStream << "\t";
|
||||
#line 76 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp"
|
||||
#line 90 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp"
|
||||
if(hasErrors) { responseStream << "\n";
|
||||
responseStream << "\t\t";
|
||||
#line 77 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp"
|
||||
#line 91 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp"
|
||||
responseStream << ( mSession->getErrorsHtml() );
|
||||
responseStream << "\n";
|
||||
responseStream << "\t";
|
||||
#line 78 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp"
|
||||
#line 92 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp"
|
||||
} responseStream << "\n";
|
||||
responseStream << "\t<h1>Daten speichern</h1>\n";
|
||||
responseStream << "\t";
|
||||
#line 80 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp"
|
||||
#line 94 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp"
|
||||
if(state == PAGE_ASK) { responseStream << "\n";
|
||||
responseStream << "\t<form method=\"POST\">\n";
|
||||
responseStream << "\t\t<fieldset>\n";
|
||||
@ -121,7 +135,7 @@ void SaveKeysPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Ne
|
||||
responseStream << "\t\t\t\t<label class=\"grd_radio_label\" for=\"save-privkey-yes\">Ja, bitte speichern!</label>\n";
|
||||
responseStream << "\t\t\t</p>\n";
|
||||
responseStream << "\t\t\t";
|
||||
#line 93 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp"
|
||||
#line 107 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp"
|
||||
if(!hasPassword) { responseStream << "\n";
|
||||
responseStream << "\t\t\t\t<p>Ich brauche nochmal dein Passwort wenn du dich für ja entscheidest.</p>\n";
|
||||
responseStream << "\t\t\t\t<p class=\"grd_small\">\n";
|
||||
@ -129,7 +143,7 @@ void SaveKeysPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Ne
|
||||
responseStream << "\t\t\t\t\t<input id=\"save-privkey-password\" type=\"password\" name=\"save-privkey-password\"/>\n";
|
||||
responseStream << "\t\t\t\t</p>\n";
|
||||
responseStream << "\t\t\t";
|
||||
#line 99 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp"
|
||||
#line 113 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp"
|
||||
} responseStream << "\n";
|
||||
responseStream << "\t\t\t<p class=\"grd_small\">\n";
|
||||
responseStream << "\t\t\t\t<input id=\"save-privkey-no\" type=\"radio\" name=\"save-privkey\" value=\"no\"/>\n";
|
||||
@ -154,27 +168,31 @@ void SaveKeysPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Ne
|
||||
responseStream << "\t\t<input class=\"grd_bn_succeed\" type=\"submit\" value=\"Speichern\">\n";
|
||||
responseStream << "\t</form>\n";
|
||||
responseStream << "\t";
|
||||
#line 122 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp"
|
||||
#line 136 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp"
|
||||
} else if(state == PAGE_SHOW_PUBKEY) { responseStream << "\n";
|
||||
responseStream << "\t\t<div class=\"grd_text\">\n";
|
||||
responseStream << "\t\t\t<p>Je nach Auswahl werden deine Daten nun verschlüsselt und gespeichert. </p>\n";
