IT4Change/gradido
3
0
Fork 0
mirror of https://github.com/IT4Change/gradido.git synced 2025-12-13 07:45:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

update register process to prevent to many session destroys

Browse Source
This commit is contained in:
Dario 2019-10-15 10:27:24 +02:00
parent 34050fda19
commit e74271def7
30 changed files with 603 additions and 267 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/cpp/Crypto/Obfus_array.cpp
View File

@ -3,7 +3,7 @@
#include <memory.h>
#include <math.h>
#include <assert.h>
/*
ObfusArray::ObfusArray(size_t size, const unsigned char * data)
: m_arraySize(0), m_offsetSize(0), m_dataSize(size), m_Data(nullptr)
{
@ -23,9 +23,18 @@ ObfusArray::ObfusArray(size_t size, const unsigned char * data)
memcpy(&m_Data[m_offsetSize], data, size);
printf("[ObfusArray] data: %lld\n", (int64_t)m_Data);
}
*/
ObfusArray::ObfusArray(size_t size, const unsigned char * data)
: m_arraySize(64), m_offsetSize(0), m_dataSize(size)
{
memset(m_Data, 0, m_arraySize);
memcpy(m_Data, data, size);
//printf("[ObfusArray] data: %lld\n", (int64_t)m_Data);
}
ObfusArray::~ObfusArray()
{
/*
printf("[ObfusArray::~ObfusArray] data: %lld\n", (int64_t)m_Data);
if (m_Data) {
@ -33,4 +42,5 @@ ObfusArray::~ObfusArray()
m_Data = nullptr;
}
printf("[ObfusArray::~ObfusArray] finish\n");
*/
}

3
src/cpp/Crypto/Obfus_array.h
View File

@ -17,7 +17,8 @@ private:
size_t m_arraySize;
size_t m_offsetSize;
size_t m_dataSize;
unsigned char* m_Data;
//unsigned char* m_Data;
unsigned char m_Data[64];
};
#endif //GRADIDO_LOGIN_SERVER_CRYPTO_OBFUS_ARRAY

26
src/cpp/HTTPInterface/CheckEmailPage.cpp
View File

@ -7,7 +7,7 @@
#line 7 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
#include "../model/Profiler.h"
#include "../SingletonManager/SessionManager.h"
enum PageState
{
@ -32,11 +32,12 @@ void CheckEmailPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::
Poco::Net::HTMLForm form(request, request.stream());
#line 16 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
Profiler timeUsed;
bool hasErrors = false;
// remove old cookies if exist
auto sm = SessionManager::getInstance();
sm->deleteLoginCookies(request, response, mSession);
PageState state = ASK_VERIFICATION_CODE;
if(mSession) {
hasErrors = mSession->errorCount() > 0;
getErrors(mSession);
if(mSession->getSessionState() < SESSION_STATE_EMAIL_VERIFICATION_SEND) {
state = MAIL_NOT_SEND;
}
@ -74,18 +75,13 @@ void CheckEmailPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::
responseStream << "</head>\n";
responseStream << "<body>\n";
responseStream << "<div class=\"grd_container\">\n";
responseStream << "\t";
#line 56 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
if(mSession && hasErrors) { responseStream << "\n";
responseStream << "\t\t";
#line 57 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
responseStream << ( mSession->getErrorsHtml() );
responseStream << "\n";
responseStream << "\t";
#line 58 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
} responseStream << "\n";
responseStream << "\t\n";
responseStream << "\t<h1>Einen neuen Account anlegen</h1>\n";
responseStream << "\t";
#line 59 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
responseStream << ( getErrorsHtml() );
responseStream << "\n";
responseStream << "\t";
#line 60 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
if(state == MAIL_NOT_SEND) { responseStream << "\n";
responseStream << "\t\t<div class=\"grd_text\">\n";
@ -113,7 +109,7 @@ void CheckEmailPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::
responseStream << "<div class=\"grd-time-used\">\n";
responseStream << "\t";
#line 78 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
responseStream << ( timeUsed.string() );
responseStream << ( mTimeProfiler.string() );
responseStream << "\n";
responseStream << "</div>\n";
responseStream << "</body>\n";

33
src/cpp/HTTPInterface/DashboardPage.cpp
View File

@ -8,7 +8,7 @@
#line 7 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp"
#include "../SingletonManager/SessionManager.h"
#include "../model/Profiler.h"
#include "Poco/Net/HTTPServerParams.h"
DashboardPage::DashboardPage(Session* arg):
@ -31,12 +31,13 @@ void DashboardPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::N
responseStream << "\n";
#line 11 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp"
Profiler timeUsed;
//Poco::Net::NameValueCollection cookies;
//request.getCookies(cookies);
if(!form.empty()) {
//form.get("email-verification-code")
}
auto uri_start = request.serverParams().getServerName();
responseStream << "\n";
responseStream << "<!DOCTYPE html>\n";
responseStream << "<html>\n";
@ -50,23 +51,23 @@ void DashboardPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::N
responseStream << "<body>\n";
responseStream << "<div class=\"grd_container\">\n";
responseStream << "\t<h1>Willkommen ";
#line 30 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp"
#line 31 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp"
responseStream << ( mSession->getUser()->getFirstName() );
responseStream << "&nbsp;";
#line 30 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp"
#line 31 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp"
responseStream << ( mSession->getUser()->getLastName() );
responseStream << "</h1>\n";
responseStream << "\t";
#line 31 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp"
#line 32 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp"
responseStream << ( mSession->getErrorsHtml() );
responseStream << "\n";
responseStream << "\t<h3>Status</h3>\n";
responseStream << "\t<p>";
#line 33 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp"
#line 34 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp"
responseStream << ( mSession->getSessionStateString() );
responseStream << "</p>\n";
responseStream << "\t";
#line 34 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp"
#line 35 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp"
if(mSession->getSessionState() == SESSION_STATE_EMAIL_VERIFICATION_SEND) { responseStream << "\n";
responseStream << "\t<p>Verification Code E-Mail wurde erfolgreich an dich verschickt, bitte schaue auch in dein Spam-Verzeichnis nach wenn du sie nicht findest und klicke auf den Link den du dort findest oder kopiere den Code hier her:</p>\n";
responseStream << "\t<form method=\"GET\" action=\"checkEmail\">\n";
@ -74,7 +75,7 @@ void DashboardPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::N
responseStream << "\t\t<input class=\"grd_bn_succeed\" type=\"submit\" value=\"Überprüfe Code\">\n";
responseStream << "\t</form>\n";
responseStream << "\t";
#line 40 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp"
#line 41 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp"
} else if(mSession->getSessionState() == SESSION_STATE_EMAIL_VERIFICATION_WRITTEN) { responseStream << "\n";
responseStream << "\t<p>Hast du schon eine E-Mail mit einem Verification Code erhalten? Wenn ja kannst du ihn hier hinein kopieren:</p>\n";
responseStream << "\t<form method=\"GET\" action=\"checkEmail\">\n";
@ -82,15 +83,21 @@ void DashboardPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::N
responseStream << "\t\t<input class=\"grd_bn_succeed\" type=\"submit\" value=\"Überprüfe Code\">\n";
responseStream << "\t</form>\n";
responseStream << "\t";
#line 46 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp"
#line 47 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp"
} responseStream << "\n";
responseStream << "\t<a class=\"grd_bn\" href=\"logout\">Abmelden</a>\n";
responseStream << "\t<a class=\"grd_bn\" href=\"user_delete\">Account l&ouml;schen</a>\n";
responseStream << "\t<a class=\"grd_bn\" href=\"";
#line 48 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp"
responseStream << ( uri_start );
responseStream << "/logout\">Abmelden</a>\n";
responseStream << "\t<a class=\"grd_bn\" href=\"";
#line 49 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp"
responseStream << ( uri_start );
responseStream << "/user_delete\">Account l&ouml;schen</a>\n";
responseStream << "</div>\n";
responseStream << "<div class=\"grd-time-used\">\n";
responseStream << "\t";
#line 51 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp"
responseStream << ( timeUsed.string() );
#line 52 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp"
responseStream << ( mTimeProfiler.string() );
responseStream << "\n";
responseStream << "</div>\n";
responseStream << "</body>\n";

