Merge pull request #570 from gradido/login_reset_password

Login reset password

docu/login_server.api.md

@@ -505,6 +505,29 @@ The link can be modified in the Login-Server config:
 
 For the docker build, you can find the config here: `configs/login_server/grd_login.properties`
 
+### Request
+`POST http://localhost/login_api/resetPassword`
+
+with:
+
+```json
+{
+	"session_id": 12452361, 
+	"password":"hasu/282?sjS"
+}
+```
+
+### Response
+In case of success returns:
+
+```json 
+{
+	"state":"success"
+}
+```
+
+
+
 ## Check Running Transactions / password encryption
 Check if transactions on login-server for user are processed 
 

frontend/src/apis/loginAPI.js

@@ -106,7 +106,7 @@ const loginAPI = {
         'User.password': password,
       },
     }
-    return apiPost(CONFIG.LOGIN_API_URL + 'updateUserInfos', payload)
+    return apiPost(CONFIG.LOGIN_API_URL + 'resetPassword', payload)
   },
   changePasswordProfile: async (sessionId, email, password, passwordNew) => {
     const payload = {

frontend/src/views/Pages/ResetPassword.spec.js

@@ -56,6 +56,11 @@ describe('ResetPassword', () => {
     $router: {
       push: routerPushMock,
     },
+    $loading: {
+      show: jest.fn(() => {
+        return { hide: jest.fn() }
+      }),
+    },
   }
 
   const stubs = {

frontend/src/views/Pages/ResetPassword.vue

@@ -154,6 +154,9 @@ export default {
       }
     },
     async authenticate() {
+      const loader = this.$loading.show({
+        container: this.$refs.submitButton,
+      })
       const optin = this.$route.params.optin
       const result = await loginAPI.loginViaEmailVerificationCode(optin)
       if (result.success) {
@@ -163,6 +166,7 @@ export default {
       } else {
         this.$toast.error(result.result.message)
       }
+      loader.hide()
     },
   },
   computed: {

login_server/src/cpp/JSONInterface/JsonRequestHandler.cpp

@@ -227,6 +227,19 @@ Poco::JSON::Object* JsonRequestHandler::checkAndLoadSession(Poco::Dynamic::Var p
 			return stateError("error parsing query params, Poco Error", ex.displayText());
 		}
 	}
+	else if (params.type() == typeid(Poco::JSON::Object::Ptr)) {
+		try {
+			Poco::JSON::Object::Ptr paramJsonObject = params.extract<Poco::JSON::Object::Ptr>();
+			auto session_id_obj = paramJsonObject->get("session_id");
+			if (session_id_obj.isEmpty()) {
+				return stateError("missing session_id");
+			}
+			session_id_obj.convert(session_id);
+		}
+		catch (Poco::Exception& ex) {
+			return stateError("Poco Exception by reading session_id", ex.what());
+		}
+	}
 
 	if (!session_id) {
 		return stateError("empty session id");

login_server/src/cpp/JSONInterface/JsonRequestHandlerFactory.cpp

@@ -19,6 +19,7 @@
 #include "JsonLoginViaEmailVerificationCode.h"
 #include "JsonLogout.h"
 #include "JsonNetworkInfos.h"
+#include "JsonResetPassword.h"
 #include "JsonSendEmail.h"
 #include "JsonAdminEmailVerificationResend.h"
 #include "JsonGetUserInfos.h"
@@ -114,6 +115,9 @@ Poco::Net::HTTPRequestHandler* JsonRequestHandlerFactory::createRequestHandler(c
 	else if (url_first_part == "/sendEmail") {
 		return new JsonSendEmail;
 	}
+	else if (url_first_part == "/resetPassword") {
+		return new JsonResetPassword;
+	}
 	else if (url_first_part == "/logout") {
 		return new JsonLogout(client_host);
 	}

login_server/src/cpp/JSONInterface/JsonResetPassword.cpp

@@ -0,0 +1,53 @@
+#include "JsonResetPassword.h"
+
+#include "SingletonManager/SessionManager.h"
+#include "SingletonManager/SingletonTaskObserver.h"
+
+Poco::JSON::Object* JsonResetPassword::handle(Poco::Dynamic::Var params)
+{
+	auto result_session_check = checkAndLoadSession(params, false);
+	if (result_session_check) {
+		return result_session_check;
+	}
+
+	std::string password;
+	// if is json object
+	if (params.type() == typeid(Poco::JSON::Object::Ptr)) {
+		Poco::JSON::Object::Ptr paramJsonObject = params.extract<Poco::JSON::Object::Ptr>();
+		try {
+			auto password_obj = paramJsonObject->get("password");
+			if (password_obj.isEmpty()) {
+				return stateError("password missing");
+			}
+			password_obj.convert(password);
+		}
+		catch (Poco::Exception& ex) {
+			return stateError("error parsing json", ex.what());
+		}
+	}
+	auto sm = SessionManager::getInstance();
+	NotificationList errors;
+	if (!sm->checkPwdValidation(password, &errors, LanguageManager::getInstance()->getFreeCatalog(LANG_EN))) {
+		return stateError("password isn't valid", &errors);
+	}
+	auto user = mSession->getNewUser();
+	if (user.isNull() || user->getModel().isNull()) {
+		return stateError("invalid user");
+	}
+
+	auto observer = SingletonTaskObserver::getInstance();
+	auto email_hash = observer->makeHash(user->getModel()->getEmail());
+
+	if (observer->getTaskCount(email_hash, TASK_OBSERVER_PASSWORD_CREATION) > 0) {
+		return stateError("password encryption is already running");
+	}
+
+	auto update_password_result = user->setNewPassword(password);
+	if (update_password_result == 2) {
+		KeyPairEd25519* key_pair = NULL;
+		if (!user->tryLoadPassphraseUserBackup(&key_pair)) {
+			user->setGradidoKeyPair(key_pair);
+		}
+	}
+	return stateSuccess();
+}

login_server/src/cpp/JSONInterface/JsonResetPassword.h

@@ -0,0 +1,20 @@
+#ifndef __JSON_INTERFACE_JSON_RESET_PASSWORD_
+#define __JSON_INTERFACE_JSON_RESET_PASSWORD_
+
+#include "JsonRequestHandler.h"
+
+/*!
+* @author Dario Rekowski
+* @date 2021-06-16
+* @brief reset password, if user has forgetten his password
+*
+*/
+
+class JsonResetPassword : public JsonRequestHandler
+{
+public:
+	Poco::JSON::Object* handle(Poco::Dynamic::Var params);
+
+};
+
+#endif // __JSON_INTERFACE_JSON_RESET_PASSWORD_

login_server/src/cpp/JSONInterface/JsonUpdateUserInfos.cpp

@@ -171,8 +171,10 @@ Poco::JSON::Object* JsonUpdateUserInfos::handle(Poco::Dynamic::Var params)
 
 				if (str_val.size() > 0) 
 				{
-					
-					if (!user->hasPassword() || isOldPasswordValid(updates, jsonErrorsArray))
+					if (!user->hasPassword()) {
+						return stateError("login state invalid");
+					}
+					if (isOldPasswordValid(updates, jsonErrorsArray))
 					{
 						NotificationList errors;
 						if (!sm->checkPwdValidation(value.toString(), &errors, LanguageManager::getInstance()->getFreeCatalog(LANG_EN))) {

login_server/src/cpp/SingletonManager/HederaTaskManager.cpp

@@ -1,17 +0,0 @@
-#include "HederaTaskManager.h"
-
-HederaTaskManager* HederaTaskManager::getInstance()
-{
-	static HederaTaskManager one;
-	return &one;
-}
-
-HederaTaskManager::HederaTaskManager()
-{
-
-}
-
-HederaTaskManager::~HederaTaskManager()
-{
-	
-}

login_server/src/cpp/SingletonManager/HederaTaskManager.h

@@ -1,23 +0,0 @@
-#ifndef __GRADIDO_LOGIN_SINGLETON_MANAGER_HEDERA_TASK_MANAGER_H
-#define __GRADIDO_LOGIN_SINGLETON_MANAGER_HEDERA_TASK_MANAGER_H
-
-/*!
- * @author: Dario Rekowski
- * 
- * @date: 11.09.2020
- *
- * @brief: Manage Hedera Task, waiting on Consensus for Hedera Transactions 
- *
-*/
-
-class HederaTaskManager
-{
-public:
-	~HederaTaskManager();
-
-	static HederaTaskManager* getInstance();
-protected:
-	HederaTaskManager();
-};
-
-#endif //__GRADIDO_LOGIN_SINGLETON_MANAGER_HEDERA_TASK_MANAGER_H

login_server/src/cpp/test/JSONInterface/TestJsonResetPassword.cpp

@@ -0,0 +1,100 @@
+#include "gtest/gtest.h"
+
+#include "JSONInterface/JsonResetPassword.h"
+#include "TestJsonResetPassword.h"
+#include "lib/Profiler.h"
+
+
+void TestJsonResetPassword::SetUp()
+{
+	auto sm = SessionManager::getInstance();
+	//sm->init();	
+	mUserSession = sm->getNewSession();
+	auto user = controller::User::create();
+	user->load("Nikola_Tesla@email.de");
+	mUserSession->setUser(user);
+}
+
+void TestJsonResetPassword::TearDown()
+{
+	auto sm = SessionManager::getInstance();
+	if (!mUserSession) {
+		sm->releaseSession(mUserSession);
+	}
+}
+
+
+TEST_F(TestJsonResetPassword, WithoutSession)
+{
+	JsonResetPassword jsonCall;
+	Poco::JSON::Object::Ptr params = new Poco::JSON::Object;
+	params->set("password", "ashze_Sja/63");
+	auto result = jsonCall.handle(params);
+
+	auto state = result->get("state");
+	ASSERT_FALSE(state.isEmpty());
+	ASSERT_TRUE(state.isString());
+	ASSERT_EQ(state.toString(), "error");
+
+	auto msg = result->get("msg");
+	ASSERT_FALSE(msg.isEmpty());
+	ASSERT_TRUE(msg.isString());
+	ASSERT_EQ(msg.toString(), "missing session_id");
+
+}
+
+TEST_F(TestJsonResetPassword, WithoutPassword)
+{
+	JsonResetPassword jsonCall;
+	Poco::JSON::Object::Ptr params = new Poco::JSON::Object;
+	params->set("session_id", mUserSession->getHandle());
+	auto result = jsonCall.handle(params);
+
+	auto state = result->get("state");
+	ASSERT_FALSE(state.isEmpty());
+	ASSERT_TRUE(state.isString());
+	ASSERT_EQ(state.toString(), "error");
+
+	auto msg = result->get("msg");
+	ASSERT_FALSE(msg.isEmpty());
+	ASSERT_TRUE(msg.isString());
+	ASSERT_EQ(msg.toString(), "password missing");
+}
+
+TEST_F(TestJsonResetPassword, InvalidPassword)
+{
+	JsonResetPassword jsonCall;
+	Poco::JSON::Object::Ptr params = new Poco::JSON::Object;
+	params->set("session_id", mUserSession->getHandle());
+	params->set("password", "ash");
+	auto result = jsonCall.handle(params);
+
+	auto state = result->get("state");
+	ASSERT_FALSE(state.isEmpty());
+	ASSERT_TRUE(state.isString());
+	if ((ServerConfig::g_AllowUnsecureFlags & ServerConfig::UNSECURE_ALLOW_ALL_PASSWORDS) == ServerConfig::UNSECURE_ALLOW_ALL_PASSWORDS) {
+		ASSERT_EQ(state.toString(), "success");
+	}
+	else {
+		ASSERT_EQ(state.toString(), "error");
+
+		auto msg = result->get("msg");
+		ASSERT_FALSE(msg.isEmpty());
+		ASSERT_TRUE(msg.isString());
+		ASSERT_EQ(msg.toString(), "password isn't valid");
+	}
+}
+
+TEST_F(TestJsonResetPassword, ValidPassword)
+{
+	JsonResetPassword jsonCall;
+	Poco::JSON::Object::Ptr params = new Poco::JSON::Object;
+	params->set("session_id", mUserSession->getHandle());
+	params->set("password", "hath6/&Sja");
+	auto result = jsonCall.handle(params);
+
+	auto state = result->get("state");
+	ASSERT_FALSE(state.isEmpty());
+	ASSERT_TRUE(state.isString());
+	ASSERT_EQ(state.toString(), "success");
+}