|
||||
responseStream << "\t\t\t<p>Deine Gradido Adresse (Hex): </p>\n";
|
||||
responseStream << "\t\t\t<p class=\"grd_textarea\">\n";
|
||||
responseStream << "\t\t\t\t";
|
||||
#line 127 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp"
|
||||
#line 141 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp"
|
||||
responseStream << ( mSession->getUser()->getPublicKeyHex() );
|
||||
responseStream << "\n";
|
||||
responseStream << "\t\t\t</p>\n";
|
||||
responseStream << "\t\t\t<a class=\"grd_bn\" href=\"../\">Zurück zur Startseite</a>\n";
|
||||
responseStream << "\t\t</div>\n";
|
||||
responseStream << "\t";
|
||||
#line 131 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp"
|
||||
#line 145 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp"
|
||||
} else if(state == PAGE_ERROR) { responseStream << "\n";
|
||||
responseStream << "\t\t<div class=\"grd_text\">\n";
|
||||
responseStream << "\t\t\t<p>Ein Fehler trat auf, bitte versuche es erneut oder wende dich an den Server-Admin</p>\n";
|
||||
responseStream << "\t\t\t";
|
||||
#line 148 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp"
|
||||
responseStream << ( mSession->getSessionStateString() );
|
||||
responseStream << "\n";
|
||||
responseStream << "\t\t</div>\n";
|
||||
responseStream << "\t";
|
||||
#line 135 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp"
|
||||
#line 150 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp"
|
||||
} responseStream << "\n";
|
||||
responseStream << "</div>\n";
|
||||
responseStream << "</body>\n";
|
||||
|
||||
@ -144,7 +144,11 @@ bool Extractor::extract(std::size_t pos, Poco::Data::BLOB& val)
|
||||
if (_metadata.isNull(static_cast<Poco::UInt32>(pos)))
|
||||
return false;
|
||||
|
||||
if (_metadata.metaColumn(static_cast<Poco::UInt32>(pos)).type() != Poco::Data::MetaColumn::FDT_BLOB)
|
||||
// UNICORN ADD, Copy from string extract
|
||||
// mysql reports BINARY types as FDT_STRING when being extracted
|
||||
auto columnType = _metadata.metaColumn(static_cast<Poco::UInt32>(pos)).type();
|
||||
//if (_metadata.metaColumn(static_cast<Poco::UInt32>(pos)).type() != Poco::Data::MetaColumn::FDT_BLOB)
|
||||
if (columnType != Poco::Data::MetaColumn::FDT_STRING && columnType != Poco::Data::MetaColumn::FDT_BLOB)
|
||||
throw MySQLException("Extractor: not a blob");
|
||||
|
||||
val.assignRaw(_metadata.rawData(pos), _metadata.length(pos));
|
||||
|
||||
@ -33,6 +33,10 @@ bool SessionManager::init()
|
||||
case VALIDATE_EMAIL: mValidations[i] = new Poco::RegularExpression("^[a-zA-Z0-9.!#$%&’*+/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)*$"); break;
|
||||
case VALIDATE_PASSWORD: mValidations[i] = new Poco::RegularExpression("^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.*[@$!%*?&+-])[A-Za-z0-9@$!%*?&+-]{8,}$"); break;
|
||||
case VALIDATE_PASSPHRASE: mValidations[i] = new Poco::RegularExpression("^(?:[a-z]* ){23}[a-z]*\s*$"); break;
|
||||
case VALIDATE_HAS_NUMBER: mValidations[i] = new Poco::RegularExpression("[0-9]"); break;