70
src/cpp/HTTPInterface/LoginPage.cpp
View File

@ -5,7 +5,7 @@
#include "Poco/DeflatingStream.h"
#line 4 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\login.cpsp"
#line 6 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\login.cpsp"
#include "../SingletonManager/SessionManager.h"
#include "Poco/Net/HTTPCookie.h"
@ -22,30 +22,58 @@ void LoginPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net::
if (_compressResponse) response.set("Content-Encoding", "gzip");
Poco::Net::HTMLForm form(request, request.stream());
#line 11 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\login.cpsp"
#line 13 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\login.cpsp"
Profiler timeUsed;
auto session = SessionManager::getInstance()->getNewSession();
auto sm = SessionManager::getInstance();
if(!form.empty()) {
auto email = form.get("login-email", "");
auto password = form.get("login-password", "");
if(session->loadUser(email, password)) {
auto user_host = request.clientAddress().host();
session->setClientIp(user_host);
response.addCookie(session->getLoginCookie());
if(email != "" && password != "") {
auto session = sm->getSession(request);
if(!session) {
session = sm->getNewSession();
auto user_host = request.clientAddress().host();
session->setClientIp(user_host);
response.addCookie(session->getLoginCookie());
}
auto userState = session->loadUser(email, password);
getErrors(session);
auto uri_start = request.serverParams().getServerName();
//response.redirect(uri_start + "/");
response.redirect("./");
return;
switch(userState) {
case USER_EMPTY:
case USER_PASSWORD_INCORRECT:
addError(new Error("Login", "E-Mail oder Passwort nicht korrekt, bitte versuche es erneut!"));
break;
case USER_EMAIL_NOT_ACTIVATED:
// response.redirect(uri_start + "/checkEmail");
session->addError(new Error("Account", "E-Mail Adresse wurde noch nicht best&auml;tigt, hast du schon eine E-Mail erhalten?"));
response.redirect("./checkEmail");
return;
case USER_NO_KEYS:
// response.redirect(uri_start + "/passphrase");
response.redirect("./passphrase");
return;
case USER_NO_PRIVATE_KEY:
case USER_COMPLETE:
// response.redirect(uri_start + "/");
response.redirect("./");
return;
}
} else {
addError(new Error("Login", "Benutzernamen und Passwort m&uuml;ssen angegeben werden!"));
}
} else {
// on enter login page with empty form
// remove old cookies if exist
auto keks = Poco::Net::HTTPCookie("GRADIDO_LOGIN", "");
// max age of 0 delete cookie
keks.setMaxAge(0);
response.addCookie(keks);
}
sm->deleteLoginCookies(request, response);
}
std::ostream& _responseStream = response.send();
Poco::DeflatingOutputStream _gzipStream(_responseStream, Poco::DeflatingStreamBuf::STREAM_GZIP, 1);
@ -81,8 +109,8 @@ void LoginPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net::
responseStream << "\t<div class=\"grd_container\">\n";
responseStream << "\t\t<h1>Login</h1>\n";
responseStream << "\t\t";
#line 65 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\login.cpsp"
responseStream << ( session->getErrorsHtml() );
#line 95 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\login.cpsp"
responseStream << ( getErrorsHtml() );
responseStream << "\n";
responseStream << "\t\t<fieldset class=\"grd_container_small\">\n";
responseStream << "\t\t\t<legend>Login</legend>\n";
@ -103,12 +131,12 @@ void LoginPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net::
responseStream << "\t</div>\n";
responseStream << "\t<div class=\"grd-time-used\">\n";
responseStream << "\t\t";
#line 84 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\login.cpsp"
responseStream << ( timeUsed.string() );
#line 114 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\login.cpsp"
responseStream << ( mTimeProfiler.string() );
responseStream << "\n";
responseStream << "\t</div>\n";
responseStream << "</form>\n";
responseStream << "</body>\n";
responseStream << "</html>\n";
responseStream << "</html>";
if (_compressResponse) _gzipStream.close();
}

5
src/cpp/HTTPInterface/LoginPage.h
View File

@ -5,7 +5,10 @@
#include "Poco/Net/HTTPRequestHandler.h"
class LoginPage: public Poco::Net::HTTPRequestHandler
#include "PageRequestMessagedHandler.h"
class LoginPage: public PageRequestMessagedHandler
{
public:
void handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net::HTTPServerResponse& response);

19
src/cpp/HTTPInterface/PageRequestHandlerFactory.cpp
View File

@ -71,12 +71,12 @@ Poco::Net::HTTPRequestHandler* PageRequestHandlerFactory::createRequestHandler(c
if (s) {
auto user = s->getUser();
if (s->errorCount() || (user && user->errorCount())) {
if (s->errorCount() || (!user.isNull() && user->errorCount())) {
return new Error500Page(s);
}
if(url_first_part == "/logout") {
sm->releseSession(s);
sm->releaseSession(s);
// remove cookie
printf("session released\n");
@ -84,7 +84,7 @@ Poco::Net::HTTPRequestHandler* PageRequestHandlerFactory::createRequestHandler(c
}
if(url_first_part == "/user_delete") {
if(s->deleteUser()) {
sm->releseSession(s);
sm->releaseSession(s);
return new LoginPage;
}
@ -100,7 +100,7 @@ Poco::Net::HTTPRequestHandler* PageRequestHandlerFactory::createRequestHandler(c
//else if (uri == "/saveKeys") {
return new SaveKeysPage(s);
}
if (s && s->getUser()) {
if (s && !s->getUser().isNull()) {
printf("[PageRequestHandlerFactory] go to dashboard page with user\n");
return new DashboardPage(s);
}
@ -164,7 +164,10 @@ Poco::Net::HTTPRequestHandler* PageRequestHandlerFactory::handleCheckEmail(Sessi
// no session or active session don't belong to verification code
if (!session || session->getEmailVerificationCode() != verificationCode) {
session = sm->findByEmailVerificationCode(verificationCode);
sm->releaseSession(session);
session = nullptr;
// it is maybe unsafe
//session = sm->findByEmailVerificationCode(verificationCode);
}
// no suitable session in memory, try to create one from db data
if (!session) {
@ -178,6 +181,7 @@ Poco::Net::HTTPRequestHandler* PageRequestHandlerFactory::handleCheckEmail(Sessi
*/
}
else {
//sm->releaseSession(session);
return new CheckEmailPage(session);
}
}
@ -198,7 +202,10 @@ Poco::Net::HTTPRequestHandler* PageRequestHandlerFactory::handleCheckEmail(Sessi
}
}
if (session) {
sm->releaseSession(session);
}
return new CheckEmailPage(session);
return new CheckEmailPage(nullptr);
}

2
src/cpp/HTTPInterface/PageRequestMessagedHandler.cpp Normal file
View File

@ -0,0 +1,2 @@
#include "PageRequestMessagedHandler.h"

23
src/cpp/HTTPInterface/PageRequestMessagedHandler.h Normal file
View File

@ -0,0 +1,23 @@
#ifndef PAGE_REQUEST_MESSAGE_HANDLER_INCLUDED
#define PAGE_REQUEST_MESSAGE_HANDLER_INCLUDED
//#include "../model/Session.h"
#include "../model/ErrorList.h"
#include "../model/Profiler.h"
#include "Poco/Net/HTTPRequestHandler.h"
class PageRequestMessagedHandler : public Poco::Net::HTTPRequestHandler, public ErrorList
{
public:
PageRequestMessagedHandler() {}
//Poco::Net::HTTPRequestHandler* createRequestHandler(const Poco::Net::HTTPServerRequest& request);
protected:
Profiler mTimeProfiler;
};
#endif // PAGE_REQUEST_MESSAGE_HANDLER_INCLUDED

44
src/cpp/HTTPInterface/PassphrasePage.cpp
View File

@ -8,6 +8,8 @@
#line 7 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp"
#include "../model/Profiler.h"
#include "../SingletonManager/SessionManager.h"
enum PageState
{
@ -30,12 +32,13 @@ void PassphrasePage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::
if (_compressResponse) response.set("Content-Encoding", "gzip");
Poco::Net::HTMLForm form(request, request.stream());
#line 16 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp"
#line 18 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp"
Profiler timeUsed;
PageState state = PAGE_ASK_PASSPHRASE;
bool hasErrors = mSession->errorCount() > 0;
auto sm = SessionManager::getInstance();
// remove old cookies if exist
sm->deleteLoginCookies(request, response, mSession);
// save login cookie, because maybe we've get an new session
response.addCookie(mSession->getLoginCookie());
@ -52,7 +55,7 @@ void PassphrasePage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::
state = PAGE_SHOW_PASSPHRASE;
}
else {
mSession->addError(new Error("Merkspruch", "Dieser Merkspruch ist ung&uuml;ltig, bitte &uuml;berpr&uuml;fen oder neu generieren (lassen)."));
addError(new Error("Passphrase", "Diese Passphrase ist ung&uuml;ltig, bitte &uuml;berpr&uuml;fen oder neu generieren (lassen)."));
}
}
else if (registerKeyChoice == "yes") {
@ -64,6 +67,7 @@ void PassphrasePage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::
state = PAGE_SHOW_PASSPHRASE;
mSession->updateState(SESSION_STATE_PASSPHRASE_SHOWN);
}
getErrors(mSession);
std::ostream& _responseStream = response.send();
Poco::DeflatingOutputStream _gzipStream(_responseStream, Poco::DeflatingStreamBuf::STREAM_GZIP, 1);
std::ostream& responseStream = _compressResponse ? _gzipStream : _responseStream;
@ -95,19 +99,13 @@ void PassphrasePage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::
responseStream << "</head>\n";
responseStream << "<body>\n";
responseStream << "<div class=\"grd_container\">\n";
responseStream << "\t";
#line 77 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp"
if(mSession && hasErrors) { responseStream << "\n";
responseStream << "\t\t";
#line 78 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp"
responseStream << ( mSession->getErrorsHtml() );
responseStream << "\n";
responseStream << "\t";
#line 79 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp"
} responseStream << "\n";
responseStream << "\t<h1>Einen neuen Account anlegen</h1>\n";
responseStream << "\t";
#line 81 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp"
#line 82 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp"
responseStream << ( getErrorsHtml() );
responseStream << "\n";
responseStream << "\t";
#line 83 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp"
if(state == PAGE_SHOW_PASSPHRASE) { responseStream << "\n";
responseStream << "\t\t<div class=\"grd_text-max-width\">\n";
responseStream << "\t\t\t<div class=\"grd_text\">\n";
@ -115,17 +113,17 @@ void PassphrasePage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::
responseStream << "\t\t\t</div>\n";
responseStream << "\t\t\t<div class=\"grd_textarea\">\n";
responseStream << "\t\t\t\t";
#line 87 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp"
#line 89 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp"
responseStream << ( mSession->getPassphrase() );
responseStream << "\n";
responseStream << "\t\t\t</div>\n";
responseStream << "\t\t\t<a href=\"saveKeys\">Weiter</a>\n";
responseStream << "\t\t</div>\n";
responseStream << "\t";
#line 91 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp"
#line 93 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp"
} else if(state == PAGE_ASK_PASSPHRASE) { responseStream << "\n";
responseStream << "\t<p>Deine E-Mail Adresse wurde erfolgreich bestätigt. </p>\n";
responseStream << "\t<form method=\"POST\" action=\"passphrase\">\n";
responseStream << "\t<form method=\"POST\" action=\"./passphrase\">\n";
responseStream << "\t\t<fieldset class=\"grd_container_small\">\n";
responseStream << "\t\t\t<legend>Neue Gradido Adresse anlegen / wiederherstellen</legend>\n";
responseStream << "\t\t\t<p>Hast du schonmal ein Gradido Konto besessen?</p>\n";
@ -138,7 +136,7 @@ void PassphrasePage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::
responseStream << "\t\t\t\t<label class=\"grd_radio_label\" for=\"passphrase-new-no\">Ja, bitte wiederherstellen!</label>\n";
responseStream << "\t\t\t</p>\n";
responseStream << "\t\t\t<textarea style=\"width:100%;height:100px\" name=\"passphrase-existing\">";
#line 105 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp"
#line 107 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp"
responseStream << ( !form.empty() ? form.get("passphrase-existing", "") : "" );
responseStream << "</textarea>\n";
responseStream << "\t\t</fieldset>\n";
@ -146,19 +144,19 @@ void PassphrasePage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::
responseStream << "\t\t\n";
responseStream << "\t</form>\n";
responseStream << "\t";
#line 110 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp"
#line 112 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp"
} else { responseStream << "\n";
responseStream << "\t\t<div class=\"grd_text\">\n";
responseStream << "\t\t\tUngültige Seite, wenn du das siehst stimmt hier etwas nicht. Bitte wende dich an den Server-Admin. \n";
responseStream << "\t\t</div>\n";
responseStream << "\t";
#line 114 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp"
#line 116 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp"
} responseStream << "\n";
responseStream << "</div>\n";
responseStream << "<div class=\"grd-time-used\">\n";
responseStream << "\t";
#line 117 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp"
responseStream << ( timeUsed.string() );
#line 119 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp"
responseStream << ( mTimeProfiler.string() );
responseStream << "\n";
responseStream << "</div>\n";
responseStream << "</body>\n";

