From c44656da5c57e4e7186a47573ac2b420964f5ce0 Mon Sep 17 00:00:00 2001 From: Dario Date: Fri, 27 Sep 2019 21:29:55 +0200 Subject: [PATCH] work on register --- CMakeLists.txt | 4 +- src/cpp/Crypto/Obfus_array.cpp | 10 +-- src/cpp/Gradido_LoginServer.cpp | 16 +++- .../PageRequestHandlerFactory.cpp | 42 ++++++++-- src/cpp/HTTPInterface/RegisterPage.cpp | 83 +++++++++++-------- src/cpp/ServerConfig.cpp | 39 ++++++++- src/cpp/ServerConfig.h | 11 ++- src/cpp/SingletonManager/SessionManager.cpp | 1 + src/cpp/SingletonManager/SessionManager.h | 2 + src/cpp/model/Session.cpp | 51 ++++++++++-- src/cpp/model/Session.h | 25 +++++- src/cpp/model/User.cpp | 9 +- src/cpp/model/User.h | 11 +-- src/cpsp/register.cpsp | 56 ++++++++----- 14 files changed, 267 insertions(+), 93 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index a14419955..eb8552e1b 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -15,18 +15,20 @@ include_directories( FILE(GLOB TINF "dependencies/tinf/src/*.c" "dependencies/tinf/src/*.h") FILE(GLOB HTTPInterface "src/cpp/HTTPInterface/*.h" "src/cpp/HTTPInterface/*.cpp") +FILE(GLOB TASKS "src/cpp/tasks/*.cpp" "src/cpp/tasks/*.h") FILE(GLOB SINGLETON_MANAGER "src/cpp/SingletonManager/*.h" "src/cpp/SingletonManager/*.cpp") FILE(GLOB MODEL "src/cpp/model/*.h" "src/cpp/model/*.cpp") FILE(GLOB CRYPTO "src/cpp/Crypto/*.h" "src/cpp/Crypto/*.cpp") FILE(GLOB MAIN "src/cpp/*.cpp" "src/cpp/*.c" "src/cpp/*.h") FILE(GLOB MYSQL "src/cpp/MySQL/*.cpp" "src/cpp/MySQL/Poco/*.h") -SET(LOCAL_SRCS ${TINF} ${MAIN} ${HTTPInterface} ${CRYPTO} ${MODEL} ${SINGLETON_MANAGER} ${MYSQL}) +SET(LOCAL_SRCS ${TINF} ${MAIN} ${HTTPInterface} ${CRYPTO} ${MODEL} ${SINGLETON_MANAGER} ${MYSQL} ${TASKS}) aux_source_directory("src/cpp" LOCAL_SRCS) if(MSVC) # src source_group("tinf" FILES ${TINF}) source_group("crypto" FILES ${CRYPTO}) +source_group("tasks" FILES ${TASKS}) source_group("model" FILES ${MODEL}) source_group("mysql" FILES ${MYSQL}) source_group("SingletonManager" FILES ${SINGLETON_MANAGER}) diff --git a/src/cpp/Crypto/Obfus_array.cpp b/src/cpp/Crypto/Obfus_array.cpp index 101df0c84..36d3a9d95 100644 --- a/src/cpp/Crypto/Obfus_array.cpp +++ b/src/cpp/Crypto/Obfus_array.cpp @@ -6,16 +6,16 @@ ObfusArray::ObfusArray(size_t size, const unsigned char * data) : m_arraySize(0), m_offsetSize(0), m_dataSize(size), m_Data(nullptr) { - m_arraySize = randombytes_random() % (int)roundf(size + size*0.25f); + m_arraySize = size + randombytes_random() % (int)roundf(size*0.25f); m_Data = (unsigned char*)malloc(m_arraySize); m_offsetSize = randombytes_random() % (int)roundf((m_arraySize - m_dataSize) * 0.8f); + uint32_t* d = (uint32_t*)m_Data; + for (size_t i = 0; i < (size_t)floorf(m_arraySize / 4.0f); i++) { - uint32_t* d = (uint32_t*)m_Data[i]; - *d = randombytes_random(); + d[i] = randombytes_random(); } - uint32_t* d = (uint32_t*)(m_Data + (m_arraySize - 4)); - *d = randombytes_random(); + d[m_arraySize - 4] = randombytes_random(); memcpy(&m_Data[m_offsetSize], data, size); } diff --git a/src/cpp/Gradido_LoginServer.cpp b/src/cpp/Gradido_LoginServer.cpp index 41bae4e8f..94fb1bdd3 100644 --- a/src/cpp/Gradido_LoginServer.cpp +++ b/src/cpp/Gradido_LoginServer.cpp @@ -9,6 +9,7 @@ #include "Poco/Util/HelpFormatter.h" #include "Poco/Net/ServerSocket.h" #include "Poco/Net/HTTPServer.h" +#include "Poco/Environment.h" #include "MySQL/Poco/Connector.h" #include @@ -70,9 +71,19 @@ int Gradido_LoginServer::main(const std::vector& args) else { unsigned short port = (unsigned short)config().getInt("HTTPServer.port", 9980); - + // load word lists - ServerConfig::loadMnemonicWordLists(); + if (!ServerConfig::loadMnemonicWordLists()) { + printf("[Gradido_LoginServer::%s] error loading mnemonic Word List\n", __FUNCTION__); + return Application::EXIT_CONFIG; + } + if (!ServerConfig::initServerCrypto(config())) { + printf("[Gradido_LoginServer::%s] error init server crypto\n", __FUNCTION__); + return Application::EXIT_CONFIG; + } + + // start cpu scheduler + ServerConfig::g_CPUScheduler = new UniLib::controller::CPUSheduler(Poco::Environment::processorCount(), "Login Worker"); // load up connection configs // register MySQL connector @@ -97,6 +108,7 @@ int Gradido_LoginServer::main(const std::vector& args) waitForTerminationRequest(); // Stop