|
||||
case VALIDATE_HAS_SPECIAL_CHARACTER: mValidations[i] = new Poco::RegularExpression("[@$!%*?&+-]"); break;
|
||||
case VALIDATE_HAS_UPPERCASE_LETTER: mValidations[i] = new Poco::RegularExpression("[A-Z]"); break;
|
||||
case VALIDATE_HAS_LOWERCASE_LETTER: mValidations[i] = new Poco::RegularExpression("[a-z]"); break;
|
||||
default: printf("[SessionManager::%s] unknown validation type\n", __FUNCTION__);
|
||||
}
|
||||
}
|
||||
|
||||
@ -24,6 +24,10 @@ enum SessionValidationTypes {
|
||||
VALIDATE_EMAIL,
|
||||
VALIDATE_PASSWORD,
|
||||
VALIDATE_PASSPHRASE,
|
||||
VALIDATE_HAS_NUMBER,
|
||||
VALIDATE_HAS_SPECIAL_CHARACTER,
|
||||
VALIDATE_HAS_UPPERCASE_LETTER,
|
||||
VALIDATE_HAS_LOWERCASE_LETTER,
|
||||
VALIDATE_MAX
|
||||
};
|
||||
|
||||
|
||||
@ -46,11 +46,22 @@ int WritePassphraseIntoDB::run()
|
||||
size_t mlen = mPassphrase.size();
|
||||
size_t crypto_size = crypto_box_SEALBYTES + mlen;
|
||||
|
||||
auto em = ErrorManager::getInstance();
|
||||
|
||||
auto dbSession = ConnectionManager::getInstance()->getConnection(CONNECTION_MYSQL_LOGIN_SERVER);
|
||||
Poco::Data::Statement insert(dbSession);
|
||||
insert << "INSERT INTO user_backups (user_id, passphrase) VALUES(?,?)",
|
||||
use(mUserId), use(mPassphrase);
|
||||
try {
|
||||
if (insert.execute() != 1) {
|
||||
em->addError(new ParamError("WritePassphraseIntoDB::run", "inserting passphrase for user failed", std::to_string(mUserId)));
|
||||
em->sendErrorsAsEmail();
|
||||
}
|
||||
}
|
||||
catch (Poco::Exception& ex) {
|
||||
em->addError(new ParamError("WritePassphraseIntoDB::run", "insert passphrase mysql error", ex.displayText().data()));
|
||||
em->sendErrorsAsEmail();
|
||||
}
|
||||
|
||||
printf("[WritePassphraseIntoDB::run] timeUsed: %s\n", timeUsed.string().data());
|
||||
return 0;
|
||||
@ -60,7 +71,7 @@ int WritePassphraseIntoDB::run()
|
||||
// --------------------------------------------------------------------------------------------------------------
|
||||
|
||||
Session::Session(int handle)
|
||||
: mHandleId(handle), mSessionUser(nullptr)
|
||||
: mHandleId(handle), mSessionUser(nullptr), mEmailVerificationCode(0), mState(SESSION_STATE_EMPTY)
|
||||
{
|
||||
|
||||
}
|
||||
@ -100,7 +111,23 @@ bool Session::createUser(const std::string& name, const std::string& email, cons
|
||||
return false;
|
||||
}
|
||||
if (!sm->isValid(password, VALIDATE_PASSWORD)) {
|
||||
addError(new Error("Password", "Bitte gebe ein gültiges Password ein mit mindestens 8 Zeichen, Groß- und Kleinbuchstaben, mindestens einer Zahl und einem Sonderzeichen"));
|
||||
// @$!%*?&+-
|
||||
if (password.size() < 8) {
|
||||
addError(new Error("Passwort", "Dein Passwort ist zu kurz!"));
|
||||
}
|
||||
else if (!sm->isValid(password, VALIDATE_HAS_LOWERCASE_LETTER)) {
|
||||
addError(new Error("Passwort", "Dein Passwort enthält keine Kleinbuchstaben!"));
|
||||
}
|
||||
else if (!sm->isValid(password, VALIDATE_HAS_UPPERCASE_LETTER)) {
|
||||
