IT4Change/gradido
3
0
Fork 0
mirror of https://github.com/IT4Change/gradido.git synced 2025-12-13 07:45:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

move creating secret key for password comparisation in extra function

Browse Source 
- needed for check for old passwort for passwort update in frontend
This commit is contained in:
einhornimmond 2021-06-11 14:42:50 +02:00
parent b57dd72269
commit 4ee36c6e36
2 changed files with 21 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
login_server/src/cpp/controller/User.cpp
View File

@ -194,20 +194,14 @@ namespace controller {
return json;
}
int User::login(const std::string& password)
Poco::AutoPtr<SecretKeyCryptography> User::createSecretKey(const std::string& password)
{
if (!mPassword.isNull() && mPassword->hasKey()) {
return 2;
}
auto observer = SingletonTaskObserver::getInstance();
std::unique_lock<std::shared_mutex> _lock(mSharedMutex);
assert(mPassword.isNull());
auto model = getModel();
auto email_hash = observer->makeHash(model->getEmail());
if (observer->getTaskCount(email_hash, TASK_OBSERVER_PASSWORD_CREATION) > 0) {
return -3;
return nullptr;
}
observer->addTask(email_hash, TASK_OBSERVER_PASSWORD_CREATION);
Poco::AutoPtr<SecretKeyCryptography> authenticated_encryption(new SecretKeyCryptography);
@ -215,7 +209,23 @@ namespace controller {
authenticated_encryption->createKey(model->getEmail(), password);
observer->removeTask(email_hash, TASK_OBSERVER_PASSWORD_CREATION);
return authenticated_encryption;
}
int User::login(const std::string& password)
{
std::unique_lock<std::shared_mutex> _lock(mSharedMutex);
if (!mPassword.isNull() && mPassword->hasKey()) {
return 2;
}
assert(mPassword.isNull());
auto authenticated_encryption = createSecretKey(password);
if (authenticated_encryption.isNull()) {
return -3;
}
auto model = getModel();
if (authenticated_encryption->getKeyHashed() == model->getPasswordHashed())
{
// printf("[User::login] password key hashed is the same as saved password hash\n");

3
login_server/src/cpp/controller/User.h
View File

@ -96,6 +96,9 @@ namespace controller {
//! - create authenticated encryption key from password and email
//! - compare hash with in db saved hash
int login(const std::string& password);
//! \brief simply check if password is correct, independent if user is already logged in or not
Poco::AutoPtr<SecretKeyCryptography> createSecretKey(const std::string& password);
// ***********************************************************************************
// password related