mirror of
https://github.com/IT4Change/gradido.git
synced 2025-12-13 07:45:54 +00:00
check password encryption in process in login
This commit is contained in:
Dario
parent
33927473ad
commit
beb91e1296
@ -97,6 +97,9 @@ void LoginPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net::
|
||||
case USER_PASSWORD_INCORRECT:
|
||||
addError(new Error(langCatalog->gettext("Login"), langCatalog->gettext("E-Mail or password isn't right, please try again!")));
|
||||
break;
|
||||
case USER_PASSWORD_ENCRYPTION_IN_PROCESS:
|
||||
addError(new Error(langCatalog->gettext("Passwort"), langCatalog->gettext("Passwort wird noch berechnet, bitte versuche es in etwa 1 Minute erneut.")));
|
||||
break;
|
||||
case USER_EMAIL_NOT_ACTIVATED:
|
||||
mSession->addError(new Error(langCatalog->gettext("Account"), langCatalog->gettext("E-Mail Address not checked, do you already get one?")));
|
||||
response.redirect(ServerConfig::g_serverPath + "/checkEmail");
|
||||
@ -180,20 +183,20 @@ void LoginPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net::
|
||||
responseStream << " <div class=\"row\">\n";
|
||||
responseStream << " <div class=\"col-12 logo-section\">\n";
|
||||
responseStream << " <a href=\"";
|
||||
#line 121 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
|
||||
#line 124 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
|
||||
responseStream << ( ServerConfig::g_php_serverPath );
|
||||
responseStream << "\" class=\"logo\">\n";
|
||||
responseStream << "\t\t\t<picture>\n";
|
||||
responseStream << "\t\t\t\t<source srcset=\"";
|
||||
#line 123 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
|
||||
#line 126 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
|
||||
responseStream << ( ServerConfig::g_php_serverPath );
|
||||
responseStream << "img/logo_schrift.webp\" type=\"image/webp\">\n";
|
||||
responseStream << "\t\t\t\t<source srcset=\"";
|
||||
#line 124 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
|
||||
#line 127 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
|
||||
responseStream << ( ServerConfig::g_php_serverPath );
|
||||
responseStream << "img/logo_schrift.png\" type=\"image/png\"> \n";
|
||||
responseStream << "\t\t\t\t<img src=\"";
|
||||
#line 125 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
|
||||
#line 128 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
|
||||
responseStream << ( ServerConfig::g_php_serverPath );
|
||||
responseStream << "img/logo_schrift.png\" alt=\"logo\" />\n";
|
||||
responseStream << "\t\t\t</picture>\n";
|
||||
@ -205,29 +208,29 @@ void LoginPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net::
|
||||
responseStream << " <div class=\"grid\">\n";
|
||||
responseStream << "\t\t\t<div class=\"center-ul-container\">\n";
|
||||
responseStream << "\t\t\t\t";
|
||||
#line 134 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
|
||||
#line 137 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
|
||||
responseStream << ( getErrorsHtml() );
|
||||
responseStream << "\t \n";
|
||||
responseStream << "\t\t\t</div>\n";
|
||||
responseStream << " <div class=\"grid-body\">\n";
|
||||
responseStream << " <form action=\"";
|
||||
#line 137 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
|
||||
#line 140 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
|
||||
responseStream << ( ServerConfig::g_serverPath );
|
||||
responseStream << "/\" method=\"POST\">\n";
|
||||
responseStream << "\t\t\t <input type=\"hidden\" name=\"lang\" value=\"";
|
||||
#line 138 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
|
||||
#line 141 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
|
||||
responseStream << ( LanguageManager::keyForLanguage(lang) );
|
||||
responseStream << "\">\n";
|
||||
responseStream << " <div class=\"row pull-right-row\">\n";
|
||||
responseStream << " <div class=\"equel-grid pull-right\">\n";
|
||||
responseStream << " <div class=\"grid-body-small text-center\">\n";
|
||||
responseStream << " <button id=\"flag-england\" name=\"lang-btn\" value=\"en\" title=\"English\" type=\"submit\" ";
|
||||
#line 142 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
|
||||
#line 145 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
|
||||
if(lang != LANG_EN) { responseStream << "class=\"btn btn-outline-secondary flag-btn\"";
|
||||
#line 142 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
|
||||
#line 145 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