addError(new Error("Passwort", "Dein Passwort enthält keine Großbuchstaben!"));
|
||||
}
|
||||
else if (!sm->isValid(password, VALIDATE_HAS_NUMBER)) {
|
||||
addError(new Error("Passwort", "Dein Passwort enthält keine Zahlen!"));
|
||||
}
|
||||
else if (!sm->isValid(password, VALIDATE_HAS_SPECIAL_CHARACTER)) {
|
||||
addError(new Error("Passwort", "Dein Passwort enthält keine Sonderzeichen (@$!%*?&+-)!"));
|
||||
}
|
||||
addError(new Error("Passwort", "Bitte gebe ein gültiges Password ein mit mindestens 8 Zeichen, Groß- und Kleinbuchstaben, mindestens einer Zahl und einem Sonderzeichen"));
|
||||
return false;
|
||||
}
|
||||
/*if (passphrase.size() > 0 && !sm->isValid(passphrase, VALIDATE_PASSPHRASE)) {
|
||||
@ -248,10 +275,76 @@ bool Session::isPwdValid(const std::string& pwd)
|
||||
|
||||
bool Session::loadUser(const std::string& email, const std::string& password)
|
||||
{
|
||||
Profiler usedTime;
|
||||
if (mSessionUser) delete mSessionUser;
|
||||
mSessionUser = new User(email.data());
|
||||
if (!mSessionUser->validatePwd(password)) {
|
||||
addError(new Error("Login", "E-Mail oder Passwort nicht korrekt, bitte versuche es erneut"));
|
||||
return false;
|
||||
}
|
||||
detectSessionState();
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
/*
|
||||
SESSION_STATE_CRYPTO_KEY_GENERATED,
|
||||
SESSION_STATE_USER_WRITTEN,
|
||||
SESSION_STATE_EMAIL_VERIFICATION_WRITTEN,
|
||||
SESSION_STATE_EMAIL_VERIFICATION_SEND,
|
||||
SESSION_STATE_EMAIL_VERIFICATION_CODE_CHECKED,
|
||||
SESSION_STATE_PASSPHRASE_GENERATED,
|
||||
SESSION_STATE_PASSPHRASE_SHOWN,
|
||||
SESSION_STATE_PASSPHRASE_WRITTEN,
|
||||
SESSION_STATE_KEY_PAIR_GENERATED,
|
||||
SESSION_STATE_KEY_PAIR_WRITTEN,
|
||||
SESSION_STATE_COUNT
|
||||
*/
|
||||
void Session::detectSessionState()
|
||||
{
|
||||
if (!mSessionUser || !mSessionUser->hasCryptoKey()) {
|
||||
return;
|
||||
}
|
||||
if (mSessionUser->getDBId() == 0) {
|
||||
updateState(SESSION_STATE_CRYPTO_KEY_GENERATED);
|
||||
return;
|
||||
}
|
||||
if (!mSessionUser->isEmailChecked()) {
|
||||
if (mEmailVerificationCode == 0)
|
||||
updateState(SESSION_STATE_USER_WRITTEN);
|
||||
else
|
||||
updateState(SESSION_STATE_EMAIL_VERIFICATION_WRITTEN);
|
||||
return;
|
||||
}
|
||||
|
||||
if (mSessionUser->getPublicKeyHex() == "") {
|
||||
|
||||
auto dbConnection = ConnectionManager::getInstance()->getConnection(CONNECTION_MYSQL_LOGIN_SERVER);
|
||||
Poco::Data::Statement select(dbConnection);
|
||||
Poco::Nullable<Poco::Data::BLOB> passphrase;
|
||||
select << "SELECT passphrase from user_backups where user_id = ?;",
|
||||
into(passphrase), bind(mSessionUser->getDBId());
|
||||
try {
|
||||
if (select.execute() == 1 && !passphrase.isNull()) {
|
||||
updateState(SESSION_STATE_PASSPHRASE_WRITTEN);
|
||||
return;
|
||||
}
|
||||
}
|
||||
catch (Poco::Exception& exc) {
|
||||
printf("mysql exception: %s\n", exc.displayText().data());
|
||||
}
|
||||
if (mPassphrase != "") {
|
||||
updateState(SESSION_STATE_PASSPHRASE_GENERATED);
|
||||
return;
|
||||
}
|
||||
