IT4Change/gradido
3
0
Fork 0
mirror of https://github.com/IT4Change/gradido.git synced 2025-12-13 07:45:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

email verification work

Browse Source
This commit is contained in:
Dario 2019-10-01 11:14:38 +02:00
parent 2a1938165c
commit 9866dea242
24 changed files with 1032 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/cpp/Crypto/mnemonic.h
View File

@ -12,6 +12,7 @@
*/
#include "DRHashList.h"
#include <string>
#define PHRASE_WORD_COUNT 24
@ -26,6 +27,7 @@ public:
inline const char* getWord(unsigned int index) { if (index < 2048) return mWords[index]; return nullptr; }
inline unsigned long getWordIndex(const char* word) { DHASH word_hash = DRMakeStringHash(word); return (long)mWordHashIndices.findByHash(word_hash); }
inline bool isWordExist(const std::string& word) { DHASH word_hash = DRMakeStringHash(word.data()); return mWordHashIndices.itemExists(word_hash); }
protected:
char* mWords[2048];

233
src/cpp/HTTPInterface/CheckEmailPage.cpp Normal file
View File

@ -0,0 +1,233 @@
#include "CheckEmailPage.h"
#include "Poco/Net/HTTPServerRequest.h"
#include "Poco/Net/HTTPServerResponse.h"
#include "Poco/Net/HTMLForm.h"
#include "Poco/DeflatingStream.h"
#line 7 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
#include "../SingletonManager/SessionManager.h"
#include "../model/User.h"
#include "Poco/Net/HTTPCookie.h"
enum PageState
{
PAGE_VERIFICATION_FAILED,
PAGE_ASK_PASSPHRASE,
PAGE_SHOW_PASSPHRASE,
PAGE_ASK_VERIFICATION_CODE
};
CheckEmailPage::CheckEmailPage(Session* arg):
SessionHTTPRequestHandler(arg)
{
}
void CheckEmailPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net::HTTPServerResponse& response)
{
response.setChunkedTransferEncoding(true);
response.setContentType("text/html");
bool _compressResponse(request.hasToken("Accept-Encoding", "gzip"));
if (_compressResponse) response.set("Content-Encoding", "gzip");
Poco::Net::HTMLForm form(request, request.stream());
#line 20 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
auto sm = SessionManager::getInstance();
bool hasErrors = false;
unsigned long long verificationCode = 0;
PageState state = PAGE_ASK_PASSPHRASE;
std::string uri = request.getURI();
//printf("uri: %s\n", uri.data());
if(!form.empty()) {
try {
verificationCode = stoll(form.get("email-verification-code", "0"));
} catch(...) {}
}
if(!verificationCode) {
size_t pos = uri.find_last_of("/");
try {
verificationCode = stoll(uri.substr(pos+1));
} catch(...) {}
}
if(!verificationCode) {
state = PAGE_ASK_VERIFICATION_CODE;
} else {
// no session
if(!mSession || mSession->getEmailVerificationCode() != verificationCode) {
mSession = sm->findByEmailVerificationCode(verificationCode);
}
// no session in server, load from db
if(!mSession) {
mSession = sm->getNewSession();
if(mSession->loadFromEmailVerificationCode(verificationCode)) {
auto cookie_id = mSession->getHandle();
auto user_host = request.clientAddress().host();
mSession->setClientIp(user_host);
response.addCookie(Poco::Net::HTTPCookie("user", std::to_string(cookie_id)));
} else {
sm->releseSession(mSession);
mSession = nullptr;
state = PAGE_VERIFICATION_FAILED;
}
}
if(mSession) {
mSession->updateEmailVerification(verificationCode);
hasErrors = mSession->errorCount() > 0;
if(!hasErrors && !form.empty()) {
auto registerKeyChoice = form.get("register-key", "");
std::string oldPassphrase = "";
if(registerKeyChoice == "no") {
auto oldPassphrase = form.get("register-key-existing", "");
if(oldPassphrase != "" && User::validatePassphrase(oldPassphrase)) {
// passphrase is valid
mSession->setPassphrase(oldPassphrase);
mSession->updateState(SESSION_STATE_PASSPHRASE_SHOWN);
state = PAGE_SHOW_PASSPHRASE;
} else {
mSession->addError(new Error("Merkspruch", "Dieser Merkspruch ist ung&uuml;ltig, bitte &uuml;berpr&uuml;fen oder neu generieren (lassen)."));
}
} else if(registerKeyChoice == "yes") {
mSession->generatePassphrase();
state = PAGE_SHOW_PASSPHRASE;
}
}
} else {
state = PAGE_VERIFICATION_FAILED;
}
}
std::ostream& _responseStream = response.send();
Poco::DeflatingOutputStream _gzipStream(_responseStream, Poco::DeflatingStreamBuf::STREAM_GZIP, 1);
std::ostream& responseStream = _compressResponse ? _gzipStream : _responseStream;
responseStream << "\n";
responseStream << "<!DOCTYPE html>\n";
responseStream << "<html>\n";
responseStream << "<head>\n";
responseStream << "<meta charset=\"UTF-8\">\n";
responseStream << "<meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\n";
responseStream << "<title>Gradido Login Server: Email OptIn</title>\n";
responseStream << "<!--<link rel=\"stylesheet\" type=\"text/css\" href=\"css/styles.min.css\">-->\n";
responseStream << "<link rel=\"stylesheet\" type=\"text/css\" href=\"https://gradido2.dario-rekowski.de/css/styles.css\">\n";
responseStream << "<style type=\"text/css\" >\n";
responseStream << "input:not([type='radio']) {\n";
responseStream << "\twidth:200px;\n";
responseStream << "}\n";
responseStream << "label:not(.grd_radio_label) {\n";
responseStream << "\twidth:80px;\n";
responseStream << "\tdisplay:inline-block;\n";
responseStream << "}\n";
responseStream << "</style>\n";
responseStream << "</head>\n";
responseStream << "<body>\n";
responseStream << "<div class=\"grd_container\">\n";
responseStream << "\t";
#line 108 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
if(mSession && hasErrors) { responseStream << "\n";
responseStream << "\t\t";
#line 109 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
responseStream << ( mSession->getErrorsHtml() );
responseStream << "\n";
responseStream << "\t";
#line 110 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
} responseStream << "\n";
responseStream << "\t<h1>Einen neuen Account anlegen</h1>\n";
responseStream << "\t";
#line 112 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
if(state == PAGE_SHOW_PASSPHRASE) { responseStream << "\n";
responseStream << "\t\t<div class=\"grd_text-max-width\">\n";
responseStream << "\t\t\t<div class=\"grd_text\">\n";
responseStream << "\t\t\t\tSchreibe dir den Merkspruch auf und packe ihn gut weg. Du brauchst ihn um deine Adresse wiederherzustellen. Wenn du ihn verlierst, sind auch deine Gradidos verloren.\n";
responseStream << "\t\t\t</div>\n";
responseStream << "\t\t\t<div class=\"grd_textarea\">\n";
responseStream << "\t\t\t\t";
#line 118 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
responseStream << ( mSession->getPassphrase() );
responseStream << "\n";
responseStream << "\t\t\t</div>\n";
responseStream << "\t\t\t<a href=\"/saveKeys\">Weiter</a>\n";
responseStream << "\t\t</div>\n";
responseStream << "\t";
#line 122 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
} else if(state == PAGE_ASK_PASSPHRASE) { responseStream << "\n";
responseStream << "\t<form method=\"POST\">\n";
responseStream << "\t\t<fieldset class=\"grd_container_small\">\n";
responseStream << "\t\t\t<legend>Account anlegen</legend>\n";
responseStream << "\t\t\t<p>Bitte gebe deine Daten um einen Account anzulegen</p>\n";
responseStream << "\t\t\t<p>Hast du schonmal ein Gradido Konto besessen?</p>\n";
responseStream << "\t\t\t<p class=\"grd_small\">\n";
responseStream << "\t\t\t\t<input id=\"register-key-new-yes\" type=\"radio\" name=\"register-key\" value=\"yes\" checked/>\n";
responseStream << "\t\t\t\t<label class=\"grd_radio_label\" for=\"register-key-new-yes\">Nein, bitte ein neues erstellen!</label>\n";
responseStream << "\t\t\t</p>\n";
responseStream << "\t\t\t<p class=\"grd_small\">\n";
responseStream << "\t\t\t\t<input id=\"register-key-new-no\" type=\"radio\" name=\"register-key\" value=\"no\"/>\n";
responseStream << "\t\t\t\t<label class=\"grd_radio_label\" for=\"register-key-new-no\">Ja, bitte wiederherstellen!</label>\n";
responseStream << "\t\t\t</p>\n";
responseStream << "\t\t\t<textarea style=\"width:100%;height:100px\" name=\"register-key-existing\">";
#line 136 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
responseStream << ( !form.empty() ? form.get("register-key-existing", "") : "" );
responseStream << "</textarea>\n";
responseStream << "\t\t</fieldset>\n";
responseStream << "\t\t<input class=\"grd_bn_succeed\" type=\"submit\" name=\"submit\" value=\"Weiter\">\n";
responseStream << "\t\t\n";
responseStream << "\t</form>\n";
responseStream << "\t";
#line 141 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
} else if(state == PAGE_ASK_VERIFICATION_CODE) { responseStream << "\n";
responseStream << "\t<form method=\"GET\">\n";
responseStream << "\t\t<p>Bitte gebe deinen E-Mail Verification Code ein. </p>\n";
responseStream << "\t\t<input type=\"number\" name=\"email-verification-code\">\n";
responseStream << "\t\t<input class=\"grd_bn_succeed\" type=\"submit\" value=\"Überprüfe Code\">\n";
responseStream << "\t</form>\n";
responseStream << "\t";
#line 147 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
} else if(state == PAGE_VERIFICATION_FAILED) { responseStream << "\n";
responseStream << "\t\t";
#line 148 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
if(mSession) { responseStream << "\n";
responseStream << "\t\t\t";
#line 149 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
if(mSession->getSessionState() == SESSION_STATE_EMAIL_VERIFICATION_SEND) { responseStream << "\n";
responseStream << "\t\t\t\t<p>Bitte versuche es erneut</p>\n";
responseStream << "\t\t\t\t<form method=\"GET\" action=\"/checkEmail\">\n";
responseStream << "\t\t\t\t\t<input type=\"number\" name=\"email-verification-code\">\n";
responseStream << "\t\t\t\t\t<input class=\"grd_bn_succeed\" type=\"submit\" value=\"Überprüfe Code\">\n";
responseStream << "\t\t\t\t</form>\n";
responseStream << "\t\t\t";
#line 155 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
} else if(mSession->getSessionState() < SESSION_STATE_EMAIL_VERIFICATION_SEND) { responseStream << "\n";
responseStream << "\t\t\t\t<div class=\"grd_text\">Die E-Mail wurde nicht verschickt, bitte habe noch etwas Geduld.</div>\n";
responseStream << "\t\t\t";
#line 157 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
} else { responseStream << "\n";
responseStream << "\t\t\t\t<div class=\"grd_text\">Der Account wurde schon freigeschaltet.</div>\n";
responseStream << "\t\t\t\t<a href=\"/\">Zurück</a>\n";
responseStream << "\t\t\t";
#line 160 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
} responseStream << "\n";
responseStream << "\t\t";
#line 161 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
} else { responseStream << "\n";
responseStream << "\t\t\t<p>Fehler, bitte wende dich an den Server-Admin order versuche dich erneut zu registrieren.</p>\n";
responseStream << "\t\t";
#line 163 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
} responseStream << "\n";
responseStream << "\t";
#line 164 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
} else { responseStream << "\n";
responseStream << "\t\t<div class=\"grd_text\">\n";
responseStream << "\t\t\tUngültige Seite, wenn du das siehst stimmt hier was nicht. Bitte wende dich an den Server-Admin. \n";
responseStream << "\t\t</div>\n";
responseStream << "\t";
#line 168 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
} responseStream << "\n";
responseStream << "</div>\n";
responseStream << "</body>\n";
responseStream << "</html>\n";
if (_compressResponse) _gzipStream.close();
}

