From 892d9eb2e2aec1d8610bebad5710fb0c8aadb3b1 Mon Sep 17 00:00:00 2001 From: Dario Date: Tue, 18 Feb 2020 09:39:44 +0100 Subject: [PATCH] fix passphrase needing space after end --- src/cpp/Crypto/KeyPair.cpp | 17 +++++++--- src/cpp/HTTPInterface/LoginPage.cpp | 52 +++++++++++++++++------------ src/cpsp/login.cpsp | 8 +++++ 3 files changed, 50 insertions(+), 27 deletions(-) diff --git a/src/cpp/Crypto/KeyPair.cpp b/src/cpp/Crypto/KeyPair.cpp index d57b177a5..5c177fe6f 100644 --- a/src/cpp/Crypto/KeyPair.cpp +++ b/src/cpp/Crypto/KeyPair.cpp @@ -43,7 +43,8 @@ bool KeyPair::generateFromPassphrase(const char* passphrase, Mnemonic* word_sour // libsodium doc: https://libsodium.gitbook.io/doc/advanced/hmac-sha2 // https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki //crypto_auth_hmacsha512_keygen - unsigned long word_indices[PHRASE_WORD_COUNT]; + unsigned long word_indices[PHRASE_WORD_COUNT+1]; + memset(word_indices, 0, PHRASE_WORD_COUNT + 1); //DHASH key = DRMakeStringHash(passphrase); size_t pass_phrase_size = strlen(passphrase); @@ -52,13 +53,14 @@ bool KeyPair::generateFromPassphrase(const char* passphrase, Mnemonic* word_sour size_t buffer_cursor = 0; // get word indices for hmac key unsigned char word_cursor = 0; - for (size_t i = 0; i < pass_phrase_size; i++) { - if (passphrase[i] == ' ') { + for (size_t i = 0; i <= pass_phrase_size; i++) { + if (passphrase[i] == ' ' || passphrase[i] == '\0') { if(buffer_cursor < 3) continue; if (word_source->isWordExist(acBuffer)) { clearPassphrase += acBuffer; clearPassphrase += " "; word_indices[word_cursor] = word_source->getWordIndex(acBuffer); + //printf("index for %s is: %hu\n", acBuffer, word_source->getWordIndex(acBuffer)); } else { er->addError(new ParamError("KeyPair::generateFromPassphrase", "word didn't exist", acBuffer)); @@ -90,8 +92,13 @@ bool KeyPair::generateFromPassphrase(const char* passphrase, Mnemonic* word_sour // debug passphrase // printf("\passsphrase: <%s>\n", passphrase); - printf("word_indices: \n%s\n", getHex((unsigned char*)word_indices, sizeof(word_indices)).data()); - printf("clear passphrase: \n%s\n", clearPassphrase.data()); + //printf("word_indices: \n%s\n", getHex((unsigned char*)word_indices, sizeof(word_indices)).data()); + /*printf("word_indices: \n"); + for (int i = 0; i < PHRASE_WORD_COUNT; i++) { + if (i > 0) printf(" "); + printf("%hu", word_indices[i]); + }//*/ + //printf("\nclear passphrase: \n%s\n", clearPassphrase.data()); // printf("passphrase bin: \n%s\n\n", getHex((unsigned char*)passphrase, pass_phrase_size).data()); //ed25519_create_keypair(public_key, private_key, hash); diff --git a/src/cpp/HTTPInterface/LoginPage.cpp b/src/cpp/HTTPInterface/LoginPage.cpp index b2c9de543..7c4d38d5f 100644 --- a/src/cpp/HTTPInterface/LoginPage.cpp +++ b/src/cpp/HTTPInterface/LoginPage.cpp @@ -14,6 +14,7 @@ #include "Poco/Logger.h" #include "../SingletonManager/SessionManager.h" #include "../SingletonManager/LanguageManager.h" +#include "../SingletonManager/ErrorManager.h" #line 1 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\header.cpsp" @@ -34,11 +35,12 @@ void LoginPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net:: if (_compressResponse) response.set("Content-Encoding", "gzip"); Poco::Net::HTMLForm form(request, request.stream()); -#line 17 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp" +#line 18 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp" const char* pageName = "Login"; auto sm = SessionManager::getInstance(); auto lm = LanguageManager::getInstance(); + auto em = ErrorManager::getInstance(); auto lang = chooseLanguage(request); auto langCatalog = lm->getFreeCatalog(lang); @@ -106,6 +108,12 @@ void LoginPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net:: response.redirect(ServerConfig::g_serverPath + "/checkEmail"); return; case USER_NO_KEYS: + if(mSession->getSessionState() == SESSION_STATE_PASSPHRASE_WRITTEN) { + //mSession->addError(new Error(langCatalog->ge) + em->addError(new Error("LoginPage", "user has no keys, but passphrase is written")); + em->addError(new ParamError("LoginPage", "user email", email)); + em->sendErrorsAsEmail(); + } response.redirect(ServerConfig::g_serverPath + "/passphrase"); return; case USER_NO_PRIVATE_KEY: @@ -188,20 +196,20 @@ void LoginPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net:: responseStream << "