|
||||
}
|
||||
else { responseStream << "class=\"btn btn-secondary disabled flag-btn\" disabled";
|
||||
#line 143 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
|
||||
#line 146 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
|
||||
} responseStream << ">\n";
|
||||
responseStream << " <span class=\"flag-england\"></span>\n";
|
||||
responseStream << " </button>\n";
|
||||
@ -236,12 +239,12 @@ void LoginPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net::
|
||||
responseStream << " <div class=\"equel-grid pull-right\">\n";
|
||||
responseStream << " <div class=\"grid-body-small text-center\">\n";
|
||||
responseStream << " <button id=\"flag-germany\" name=\"lang-btn\" value=\"de\" title=\"Deutsch\" type=\"submit\" ";
|
||||
#line 150 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
|
||||
#line 153 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
|
||||
if(lang != LANG_DE) { responseStream << "class=\"btn btn-outline-secondary flag-btn\"";
|
||||
#line 150 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
|
||||
#line 153 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
|
||||
}
|
||||
else { responseStream << "class=\"btn btn-secondary disabled flag-btn\" disabled";
|
||||
#line 151 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
|
||||
#line 154 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
|
||||
} responseStream << ">\n";
|
||||
responseStream << " <span class=\"flag-germany\"></span>\n";
|
||||
responseStream << " </button>\n";
|
||||
@ -252,30 +255,30 @@ void LoginPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net::
|
||||
responseStream << " <div class=\"col-lg-7 col-md-8 col-sm-9 col-12 mx-auto form-wrapper\">\n";
|
||||
responseStream << " <div class=\"form-group input-rounded\">\n";
|
||||
responseStream << " <input type=\"text\" class=\"form-control\" name=\"login-email\" placeholder=\"";
|
||||
#line 160 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
|
||||
#line 163 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
|
||||
responseStream << ( langCatalog->gettext("E-Mail") );
|
||||
responseStream << "\" value=\"";
|
||||
#line 160 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
|
||||
#line 163 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
|
||||
responseStream << ( presetEmail );
|
||||
responseStream << "\"/>\n";
|
||||
responseStream << " </div>\n";
|
||||
responseStream << " <div class=\"form-group input-rounded\">\n";
|
||||
responseStream << " <input type=\"password\" class=\"form-control\" name=\"login-password\" placeholder=\"";
|
||||
#line 163 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
|
||||
#line 166 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
|
||||
responseStream << ( langCatalog->gettext("Password") );
|
||||
responseStream << "\" />\n";
|
||||
responseStream << " </div>\n";
|
||||
responseStream << " <button type=\"submit\" name=\"submit\" class=\"btn btn-primary btn-block\">";
|
||||
#line 165 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
|
||||
#line 168 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
|
||||
responseStream << ( langCatalog->gettext(" Login ") );
|
||||
responseStream << "</button>\n";
|
||||
responseStream << " <div class=\"signup-link\">\n";
|
||||
responseStream << " <p>";
|
||||
#line 167 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
|
||||
#line 170 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
|
||||
responseStream << ( langCatalog->gettext("You haven't any account yet? Please follow the link to create one.") );
|
||||
responseStream << "</p>\n";
|
||||
responseStream << " <a href=\"https://gradido.com\">";
|
||||
#line 168 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
|
||||
#line 171 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
|
||||
responseStream << ( langCatalog->gettext("Create New Account") );
|
||||
responseStream << "</a>\n";
|
||||
responseStream << " </div>\n";
|
||||
|
||||
@ -27,6 +27,7 @@ void SingletonTaskObserver::addTask(const std::string& email, TaskObserverType t
|
||||
UserObserverEntry* entry = static_cast<UserObserverEntry*>(mObserverEntrys.findByHash(id));
|
||||
if (!entry) {
|
||||
entry = new UserObserverEntry(email, id);
|
||||
mObserverEntrys.addByHash(id, entry);
|
||||
}
|
||||
if (entry->mEmail != email) {
|
||||
em->addError(new ParamError(funcName, "hash collision with ", email.data()));