updateState(SESSION_STATE_EMAIL_VERIFICATION_CODE_CHECKED);
|
||||
return;
|
||||
}
|
||||
|
||||
updateState(SESSION_STATE_KEY_PAIR_WRITTEN);
|
||||
|
||||
}
|
||||
|
||||
Poco::Net::HTTPCookie Session::getLoginCookie()
|
||||
{
|
||||
auto keks = Poco::Net::HTTPCookie("user", std::to_string(mHandleId));
|
||||
@ -335,6 +428,7 @@ const char* Session::getSessionStateString()
|
||||
const char* Session::translateSessionStateToString(SessionStates state)
|
||||
{
|
||||
switch (state) {
|
||||
case SESSION_STATE_EMPTY: return "uninitalized";
|
||||
case SESSION_STATE_CRYPTO_KEY_GENERATED: return "crpyto key generated";
|
||||
case SESSION_STATE_USER_WRITTEN: return "User saved";
|
||||
case SESSION_STATE_EMAIL_VERIFICATION_WRITTEN: return "E-Mail verification code saved";
|
||||
|
||||
@ -25,6 +25,7 @@
|
||||
class WriteEmailVerification;
|
||||
|
||||
enum SessionStates {
|
||||
SESSION_STATE_EMPTY,
|
||||
SESSION_STATE_CRYPTO_KEY_GENERATED,
|
||||
SESSION_STATE_USER_WRITTEN,
|
||||
SESSION_STATE_EMAIL_VERIFICATION_WRITTEN,
|
||||
@ -85,7 +86,7 @@ protected:
|
||||
|
||||
void createEmailVerificationCode();
|
||||
|
||||
|
||||
void detectSessionState();
|
||||
static const char* translateSessionStateToString(SessionStates state);
|
||||
|
||||
int mHandleId;
|
||||
|
||||
@ -92,6 +92,7 @@ int UserWriteKeysIntoDB::run()
|
||||
if (mSavePrivKey) {
|
||||
// TODO: encrypt privkey
|
||||
auto privKey = keyPairs->getPrivateKey();
|
||||
printf("[UserWriteKeysIntoDB] privKey hex: %s\n", KeyPair::getHex(*privKey, privKey->size()).data());
|
||||
pprivkey_blob = mUser->encrypt(privKey);
|
||||
//Poco::Data::BLOB privkey_blob(*privKey, privKey->size());
|
||||
|
||||
@ -129,8 +130,13 @@ int UserWriteKeysIntoDB::run()
|
||||
}
|
||||
|
||||
// *******************************************************************************
|
||||
// new user
|
||||
User::User(const char* email, const char* name)
|
||||
: mDBId(0), mEmail(email), mFirstName(name), mPasswordHashed(0), mEmailChecked(false), mCryptoKey(nullptr)
|
||||
{
|
||||
|
||||
|
||||
}
|
||||
// load from db
|
||||
User::User(const char* email)
|
||||
: mDBId(0), mEmail(email), mPasswordHashed(0), mEmailChecked(false), mCryptoKey(nullptr)
|
||||
{
|
||||
@ -142,10 +148,13 @@ User::User(const char* email)
|
||||
Poco::Nullable<Poco::Data::BLOB> pubkey;
|
||||
|
||||
Poco::Data::Statement select(session);
|
||||
int email_checked = 0;
|
||||
select << "SELECT id, name, password, pubkey, email_checked from users where email = ?",
|
||||
into(mDBId), into(mFirstName), into(mPasswordHashed), into(pubkey), into(mEmailChecked), use(mEmail);
|
||||
into(mDBId), into(mFirstName), into(mPasswordHashed), into(pubkey), into(email_checked), use(mEmail);
|
||||
try {
|
||||
if (select.execute() == 1) {
|
||||
auto result = select.execute();
|
||||
int zahl = 1;
|
||||
if (result == 1) {
|
||||
if (!pubkey.isNull()) {
|
||||
auto pubkey_value = pubkey.value();
|
||||
size_t hexSize = pubkey_value.size() * 2 + 1;
|
||||
@ -155,14 +164,13 @@ User::User(const char* email)