20
src/cpp/HTTPInterface/CheckEmailPage.h Normal file
View File

@ -0,0 +1,20 @@
#ifndef CheckEmailPage_INCLUDED
#define CheckEmailPage_INCLUDED
#include "Poco/Net/HTTPRequestHandler.h"
#include "SessionHTTPRequestHandler.h"
class CheckEmailPage: public SessionHTTPRequestHandler
{
public:
CheckEmailPage(Session*);
void handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net::HTTPServerResponse& response);
};
#endif // CheckEmailPage_INCLUDED

71
src/cpp/HTTPInterface/DashboardPage.cpp Normal file
View File

@ -0,0 +1,71 @@
#include "DashboardPage.h"
#include "Poco/Net/HTTPServerRequest.h"
#include "Poco/Net/HTTPServerResponse.h"
#include "Poco/Net/HTMLForm.h"
#include "Poco/DeflatingStream.h"
#line 7 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp"
#include "../SingletonManager/SessionManager.h"
DashboardPage::DashboardPage(Session* arg):
SessionHTTPRequestHandler(arg)
{
}
void DashboardPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net::HTTPServerResponse& response)
{
response.setChunkedTransferEncoding(true);
response.setContentType("text/html");
bool _compressResponse(request.hasToken("Accept-Encoding", "gzip"));
if (_compressResponse) response.set("Content-Encoding", "gzip");
Poco::Net::HTMLForm form(request, request.stream());
std::ostream& _responseStream = response.send();
Poco::DeflatingOutputStream _gzipStream(_responseStream, Poco::DeflatingStreamBuf::STREAM_GZIP, 1);
std::ostream& responseStream = _compressResponse ? _gzipStream : _responseStream;
responseStream << "\n";
#line 10 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp"
//Poco::Net::NameValueCollection cookies;
//request.getCookies(cookies);
if(!form.empty()) {
//form.get("email-verification-code")
}
responseStream << "\n";
responseStream << "<!DOCTYPE html>\n";
responseStream << "<html>\n";
responseStream << "<head>\n";
responseStream << "<meta charset=\"UTF-8\">\n";
responseStream << "<meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\n";
responseStream << "<title>Gradido Login Server: Dashboard</title>\n";
responseStream << "<!--<link rel=\"stylesheet\" type=\"text/css\" href=\"css/styles.min.css\">-->\n";
responseStream << "<link rel=\"stylesheet\" type=\"text/css\" href=\"https://gradido2.dario-rekowski.de/css/styles.css\">\n";
responseStream << "</head>\n";
responseStream << "<body>\n";
responseStream << "<div class=\"grd_container\">\n";
responseStream << "\t<h1>Willkommen ";
#line 28 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp"
responseStream << ( mSession->getUser()->getName() );
responseStream << "</h1>\n";
responseStream << "\t<h3>Status</h3>\n";
responseStream << "\t<p>";
#line 30 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp"
responseStream << ( mSession->getSessionStateString() );
responseStream << "</p>\n";
responseStream << "\t";
#line 31 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp"
if(mSession->getSessionState() == SESSION_STATE_EMAIL_VERIFICATION_SEND) responseStream << "\n";
responseStream << "\t<p>Verification Code E-Mail wurde erfolgreich an dich verschickt, bitte schaue auch in dein Spam-Verzeichnis nach wenn du sie nicht findest und klicke auf den Link den du dort findest oder kopiere den Code hier her:</p>\n";
responseStream << "\t<form method=\"GET\" action=\"/checkEmail\">\n";
responseStream << "\t\t<input type=\"number\" name=\"email-verification-code\">\n";
responseStream << "\t\t<input class=\"grd_bn_succeed\" type=\"submit\" value=\"Überprüfe Code\">\n";
responseStream << "\t</form>\n";
responseStream << "</div>\n";
responseStream << "</body>\n";
responseStream << "</html>\n";
if (_compressResponse) _gzipStream.close();
}

20
src/cpp/HTTPInterface/DashboardPage.h Normal file
View File

@ -0,0 +1,20 @@
#ifndef DashboardPage_INCLUDED
#define DashboardPage_INCLUDED
#include "Poco/Net/HTTPRequestHandler.h"
#include "SessionHTTPRequestHandler.h"
class DashboardPage: public SessionHTTPRequestHandler
{
public:
DashboardPage(Session*);
void handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net::HTTPServerResponse& response);
};
#endif // DashboardPage_INCLUDED

