Prevent calling login page by them self, also if it was called by /

2025-12-13 07:45:54 +00:00 · 2020-06-24 08:19:13 +02:00 · 2020-06-24 08:19:13 +02:00 · 910e2ac5e9
commit 910e2ac5e9
parent 8b4b5f6fc7
2 changed files with 34 additions and 24 deletions
--- a/src/cpp/HTTPInterface/LoginPage.cpp
+++ b/src/cpp/HTTPInterface/LoginPage.cpp
@ -96,7 +96,8 @@ void LoginPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net::
 			}
 			auto userState = mSession->loadUser(email, password);
 			auto user = mSession->getNewUser();
-			if(!user->getModel()->getPublicKey()) {
+			
+			if(userState >= USER_LOADED_FROM_DB && !user->getModel()->getPublicKey()) {
 				mSession->generateKeys(true, true);
 			} else {
 				printf("pubkey exist: %d\n",user->getModel()->getPublicKey()); 
@ -105,7 +106,9 @@ void LoginPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net::
 			
 			auto uri_start = request.serverParams().getServerName();
 			auto lastExternReferer = mSession->getLastReferer();
-
+			
+			printf("userState: %d\n", userState);
+		
 			switch(userState) {
 			case USER_EMPTY: 
 			case USER_PASSWORD_INCORRECT:
@ -130,8 +133,10 @@ void LoginPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net::
 				} else if(refererString != "" && 
 				          refererString.find("login") == std::string::npos && 
 						  refererString.find("logout") == std::string::npos &&
-						  refererString.find("user_delete") == std::string::npos ) {
-					printf("redirect to: %s\n", refererString.data());
+						  refererString.find("user_delete") == std::string::npos &&
+						  refererString != ServerConfig::g_serverPath + request.getURI()) {
+					std::string uri = request.getURI();
+					printf("request uri: %s, redirect to: %s\n", uri.data(), refererString.data());
 					response.redirect(refererString);
 				} else {
 					response.redirect(ServerConfig::g_php_serverPath + "/");
@ -220,20 +225,20 @@ void LoginPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net::
 	responseStream << "      <div class=\"row\">\n";
 	responseStream << "        <div class=\"col-12 logo-section\">\n";
 	responseStream << "          <a href=\"";
-#line 150 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
+#line 155 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
 	responseStream << ( ServerConfig::g_php_serverPath );
 	responseStream << "\" class=\"logo\">\n";
 	responseStream << "\t\t\t<picture>\n";
 	responseStream << "\t\t\t\t<source srcset=\"";
-#line 152 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
+#line 157 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
 	responseStream << ( ServerConfig::g_php_serverPath );
 	responseStream << "img/logo_schrift.webp\" type=\"image/webp\">\n";
 	responseStream << "\t\t\t\t<source srcset=\"";
-#line 153 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
+#line 158 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
 	responseStream << ( ServerConfig::g_php_serverPath );
 	responseStream << "img/logo_schrift.png\" type=\"image/png\"> \n";
 	responseStream << "\t\t\t\t<img src=\"";
-#line 154 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
+#line 159 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
 	responseStream << ( ServerConfig::g_php_serverPath );
 	responseStream << "img/logo_schrift.png\" alt=\"logo\" />\n";
 	responseStream << "\t\t\t</picture>\n";
@ -245,14 +250,14 @@ void LoginPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net::
 	responseStream << "          <div class=\"grid\">\n";
 	responseStream << "\t\t\t<div class=\"center-ul-container\">\n";
 	responseStream << "\t\t\t\t";
-#line 163 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
+#line 168 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
 	responseStream << ( getErrorsHtml() );
 	responseStream << "\t  \n";
 	responseStream << "\t\t\t</div>\n";
 	responseStream << "            <div class=\"grid-body\">\n";
 	responseStream << "              \n";
 	responseStream << "\t\t\t  <!--<input type=\"hidden\" name=\"lang\" value=\"";
-#line 167 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
+#line 172 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
 	responseStream << ( LanguageManager::keyForLanguage(lang) );
 	responseStream << "\">-->\n";
 	responseStream << "\t\t\t  ";
@ -292,51 +297,51 @@ void LoginPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net::
 	// end include flags.cpsp
 	responseStream << "\n";
 	responseStream << "\t\t\t  <form action=\"";
-#line 169 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
+#line 174 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
 	responseStream << ( ServerConfig::g_serverPath );
 	responseStream << "/\" method=\"POST\">\n";
