diff --git a/src/cpp/HTTPInterface/CheckEmailPage.cpp b/src/cpp/HTTPInterface/CheckEmailPage.cpp index 79fa1e3c0..d822ee42e 100644 --- a/src/cpp/HTTPInterface/CheckEmailPage.cpp +++ b/src/cpp/HTTPInterface/CheckEmailPage.cpp @@ -39,7 +39,7 @@ void CheckEmailPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco:: if(mSession) { getErrors(mSession); if(mSession->getSessionState() < SESSION_STATE_EMAIL_VERIFICATION_SEND) { - state = MAIL_NOT_SEND; + //state = MAIL_NOT_SEND; } } @@ -93,22 +93,34 @@ void CheckEmailPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco:: } else if(state == ASK_VERIFICATION_CODE) { responseStream << "\n"; responseStream << "\t
\n"; responseStream << "\t\t

Bitte gebe deinen E-Mail Verification Code ein.

\n"; + responseStream << "\t\t"; +#line 68 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp" + if(mSession && !mSession->getUser().isNull()) { responseStream << "\n"; + responseStream << "\t\t\t

Er wurde an deine E-Mail Adresse: "; +#line 69 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp" + responseStream << ( mSession->getUser()->getEmail() ); + responseStream << " gesendet.

\n"; + responseStream << "\t\t"; +#line 70 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp" + } responseStream << "\n"; responseStream << "\t\t\n"; responseStream << "\t\t\n"; + responseStream << "\t\t

Du hast bisher keinen Code erhalten?

\n"; + responseStream << "\t\t

E-Mail erneut zuschicken (in Arbeit)

\n"; responseStream << "\t
\n"; responseStream << "\t"; -#line 71 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp" +#line 76 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp" } else { responseStream << "\n"; responseStream << "\t
\n"; responseStream << "\t\t\tUngültige Seite, wenn du das siehst stimmt hier etwas nicht. Bitte wende dich an den Server-Admin. \n"; responseStream << "\t\t
\n"; responseStream << "\t"; -#line 75 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp" +#line 80 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp" } responseStream << "\n"; responseStream << "\n"; responseStream << "
\n"; responseStream << "\t"; -#line 78 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp" +#line 83 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp" responseStream << ( mTimeProfiler.string() ); responseStream << "\n"; responseStream << "
\n"; diff --git a/src/cpp/HTTPInterface/PageRequestHandlerFactory.cpp b/src/cpp/HTTPInterface/PageRequestHandlerFactory.cpp index 8ce886f01..a94fe248f 100644 --- a/src/cpp/HTTPInterface/PageRequestHandlerFactory.cpp +++ b/src/cpp/HTTPInterface/PageRequestHandlerFactory.cpp @@ -164,10 +164,10 @@ Poco::Net::HTTPRequestHandler* PageRequestHandlerFactory::handleCheckEmail(Sessi // no session or active session don't belong to verification code if (!session || session->getEmailVerificationCode() != verificationCode) { - sm->releaseSession(session); - session = nullptr; + //sm->releaseSession(session); + //session = nullptr; // it is maybe unsafe - //session = sm->findByEmailVerificationCode(verificationCode); + session = sm->findByEmailVerificationCode(verificationCode); } // no suitable session in memory, try to create one from db data if (!session) { diff --git a/src/cpp/HTTPInterface/PassphrasePage.cpp b/src/cpp/HTTPInterface/PassphrasePage.cpp index 7cb5f8684..88022f2cc 100644 --- a/src/cpp/HTTPInterface/PassphrasePage.cpp +++ b/src/cpp/HTTPInterface/PassphrasePage.cpp @@ -9,7 +9,7 @@ #include "../model/Profiler.h" #include "../SingletonManager/SessionManager.h" - +#include "Poco/Net/HTTPServerParams.h" enum PageState { @@ -37,6 +37,7 @@ void PassphrasePage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco:: PageState state = PAGE_ASK_PASSPHRASE; auto sm = SessionManager::getInstance(); + auto uri_start = request.serverParams().getServerName(); // remove old cookies if exist sm->deleteLoginCookies(request, response, mSession); // save login cookie, because maybe we've get an new session @@ -101,11 +102,11 @@ void PassphrasePage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco:: responseStream << "
\n"; responseStream << "\t

Einen neuen Account anlegen

\n"; responseStream << "\t"; -#line 82 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp" +#line 83 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp" responseStream << ( getErrorsHtml() ); responseStream << "\n"; responseStream << "\t"; -#line 83 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp" +#line 84 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp" if(state == PAGE_SHOW_PASSPHRASE) { responseStream << "\n"; responseStream << "\t\t
\n"; responseStream << "\t\t\t
\n"; @@ -113,17 +114,20 @@ void PassphrasePage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco:: responseStream << "\t\t\t
\n"; responseStream << "\t\t\t
\n"; responseStream << "\t\t\t\t"; -#line 89 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp" +#line 90 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp" responseStream << ( mSession->getPassphrase() ); responseStream << "\n"; responseStream << "\t\t\t
\n"; responseStream << "\t\t\tWeiter\n"; responseStream << "\t\t
\n"; responseStream << "\t"; -#line 93 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp" +#line 94 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp" } else if(state == PAGE_ASK_PASSPHRASE) { responseStream << "\n"; responseStream << "\t

Deine E-Mail Adresse wurde erfolgreich bestätigt.

