diff --git a/src/cpp/Crypto/Obfus_array.cpp b/src/cpp/Crypto/Obfus_array.cpp index b46c29f8c..5c2f63946 100644 --- a/src/cpp/Crypto/Obfus_array.cpp +++ b/src/cpp/Crypto/Obfus_array.cpp @@ -3,7 +3,7 @@ #include #include #include - +/* ObfusArray::ObfusArray(size_t size, const unsigned char * data) : m_arraySize(0), m_offsetSize(0), m_dataSize(size), m_Data(nullptr) { @@ -23,9 +23,18 @@ ObfusArray::ObfusArray(size_t size, const unsigned char * data) memcpy(&m_Data[m_offsetSize], data, size); printf("[ObfusArray] data: %lld\n", (int64_t)m_Data); } +*/ +ObfusArray::ObfusArray(size_t size, const unsigned char * data) + : m_arraySize(64), m_offsetSize(0), m_dataSize(size) +{ + memset(m_Data, 0, m_arraySize); + memcpy(m_Data, data, size); + //printf("[ObfusArray] data: %lld\n", (int64_t)m_Data); +} ObfusArray::~ObfusArray() { + /* printf("[ObfusArray::~ObfusArray] data: %lld\n", (int64_t)m_Data); if (m_Data) { @@ -33,4 +42,5 @@ ObfusArray::~ObfusArray() m_Data = nullptr; } printf("[ObfusArray::~ObfusArray] finish\n"); + */ } \ No newline at end of file diff --git a/src/cpp/Crypto/Obfus_array.h b/src/cpp/Crypto/Obfus_array.h index 421d864c5..8037a7622 100644 --- a/src/cpp/Crypto/Obfus_array.h +++ b/src/cpp/Crypto/Obfus_array.h @@ -17,7 +17,8 @@ private: size_t m_arraySize; size_t m_offsetSize; size_t m_dataSize; - unsigned char* m_Data; + //unsigned char* m_Data; + unsigned char m_Data[64]; }; #endif //GRADIDO_LOGIN_SERVER_CRYPTO_OBFUS_ARRAY \ No newline at end of file diff --git a/src/cpp/HTTPInterface/CheckEmailPage.cpp b/src/cpp/HTTPInterface/CheckEmailPage.cpp index a374574c3..79fa1e3c0 100644 --- a/src/cpp/HTTPInterface/CheckEmailPage.cpp +++ b/src/cpp/HTTPInterface/CheckEmailPage.cpp @@ -7,7 +7,7 @@ #line 7 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp" -#include "../model/Profiler.h" +#include "../SingletonManager/SessionManager.h" enum PageState { @@ -32,11 +32,12 @@ void CheckEmailPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco:: Poco::Net::HTMLForm form(request, request.stream()); #line 16 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp" - Profiler timeUsed; - bool hasErrors = false; + // remove old cookies if exist + auto sm = SessionManager::getInstance(); + sm->deleteLoginCookies(request, response, mSession); PageState state = ASK_VERIFICATION_CODE; if(mSession) { - hasErrors = mSession->errorCount() > 0; + getErrors(mSession); if(mSession->getSessionState() < SESSION_STATE_EMAIL_VERIFICATION_SEND) { state = MAIL_NOT_SEND; } @@ -74,18 +75,13 @@ void CheckEmailPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco:: responseStream << "\n"; responseStream << "\n"; responseStream << "
\n"; - responseStream << "\t"; -#line 56 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp" - if(mSession && hasErrors) { responseStream << "\n"; - responseStream << "\t\t"; -#line 57 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp" - responseStream << ( mSession->getErrorsHtml() ); - responseStream << "\n"; - responseStream << "\t"; -#line 58 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp" -} responseStream << "\n"; + responseStream << "\t\n"; responseStream << "\t

Einen neuen Account anlegen

\n"; responseStream << "\t"; +#line 59 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp" + responseStream << ( getErrorsHtml() ); + responseStream << "\n"; + responseStream << "\t"; #line 60 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp" if(state == MAIL_NOT_SEND) { responseStream << "\n"; responseStream << "\t\t
\n"; @@ -113,7 +109,7 @@ void CheckEmailPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco:: responseStream << "
\n"; responseStream << "\t"; #line 78 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp" - responseStream << ( timeUsed.string() ); + responseStream << ( mTimeProfiler.string() ); responseStream << "\n"; responseStream << "
\n"; responseStream << "\n"; diff --git a/src/cpp/HTTPInterface/DashboardPage.cpp b/src/cpp/HTTPInterface/DashboardPage.cpp index 9a3a1a8af..75709c19e 100644 --- a/src/cpp/HTTPInterface/DashboardPage.cpp +++ b/src/cpp/HTTPInterface/DashboardPage.cpp @@ -8,7 +8,7 @@ #line 7 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp" #include "../SingletonManager/SessionManager.h" -#include "../model/Profiler.h" +#include "Poco/Net/HTTPServerParams.h" DashboardPage::DashboardPage(Session* arg): @@ -31,12 +31,13 @@ void DashboardPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::N responseStream << "\n"; #line 11 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp" - Profiler timeUsed; + //Poco::Net::NameValueCollection cookies; //request.getCookies(cookies); if(!form.empty()) { //form.get("email-verification-code") } + auto uri_start = request.serverParams().getServerName(); responseStream << "\n"; responseStream << "\n"; responseStream << "\n"; @@ -50,23 +51,23 @@ void DashboardPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::N responseStream << "\n"; responseStream << "
\n"; responseStream << "\t

Willkommen "; -#line 30 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp" +#line 31 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp" responseStream << ( mSession->getUser()->getFirstName() ); responseStream << " "; -#line 30 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp" +#line 31 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp" responseStream << ( mSession->getUser()->getLastName() ); responseStream << "

\n"; responseStream << "\t"; -#line 31 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp" +#line 32 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp" responseStream << ( mSession->getErrorsHtml() ); responseStream << "\n"; responseStream << "\t

Status

\n"; responseStream << "\t

"; -#line 33 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp" +#line 34 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp" responseStream << ( mSession->getSessionStateString() ); responseStream << "

\n"; responseStream << "\t"; -#line 34 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp" +#line 35 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp" if(mSession->getSessionState() == SESSION_STATE_EMAIL_VERIFICATION_SEND) { responseStream << "\n"; responseStream << "\t

Verification Code E-Mail wurde erfolgreich an dich verschickt, bitte schaue auch in dein Spam-Verzeichnis nach wenn du sie nicht findest und klicke auf den Link den du dort findest oder kopiere den Code hier her:

\n"; responseStream << "\t
\n"; @@ -74,7 +75,7 @@ void DashboardPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::N responseStream << "\t\t\n"; responseStream << "\t
\n"; responseStream << "\t"; -#line 40 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp" +#line 41 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp" } else if(mSession->getSessionState() == SESSION_STATE_EMAIL_VERIFICATION_WRITTEN) { responseStream << "\n"; responseStream << "\t