63
src/cpp/HTTPInterface/RegisterPage.cpp
View File

@ -5,11 +5,10 @@
#include "Poco/DeflatingStream.h"
#line 4 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
#line 6 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
#include "../SingletonManager/SessionManager.h"
#include "Poco/Net/HTTPCookie.h"
#include "../model/Profiler.h"
void RegisterPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net::HTTPServerResponse& response)
@ -20,28 +19,37 @@ void RegisterPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Ne
if (_compressResponse) response.set("Content-Encoding", "gzip");
Poco::Net::HTMLForm form(request, request.stream());
#line 9 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
#line 10 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
Profiler timeUsed;
auto session = SessionManager::getInstance()->getNewSession();
auto sm = SessionManager::getInstance();
bool userReturned = false;
if(!form.empty()) {
if(form.get("register-password2") != form.get("register-password")) {
session->addError(new Error("Passwort", "Passw&ouml;rter sind nicht identisch."));
addError(new Error("Passwort", "Passw&ouml;rter sind nicht identisch."));
} else {
auto session = sm->getSession(request);
if(!session) {
session = sm->getNewSession();
auto user_host = request.clientAddress().host();
session->setClientIp(user_host);
response.addCookie(session->getLoginCookie());
}
userReturned = session->createUser(
form.get("register-first-name"),
form.get("register-last-name"),
form.get("register-email"),
form.get("register-password")
);
getErrors(session);
}
if(userReturned) {
auto user_host = request.clientAddress().host();
session->setClientIp(user_host);
response.addCookie(session->getLoginCookie());
}
} else {
// on enter login page with empty form
// remove old cookies if exist
sm->deleteLoginCookies(request, response);
}
std::ostream& _responseStream = response.send();
Poco::DeflatingOutputStream _gzipStream(_responseStream, Poco::DeflatingStreamBuf::STREAM_GZIP, 1);
@ -76,9 +84,12 @@ void RegisterPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Ne
responseStream << "<div class=\"grd_container\">\n";
responseStream << "\t<h1>Einen neuen Account anlegen</h1>\n";
responseStream << "\t";
#line 60 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
#line 70 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
responseStream << ( getErrorsHtml() );
responseStream << "\n";
responseStream << "\t";
#line 71 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
if(!form.empty() && userReturned) { responseStream << "\n";
responseStream << "\t\t\n";
responseStream << "\t\t<div class=\"grd_text-max-width\">\n";
responseStream << "\t\t\t<div class=\"grd_text\">\n";
responseStream << "\t\t\t\tDeine Anmeldung wird verarbeitet und es wird dir eine E-Mail zugeschickt. \n";
@ -86,41 +97,31 @@ void RegisterPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Ne
responseStream << "\t\t\t</div>\n";
responseStream << "\t\t</div>\n";
responseStream << "\t";
#line 68 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
#line 78 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
} else { responseStream << "\n";
responseStream << "\t<form method=\"POST\">\n";
responseStream << "\t\n";
responseStream << "\t\t";
#line 71 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
if(!form.empty() && !userReturned) { responseStream << "\n";
responseStream << "\t\t\t";
#line 72 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
responseStream << ( session->getErrorsHtml() );
responseStream << "\n";
responseStream << "\t\t";
#line 73 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
} responseStream << "\n";
responseStream << "\t\t\n";
responseStream << "\t\t<fieldset class=\"grd_container_small\">\n";
responseStream << "\t\t\t<legend>Account anlegen</legend>\n";
responseStream << "\t\t\t<p>Bitte gebe deine Daten um einen Account anzulegen</p>\n";
responseStream << "\t\t\t<p class=\"grd_small\">\n";
responseStream << "\t\t\t\t<label for=\"register-first-name\">Vorname</label>\n";
responseStream << "\t\t\t\t<input id=\"register-first-name\" type=\"text\" name=\"register-first-name\" value=\"";
#line 79 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
#line 86 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
responseStream << ( !form.empty() ? form.get("register-first-name") : "" );
responseStream << "\"/>\n";
responseStream << "\t\t\t</p>\n";
responseStream << "\t\t\t<p class=\"grd_small\">\n";
responseStream << "\t\t\t\t<label for=\"register-last-name\">Nachname</label>\n";
responseStream << "\t\t\t\t<input id=\"register-last-name\" type=\"text\" name=\"register-last-name\" value=\"";
#line 83 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
#line 90 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
responseStream << ( !form.empty() ? form.get("register-last-name") : "" );
responseStream << "\"/>\n";
responseStream << "\t\t\t</p>\n";
responseStream << "\t\t\t<p class=\"grd_small\">\n";
responseStream << "\t\t\t\t<label for=\"register-email\">E-Mail</label>\n";
responseStream << "\t\t\t\t<input id=\"register-email\" type=\"email\" name=\"register-email\" value=\"";
#line 87 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
#line 94 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
responseStream << ( !form.empty() ? form.get("register-email") : "" );
responseStream << "\"/>\n";
responseStream << "\t\t\t</p>\n";
@ -137,13 +138,13 @@ void RegisterPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Ne
responseStream << "\t\t\n";
responseStream << "\t</form>\n";
responseStream << "\t";
#line 101 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
#line 108 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
} responseStream << "\n";
responseStream << "</div>\n";
responseStream << "<div class=\"grd-time-used\">\n";
responseStream << "\t";
#line 104 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
responseStream << ( timeUsed.string() );
#line 111 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
responseStream << ( mTimeProfiler.string() );
responseStream << "\n";
responseStream << "</div>\n";
responseStream << "</body>\n";

5
src/cpp/HTTPInterface/RegisterPage.h
View File

@ -5,7 +5,10 @@
#include "Poco/Net/HTTPRequestHandler.h"
class RegisterPage: public Poco::Net::HTTPRequestHandler
#include "PageRequestMessagedHandler.h"
class RegisterPage: public PageRequestMessagedHandler
{
public:
void handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net::HTTPServerResponse& response);