138
src/cpp/HTTPInterface/EmailOptInPage.cpp Normal file
View File

@ -0,0 +1,138 @@
#include "EmailOptInPage.h"
#include "Poco/Net/HTTPServerRequest.h"
#include "Poco/Net/HTTPServerResponse.h"
#include "Poco/Net/HTMLForm.h"
#include "Poco/DeflatingStream.h"
#line 4 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\emailOptIn.cpsp"
#include "../SingletonManager/SessionManager.h"
#include "Poco/Net/HTTPCookie.h"
void EmailOptInPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net::HTTPServerResponse& response)
{
response.setChunkedTransferEncoding(true);
response.setContentType("text/html");
bool _compressResponse(request.hasToken("Accept-Encoding", "gzip"));
if (_compressResponse) response.set("Content-Encoding", "gzip");
Poco::Net::HTMLForm form(request, request.stream());
#line 8 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\emailOptIn.cpsp"
auto session = SessionManager::getInstance()->getNewSession();
bool userReturned = false;
if(!form.empty()) {
userReturned = session->createUser(
form.get("register-name"),
form.get("register-email"),
form.get("register-password")
);
if(userReturned) {
auto cookie_id = session->getHandle();
auto user_host = request.clientAddress().toString();
printf("cookie: %d, user_host: %s\n", cookie_id, user_host.data());
response.addCookie(Poco::Net::HTTPCookie("user", std::to_string(cookie_id)));
}
}
std::ostream& _responseStream = response.send();
Poco::DeflatingOutputStream _gzipStream(_responseStream, Poco::DeflatingStreamBuf::STREAM_GZIP, 1);
std::ostream& responseStream = _compressResponse ? _gzipStream : _responseStream;
responseStream << "\n";
responseStream << "<!DOCTYPE html>\n";
responseStream << "<html>\n";
responseStream << "<head>\n";
responseStream << "<meta charset=\"UTF-8\">\n";
responseStream << "<meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\n";
responseStream << "<title>Gradido Login Server: Email OptIn</title>\n";
responseStream << "<!--<link rel=\"stylesheet\" type=\"text/css\" href=\"css/styles.min.css\">-->\n";
responseStream << "<link rel=\"stylesheet\" type=\"text/css\" href=\"https://gradido2.dario-rekowski.de/css/styles.css\">\n";
responseStream << "<style type=\"text/css\" >\n";
responseStream << "input:not([type='radio']) {\n";
responseStream << "\twidth:200px;\n";
responseStream << "}\n";
responseStream << "label:not(.grd_radio_label) {\n";
responseStream << "\twidth:80px;\n";
responseStream << "\tdisplay:inline-block;\n";
responseStream << "}\n";
responseStream << "</style>\n";
responseStream << "</head>\n";
responseStream << "<body>\n";
responseStream << "<div class=\"grd_container\">\n";
responseStream << "\t<h1>Einen neuen Account anlegen</h1>\n";
responseStream << "\t";
#line 46 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\emailOptIn.cpsp"
if(!form.empty() && userReturned) { responseStream << "\n";
responseStream << "\t\t<div class=\"grd_text-max-width\">\n";
responseStream << "\t\t\t<div class=\"grd_text\">\n";
responseStream << "\t\t\t\tSchreibe dir den Merkspruch auf und packe ihn gut weg. Du brauchst ihn um deine Adresse wiederherzustellen. Wenn du ihn verlierst, sind auch deine Gradidos verloren.\n";
responseStream << "\t\t\t</div>\n";
responseStream << "\t\t\t<div class=\"grd_textarea\">\n";
responseStream << "\t\t\t\t";
#line 52 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\emailOptIn.cpsp"
responseStream << ( session->getPassphrase() );
responseStream << "\n";
responseStream << "\t\t\t</div>\n";
responseStream << "\t\t</div>\n";
responseStream << "\t";
#line 55 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\emailOptIn.cpsp"
} else { responseStream << "\n";
responseStream << "\t<form method=\"POST\">\n";
responseStream << "\t\n";
responseStream << "\t\t";
#line 58 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\emailOptIn.cpsp"
if(!form.empty() && !userReturned) { responseStream << "\n";
responseStream << "\t\t\t";
#line 59 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\emailOptIn.cpsp"
responseStream << ( session->getErrorsHtml() );
responseStream << "\n";
responseStream << "\t\t";
#line 60 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\emailOptIn.cpsp"
} responseStream << "\n";
responseStream << "\t\t<fieldset class=\"grd_container_small\">\n";
responseStream << "\t\t\t<legend>Account anlegen</legend>\n";
responseStream << "\t\t\t<p>Bitte gebe deine Daten um einen Account anzulegen</p>\n";
responseStream << "\t\t\t<p class=\"grd_small\">\n";
responseStream << "\t\t\t\t<label for=\"register-name\">Vorname</label>\n";
responseStream << "\t\t\t\t<input id=\"register-name\" type=\"text\" name=\"register-name\" value=\"";
#line 66 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\emailOptIn.cpsp"
responseStream << ( !form.empty() ? form.get("register-name") : "" );
responseStream << "\"/>\n";
responseStream << "\t\t\t</p>\n";
responseStream << "\t\t\t<p class=\"grd_small\">\n";
responseStream << "\t\t\t\t<label for=\"register-email\">E-Mail</label>\n";
responseStream << "\t\t\t\t<input id=\"register-email\" type=\"email\" name=\"register-email\" value=\"";
#line 70 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\emailOptIn.cpsp"
responseStream << ( !form.empty() ? form.get("register-email") : "" );
responseStream << "\"/>\n";
responseStream << "\t\t\t</p>\n";
responseStream << "\t\t\t<p class=\"grd_small\">\n";
responseStream << "\t\t\t\t<label for=\"register-password\">Passwort</label>\n";
responseStream << "\t\t\t\t<input id=\"register-password\" type=\"password\" name=\"register-password\"/>\n";
responseStream << "\t\t\t</p>\n";
responseStream << "\t\t\t<p>Hast du schonmal ein Gradido Konto besessen?</p>\n";
responseStream << "\t\t\t<p class=\"grd_small\">\n";
responseStream << "\t\t\t\t<input id=\"register-key-new-yes\" type=\"radio\" name=\"register-key\" value=\"yes\" checked/>\n";
responseStream << "\t\t\t\t<label class=\"grd_radio_label\" for=\"register-key-new-yes\">Nein, bitte ein neues erstellen!</label>\n";
responseStream << "\t\t\t</p>\n";
responseStream << "\t\t\t<p class=\"grd_small\">\n";
responseStream << "\t\t\t\t<input id=\"register-key-new-no\" type=\"radio\" name=\"register-key\" value=\"no\"/>\n";
responseStream << "\t\t\t\t<label class=\"grd_radio_label\" for=\"register-key-new-no\">Ja, bitte wiederherstellen!</label>\n";
responseStream << "\t\t\t</p>\n";
responseStream << "\t\t\t<textarea style=\"width:100%;height:100px\" name=\"register-key-existing\">";
#line 85 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\emailOptIn.cpsp"
responseStream << ( !form.empty() ? form.get("register-key-existing") : "" );
responseStream << "</textarea>\n";
responseStream << "\t\t</fieldset>\n";
responseStream << "\t\t<input class=\"grd_bn_succeed\" type=\"submit\" name=\"submit\" value=\"Anmelden\">\n";
responseStream << "\t\t\n";
responseStream << "\t</form>\n";
responseStream << "\t";
#line 90 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\emailOptIn.cpsp"
} responseStream << "\n";
responseStream << "</div>\n";
responseStream << "</body>\n";
responseStream << "</html>\n";
if (_compressResponse) _gzipStream.close();
}

15
src/cpp/HTTPInterface/EmailOptInPage.h Normal file
View File

@ -0,0 +1,15 @@
#ifndef EmailOptInPage_INCLUDED
#define EmailOptInPage_INCLUDED
#include "Poco/Net/HTTPRequestHandler.h"
class EmailOptInPage: public Poco::Net::HTTPRequestHandler
{
public:
void handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net::HTTPServerResponse& response);
};
#endif // EmailOptInPage_INCLUDED