Hast du schon eine E-Mail mit einem Verification Code erhalten? Wenn ja kannst du ihn hier hinein kopieren:

\n"; responseStream << "\t
\n"; @@ -82,15 +83,21 @@ void DashboardPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::N responseStream << "\t\t\n"; responseStream << "\t
\n"; responseStream << "\t"; -#line 46 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp" +#line 47 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp" } responseStream << "\n"; - responseStream << "\tAbmelden\n"; - responseStream << "\tAccount löschen\n"; + responseStream << "\tAbmelden\n"; + responseStream << "\tAccount löschen\n"; responseStream << "
\n"; responseStream << "
\n"; responseStream << "\t"; -#line 51 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp" - responseStream << ( timeUsed.string() ); +#line 52 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp" + responseStream << ( mTimeProfiler.string() ); responseStream << "\n"; responseStream << "
\n"; responseStream << "\n"; diff --git a/src/cpp/HTTPInterface/LoginPage.cpp b/src/cpp/HTTPInterface/LoginPage.cpp index 9e7a190f4..39ef2f9ae 100644 --- a/src/cpp/HTTPInterface/LoginPage.cpp +++ b/src/cpp/HTTPInterface/LoginPage.cpp @@ -5,7 +5,7 @@ #include "Poco/DeflatingStream.h" -#line 4 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\login.cpsp" +#line 6 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\login.cpsp" #include "../SingletonManager/SessionManager.h" #include "Poco/Net/HTTPCookie.h" @@ -22,30 +22,58 @@ void LoginPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net:: if (_compressResponse) response.set("Content-Encoding", "gzip"); Poco::Net::HTMLForm form(request, request.stream()); -#line 11 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\login.cpsp" +#line 13 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\login.cpsp" - Profiler timeUsed; - auto session = SessionManager::getInstance()->getNewSession(); + + auto sm = SessionManager::getInstance(); if(!form.empty()) { auto email = form.get("login-email", ""); auto password = form.get("login-password", ""); - if(session->loadUser(email, password)) { - auto user_host = request.clientAddress().host(); - session->setClientIp(user_host); - response.addCookie(session->getLoginCookie()); + + if(email != "" && password != "") { + auto session = sm->getSession(request); + if(!session) { + session = sm->getNewSession(); + auto user_host = request.clientAddress().host(); + session->setClientIp(user_host); + response.addCookie(session->getLoginCookie()); + } + auto userState = session->loadUser(email, password); + getErrors(session); + auto uri_start = request.serverParams().getServerName(); - //response.redirect(uri_start + "/"); - response.redirect("./"); - return; + + switch(userState) { + case USER_EMPTY: + case USER_PASSWORD_INCORRECT: + addError(new Error("Login", "E-Mail oder Passwort nicht korrekt, bitte versuche es erneut!")); + break; + case USER_EMAIL_NOT_ACTIVATED: + // response.redirect(uri_start + "/checkEmail"); + session->addError(new Error("Account", "E-Mail Adresse wurde noch nicht bestätigt, hast du schon eine E-Mail erhalten?")); + response.redirect("./checkEmail"); + return; + case USER_NO_KEYS: + // response.redirect(uri_start + "/passphrase"); + response.redirect("./passphrase"); + return; + case USER_NO_PRIVATE_KEY: + case USER_COMPLETE: + // response.redirect(uri_start + "/"); + response.redirect("./"); + return; + } + + } else { + addError(new Error("Login", "Benutzernamen und Passwort müssen angegeben werden!")); } + } else { + // on enter login page with empty form // remove old cookies if exist - auto keks = Poco::Net::HTTPCookie("GRADIDO_LOGIN", ""); - // max age of 0 delete cookie - keks.setMaxAge(0); - response.addCookie(keks); - } + sm->deleteLoginCookies(request, response); + } std::ostream& _responseStream = response.send(); Poco::DeflatingOutputStream _gzipStream(_responseStream, Poco::DeflatingStreamBuf::STREAM_GZIP, 1); @@ -81,8 +109,8 @@ void LoginPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net:: responseStream << "\t
\n"; responseStream << "\t\t