|
||||
mPublicHex = hexString;
|
||||
free(hexString);
|
||||
}
|
||||
if (email_checked != 0) mEmailChecked = true;
|
||||
}
|
||||
} catch(...) {}
|
||||
} catch(Poco::Exception& ex) {
|
||||
addError(new ParamError("User::User", "mysql error", ex.displayText().data()));
|
||||
}
|
||||
}
|
||||
|
||||
User* User::login(const std::string& email, const std::string& password, ErrorList* errorContainer = nullptr)
|
||||
{
|
||||
|
||||
}
|
||||
|
||||
|
||||
User::~User()
|
||||
@ -175,13 +183,23 @@ User::~User()
|
||||
|
||||
std::string User::generateNewPassphrase(Mnemonic* word_source)
|
||||
{
|
||||
auto em = ErrorManager::getInstance();
|
||||
unsigned int random_indices[PHRASE_WORD_COUNT];
|
||||
unsigned int str_sizes[PHRASE_WORD_COUNT];
|
||||
unsigned int phrase_buffer_size = 0;
|
||||
|
||||
for (int i = 0; i < PHRASE_WORD_COUNT; i++) {
|
||||
random_indices[i] = randombytes_random() % 2048;
|
||||
str_sizes[i] = strlen(word_source->getWord(random_indices[i]));
|
||||
auto word = word_source->getWord(random_indices[i]);
|
||||
if (!word) {
|
||||
em->addError(new ParamError("User::generateNewPassphrase", "empty word get for index", random_indices[i]));
|
||||
em->sendErrorsAsEmail();
|
||||
|
||||
random_indices[i] = randombytes_random() % 2048;
|
||||
word = word_source->getWord(random_indices[i]);
|
||||
if (!word) return "Ein Fehler, bitte wende dich an den Server-Admin.";
|
||||
}
|
||||
str_sizes[i] = strlen(word);
|
||||
phrase_buffer_size += str_sizes[i];
|
||||
}
|
||||
phrase_buffer_size += PHRASE_WORD_COUNT + 1;
|
||||
@ -285,10 +303,11 @@ bool User::generateKeys(bool savePrivkey, const std::string& passphrase, Session
|
||||
Profiler timeUsed;
|
||||
|
||||
UniLib::controller::TaskPtr generateKeysTask(new UserGenerateKeys(this, passphrase));
|
||||
generateKeysTask->setFinishCommand(new SessionStateUpdateCommand(SESSION_STATE_KEY_PAIR_GENERATED, session));
|
||||
//generateKeysTask->setFinishCommand(new SessionStateUpdateCommand(SESSION_STATE_KEY_PAIR_GENERATED, session));
|
||||
//generateKeysTask->scheduleTask(generateKeysTask);
|
||||
// run directly because we like to show pubkey on interface, shouldn't last to long
|
||||
generateKeysTask->run();
|
||||
session->updateState(SESSION_STATE_KEY_PAIR_GENERATED);
|
||||
|
||||
if (mDBId == 0) {
|
||||
loadEntryDBId(ConnectionManager::getInstance()->getConnection(CONNECTION_MYSQL_LOGIN_SERVER));
|
||||
@ -332,8 +351,12 @@ Poco::Data::BLOB* User::encrypt(const ObfusArray* data)
|
||||
free(ciphertext);
|
||||
return nullptr;
|
||||
}
|
||||
|
||||
printf("[User::encrypt] encrypted: %s\n", KeyPair::getHex(ciphertext, ciphertext_len).data());
|
||||
auto result_blob = new Poco::Data::BLOB(ciphertext, ciphertext_len);
|
||||
free(ciphertext);
|
||||
return new Poco::Data::BLOB(ciphertext, ciphertext_len);
|
||||
|
||||
return result_blob;
|
||||
}
|
||||
|
||||
Poco::Data::Statement User::insertIntoDB(Poco::Data::Session session)
|
||||
|
||||
@ -21,7 +21,7 @@ class User : public ErrorList
