From 8190dcc6af12bcc6cbb805cde911ae5e0fba5d0e Mon Sep 17 00:00:00 2001
From: einhornimmond <dario.rekowski@gmx.de>
Date: Wed, 16 Jun 2021 17:55:48 +0200
Subject: [PATCH] ddd password reset as separat json function

---
 .../cpp/JSONInterface/JsonRequestHandler.cpp  | 13 +++++
 .../JsonRequestHandlerFactory.cpp             |  4 ++
 .../cpp/JSONInterface/JsonResetPassword.cpp   | 50 +++++++++++++++++++
 .../src/cpp/JSONInterface/JsonResetPassword.h | 20 ++++++++
 4 files changed, 87 insertions(+)

diff --git a/login_server/src/cpp/JSONInterface/JsonRequestHandler.cpp b/login_server/src/cpp/JSONInterface/JsonRequestHandler.cpp
index a577155b9..feab7043b 100644
--- a/login_server/src/cpp/JSONInterface/JsonRequestHandler.cpp
+++ b/login_server/src/cpp/JSONInterface/JsonRequestHandler.cpp
@@ -227,6 +227,19 @@ Poco::JSON::Object* JsonRequestHandler::checkAndLoadSession(Poco::Dynamic::Var p
 			return stateError("error parsing query params, Poco Error", ex.displayText());
 		}
 	}
+	else if (params.type() == typeid(Poco::JSON::Object::Ptr)) {
+		try {
+			Poco::JSON::Object::Ptr paramJsonObject = params.extract<Poco::JSON::Object::Ptr>();
+			auto session_id_obj = paramJsonObject->get("session_id");
+			if (session_id_obj.isEmpty()) {
+				return stateError("missing session_id");
+			}
+			session_id_obj.convert(session_id);
+		}
+		catch (Poco::Exception& ex) {
+			return stateError("Poco Exception by reading session_id", ex.what());
+		}
+	}
 
 	if (!session_id) {
 		return stateError("empty session id");
diff --git a/login_server/src/cpp/JSONInterface/JsonRequestHandlerFactory.cpp b/login_server/src/cpp/JSONInterface/JsonRequestHandlerFactory.cpp
index b50fc7957..744ac710e 100644
--- a/login_server/src/cpp/JSONInterface/JsonRequestHandlerFactory.cpp
+++ b/login_server/src/cpp/JSONInterface/JsonRequestHandlerFactory.cpp
@@ -19,6 +19,7 @@
 #include "JsonLoginViaEmailVerificationCode.h"
 #include "JsonLogout.h"
 #include "JsonNetworkInfos.h"
+#include "JsonResetPassword.h"
 #include "JsonSendEmail.h"
 #include "JsonAdminEmailVerificationResend.h"
 #include "JsonGetUserInfos.h"
@@ -114,6 +115,9 @@ Poco::Net::HTTPRequestHandler* JsonRequestHandlerFactory::createRequestHandler(c
 	else if (url_first_part == "/sendEmail") {
 		return new JsonSendEmail;
 	}
+	else if (url_first_part == "/resetPassword") {
+		return new JsonResetPassword;
+	}
 	else if (url_first_part == "/logout") {
 		return new JsonLogout(client_host);
 	}
diff --git a/login_server/src/cpp/JSONInterface/JsonResetPassword.cpp b/login_server/src/cpp/JSONInterface/JsonResetPassword.cpp
index e69de29bb..2b0208681 100644
--- a/login_server/src/cpp/JSONInterface/JsonResetPassword.cpp
+++ b/login_server/src/cpp/JSONInterface/JsonResetPassword.cpp
@@ -0,0 +1,50 @@
+#include "JsonResetPassword.h"
+
+#include "SingletonManager/SessionManager.h"
+#include "SingletonManager/SingletonTaskObserver.h"
+
+Poco::JSON::Object* JsonResetPassword::handle(Poco::Dynamic::Var params)
+{
+	auto result_session_check = checkAndLoadSession(params, true);
+	if (result_session_check) {
+		return result_session_check;
+	}
+
+	std::string password;
+	// if is json object
+	if (params.type() == typeid(Poco::JSON::Object::Ptr)) {
+		Poco::JSON::Object::Ptr paramJsonObject = params.extract<Poco::JSON::Object::Ptr>();
+		try {
+			auto password_obj = paramJsonObject->get("password");
+			if (password_obj.isEmpty()) {
+				return stateError("password missing");
+			}
+		}
+		catch (Poco::Exception& ex) {
+			return stateError("error parsing json", ex.what());
+		}
+	}
+	auto sm = SessionManager::getInstance();
+	NotificationList errors;
+	if (!sm->checkPwdValidation(password, &errors, LanguageManager::getInstance()->getFreeCatalog(LANG_EN))) {
+		return stateError("password isn't valid", &errors);
+	}
+	auto user = mSession->getNewUser();
+	if (user.isNull() || user->getModel().isNull()) {
+		return stateError("invalid user");
+	}
+
+	auto observer = SingletonTaskObserver::getInstance();
+	auto email_hash = observer->makeHash(user->getModel()->getEmail());
+
+	if (observer->getTaskCount(email_hash, TASK_OBSERVER_PASSWORD_CREATION)) {
+		return stateError("password encryption is already running");
+	}
+
+	user->setNewPassword(password);
+	KeyPairEd25519* key_pair = NULL;
+	if (!user->tryLoadPassphraseUserBackup(&key_pair)) {
+		user->setGradidoKeyPair(key_pair);
+	}
+	return stateSuccess();
+}
\ No newline at end of file
diff --git a/login_server/src/cpp/JSONInterface/JsonResetPassword.h b/login_server/src/cpp/JSONInterface/JsonResetPassword.h
index e69de29bb..505622026 100644
--- a/login_server/src/cpp/JSONInterface/JsonResetPassword.h
+++ b/login_server/src/cpp/JSONInterface/JsonResetPassword.h
@@ -0,0 +1,20 @@
+#ifndef __JSON_INTERFACE_JSON_RESET_PASSWORD_
+#define __JSON_INTERFACE_JSON_RESET_PASSWORD_
+
+#include "JsonRequestHandler.h"
+
+/*!
+* @author Dario Rekowski
+* @date 2021-06-16
+* @brief reset password, if user has forgetten his password
+*
+*/
+
+class JsonResetPassword : public JsonRequestHandler
+{
+public:
+	Poco::JSON::Object* handle(Poco::Dynamic::Var params);
+
+};
+
+#endif // __JSON_INTERFACE_JSON_RESET_PASSWORD_
\ No newline at end of file