the HTTPServer srv.stop(); + ServerConfig::unload(); } return Application::EXIT_OK; } diff --git a/src/cpp/HTTPInterface/PageRequestHandlerFactory.cpp b/src/cpp/HTTPInterface/PageRequestHandlerFactory.cpp index d8609f6da..c17df17d6 100644 --- a/src/cpp/HTTPInterface/PageRequestHandlerFactory.cpp +++ b/src/cpp/HTTPInterface/PageRequestHandlerFactory.cpp @@ -1,10 +1,14 @@ #include "PageRequestHandlerFactory.h" #include "Poco/Net/HTTPServerRequest.h" + #include "ConfigPage.h" #include "LoginPage.h" #include "RegisterPage.h" #include "HandleFileRequest.h" +#include "DashboardPage.h" + +#include "../SingletonManager/SessionManager.h" PageRequestHandlerFactory::PageRequestHandlerFactory() { @@ -13,18 +17,40 @@ PageRequestHandlerFactory::PageRequestHandlerFactory() Poco::Net::HTTPRequestHandler* PageRequestHandlerFactory::createRequestHandler(const Poco::Net::HTTPServerRequest& request) { - printf("request uri: %s\n", request.getURI().data()); + //printf("request uri: %s\n", request.getURI().data()); std::string uri = request.getURI(); - if (uri == "/") { - return new ConfigPage; + auto referer = request.find("Referer"); + if (referer != request.end()) { + printf("referer: %s\n", referer->second.data()); } - else if (uri == "/login") { - return new LoginPage; - } - else if (uri == "/register") { - return new RegisterPage; + + // check if user has valid session + Poco::Net::NameValueCollection cookies; + request.getCookies(cookies); + + int session_id = 0; + + try { + session_id = atoi(cookies.get("user").data()); + } catch (...) {} + auto sm = SessionManager::getInstance(); + auto s = sm->getSession(session_id); + if (s) { + + return new DashboardPage(s); + } else { + + if (uri == "/") { + return new ConfigPage; + } + else if (uri == "/login") { + return new LoginPage; + } + else if (uri == "/register") { + return new RegisterPage; + } } return new HandleFileRequest; //return new PageRequestHandlerFactory; diff --git a/src/cpp/HTTPInterface/RegisterPage.cpp b/src/cpp/HTTPInterface/RegisterPage.cpp index eaa3a6eae..be62da339 100644 --- a/src/cpp/HTTPInterface/RegisterPage.cpp +++ b/src/cpp/HTTPInterface/RegisterPage.cpp @@ -8,6 +8,7 @@ #line 4 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp" #include "../SingletonManager/SessionManager.h" +#include "Poco/Net/HTTPCookie.h" void RegisterPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net::HTTPServerResponse& response) @@ -18,11 +19,7 @@ void RegisterPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Ne if (_compressResponse) response.set("Content-Encoding", "gzip"); Poco::Net::HTMLForm form(request, request.stream()); - std::ostream& _responseStream = response.send(); - Poco::DeflatingOutputStream _gzipStream(_responseStream, Poco::DeflatingStreamBuf::STREAM_GZIP, 1); - std::ostream& responseStream = _compressResponse ? _gzipStream : _responseStream; - responseStream << "\n"; -#line 7 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp" +#line 8 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp" auto session = SessionManager::getInstance()->getNewSession(); bool userReturned = false; @@ -30,10 +27,20 @@ void RegisterPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Ne userReturned = session->createUser( form.get("register-name"), form.get("register-email"), - form.get("register-password"), - form.get("register-key-existing") + form.get("register-password") ); + if(userReturned) { + auto cookie_id = session->getHandle(); + //auto user_host_string = request.clientAddress().toString(); + auto user_host = request.clientAddress().host(); + session->setClientIp(user_host); + //printf("cookie: %d, user_host: %s\n", cookie_id, user_host.data()); + response.addCookie(Poco::Net::HTTPCookie("user", std::to_string(cookie_id))); + } } + std::ostream& _responseStream = response.send(); + Poco::DeflatingOutputStream _gzipStream(_responseStream, Poco::DeflatingStreamBuf::STREAM_GZIP, 1); + std::ostream& responseStream = _compressResponse ? _gzipStream : _responseStream; responseStream << "\n"; responseStream << "\n"; responseStream << "\n"; @@ -54,19 +61,36 @@ void RegisterPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Ne responseStream << "\n"; responseStream << "\n"; responseStream << "\n"; - responseStream << "