|
||||
@ -46,6 +47,7 @@ void SingletonTaskObserver::addTask(DHASH id, TaskObserverType type)
|
||||
UserObserverEntry* entry = static_cast<UserObserverEntry*>(mObserverEntrys.findByHash(id));
|
||||
if (!entry) {
|
||||
entry = new UserObserverEntry("", id);
|
||||
mObserverEntrys.addByHash(id, entry);
|
||||
}
|
||||
entry->mTasksCount[type]++;
|
||||
unlock();
|
||||
|
||||
@ -49,10 +49,12 @@ public:
|
||||
static const char* TaskObserverTypeToString(TaskObserverType type);
|
||||
static TaskObserverType StringToTaskObserverType(const std::string& typeString);
|
||||
|
||||
static inline DHASH makeHash(const std::string& email) { return DRMakeStringHash(email.data(), email.size()); }
|
||||
|
||||
protected:
|
||||
SingletonTaskObserver();
|
||||
|
||||
inline DHASH makeHash(const std::string& email) { return DRMakeStringHash(email.data(), email.size()); }
|
||||
|
||||
|
||||
|
||||
struct UserObserverEntry
|
||||
|
||||
@ -10,6 +10,7 @@
|
||||
#include "../SingletonManager/ConnectionManager.h"
|
||||
#include "../SingletonManager/ErrorManager.h"
|
||||
#include "../SingletonManager/EmailManager.h"
|
||||
#include "../SingletonManager/SingletonTaskObserver.h"
|
||||
|
||||
#include "../tasks/PrepareEmailTask.h"
|
||||
#include "../tasks/SendEmailTask.h"
|
||||
@ -452,7 +453,8 @@ int Session::comparePassphraseWithSavedKeys(const std::string& inputPassphrase,
|
||||
|
||||
bool Session::startProcessingTransaction(const std::string& proto_message_base64)
|
||||
{
|
||||
lock("Session::startProcessingTransaction");
|
||||
static const char* funcName = "Session::startProcessingTransaction";
|
||||
lock(funcName);
|
||||
HASH hs = ProcessingTransaction::calculateHash(proto_message_base64);
|
||||
// check if it is already running or waiting
|
||||
for (auto it = mProcessingTransactions.begin(); it != mProcessingTransactions.end(); it++) {
|
||||
@ -460,13 +462,18 @@ bool Session::startProcessingTransaction(const std::string& proto_message_base64
|
||||
it = mProcessingTransactions.erase(it);
|
||||
}
|
||||
if (hs == (*it)->getHash()) {
|
||||
addError(new Error("Session::startProcessingTransaction", "transaction already in list"));
|
||||
addError(new Error(funcName, "transaction already in list"));
|
||||
unlock();
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
Poco::AutoPtr<ProcessingTransaction> processorTask(new ProcessingTransaction(proto_message_base64));
|
||||
if (mSessionUser.isNull() || !mSessionUser->getEmail()) {
|
||||
addError(new Error(funcName, "user is zero"));
|
||||
unlock();
|
||||
return false;
|
||||
}
|
||||
|
||||
Poco::AutoPtr<ProcessingTransaction> processorTask(new ProcessingTransaction(proto_message_base64, DRMakeStringHash(mSessionUser->getEmail())));
|
||||
processorTask->scheduleTask(processorTask);
|
||||
mProcessingTransactions.push_back(processorTask);
|
||||
unlock();
|
||||
@ -559,6 +566,12 @@ bool Session::isPwdValid(const std::string& pwd)
|
||||
|
||||
UserStates Session::loadUser(const std::string& email, const std::string& password)
|
||||
{
|
||||
auto observer = SingletonTaskObserver::getInstance();
|
||||
if (email != "") {
|
||||
if (observer->getTaskCount(email, TASK_OBSERVER_PASSWORD_CREATION) > 0) {
|
||||
return USER_PASSWORD_ENCRYPTION_IN_PROCESS;
|
||||
}
|
||||
}
|
||||
//Profiler usedTime;
|
||||
lock("Session::loadUser");
|
||||
if (mSessionUser && mSessionUser->getEmail() != email) {
|
||||
|
||||
@ -30,6 +30,7 @@ enum UserStates
|
||||
USER_EMPTY,
|
||||
USER_LOADED_FROM_DB,
|
||||
USER_PASSWORD_INCORRECT,
|
||||
USER_PASSWORD_ENCRYPTION_IN_PROCESS,
|
||||
USER_EMAIL_NOT_ACTIVATED,
|
||||
USER_NO_KEYS,
|
||||
USER_NO_PRIVATE_KEY,
|
||||
|
||||
@ -76,6 +76,9 @@
|
||||
case USER_PASSWORD_INCORRECT:
|
||||
addError(new Error(langCatalog->gettext("Login"), langCatalog->gettext("E-Mail or password isn't right, please try again!")));
|
||||
break;
|
||||
case USER_PASSWORD_ENCRYPTION_IN_PROCESS:
|
||||
addError(new Error(langCatalog->gettext("Passwort"), langCatalog->gettext("Passwort wird noch berechnet, bitte versuche es in etwa 1 Minute erneut.")));
|
||||
break;
|
||||
case USER_EMAIL_NOT_ACTIVATED:
|
||||
mSession->addError(new Error(langCatalog->gettext("Account"), langCatalog->gettext("E-Mail Address not checked, do you already get one?")));
|
||||
response.redirect(ServerConfig::g_serverPath + "/checkEmail");
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user