|
||||
friend UserWriteIntoDB;
|
||||
public:
|
||||
// new user
|
||||
//User(const char* email, const char* name, const char* password);
|
||||
User(const char* email, const char* name);
|
||||
// existing user
|
||||
User(const char* email);
|
||||
// login
|
||||
@ -31,7 +31,7 @@ public:
|
||||
|
||||
static std::string generateNewPassphrase(Mnemonic* word_source);
|
||||
static bool validatePassphrase(const std::string& passphrase);
|
||||
static User* login(const std::string& email, const std::string& password, ErrorList* errorContainer = nullptr);
|
||||
//static User* login(const std::string& email, const std::string& password, ErrorList* errorContainer = nullptr);
|
||||
|
||||
bool generateKeys(bool savePrivkey, const std::string& passphrase, Session* session);
|
||||
|
||||
@ -43,6 +43,7 @@ public:
|
||||
inline const char* getName() const { return mFirstName.data(); }
|
||||
inline int getDBId() const { return mDBId; }
|
||||
inline void setEmailChecked() { mEmailChecked = true; }
|
||||
inline bool isEmailChecked() { return mEmailChecked; }
|
||||
inline std::string getPublicKeyHex() { lock(); std::string pubkeyHex = mPublicHex; unlock(); return pubkeyHex; }
|
||||
inline void setPublicKeyHex(const std::string& publicKeyHex) { lock(); mPublicHex = publicKeyHex; unlock(); }
|
||||
|
||||
|
||||
@ -17,7 +17,7 @@ namespace UniLib {
|
||||
}
|
||||
|
||||
CPUTask::CPUTask(size_t taskDependenceCount/* = 0*/)
|
||||
: Task(), mScheduler(ServerConfig::g_CPUScheduler)
|
||||
: Task(taskDependenceCount), mScheduler(ServerConfig::g_CPUScheduler)
|
||||
{
|
||||
assert(mScheduler);
|
||||
}
|
||||
|
||||
@ -24,6 +24,13 @@
|
||||
<!--<link rel="stylesheet" type="text/css" href="css/styles.min.css">-->
|
||||
<link rel="stylesheet" type="text/css" href="https://gradido2.dario-rekowski.de/css/styles.css">
|
||||
<style type="text/css" >
|
||||
.grd_container
|
||||
{
|
||||
max-width:820px;
|
||||
margin-left:auto;
|
||||
margin-right:auto;
|
||||
}
|
||||
|
||||
input:not([type='radio']) {
|
||||
width:200px;
|
||||
}
|
||||
|
||||
@ -28,12 +28,14 @@
|
||||
<h1>Willkommen <%= mSession->getUser()->getName() %></h1>
|
||||
<h3>Status</h3>
|
||||
<p><%= mSession->getSessionStateString() %></p>
|
||||
<% if(mSession->getSessionState() == SESSION_STATE_EMAIL_VERIFICATION_SEND) %>
|
||||
<% if(mSession->getSessionState() == SESSION_STATE_EMAIL_VERIFICATION_SEND) { %>
|
||||
<p>Verification Code E-Mail wurde erfolgreich an dich verschickt, bitte schaue auch in dein Spam-Verzeichnis nach wenn du sie nicht findest und klicke auf den Link den du dort findest oder kopiere den Code hier her:</p>
|
||||
<form method="GET" action="/checkEmail">
|
||||
<input type="number" name="email-verification-code">
|
||||
<input class="grd_bn_succeed" type="submit" value="Überprüfe Code">
|
||||
</form>
|
||||
<% } %>
|
||||
<a class="grd_bn" href="/logout">Abmelden</a>
|
||||
</div>
|
||||
</body>
|
||||
</html>
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
<%!
