check password encryption in process in login

2025-12-13 07:45:54 +00:00 · 2020-01-10 17:46:20 +01:00 · 2020-01-10 17:46:20 +01:00 · beb91e1296
commit beb91e1296
parent 33927473ad
6 changed files with 48 additions and 24 deletions
--- a/src/cpp/HTTPInterface/LoginPage.cpp
+++ b/src/cpp/HTTPInterface/LoginPage.cpp
@ -97,6 +97,9 @@ void LoginPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net::
 			case USER_PASSWORD_INCORRECT:
 				addError(new Error(langCatalog->gettext("Login"), langCatalog->gettext("E-Mail or password isn't right, please try again!")));
 				break;
 			case USER_PASSWORD_ENCRYPTION_IN_PROCESS: 
 				addError(new Error(langCatalog->gettext("Passwort"), langCatalog->gettext("Passwort wird noch berechnet, bitte versuche es in etwa 1 Minute erneut.")));
 				break;
 			case USER_EMAIL_NOT_ACTIVATED: 
 				mSession->addError(new Error(langCatalog->gettext("Account"), langCatalog->gettext("E-Mail Address not checked, do you already get one?")));
 				response.redirect(ServerConfig::g_serverPath +  "/checkEmail");
@ -180,20 +183,20 @@ void LoginPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net::
 	responseStream << "      <div class=\"row\">\n";
 	responseStream << "        <div class=\"col-12 logo-section\">\n";
 	responseStream << "          <a href=\"";
-#line 121 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
+#line 124 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
 	responseStream << ( ServerConfig::g_php_serverPath );
 	responseStream << "\" class=\"logo\">\n";
 	responseStream << "\t\t\t<picture>\n";
 	responseStream << "\t\t\t\t<source srcset=\"";
-#line 123 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
+#line 126 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
 	responseStream << ( ServerConfig::g_php_serverPath );
 	responseStream << "img/logo_schrift.webp\" type=\"image/webp\">\n";
 	responseStream << "\t\t\t\t<source srcset=\"";
-#line 124 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
+#line 127 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
 	responseStream << ( ServerConfig::g_php_serverPath );
 	responseStream << "img/logo_schrift.png\" type=\"image/png\"> \n";
 	responseStream << "\t\t\t\t<img src=\"";
-#line 125 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
+#line 128 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
 	responseStream << ( ServerConfig::g_php_serverPath );
 	responseStream << "img/logo_schrift.png\" alt=\"logo\" />\n";
 	responseStream << "\t\t\t</picture>\n";
@ -205,29 +208,29 @@ void LoginPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net::
 	responseStream << "          <div class=\"grid\">\n";
 	responseStream << "\t\t\t<div class=\"center-ul-container\">\n";
 	responseStream << "\t\t\t\t";
-#line 134 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
+#line 137 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
 	responseStream << ( getErrorsHtml() );
 	responseStream << "\t  \n";
 	responseStream << "\t\t\t</div>\n";
 	responseStream << "            <div class=\"grid-body\">\n";
 	responseStream << "              <form action=\"";
-#line 137 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
+#line 140 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
 	responseStream << ( ServerConfig::g_serverPath );
 	responseStream << "/\" method=\"POST\">\n";
 	responseStream << "\t\t\t  <input type=\"hidden\" name=\"lang\" value=\"";
-#line 138 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
+#line 141 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
 	responseStream << ( LanguageManager::keyForLanguage(lang) );
 	responseStream << "\">\n";
 	responseStream << "                <div class=\"row pull-right-row\">\n";
 	responseStream << "                  <div class=\"equel-grid pull-right\">\n";
 	responseStream << "                    <div class=\"grid-body-small text-center\">\n";
 	responseStream << "                        <button id=\"flag-england\" name=\"lang-btn\" value=\"en\" title=\"English\" type=\"submit\" ";
-#line 142 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
+#line 145 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
 if(lang != LANG_EN) { 	responseStream << "class=\"btn btn-outline-secondary flag-btn\"";
-#line 142 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
+#line 145 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
