IT4Change/gradido
3
0
Fork 0
mirror of https://github.com/IT4Change/gradido.git synced 2025-12-13 07:45:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix problems with new user in new register process

Browse Source
This commit is contained in:
Dario 2020-07-02 19:02:10 +02:00
parent b901a0be88
commit a897ac6c8b
15 changed files with 257 additions and 94 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/cpp/Crypto/KeyPairEd25519.cpp
View File

@ -47,7 +47,7 @@ KeyPairEd25519* KeyPairEd25519::create(const Poco::AutoPtr<Passphrase> passphras
auto word_indices = passphrase->getWordIndices();
if (!word_indices) {
if (!word_indices || (!word_indices[0] && !word_indices[1] && !word_indices[2] && !word_indices[3])) {
return nullptr;
}
std::string clear_passphrase = passphrase->createClearPassphrase();

14
src/cpp/Crypto/Passphrase.cpp
View File

@ -10,6 +10,8 @@
#include "../ServerConfig.h"
#include "../lib/DataTypeConverter.h"
#define STR_BUFFER_SIZE 25
static std::vector<Poco::Tuple<int, std::string>> g_specialChars = {
@ -23,6 +25,7 @@ Passphrase::Passphrase(const std::string& passphrase, const Mnemonic* wordSource
: mPassphraseString(filter(passphrase)), mWordSource(wordSource)
{
memset(mWordIndices, 0, PHRASE_WORD_COUNT * sizeof(Poco::UInt16));
getWordIndices();
}
@ -339,6 +342,14 @@ const Mnemonic* Passphrase::detectMnemonic(const std::string& passphrase, const
std::vector<std::string> results(std::istream_iterator<std::string>{iss},
std::istream_iterator<std::string>());
std::string user_public_key_hex;
if (keyPair) {
user_public_key_hex = DataTypeConverter::pubkeyToHex(keyPair->getPublicKey());
printf("user public key hex: %s\n", user_public_key_hex.data());
}
for (int i = 0; i < ServerConfig::Mnemonic_Types::MNEMONIC_MAX; i++) {
Mnemonic& m = ServerConfig::g_Mnemonic_WordLists[i];
bool existAll = true;
@ -356,6 +367,9 @@ const Mnemonic* Passphrase::detectMnemonic(const std::string& passphrase, const
test_passphrase->createWordIndices();
auto key_pair = KeyPairEd25519::create(test_passphrase);
if (key_pair) {
std::string current_key_pair = DataTypeConverter::pubkeyToHex(key_pair->getPublicKey());
printf("public key hex to compare: %s\n", current_key_pair.data());
if (*key_pair != *keyPair) {
delete key_pair;
continue;

2
src/cpp/HTTPInterface/CheckTransactionPage.cpp
View File

@ -390,7 +390,7 @@ void CheckTransactionPage::handleRequest(Poco::Net::HTTPServerRequest& request,
responseStream << "\t\t\t\t\t";
#line 166 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\checkTransaction.cpsp"
if(transactionUser) { responseStream << "\n";
responseStream << "\t\t\t\t\t\t<span class=\"content-cell\">>";
responseStream << "\t\t\t\t\t\t<span class=\"content-cell\">";
#line 167 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\checkTransaction.cpsp"
responseStream << ( transactionUser->getFirstName() );
responseStream << " ";

2
src/cpp/HTTPInterface/PageRequestHandlerFactory.cpp
View File

@ -344,6 +344,8 @@ Poco::Net::HTTPRequestHandler* PageRequestHandlerFactory::handleCheckEmail(Sessi
SessionHTTPRequestHandler* pageRequestHandler = nullptr;
if (model::table::EMAIL_OPT_IN_REGISTER_DIRECT == session->getEmailVerificationType()) {
pageRequestHandler = new CheckEmailPage(session);
} else if(SESSION_STATE_RESET_PASSWORD_REQUEST == session->getSessionState()) {
pageRequestHandler = new UpdateUserPasswordPage(session);
} else {
pageRequestHandler = new PassphrasePage(session);
}