Einen neuen Account anlegen

\n"; - responseStream << "\n"; - responseStream << "
\n"; - responseStream << "\t
\n"; + responseStream << "
\n"; + responseStream << "\t

Einen neuen Account anlegen

\n"; responseStream << "\t"; -#line 42 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp" - if(!form.empty() && !userReturned) { responseStream << "\n"; +#line 48 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp" + if(!form.empty() && userReturned) { responseStream << "\n"; + responseStream << "\t\t
\n"; + responseStream << "\t\t\t
\n"; + responseStream << "\t\t\t\tSchreibe dir den Merkspruch auf und packe ihn gut weg. Du brauchst ihn um deine Adresse wiederherzustellen. Wenn du ihn verlierst, sind auch deine Gradidos verloren.\n"; + responseStream << "\t\t\t
\n"; + responseStream << "\t\t\t
\n"; + responseStream << "\t\t\t\t"; +#line 54 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp" + responseStream << ( session->getPassphrase() ); + responseStream << "\n"; + responseStream << "\t\t\t
\n"; + responseStream << "\t\t
\n"; + responseStream << "\t"; +#line 57 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp" + } else { responseStream << "\n"; + responseStream << "\t\n"; + responseStream << "\t\n"; responseStream << "\t\t"; -#line 43 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp" +#line 60 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp" + if(!form.empty() && !userReturned) { responseStream << "\n"; + responseStream << "\t\t\t"; +#line 61 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp" responseStream << ( session->getErrorsHtml() ); responseStream << "\n"; - responseStream << "\t"; -#line 44 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp" + responseStream << "\t\t"; +#line 62 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp" } responseStream << "\n"; responseStream << "\t\t
\n"; responseStream << "\t\t\tAccount anlegen\n"; @@ -74,14 +98,14 @@ void RegisterPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Ne responseStream << "\t\t\t