 } 
 						else { 	responseStream << "class=\"btn btn-secondary disabled flag-btn\" disabled";
-#line 143 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
+#line 146 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
 } 	responseStream << ">\n";
 	responseStream << "                          <span class=\"flag-england\"></span>\n";
 	responseStream << "                        </button>\n";
@ -236,12 +239,12 @@ void LoginPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net::
 	responseStream << "                  <div class=\"equel-grid pull-right\">\n";
 	responseStream << "                    <div class=\"grid-body-small text-center\">\n";
 	responseStream << "                        <button id=\"flag-germany\" name=\"lang-btn\" value=\"de\" title=\"Deutsch\" type=\"submit\" ";
-#line 150 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
+#line 153 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
 if(lang != LANG_DE) { 	responseStream << "class=\"btn btn-outline-secondary flag-btn\"";
-#line 150 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
+#line 153 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
 } 
 						else { 	responseStream << "class=\"btn btn-secondary disabled flag-btn\" disabled";
-#line 151 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
+#line 154 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
 } 	responseStream << ">\n";
 	responseStream << "                          <span class=\"flag-germany\"></span>\n";
 	responseStream << "                        </button>\n";
@ -252,30 +255,30 @@ void LoginPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net::
 	responseStream << "                  <div class=\"col-lg-7 col-md-8 col-sm-9 col-12 mx-auto form-wrapper\">\n";
 	responseStream << "                    <div class=\"form-group input-rounded\">\n";
 	responseStream << "                      <input type=\"text\" class=\"form-control\" name=\"login-email\" placeholder=\"";
-#line 160 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
+#line 163 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
 	responseStream << ( langCatalog->gettext("E-Mail") );
 	responseStream << "\" value=\"";
-#line 160 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
+#line 163 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
 	responseStream << ( presetEmail );
 	responseStream << "\"/>\n";
 	responseStream << "                    </div>\n";
 	responseStream << "                    <div class=\"form-group input-rounded\">\n";
 	responseStream << "                      <input type=\"password\" class=\"form-control\" name=\"login-password\" placeholder=\"";
-#line 163 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
+#line 166 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
 	responseStream << ( langCatalog->gettext("Password") );
 	responseStream << "\" />\n";
 	responseStream << "                    </div>\n";
 	responseStream << "                    <button type=\"submit\" name=\"submit\" class=\"btn btn-primary btn-block\">";
-#line 165 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
+#line 168 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
 	responseStream << ( langCatalog->gettext(" Login ") );
 	responseStream << "</button>\n";
 	responseStream << "                    <div class=\"signup-link\">\n";
 	responseStream << "                      <p>";
-#line 167 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
+#line 170 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
 	responseStream << ( langCatalog->gettext("You haven't any account yet? Please follow the link to create one.") );
 	responseStream << "</p>\n";
 	responseStream << "                      <a href=\"https://gradido.com\">";
-#line 168 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
+#line 171 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\login.cpsp"
 	responseStream << ( langCatalog->gettext("Create New Account") );
 	responseStream << "</a>\n";
 	responseStream << "                    </div>\n";
--- a/src/cpp/SingletonManager/SingletonTaskObserver.cpp
+++ b/src/cpp/SingletonManager/SingletonTaskObserver.cpp
@ -27,6 +27,7 @@ void SingletonTaskObserver::addTask(const std::string& email, TaskObserverType t
 	UserObserverEntry* entry = static_cast<UserObserverEntry*>(mObserverEntrys.findByHash(id));
