diff --git a/src/cpp/Crypto/KeyPairEd25519.cpp b/src/cpp/Crypto/KeyPairEd25519.cpp index 64786a864..ee8cabfa0 100644 --- a/src/cpp/Crypto/KeyPairEd25519.cpp +++ b/src/cpp/Crypto/KeyPairEd25519.cpp @@ -47,7 +47,7 @@ KeyPairEd25519* KeyPairEd25519::create(const Poco::AutoPtr passphras auto word_indices = passphrase->getWordIndices(); - if (!word_indices) { + if (!word_indices || (!word_indices[0] && !word_indices[1] && !word_indices[2] && !word_indices[3])) { return nullptr; } std::string clear_passphrase = passphrase->createClearPassphrase(); diff --git a/src/cpp/Crypto/Passphrase.cpp b/src/cpp/Crypto/Passphrase.cpp index d6403ca6e..61599a69d 100644 --- a/src/cpp/Crypto/Passphrase.cpp +++ b/src/cpp/Crypto/Passphrase.cpp @@ -10,6 +10,8 @@ #include "../ServerConfig.h" +#include "../lib/DataTypeConverter.h" + #define STR_BUFFER_SIZE 25 static std::vector> g_specialChars = { @@ -23,6 +25,7 @@ Passphrase::Passphrase(const std::string& passphrase, const Mnemonic* wordSource : mPassphraseString(filter(passphrase)), mWordSource(wordSource) { memset(mWordIndices, 0, PHRASE_WORD_COUNT * sizeof(Poco::UInt16)); + getWordIndices(); } @@ -339,6 +342,14 @@ const Mnemonic* Passphrase::detectMnemonic(const std::string& passphrase, const std::vector results(std::istream_iterator{iss}, std::istream_iterator()); + + std::string user_public_key_hex; + + if (keyPair) { + user_public_key_hex = DataTypeConverter::pubkeyToHex(keyPair->getPublicKey()); + printf("user public key hex: %s\n", user_public_key_hex.data()); + } + for (int i = 0; i < ServerConfig::Mnemonic_Types::MNEMONIC_MAX; i++) { Mnemonic& m = ServerConfig::g_Mnemonic_WordLists[i]; bool existAll = true; @@ -356,6 +367,9 @@ const Mnemonic* Passphrase::detectMnemonic(const std::string& passphrase, const test_passphrase->createWordIndices(); auto key_pair = KeyPairEd25519::create(test_passphrase); if (key_pair) { + std::string current_key_pair = DataTypeConverter::pubkeyToHex(key_pair->getPublicKey()); + printf("public key hex to compare: %s\n", current_key_pair.data()); + if (*key_pair != *keyPair) { delete key_pair; continue; diff --git a/src/cpp/HTTPInterface/CheckTransactionPage.cpp b/src/cpp/HTTPInterface/CheckTransactionPage.cpp index cbf9b5bb9..0dc3231cc 100644 --- a/src/cpp/HTTPInterface/CheckTransactionPage.cpp +++ b/src/cpp/HTTPInterface/CheckTransactionPage.cpp @@ -390,7 +390,7 @@ void CheckTransactionPage::handleRequest(Poco::Net::HTTPServerRequest& request, responseStream << "\t\t\t\t\t"; #line 166 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\checkTransaction.cpsp" if(transactionUser) { responseStream << "\n"; - responseStream << "\t\t\t\t\t\t>"; + responseStream << "\t\t\t\t\t\t"; #line 167 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\checkTransaction.cpsp" responseStream << ( transactionUser->getFirstName() ); responseStream << " "; diff --git a/src/cpp/HTTPInterface/PageRequestHandlerFactory.cpp b/src/cpp/HTTPInterface/PageRequestHandlerFactory.cpp index e827a606e..48e18a414 100644 --- a/src/cpp/HTTPInterface/PageRequestHandlerFactory.cpp +++ b/src/cpp/HTTPInterface/PageRequestHandlerFactory.cpp @@ -344,6 +344,8 @@ Poco::Net::HTTPRequestHandler* PageRequestHandlerFactory::handleCheckEmail(Sessi SessionHTTPRequestHandler* pageRequestHandler = nullptr; if (model::table::EMAIL_OPT_IN_REGISTER_DIRECT == session->getEmailVerificationType()) { pageRequestHandler = new CheckEmailPage(session); + } else if(SESSION_STATE_RESET_PASSWORD_REQUEST == session->getSessionState()) { + pageRequestHandler = new UpdateUserPasswordPage(session); } else { pageRequestHandler = new PassphrasePage(session); } diff --git a/src/cpp/HTTPInterface/ResetPassword.cpp b/src/cpp/HTTPInterface/ResetPassword.cpp index 68dadeed9..5016c703d 100644 --- a/src/cpp/HTTPInterface/ResetPassword.cpp +++ b/src/cpp/HTTPInterface/ResetPassword.cpp @@ -11,8 +11,10 @@ #include "../SingletonManager/SessionManager.h" #include "../SingletonManager/EmailManager.h" #include "../controller/User.h" +#include "../controller/UserBackups.h" enum PageState { + PAGE_EMAIL_ASK, PAGE_ASK, PAGE_WAIT_EMAIL, PAGE_WAIT_ADMIN, @@ -32,10 +34,10 @@ void ResetPassword::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::N if (_compressResponse) response.set("Content-Encoding", "gzip"); Poco::Net::HTMLForm form(request, request.stream()); -#line 19 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\resetPassword.cpsp" +#line 21 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\resetPassword.cpsp" - PageState state = PAGE_ASK; + PageState state = PAGE_EMAIL_ASK; auto lm = LanguageManager::getInstance(); auto sm = SessionManager::getInstance(); auto adminReceiver = EmailManager::getInstance()->getAdminReceiver(); @@ -60,38 +62,56 @@ void ResetPassword::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::N email = form.get("email", ""); auto passphraseMemorized = form.get("passphrase_memorized", ""); auto user = controller::User::create(); + auto ask = form.get("ask_passphrase", ""); - if(email != "") { - if(!user->getModel()->loadFromDB("email", email) || !user->getModel()->isEmailChecked()) { - //printf("user: %s\n", user->getModel()->toString().data()); - addError(new Error(langCatalog->gettext("E-Mail"), langCatalog->gettext("E-Mail Adresse konnte nicht gefunden werden oder ist nicht aktiviert.")), false); + if(email != "") + { + bool user_exist = false; + bool sendUserEmail = false; + + if(!sm->isValid(email, VALIDATE_EMAIL)) { + addError(new Error(gettext(session, "E-Mail"), gettext(session, "Das ist keine gültige E-Mail Adresse")), false); emailInputClass += " is-invalid"; } - } else { - addError(new Error(langCatalog->gettext("E-Mail"), langCatalog->gettext("E-Mail Adresse nicht angegeben.")), false); + user_exist = user->load(email) == 1; + + if(ask == "true") + { + if(passphraseMemorized == "") { + addError(new Error(gettext(session, "Passphrase"), gettext(session, "Bitte wähle eine Option aus.")), false); + passphraseRadioClass += " group-is-invalid"; + } else if(passphraseMemorized == "true") { + sendUserEmail = true; + } + + } + else + { + if(user_exist && !user->tryLoadPassphraseUserBackup()) { + sendUserEmail = true; + } + } + + if(!errorCount()) + { + // send reset password email + if(user_exist) { + session->sendResetPasswordEmail(user, sendUserEmail); + } + + if(sendUserEmail) { + state = PAGE_WAIT_EMAIL; + } else { + state = PAGE_WAIT_ADMIN; + } + } + } + else + { + addError(new Error(gettext(session, "E-Mail"), gettext(session, "E-Mail Adresse nicht angegeben.")), false); emailInputClass += " is-invalid"; } - if(errorCount() < 1 && passphraseMemorized == "") { - addError(new Error(langCatalog->gettext("Passphrase"), langCatalog->gettext("Bitte wähle eine Option aus.")), false); - passphraseRadioClass += " group-is-invalid"; - } - if(errorCount() == 0) { - if(passphraseMemorized == "true") { - auto result = session->resetPassword(user, true); - if(result == 1) { - state = PAGE_EMAIL_ALREADY_SEND; - } else if(result == 0) { - state = PAGE_WAIT_EMAIL; - } - } else if(passphraseMemorized == "false") { - session->resetPassword(user, false); - state = PAGE_WAIT_ADMIN; - } else { - addError(new Error(langCatalog->gettext("Passphrase"), langCatalog->gettext("Ungültige Option"))); - } - } - //printf("\npassphrase memorized result: %s\n", passphraseMemorized.data()); } @@ -204,9 +224,36 @@ void ResetPassword::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::N responseStream << "}\n"; responseStream << "\n"; responseStream << "\n"; + responseStream << " "; +#line 122 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\resetPassword.cpsp" + if(state == PAGE_EMAIL_ASK) { responseStream << "\n"; + responseStream << "\t\t
\n"; + responseStream << "\t\t\t
\n"; + responseStream << "\t\t\t
\n"; + responseStream << "\t\t\t\t\n"; + responseStream << "\t\t\t\t\n"; + responseStream << "\t\t\t
\n"; + responseStream << "\t\t\t \n"; + responseStream << "\t\t\t
\n"; + responseStream << "\t\t
\n"; responseStream << "\t"; -#line 102 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\resetPassword.cpsp" - if(state == PAGE_ASK) { responseStream << "\n"; +#line 132 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\resetPassword.cpsp" + } else if(state == PAGE_ASK) { responseStream << "\n"; responseStream << "\t\t"; // begin include flags.cpsp responseStream << "
\n"; @@ -244,34 +291,35 @@ void ResetPassword::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::N // end include flags.cpsp responseStream << "\n"; responseStream << "\t\t\n"; responseStream << "\t\t\t
\n"; responseStream << "\t\t\t
\n"; responseStream << "\t\t\t\t\n"; responseStream << "\t\t\t\t\n"; responseStream << "\t\t\t\t \n"; + responseStream << "\t\t\t\t\n"; responseStream << "\t\t\t\t
\n"; responseStream << "\t\t\t\t\t
\n"; responseStream << "\t\t\t\t\t \n"; @@ -279,60 +327,60 @@ void ResetPassword::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::N responseStream << "\t\t\t\t\t
\n"; responseStream << "\t\t\t\t\t \n"; responseStream << "\t\t\t\t\t
\n"; responseStream << "\t\t\t\t
\n"; responseStream << "\t\t\t
\n"; - responseStream << "\t\t\t \n"; responseStream << "\t\t\t
\n"; responseStream << "\t\t\n"; responseStream << "\t "; -#line 126 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\resetPassword.cpsp" +#line 157 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\resetPassword.cpsp" } else if(state == PAGE_WAIT_EMAIL) { responseStream << "\n"; responseStream << "\t\t\t"; -#line 127 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\resetPassword.cpsp" +#line 158 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\resetPassword.cpsp" responseStream << ( langCatalog->gettext("Dir wird eine E-Mail zugeschickt um dein Passwort zurückzusetzen.") ); responseStream << "\n"; responseStream << "\t "; -#line 128 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\resetPassword.cpsp" +#line 159 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\resetPassword.cpsp" } else if(state == PAGE_WAIT_ADMIN) { responseStream << "\n"; responseStream << "\t\t\t"; -#line 129 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\resetPassword.cpsp" +#line 160 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\resetPassword.cpsp" responseStream << ( langCatalog->gettext("Der Admin hat eine E-Mail bekommen und wird sich bei dir melden.") ); responseStream << "\n"; responseStream << "\t "; -#line 130 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\resetPassword.cpsp" +#line 161 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\resetPassword.cpsp" } else if(state == PAGE_EMAIL_ALREADY_SEND) { responseStream << "\n"; responseStream << "\t\t\t