\n"; responseStream << "\t\t\t\t\n"; responseStream << "\t\t\t\t\n"; responseStream << "\t\t\t

\n"; responseStream << "\t\t\t

\n"; responseStream << "\t\t\t\t\n"; responseStream << "\t\t\t\t\n"; responseStream << "\t\t\t

\n"; @@ -89,23 +113,14 @@ void RegisterPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Ne responseStream << "\t\t\t\t\n"; responseStream << "\t\t\t\t\n"; responseStream << "\t\t\t

\n"; - responseStream << "\t\t\t

Hast du bereits schonmal ein Gradido Konto besessen?

\n"; - responseStream << "\t\t\t

\n"; - responseStream << "\t\t\t\t\n"; - responseStream << "\t\t\t\t\n"; - responseStream << "\t\t\t

\n"; - responseStream << "\t\t\t

\n"; - responseStream << "\t\t\t\t\n"; - responseStream << "\t\t\t\t\n"; - responseStream << "\t\t\t

\n"; - responseStream << "\t\t\t\n"; responseStream << "\t\t
\n"; - responseStream << "\t\t\n"; - responseStream << "\t
\n"; - responseStream << "\n"; + responseStream << "\t\t\n"; + responseStream << "\t\t\n"; + responseStream << "\t\n"; + responseStream << "\t"; +#line 82 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp" + } responseStream << "\n"; + responseStream << "
\n"; responseStream << "\n"; responseStream << "\n"; if (_compressResponse) _gzipStream.close(); diff --git a/src/cpp/ServerConfig.cpp b/src/cpp/ServerConfig.cpp index 8b4eb835a..02e398215 100644 --- a/src/cpp/ServerConfig.cpp +++ b/src/cpp/ServerConfig.cpp @@ -1,11 +1,14 @@ #include "ServerConfig.h" #include "Crypto/mnemonic_german.h" #include "Crypto/mnemonic_bip0039.h" +#include "sodium.h" namespace ServerConfig { Mnemonic g_Mnemonic_WordLists[MNEMONIC_MAX]; + ObfusArray* g_ServerCryptoKey = nullptr; + UniLib::controller::CPUSheduler* g_CPUScheduler = nullptr; - void loadMnemonicWordLists() + bool loadMnemonicWordLists() { for (int i = 0; i < MNEMONIC_MAX; i++) { int iResult = 0; @@ -14,18 +17,46 @@ namespace ServerConfig { iResult = g_Mnemonic_WordLists[i].init(populate_mnemonic_german, g_mnemonic_german_original_size, g_mnemonic_german_compressed_size); if (iResult) { printf("[%s] error init german mnemonic set, error nr: %d\n", __FUNCTION__, iResult); - //return -1; + return false; } break; case MNEMONIC_BIP0039_SORTED_ORDER: iResult = g_Mnemonic_WordLists[i].init(populate_mnemonic_bip0039, g_mnemonic_bip0039_original_size, g_mnemonic_bip0039_compressed_size); if (iResult) { printf("[%s] error init bip0039 mnemonic set, error nr: %d\n", __FUNCTION__, iResult); - + return false; } break; - default: printf("[%s] unknown MnemonicType\n", __FUNCTION__); + default: printf("[%s] unknown MnemonicType\n", __FUNCTION__); return false; } } + return true; + } + + bool initServerCrypto(const Poco::Util::LayeredConfiguration& cfg) + { + auto serverKey = cfg.getString("crypto.server_key"); + unsigned char key[crypto_shorthash_KEYBYTES]; + size_t realBinSize = 0; + if (sodium_hex2bin(key, crypto_shorthash_KEYBYTES, serverKey.data(), serverKey.size(), nullptr, &realBinSize, nullptr)) { + printf("[%s] serverKey isn't valid hex: %s\n", __FUNCTION__, serverKey.data()); + return false; + } + if (realBinSize != crypto_shorthash_KEYBYTES) { + printf("[%s] serverKey hasn't valid size, expecting: %d, get: %d\n", + __FUNCTION__, crypto_shorthash_KEYBYTES, realBinSize); + return false; + } + g_ServerCryptoKey = new ObfusArray(realBinSize, key); + return true; + } + + void