31
src/cpp/HTTPInterface/SaveKeysPage.cpp
View File

@ -35,11 +35,12 @@ void SaveKeysPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Ne
Poco::Net::HTMLForm form(request, request.stream());
#line 19 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp"
Profiler timeUsed;
bool hasErrors = mSession->errorCount() > 0;
// crypto key only in memory, if user has tipped in his passwort in this session
bool hasPassword = mSession->getUser()->hasCryptoKey();
PageState state = PAGE_ASK;
auto uri_start = request.serverParams().getServerName();
if(!form.empty()) {
// privkey
@ -51,7 +52,7 @@ void SaveKeysPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Ne
auto pwd = form.get("save-privkey-password", "");
if(!mSession->isPwdValid(pwd)) {
mSession->addError(new Error("Passwort", "Das Passwort stimmt nicht. Bitte verwende dein Passwort von der Registrierung"));
addError(new Error("Passwort", "Das Passwort stimmt nicht. Bitte verwende dein Passwort von der Registrierung"));
hasErrors = true;
} else {
savePrivkey = true;
@ -70,8 +71,8 @@ void SaveKeysPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Ne
hasErrors = true;
} else if(mSession->getSessionState() >= SESSION_STATE_KEY_PAIR_GENERATED) {
state = PAGE_SHOW_PUBKEY;
auto uri_start = request.serverParams().getServerName();
printf("uri_start: %s\n", uri_start.data());
//printf("uri_start: %s\n", uri_start.data());
//response.redirect(uri_start + "/");
} else {
state = PAGE_ERROR;
@ -80,6 +81,7 @@ void SaveKeysPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Ne
printf("SaveKeysPage: hasErrors: %d, session state: %d, target state: %d\n",
hasErrors, mSession->getSessionState(), SESSION_STATE_KEY_PAIR_GENERATED);
}
getErrors(mSession);
std::ostream& _responseStream = response.send();
Poco::DeflatingOutputStream _gzipStream(_responseStream, Poco::DeflatingStreamBuf::STREAM_GZIP, 1);
std::ostream& responseStream = _compressResponse ? _gzipStream : _responseStream;
@ -111,18 +113,12 @@ void SaveKeysPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Ne
responseStream << "</head>\n";
responseStream << "<body>\n";
responseStream << "<div class=\"grd_container\">\n";
responseStream << "\t";
#line 93 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp"
if(hasErrors) { responseStream << "\n";
responseStream << "\t\t";
#line 94 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp"
responseStream << ( mSession->getErrorsHtml() );
responseStream << "\n";
responseStream << "\t";
#line 95 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp"
} responseStream << "\n";
responseStream << "\t<h1>Daten speichern</h1>\n";
responseStream << "\t";
#line 96 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp"
responseStream << ( getErrorsHtml() );
responseStream << "\n";
responseStream << "\t";
#line 97 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp"
if(state == PAGE_ASK) { responseStream << "\n";
responseStream << "\t<form method=\"POST\">\n";
@ -182,7 +178,10 @@ void SaveKeysPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Ne
responseStream << ( mSession->getUser()->getPublicKeyHex() );
responseStream << "\n";
responseStream << "\t\t\t</p>\n";
responseStream << "\t\t\t<a class=\"grd_bn\" href=\"../\">Zur&uuml;ck zur Startseite</a>\n";
responseStream << "\t\t\t<a class=\"grd_bn\" href=\"";
#line 146 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp"
responseStream << ( uri_start );
responseStream << "/\">Zur&uuml;ck zur Startseite</a>\n";
responseStream << "\t\t</div>\n";
responseStream << "\t";
#line 148 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp"
@ -201,7 +200,7 @@ void SaveKeysPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Ne
responseStream << "<div class=\"grd-time-used\">\n";
responseStream << "\t";
#line 156 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp"
responseStream << ( timeUsed.string() );
responseStream << ( mTimeProfiler.string() );
responseStream << "\n";
responseStream << "</div>\n";
responseStream << "</body>\n";

4
src/cpp/HTTPInterface/SessionHTTPRequestHandler.h
View File

@ -2,10 +2,10 @@
#define SESSION_HTTP_REQUEST_HANDLER_INCLUDED
#include "../model/Session.h"
#include "Poco/Net/HTTPRequestHandler.h"
#include "PageRequestMessagedHandler.h"
class SessionHTTPRequestHandler : public Poco::Net::HTTPRequestHandler
class SessionHTTPRequestHandler : public PageRequestMessagedHandler
{
public:
SessionHTTPRequestHandler(Session* session) : mSession(session) {}

25
src/cpp/HTTPInterface/UpdateUserPasswordPage.cpp
View File

@ -9,7 +9,6 @@
#include "../SingletonManager/SessionManager.h"
#include "Poco/Net/HTTPCookie.h"
#include "../model/Profiler.h"
UpdateUserPasswordPage::UpdateUserPasswordPage(Session* arg):
@ -26,10 +25,12 @@ void UpdateUserPasswordPage::handleRequest(Poco::Net::HTTPServerRequest& request
if (_compressResponse) response.set("Content-Encoding", "gzip");
Poco::Net::HTMLForm form(request, request.stream());
#line 11 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\UpdateUserPassword.cpsp"
#line 10 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\UpdateUserPassword.cpsp"
Profiler timeUsed;
auto user = mSession->getUser();
auto sm = SessionManager::getInstance();
// remove old cookies if exist
sm->deleteLoginCookies(request, response, mSession);
// save login cookie, because maybe we've get an new session
response.addCookie(mSession->getLoginCookie());
@ -48,6 +49,8 @@ void UpdateUserPasswordPage::handleRequest(Poco::Net::HTTPServerRequest& request
}
}
}
getErrors(mSession);
getErrors(user);
std::ostream& _responseStream = response.send();
Poco::DeflatingOutputStream _gzipStream(_responseStream, Poco::DeflatingStreamBuf::STREAM_GZIP, 1);
std::ostream& responseStream = _compressResponse ? _gzipStream : _responseStream;
@ -94,15 +97,11 @@ void UpdateUserPasswordPage::handleRequest(Poco::Net::HTTPServerRequest& request
responseStream << "</head>\n";
responseStream << "<body>\n";
responseStream << "<div class=\"grd_container\">\n";
responseStream << "\t";
#line 75 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\UpdateUserPassword.cpsp"
responseStream << ( mSession->getErrorsHtml() );
responseStream << "\n";
responseStream << "\t";
#line 76 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\UpdateUserPassword.cpsp"
responseStream << ( user->getErrorsHtml() );
responseStream << " \n";
responseStream << "\t<h1>Passwort bestimmen</h1>\n";
responseStream << "\t";
#line 79 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\UpdateUserPassword.cpsp"
responseStream << ( getErrorsHtml() );
responseStream << "\n";
responseStream << "\t<form method=\"POST\">\t\n";
responseStream << "\t\t<fieldset class=\"grd_container_small\">\n";
responseStream << "\t\t\t<div class=\"grd_text\">\n";
@ -123,8 +122,8 @@ void UpdateUserPasswordPage::handleRequest(Poco::Net::HTTPServerRequest& request
responseStream << "</div>\n";
responseStream << "<div class=\"grd-time-used\">\n";
responseStream << "\t";
#line 97 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\UpdateUserPassword.cpsp"
responseStream << ( timeUsed.string() );
#line 99 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\UpdateUserPassword.cpsp"
responseStream << ( mTimeProfiler.string() );
responseStream << "\n";
responseStream << "</div>\n";
responseStream << "</body>\n";

63
src/cpp/SingletonManager/SessionManager.cpp
View File

@ -151,20 +151,21 @@ Session* SessionManager::getNewSession(int* handle)
if (handle) {
*handle = newHandle;
}
printf("[SessionManager::getNewSession] handle: %ld, sum: %u\n", newHandle, mRequestSessionMap.size());
return requestSession;
//return nullptr;
}
bool SessionManager::releseSession(int requestHandleSession)
bool SessionManager::releaseSession(int requestHandleSession)
{
if (!mInitalized) {
printf("[SessionManager::%s] not initialized any more\n", __FUNCTION__);
return false;
}
mWorkingMutex.lock();
auto it = mRequestSessionMap.find(requestHandleSession);
if (it == mRequestSessionMap.end()) {
printf("[SessionManager::releaseRequestSession] requestSession with handle: %d not found\n", requestHandleSession);
@ -177,6 +178,7 @@ bool SessionManager::releseSession(int requestHandleSession)
// change request handle we don't want session hijacking
int newHandle = generateNewUnusedHandle();
//printf("[SessionManager::releseSession] oldHandle: %ld, newHandle: %ld\n", requestHandleSession, newHandle);
// erase after generating new number to prevent to getting the same number again
mRequestSessionMap.erase(requestHandleSession);
@ -206,25 +208,52 @@ bool SessionManager::isExist(int requestHandleSession)
auto it = mRequestSessionMap.find(requestHandleSession);
if (it != mRequestSessionMap.end()) {
result = true;
if (!it->second->isActive()) {
printf("[SessionManager::isExist] session isn't active\n");
}
}
mWorkingMutex.unlock();
return result;
}
Session* SessionManager::getSession(const Poco::Net::HTTPServerRequest& request)
{
// check if user has valid session
Poco::Net::NameValueCollection cookies;
request.getCookies(cookies);
int session_id = 0;
try {
session_id = atoi(cookies.get("GRADIDO_LOGIN").data());
return getSession(session_id);
}
catch (...) {}
return nullptr;
}
Session* SessionManager::getSession(int handle)
{
if (!mInitalized) {
printf("[SessionManager::%s] not initialized any more\n", __FUNCTION__);
return nullptr;
}
if (0 == handle) return nullptr;
Session* result = nullptr;
mWorkingMutex.lock();
auto it = mRequestSessionMap.find(handle);
if (it != mRequestSessionMap.end()) {
result = it->second;
result->setActive(true);
if (!result->isActive()) {
//printf("[SessionManager::getSession] session isn't active\n");
mWorkingMutex.unlock();
return nullptr;
}
//result->setActive(true);
result->updateTimeout();
}
printf("[SessionManager::getSession] handle: %ld\n", handle);
mWorkingMutex.unlock();
return result;
}
@ -263,11 +292,37 @@ void SessionManager::checkTimeoutSession()
while (toRemove.size() > 0) {
int handle = toRemove.top();
toRemove.pop();
releseSession(handle);
releaseSession(handle);
}
}
void SessionManager::deleteLoginCookies(Poco::Net::HTTPServerRequest& request, Poco::Net::HTTPServerResponse& response, Session* activeSession/* = nullptr*/)
{
Poco::Net::NameValueCollection cookies;
request.getCookies(cookies);
// go from first login cookie
for (auto it = cookies.find("GRADIDO_LOGIN"); it != cookies.end(); it++) {
// break if no login any more
if (it->first != "GRADIDO_LOGIN") break;
// skip if it is from the active session
if (activeSession) {
try {
int session_id = atoi(it->second.data());
if (session_id == activeSession->getHandle()) continue;
}
catch (...) {}
}
// delete cookie
auto keks = Poco::Net::HTTPCookie("GRADIDO_LOGIN", it->second);
// max age of 0 delete cookie
keks.setMaxAge(0);
response.addCookie(keks);
}
//session_id = atoi(cookies.get("GRADIDO_LOGIN").data());
}
bool SessionManager::checkPwdValidation(const std::string& pwd, ErrorList* errorReciver)
{
if (!isValid(pwd, VALIDATE_PASSWORD)) {