13
src/cpp/HTTPInterface/PageRequestHandlerFactory.cpp
View File

@ -8,10 +8,12 @@
#include "HandleFileRequest.h"
#include "DashboardPage.h"
#include "CheckEmailPage.h"
#include "SaveKeysPage.h"
#include "../SingletonManager/SessionManager.h"
PageRequestHandlerFactory::PageRequestHandlerFactory()
: mRemoveGETParameters("^/([a-zA-Z0-9_-]*)")
{
}
@ -21,7 +23,10 @@ Poco::Net::HTTPRequestHandler* PageRequestHandlerFactory::createRequestHandler(c
//printf("request uri: %s\n", request.getURI().data());
std::string uri = request.getURI();
std::string url_first_part;
mRemoveGETParameters.extract(uri, url_first_part);
printf("[PageRequestHandlerFactory] uri: %s, first part: %s\n", uri.data(), url_first_part.data());
auto referer = request.find("Referer");
if (referer != request.end()) {
printf("referer: %s\n", referer->second.data());
@ -38,11 +43,15 @@ Poco::Net::HTTPRequestHandler* PageRequestHandlerFactory::createRequestHandler(c
} catch (...) {}
auto sm = SessionManager::getInstance();
auto s = sm->getSession(session_id);
if (uri == "/checkEmail") {
if (url_first_part == "/checkEmail") {
return new CheckEmailPage(s);
}
if (s) {
if (uri == "/saveKeys") {
return new SaveKeysPage(s);
}
return new DashboardPage(s);
} else {

3
src/cpp/HTTPInterface/PageRequestHandlerFactory.h
View File

@ -2,7 +2,7 @@
#define __DR_PAGE_REQUEST_HANDLER_FACTORY_H
#include "Poco/Net/HTTPRequestHandlerFactory.h"
#include "Poco/RegularExpression.h"
#define HTTP_PAGES_COUNT 1
@ -14,6 +14,7 @@ public:
Poco::Net::HTTPRequestHandler* createRequestHandler(const Poco::Net::HTTPServerRequest& request);
protected:
Poco::RegularExpression mRemoveGETParameters;
};
#endif // __DR_PAGE_REQUEST_HANDLER_FACTORY_H

25
src/cpp/HTTPInterface/RegisterPage.cpp
View File

@ -23,12 +23,17 @@ void RegisterPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Ne
auto session = SessionManager::getInstance()->getNewSession();
bool userReturned = false;
if(!form.empty()) {
if(form.get("register-password2") != form.get("register-password")) {
session->addError(new Error("Passwort", "Passw&ouml;rter sind nicht identisch."));
} else {
userReturned = session->createUser(
form.get("register-name"),
form.get("register-email"),
form.get("register-password")
);
}
if(userReturned) {
auto cookie_id = session->getHandle();
//auto user_host_string = request.clientAddress().toString();
@ -64,7 +69,7 @@ void RegisterPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Ne
responseStream << "<div class=\"grd_container\">\n";
responseStream << "\t<h1>Einen neuen Account anlegen</h1>\n";
responseStream << "\t";
#line 48 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
#line 53 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
if(!form.empty() && userReturned) { responseStream << "\n";
responseStream << "\t\t\n";
responseStream << "\t\t<div class=\"grd_text-max-width\">\n";
@ -79,19 +84,19 @@ void RegisterPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Ne
responseStream << "\t\t\t</div>\n";
responseStream << "\t\t</div>\n";
responseStream << "\t";
#line 61 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
#line 66 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
} else { responseStream << "\n";
responseStream << "\t<form method=\"POST\">\n";
responseStream << "\t\n";
responseStream << "\t\t";
#line 64 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
#line 69 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
if(!form.empty() && !userReturned) { responseStream << "\n";
responseStream << "\t\t\t";
#line 65 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
#line 70 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
responseStream << ( session->getErrorsHtml() );
responseStream << "\n";
responseStream << "\t\t";
#line 66 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
#line 71 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
} responseStream << "\n";
responseStream << "\t\t<fieldset class=\"grd_container_small\">\n";
responseStream << "\t\t\t<legend>Account anlegen</legend>\n";
@ -99,14 +104,14 @@ void RegisterPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Ne
responseStream << "\t\t\t<p class=\"grd_small\">\n";
responseStream << "\t\t\t\t<label for=\"register-name\">Vorname</label>\n";
responseStream << "\t\t\t\t<input id=\"register-name\" type=\"text\" name=\"register-name\" value=\"";
#line 72 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
#line 77 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
responseStream << ( !form.empty() ? form.get("register-name") : "" );
responseStream << "\"/>\n";
responseStream << "\t\t\t</p>\n";
responseStream << "\t\t\t<p class=\"grd_small\">\n";
responseStream << "\t\t\t\t<label for=\"register-email\">E-Mail</label>\n";
responseStream << "\t\t\t\t<input id=\"register-email\" type=\"email\" name=\"register-email\" value=\"";
#line 76 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
#line 81 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
responseStream << ( !form.empty() ? form.get("register-email") : "" );
responseStream << "\"/>\n";
responseStream << "\t\t\t</p>\n";
@ -114,12 +119,16 @@ void RegisterPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Ne
responseStream << "\t\t\t\t<label for=\"register-password\">Passwort</label>\n";
responseStream << "\t\t\t\t<input id=\"register-password\" type=\"password\" name=\"register-password\"/>\n";
responseStream << "\t\t\t</p>\n";
responseStream << "\t\t\t<p class=\"grd_small\">\n";
responseStream << "\t\t\t\t<label for=\"register-password\">Passwort Best&auml;tigung</label>\n";
responseStream << "\t\t\t\t<input id=\"register-password2\" type=\"password\" name=\"register-password2\"/>\n";
responseStream << "\t\t\t</p>\n";
responseStream << "\t\t</fieldset>\n";
responseStream << "\t\t<input class=\"grd_bn_succeed\" type=\"submit\" name=\"submit\" value=\"Anmelden\">\n";
responseStream << "\t\t\n";
responseStream << "\t</form>\n";
responseStream << "\t";
#line 86 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
#line 95 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
} responseStream << "\n";
responseStream << "</div>\n";
responseStream << "</body>\n";