"; -#line 131 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\resetPassword.cpsp" +#line 162 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\resetPassword.cpsp" responseStream << ( langCatalog->gettext("Du hast bereits eine E-Mail bekommen. Bitte schau auch in dein Spam-Verzeichnis nach. ") ); responseStream << "

\n"; responseStream << "\t\t\t

"; -#line 132 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\resetPassword.cpsp" +#line 163 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\resetPassword.cpsp" responseStream << ( langCatalog->gettext("Du hast wirklich keine E-Mail erhalten und auch schon ein paar Minuten gewartet?") ); responseStream << "

\n"; responseStream << "\t\t\t

"; -#line 133 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\resetPassword.cpsp" +#line 164 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\resetPassword.cpsp" responseStream << ( langCatalog->gettext("E-Mail an Support schicken")); responseStream << "

\n"; responseStream << "\t "; -#line 134 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\resetPassword.cpsp" +#line 165 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\resetPassword.cpsp" } responseStream << "\n"; responseStream << "
\n"; responseStream << " \n"; responseStream << " \n"; responseStream << " \n"; responseStream << "
\n"; - responseStream << "

© Gradido 2019

\n"; + responseStream << "

© Gradido 2020

\n"; responseStream << "
\n"; responseStream << " \n"; responseStream << "\t