14
src/cpp/SingletonManager/SessionManager.h
View File

@ -14,6 +14,8 @@
#include "../model/Session.h"
#include "Poco/RegularExpression.h"
#include "Poco/Net/HTTPServerRequest.h"
#include "Poco/Net/HTTPServerResponse.h"
#include <mutex>
#include <map>
@ -40,14 +42,17 @@ public:
static SessionManager* getInstance();
Session* getNewSession(int* handle = nullptr);
inline bool releseSession(Session* requestSession) {
return releseSession(requestSession->getHandle());
inline bool releaseSession(Session* requestSession) {
return releaseSession(requestSession->getHandle());
}
bool releseSession(int requestHandleSession);
bool releaseSession(int requestHandleSession);
bool isExist(int requestHandleSession);
// try to find existing session, return nullptr if not found
Session* getSession(int handle);
Session* getSession(const Poco::Net::HTTPServerRequest& request);
Session* findByEmailVerificationCode(long long emailVerificationCode);
bool init();
@ -59,6 +64,9 @@ public:
void checkTimeoutSession();
// delete all current active login cookies
void deleteLoginCookies(Poco::Net::HTTPServerRequest& request, Poco::Net::HTTPServerResponse& response, Session* activeSession = nullptr);
protected:
SessionManager();

29
src/cpp/model/EmailVerificationCode.cpp
View File

@ -57,4 +57,31 @@ Poco::Data::Statement EmailVerificationCode::loadFromDB(Poco::Data::Session sess
, into(mUserId), into(mEmailVerificationCode);
return select;
}
}
/*
Poco::Data::Statement select(session);
int email_checked = 0;
select << "SELECT email, first_name, last_name, password, pubkey, email_checked from users where id = ?",
into(mEmail), into(mFirstName), into(mLastName), into(mPasswordHashed), into(pubkey), into(email_checked), use(user_id);
try {
auto result = select.execute();
int zahl = 1;
if (result == 1) {
if (!pubkey.isNull()) {
auto pubkey_value = pubkey.value();
size_t hexSize = pubkey_value.size() * 2 + 1;
char* hexString = (char*)malloc(hexSize);
memset(hexString, 0, hexSize);
sodium_bin2hex(hexString, hexSize, pubkey_value.content().data(), pubkey_value.size());
mPublicHex = hexString;
free(hexString);
}
if (email_checked != 0) mEmailChecked = true;
}
}
catch (Poco::Exception& ex) {
addError(new ParamError("User::User", "mysql error", ex.displayText().data()));
}
*/

1
src/cpp/model/ModelBase.h
View File

@ -20,6 +20,7 @@ public:
virtual Poco::Data::Statement insertIntoDB(Poco::Data::Session session) = 0;
virtual Poco::Data::Statement updateIntoDB(Poco::Data::Session session) = 0;
virtual Poco::Data::Statement loadFromDB(Poco::Data::Session session, std::string& fieldName) = 0;
virtual bool executeLoadFromDB(Poco::Data::Statement select) { return select.execute() == 1; };
inline void setID(int id) { lock(); mID = id; unlock(); }
inline int getID() { lock(); int id = mID; unlock(); return id; }

30
src/cpp/model/Session.cpp
View File

@ -284,26 +284,32 @@ bool Session::isPwdValid(const std::string& pwd)
return false;
}
bool Session::loadUser(const std::string& email, const std::string& password)
UserStates Session::loadUser(const std::string& email, const std::string& password)
{
//Profiler usedTime;
if (email == "" || password == "") {
addError(new Error("Login", "Benutzernamen und Passwort m&uuml;ssen angegeben werden!"));
return false;
}
lock();
if (mSessionUser) mSessionUser = nullptr;
mSessionUser = new User(email.data());
if (!mSessionUser->validatePwd(password, this)) {
if (mSessionUser->getUserState() == USER_LOADED_FROM_DB) {
if (!mSessionUser->validatePwd(password, this)) {
return USER_PASSWORD_INCORRECT;
}
}
/*if (!mSessionUser->validatePwd(password, this)) {
addError(new Error("Login", "E-Mail oder Passwort nicht korrekt, bitte versuche es erneut!"));
unlock();
return false;
}
if (!mSessionUser->isEmailChecked()) {
addError(new Error("Account", "E-Mail Adresse wurde noch nicht best&auml;tigt, hast du schon eine E-Mail erhalten?"));
unlock();
return false;
}
}*/
detectSessionState();
unlock();
return true;
return mSessionUser->getUserState();
}
bool Session::deleteUser()
@ -337,11 +343,13 @@ void Session::detectSessionState()
if (!mSessionUser || !mSessionUser->hasCryptoKey()) {
return;
}
UserStates userState = mSessionUser->getUserState();
/*
if (mSessionUser->getDBId() == 0) {
updateState(SESSION_STATE_CRYPTO_KEY_GENERATED);
return;
}
if (!mSessionUser->isEmailChecked()) {
}*/
if (userState <= USER_EMAIL_NOT_ACTIVATED) {
if (mEmailVerificationCode == 0) {
auto dbConnection = ConnectionManager::getInstance()->getConnection(CONNECTION_MYSQL_LOGIN_SERVER);
@ -364,7 +372,7 @@ void Session::detectSessionState()
return;
}
if (mSessionUser->getPublicKeyHex() == "") {
if (USER_NO_KEYS == userState) {
auto dbConnection = ConnectionManager::getInstance()->getConnection(CONNECTION_MYSQL_LOGIN_SERVER);
Poco::Data::Statement select(dbConnection);

8
src/cpp/model/Session.h
View File

@ -54,7 +54,9 @@ public:
// TODO: register state: written into db, mails sended, update state only if new state is higher as old state
bool createUser(const std::string& first_name, const std::string& last_name, const std::string& email, const std::string& password);
// TODO: check if email exist and if not, fake waiting on password hashing with profiled times of real password hashing
bool loadUser(const std::string& email, const std::string& password);
UserStates loadUser(const std::string& email, const std::string& password);
inline void setUser(Poco::AutoPtr<User> user) { mSessionUser = user; }
bool deleteUser();
@ -88,8 +90,8 @@ public:
inline Poco::UInt64 getEmailVerificationCode() { return mEmailVerificationCode; }
inline bool isActive() const { return mActive; }
inline void setActive(bool active) { mActive = active; }
inline bool isActive() { bool bret = false; lock(); bret = mActive; unlock(); return bret; }
inline void setActive(bool active) { lock(); mActive = active; unlock(); }
inline Poco::DateTime getLastActivity() { return mLastActivity; }

134
src/cpp/model/User.cpp
View File

@ -14,7 +14,7 @@
using namespace Poco::Data::Keywords;
//#define DEBUG_USER_DELETE_ENV
#define DEBUG_USER_DELETE_ENV
// -------------------------------------------------------------------------------------------------
@ -157,37 +157,45 @@ UserWriteCryptoKeyHashIntoDB::UserWriteCryptoKeyHashIntoDB(Poco::AutoPtr<User> u
int UserWriteCryptoKeyHashIntoDB::run()
{
mUser->updateIntoDB("password");
mUser->updateIntoDB(USER_FIELDS_PASSWORD);
return 0;
}
// *******************************************************************************
// new user
User::User(const char* email, const char* first_name, const char* last_name)
: mDBId(0), mEmail(email), mFirstName(first_name), mLastName(last_name), mPasswordHashed(0), mEmailChecked(false), mCryptoKey(nullptr),
mReferenceCount(1)
: mState(USER_EMPTY), mDBId(0), mEmail(email), mFirstName(first_name), mLastName(last_name), mPasswordHashed(0), mPrivateKey(nullptr), mEmailChecked(false), mCryptoKey(nullptr),
mReferenceCount(1)
{
}
// load from db
User::User(const char* email)
: mDBId(0), mEmail(email), mPasswordHashed(0), mEmailChecked(false), mCryptoKey(nullptr), mReferenceCount(1)
: mState(USER_EMPTY), mDBId(0), mEmail(email), mPasswordHashed(0), mPrivateKey(nullptr), mEmailChecked(false), mCryptoKey(nullptr), mReferenceCount(1)
{
//crypto_shorthash(mPasswordHashed, (const unsigned char*)password, strlen(password), *ServerConfig::g_ServerCryptoKey);
//memset(mPasswordHashed, 0, crypto_shorthash_BYTES);
auto cm = ConnectionManager::getInstance();
auto session = cm->getConnection(CONNECTION_MYSQL_LOGIN_SERVER);
Poco::Nullable<Poco::Data::BLOB> pubkey;
Poco::Nullable<Poco::Data::BLOB> pubkey;
Poco::Nullable<Poco::Data::BLOB> privkey;
Poco::Data::Statement select(session);
int email_checked = 0;
select << "SELECT id, first_name, last_name, password, pubkey, email_checked from users where email = ?",
into(mDBId), into(mFirstName), into(mLastName), into(mPasswordHashed), into(pubkey), into(email_checked), use(mEmail);
select << "SELECT id, first_name, last_name, password, pubkey, privkey, email_checked from users where email = ?",
into(mDBId), into(mFirstName), into(mLastName), into(mPasswordHashed), into(pubkey), into(privkey), into(email_checked), use(mEmail);
try {
auto result = select.execute();
int zahl = 1;
if (result == 1) {
mState = USER_LOADED_FROM_DB;
if (email_checked == 0) { mState = USER_EMAIL_NOT_ACTIVATED;}
else if (pubkey.isNull()) { mState = USER_NO_KEYS;}
else if (privkey.isNull()) { mState = USER_NO_PRIVATE_KEY; }
else { mState = USER_COMPLETE;}
mEmailChecked = email_checked == 1;
if (!pubkey.isNull()) {
auto pubkey_value = pubkey.value();
size_t hexSize = pubkey_value.size() * 2 + 1;
@ -197,7 +205,12 @@ User::User(const char* email)
mPublicHex = hexString;
free(hexString);
}
if (email_checked != 0) mEmailChecked = true;
if (!privkey.isNull()) {
auto privkey_value = privkey.value();
mPrivateKey = new ObfusArray(privkey_value.size(), privkey_value.content().data());
}
}
} catch(Poco::Exception& ex) {
addError(new ParamError("User::User", "mysql error", ex.displayText().data()));
@ -205,21 +218,29 @@ User::User(const char* email)
}
User::User(int user_id)
: mDBId(user_id), mPasswordHashed(0), mEmailChecked(false), mCryptoKey(nullptr), mReferenceCount(1)
: mState(USER_EMPTY), mDBId(user_id), mPasswordHashed(0), mPrivateKey(nullptr), mEmailChecked(false), mCryptoKey(nullptr), mReferenceCount(1)
{
auto cm = ConnectionManager::getInstance();
auto session = cm->getConnection(CONNECTION_MYSQL_LOGIN_SERVER);
Poco::Nullable<Poco::Data::BLOB> pubkey;
Poco::Nullable<Poco::Data::BLOB> privkey;
Poco::Data::Statement select(session);
int email_checked = 0;
select << "SELECT email, first_name, last_name, password, pubkey, email_checked from users where id = ?",
into(mEmail), into(mFirstName), into(mLastName), into(mPasswordHashed), into(pubkey), into(email_checked), use(user_id);
select << "SELECT email, first_name, last_name, password, pubkey, privkey, email_checked from users where id = ?",
into(mEmail), into(mFirstName), into(mLastName), into(mPasswordHashed), into(pubkey), into(privkey), into(email_checked), use(user_id);
try {
auto result = select.execute();
int zahl = 1;
if (result == 1) {
mState = USER_LOADED_FROM_DB;
if (email_checked == 0) { mState = USER_EMAIL_NOT_ACTIVATED; }
else if (pubkey.isNull()) { mState = USER_NO_KEYS; }
else if (privkey.isNull()) { mState = USER_NO_PRIVATE_KEY; }
else { mState = USER_COMPLETE; }
mEmailChecked = email_checked == 1;
if (!pubkey.isNull()) {
auto pubkey_value = pubkey.value();
size_t hexSize = pubkey_value.size() * 2 + 1;
@ -229,7 +250,10 @@ User::User(int user_id)
mPublicHex = hexString;
free(hexString);
}
if (email_checked != 0) mEmailChecked = true;
if (!privkey.isNull()) {
auto privkey_value = privkey.value();
mPrivateKey = new ObfusArray(privkey_value.size(), privkey_value.content().data());
}
}
}
catch (Poco::Exception& ex) {
@ -248,6 +272,10 @@ User::~User()
delete mCryptoKey;
mCryptoKey = nullptr;
}
if (mPrivateKey) {
delete mPrivateKey;
mPrivateKey = nullptr;
}
}
@ -310,40 +338,80 @@ bool User::validatePassphrase(const std::string& passphrase)
bool User::isEmptyPassword()
{
return mPasswordHashed == 0 && (mCreateCryptoKeyTask.isNull() || mCreateCryptoKeyTask->isTaskFinished());
bool bRet = false;
lock();
bRet = mPasswordHashed == 0 && (mCreateCryptoKeyTask.isNull() || mCreateCryptoKeyTask->isTaskFinished());
unlock();
return bRet;
}
UserStates User::getUserState()
{
UserStates state;
lock();
state = mState;
unlock();
return state;
}
// TODO: if a password and privkey already exist, load current private key and re encrypt with new crypto key
bool User::setNewPassword(const std::string& newPassword)
{
if (newPassword == "") {
lock();
addError(new Error("Passwort", "Ist leer."));
unlock();
return false;
}
if (!mCreateCryptoKeyTask.isNull() && !mCreateCryptoKeyTask->isTaskFinished()) {
lock();
addError(new Error("Passwort", "Wird bereits erstellt, bitte in ca. 1 sekunde neuladen."));
unlock();
return false;
}
duplicate();
lock();
mCreateCryptoKeyTask = new UserCreateCryptoKey(this, newPassword, ServerConfig::g_CPUScheduler);
mCreateCryptoKeyTask->scheduleTask(mCreateCryptoKeyTask);
unlock();
duplicate();
UniLib::controller::TaskPtr savePassword(new UserWriteCryptoKeyHashIntoDB(this, 1));
savePassword->setParentTaskPtrInArray(mCreateCryptoKeyTask, 0);
savePassword->scheduleTask(savePassword);
unlock();
return true;
}
void User::setEmailChecked()
{
lock();
mEmailChecked = true;
if (mState <= USER_EMAIL_NOT_ACTIVATED) {
if (mPublicHex == "") {
mState = USER_NO_KEYS;
}
else if (!mPrivateKey) {
mState = USER_NO_PRIVATE_KEY;
}
else {
mState = USER_COMPLETE;
}
}
unlock();
}
bool User::validatePwd(const std::string& pwd, ErrorList* validationErrorsToPrint)
{
auto cmpCryptoKey = createCryptoKey(pwd);
if (sizeof(User::passwordHashed) != crypto_shorthash_BYTES) {
throw Poco::Exception("crypto_shorthash_BYTES != sizeof(User::passwordHashed)");
}
User::passwordHashed pwdHashed;
crypto_shorthash((unsigned char*)&pwdHashed, *cmpCryptoKey, crypto_box_SEEDBYTES, *ServerConfig::g_ServerCryptoKey);
lock();
if (pwdHashed == mPasswordHashed) {
if (!mCryptoKey) {
mCryptoKey = cmpCryptoKey;
@ -351,11 +419,12 @@ bool User::validatePwd(const std::string& pwd, ErrorList* validationErrorsToPrin
else {
delete cmpCryptoKey;
}
unlock();
return true;
}
delete cmpCryptoKey;
unlock();
return false;
}
@ -386,10 +455,13 @@ bool User::deleteFromDB()
}
try {
lock();
auto result = deleteFromDB.execute();
unlock();
//printf("[User::deleteFromDB] %s deleted: %d\n", tables[i].data(), result);
}
catch (Poco::Exception& ex) {
unlock();
em->addError(new ParamError("[User::deleteFromDB]", "error deleting user tables", ex.displayText().data()));
em->sendErrorsAsEmail();
//return false;
@ -412,6 +484,9 @@ void User::duplicate()
void User::release()
{
if (!mCreateCryptoKeyTask.isNull() && mCreateCryptoKeyTask->isTaskFinished()) {
mCreateCryptoKeyTask = nullptr;
}
mWorkingMutex.lock();
mReferenceCount--;
#ifdef DEBUG_USER_DELETE_ENV
@ -436,7 +511,9 @@ ObfusArray* User::createCryptoKey(const std::string& password)
sha_context context_sha512;
//unsigned char* hash512 = (unsigned char*)malloc(SHA_512_SIZE);
if (SHA_512_SIZE < crypto_pwhash_SALTBYTES) {
lock();
addError(new Error(__FUNCTION__, "sha512 is to small for libsodium pwhash saltbytes"));
unlock();
return nullptr;
}
@ -450,7 +527,9 @@ ObfusArray* User::createCryptoKey(const std::string& password)
unsigned char* key = (unsigned char *)malloc(crypto_box_SEEDBYTES); // 32U
if (crypto_pwhash(key, crypto_box_SEEDBYTES, password.data(), password.size(), hash512_salt, 10U, 33554432, 2) != 0) {
lock();
addError(new ParamError(__FUNCTION__, " error creating pwd hash, maybe to much memory requestet? error:", strerror(errno)));
unlock();
//printf("[User::%s] error creating pwd hash, maybe to much memory requestet? error: %s\n", __FUNCTION__, strerror(errno));
//printf("pwd: %s\n", pwd);
return nullptr;
@ -551,30 +630,33 @@ Poco::Data::Statement User::insertIntoDB(Poco::Data::Session session)
return insert;
}
bool User::updateIntoDB(const char* fieldName)
bool User::updateIntoDB(UserFields fieldType)
{
if (mDBId == 0) {
addError(new Error("User::updateIntoDB", "user id is zero"));
return false;
}
if (strcmp(fieldName, "password") == 0 && mPasswordHashed != 0) {
if (USER_FIELDS_PASSWORD == fieldType || USER_FIELDS_EMAIL_CHECKED == fieldType) {
auto session = ConnectionManager::getInstance()->getConnection(CONNECTION_MYSQL_LOGIN_SERVER);
Poco::Data::Statement update(session);
// UPDATE `table_name` SET `column_name` = `new_value' [WHERE condition];
update << "UPDATE users SET password = ? where id = ?",
use(mPasswordHashed), use(mDBId);
if (USER_FIELDS_PASSWORD == fieldType) {
update << "UPDATE users SET password = ? where id = ?",
use(mPasswordHashed), use(mDBId);
}
else if (USER_FIELDS_EMAIL_CHECKED == fieldType) {
update << "UPDATE users SET email_checked = ? where id = ?",
use(mEmailChecked), use(mDBId);
}
try {
if (update.execute() == 1) return true;
addError(new ParamError("User::updateIntoDB", "update not affected 1 rows", fieldName));
addError(new ParamError("User::updateIntoDB", "update not affected 1 rows", fieldType));
}
catch (Poco::Exception& ex) {
auto em = ErrorManager::getInstance();
em->addError(new ParamError("User::updateIntoDB", "mysql error", ex.displayText().data()));
em->sendErrorsAsEmail();
}
}
return false;