 	if (!entry) {
 		entry = new UserObserverEntry(email, id);
 		mObserverEntrys.addByHash(id, entry);
 	}
 	if (entry->mEmail != email) {
 		em->addError(new ParamError(funcName, "hash collision with ", email.data()));
@ -46,6 +47,7 @@ void SingletonTaskObserver::addTask(DHASH id, TaskObserverType type)
 	UserObserverEntry* entry = static_cast<UserObserverEntry*>(mObserverEntrys.findByHash(id));
 	if (!entry) {
 		entry = new UserObserverEntry("", id);
 		mObserverEntrys.addByHash(id, entry);
 	}
 	entry->mTasksCount[type]++;
 	unlock();
--- a/src/cpp/SingletonManager/SingletonTaskObserver.h
+++ b/src/cpp/SingletonManager/SingletonTaskObserver.h
@ -49,10 +49,12 @@ public:
 	static const char* TaskObserverTypeToString(TaskObserverType type);
 	static TaskObserverType StringToTaskObserverType(const std::string& typeString);
 	static inline DHASH makeHash(const std::string& email) { return DRMakeStringHash(email.data(), email.size()); }
 protected:
 	SingletonTaskObserver();
-	inline DHASH makeHash(const std::string& email) { return DRMakeStringHash(email.data(), email.size()); }
+	
 	struct UserObserverEntry
--- a/src/cpp/model/Session.cpp
+++ b/src/cpp/model/Session.cpp
@ -10,6 +10,7 @@
 #include "../SingletonManager/ConnectionManager.h"
 #include "../SingletonManager/ErrorManager.h"
 #include "../SingletonManager/EmailManager.h"
 #include "../SingletonManager/SingletonTaskObserver.h"
 #include "../tasks/PrepareEmailTask.h"
 #include "../tasks/SendEmailTask.h"
@ -452,7 +453,8 @@ int Session::comparePassphraseWithSavedKeys(const std::string& inputPassphrase,
 bool Session::startProcessingTransaction(const std::string& proto_message_base64)
 {
-	lock("Session::startProcessingTransaction");
+	static const char* funcName = "Session::startProcessingTransaction";
 	lock(funcName);
 	HASH hs = ProcessingTransaction::calculateHash(proto_message_base64);
 	// check if it is already running or waiting
 	for (auto it = mProcessingTransactions.begin(); it != mProcessingTransactions.end(); it++) {
@ -460,13 +462,18 @@ bool Session::startProcessingTransaction(const std::string& proto_message_base64
 			it = mProcessingTransactions.erase(it);
 		}
 		if (hs == (*it)->getHash()) {
-			addError(new Error("Session::startProcessingTransaction", "transaction already in list"));
+			addError(new Error(funcName, "transaction already in list"));
 			unlock();
 			return false;
 		}
 	}
 	if (mSessionUser.isNull() || !mSessionUser->getEmail()) {
 		addError(new Error(funcName, "user is zero"));
 		unlock();
 		return false;
 	}
-	Poco::AutoPtr<ProcessingTransaction> processorTask(new ProcessingTransaction(proto_message_base64));
+	Poco::AutoPtr<ProcessingTransaction> processorTask(new ProcessingTransaction(proto_message_base64, DRMakeStringHash(mSessionUser->getEmail())));
 	processorTask->scheduleTask(processorTask);
 	mProcessingTransactions.push_back(processorTask);
 	unlock();
@ -559,6 +566,12 @@ bool Session::isPwdValid(const std::string& pwd)
 UserStates Session::loadUser(const std::string& email, const std::string& password)
 {
 	auto observer = SingletonTaskObserver::getInstance();
 	if (email != "") {
 		if (observer->getTaskCount(email, TASK_OBSERVER_PASSWORD_CREATION) > 0) {
 			return USER_PASSWORD_ENCRYPTION_IN_PROCESS;
 		}
 	}
 	//Profiler usedTime;
 	lock("Session::loadUser");
 	if (mSessionUser && mSessionUser->getEmail() != email) {
--- a/src/cpp/model/User.h
+++ b/src/cpp/model/User.h
@ -30,6 +30,7 @@ enum UserStates
 	USER_EMPTY,
 	USER_LOADED_FROM_DB,
 	USER_PASSWORD_INCORRECT,
 	USER_PASSWORD_ENCRYPTION_IN_PROCESS,
 	USER_EMAIL_NOT_ACTIVATED,
 	USER_NO_KEYS,
 	USER_NO_PRIVATE_KEY,
--- a/src/cpsp/login.cpsp
+++ b/src/cpsp/login.cpsp
@ -76,6 +76,9 @@
 			case USER_PASSWORD_INCORRECT:
 				addError(new Error(langCatalog->gettext("Login"), langCatalog->gettext("E-Mail or password isn't right, please try again!")));
 				break;
 			case USER_PASSWORD_ENCRYPTION_IN_PROCESS: 
 				addError(new Error(langCatalog->gettext("Passwort"), langCatalog->gettext("Passwort wird noch berechnet, bitte versuche es in etwa 1 Minute erneut.")));
 				break;
 			case USER_EMAIL_NOT_ACTIVATED: 
 				mSession->addError(new Error(langCatalog->gettext("Account"), langCatalog->gettext("E-Mail Address not checked, do you already get one?")));
 				response.redirect(ServerConfig::g_serverPath +  "/checkEmail");