\n"; responseStream << "
\n"; responseStream << " \n"; responseStream << "\t\t\t\n"; responseStream << "\t\t\t\t\n"; responseStream << "\t\t\t\t \n"; responseStream << "\t\t\t\t\"logo\"\n"; responseStream << "\t\t\t\n"; @@ -213,29 +221,29 @@ void LoginPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net:: responseStream << "
\n"; responseStream << "\t\t\t
\n"; responseStream << "\t\t\t\t"; -#line 142 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp" +#line 150 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp" responseStream << ( getErrorsHtml() ); responseStream << "\t \n"; responseStream << "\t\t\t
\n"; responseStream << "
\n"; responseStream << "
\n"; responseStream << "\t\t\t \n"; responseStream << "
\n"; responseStream << "
\n"; responseStream << "
\n"; responseStream << " \n"; @@ -244,12 +252,12 @@ void LoginPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net:: responseStream << "
\n"; responseStream << "
\n"; responseStream << " \n"; @@ -260,39 +268,39 @@ void LoginPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net:: responseStream << "
\n"; responseStream << "
\n"; responseStream << " gettext("E-Mail") ); responseStream << "\" value=\""; -#line 168 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp" +#line 176 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp" responseStream << ( presetEmail ); responseStream << "\"/>\n"; responseStream << "
\n"; responseStream << "
\n"; responseStream << " gettext("Password") ); responseStream << "\" />\n"; responseStream << "
\n"; responseStream << " \n"; responseStream << "
\n"; responseStream << "

"; -#line 175 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp" +#line 183 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp" responseStream << ( langCatalog->gettext("You haven't any account yet? Please follow the link to create one.") ); responseStream << "

\n"; responseStream << " "; -#line 176 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp" +#line 184 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp" responseStream << ( langCatalog->gettext("Create New Account") ); responseStream << "\n"; responseStream << "
\n"; responseStream << "\t\t\t\t\t
\n"; responseStream << "\t\t\t\t\t\t"; -#line 179 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp" +#line 187 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp" responseStream << ( langCatalog->gettext("Passwort vergessen") ); responseStream << "\n"; responseStream << "\t\t\t\t\t
\n"; diff --git a/src/cpsp/login.cpsp b/src/cpsp/login.cpsp index 884f1d989..1fb2aca84 100644 --- a/src/cpsp/login.cpsp +++ b/src/cpsp/login.cpsp @@ -12,12 +12,14 @@ #include "Poco/Logger.h" #include "../SingletonManager/SessionManager.h" #include "../SingletonManager/LanguageManager.h" +#include "../SingletonManager/ErrorManager.h" %> <%% const char* pageName = "Login"; auto sm = SessionManager::getInstance(); auto lm = LanguageManager::getInstance(); + auto em = ErrorManager::getInstance(); auto lang = chooseLanguage(request); auto langCatalog = lm->getFreeCatalog(lang); @@ -85,6 +87,12 @@ response.redirect(ServerConfig::g_serverPath + "/checkEmail"); return; case USER_NO_KEYS: + if(mSession->getSessionState() == SESSION_STATE_PASSPHRASE_WRITTEN) { + //mSession->addError(new Error(langCatalog->ge) + em->addError(new Error("LoginPage", "user has no keys, but passphrase is written")); + em->addError(new ParamError("LoginPage", "user email", email)); + em->sendErrorsAsEmail(); + } response.redirect(ServerConfig::g_serverPath + "/passphrase"); return; case USER_NO_PRIVATE_KEY: