From 7c27b8eaa62beca4b073d8db89ffa054825999d9 Mon Sep 17 00:00:00 2001 From: einhornimmond Date: Wed, 21 Apr 2021 17:24:01 +0200 Subject: [PATCH 1/3] add user object to return of unsecureLogin and login via email verification code --- docu/login_server.api.md | 50 +++++++++++++++++++ .../JsonLoginViaEmailVerificationCode.cpp | 6 ++- .../cpp/JSONInterface/JsonUnsecureLogin.cpp | 1 + 3 files changed, 55 insertions(+), 2 deletions(-) diff --git a/docu/login_server.api.md b/docu/login_server.api.md index 4b80c0001..57996d797 100644 --- a/docu/login_server.api.md +++ b/docu/login_server.api.md @@ -48,11 +48,36 @@ In case of success returns: ```json { "state":"success", + "user": { + "created": 1614782270, + "disabled": false, + "email": "max.musterman@gmail.de", + "email_checked": true, + "first_name": "Max", + "group_alias": "gdd1", + "ident_hash": 323769895, + "last_name": "Mustermann", + "public_hex": "131c7f68dd94b2be4c913400ff7ff4cdc03ac2bda99c2d29edcacb3b065c67e6", + "role": "none", + "username": "" + } "session_id": -127182, "clientIP":"123.123.123.123" } ``` +- `user`: contain user object + - `created`: timestamp on which account was created + - `disabled`: true if account was disabled, if disabled no login or coin transfer is possible + - `email`: email of user + - `email_checked`: true if user has successfully clicked on activation link in email + - `first_name`: first name of user + - `group_alias`: alias of group/community to which user belong + - `ident_hash`: currently hash of email, will be later a identification hash to prevent multiple accounts and therefore multiple creations per user + - `last_name`: last name of user + - `public_hex`: public key of user in hex format + - `role`: role of user currently only "none" or "admin" + - `username`: not used yet - `clientIP`: should be the same as where the js-client is running, else maybe a man-in-the-middle attacks is happening or nginx was wrong configured. - `session_id`: can be also negative @@ -265,6 +290,19 @@ In case of success returns: { "state":"success", "email_verification_code_type":"resetPassword", "info":[], + "user": { + "created": 1614782270, + "disabled": false, + "email": "max.musterman@gmail.de", + "email_checked": true, + "first_name": "Max", + "group_alias": "gdd1", + "ident_hash": 323769895, + "last_name": "Mustermann", + "public_hex": "131c7f68dd94b2be4c913400ff7ff4cdc03ac2bda99c2d29edcacb3b065c67e6", + "role": "none", + "username": "" + } "session_id":1853761475 } ``` @@ -276,6 +314,18 @@ In case of success returns: - `info`: can contain additional info strings - "user hasn't password": if user hasn't set a password yet (for example if he was registered via elopage) - "email already activated": if email was already checked +- `user`: contain user object + - `created`: timestamp on which account was created + - `disabled`: true if account was disabled, if disabled no login or coin transfer is possible + - `email`: email of user + - `email_checked`: true if user has successfully clicked on activation link in email + - `first_name`: first name of user + - `group_alias`: alias of group/community to which user belong + - `ident_hash`: currently hash of email, will be later a identification hash to prevent multiple accounts and therefore multiple creations per user + - `last_name`: last name of user + - `public_hex`: public key of user in hex format + - `role`: role of user currently only "none" or "admin" + - `username`: not used yet - `session_id`: session_id for new session ## Send E-Mails diff --git a/login_server/src/cpp/JSONInterface/JsonLoginViaEmailVerificationCode.cpp b/login_server/src/cpp/JSONInterface/JsonLoginViaEmailVerificationCode.cpp index 861969946..d52a33fc1 100644 --- a/login_server/src/cpp/JSONInterface/JsonLoginViaEmailVerificationCode.cpp +++ b/login_server/src/cpp/JSONInterface/JsonLoginViaEmailVerificationCode.cpp @@ -53,14 +53,16 @@ Poco::JSON::Object* JsonLoginViaEmailVerificationCode::handle(Poco::Dynamic::Var result->set("session_id", session->getHandle()); result->set("email_verification_code_type", model::table::EmailOptIn::typeToString(session->getEmailVerificationType())); Poco::JSON::Array info; - - if (!session->getNewUser()->getModel()->getPasswordHashed()) { + auto user = session->getNewUser(); + + if (!user->getModel()->getPasswordHashed()) { info.add("user hasn't password"); } auto update_email_verification_result = session->updateEmailVerification(code); if (1 == update_email_verification_result) { info.add("email already activated"); } + result->set("user", user->getJson()); result->set("info", info); diff --git a/login_server/src/cpp/JSONInterface/JsonUnsecureLogin.cpp b/login_server/src/cpp/JSONInterface/JsonUnsecureLogin.cpp index 401f46e41..07aa9e1d3 100644 --- a/login_server/src/cpp/JSONInterface/JsonUnsecureLogin.cpp +++ b/login_server/src/cpp/JSONInterface/JsonUnsecureLogin.cpp @@ -102,6 +102,7 @@ Poco::JSON::Object* JsonUnsecureLogin::handle(Poco::Dynamic::Var params) case USER_COMPLETE: case USER_EMAIL_NOT_ACTIVATED: result->set("state", "success"); + result->set("user", session->getNewUser()->getJson()); result->set("session_id", session->getHandle()); session->setClientIp(mClientIP); return result; From a151f3a30a8af5bd1caeacc5b610043e8b351587 Mon Sep 17 00:00:00 2001 From: einhornimmond Date: Wed, 21 Apr 2021 18:20:46 +0200 Subject: [PATCH 2/3] Update login_server/src/cpp/JSONInterface/JsonLoginViaEmailVerificationCode.cpp Co-authored-by: Ulf Gebhardt --- .../cpp/JSONInterface/JsonLoginViaEmailVerificationCode.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/login_server/src/cpp/JSONInterface/JsonLoginViaEmailVerificationCode.cpp b/login_server/src/cpp/JSONInterface/JsonLoginViaEmailVerificationCode.cpp index d52a33fc1..fcbd7ba07 100644 --- a/login_server/src/cpp/JSONInterface/JsonLoginViaEmailVerificationCode.cpp +++ b/login_server/src/cpp/JSONInterface/JsonLoginViaEmailVerificationCode.cpp @@ -56,7 +56,7 @@ Poco::JSON::Object* JsonLoginViaEmailVerificationCode::handle(Poco::Dynamic::Var auto user = session->getNewUser(); if (!user->getModel()->getPasswordHashed()) { - info.add("user hasn't password"); + info.add("user has no password"); } auto update_email_verification_result = session->updateEmailVerification(code); if (1 == update_email_verification_result) { @@ -69,4 +69,4 @@ Poco::JSON::Object* JsonLoginViaEmailVerificationCode::handle(Poco::Dynamic::Var return result; -} \ No newline at end of file +} From 36ea3727f8cf4a8436f25597dfe8d4d30764cd74 Mon Sep 17 00:00:00 2001 From: einhornimmond Date: Wed, 21 Apr 2021 18:22:56 +0200 Subject: [PATCH 3/3] update doc to fit Ulf's suggestion --- docu/login_server.api.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docu/login_server.api.md b/docu/login_server.api.md index 57996d797..5cf44c422 100644 --- a/docu/login_server.api.md +++ b/docu/login_server.api.md @@ -312,7 +312,7 @@ In case of success returns: - `registerDirect`: code generated by register for check email - `register`: code generated by auto-register via elopage for check email - `info`: can contain additional info strings - - "user hasn't password": if user hasn't set a password yet (for example if he was registered via elopage) + - "user has no password": if user hasn't set a password yet (for example if he was registered via elopage) - "email already activated": if email was already checked - `user`: contain user object - `created`: timestamp on which account was created