 	responseStream << "                <div class=\"row display-block\">\n";
 	responseStream << "                  <div class=\"col-lg-7 col-md-8 col-sm-9 col-12 mx-auto form-wrapper\">\n";
 	responseStream << "                    <div class=\"form-group input-rounded\">\n";
 	responseStream << "                      <input type=\"text\" class=\"form-control\" name=\"login-email\" placeholder=\"";
-#line 173 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
+#line 178 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
 	responseStream << ( langCatalog->gettext("E-Mail") );
 	responseStream << "\" value=\"";
-#line 173 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
+#line 178 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
 	responseStream << ( presetEmail );
 	responseStream << "\"/>\n";
 	responseStream << "                    </div>\n";
 	responseStream << "                    <div class=\"form-group input-rounded\">\n";
 	responseStream << "                      <input type=\"password\" class=\"form-control\" name=\"login-password\" placeholder=\"";
-#line 176 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
+#line 181 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
 	responseStream << ( langCatalog->gettext("Password") );
 	responseStream << "\" />\n";
 	responseStream << "                    </div>\n";
 	responseStream << "                    <button type=\"submit\" name=\"submit\" class=\"btn btn-primary btn-block\">";
-#line 178 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
+#line 183 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
 	responseStream << ( langCatalog->gettext(" Login ") );
 	responseStream << "</button>\n";
 	responseStream << "                    <div class=\"signup-link\">\n";
 	responseStream << "                      <p>";
-#line 180 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
+#line 185 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
 	responseStream << ( langCatalog->gettext("You haven't any account yet? Please follow the link to create one.") );
 	responseStream << "</p>\n";
 	responseStream << "                      <a href=\"";
-#line 181 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
+#line 186 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
 	responseStream << ( ServerConfig::g_serverPath );
 	responseStream << "/registerDirect\">\n";
 	responseStream << "\t\t\t\t\t\t";
-#line 182 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
+#line 187 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
 	responseStream << ( langCatalog->gettext("Create New Account") );
 	responseStream << "\n";
 	responseStream << "\t\t\t\t\t  </a>\n";
 	responseStream << "                    </div>\n";
 	responseStream << "\t\t\t\t\t<div class=\"reset-pwd-link\">\n";
 	responseStream << "\t\t\t\t\t\t<a href=\"";
-#line 186 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
+#line 191 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
 	responseStream << ( ServerConfig::g_serverPath );
 	responseStream << "/resetPassword\">";
-#line 186 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
+#line 191 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
 	responseStream << ( langCatalog->gettext("Passwort vergessen") );
 	responseStream << "</a>\n";
 	responseStream << "\t\t\t\t\t</div>\n";
--- a/src/cpsp/login.cpsp
+++ b/src/cpsp/login.cpsp
@ -75,7 +75,8 @@
 			}
 			auto userState = mSession->loadUser(email, password);
 			auto user = mSession->getNewUser();
-			if(!user->getModel()->getPublicKey()) {
+			
+			if(userState >= USER_LOADED_FROM_DB && !user->getModel()->getPublicKey()) {
 				mSession->generateKeys(true, true);
 			} else {
 				printf("pubkey exist: %d\n",user->getModel()->getPublicKey()); 
@ -84,7 +85,9 @@
 			
 			auto uri_start = request.serverParams().getServerName();
 			auto lastExternReferer = mSession->getLastReferer();
-
+			
+			printf("userState: %d\n", userState);
+		
 			switch(userState) {
 			case USER_EMPTY: 
 			case USER_PASSWORD_INCORRECT:
@ -109,8 +112,10 @@
 				} else if(refererString != "" && 
 				          refererString.find("login") == std::string::npos && 
 						  refererString.find("logout") == std::string::npos &&
-						  refererString.find("user_delete") == std::string::npos ) {
-					printf("redirect to: %s\n", refererString.data());
+						  refererString.find("user_delete") == std::string::npos &&
+						  refererString != ServerConfig::g_serverPath + request.getURI()) {
+					std::string uri = request.getURI();
+					printf("request uri: %s, redirect to: %s\n", uri.data(), refererString.data());
 					response.redirect(refererString);
 				} else {
 					response.redirect(ServerConfig::g_php_serverPath + "/");