150
src/cpp/HTTPInterface/ResetPassword.cpp
View File

@ -11,8 +11,10 @@
#include "../SingletonManager/SessionManager.h"
#include "../SingletonManager/EmailManager.h"
#include "../controller/User.h"
#include "../controller/UserBackups.h"
enum PageState {
PAGE_EMAIL_ASK,
PAGE_ASK,
PAGE_WAIT_EMAIL,
PAGE_WAIT_ADMIN,
@ -32,10 +34,10 @@ void ResetPassword::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::N
if (_compressResponse) response.set("Content-Encoding", "gzip");
Poco::Net::HTMLForm form(request, request.stream());
#line 19 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\resetPassword.cpsp"
#line 21 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\resetPassword.cpsp"
PageState state = PAGE_ASK;
PageState state = PAGE_EMAIL_ASK;
auto lm = LanguageManager::getInstance();
auto sm = SessionManager::getInstance();
auto adminReceiver = EmailManager::getInstance()->getAdminReceiver();
@ -60,38 +62,56 @@ void ResetPassword::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::N
email = form.get("email", "");
auto passphraseMemorized = form.get("passphrase_memorized", "");
auto user = controller::User::create();
auto ask = form.get("ask_passphrase", "");
if(email != "") {
if(!user->getModel()->loadFromDB("email", email) || !user->getModel()->isEmailChecked()) {
//printf("user: %s\n", user->getModel()->toString().data());
addError(new Error(langCatalog->gettext("E-Mail"), langCatalog->gettext("E-Mail Adresse konnte nicht gefunden werden oder ist nicht aktiviert.")), false);
if(email != "")
{
bool user_exist = false;
bool sendUserEmail = false;
if(!sm->isValid(email, VALIDATE_EMAIL)) {
addError(new Error(gettext(session, "E-Mail"), gettext(session, "Das ist keine g&uuml;ltige E-Mail Adresse")), false);
emailInputClass += " is-invalid";
}
} else {
addError(new Error(langCatalog->gettext("E-Mail"), langCatalog->gettext("E-Mail Adresse nicht angegeben.")), false);
user_exist = user->load(email) == 1;
if(ask == "true")
{
if(passphraseMemorized == "") {
addError(new Error(gettext(session, "Passphrase"), gettext(session, "Bitte w&auml;hle eine Option aus.")), false);
passphraseRadioClass += " group-is-invalid";
} else if(passphraseMemorized == "true") {
sendUserEmail = true;
}
}
else
{
if(user_exist && !user->tryLoadPassphraseUserBackup()) {
sendUserEmail = true;
}
}
if(!errorCount())
{
// send reset password email
if(user_exist) {
session->sendResetPasswordEmail(user, sendUserEmail);
}
if(sendUserEmail) {
state = PAGE_WAIT_EMAIL;
} else {
state = PAGE_WAIT_ADMIN;
}
}
}
else
{
addError(new Error(gettext(session, "E-Mail"), gettext(session, "E-Mail Adresse nicht angegeben.")), false);
emailInputClass += " is-invalid";
}
if(errorCount() < 1 && passphraseMemorized == "") {
addError(new Error(langCatalog->gettext("Passphrase"), langCatalog->gettext("Bitte w&auml;hle eine Option aus.")), false);
passphraseRadioClass += " group-is-invalid";
}
if(errorCount() == 0) {
if(passphraseMemorized == "true") {
auto result = session->resetPassword(user, true);
if(result == 1) {
state = PAGE_EMAIL_ALREADY_SEND;
} else if(result == 0) {
state = PAGE_WAIT_EMAIL;
}
} else if(passphraseMemorized == "false") {
session->resetPassword(user, false);
state = PAGE_WAIT_ADMIN;
} else {
addError(new Error(langCatalog->gettext("Passphrase"), langCatalog->gettext("Ung&uuml;ltige Option")));
}
}
//printf("\npassphrase memorized result: %s\n", passphraseMemorized.data());
}
@ -204,9 +224,36 @@ void ResetPassword::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::N
responseStream << "}\n";
responseStream << "\n";
responseStream << "</style>\n";
responseStream << " ";
#line 122 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\resetPassword.cpsp"
if(state == PAGE_EMAIL_ASK) { responseStream << "\n";
responseStream << "\t\t<form action=\"";
#line 123 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\resetPassword.cpsp"
responseStream << ( ServerConfig::g_serverPath );
responseStream << "/resetPassword\">\n";
responseStream << "\t\t\t<div class=\"item-wrapper\">\n";
responseStream << "\t\t\t <div class=\"form-group\">\n";
responseStream << "\t\t\t\t<label for=\"email\">";
#line 126 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\resetPassword.cpsp"
responseStream << ( langCatalog->gettext("Gebe bitte hier deine E-Mail Adresse an:") );
responseStream << "&nbsp;&nbsp;&nbsp;&nbsp;</label>\n";
responseStream << "\t\t\t\t<input type=\"text\" class=\"";