|
||||
#include "../SingletonManager/SessionManager.h"
|
||||
#include "Poco/Net/HTTPCookie.h"
|
||||
|
||||
#include "Poco/Net/HTTPServerParams.h"
|
||||
|
||||
%>
|
||||
<%%
|
||||
@ -33,6 +33,13 @@
|
||||
<!--<link rel="stylesheet" type="text/css" href="css/styles.min.css">-->
|
||||
<link rel="stylesheet" type="text/css" href="https://gradido2.dario-rekowski.de/css/styles.css">
|
||||
<style type="text/css" >
|
||||
.grd_container
|
||||
{
|
||||
max-width:820px;
|
||||
margin-left:auto;
|
||||
margin-right:auto;
|
||||
}
|
||||
|
||||
input:not([type='radio']) {
|
||||
width:200px;
|
||||
}
|
||||
@ -43,10 +50,10 @@ label:not(.grd_radio_label) {
|
||||
</style>
|
||||
</head>
|
||||
<body>
|
||||
<%= session->getErrorsHtml() %>
|
||||
<h1>Login</h1>
|
||||
<form method="POST">
|
||||
<div class="grd_container">
|
||||
<h1>Login</h1>
|
||||
<%= session->getErrorsHtml() %>
|
||||
<fieldset class="grd_container_small">
|
||||
<legend>Login</legend>
|
||||
<p>Bitte gebe deine Zugangsdaten ein um dich einzuloggen.</p>
|
||||
|
||||
@ -57,6 +57,13 @@ enum PageState
|
||||
<!--<link rel="stylesheet" type="text/css" href="css/styles.min.css">-->
|
||||
<link rel="stylesheet" type="text/css" href="https://gradido2.dario-rekowski.de/css/styles.css">
|
||||
<style type="text/css" >
|
||||
.grd_container
|
||||
{
|
||||
max-width:820px;
|
||||
margin-left:auto;
|
||||
margin-right:auto;
|
||||
}
|
||||
|
||||
input:not([type='radio']) {
|
||||
width:200px;
|
||||
}
|
||||
|
||||
@ -35,6 +35,13 @@
|
||||
<!--<link rel="stylesheet" type="text/css" href="css/styles.min.css">-->
|
||||
<link rel="stylesheet" type="text/css" href="https://gradido2.dario-rekowski.de/css/styles.css">
|
||||
<style type="text/css" >
|
||||
.grd_container
|
||||
{
|
||||
max-width:820px;
|
||||
margin-left:auto;
|
||||
margin-right:auto;
|
||||
}
|
||||
|
||||
input:not([type='radio']) {
|
||||
width:200px;
|
||||
}
|
||||
|
||||
@ -5,6 +5,8 @@
|
||||
<%@ page form="true" %>
|
||||
<%@ page compressed="true" %>
|
||||
<%!
|
||||
#include "Poco/Net/HTTPServerParams.h"
|
||||
|
||||
enum PageState
|
||||
{
|
||||
PAGE_ASK,
|
||||
@ -47,10 +49,15 @@ enum PageState
|
||||
hasErrors = true;
|
||||
} else if(mSession->getSessionState() >= SESSION_STATE_KEY_PAIR_GENERATED) {
|
||||
state = PAGE_SHOW_PUBKEY;
|
||||
auto uri_start = request.serverParams().getServerName();
|
||||
printf("uri_start: %s\n", uri_start.data());
|
||||
//response.redirect(uri_start + "/");
|
||||
} else {
|
||||
state = PAGE_ERROR;
|
||||
}
|
||||
}
|
||||
printf("SaveKeysPage: hasErrors: %d, session state: %d, target state: %d\n",
|
||||
hasErrors, mSession->getSessionState(), SESSION_STATE_KEY_PAIR_GENERATED);
|
||||
}
|
||||
%>
|
||||
<!DOCTYPE html>
|
||||
@ -62,6 +69,13 @@ enum PageState
|
||||
<!--<link rel="stylesheet" type="text/css" href="css/styles.min.css">-->
|
||||
<link rel="stylesheet" type="text/css" href="https://gradido2.dario-rekowski.de/css/styles.css">
|
||||
<style type="text/css" >
|
||||
.grd_container
|
||||
{
|
||||
max-width:820px;
|
||||
margin-left:auto;
|
||||
margin-right:auto;
|
||||
}
|
||||
|
||||
input:not([type='radio']) {
|
||||
width:200px;
|
||||
}
|
||||
@ -131,6 +145,7 @@ label:not(.grd_radio_label) {
|
||||
<% } else if(state == PAGE_ERROR) { %>
|
||||
<div class="grd_text">
|
||||
<p>Ein Fehler trat auf, bitte versuche es erneut oder wende dich an den Server-Admin</p>
|
||||
<%= mSession->getSessionStateString() %>
|
||||
</div>
|
||||
<% } %>
|
||||
</div>
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user