login_server/src/cpp/test/JSONInterface/TestJsonResetPassword.h

@@ -0,0 +1,20 @@
+#ifndef __GRADIDO_LOGIN_SERVER_TEST_JSON_INTERFACE_TEST_JSON_RESET_PASSWORD_H
+#define __GRADIDO_LOGIN_SERVER_TEST_JSON_INTERFACE_TEST_JSON_RESET_PASSWORD_H
+
+#include "gtest/gtest.h"
+#include "SingletonManager/SessionManager.h"
+
+#include "Poco/JSON/Object.h"
+
+class TestJsonResetPassword : public ::testing::Test
+{
+
+protected:
+	void SetUp() override;
+	void TearDown() override;
+
+	Session* mUserSession;
+
+};
+
+#endif //__GRADIDO_LOGIN_SERVER_TEST_JSON_INTERFACE_TEST_JSON_RESET_PASSWORD_H

login_server/src/cpp/test/JSONInterface/TestJsonUpdateUserInfos.cpp

@@ -241,16 +241,22 @@ TEST_F(TestJsonUpdateUserInfos, PasswordNotSecureEnough)
 	delete result;
 }
 
-/*
+
 TEST_F(TestJsonUpdateUserInfos, PasswordCorrect)
 {
 	JsonUpdateUserInfos jsonCall(mUserSession);
-	ASSERT_EQ(mUserSession->loadUser("Jeet_bb@gmail.com", "TestP4ssword&H"), USER_COMPLETE);
-
 	Poco::JSON::Object::Ptr update = new Poco::JSON::Object;
 
 	update->set("User.password", "uasjUs7ZS/as12");
-	update->set("User.password_old", "TestP4ssword&H");
+
+	if ((ServerConfig::g_AllowUnsecureFlags & ServerConfig::UNSECURE_ALLOW_ALL_PASSWORDS) == ServerConfig::UNSECURE_ALLOW_ALL_PASSWORDS) {
+		ASSERT_EQ(mUserSession->loadUser("Jeet_bb@gmail.com", "newPassword"), USER_COMPLETE);
+		update->set("User.password_old", "newPassword");
+	}
+	else {
+		ASSERT_EQ(mUserSession->loadUser("Jeet_bb@gmail.com", "TestP4ssword&H"), USER_COMPLETE);
+		update->set("User.password_old", "TestP4ssword&H");
+	}	
 
 	auto params = chooseAccount(update);
 	Profiler timeUsed;
@@ -269,15 +275,13 @@ TEST_F(TestJsonUpdateUserInfos, PasswordCorrect)
 	ASSERT_FALSE(state.isEmpty());
 	ASSERT_TRUE(state.isString());
 
-	
 	EXPECT_EQ(valid_values, 1);
 	ASSERT_EQ(error_array.size(), 0);
 	ASSERT_EQ(state.toString(), "success");
-	
 
 	delete result;
 }
-*/
+//*/
 TEST_F(TestJsonUpdateUserInfos, NoChanges)
 {
 	JsonUpdateUserInfos jsonCall(mUserSession);