#line 127 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\resetPassword.cpsp"
responseStream << ( emailInputClass );
responseStream << "\" name=\"email\" id=\"email\" placeholder=\"E-Mail\" value=\"";
#line 127 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\resetPassword.cpsp"
responseStream << ( email );
responseStream << "\">\n";
responseStream << "\t\t\t </div>\n";
responseStream << "\t\t\t <button type=\"submit\" class=\"btn btn-sm btn-primary\" >";
#line 129 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\resetPassword.cpsp"
responseStream << ( langCatalog->gettext("Bestätigen") );
responseStream << "</button>\n";
responseStream << "\t\t\t</div>\n";
responseStream << "\t\t</form>\n";
responseStream << "\t";
#line 102 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\resetPassword.cpsp"
if(state == PAGE_ASK) { responseStream << "\n";
#line 132 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\resetPassword.cpsp"
} else if(state == PAGE_ASK) { responseStream << "\n";
responseStream << "\t\t";
// begin include flags.cpsp
responseStream << "<form method=\"GET\" action=\"\">\n";
@ -244,34 +291,35 @@ void ResetPassword::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::N
// end include flags.cpsp
responseStream << "\n";
responseStream << "\t\t<form action=\"";
#line 104 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\resetPassword.cpsp"
#line 134 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\resetPassword.cpsp"
responseStream << ( ServerConfig::g_serverPath );
responseStream << "/resetPassword\">\n";
responseStream << "\t\t\t<div class=\"item-wrapper\">\n";
responseStream << "\t\t\t <div class=\"form-group\">\n";
responseStream << "\t\t\t\t<label for=\"email\">";
#line 107 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\resetPassword.cpsp"
#line 137 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\resetPassword.cpsp"
responseStream << ( langCatalog->gettext("Gebe bitte hier deine E-Mail Adresse an:") );
responseStream << "&nbsp;&nbsp;&nbsp;&nbsp;</label>\n";
responseStream << "\t\t\t\t<input type=\"text\" class=\"";
#line 108 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\resetPassword.cpsp"
#line 138 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\resetPassword.cpsp"
responseStream << ( emailInputClass );
responseStream << "\" name=\"email\" id=\"email\" placeholder=\"E-Mail\" value=\"";
#line 108 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\resetPassword.cpsp"
#line 138 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\resetPassword.cpsp"
responseStream << ( email );
responseStream << "\">\n";
responseStream << "\t\t\t\t<label>";
#line 109 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\resetPassword.cpsp"
#line 139 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\resetPassword.cpsp"
responseStream << ( langCatalog->gettext("Hast du dir deine Passphrase notiert oder gemerkt?") );
responseStream << "</label> \n";
responseStream << "\t\t\t\t<input type=\"hidden\" name=\"ask_passphrase\" value=\"true\">\n";
responseStream << "\t\t\t\t<div class=\"";
#line 110 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\resetPassword.cpsp"
#line 141 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\resetPassword.cpsp"
responseStream << ( passphraseRadioClass );
responseStream << "\">\n";
responseStream << "\t\t\t\t\t<div class=\"radio\">\n";
responseStream << "\t\t\t\t\t <label class=\"radio-label mr-4\">\n";
responseStream << "\t\t\t\t\t\t<input name=\"passphrase_memorized\" onclick=\"removeGroupInvalidClass()\" type=\"radio\" value=\"true\">";
#line 113 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\resetPassword.cpsp"
#line 144 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\resetPassword.cpsp"
responseStream << ( langCatalog->gettext("Ja") );
responseStream << " <i class=\"input-frame\"></i>\n";
responseStream << "\t\t\t\t\t </label>\n";
@ -279,60 +327,60 @@ void ResetPassword::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::N
responseStream << "\t\t\t\t\t<div class=\"radio\">\n";
responseStream << "\t\t\t\t\t <label class=\"radio-label\">\n";
responseStream << "\t\t\t\t\t\t<input name=\"passphrase_memorized\" onclick=\"removeGroupInvalidClass()\" type=\"radio\" value=\"false\">";
#line 118 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\resetPassword.cpsp"