unload() { + if (g_ServerCryptoKey) { + delete g_ServerCryptoKey; + } + if (g_CPUScheduler) { + delete g_CPUScheduler; + } } } \ No newline at end of file diff --git a/src/cpp/ServerConfig.h b/src/cpp/ServerConfig.h index 845f7ab4a..cdaa22fc6 100644 --- a/src/cpp/ServerConfig.h +++ b/src/cpp/ServerConfig.h @@ -1,4 +1,8 @@ #include "Crypto/mnemonic.h" +#include "Crypto/Obfus_array.h" +#include "Poco/Util/LayeredConfiguration.h" + +#include "tasks/CPUSheduler.h" namespace ServerConfig { @@ -9,6 +13,11 @@ namespace ServerConfig { }; extern Mnemonic g_Mnemonic_WordLists[MNEMONIC_MAX]; + extern ObfusArray* g_ServerCryptoKey; + extern UniLib::controller::CPUSheduler* g_CPUScheduler; - void loadMnemonicWordLists(); + bool loadMnemonicWordLists(); + bool initServerCrypto(const Poco::Util::LayeredConfiguration& cfg); + + void unload(); } \ No newline at end of file diff --git a/src/cpp/SingletonManager/SessionManager.cpp b/src/cpp/SingletonManager/SessionManager.cpp index 0d185d19f..d4547985a 100644 --- a/src/cpp/SingletonManager/SessionManager.cpp +++ b/src/cpp/SingletonManager/SessionManager.cpp @@ -90,6 +90,7 @@ Session* SessionManager::getNewSession(int* handle) auto resultIt = mRequestSessionMap.find(local_handle); if (resultIt != mRequestSessionMap.end()) { Session* result = resultIt->second; + result->reset(); mWorkingMutex.unlock(); if (handle) { diff --git a/src/cpp/SingletonManager/SessionManager.h b/src/cpp/SingletonManager/SessionManager.h index d2abf8cdc..3709f9240 100644 --- a/src/cpp/SingletonManager/SessionManager.h +++ b/src/cpp/SingletonManager/SessionManager.h @@ -27,6 +27,8 @@ enum SessionValidationTypes { VALIDATE_MAX }; + +// TODO: cleanup timeouted sessions class SessionManager { public: diff --git a/src/cpp/model/Session.cpp b/src/cpp/model/Session.cpp index 5187b009a..0825bf3a3 100644 --- a/src/cpp/model/Session.cpp +++ b/src/cpp/model/Session.cpp @@ -1,7 +1,10 @@ #include "Session.h" +#include "../ServerConfig.h" #include "Poco/RegularExpression.h" #include "../SingletonManager/SessionManager.h" +#include "sodium.h" + Session::Session(int handle) : mHandleId(handle) { @@ -17,10 +20,20 @@ Session::~Session() void Session::reset() { - + if (mSessionUser) { + delete mSessionUser; + mSessionUser = nullptr; + } + updateTimeout(); + mClientLoginIP = Poco::Net::IPAddress(); } -bool Session::createUser(const std::string& name, const std::string& email, const std::string& password, const std::string& passphrase) +void Session::updateTimeout() +{ + mLastActivity = Poco::DateTime(); +} + +bool Session::createUser(const std::string& name, const std::string& email, const std::string& password) { auto sm = SessionManager::getInstance(); if (!sm->isValid(name, VALIDATE_NAME)) { @@ -35,15 +48,43 @@ bool Session::createUser(const std::string& name, const std::string& email, cons addError(new Error("Password", "Bitte gebe ein gültiges Password ein mit mindestens 8 Zeichen, Groß- und Kleinbuchstaben, mindestens einer Zahl und einem Sonderzeichen")); return false; } - if (passphrase.size() > 0 && !sm->isValid(passphrase, VALIDATE_PASSPHRASE)) { - addError(new Error("Merksatz", "Der Merksatz ist nicht gültig, er besteht aus 24 Wörtern, mit Komma getrennt.")); + /*if (passphrase.size() > 0 && !sm->isValid(passphrase, VALIDATE_PASSPHRASE)) { + addError(new Error("Merkspruch", "Der