50
src/cpp/model/User.h
View File

@ -3,7 +3,7 @@
#include "../Crypto/KeyPair.h"
#include <string>
#include "ErrorList.h"
#include "ModelBase.h"
#include "Poco/Thread.h"
#include "Poco/Types.h"
@ -17,6 +17,26 @@ class Session;
class UserWriteCryptoKeyHashIntoDB;
enum UserStates
{
USER_EMPTY,
USER_LOADED_FROM_DB,
USER_PASSWORD_INCORRECT,
USER_EMAIL_NOT_ACTIVATED,
USER_NO_KEYS,
USER_NO_PRIVATE_KEY,
USER_COMPLETE
};
enum UserFields
{
USER_FIELDS_ID,
USER_FIELDS_FIRST_NAME,
USER_FIELDS_LAST_NAME,
USER_FIELDS_PASSWORD,
USER_FIELDS_EMAIL_CHECKED
};
class User : public ErrorList
{
friend NewUser;
@ -51,17 +71,20 @@ public:
inline const char* getFirstName() const { return mFirstName.data(); }
inline const char* getLastName() const { return mLastName.data(); }
inline int getDBId() const { return mDBId; }
inline void setEmailChecked() { mEmailChecked = true; }
inline bool isEmailChecked() { return mEmailChecked; }
inline std::string getPublicKeyHex() { lock(); std::string pubkeyHex = mPublicHex; unlock(); return pubkeyHex; }
inline void setPublicKeyHex(const std::string& publicKeyHex) { lock(); mPublicHex = publicKeyHex; unlock(); }
UserStates getUserState();
void setEmailChecked();
bool isEmptyPassword();
bool setNewPassword(const std::string& newPassword);
bool validatePwd(const std::string& pwd, ErrorList* validationErrorsToPrint);
Poco::Data::BLOB* encrypt(const ObfusArray* data);
// for poco auto ptr
void duplicate();
void release();
@ -71,10 +94,10 @@ protected:
ObfusArray* createCryptoKey(const std::string& password);
inline void setCryptoKey(ObfusArray* cryptoKey) { lock(); mCryptoKey = cryptoKey; unlock(); }
void detectState();
Poco::Data::Statement insertIntoDB(Poco::Data::Session session);
bool updateIntoDB(const char* fieldName);
bool updateIntoDB(UserFields fieldType);
inline passwordHashed getPwdHashed() { lock(); auto ret = mPasswordHashed; unlock(); return ret; }
inline void setPwdHashed(passwordHashed pwdHashed) { lock(); mPasswordHashed = pwdHashed; unlock(); }
@ -84,16 +107,27 @@ protected:
private:
UserStates mState;
// ************************* DB FIELDS ******************************
int mDBId;
std::string mEmail;
std::string mFirstName;
std::string mLastName;
passwordHashed mPasswordHashed;
bool mEmailChecked;
// crypto key as obfus array
ObfusArray* mCryptoKey;
std::string mPublicHex;
ObfusArray* mPrivateKey;
// TODO: insert created if necessary
bool mEmailChecked;
// ************************ DB FIELDS END ******************************
// crypto key as obfus array
// only in memory, if user has typed in password
ObfusArray* mCryptoKey;
Poco::Mutex mWorkingMutex;
// for poco auto ptr

16
src/cpsp/checkEmail.cpsp
View File

@ -5,7 +5,7 @@
<%@ page form="true" %>
<%@ page compressed="true" %>
<%!
#include "../model/Profiler.h"
#include "../SingletonManager/SessionManager.h"
enum PageState
{
@ -14,11 +14,12 @@ enum PageState
};
%>
<%%
Profiler timeUsed;
bool hasErrors = false;
// remove old cookies if exist
auto sm = SessionManager::getInstance();
sm->deleteLoginCookies(request, response, mSession);
PageState state = ASK_VERIFICATION_CODE;
if(mSession) {
hasErrors = mSession->errorCount() > 0;
getErrors(mSession);
if(mSession->getSessionState() < SESSION_STATE_EMAIL_VERIFICATION_SEND) {
state = MAIL_NOT_SEND;
}
@ -53,10 +54,9 @@ label:not(.grd_radio_label) {
</head>
<body>
<div class="grd_container">
<% if(mSession && hasErrors) {%>
<%= mSession->getErrorsHtml() %>
<%} %>
<h1>Einen neuen Account anlegen</h1>
<%= getErrorsHtml() %>
<% if(state == MAIL_NOT_SEND) { %>
<div class="grd_text">
<p>Die E-Mail wurde noch nicht verschickt, bitte habe noch etwas Geduld.</p>
@ -75,7 +75,7 @@ label:not(.grd_radio_label) {
<% } %>
</div>
<div class="grd-time-used">
<%= timeUsed.string() %>
<%= mTimeProfiler.string() %>
</div>
</body>
</html>

11
src/cpsp/dashboard.cpsp
View File

@ -6,15 +6,16 @@
<%@ page compressed="true" %>
<%!
#include "../SingletonManager/SessionManager.h"
#include "../model/Profiler.h"
#include "Poco/Net/HTTPServerParams.h"
%>
<%
Profiler timeUsed;
//Poco::Net::NameValueCollection cookies;
//request.getCookies(cookies);
if(!form.empty()) {
//form.get("email-verification-code")
}
auto uri_start = request.serverParams().getServerName();
%>
<!DOCTYPE html>
<html>
@ -44,11 +45,11 @@
<input class="grd_bn_succeed" type="submit" value="Überprüfe Code">
</form>
<% } %>
<a class="grd_bn" href="logout">Abmelden</a>
<a class="grd_bn" href="user_delete">Account l&ouml;schen</a>
<a class="grd_bn" href="<%= uri_start %>/logout">Abmelden</a>
<a class="grd_bn" href="<%= uri_start %>/user_delete">Account l&ouml;schen</a>
</div>
<div class="grd-time-used">
<%= timeUsed.string() %>
<%= mTimeProfiler.string() %>
</div>
</body>
</html>

64
src/cpsp/login.cpsp
View File

@ -1,5 +1,7 @@
<%@ page class="LoginPage" %>
<%@ page form="true" %>
<%@ page baseClass="PageRequestMessagedHandler" %>
<%@ header include="PageRequestMessagedHandler.h" %>
<%@ page compressed="true" %>
<%!
#include "../SingletonManager/SessionManager.h"
@ -9,28 +11,56 @@
%>
<%%
Profiler timeUsed;
auto session = SessionManager::getInstance()->getNewSession();
auto sm = SessionManager::getInstance();
if(!form.empty()) {
auto email = form.get("login-email", "");
auto password = form.get("login-password", "");
if(session->loadUser(email, password)) {
auto user_host = request.clientAddress().host();
session->setClientIp(user_host);
response.addCookie(session->getLoginCookie());
if(email != "" && password != "") {
auto session = sm->getSession(request);
if(!session) {
session = sm->getNewSession();
auto user_host = request.clientAddress().host();
session->setClientIp(user_host);
response.addCookie(session->getLoginCookie());
}
auto userState = session->loadUser(email, password);
getErrors(session);
auto uri_start = request.serverParams().getServerName();
//response.redirect(uri_start + "/");
response.redirect("./");
return;
switch(userState) {
case USER_EMPTY:
case USER_PASSWORD_INCORRECT:
addError(new Error("Login", "E-Mail oder Passwort nicht korrekt, bitte versuche es erneut!"));
break;
case USER_EMAIL_NOT_ACTIVATED:
// response.redirect(uri_start + "/checkEmail");
session->addError(new Error("Account", "E-Mail Adresse wurde noch nicht best&auml;tigt, hast du schon eine E-Mail erhalten?"));
response.redirect("./checkEmail");
return;
case USER_NO_KEYS:
// response.redirect(uri_start + "/passphrase");
response.redirect("./passphrase");
return;
case USER_NO_PRIVATE_KEY:
case USER_COMPLETE:
// response.redirect(uri_start + "/");
response.redirect("./");
return;
}
} else {
addError(new Error("Login", "Benutzernamen und Passwort m&uuml;ssen angegeben werden!"));
}
} else {
// on enter login page with empty form
// remove old cookies if exist
auto keks = Poco::Net::HTTPCookie("GRADIDO_LOGIN", "");
// max age of 0 delete cookie
keks.setMaxAge(0);
response.addCookie(keks);
}
sm->deleteLoginCookies(request, response);
}
%>
<!DOCTYPE html>
@ -62,7 +92,7 @@ label:not(.grd_radio_label) {
<form method="POST">
<div class="grd_container">
<h1>Login</h1>
<%= session->getErrorsHtml() %>
<%= getErrorsHtml() %>
<fieldset class="grd_container_small">
<legend>Login</legend>
<p>Bitte gebe deine Zugangsdaten ein um dich einzuloggen.</p>
@ -81,8 +111,8 @@ label:not(.grd_radio_label) {
<a href="register">Neuen Account anlegen</a>
</div>
<div class="grd-time-used">
<%= timeUsed.string() %>
<%= mTimeProfiler.string() %>
</div>
</form>
</body>
</html>
</html>