#line 149 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\resetPassword.cpsp"
responseStream << ( langCatalog->gettext("Nein") );
responseStream << " <i class=\"input-frame\"></i>\n";
responseStream << "\t\t\t\t\t </label>\n";
responseStream << "\t\t\t\t\t</div>\n";
responseStream << "\t\t\t\t</div>\n";
responseStream << "\t\t\t </div>\n";
responseStream << "\t\t\t <button type=\"submit\" class=\"btn btn-sm btn-primary\" >";
#line 123 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\resetPassword.cpsp"
responseStream << "\t\t\t <button type=\"submit\" class=\"btn btn-sm btn-primary\" name=\"ask\" >";
#line 154 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\resetPassword.cpsp"
responseStream << ( langCatalog->gettext("Absenden") );
responseStream << "</button>\n";
responseStream << "\t\t\t</div>\n";
responseStream << "\t\t</form>\n";
responseStream << "\t ";
#line 126 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\resetPassword.cpsp"
#line 157 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\resetPassword.cpsp"
} else if(state == PAGE_WAIT_EMAIL) { responseStream << "\n";
responseStream << "\t\t\t";
#line 127 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\resetPassword.cpsp"
#line 158 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\resetPassword.cpsp"
responseStream << ( langCatalog->gettext("Dir wird eine E-Mail zugeschickt um dein Passwort zur&uuml;ckzusetzen.") );
responseStream << "\n";
responseStream << "\t ";
#line 128 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\resetPassword.cpsp"
#line 159 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\resetPassword.cpsp"
} else if(state == PAGE_WAIT_ADMIN) { responseStream << "\n";
responseStream << "\t\t\t";
#line 129 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\resetPassword.cpsp"
#line 160 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\resetPassword.cpsp"
responseStream << ( langCatalog->gettext("Der Admin hat eine E-Mail bekommen und wird sich bei dir melden.") );
responseStream << "\n";
responseStream << "\t ";
#line 130 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\resetPassword.cpsp"
#line 161 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\resetPassword.cpsp"
} else if(state == PAGE_EMAIL_ALREADY_SEND) { responseStream << "\n";
responseStream << "\t\t\t<p>";
#line 131 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\resetPassword.cpsp"
#line 162 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\resetPassword.cpsp"
responseStream << ( langCatalog->gettext("Du hast bereits eine E-Mail bekommen. Bitte schau auch in dein Spam-Verzeichnis nach. ") );
responseStream << "</p>\n";
responseStream << "\t\t\t<p>";
#line 132 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\resetPassword.cpsp"
#line 163 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\resetPassword.cpsp"
responseStream << ( langCatalog->gettext("Du hast wirklich keine E-Mail erhalten und auch schon ein paar Minuten gewartet?") );
responseStream << "</p>\n";
responseStream << "\t\t\t<p><b><a href=\"mailto:";
#line 133 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\resetPassword.cpsp"
#line 164 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\resetPassword.cpsp"
responseStream << ( adminReceiver );
responseStream << "?subject=Error Reset Password email&amp;body=Hallo Dario,%0D%0A%0D%0Aich habe keine Passwort zurücksetzen E-Mail erhalten,%0D%0Akannst du das prüfen?%0D%0A%0D%0AMit freundlichen Grüßen%0D%0A\">";
#line 133 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\resetPassword.cpsp"
#line 164 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\resetPassword.cpsp"
responseStream << ( langCatalog->gettext("E-Mail an Support schicken"));
responseStream << "</a></b></p>\n";
responseStream << "\t ";
#line 134 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\resetPassword.cpsp"
#line 165 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\resetPassword.cpsp"
} responseStream << "\n";
responseStream << " </div> \n";
responseStream << " </div>\n";
responseStream << " </div>\n";
responseStream << " </div>\n";
responseStream << " <div class=\"auth_footer\">\n";
responseStream << " <p class=\"text-muted text-center\">© Gradido 2019</p>\n";
responseStream << " <p class=\"text-muted text-center\">© Gradido 2020</p>\n";
responseStream << " </div>\n";
responseStream << " </div>\n";
responseStream << "\t<script type=\"text/javascript\">\n";

53
src/cpp/ImportantTests.cpp
View File

@ -3,12 +3,29 @@
#include <string>
#include "ServerConfig.h"
#include "Crypto/KeyPair.h"
#include "Crypto/KeyPairEd25519.h"
#include "lib/DataTypeConverter.h"
namespace ImportantTests {
bool validateKeyPairED25519(const std::string& passphrase, const Mnemonic* wordSource, const std::string& public_key_hex)
{
Poco::AutoPtr<Passphrase> passphrase_obj = new Passphrase(passphrase, wordSource);
//passphrase_obj->getWordIndices();
passphrase_obj->getWordIndices();
auto gradido_key_pair = std::unique_ptr<KeyPairEd25519>(KeyPairEd25519::create(passphrase_obj));
auto gradido_key_pair_public_hex = DataTypeConverter::pubkeyToHex(gradido_key_pair->getPublicKey());
if (gradido_key_pair_public_hex != public_key_hex) {
return false;
}
return true;
}
bool passphraseGenerationAndTransformation()
{
auto de_words = &ServerConfig::g_Mnemonic_WordLists[ServerConfig::MNEMONIC_GRADIDO_BOOK_GERMAN_RANDOM_ORDER];
auto de2_words = &ServerConfig::g_Mnemonic_WordLists[ServerConfig::MNEMONIC_GRADIDO_BOOK_GERMAN_RANDOM_ORDER_FIXED_CASES];
auto en_words = &ServerConfig::g_Mnemonic_WordLists[ServerConfig::MNEMONIC_BIP0039_SORTED_ORDER];
std::string passphrase_1_de = u8"beziffern Anbeginn häkeln Sozialabgaben Rasen fließen Frau weltweit Urlaub Urwissen Lohn plötzlich Gefrierpunkt Derartig Biedermeier getragen denken Realisierung Boden maximal voneinander Fördern Braten Entlastung";
@ -19,6 +36,8 @@ namespace ImportantTests {
std::string passphrase_2_en = "place oblige gain jar neither note cry riot empty inform egg skate suffer garlic lake ladder liquid focus gorilla subject strong much oyster reduce";
std::string passphrase_2_pubkey_hex = "3d547825bb53465579b95560981f444105495f2b6a68134fbec28ce518ac7b38";
// test old key pair implementation
KeyPair keys;
bool errorsOccured = false;
std::string filtered_1_de = KeyPair::filterPassphrase(passphrase_1_de);
@ -44,6 +63,40 @@ namespace ImportantTests {
errorsOccured = true;
}
// test new key pair implementation
if (!validateKeyPairED25519(passphrase_1_de, de_words, passphrase_1_pubkey_hex)) {
printf("new 1 de incorrect\n");
errorsOccured = true;
}
if (!validateKeyPairED25519(passphrase_1_en, en_words, passphrase_1_pubkey_hex)) {
printf("new 1 en incorrect\n");
errorsOccured = true;
}
if (!validateKeyPairED25519(passphrase_2_de, de_words, passphrase_2_pubkey_hex)) {
printf("new 2 de incorrect\n");
errorsOccured = true;
}
if (!validateKeyPairED25519(passphrase_2_en, en_words, passphrase_2_pubkey_hex)) {
printf("new 2 en incorrect\n");
errorsOccured = true;
}
/*Poco::AutoPtr<Passphrase> passphrase_1_de_obj = new Passphrase(passphrase_1_de, de_words);
Poco::AutoPtr<Passphrase> passphrase_1_en_obj = new Passphrase(passphrase_1_en, en_words);
Poco::AutoPtr<Passphrase> passphrase_2_de_obj = new Passphrase(passphrase_2_de, de_words);
Poco::AutoPtr<Passphrase> passphrase_2_en_obj = new Passphrase(passphrase_2_en, en_words);
auto gradido_key_pair_1_de = std::unique_ptr<KeyPairEd25519>(KeyPairEd25519::create(passphrase_1_de_obj));
auto gradido_key_pair_1_de_public_hex = DataTypeConverter::pubkeyToHex(gradido_key_pair_1_de->getPublicKey());
if (gradido_key_pair_1_de_public_hex != passphrase_1_pubkey_hex) {
printf("gradido key 1 de incorrect\n");
errorsOccured = true;
}
auto gradido_key_pair_1_en = std::unique_ptr<KeyPairEd25519>(KeyPairEd25519::create(passphrase_1_en_obj));
if(DataTypeConverter::pubkeyToHex())
*/
if (!errorsOccured) return true;
return false;
}