Login

\n"; responseStream << "\t\t"; -#line 65 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\login.cpsp" - responseStream << ( session->getErrorsHtml() ); +#line 95 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\login.cpsp" + responseStream << ( getErrorsHtml() ); responseStream << "\n"; responseStream << "\t\t
\n"; responseStream << "\t\t\tLogin\n"; @@ -103,12 +131,12 @@ void LoginPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net:: responseStream << "\t
\n"; responseStream << "\t
\n"; responseStream << "\t\t"; -#line 84 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\login.cpsp" - responseStream << ( timeUsed.string() ); +#line 114 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\login.cpsp" + responseStream << ( mTimeProfiler.string() ); responseStream << "\n"; responseStream << "\t
\n"; responseStream << "\n"; responseStream << "\n"; - responseStream << "\n"; + responseStream << ""; if (_compressResponse) _gzipStream.close(); } diff --git a/src/cpp/HTTPInterface/LoginPage.h b/src/cpp/HTTPInterface/LoginPage.h index d55d968f6..11d45733b 100644 --- a/src/cpp/HTTPInterface/LoginPage.h +++ b/src/cpp/HTTPInterface/LoginPage.h @@ -5,7 +5,10 @@ #include "Poco/Net/HTTPRequestHandler.h" -class LoginPage: public Poco::Net::HTTPRequestHandler +#include "PageRequestMessagedHandler.h" + + +class LoginPage: public PageRequestMessagedHandler { public: void handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net::HTTPServerResponse& response); diff --git a/src/cpp/HTTPInterface/PageRequestHandlerFactory.cpp b/src/cpp/HTTPInterface/PageRequestHandlerFactory.cpp index f8d57b0fa..8ce886f01 100644 --- a/src/cpp/HTTPInterface/PageRequestHandlerFactory.cpp +++ b/src/cpp/HTTPInterface/PageRequestHandlerFactory.cpp @@ -71,12 +71,12 @@ Poco::Net::HTTPRequestHandler* PageRequestHandlerFactory::createRequestHandler(c if (s) { auto user = s->getUser(); - if (s->errorCount() || (user && user->errorCount())) { + if (s->errorCount() || (!user.isNull() && user->errorCount())) { return new Error500Page(s); } if(url_first_part == "/logout") { - sm->releseSession(s); + sm->releaseSession(s); // remove cookie printf("session released\n"); @@ -84,7 +84,7 @@ Poco::Net::HTTPRequestHandler* PageRequestHandlerFactory::createRequestHandler(c } if(url_first_part == "/user_delete") { if(s->deleteUser()) { - sm->releseSession(s); + sm->releaseSession(s); return new LoginPage; } @@ -100,7 +100,7 @@ Poco::Net::HTTPRequestHandler* PageRequestHandlerFactory::createRequestHandler(c //else if (uri == "/saveKeys") { return new SaveKeysPage(s); } - if (s && s->getUser()) { + if (s && !s->getUser().isNull()) { printf("[PageRequestHandlerFactory] go to dashboard page with user\n"); return new DashboardPage(s); } @@ -164,7 +164,10 @@ Poco::Net::HTTPRequestHandler* PageRequestHandlerFactory::handleCheckEmail(Sessi // no session or active session don't belong to verification code if (!session || session->getEmailVerificationCode() != verificationCode) { - session = sm->findByEmailVerificationCode(verificationCode); + sm->releaseSession(session); + session = nullptr; + // it is maybe unsafe + //session = sm->findByEmailVerificationCode(verificationCode); } // no suitable session in memory, try to create one from db data if (!session) { @@ -178,6 +181,7 @@ Poco::Net::HTTPRequestHandler* PageRequestHandlerFactory::handleCheckEmail(Sessi */ } else { + //sm->releaseSession(session); return new CheckEmailPage(session); } } @@ -198,7 +202,10 @@ Poco::Net::HTTPRequestHandler* PageRequestHandlerFactory::handleCheckEmail(Sessi } } + if (session) { + sm->releaseSession(session); + } - return new CheckEmailPage(session); + return new CheckEmailPage(nullptr); } diff --git a/src/cpp/HTTPInterface/PageRequestMessagedHandler.cpp b/src/cpp/HTTPInterface/PageRequestMessagedHandler.cpp new file mode 100644 index 000000000..bfc25a0bc --- /dev/null +++ b/src/cpp/HTTPInterface/PageRequestMessagedHandler.cpp @@ -0,0 +1,2 @@ +#include "PageRequestMessagedHandler.h" + diff --git a/src/cpp/HTTPInterface/PageRequestMessagedHandler.h b/src/cpp/HTTPInterface/PageRequestMessagedHandler.h new file mode 100644 index 000000000..f5fd04823 --- /dev/null +++ b/src/cpp/HTTPInterface/PageRequestMessagedHandler.h @@ -0,0 +1,23 @@ +#ifndef PAGE_REQUEST_MESSAGE_HANDLER_INCLUDED +#define PAGE_REQUEST_MESSAGE_HANDLER_INCLUDED + +//#include "../model/Session.h" +#include "../model/ErrorList.h" +#include "../model/Profiler.h" +#include "Poco/Net/HTTPRequestHandler.h" + + + +class PageRequestMessagedHandler : public Poco::Net::HTTPRequestHandler, public ErrorList +{ +public: + PageRequestMessagedHandler() {} + + //Poco::Net::HTTPRequestHandler* createRequestHandler(const Poco::Net::HTTPServerRequest& request); + +protected: + Profiler mTimeProfiler; +}; + + +#endif // PAGE_REQUEST_MESSAGE_HANDLER_INCLUDED diff --git a/src/cpp/HTTPInterface/PassphrasePage.cpp b/src/cpp/HTTPInterface/PassphrasePage.cpp index 338ef04d6..7cb5f8684 100644 --- a/src/cpp/HTTPInterface/PassphrasePage.cpp +++ b/src/cpp/HTTPInterface/PassphrasePage.cpp @@ -8,6 +8,8 @@ #line 7 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp" #include "../model/Profiler.h" +#include "../SingletonManager/SessionManager.h" + enum PageState { @@ -30,12 +32,13 @@ void PassphrasePage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco:: if (_compressResponse) response.set("Content-Encoding", "gzip"); Poco::Net::HTMLForm form(request, request.stream()); -#line 16 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp" +#line 18 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp" - Profiler timeUsed; PageState state = PAGE_ASK_PASSPHRASE; - bool hasErrors = mSession->errorCount() > 0; + auto sm = SessionManager::getInstance(); + // remove old cookies if exist + sm->deleteLoginCookies(request, response, mSession); // save login cookie, because maybe we've get an new session response.addCookie(mSession->getLoginCookie()); @@ -52,7 +55,7 @@ void PassphrasePage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco:: state = PAGE_SHOW_PASSPHRASE; } else { - mSession->addError(new Error("Merkspruch", "Dieser Merkspruch ist ungültig, bitte überprüfen oder neu generieren (lassen).")); + addError(new Error("Passphrase", "Diese Passphrase ist ungültig, bitte überprüfen oder neu generieren (lassen).")); } } else if (registerKeyChoice == "yes") { @@ -64,6 +67,7 @@ void PassphrasePage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco:: state = PAGE_SHOW_PASSPHRASE; mSession->updateState(SESSION_STATE_PASSPHRASE_SHOWN); } + getErrors(mSession); std::ostream& _responseStream = response.send(); Poco::DeflatingOutputStream _gzipStream(_responseStream, Poco::DeflatingStreamBuf::STREAM_GZIP, 1); std::ostream& responseStream = _compressResponse ? _gzipStream : _responseStream; @@ -95,19 +99,13 @@ void PassphrasePage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco:: responseStream << "\n"; responseStream << "\n"; responseStream << "
\n"; - responseStream << "\t"; -#line 77 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp" - if(mSession && hasErrors) { responseStream << "\n"; - responseStream << "\t\t"; -#line 78 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp" - responseStream << ( mSession->getErrorsHtml() ); - responseStream << "\n"; - responseStream << "\t"; -#line 79 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp" -} responseStream << "\n"; responseStream << "\t

Einen neuen Account anlegen

\n"; responseStream << "\t"; -#line 81 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp" +#line 82 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp" + responseStream << ( getErrorsHtml() ); + responseStream << "\n"; + responseStream << "\t"; +#line 83 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp" if(state == PAGE_SHOW_PASSPHRASE) { responseStream << "\n"; responseStream << "\t\t
\n"; responseStream << "\t\t\t
\n"; @@ -115,17 +113,17 @@ void PassphrasePage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco:: responseStream << "\t\t\t
\n"; responseStream << "\t\t\t
\n"; responseStream << "\t\t\t\t"; -#line 87 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp" +#line 89 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp" responseStream << ( mSession->getPassphrase() ); responseStream << "\n"; responseStream << "\t\t\t
\n"; responseStream << "\t\t\tWeiter\n"; responseStream << "\t\t
\n"; responseStream << "\t"; -#line 91 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp" +#line 93 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp" } else if(state == PAGE_ASK_PASSPHRASE) { responseStream << "\n"; responseStream << "\t

Deine E-Mail Adresse wurde erfolgreich bestätigt.

\n"; - responseStream << "\t
\n"; + responseStream << "\t\n"; responseStream << "\t\t
\n"; responseStream << "\t\t\tNeue Gradido Adresse anlegen / wiederherstellen\n"; responseStream << "\t\t\t

Hast du schonmal ein Gradido Konto besessen?