121
src/cpp/HTTPInterface/SaveKeysPage.cpp Normal file
View File

@ -0,0 +1,121 @@
#include "SaveKeysPage.h"
#include "Poco/Net/HTTPServerRequest.h"
#include "Poco/Net/HTTPServerResponse.h"
#include "Poco/Net/HTMLForm.h"
#include "Poco/DeflatingStream.h"
#line 7 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp"
#include "../model/Session.h"
SaveKeysPage::SaveKeysPage(Session* arg):
SessionHTTPRequestHandler(arg)
{
}
void SaveKeysPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net::HTTPServerResponse& response)
{
response.setChunkedTransferEncoding(true);
response.setContentType("text/html");
bool _compressResponse(request.hasToken("Accept-Encoding", "gzip"));
if (_compressResponse) response.set("Content-Encoding", "gzip");
Poco::Net::HTMLForm form(request, request.stream());
#line 12 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp"
bool hasErrors = mSession->errorCount() > 0;
bool hasPassword = mSession->getUser()->hasCryptoKey();
if(!form.empty()) {
}
std::ostream& _responseStream = response.send();
Poco::DeflatingOutputStream _gzipStream(_responseStream, Poco::DeflatingStreamBuf::STREAM_GZIP, 1);
std::ostream& responseStream = _compressResponse ? _gzipStream : _responseStream;
responseStream << "\n";
responseStream << "<!DOCTYPE html>\n";
responseStream << "<html>\n";
responseStream << "<head>\n";
responseStream << "<meta charset=\"UTF-8\">\n";
responseStream << "<meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\n";
responseStream << "<title>Gradido Login Server: Daten auf Server speichern?</title>\n";
responseStream << "<!--<link rel=\"stylesheet\" type=\"text/css\" href=\"css/styles.min.css\">-->\n";
responseStream << "<link rel=\"stylesheet\" type=\"text/css\" href=\"https://gradido2.dario-rekowski.de/css/styles.css\">\n";
responseStream << "<style type=\"text/css\" >\n";
responseStream << "input:not([type='radio']) {\n";
responseStream << "\twidth:200px;\n";
responseStream << "}\n";
responseStream << "label:not(.grd_radio_label) {\n";
responseStream << "\twidth:80px;\n";
responseStream << "\tdisplay:inline-block;\n";
responseStream << "}\n";
responseStream << "</style>\n";
responseStream << "</head>\n";
responseStream << "<body>\n";
responseStream << "<div class=\"grd_container\">\n";
responseStream << "\t";
#line 40 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp"
if(hasErrors) { responseStream << "\n";
responseStream << "\t\t";
#line 41 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp"
responseStream << ( mSession->getErrorsHtml() );
responseStream << "\n";
responseStream << "\t";
#line 42 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp"
} responseStream << "\n";
responseStream << "\t<h1>Daten speichern</h1>\n";
responseStream << "\t<form method=\"POST\">\n";
responseStream << "\t\t<fieldset>\n";
responseStream << "\t\t\t<legend>Gradido Private Key speichern</legend>\n";
responseStream << "\t\t\t<div class=\"grd_text\">\n";
responseStream << "\t\t\t\t<p>M&ouml;chtest du deinen Gradido Private Key auf dem Server mit deinem Passwort verschl&uuml;sselt speichern?</p>\n";
responseStream << "\t\t\t\t<p>Wenn du ihn speicherst brauchst du dich in Zukunft nur mit deiner E-Mail und deinem Passwort einzuloggen.</p>\n";
responseStream << "\t\t\t\t<p>Wenn du ihn nicht speicherst, m&uuml;sstest du jedes mal wenn du eine Transaktion machen willst, deine Passphrase hier reinkopieren.</p>\n";
responseStream << "\t\t\t</div>\n";
responseStream << "\t\t\t<p class=\"grd_small\">\n";
responseStream << "\t\t\t\t<input id=\"save-privkey-yes\" type=\"radio\" name=\"save-privkey\" value=\"yes\" checked/>\n";
responseStream << "\t\t\t\t<label class=\"grd_radio_label\" for=\"save-privkey-yes\">Ja, bitte speichern!</label>\n";
responseStream << "\t\t\t</p>\n";
responseStream << "\t\t\t";
#line 56 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp"
if(!hasPassword) { responseStream << "\n";
responseStream << "\t\t\t\t<p>Ich brauche nochmal dein Passwort wenn du dich für ja entscheidest.</p>\n";
responseStream << "\t\t\t\t<p class=\"grd_small\">\n";
responseStream << "\t\t\t\t\t<label for=\"login-password\">Passwort</label>\n";
responseStream << "\t\t\t\t\t<input id=\"save-privkey-password\" type=\"password\" name=\"save-privkey-password\"/>\n";
responseStream << "\t\t\t\t</p>\n";
responseStream << "\t\t\t";
#line 62 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp"
} responseStream << "\n";
responseStream << "\t\t\t<p class=\"grd_small\">\n";
responseStream << "\t\t\t\t<input id=\"save-privkey-no\" type=\"radio\" name=\"save-privkey\" value=\"no\"/>\n";
responseStream << "\t\t\t\t<label class=\"grd_radio_label\" for=\"save-privkey-no\">Nein, ich k&uuml;mmere mich selbst darum!</label>\n";
responseStream << "\t\t\t</p>\n";
responseStream << "\t\t</fieldset>\n";
responseStream << "\t\t<fieldset>\n";
responseStream << "\t\t\t<legend>Passphrase speichern</legend>\n";
responseStream << "\t\t\t<div class=\"grd_text\">\n";
responseStream << "\t\t\t\t<p>M&ouml;chtest du deine Passphrase mit dem Server-Admin-Key verschl&uuml;sselt auf dem Server gespeichert haben?</p>\n";
responseStream << "\t\t\t\t<p>Dann kann dir der Server-Admin deine Passphrase zuschicken wenn du sie verlegt hast. </p>\n";
responseStream << "\t\t\t</div>\n";
responseStream << "\t\t\t<p class=\"grd_small\">\n";
responseStream << "\t\t\t\t<input id=\"save-passphrase-yes\" type=\"radio\" name=\"save-passphrase\" value=\"yes\" checked/>\n";
responseStream << "\t\t\t\t<label class=\"grd_radio_label\" for=\"save-passphrase-yes\">Ja, bitte speichern!</label>\n";
responseStream << "\t\t\t</p>\n";
responseStream << "\t\t\t<p class=\"grd_small\">\n";
responseStream << "\t\t\t\t<input id=\"save-passphrase-no\" type=\"radio\" name=\"save-passphrase\" value=\"no\"/>\n";
responseStream << "\t\t\t\t<label class=\"grd_radio_label\" for=\"save-passphrase-no\">Nein, ich vertraue nur mir selbst!</label>\n";
responseStream << "\t\t\t</p>\n";
responseStream << "\t\t</fieldset>\n";
responseStream << "\t\t<input class=\"grd_bn_succeed\" type=\"submit\" value=\"Speichern\">\n";
responseStream << "\t</form>\n";
responseStream << "</div>\n";
responseStream << "</body>\n";
responseStream << "</html>\n";
if (_compressResponse) _gzipStream.close();
}

20
src/cpp/HTTPInterface/SaveKeysPage.h Normal file
View File

@ -0,0 +1,20 @@
#ifndef SaveKeysPage_INCLUDED
#define SaveKeysPage_INCLUDED
#include "Poco/Net/HTTPRequestHandler.h"
#include "SessionHTTPRequestHandler.h"
class SaveKeysPage: public SessionHTTPRequestHandler
{
public:
SaveKeysPage(Session*);
void handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net::HTTPServerResponse& response);
};
#endif // SaveKeysPage_INCLUDED

18
src/cpp/HTTPInterface/SessionHTTPRequestHandler.h Normal file
View File

@ -0,0 +1,18 @@
#ifndef SESSION_HTTP_REQUEST_HANDLER_INCLUDED
#define SESSION_HTTP_REQUEST_HANDLER_INCLUDED
#include "../model/Session.h"
#include "Poco/Net/HTTPRequestHandler.h"
class SessionHTTPRequestHandler : public Poco::Net::HTTPRequestHandler
{
public:
SessionHTTPRequestHandler(Session* session) : mSession(session) {}
protected:
Session* mSession;
};
#endif // SESSION_HTTP_REQUEST_HANDLER_INCLUDED

2
src/cpp/SingletonManager/ConnectionManager.h
View File

@ -40,7 +40,7 @@ public:
{
case CONNECTION_MYSQL_LOGIN_SERVER:
case CONNECTION_MYSQL_PHP_SERVER:
return mSessionPools.get(mSessionPoolNames[type]);
return mSessionPools.getPool(mSessionPoolNames[type]).get();
default:
addError(new ParamError("[ConnectionManager::getConnection]", "Connection Type unknown", std::to_string(type)));
break;

5
src/cpp/SingletonManager/ErrorManager.cpp
View File

@ -68,6 +68,7 @@ void ErrorManager::addError(Error* error)
if (it == mErrorsMap.end()) {
list = new std::list<Error *>;
mErrorsMap.insert(std::pair<DHASH, std::list<Error*>*>(id, list));
}
else {
list = it->second;
@ -78,6 +79,7 @@ void ErrorManager::addError(Error* error)
}
}
list->push_back(error);
mWorkingMutex.unlock();
}
@ -97,7 +99,8 @@ void ErrorManager::sendErrorsAsEmail()
content += "\n";
for (auto it2 = error_list_functions->begin(); it2 != error_list_functions->end(); it2++) {
content += "\t";
content += (*it2)->getMessage();
size_t functionNameSize = strlen((*it2)->getFunctionName());
content += (*it2)->getString().substr(functionNameSize+1);
delete (*it2);
content += "\n";
}