4
src/cpp/ImportantTests.h
View File

@ -1,7 +1,11 @@
#ifndef __GRADIDO_LOGIN_SERVER_IMPORTANT_TESTS_H
#define __GRADIDO_LOGIN_SERVER_IMPORTANT_TESTS_H
#include <string>
#include "Crypto/mnemonic.h"
namespace ImportantTests {
bool validateKeyPairED25519(const std::string& passphrase, const Mnemonic* wordSource, const std::string& public_key_hex);
bool passphraseGenerationAndTransformation();
};

6
src/cpp/JSONInterface/JsonGetLogin.cpp
View File

@ -47,8 +47,8 @@ Poco::JSON::Object* JsonGetLogin::handle(Poco::Dynamic::Var params)
}
auto userNew = session->getNewUser();
auto user = session->getUser();
if (user.isNull()) {
//auto user = session->getUser();
if (userNew.isNull()) {
return customStateError("not found", "Session didn't contain user");
}
auto userModel = userNew->getModel();
@ -78,6 +78,8 @@ Poco::JSON::Object* JsonGetLogin::handle(Poco::Dynamic::Var params)
}
result->set("Transaction.executing", executing);
//printf("pending: %d\n", session->getProcessingTransactionCount());
std::string user_string = userModel->toString();
printf("[JsonGetLogin] %s\n", user_string.data());
return result;
}

9
src/cpp/controller/User.cpp
View File

@ -290,7 +290,7 @@ namespace controller {
//! \return -1 no matching entry found
//! \return -2 if user id is not set or invalid
//! \return 0 matching entry found, load as gradido key pair
//! \return 0 matching entry found
int User::tryLoadPassphraseUserBackup()
{
auto user_model = getModel();
@ -299,9 +299,12 @@ namespace controller {
auto backups = UserBackups::load(user_model->getID());
if (backups.size() == 0) return -1;
for (auto it = backups.begin(); it != backups.end(); it++) {
auto key_pair = std::unique_ptr<KeyPairEd25519>((*it)->createGradidoKeyPair());
auto user_backup = *it;
if (-1 == user_backup->getModel()->getMnemonicType()) {
continue;
}
auto key_pair = std::unique_ptr<KeyPairEd25519>(user_backup->createGradidoKeyPair());
if (key_pair->isTheSame(user_model->getPublicKey())) {
setGradidoKeyPair(key_pair.release());
return 0;
}
}

2
src/cpp/controller/User.h
View File

@ -45,7 +45,7 @@ namespace controller {
//!
//! \return -1 no matching entry found
//! \return -2 user id invalid or net set
//! \return 0 matching entry found, load as gradido key pair
//! \return 0 matching entry found
int tryLoadPassphraseUserBackup();
inline size_t load(const std::string& email) { return getModel()->loadFromDB("email", email); }

3
src/cpp/lib/ErrorList.cpp
View File

@ -138,7 +138,10 @@ std::string ErrorList::getErrorsHtmlNewFormat()
auto error = std::unique_ptr<Error>(mErrorStack.top());
mErrorStack.pop();
html += "<div class=\"alert alert-error\" role=\"alert\">";
html += "<i class=\"material-icons-outlined\">report_problem</i>";
html += "<span>";
html += error->getHtmlString();
html += "</span>";
html += "</div>";
}
return html;