\n"; @@ -138,7 +136,7 @@ void PassphrasePage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco:: responseStream << "\t\t\t\t\n"; responseStream << "\t\t\t

\n"; responseStream << "\t\t\t\n"; responseStream << "\t\t
\n"; @@ -146,19 +144,19 @@ void PassphrasePage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco:: responseStream << "\t\t\n"; responseStream << "\t
\n"; responseStream << "\t"; -#line 110 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp" +#line 112 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp" } else { responseStream << "\n"; responseStream << "\t\t
\n"; responseStream << "\t\t\tUngültige Seite, wenn du das siehst stimmt hier etwas nicht. Bitte wende dich an den Server-Admin. \n"; responseStream << "\t\t
\n"; responseStream << "\t"; -#line 114 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp" +#line 116 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp" } responseStream << "\n"; responseStream << "
\n"; responseStream << "
\n"; responseStream << "\t"; -#line 117 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp" - responseStream << ( timeUsed.string() ); +#line 119 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp" + responseStream << ( mTimeProfiler.string() ); responseStream << "\n"; responseStream << "
\n"; responseStream << "\n"; diff --git a/src/cpp/HTTPInterface/RegisterPage.cpp b/src/cpp/HTTPInterface/RegisterPage.cpp index 60425114a..84b66cf48 100644 --- a/src/cpp/HTTPInterface/RegisterPage.cpp +++ b/src/cpp/HTTPInterface/RegisterPage.cpp @@ -5,11 +5,10 @@ #include "Poco/DeflatingStream.h" -#line 4 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp" +#line 6 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp" #include "../SingletonManager/SessionManager.h" #include "Poco/Net/HTTPCookie.h" -#include "../model/Profiler.h" void RegisterPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net::HTTPServerResponse& response) @@ -20,28 +19,37 @@ void RegisterPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Ne if (_compressResponse) response.set("Content-Encoding", "gzip"); Poco::Net::HTMLForm form(request, request.stream()); -#line 9 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp" +#line 10 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp" - Profiler timeUsed; - auto session = SessionManager::getInstance()->getNewSession(); + auto sm = SessionManager::getInstance(); + bool userReturned = false; if(!form.empty()) { if(form.get("register-password2") != form.get("register-password")) { - session->addError(new Error("Passwort", "Passwörter sind nicht identisch.")); + addError(new Error("Passwort", "Passwörter sind nicht identisch.")); } else { + auto session = sm->getSession(request); + if(!session) { + session = sm->getNewSession(); + auto user_host = request.clientAddress().host(); + session->setClientIp(user_host); + response.addCookie(session->getLoginCookie()); + } + userReturned = session->createUser( form.get("register-first-name"), form.get("register-last-name"), form.get("register-email"), form.get("register-password") ); + getErrors(session); } - if(userReturned) { - auto user_host = request.clientAddress().host(); - session->setClientIp(user_host); - response.addCookie(session->getLoginCookie()); - } + + } else { + // on enter login page with empty form + // remove old cookies if exist + sm->deleteLoginCookies(request, response); } std::ostream& _responseStream = response.send(); Poco::DeflatingOutputStream _gzipStream(_responseStream, Poco::DeflatingStreamBuf::STREAM_GZIP, 1); @@ -76,9 +84,12 @@ void RegisterPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Ne responseStream << "
\n"; responseStream << "\t

Einen neuen Account anlegen

\n"; responseStream << "\t"; -#line 60 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp" +#line 70 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp" + responseStream << ( getErrorsHtml() ); + responseStream << "\n"; + responseStream << "\t"; +#line 71 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp" if(!form.empty() && userReturned) { responseStream << "\n"; - responseStream << "\t\t\n"; responseStream << "\t\t
\n"; responseStream << "\t\t\t
\n"; responseStream << "\t\t\t\tDeine Anmeldung wird verarbeitet und es wird dir eine E-Mail zugeschickt. \n"; @@ -86,41 +97,31 @@ void RegisterPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Ne responseStream << "\t\t\t
\n"; responseStream << "\t\t
\n"; responseStream << "\t"; -#line 68 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp" +#line 78 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp" } else { responseStream << "\n"; responseStream << "\t
\n"; - responseStream << "\t\n"; - responseStream << "\t\t"; -#line 71 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp" - if(!form.empty() && !userReturned) { responseStream << "\n"; - responseStream << "\t\t\t"; -#line 72 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp" - responseStream << ( session->getErrorsHtml() ); - responseStream << "\n"; - responseStream << "\t\t"; -#line 73 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp" -} responseStream << "\n"; + responseStream << "\t\t\n"; responseStream << "\t\t
\n"; responseStream << "\t\t\tAccount anlegen\n"; responseStream << "\t\t\t

Bitte gebe deine Daten um einen Account anzulegen

\n"; responseStream << "\t\t\t

\n"; responseStream << "\t\t\t\t\n"; responseStream << "\t\t\t\t\n"; responseStream << "\t\t\t

\n"; responseStream << "\t\t\t

\n"; responseStream << "\t\t\t\t\n"; responseStream << "\t\t\t\t\n"; responseStream << "\t\t\t

\n"; responseStream << "\t\t\t

\n"; responseStream << "\t\t\t\t\n"; responseStream << "\t\t\t\t\n"; responseStream << "\t\t\t