98
src/cpp/model/Session.cpp
View File

@ -1,4 +1,5 @@
#include "Session.h"
#include "Profiler.h"
#include "../ServerConfig.h"
#include "Poco/RegularExpression.h"
@ -18,12 +19,12 @@ using namespace Poco::Data::Keywords;
int WriteEmailVerification::run()
{
auto verificationCode = mSession->getEmailVerificationCode();
printf("{[WriteEmailVerification::run] E-Mail Verification Code: %llu\n", verificationCode);
auto dbSession = ConnectionManager::getInstance()->getConnection(CONNECTION_MYSQL_LOGIN_SERVER);
int user_id = mUser->getDBId();
Poco::Data::Statement insert(dbSession);
insert << "INSERT INTO email_opt_in (user_id, verification_code) VALUES(?,?);",
use(user_id), use(verificationCode);
use(user_id), bind(verificationCode);
if (1 != insert.execute()) {
mSession->addError(new Error("WriteEmailVerification", "error inserting email verification code"));
return -1;
@ -47,7 +48,7 @@ Session::Session(int handle)
Session::~Session()
{
reset();
}
@ -68,6 +69,7 @@ void Session::updateTimeout()
bool Session::createUser(const std::string& name, const std::string& email, const std::string& password)
{
Profiler usedTime;
auto sm = SessionManager::getInstance();
if (!sm->isValid(name, VALIDATE_NAME)) {
addError(new Error("Vorname", "Bitte gebe einen Namen an. Mindestens 3 Zeichen, keine Sonderzeichen oder Zahlen."));
@ -159,14 +161,15 @@ bool Session::createUser(const std::string& name, const std::string& email, cons
// generate and write email verification into db
// send email
printf("[Session::createUser] time: %s\n", usedTime.string().data());
return true;
}
bool Session::updateEmailVerification(unsigned long long emailVerificationCode)
{
const char* funcName = "Session::updateEmailVerification";
Profiler usedTime;
const static char* funcName = "Session::updateEmailVerification";
auto em = ErrorManager::getInstance();
if(mEmailVerificationCode == emailVerificationCode) {
if (mSessionUser && mSessionUser->getDBId() == 0) {
@ -189,6 +192,7 @@ bool Session::updateEmailVerification(unsigned long long emailVerificationCode)
em->sendErrorsAsEmail();
}
updateState(SESSION_STATE_EMAIL_VERIFICATION_CODE_CHECKED);
printf("[%s] time: %s\n", funcName, usedTime.string().data());
return true;
}
else {
@ -196,15 +200,18 @@ bool Session::updateEmailVerification(unsigned long long emailVerificationCode)
em->sendErrorsAsEmail();
}
if (!updated_rows) {
addError(new Error("E-Mail Verification", "Der Code stimmt nicht, bitte überprüfe ihn nochmal oder registriere dich erneut oder wende dich an den Server-Admin"));
addError(new Error("E-Mail Verification", "Der Code stimmt nicht, bitte &uuml;berpr&uuml;fe ihn nochmal oder registriere dich erneut oder wende dich an den Server-Admin"));
printf("[%s] time: %s\n", funcName, usedTime.string().data());
return false;
}
}
else {
addError(new Error("E-Mail Verification", "Falscher Code für aktiven Login"));
addError(new Error("E-Mail Verification", "Falscher Code f&uuml;r aktiven Login"));
printf("[%s] time: %s\n", funcName, usedTime.string().data());
return false;
}
printf("[%s] time: %s\n", funcName, usedTime.string().data());
return false;
}
@ -215,6 +222,58 @@ bool Session::loadUser(const std::string& email, const std::string& password)
return true;
}
bool Session::loadFromEmailVerificationCode(unsigned long long emailVerificationCode)
{
Profiler usedTime;
const static char* funcName = "Session::loadFromEmailVerificationCode";
auto em = ErrorManager::getInstance();
auto dbConnection = ConnectionManager::getInstance()->getConnection(CONNECTION_MYSQL_LOGIN_SERVER);
/*Poco::Data::Statement select(dbConnection);
int user_id = 0;
select << "SELECT user_id FROM email_opt_in WHERE verification_code=?", into(user_id), use(emailVerificationCode);
try {
if (select.execute() == 0) {
addError(new Error("E-Mail Verification", "Der Code konnte nicht in der Datenbank gefunden werden."));
return false;
}
}
catch (Poco::Exception& ex) {
em->addError(new ParamError(funcName, "error selecting verification code entry", ex.displayText().data()));
em->sendErrorsAsEmail();
return false;
}*/
Poco::Data::Statement select(dbConnection);
std::string email, name;
select.reset(dbConnection);
select << "SELECT email, name FROM users where id = (SELECT user_id FROM email_opt_in WHERE verification_code=?)",
into(email), into(name), use(emailVerificationCode);
try {
size_t rowCount = select.execute();
if (rowCount != 1) {
em->addError(new ParamError(funcName, "select user by email verification code work not like expected, selected row count", rowCount));
em->sendErrorsAsEmail();
}
if (rowCount < 0) {
addError(new Error("E-Mail Verification", "Konnte keinen passenden Account finden."));
return false;
}
mSessionUser = new User(email.data(), name.data());
mSessionUser->loadEntryDBId(ConnectionManager::getInstance()->getConnection(CONNECTION_MYSQL_LOGIN_SERVER));
mEmailVerificationCode = emailVerificationCode;
updateState(SESSION_STATE_EMAIL_VERIFICATION_CODE_CHECKED);
printf("[Session::loadFromEmailVerificationCode] time: %s\n", usedTime.string().data());
return true;
}
catch (const Poco::Exception& ex) {
em->addError(new ParamError(funcName, "error selecting user from verification code", ex.displayText().data()));
em->sendErrorsAsEmail();
}
return false;
}
void Session::updateState(SessionStates newState)
{
lock();
@ -243,6 +302,9 @@ const char* Session::translateSessionStateToString(SessionStates state)
case SESSION_STATE_USER_WRITTEN: return "User saved";
case SESSION_STATE_EMAIL_VERIFICATION_WRITTEN: return "E-Mail verification code saved";
case SESSION_STATE_EMAIL_VERIFICATION_SEND: return "Verification E-Mail sended";
case SESSION_STATE_EMAIL_VERIFICATION_CODE_CHECKED: return "Verification Code checked";
case SESSION_STATE_PASSPHRASE_GENERATED: return "Passphrase generated";
case SESSION_STATE_PASSPHRASE_SHOWN: return "Passphrase shown";
case SESSION_STATE_KEY_PAIR_GENERATED: return "Gradido Address created";
case SESSION_STATE_KEY_PAIR_WRITTEN: return "Gradido Address saved";
default: return "unknown";
@ -259,3 +321,25 @@ void Session::createEmailVerificationCode()
}
}
/*
bool Session::useOrGeneratePassphrase(const std::string& passphase)
{
if (passphase != "" && User::validatePassphrase(passphase)) {
// passphrase is valid
setPassphrase(passphase);
updateState(SESSION_STATE_PASSPHRASE_SHOWN);
return true;
}
else {
mPassphrase = User::generateNewPassphrase(&ServerConfig::g_Mnemonic_WordLists[ServerConfig::MNEMONIC_BIP0039_SORTED_ORDER]);
updateState(SESSION_STATE_PASSPHRASE_GENERATED);
return true;
}
}
*/
bool Session::generatePassphrase()
{
mPassphrase = User::generateNewPassphrase(&ServerConfig::g_Mnemonic_WordLists[ServerConfig::MNEMONIC_BIP0039_SORTED_ORDER]);
updateState(SESSION_STATE_PASSPHRASE_GENERATED);
return true;
}

8
src/cpp/model/Session.h
View File

@ -29,6 +29,8 @@ enum SessionStates {
SESSION_STATE_EMAIL_VERIFICATION_WRITTEN,
SESSION_STATE_EMAIL_VERIFICATION_SEND,
SESSION_STATE_EMAIL_VERIFICATION_CODE_CHECKED,
SESSION_STATE_PASSPHRASE_GENERATED,
SESSION_STATE_PASSPHRASE_SHOWN,
SESSION_STATE_KEY_PAIR_GENERATED,
SESSION_STATE_KEY_PAIR_WRITTEN,
SESSION_STATE_COUNT
@ -49,12 +51,16 @@ public:
// TODO: check if email exist and if not, fake waiting on password hashing with profiled times of real password hashing
bool loadUser(const std::string& email, const std::string& password);
bool loadFromEmailVerificationCode(unsigned long long emailVerificationCode);
bool updateEmailVerification(unsigned long long emailVerificationCode);
inline User* getUser() { return mSessionUser; }
inline int getHandle() { return mHandleId; }
inline const char* getPassphrase() { return mPassphrase.data(); }
inline void setPassphrase(const std::string& passphrase) { mPassphrase = passphrase; }
inline const std::string& getPassphrase() { return mPassphrase; }
bool generatePassphrase();
inline void setClientIp(Poco::Net::IPAddress ip) { mClientLoginIP = ip; }