5
src/cpp/model/Session.cpp
View File

@ -458,6 +458,7 @@ int Session::updateEmailVerification(Poco::UInt64 emailVerificationCode)
}
if (first_email_activation) {
user_model->setEmailChecked(true);
user_model->updateIntoDB("email_checked", 1);
if (user_model->errorCount() > 0) {
user_model->sendErrorsAsEmail();
@ -522,7 +523,7 @@ int Session::updateEmailVerification(Poco::UInt64 emailVerificationCode)
}
int Session::resetPassword(Poco::AutoPtr<controller::User> user, bool passphraseMemorized)
int Session::sendResetPasswordEmail(Poco::AutoPtr<controller::User> user, bool passphraseMemorized)
{
mNewUser = user;
mSessionUser = new User(user);
@ -1134,7 +1135,7 @@ bool Session::generateKeys(bool savePrivkey, bool savePassphrase)
save_user_backup_task->scheduleTask(save_user_backup_task);
}
// keys
// keys
auto gradido_key_pair = KeyPairEd25519::create(passphrase);
auto set_key_result = mNewUser->setGradidoKeyPair(gradido_key_pair);
size_t result_save_key = 0;

6
src/cpp/model/Session.h
View File

@ -110,7 +110,7 @@ public:
// called from page with same name
//! \return 1 = reset password email already send
//! \return 0 = ok
int resetPassword(Poco::AutoPtr<controller::User> user, bool passphraseMemorized);
int sendResetPasswordEmail(Poco::AutoPtr<controller::User> user, bool passphraseMemorized);
//
//! \return 0 = not the same
//! \return 1 = same
@ -147,7 +147,9 @@ public:
inline Poco::UInt64 getEmailVerificationCode() { if (mEmailVerificationCodeObject.isNull()) return 0; return mEmailVerificationCodeObject->getModel()->getCode(); }
inline model::table::EmailOptInType getEmailVerificationType() {
if (mEmailVerificationCodeObject.isNull()) return model::table::EMAIL_OPT_IN_EMPTY;
if (mEmailVerificationCodeObject.isNull()) {
return model::table::EMAIL_OPT_IN_EMPTY;
}
return mEmailVerificationCodeObject->getModel()->getType();
}

2
src/cpsp/checkTransaction.cpsp
View File

@ -164,7 +164,7 @@ enum PageState {
</div>
<div class="content-row content-row-bg">
<% if(transactionUser) { %>
<span class="content-cell">><%= transactionUser->getFirstName() %> <%= transactionUser->getLastName() %> &lt;<%= transactionUser->getEmail() %>&gt;</span>
<span class="content-cell"><%= transactionUser->getFirstName() %> <%= transactionUser->getLastName() %> &lt;<%= transactionUser->getEmail() %>&gt;</span>
<% } else { %>
<span class="content-cell">0x<%= creationTransaction->getPublicHex() %></span>
<% } %>