\n"; @@ -137,13 +138,13 @@ void RegisterPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Ne responseStream << "\t\t\n"; responseStream << "\t\n"; responseStream << "\t"; -#line 101 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp" +#line 108 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp" } responseStream << "\n"; responseStream << "
\n"; responseStream << "
\n"; responseStream << "\t"; -#line 104 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp" - responseStream << ( timeUsed.string() ); +#line 111 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp" + responseStream << ( mTimeProfiler.string() ); responseStream << "\n"; responseStream << "
\n"; responseStream << "\n"; diff --git a/src/cpp/HTTPInterface/RegisterPage.h b/src/cpp/HTTPInterface/RegisterPage.h index 21dcdd7e8..7dc16970a 100644 --- a/src/cpp/HTTPInterface/RegisterPage.h +++ b/src/cpp/HTTPInterface/RegisterPage.h @@ -5,7 +5,10 @@ #include "Poco/Net/HTTPRequestHandler.h" -class RegisterPage: public Poco::Net::HTTPRequestHandler +#include "PageRequestMessagedHandler.h" + + +class RegisterPage: public PageRequestMessagedHandler { public: void handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net::HTTPServerResponse& response); diff --git a/src/cpp/HTTPInterface/SaveKeysPage.cpp b/src/cpp/HTTPInterface/SaveKeysPage.cpp index 13587924e..7d09efe5b 100644 --- a/src/cpp/HTTPInterface/SaveKeysPage.cpp +++ b/src/cpp/HTTPInterface/SaveKeysPage.cpp @@ -35,11 +35,12 @@ void SaveKeysPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Ne Poco::Net::HTMLForm form(request, request.stream()); #line 19 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp" - Profiler timeUsed; + bool hasErrors = mSession->errorCount() > 0; // crypto key only in memory, if user has tipped in his passwort in this session bool hasPassword = mSession->getUser()->hasCryptoKey(); PageState state = PAGE_ASK; + auto uri_start = request.serverParams().getServerName(); if(!form.empty()) { // privkey @@ -51,7 +52,7 @@ void SaveKeysPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Ne auto pwd = form.get("save-privkey-password", ""); if(!mSession->isPwdValid(pwd)) { - mSession->addError(new Error("Passwort", "Das Passwort stimmt nicht. Bitte verwende dein Passwort von der Registrierung")); + addError(new Error("Passwort", "Das Passwort stimmt nicht. Bitte verwende dein Passwort von der Registrierung")); hasErrors = true; } else { savePrivkey = true; @@ -70,8 +71,8 @@ void SaveKeysPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Ne hasErrors = true; } else if(mSession->getSessionState() >= SESSION_STATE_KEY_PAIR_GENERATED) { state = PAGE_SHOW_PUBKEY; - auto uri_start = request.serverParams().getServerName(); - printf("uri_start: %s\n", uri_start.data()); + + //printf("uri_start: %s\n", uri_start.data()); //response.redirect(uri_start + "/"); } else { state = PAGE_ERROR; @@ -80,6 +81,7 @@ void SaveKeysPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Ne printf("SaveKeysPage: hasErrors: %d, session state: %d, target state: %d\n", hasErrors, mSession->getSessionState(), SESSION_STATE_KEY_PAIR_GENERATED); } + getErrors(mSession); std::ostream& _responseStream = response.send(); Poco::DeflatingOutputStream _gzipStream(_responseStream, Poco::DeflatingStreamBuf::STREAM_GZIP, 1); std::ostream& responseStream = _compressResponse ? _gzipStream : _responseStream; @@ -111,18 +113,12 @@ void SaveKeysPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Ne responseStream << "\n"; responseStream << "\n"; responseStream << "
\n"; - responseStream << "\t"; -#line 93 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp" - if(hasErrors) { responseStream << "\n"; - responseStream << "\t\t"; -#line 94 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp" - responseStream << ( mSession->getErrorsHtml() ); - responseStream << "\n"; - responseStream << "\t"; -#line 95 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp" -} responseStream << "\n"; responseStream << "\t

Daten speichern

\n"; responseStream << "\t"; +#line 96 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp" + responseStream << ( getErrorsHtml() ); + responseStream << "\n"; + responseStream << "\t"; #line 97 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp" if(state == PAGE_ASK) { responseStream << "\n"; responseStream << "\t
\n"; @@ -182,7 +178,10 @@ void SaveKeysPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Ne responseStream << ( mSession->getUser()->getPublicKeyHex() ); responseStream << "\n"; responseStream << "\t\t\t

\n"; - responseStream << "\t\t\tZurück zur Startseite\n"; + responseStream << "\t\t\tZurück zur Startseite\n"; responseStream << "\t\t
\n"; responseStream << "\t"; #line 148 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp" @@ -201,7 +200,7 @@ void SaveKeysPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Ne responseStream << "
\n"; responseStream << "\t"; #line 156 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp" - responseStream << ( timeUsed.string() ); + responseStream << ( mTimeProfiler.string() ); responseStream << "\n"; responseStream << "
\n"; responseStream << "\n"; diff --git a/src/cpp/HTTPInterface/SessionHTTPRequestHandler.h b/src/cpp/HTTPInterface/SessionHTTPRequestHandler.h index 75bd37fd1..00afaff8c 100644 --- a/src/cpp/HTTPInterface/SessionHTTPRequestHandler.h +++ b/src/cpp/HTTPInterface/SessionHTTPRequestHandler.h @@ -2,10 +2,10 @@ #define SESSION_HTTP_REQUEST_HANDLER_INCLUDED #include "../model/Session.h" -#include "Poco/Net/HTTPRequestHandler.h" +#include "PageRequestMessagedHandler.h" -class SessionHTTPRequestHandler : public Poco::Net::HTTPRequestHandler +class SessionHTTPRequestHandler : public PageRequestMessagedHandler { public: SessionHTTPRequestHandler(Session* session) : mSession(session) {} diff --git a/src/cpp/HTTPInterface/UpdateUserPasswordPage.cpp b/src/cpp/HTTPInterface/UpdateUserPasswordPage.cpp index 1f2140849..662931178 100644 --- a/src/cpp/HTTPInterface/UpdateUserPasswordPage.cpp +++ b/src/cpp/HTTPInterface/UpdateUserPasswordPage.cpp @@ -9,7 +9,6 @@ #include "../SingletonManager/SessionManager.h" #include "Poco/Net/HTTPCookie.h" -#include "../model/Profiler.h" UpdateUserPasswordPage::UpdateUserPasswordPage(Session* arg): @@ -26,10 +25,12 @@ void UpdateUserPasswordPage::handleRequest(Poco::Net::HTTPServerRequest& request if (_compressResponse) response.set("Content-Encoding", "gzip"); Poco::Net::HTMLForm form(request, request.stream()); -#line 11 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\UpdateUserPassword.cpsp" +#line 10 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\UpdateUserPassword.cpsp" - Profiler timeUsed; auto user = mSession->getUser(); + auto sm = SessionManager::getInstance(); + // remove old cookies if exist + sm->deleteLoginCookies(request, response, mSession); // save login cookie, because maybe we've get an new session response.addCookie(mSession->getLoginCookie()); @@ -48,6 +49,8 @@ void UpdateUserPasswordPage::handleRequest(Poco::Net::HTTPServerRequest& request } } } + getErrors(mSession); + getErrors(user); std::ostream& _responseStream = response.send(); Poco::DeflatingOutputStream _gzipStream(_responseStream, Poco::DeflatingStreamBuf::STREAM_GZIP, 1); std::ostream& responseStream = _compressResponse ? _gzipStream : _responseStream; @@ -94,15 +97,11 @@ void UpdateUserPasswordPage::handleRequest(Poco::Net::HTTPServerRequest& request responseStream << "\n"; responseStream << "\n"; responseStream << "
\n"; - responseStream << "\t"; -#line 75 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\UpdateUserPassword.cpsp" - responseStream << ( mSession->getErrorsHtml() ); - responseStream << "\n"; - responseStream << "\t"; -#line 76 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\UpdateUserPassword.cpsp" - responseStream << ( user->getErrorsHtml() ); - responseStream << " \n"; responseStream << "\t

Passwort bestimmen

\n"; + responseStream << "\t"; +#line 79 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\UpdateUserPassword.cpsp" + responseStream << ( getErrorsHtml() ); + responseStream << "\n"; responseStream << "\t\t\n"; responseStream << "\t\t
\n"; responseStream << "\t\t\t
\n"; @@ -123,8 +122,8 @@ void UpdateUserPasswordPage::handleRequest(Poco::Net::HTTPServerRequest& request responseStream << "
\n"; responseStream << "
\n"; responseStream << "\t"; -#line 97 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\UpdateUserPassword.cpsp" - responseStream << ( timeUsed.string() ); +#line 99 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\UpdateUserPassword.cpsp" + responseStream << ( mTimeProfiler.string() ); responseStream << "\n"; responseStream << "
\n"; responseStream << "\n"; diff --git a/src/cpp/SingletonManager/SessionManager.cpp b/src/cpp/SingletonManager/SessionManager.cpp index fcffe6a24..487cf5ea6 100644 --- a/src/cpp/SingletonManager/SessionManager.cpp +++ b/src/cpp/SingletonManager/SessionManager.cpp @@ -151,20 +151,21 @@ Session* SessionManager::getNewSession(int* handle) if (handle) { *handle = newHandle; } - + printf("[SessionManager::getNewSession] handle: %ld, sum: %u\n", newHandle, mRequestSessionMap.size()); return requestSession; //return nullptr; } -bool SessionManager::releseSession(int requestHandleSession) +bool SessionManager::releaseSession(int requestHandleSession) { if (!mInitalized) { printf("[SessionManager::%s] not initialized any more\n", __FUNCTION__); return false; } mWorkingMutex.lock(); + auto it = mRequestSessionMap.find(requestHandleSession); if (it == mRequestSessionMap.end()) { printf("[SessionManager::releaseRequestSession] requestSession with handle: %d not found\n", requestHandleSession); @@ -177,6 +178,7 @@ bool SessionManager::releseSession(int requestHandleSession) // change request handle we don't want session hijacking int newHandle = generateNewUnusedHandle(); + //printf("[SessionManager::releseSession] oldHandle: %ld, newHandle: %ld\n", requestHandleSession, newHandle); // erase after generating new number to prevent to getting the same number again mRequestSessionMap.erase(requestHandleSession); @@ -206,25 +208,52 @@ bool SessionManager::isExist(int requestHandleSession) auto it = mRequestSessionMap.find(requestHandleSession); if (it != mRequestSessionMap.end()) { result = true; + if (!it->second->isActive()) { + printf("[SessionManager::isExist] session isn't active\n"); + } } mWorkingMutex.unlock(); return result; } +Session* SessionManager::getSession(const Poco::Net::HTTPServerRequest& request) +{ + // check if user has valid session + Poco::Net::NameValueCollection cookies; + request.getCookies(cookies); + + int session_id = 0; + + try { + session_id = atoi(cookies.get("GRADIDO_LOGIN").data()); + return getSession(session_id); + } + catch (...) {} + + return nullptr; +} + Session* SessionManager::getSession(int handle) { if (!mInitalized) { printf("[SessionManager::%s] not initialized any more\n", __FUNCTION__); return nullptr; } + if (0 == handle) return nullptr; Session* result = nullptr; mWorkingMutex.lock(); auto it = mRequestSessionMap.find(handle); if (it != mRequestSessionMap.end()) { result = it->second; - result->setActive(true); + if (!result->isActive()) { + //printf("[SessionManager::getSession] session isn't active\n"); + mWorkingMutex.unlock(); + return nullptr; + } + //result->setActive(true); result->updateTimeout(); } + printf("[SessionManager::getSession] handle: %ld\n", handle); mWorkingMutex.unlock(); return result; } @@ -263,11 +292,37 @@ void SessionManager::checkTimeoutSession() while (toRemove.size() > 0) { int handle = toRemove.top(); toRemove.pop(); - releseSession(handle); + releaseSession(handle); } } +void SessionManager::deleteLoginCookies(Poco::Net::HTTPServerRequest& request, Poco::Net::HTTPServerResponse& response, Session* activeSession/* = nullptr*/) +{ + Poco::Net::NameValueCollection cookies; + request.getCookies(cookies); + // go from first login cookie + for (auto it = cookies.find("GRADIDO_LOGIN"); it != cookies.end(); it++) { + // break if no login any more + if (it->first != "GRADIDO_LOGIN") break; + // skip if it is from the active session + if (activeSession) { + try { + int session_id = atoi(it->second.data()); + if (session_id == activeSession->getHandle()) continue; + } + catch (...) {} + } + // delete cookie + auto keks = Poco::Net::HTTPCookie("GRADIDO_LOGIN", it->second); + // max age of 0 delete cookie + keks.setMaxAge(0); + response.addCookie(keks); + } + + //session_id = atoi(cookies.get("GRADIDO_LOGIN").data()); +} + bool SessionManager::checkPwdValidation(const std::string& pwd, ErrorList* errorReciver) { if (!isValid(pwd, VALIDATE_PASSWORD)) { diff --git a/src/cpp/SingletonManager/SessionManager.h b/src/cpp/SingletonManager/SessionManager.h index 7545f3957..d7ac846dc 100644 --- a/src/cpp/SingletonManager/SessionManager.h +++ b/src/cpp/SingletonManager/SessionManager.h @@ -14,6 +14,8 @@ #include "../model/Session.h" #include "Poco/RegularExpression.h" +#include "Poco/Net/HTTPServerRequest.h" +#include "Poco/Net/HTTPServerResponse.h" #include #include @@ -40,14 +42,17 @@ public: static SessionManager* getInstance(); + + Session* getNewSession(int* handle = nullptr); - inline bool releseSession(Session* requestSession) { - return releseSession(requestSession->getHandle()); + inline bool releaseSession(Session* requestSession) { + return releaseSession(requestSession->getHandle()); } - bool releseSession(int requestHandleSession); + bool releaseSession(int requestHandleSession); bool isExist(int requestHandleSession); // try to find existing session, return nullptr if not found Session* getSession(int handle); + Session* getSession(const Poco::Net::HTTPServerRequest& request); Session* findByEmailVerificationCode(long long emailVerificationCode); bool init(); @@ -59,6 +64,9 @@ public: void checkTimeoutSession(); + // delete all current active login cookies + void deleteLoginCookies(Poco::Net::HTTPServerRequest& request, Poco::Net::HTTPServerResponse& response, Session* activeSession = nullptr); + protected: SessionManager(); diff --git a/src/cpp/model/EmailVerificationCode.cpp b/src/cpp/model/EmailVerificationCode.cpp index ebb34a48d..7b5b09941 