37
src/cpp/model/User.cpp
View File

@ -1,4 +1,5 @@
#include "User.h"
#include "Profiler.h"
#include <sodium.h>
#include "ed25519/ed25519.h"
#include "Poco/Util/Application.h"
@ -81,10 +82,10 @@ int UserWriteIntoDB::run()
User::User(const char* email, const char* name)
: mDBId(0), mEmail(email), mFirstName(name), mCryptoKey(nullptr)
: mDBId(0), mEmail(email), mFirstName(name), mPasswordHashed(0), mCryptoKey(nullptr)
{
//crypto_shorthash(mPasswordHashed, (const unsigned char*)password, strlen(password), *ServerConfig::g_ServerCryptoKey);
memset(mPasswordHashed, 0, crypto_shorthash_BYTES);
//memset(mPasswordHashed, 0, crypto_shorthash_BYTES);
}
@ -123,9 +124,29 @@ std::string User::generateNewPassphrase(Mnemonic* word_source)
return phrase_buffer;
}
bool User::validatePassphrase(const std::string& passphrase)
{
std::istringstream iss(passphrase);
std::vector<std::string> results(std::istream_iterator<std::string>{iss},
std::istream_iterator<std::string>());
for (int i = 0; i < ServerConfig::Mnemonic_Types::MNEMONIC_MAX; i++) {
auto m = ServerConfig::g_Mnemonic_WordLists[i];
bool existAll = true;
for (auto it = results.begin(); it != results.end(); it++) {
if (!m.isWordExist(*it)) {
existAll = false;
continue;
}
}
if (existAll) return true;
}
return false;
}
void User::createCryptoKey(const std::string& password)
{
Profiler timeUsed;
// TODO: put it in secure location
static const unsigned char app_secret[] = { 0x21, 0xff, 0xbb, 0xc6, 0x16, 0xfe };
@ -151,14 +172,17 @@ void User::createCryptoKey(const std::string& password)
//printf("pwd: %s\n", pwd);
return ;
}
crypto_shorthash(mPasswordHashed, key, crypto_box_SEEDBYTES, *ServerConfig::g_ServerCryptoKey);
if (sizeof(mPasswordHashed) != crypto_shorthash_BYTES) {
throw Poco::Exception("crypto_shorthash_BYTES != sizeof(mPasswordHashed)");
}
crypto_shorthash((unsigned char*)&mPasswordHashed, key, crypto_box_SEEDBYTES, *ServerConfig::g_ServerCryptoKey);
lock();
mCryptoKey = new ObfusArray(crypto_box_SEEDBYTES, key);
unlock();
free(key);
// mCryptoKey
printf("[User::createCryptoKey] time used: %s\n", timeUsed.string().data());
}
Poco::Data::Statement User::insertIntoDB(Poco::Data::Session session)
@ -166,10 +190,11 @@ Poco::Data::Statement User::insertIntoDB(Poco::Data::Session session)
Poco::Data::Statement insert(session);
Poco::Data::BLOB pwd(mPasswordHashed, crypto_shorthash_BYTES);
//Poco::Data::BLOB pwd(&mPasswordHashed[0], crypto_shorthash_BYTES);
printf("[User::insertIntoDB] password hashed: %llu\n", mPasswordHashed);
insert << "INSERT INTO users (email, name, password) VALUES(?, ?, ?);",
use(mEmail), use(mFirstName), bind(pwd);
use(mEmail), use(mFirstName), bind(mPasswordHashed);
return insert;
}

7
src/cpp/model/User.h
View File

@ -26,6 +26,9 @@ public:
~User();
static std::string generateNewPassphrase(Mnemonic* word_source);
static bool validatePassphrase(const std::string& passphrase);
bool loadEntryDBId(Poco::Data::Session session);
inline bool hasCryptoKey() { lock(); bool bRet = mCryptoKey != nullptr; unlock(); return bRet; }
inline const char* getEmail() const { return mEmail.data(); }
@ -36,7 +39,7 @@ public:
protected:
void createCryptoKey(const std::string& password);
Poco::Data::Statement insertIntoDB(Poco::Data::Session session);
bool loadEntryDBId(Poco::Data::Session session);
inline void lock() { mWorkingMutex.lock(); }
inline void unlock() { mWorkingMutex.unlock(); }
@ -45,7 +48,7 @@ private:
int mDBId;
std::string mEmail;
std::string mFirstName;
unsigned char mPasswordHashed[crypto_shorthash_BYTES];
unsigned long long mPasswordHashed;
// crypto key as obfus array
ObfusArray* mCryptoKey;

2
src/cpp/tasks/Task.cpp
View File

@ -11,7 +11,7 @@ namespace UniLib {
Task::Task(size_t taskPointerArraySize)
: mTaskScheduled(false), mFinishCommand(nullptr), mParentTaskPtrArray(new TaskPtr[taskPointerArraySize]), mParentTaskPtrArraySize(taskPointerArraySize),
mDeleted(false)
mDeleted(false), mFinished(false), mReferenceCount(1)
{
}