91
src/cpsp/resetPassword.cpsp
View File

@ -8,8 +8,10 @@
#include "../SingletonManager/SessionManager.h"
#include "../SingletonManager/EmailManager.h"
#include "../controller/User.h"
#include "../controller/UserBackups.h"
enum PageState {
PAGE_EMAIL_ASK,
PAGE_ASK,
PAGE_WAIT_EMAIL,
PAGE_WAIT_ADMIN,
@ -18,7 +20,7 @@ enum PageState {
};
%><%%
PageState state = PAGE_ASK;
PageState state = PAGE_EMAIL_ASK;
auto lm = LanguageManager::getInstance();
auto sm = SessionManager::getInstance();
auto adminReceiver = EmailManager::getInstance()->getAdminReceiver();
@ -43,38 +45,56 @@ enum PageState {
email = form.get("email", "");
auto passphraseMemorized = form.get("passphrase_memorized", "");
auto user = controller::User::create();
auto ask = form.get("ask_passphrase", "");
if(email != "") {
if(!user->getModel()->loadFromDB("email", email) || !user->getModel()->isEmailChecked()) {
//printf("user: %s\n", user->getModel()->toString().data());
addError(new Error(langCatalog->gettext("E-Mail"), langCatalog->gettext("E-Mail Adresse konnte nicht gefunden werden oder ist nicht aktiviert.")), false);
if(email != "")
{
bool user_exist = false;
bool sendUserEmail = false;
if(!sm->isValid(email, VALIDATE_EMAIL)) {
addError(new Error(gettext(session, "E-Mail"), gettext(session, "Das ist keine g&uuml;ltige E-Mail Adresse")), false);
emailInputClass += " is-invalid";
}
} else {
addError(new Error(langCatalog->gettext("E-Mail"), langCatalog->gettext("E-Mail Adresse nicht angegeben.")), false);
user_exist = user->load(email) == 1;
if(ask == "true")
{
if(passphraseMemorized == "") {
addError(new Error(gettext(session, "Passphrase"), gettext(session, "Bitte w&auml;hle eine Option aus.")), false);
passphraseRadioClass += " group-is-invalid";
} else if(passphraseMemorized == "true") {
sendUserEmail = true;
}
}
else
{
if(user_exist && !user->tryLoadPassphraseUserBackup()) {
sendUserEmail = true;
}
}
if(!errorCount())
{
// send reset password email
if(user_exist) {
session->sendResetPasswordEmail(user, sendUserEmail);
}
if(sendUserEmail) {
state = PAGE_WAIT_EMAIL;
} else {
state = PAGE_WAIT_ADMIN;
}
}
}
else
{
addError(new Error(gettext(session, "E-Mail"), gettext(session, "E-Mail Adresse nicht angegeben.")), false);
emailInputClass += " is-invalid";
}
if(errorCount() < 1 && passphraseMemorized == "") {
addError(new Error(langCatalog->gettext("Passphrase"), langCatalog->gettext("Bitte w&auml;hle eine Option aus.")), false);
passphraseRadioClass += " group-is-invalid";
}
if(errorCount() == 0) {
if(passphraseMemorized == "true") {
auto result = session->resetPassword(user, true);
if(result == 1) {
state = PAGE_EMAIL_ALREADY_SEND;
} else if(result == 0) {
state = PAGE_WAIT_EMAIL;
}
} else if(passphraseMemorized == "false") {
session->resetPassword(user, false);
state = PAGE_WAIT_ADMIN;
} else {
addError(new Error(langCatalog->gettext("Passphrase"), langCatalog->gettext("Ung&uuml;ltige Option")));
}
}
//printf("\npassphrase memorized result: %s\n", passphraseMemorized.data());
}
@ -99,7 +119,17 @@ enum PageState {
}
</style>
<% if(state == PAGE_ASK) { %>
<% if(state == PAGE_EMAIL_ASK) { %>
<form action="<%= ServerConfig::g_serverPath %>/resetPassword">
<div class="item-wrapper">
<div class="form-group">
<label for="email"><%= langCatalog->gettext("Gebe bitte hier deine E-Mail Adresse an:") %>&nbsp;&nbsp;&nbsp;&nbsp;</label>
<input type="text" class="<%= emailInputClass %>" name="email" id="email" placeholder="E-Mail" value="<%= email %>">
</div>
<button type="submit" class="btn btn-sm btn-primary" ><%= langCatalog->gettext("Bestätigen") %></button>
</div>
</form>
<% } else if(state == PAGE_ASK) { %>
<%@ include file="flags.cpsp" %>
<form action="<%= ServerConfig::g_serverPath %>/resetPassword">
<div class="item-wrapper">
@ -107,6 +137,7 @@ enum PageState {
<label for="email"><%= langCatalog->gettext("Gebe bitte hier deine E-Mail Adresse an:") %>&nbsp;&nbsp;&nbsp;&nbsp;</label>
<input type="text" class="<%= emailInputClass %>" name="email" id="email" placeholder="E-Mail" value="<%= email %>">
<label><%= langCatalog->gettext("Hast du dir deine Passphrase notiert oder gemerkt?") %></label>
<input type="hidden" name="ask_passphrase" value="true">
<div class="<%= passphraseRadioClass %>">
<div class="radio">
<label class="radio-label mr-4">
@ -120,7 +151,7 @@ enum PageState {
</div>
</div>
</div>
<button type="submit" class="btn btn-sm btn-primary" ><%= langCatalog->gettext("Absenden") %></button>
<button type="submit" class="btn btn-sm btn-primary" name="ask" ><%= langCatalog->gettext("Absenden") %></button>
</div>
</form>
<% } else if(state == PAGE_WAIT_EMAIL) { %>
@ -137,7 +168,7 @@ enum PageState {
</div>
</div>
<div class="auth_footer">
<p class="text-muted text-center">© Gradido 2019</p>
<p class="text-muted text-center">© Gradido 2020</p>
</div>
</div>
<script type="text/javascript">