18
src/cpsp/passphrase.cpsp
View File

@ -6,6 +6,8 @@
<%@ page compressed="true" %>
<%!
#include "../model/Profiler.h"
#include "../SingletonManager/SessionManager.h"
enum PageState
{
@ -14,10 +16,11 @@ enum PageState
};
%>
<%%
Profiler timeUsed;
PageState state = PAGE_ASK_PASSPHRASE;
bool hasErrors = mSession->errorCount() > 0;
auto sm = SessionManager::getInstance();
// remove old cookies if exist
sm->deleteLoginCookies(request, response, mSession);
// save login cookie, because maybe we've get an new session
response.addCookie(mSession->getLoginCookie());
@ -34,7 +37,7 @@ enum PageState
state = PAGE_SHOW_PASSPHRASE;
}
else {
mSession->addError(new Error("Merkspruch", "Dieser Merkspruch ist ung&uuml;ltig, bitte &uuml;berpr&uuml;fen oder neu generieren (lassen)."));
addError(new Error("Passphrase", "Diese Passphrase ist ung&uuml;ltig, bitte &uuml;berpr&uuml;fen oder neu generieren (lassen)."));
}
}
else if (registerKeyChoice == "yes") {
@ -46,6 +49,7 @@ enum PageState
state = PAGE_SHOW_PASSPHRASE;
mSession->updateState(SESSION_STATE_PASSPHRASE_SHOWN);
}
getErrors(mSession);
%>
<!DOCTYPE html>
<html>
@ -74,10 +78,8 @@ label:not(.grd_radio_label) {
</head>
<body>
<div class="grd_container">
<% if(mSession && hasErrors) {%>
<%= mSession->getErrorsHtml() %>
<%} %>
<h1>Einen neuen Account anlegen</h1>
<%= getErrorsHtml() %>
<% if(state == PAGE_SHOW_PASSPHRASE) {%>
<div class="grd_text-max-width">
<div class="grd_text">
@ -90,7 +92,7 @@ label:not(.grd_radio_label) {
</div>
<% } else if(state == PAGE_ASK_PASSPHRASE) { %>
<p>Deine E-Mail Adresse wurde erfolgreich bestätigt. </p>
<form method="POST" action="passphrase">
<form method="POST" action="./passphrase">
<fieldset class="grd_container_small">
<legend>Neue Gradido Adresse anlegen / wiederherstellen</legend>
<p>Hast du schonmal ein Gradido Konto besessen?</p>
@ -114,7 +116,7 @@ label:not(.grd_radio_label) {
<% } %>
</div>
<div class="grd-time-used">
<%= timeUsed.string() %>
<%= mTimeProfiler.string() %>
</div>
</body>
</html>

37
src/cpsp/register.cpsp
View File

@ -1,32 +1,42 @@
<%@ page class="RegisterPage" %>
<%@ page form="true" %>
<%@ page compressed="true" %>
<%@ page baseClass="PageRequestMessagedHandler" %>
<%@ header include="PageRequestMessagedHandler.h" %>
<%!
#include "../SingletonManager/SessionManager.h"
#include "Poco/Net/HTTPCookie.h"
#include "../model/Profiler.h"
%>
<%%
Profiler timeUsed;
auto session = SessionManager::getInstance()->getNewSession();
auto sm = SessionManager::getInstance();
bool userReturned = false;
if(!form.empty()) {
if(form.get("register-password2") != form.get("register-password")) {
session->addError(new Error("Passwort", "Passw&ouml;rter sind nicht identisch."));
addError(new Error("Passwort", "Passw&ouml;rter sind nicht identisch."));
} else {
auto session = sm->getSession(request);
if(!session) {
session = sm->getNewSession();
auto user_host = request.clientAddress().host();
session->setClientIp(user_host);
response.addCookie(session->getLoginCookie());
}
userReturned = session->createUser(
form.get("register-first-name"),
form.get("register-last-name"),
form.get("register-email"),
form.get("register-password")
);
getErrors(session);
}
if(userReturned) {
auto user_host = request.clientAddress().host();
session->setClientIp(user_host);
response.addCookie(session->getLoginCookie());
}
} else {
// on enter login page with empty form
// remove old cookies if exist
sm->deleteLoginCookies(request, response);
}
%>
<!DOCTYPE html>
@ -57,8 +67,8 @@ label:not(.grd_radio_label) {
<body>
<div class="grd_container">
<h1>Einen neuen Account anlegen</h1>
<%= getErrorsHtml() %>
<% if(!form.empty() && userReturned) {%>
<div class="grd_text-max-width">
<div class="grd_text">
Deine Anmeldung wird verarbeitet und es wird dir eine E-Mail zugeschickt.
@ -67,10 +77,7 @@ label:not(.grd_radio_label) {
</div>
<% } else { %>
<form method="POST">
<% if(!form.empty() && !userReturned) {%>
<%= session->getErrorsHtml() %>
<%} %>
<fieldset class="grd_container_small">
<legend>Account anlegen</legend>
<p>Bitte gebe deine Daten um einen Account anzulegen</p>
@ -101,7 +108,7 @@ label:not(.grd_radio_label) {
<% } %>
</div>
<div class="grd-time-used">
<%= timeUsed.string() %>
<%= mTimeProfiler.string() %>
</div>
</body>
</html>

18
src/cpsp/saveKeys.cpsp
View File

@ -17,11 +17,12 @@ enum PageState
%>
<%%
Profiler timeUsed;
bool hasErrors = mSession->errorCount() > 0;
// crypto key only in memory, if user has tipped in his passwort in this session
bool hasPassword = mSession->getUser()->hasCryptoKey();
PageState state = PAGE_ASK;
auto uri_start = request.serverParams().getServerName();
if(!form.empty()) {
// privkey
@ -33,7 +34,7 @@ enum PageState
auto pwd = form.get("save-privkey-password", "");
if(!mSession->isPwdValid(pwd)) {
mSession->addError(new Error("Passwort", "Das Passwort stimmt nicht. Bitte verwende dein Passwort von der Registrierung"));
addError(new Error("Passwort", "Das Passwort stimmt nicht. Bitte verwende dein Passwort von der Registrierung"));
hasErrors = true;
} else {
savePrivkey = true;
@ -52,8 +53,8 @@ enum PageState
hasErrors = true;
} else if(mSession->getSessionState() >= SESSION_STATE_KEY_PAIR_GENERATED) {
state = PAGE_SHOW_PUBKEY;
auto uri_start = request.serverParams().getServerName();
printf("uri_start: %s\n", uri_start.data());
//printf("uri_start: %s\n", uri_start.data());
//response.redirect(uri_start + "/");
} else {
state = PAGE_ERROR;
@ -62,6 +63,7 @@ enum PageState
printf("SaveKeysPage: hasErrors: %d, session state: %d, target state: %d\n",
hasErrors, mSession->getSessionState(), SESSION_STATE_KEY_PAIR_GENERATED);
}
getErrors(mSession);
%>
<!DOCTYPE html>
<html>
@ -90,10 +92,8 @@ label:not(.grd_radio_label) {
</head>
<body>
<div class="grd_container">
<% if(hasErrors) {%>
<%= mSession->getErrorsHtml() %>
<%} %>
<h1>Daten speichern</h1>
<%= getErrorsHtml() %>
<% if(state == PAGE_ASK) { %>
<form method="POST">
<fieldset>
@ -143,7 +143,7 @@ label:not(.grd_radio_label) {
<p class="grd_textarea">
<%= mSession->getUser()->getPublicKeyHex() %>
</p>
<a class="grd_bn" href="../">Zur&uuml;ck zur Startseite</a>
<a class="grd_bn" href="<%= uri_start %>/">Zur&uuml;ck zur Startseite</a>
</div>
<% } else if(state == PAGE_ERROR) { %>
<div class="grd_text">
@ -153,7 +153,7 @@ label:not(.grd_radio_label) {
<% } %>
</div>
<div class="grd-time-used">
<%= timeUsed.string() %>
<%= mTimeProfiler.string() %>
</div>
</body>
</html>

12
src/cpsp/updateUserPassword.cpsp
View File

@ -6,11 +6,12 @@
<%!
#include "../SingletonManager/SessionManager.h"
#include "Poco/Net/HTTPCookie.h"
#include "../model/Profiler.h"
%>
<%%
Profiler timeUsed;
auto user = mSession->getUser();
auto sm = SessionManager::getInstance();
// remove old cookies if exist
sm->deleteLoginCookies(request, response, mSession);
// save login cookie, because maybe we've get an new session
response.addCookie(mSession->getLoginCookie());
@ -29,6 +30,8 @@
}
}
}
getErrors(mSession);
getErrors(user);
%>
<!DOCTYPE html>
<html>
@ -72,9 +75,8 @@ label:not(.grd_radio_label) {
</head>
<body>
<div class="grd_container">
<%= mSession->getErrorsHtml() %>
<%= user->getErrorsHtml() %>
<h1>Passwort bestimmen</h1>
<%= getErrorsHtml() %>
<form method="POST">
<fieldset class="grd_container_small">
<div class="grd_text">
@ -94,7 +96,7 @@ label:not(.grd_radio_label) {
</form>
</div>
<div class="grd-time-used">
<%= timeUsed.string() %>
<%= mTimeProfiler.string() %>
</div>
</body>
</html>