\n"; - responseStream << "\t
\n"; + responseStream << "\t\n"; responseStream << "\t\t
\n"; responseStream << "\t\t\tNeue Gradido Adresse anlegen / wiederherstellen\n"; responseStream << "\t\t\t

Hast du schonmal ein Gradido Konto besessen?

\n"; @@ -136,7 +140,7 @@ void PassphrasePage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco:: responseStream << "\t\t\t\t\n"; responseStream << "\t\t\t

\n"; responseStream << "\t\t\t\n"; responseStream << "\t\t
\n"; @@ -144,18 +148,18 @@ void PassphrasePage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco:: responseStream << "\t\t\n"; responseStream << "\t
\n"; responseStream << "\t"; -#line 112 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp" +#line 113 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp" } else { responseStream << "\n"; responseStream << "\t\t
\n"; responseStream << "\t\t\tUngültige Seite, wenn du das siehst stimmt hier etwas nicht. Bitte wende dich an den Server-Admin. \n"; responseStream << "\t\t
\n"; responseStream << "\t"; -#line 116 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp" +#line 117 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp" } responseStream << "\n"; responseStream << "
\n"; responseStream << "
\n"; responseStream << "\t"; -#line 119 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp" +#line 120 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp" responseStream << ( mTimeProfiler.string() ); responseStream << "\n"; responseStream << "
\n"; diff --git a/src/cpp/HTTPInterface/UpdateUserPasswordPage.cpp b/src/cpp/HTTPInterface/UpdateUserPasswordPage.cpp index 662931178..0e12e2966 100644 --- a/src/cpp/HTTPInterface/UpdateUserPasswordPage.cpp +++ b/src/cpp/HTTPInterface/UpdateUserPasswordPage.cpp @@ -43,9 +43,11 @@ void UpdateUserPasswordPage::handleRequest(Poco::Net::HTTPServerRequest& request if(user->setNewPassword(form.get("register-password"))) { std::string referUri = request.get("Referer", "./"); //printf("[updateUserPasswordPage] referUri: %s\n", referUri.data()); + mSession->getErrors(user); response.redirect(referUri); return; } + } } } @@ -99,7 +101,7 @@ void UpdateUserPasswordPage::handleRequest(Poco::Net::HTTPServerRequest& request responseStream << "
\n"; responseStream << "\t