100644 --- a/src/cpp/model/EmailVerificationCode.cpp +++ b/src/cpp/model/EmailVerificationCode.cpp @@ -57,4 +57,31 @@ Poco::Data::Statement EmailVerificationCode::loadFromDB(Poco::Data::Session sess , into(mUserId), into(mEmailVerificationCode); return select; -} \ No newline at end of file +} + +/* +Poco::Data::Statement select(session); +int email_checked = 0; +select << "SELECT email, first_name, last_name, password, pubkey, email_checked from users where id = ?", +into(mEmail), into(mFirstName), into(mLastName), into(mPasswordHashed), into(pubkey), into(email_checked), use(user_id); +try { +auto result = select.execute(); +int zahl = 1; +if (result == 1) { + +if (!pubkey.isNull()) { +auto pubkey_value = pubkey.value(); +size_t hexSize = pubkey_value.size() * 2 + 1; +char* hexString = (char*)malloc(hexSize); +memset(hexString, 0, hexSize); +sodium_bin2hex(hexString, hexSize, pubkey_value.content().data(), pubkey_value.size()); +mPublicHex = hexString; +free(hexString); +} +if (email_checked != 0) mEmailChecked = true; +} +} +catch (Poco::Exception& ex) { +addError(new ParamError("User::User", "mysql error", ex.displayText().data())); +} +*/ \ No newline at end of file diff --git a/src/cpp/model/ModelBase.h b/src/cpp/model/ModelBase.h index 9d498301f..7232d3cb2 100644 --- a/src/cpp/model/ModelBase.h +++ b/src/cpp/model/ModelBase.h @@ -20,6 +20,7 @@ public: virtual Poco::Data::Statement insertIntoDB(Poco::Data::Session session) = 0; virtual Poco::Data::Statement updateIntoDB(Poco::Data::Session session) = 0; virtual Poco::Data::Statement loadFromDB(Poco::Data::Session session, std::string& fieldName) = 0; + virtual bool executeLoadFromDB(Poco::Data::Statement select) { return select.execute() == 1; }; inline void setID(int id) { lock(); mID = id; unlock(); } inline int getID() { lock(); int id = mID; unlock(); return id; } diff --git a/src/cpp/model/Session.cpp b/src/cpp/model/Session.cpp index dca43da50..9b82d641d 100644 --- a/src/cpp/model/Session.cpp +++ b/src/cpp/model/Session.cpp @@ -284,26 +284,32 @@ bool Session::isPwdValid(const std::string& pwd) return false; } -bool Session::loadUser(const std::string& email, const std::string& password) +UserStates Session::loadUser(const std::string& email, const std::string& password) { //Profiler usedTime; - if (email == "" || password == "") { - addError(new Error("Login", "Benutzernamen und Passwort müssen angegeben werden!")); - return false; - } + lock(); if (mSessionUser) mSessionUser = nullptr; mSessionUser = new User(email.data()); - if (!mSessionUser->validatePwd(password, this)) { + if (mSessionUser->getUserState() == USER_LOADED_FROM_DB) { + if (!mSessionUser->validatePwd(password, this)) { + return USER_PASSWORD_INCORRECT; + } + } + + /*if (!mSessionUser->validatePwd(password, this)) { addError(new Error("Login", "E-Mail oder Passwort nicht korrekt, bitte versuche es erneut!")); + unlock(); return false; } if (!mSessionUser->isEmailChecked()) { addError(new Error("Account", "E-Mail Adresse wurde noch nicht bestätigt, hast du schon eine E-Mail erhalten?")); + unlock(); return false; - } + }*/ detectSessionState(); + unlock(); - return true; + return mSessionUser->getUserState(); } bool Session::deleteUser() @@ -337,11 +343,13 @@ void Session::detectSessionState() if (!mSessionUser || !mSessionUser->hasCryptoKey()) { return; } + UserStates userState = mSessionUser->getUserState(); + /* if (mSessionUser->getDBId() == 0) { updateState(SESSION_STATE_CRYPTO_KEY_GENERATED); return; - } - if (!mSessionUser->isEmailChecked()) { + }*/ + if (userState <= USER_EMAIL_NOT_ACTIVATED) { if (mEmailVerificationCode == 0) { auto dbConnection = ConnectionManager::getInstance()->getConnection(CONNECTION_MYSQL_LOGIN_SERVER); @@ -364,7 +372,7 @@ void Session::detectSessionState() return; } - if (mSessionUser->getPublicKeyHex() == "") { + if (USER_NO_KEYS == userState) { auto dbConnection = ConnectionManager::getInstance()->getConnection(CONNECTION_MYSQL_LOGIN_SERVER); Poco::Data::Statement select(dbConnection); diff --git a/src/cpp/model/Session.h b/src/cpp/model/Session.h index 7bf10cf84..d839aa68f 100644 --- a/src/cpp/model/Session.h +++ b/src/cpp/model/Session.h @@ -54,7 +54,9 @@ public: // TODO: register state: written into db, mails sended, update state only if new state is higher as old state bool createUser(const std::string& first_name, const std::string& last_name, const std::string& email, const std::string& password); // TODO: check if email exist and if not, fake waiting on password hashing with profiled times of real password hashing - bool loadUser(const std::string& email, const std::string& password); + UserStates loadUser(const std::string& email, const std::string& password); + + inline void setUser(Poco::AutoPtr user) { mSessionUser = user; } bool deleteUser(); @@ -88,8 +90,8 @@ public: inline Poco::UInt64 getEmailVerificationCode() { return mEmailVerificationCode; } - inline bool isActive() const { return mActive; } - inline void setActive(bool active) { mActive = active; } + inline bool isActive() { bool bret = false; lock(); bret = mActive; unlock(); return bret; } + inline void setActive(bool active) { lock(); mActive = active; unlock(); } inline Poco::DateTime getLastActivity() { return mLastActivity; } diff --git a/src/cpp/model/User.cpp b/src/cpp/model/User.cpp index d26953da4..268c66331 100644 --- a/src/cpp/model/User.cpp +++ b/src/cpp/model/User.cpp @@ -14,7 +14,7 @@ using namespace Poco::Data::Keywords; -//#define DEBUG_USER_DELETE_ENV +#define DEBUG_USER_DELETE_ENV // ------------------------------------------------------------------------------------------------- @@ -157,37 +157,45 @@ UserWriteCryptoKeyHashIntoDB::UserWriteCryptoKeyHashIntoDB(Poco::AutoPtr u int UserWriteCryptoKeyHashIntoDB::run() { - mUser->updateIntoDB("password"); + mUser->updateIntoDB(USER_FIELDS_PASSWORD); return 0; } // ******************************************************************************* // new user User::User(const char* email, const char* first_name, const char* last_name) - : mDBId(0), mEmail(email), mFirstName(first_name), mLastName(last_name), mPasswordHashed(0), mEmailChecked(false), mCryptoKey(nullptr), - mReferenceCount(1) + : mState(USER_EMPTY), mDBId(0), mEmail(email), mFirstName(first_name), mLastName(last_name), mPasswordHashed(0), mPrivateKey(nullptr), mEmailChecked(false), mCryptoKey(nullptr), + mReferenceCount(1) { } // load