97
src/cpsp/checkEmail.cpsp
View File

@ -1,27 +1,89 @@
<%@ page class="CheckEmailPage" %>
<%@ page baseClass="SessionHTTPRequestHandler" %>
<%@ page ctorArg="Session*" %>
<%@ header include="SessionHTTPRequestHandler.h" %>
<%@ page form="true" %>
<%@ page compressed="true" %>
<%!
#include "../SingletonManager/SessionManager.h"
#include "../model/User.h"
#include "Poco/Net/HTTPCookie.h"
enum PageState
{
PAGE_VERIFICATION_FAILED,
PAGE_ASK_PASSPHRASE,
PAGE_SHOW_PASSPHRASE
PAGE_SHOW_PASSPHRASE,
PAGE_ASK_VERIFICATION_CODE
};
%>
<%%
auto sm = SessionManager::getInstance();
bool hasErrors = false;
unsigned long long verificationCode = 0;
PageState state = PAGE_ASK_PASSPHRASE;
std::string uri = request.getURI();
printf("uri: %s\n", uri.data());
if(!mSession) {// || mSession->getEmailVerificationCode() != ) {
//mSession = sm->findByEmailVerificationCode();
}
//printf("uri: %s\n", uri.data());
if(!form.empty()) {
try {
verificationCode = stoll(form.get("email-verification-code", "0"));
} catch(...) {}
}
if(!verificationCode) {
size_t pos = uri.find_last_of("/");
try {
verificationCode = stoll(uri.substr(pos+1));
} catch(...) {}
}
if(!verificationCode) {
state = PAGE_ASK_VERIFICATION_CODE;
} else {
// no session
if(!mSession || mSession->getEmailVerificationCode() != verificationCode) {
mSession = sm->findByEmailVerificationCode(verificationCode);
}
// no session in server, load from db
if(!mSession) {
mSession = sm->getNewSession();
if(mSession->loadFromEmailVerificationCode(verificationCode)) {
auto cookie_id = mSession->getHandle();
auto user_host = request.clientAddress().host();
mSession->setClientIp(user_host);
response.addCookie(Poco::Net::HTTPCookie("user", std::to_string(cookie_id)));
} else {
sm->releseSession(mSession);
mSession = nullptr;
state = PAGE_VERIFICATION_FAILED;
}
}
if(mSession) {
mSession->updateEmailVerification(verificationCode);
hasErrors = mSession->errorCount() > 0;
if(!hasErrors && !form.empty()) {
auto registerKeyChoice = form.get("passphrase", "");
std::string oldPassphrase = "";
if(registerKeyChoice == "no") {
auto oldPassphrase = form.get("passphrase-existing", "");
if(oldPassphrase != "" && User::validatePassphrase(oldPassphrase)) {
// passphrase is valid
mSession->setPassphrase(oldPassphrase);
mSession->updateState(SESSION_STATE_PASSPHRASE_SHOWN);
state = PAGE_SHOW_PASSPHRASE;
} else {
mSession->addError(new Error("Merkspruch", "Dieser Merkspruch ist ung&uuml;ltig, bitte &uuml;berpr&uuml;fen oder neu generieren (lassen)."));
}
} else if(registerKeyChoice == "yes") {
mSession->generatePassphrase();
state = PAGE_SHOW_PASSPHRASE;
}
}
} else {
state = PAGE_VERIFICATION_FAILED;
}
}
%>
<!DOCTYPE html>
<html>
@ -43,7 +105,7 @@ label:not(.grd_radio_label) {
</head>
<body>
<div class="grd_container">
<% if(hasErrors) {%>
<% if(mSession && hasErrors) {%>
<%= mSession->getErrorsHtml() %>
<%} %>
<h1>Einen neuen Account anlegen</h1>
@ -55,6 +117,7 @@ label:not(.grd_radio_label) {
<div class="grd_textarea">
<%= mSession->getPassphrase() %>
</div>
<a href="/saveKeys">Weiter</a>
</div>
<% } else if(state == PAGE_ASK_PASSPHRASE) { %>
<form method="POST">
@ -63,19 +126,26 @@ label:not(.grd_radio_label) {
<p>Bitte gebe deine Daten um einen Account anzulegen</p>
<p>Hast du schonmal ein Gradido Konto besessen?</p>
<p class="grd_small">
<input id="register-key-new-yes" type="radio" name="register-key" value="yes" checked/>
<label class="grd_radio_label" for="register-key-new-yes">Nein, bitte ein neues erstellen!</label>
<input id="passphrase-new-yes" type="radio" name="passphrase" value="yes" checked/>
<label class="grd_radio_label" for="passphrase-new-yes">Nein, bitte ein neues erstellen!</label>
</p>
<p class="grd_small">
<input id="register-key-new-no" type="radio" name="register-key" value="no"/>
<label class="grd_radio_label" for="register-key-new-no">Ja, bitte wiederherstellen!</label>
<input id="passphrase-new-no" type="radio" name="passphrase" value="no"/>
<label class="grd_radio_label" for="passphrase-new-no">Ja, bitte wiederherstellen!</label>
</p>
<textarea style="width:100%;height:100px" name="register-key-existing"><%= !form.empty() ? form.get("register-key-existing") : "" %></textarea>
<textarea style="width:100%;height:100px" name="passphrase-existing"><%= !form.empty() ? form.get("register-key-existing", "") : "" %></textarea>
</fieldset>
<input class="grd_bn_succeed" type="submit" name="submit" value="Anmelden">
<input class="grd_bn_succeed" type="submit" name="submit" value="Weiter">
</form>
<% } else if(state == PAGE_ASK_VERIFICATION_CODE) { %>
<form method="GET">
<p>Bitte gebe deinen E-Mail Verification Code ein. </p>
<input type="number" name="email-verification-code">
<input class="grd_bn_succeed" type="submit" value="Überprüfe Code">
</form>
<% } else if(state == PAGE_VERIFICATION_FAILED) { %>
<% if(mSession) { %>
<% if(mSession->getSessionState() == SESSION_STATE_EMAIL_VERIFICATION_SEND) { %>
<p>Bitte versuche es erneut</p>
<form method="GET" action="/checkEmail">
@ -88,6 +158,9 @@ label:not(.grd_radio_label) {
<div class="grd_text">Der Account wurde schon freigeschaltet.</div>
<a href="/">Zurück</a>
<% } %>
<% } else { %>
<p>Fehler, bitte wende dich an den Server-Admin order versuche dich erneut zu registrieren.</p>
<% } %>
<% } else { %>
<div class="grd_text">
Ungültige Seite, wenn du das siehst stimmt hier was nicht. Bitte wende dich an den Server-Admin.

3
src/cpsp/dashboard.cpsp
View File

@ -1,4 +1,7 @@
<%@ page class="DashboardPage" %>
<%@ page baseClass="SessionHTTPRequestHandler" %>
<%@ page ctorArg="Session*" %>
<%@ header include="SessionHTTPRequestHandler.h" %>
<%@ page form="true" %>
<%@ page compressed="true" %>
<%!

9
src/cpsp/register.cpsp
View File

@ -8,12 +8,17 @@
<%%
auto session = SessionManager::getInstance()->getNewSession();
bool userReturned = false;
if(!form.empty()) {
if(form.get("register-password2") != form.get("register-password")) {
session->addError(new Error("Passwort", "Passw&ouml;rter sind nicht identisch."));
} else {
userReturned = session->createUser(
form.get("register-name"),
form.get("register-email"),
form.get("register-password")
);
}
if(userReturned) {
auto cookie_id = session->getHandle();
//auto user_host_string = request.clientAddress().toString();
@ -79,6 +84,10 @@ label:not(.grd_radio_label) {
<label for="register-password">Passwort</label>
<input id="register-password" type="password" name="register-password"/>
</p>
<p class="grd_small">
<label for="register-password">Passwort Best&auml;tigung</label>
<input id="register-password2" type="password" name="register-password2"/>
</p>
</fieldset>
<input class="grd_bn_succeed" type="submit" name="submit" value="Anmelden">

87
src/cpsp/saveKeys.cpsp Normal file
View File

@ -0,0 +1,87 @@
<%@ page class="SaveKeysPage" %>
<%@ page baseClass="SessionHTTPRequestHandler" %>
<%@ page ctorArg="Session*" %>
<%@ header include="SessionHTTPRequestHandler.h" %>
<%@ page form="true" %>
<%@ page compressed="true" %>
<%!
#include "../model/Session.h"
%>
<%%
bool hasErrors = mSession->errorCount() > 0;
bool hasPassword = mSession->getUser()->hasCryptoKey();
if(!form.empty()) {
}
%>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Gradido Login Server: Daten auf Server speichern?</title>
<!--<link rel="stylesheet" type="text/css" href="css/styles.min.css">-->
<link rel="stylesheet" type="text/css" href="https://gradido2.dario-rekowski.de/css/styles.css">
<style type="text/css" >
input:not([type='radio']) {
width:200px;
}
label:not(.grd_radio_label) {
width:80px;
display:inline-block;
}
</style>
</head>
<body>
<div class="grd_container">
<% if(hasErrors) {%>
<%= mSession->getErrorsHtml() %>
<%} %>
<h1>Daten speichern</h1>
<form method="POST">
<fieldset>
<legend>Gradido Private Key speichern</legend>
<div class="grd_text">
<p>M&ouml;chtest du deinen Gradido Private Key auf dem Server mit deinem Passwort verschl&uuml;sselt speichern?</p>
<p>Wenn du ihn speicherst brauchst du dich in Zukunft nur mit deiner E-Mail und deinem Passwort einzuloggen.</p>
<p>Wenn du ihn nicht speicherst, m&uuml;sstest du jedes mal wenn du eine Transaktion machen willst, deine Passphrase hier reinkopieren.</p>
</div>
<p class="grd_small">
<input id="save-privkey-yes" type="radio" name="save-privkey" value="yes" checked/>
<label class="grd_radio_label" for="save-privkey-yes">Ja, bitte speichern!</label>
</p>
<% if(!hasPassword) { %>
<p>Ich brauche nochmal dein Passwort wenn du dich für ja entscheidest.</p>
<p class="grd_small">
<label for="login-password">Passwort</label>
<input id="save-privkey-password" type="password" name="save-privkey-password"/>
</p>
<% } %>
<p class="grd_small">
<input id="save-privkey-no" type="radio" name="save-privkey" value="no"/>
<label class="grd_radio_label" for="save-privkey-no">Nein, ich k&uuml;mmere mich selbst darum!</label>
</p>
</fieldset>
<fieldset>
<legend>Passphrase speichern</legend>
<div class="grd_text">
<p>M&ouml;chtest du deine Passphrase mit dem Server-Admin-Key verschl&uuml;sselt auf dem Server gespeichert haben?</p>
<p>Dann kann dir der Server-Admin deine Passphrase zuschicken wenn du sie verlegt hast. </p>
</div>
<p class="grd_small">
<input id="save-passphrase-yes" type="radio" name="save-passphrase" value="yes" checked/>
<label class="grd_radio_label" for="save-passphrase-yes">Ja, bitte speichern!</label>
</p>
<p class="grd_small">
<input id="save-passphrase-no" type="radio" name="save-passphrase" value="no"/>
<label class="grd_radio_label" for="save-passphrase-no">Nein, ich vertraue nur mir selbst!</label>
</p>
</fieldset>
<input class="grd_bn_succeed" type="submit" value="Speichern">
</form>
</div>
</body>
</html>