Passwort bestimmen

\n"; responseStream << "\t"; -#line 79 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\UpdateUserPassword.cpsp" +#line 81 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\UpdateUserPassword.cpsp" responseStream << ( getErrorsHtml() ); responseStream << "\n"; responseStream << "\t
\t\n"; @@ -122,7 +124,7 @@ void UpdateUserPasswordPage::handleRequest(Poco::Net::HTTPServerRequest& request responseStream << "
\n"; responseStream << "
\n"; responseStream << "\t"; -#line 99 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\UpdateUserPassword.cpsp" +#line 101 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\UpdateUserPassword.cpsp" responseStream << ( mTimeProfiler.string() ); responseStream << "\n"; responseStream << "
\n"; diff --git a/src/cpp/SingletonManager/SessionManager.cpp b/src/cpp/SingletonManager/SessionManager.cpp index 487cf5ea6..d596a01c4 100644 --- a/src/cpp/SingletonManager/SessionManager.cpp +++ b/src/cpp/SingletonManager/SessionManager.cpp @@ -265,6 +265,10 @@ Session* SessionManager::findByEmailVerificationCode(long long emailVerification for (auto it = mRequestSessionMap.begin(); it != mRequestSessionMap.end(); it++) { if (it->second->getEmailVerificationCode() == emailVerificationCode) { result = it->second; + if (!result->isActive()) { + result = nullptr; + continue; + } break; } } @@ -315,6 +319,7 @@ void SessionManager::deleteLoginCookies(Poco::Net::HTTPServerRequest& request, P } // delete cookie auto keks = Poco::Net::HTTPCookie("GRADIDO_LOGIN", it->second); + keks.setPath("/"); // max age of 0 delete cookie keks.setMaxAge(0); response.addCookie(keks); diff --git a/src/cpp/SingletonManager/SessionManager.h b/src/cpp/SingletonManager/SessionManager.h index d7ac846dc..192b4a27b 100644 --- a/src/cpp/SingletonManager/SessionManager.h +++ b/src/cpp/SingletonManager/SessionManager.h @@ -46,6 +46,7 @@ public: Session* getNewSession(int* handle = nullptr); inline bool releaseSession(Session* requestSession) { + if (!requestSession) return false; return releaseSession(requestSession->getHandle()); } bool releaseSession(int requestHandleSession); diff --git a/src/cpp/model/Session.cpp b/src/cpp/model/Session.cpp index 9b82d641d..58f448a16 100644 --- a/src/cpp/model/Session.cpp +++ b/src/cpp/model/Session.cpp @@ -290,7 +290,7 @@ UserStates Session::loadUser(const std::string& email, const std::string& passwo lock(); if (mSessionUser) mSessionUser = nullptr; mSessionUser = new User(email.data()); - if (mSessionUser->getUserState() == USER_LOADED_FROM_DB) { + if (mSessionUser->getUserState() >= USER_LOADED_FROM_DB) { if (!mSessionUser->validatePwd(password, this)) { return USER_PASSWORD_INCORRECT; } @@ -406,6 +406,7 @@ Poco::Net::HTTPCookie Session::getLoginCookie() auto keks = Poco::Net::HTTPCookie("GRADIDO_LOGIN", std::to_string(mHandleId)); // prevent reading or changing cookie with js keks.setHttpOnly(); + keks.setPath("/"); // send cookie only via https #ifndef WIN32 keks.setSecure(true); diff --git a/src/cpp/model/User.cpp b/src/cpp/model/User.cpp index 268c66331..53e87111f 100644 --- a/src/cpp/model/User.cpp +++ b/src/cpp/model/User.cpp @@ -340,6 +340,8 @@ bool User::isEmptyPassword() { bool bRet = false; lock(); + printf("[User::isEmptyPassword] pwd hashed: %d, running: %d, this: %d\n", + mPasswordHashed, !mCreateCryptoKeyTask.isNull(), this); bRet = mPasswordHashed == 0 && (mCreateCryptoKeyTask.isNull() || mCreateCryptoKeyTask->isTaskFinished()); unlock(); return bRet; @@ -372,6 +374,7 @@ bool User::setNewPassword(const std::string& newPassword) } duplicate(); lock(); + printf("[User::setNewPassword] start create crypto key task with this: %d\n", this); mCreateCryptoKeyTask = new UserCreateCryptoKey(this, newPassword, ServerConfig::g_CPUScheduler); mCreateCryptoKeyTask->scheduleTask(mCreateCryptoKeyTask); unlock(); @@ -490,7 +493,7 @@ void User::release() mWorkingMutex.lock(); mReferenceCount--; #ifdef DEBUG_USER_DELETE_ENV - printf("[User::release] new value: %d\n", mReferenceCount); + printf("[User::release] new value: %d, this: %d\n", mReferenceCount, this); #endif if (0 == mReferenceCount) { mWorkingMutex.unlock(); diff --git a/src/cpsp/checkEmail.cpsp b/src/cpsp/checkEmail.cpsp index eddca7dde..5e6559fa8 100644 --- a/src/cpsp/checkEmail.cpsp +++ b/src/cpsp/checkEmail.cpsp @@ -21,7 +21,7 @@ enum PageState if(mSession) { getErrors(mSession); if(mSession->getSessionState() < SESSION_STATE_EMAIL_VERIFICATION_SEND) { - state = MAIL_NOT_SEND; + //state = MAIL_NOT_SEND; } } @@ -65,8 +65,13 @@ label:not(.grd_radio_label) { <% } else if(state == ASK_VERIFICATION_CODE) { %>

Bitte gebe deinen E-Mail Verification Code ein.

+ <% if(mSession && !mSession->getUser().isNull()) {%> +

Er wurde an deine E-Mail Adresse: <%= mSession->getUser()->getEmail() %> gesendet.

+ <% } %> +

Du hast bisher keinen Code erhalten?

+

E-Mail erneut zuschicken (in Arbeit)

<% } else { %>
diff --git a/src/cpsp/passphrase.cpsp b/src/cpsp/passphrase.cpsp index 754129d7a..d87b2f0f2 100644 --- a/src/cpsp/passphrase.cpsp +++ b/src/cpsp/passphrase.cpsp @@ -7,7 +7,7 @@ <%! #include "../model/Profiler.h" #include "../SingletonManager/SessionManager.h" - +#include "Poco/Net/HTTPServerParams.h" enum PageState { @@ -19,6 +19,7 @@ enum PageState PageState state = PAGE_ASK_PASSPHRASE; auto sm = SessionManager::getInstance(); + auto uri_start = request.serverParams().getServerName(); // remove old cookies if exist sm->deleteLoginCookies(request, response, mSession); // save login cookie, because maybe we've get an new session @@ -92,7 +93,7 @@ label:not(.grd_radio_label) {
<% } else if(state == PAGE_ASK_PASSPHRASE) { %>

Deine E-Mail Adresse wurde erfolgreich bestätigt.

-
+
Neue Gradido Adresse anlegen / wiederherstellen

Hast du schonmal ein Gradido Konto besessen?

diff --git a/src/cpsp/updateUserPassword.cpsp b/src/cpsp/updateUserPassword.cpsp index 5b21a5582..cf4513545 100644 --- a/src/cpsp/updateUserPassword.cpsp +++ b/src/cpsp/updateUserPassword.cpsp @@ -24,9 +24,11 @@ if(user->setNewPassword(form.get("register-password"))) { std::string referUri = request.get("Referer", "./"); //printf("[updateUserPasswordPage] referUri: %s\n", referUri.data()); + mSession->getErrors(user); response.redirect(referUri); return; } + } } }