Merkspruch ist nicht gültig, er besteht aus 24 Wörtern, mit Komma getrennt.")); return false; } - mSessionUser = new User(email.data(), name.data(), password.data(), passphrase.size() ? passphrase.data() : nullptr); + if (passphrase.size() == 0) { + //mPassphrase = User::generateNewPassphrase(&ServerConfig::g_Mnemonic_WordLists[ServerConfig::MNEMONIC_BIP0039_SORTED_ORDER]); + mPassphrase = User::generateNewPassphrase(&ServerConfig::g_Mnemonic_WordLists[ServerConfig::MNEMONIC_GRADIDO_BOOK_GERMAN_RANDOM_ORDER]); + } + else { + //mPassphrase = passphrase; + }*/ + + //mSessionUser = new User(email.data(), name.data(), password.data(), passphrase.size() ? passphrase.data() : mPassphrase.data()); + updateTimeout(); + + // write user into db + // generate and write email verification into db + // send email + + return true; } + + bool Session::loadUser(const std::string& email, const std::string& password) { return true; +} + + +int Session::createEmailVerificationCode() +{ + uint32_t* code_p = (uint32_t*)mEmailVerification; + for (int i = 0; i < EMAIL_VERIFICATION_CODE_SIZE / 4; i++) { + code_p[i] = randombytes_random(); + } + + return 0; } \ No newline at end of file diff --git a/src/cpp/model/Session.h b/src/cpp/model/Session.h index 0d3be48e3..c75719527 100644 --- a/src/cpp/model/Session.h +++ b/src/cpp/model/Session.h @@ -13,22 +13,43 @@ #include "ErrorList.h" #include "User.h" +#include "Poco/Thread.h" +#include "Poco/DateTime.h" +#include "Poco/Net/IPAddress.h" + +#define EMAIL_VERIFICATION_CODE_SIZE 8 + class Session : public ErrorList { public: Session(int handle); ~Session(); - bool createUser(const std::string& name, const std::string& email, const std::string& password, const std::string& passphrase); + bool createUser(const std::string& name, const std::string& email, const std::string& password); bool loadUser(const std::string& email, const std::string& password); + inline User* getUser() { return mSessionUser; } + inline int getHandle() { return mHandleId; } + inline const char* getPassphrase() { return mPassphrase.data(); } + + inline void setClientIp(Poco::Net::IPAddress ip) { mClientLoginIP = ip; } + + inline bool isIPValid(Poco::Net::IPAddress ip) { return mClientLoginIP == ip; } void reset(); + protected: + void updateTimeout(); + + int createEmailVerificationCode(); + int mHandleId; User* mSessionUser; - + std::string mPassphrase; + Poco::DateTime mLastActivity; + Poco::Net::IPAddress mClientLoginIP; + unsigned char* mEmailVerification[EMAIL_VERIFICATION_CODE_SIZE]; }; #endif // DR_LUA_WEB_MODULE_SESSION_SESSION_H diff --git a/src/cpp/model/User.cpp b/src/cpp/model/User.cpp index decbd1d74..0b32cf1ad 100644 --- a/src/cpp/model/User.cpp +++ b/src/cpp/model/User.cpp @@ -2,6 +2,7 @@ #include #include "ed25519/ed25519.h" #include "Poco/Util/Application.h" +#include "../ServerConfig.h" NewUser::NewUser(User* user, const char* password, const char* passphrase) : mUser(user), mPassword(password), mPassphrase(passphrase) @@ -46,16 +47,18 @@ void LoginUser::run() // ******************************************************************************* -User::User(const char* email, const char* name, const char* password, const char* passphrase) +User::User(const char* email, const char* name, const char* password) : mEmail(email), mFirstName(name), mCryptoKey(nullptr) { - + //crypto_shorthash_KEYBYTES + //mPasswordHashed = + crypto_shorthash(mPasswordHashed, (const unsigned char*)password, strlen(password), *ServerConfig::g_ServerCryptoKey); } User::User(const char* email, const char* password) : mEmail(email) { - + crypto_shorthash(mPasswordHashed, (const unsigned char*)password, strlen(password), *ServerConfig::g_ServerCryptoKey); } diff --git a/src/cpp/model/User.h b/src/cpp/model/User.h index 479ab4c8f..4216dd0f4 100644 --- a/src/cpp/model/User.h +++ b/src/cpp/model/User.h @@ -13,7 +13,7 @@ class User : public ErrorList friend NewUser; public: // new user - User(const char* email, const char* name, const char* password, const char* passphrase); + User(const char* email, const char* name, const char* password); // existing user User(const char* email, const char* password); @@ -23,21 +23,22 @@ public: inline bool hasCryptoKey() { lock(); bool bRet = mCryptoKey != nullptr; unlock(); return bRet; } inline const char* getEmail() { return mEmail.data(); } - + inline const char* getName() { return mFirstName.data(); } protected: void createCryptoKey(const char* email, const char* password); - inline void lock() { mWorkingMutex->lock(); } - inline void unlock() { mWorkingMutex->unlock(); } + inline void lock() { mWorkingMutex.lock(); } + inline void unlock() { mWorkingMutex.unlock(); } private: std::string mEmail; std::string mFirstName; + unsigned char mPasswordHashed[crypto_shorthash_BYTES]; // crypto key as obfus array ObfusArray* mCryptoKey; - Poco::Mutex* mWorkingMutex; + Poco::Mutex mWorkingMutex; }; diff --git a/src/cpsp/register.cpsp b/src/cpsp/register.cpsp index d31d23bf3..60c87eccf 100644 --- a/src/cpsp/register.cpsp +++ b/src/cpsp/register.cpsp @@ -3,17 +3,25 @@ <%@ page compressed="true" %> <%! #include "../SingletonManager/SessionManager.h" +#include "Poco/Net/HTTPCookie.h" %> -<% +<%% auto session = SessionManager::getInstance()->getNewSession(); bool userReturned = false; if(!form.empty()) { userReturned = session->createUser( form.get("register-name"), form.get("register-email"), - form.get("register-password"), - form.get("register-key-existing") + form.get("register-password") ); + if(userReturned) { + auto cookie_id = session->getHandle(); + //auto user_host_string = request.clientAddress().toString(); + auto user_host = request.clientAddress().host(); + session->setClientIp(user_host); + //printf("cookie: %d, user_host: %s\n", cookie_id, user_host.data()); + response.addCookie(Poco::Net::HTTPCookie("user", std::to_string(cookie_id))); + } } %> @@ -35,13 +43,23 @@ label:not(.grd_radio_label) { -

Einen neuen Account anlegen

- -
-
- <% if(!form.empty() && !userReturned) {%> - <%= session->getErrorsHtml() %> - <%} %> +
+

Einen neuen Account anlegen

+ <% if(!form.empty() && userReturned) {%> +
+
+ Schreibe dir den Merkspruch auf und packe ihn gut weg. Du brauchst ihn um deine Adresse wiederherzustellen. Wenn du ihn verlierst, sind auch deine Gradidos verloren. +
+
+ <%= session->getPassphrase() %> +
+
+ <% } else { %> + + + <% if(!form.empty() && !userReturned) {%> + <%= session->getErrorsHtml() %> + <%} %>
Account anlegen

Bitte gebe deine Daten um einen Account anzulegen

@@ -57,19 +75,11 @@ label:not(.grd_radio_label) {

-

Hast du bereits schonmal ein Gradido Konto besessen?

-

- - -

-

- - -

-
- -
- + + + + <% } %> +