from db User::User(const char* email) - : mDBId(0), mEmail(email), mPasswordHashed(0), mEmailChecked(false), mCryptoKey(nullptr), mReferenceCount(1) + : mState(USER_EMPTY), mDBId(0), mEmail(email), mPasswordHashed(0), mPrivateKey(nullptr), mEmailChecked(false), mCryptoKey(nullptr), mReferenceCount(1) { //crypto_shorthash(mPasswordHashed, (const unsigned char*)password, strlen(password), *ServerConfig::g_ServerCryptoKey); //memset(mPasswordHashed, 0, crypto_shorthash_BYTES); auto cm = ConnectionManager::getInstance(); auto session = cm->getConnection(CONNECTION_MYSQL_LOGIN_SERVER); - Poco::Nullable pubkey; + Poco::Nullable pubkey; + Poco::Nullable privkey; Poco::Data::Statement select(session); int email_checked = 0; - select << "SELECT id, first_name, last_name, password, pubkey, email_checked from users where email = ?", - into(mDBId), into(mFirstName), into(mLastName), into(mPasswordHashed), into(pubkey), into(email_checked), use(mEmail); + select << "SELECT id, first_name, last_name, password, pubkey, privkey, email_checked from users where email = ?", + into(mDBId), into(mFirstName), into(mLastName), into(mPasswordHashed), into(pubkey), into(privkey), into(email_checked), use(mEmail); try { auto result = select.execute(); - int zahl = 1; if (result == 1) { + mState = USER_LOADED_FROM_DB; + if (email_checked == 0) { mState = USER_EMAIL_NOT_ACTIVATED;} + else if (pubkey.isNull()) { mState = USER_NO_KEYS;} + else if (privkey.isNull()) { mState = USER_NO_PRIVATE_KEY; } + else { mState = USER_COMPLETE;} + + mEmailChecked = email_checked == 1; + if (!pubkey.isNull()) { auto pubkey_value = pubkey.value(); size_t hexSize = pubkey_value.size() * 2 + 1; @@ -197,7 +205,12 @@ User::User(const char* email) mPublicHex = hexString; free(hexString); } - if (email_checked != 0) mEmailChecked = true; + if (!privkey.isNull()) { + auto privkey_value = privkey.value(); + mPrivateKey = new ObfusArray(privkey_value.size(), privkey_value.content().data()); + } + + } } catch(Poco::Exception& ex) { addError(new ParamError("User::User", "mysql error", ex.displayText().data())); @@ -205,21 +218,29 @@ User::User(const char* email) } User::User(int user_id) -: mDBId(user_id), mPasswordHashed(0), mEmailChecked(false), mCryptoKey(nullptr), mReferenceCount(1) +: mState(USER_EMPTY), mDBId(user_id), mPasswordHashed(0), mPrivateKey(nullptr), mEmailChecked(false), mCryptoKey(nullptr), mReferenceCount(1) { auto cm = ConnectionManager::getInstance(); auto session = cm->getConnection(CONNECTION_MYSQL_LOGIN_SERVER); Poco::Nullable pubkey; + Poco::Nullable privkey; Poco::Data::Statement select(session); int email_checked = 0; - select << "SELECT email, first_name, last_name, password, pubkey, email_checked from users where id = ?", - into(mEmail), into(mFirstName), into(mLastName), into(mPasswordHashed), into(pubkey), into(email_checked), use(user_id); + select << "SELECT email, first_name, last_name, password, pubkey, privkey, email_checked from users where id = ?", + into(mEmail), into(mFirstName), into(mLastName), into(mPasswordHashed), into(pubkey), into(privkey), into(email_checked), use(user_id); try { auto result = select.execute(); - int zahl = 1; if (result == 1) { + mState = USER_LOADED_FROM_DB; + if (email_checked == 0) { mState = USER_EMAIL_NOT_ACTIVATED; } + else if (pubkey.isNull()) { mState = USER_NO_KEYS; } + else if (privkey.isNull()) { mState = USER_NO_PRIVATE_KEY; } + else { mState = USER_COMPLETE; } + + mEmailChecked = email_checked == 1; + if (!pubkey.isNull()) { auto pubkey_value = pubkey.value(); size_t hexSize = pubkey_value.size() * 2 + 1; @@ -229,7 +250,10 @@ User::User(int user_id) mPublicHex = hexString; free(hexString); } - if (email_checked != 0) mEmailChecked = true; + if (!privkey.isNull()) { + auto privkey_value = privkey.value(); + mPrivateKey = new ObfusArray(privkey_value.size(), privkey_value.content().data()); + } } } catch (Poco::Exception& ex) { @@ -248,6 +272,10 @@ User::~User() delete mCryptoKey; mCryptoKey = nullptr; } + if (mPrivateKey) { + delete mPrivateKey; + mPrivateKey = nullptr; + } } @@ -310,40 +338,80 @@ bool User::validatePassphrase(const std::string& passphrase) bool User::isEmptyPassword() { - return mPasswordHashed == 0 && (mCreateCryptoKeyTask.isNull() || mCreateCryptoKeyTask->isTaskFinished()); + bool bRet = false; + lock(); + bRet = mPasswordHashed == 0 && (mCreateCryptoKeyTask.isNull() || mCreateCryptoKeyTask->isTaskFinished()); + unlock(); + return bRet; +} + +UserStates User::getUserState() +{ + UserStates state; + lock(); + state = mState; + unlock(); + return state; } // TODO: if a password and privkey already exist, load current private key and re encrypt with new crypto key bool User::setNewPassword(const std::string& newPassword) { + if (newPassword == "") { + lock(); addError(new Error("Passwort", "Ist leer.")); + unlock(); return false; } if (!mCreateCryptoKeyTask.isNull() && !mCreateCryptoKeyTask->isTaskFinished()) { + lock(); addError(new Error("Passwort", "Wird bereits erstellt, bitte in ca. 1 sekunde neuladen.")); + unlock(); return false; } duplicate(); + lock(); mCreateCryptoKeyTask = new UserCreateCryptoKey(this, newPassword, ServerConfig::g_CPUScheduler); mCreateCryptoKeyTask->scheduleTask(mCreateCryptoKeyTask); - + unlock(); duplicate(); UniLib::controller::TaskPtr savePassword(new UserWriteCryptoKeyHashIntoDB(this, 1)); savePassword->setParentTaskPtrInArray(mCreateCryptoKeyTask, 0); savePassword->scheduleTask(savePassword); + unlock(); return true; } +void User::setEmailChecked() +{ + lock(); + mEmailChecked = true; + if (mState <= USER_EMAIL_NOT_ACTIVATED) { + if (mPublicHex == "") { + mState = USER_NO_KEYS; + } + else if (!mPrivateKey) { + mState = USER_NO_PRIVATE_KEY; + } + else { + mState = USER_COMPLETE; + } + } + unlock(); +} + bool User::validatePwd(const std::string& pwd, ErrorList* validationErrorsToPrint) { + auto cmpCryptoKey = createCryptoKey(pwd); if (sizeof(User::passwordHashed) != crypto_shorthash_BYTES) { throw Poco::Exception("crypto_shorthash_BYTES != sizeof(User::passwordHashed)"); } User::passwordHashed pwdHashed; crypto_shorthash((unsigned char*)&pwdHashed, *cmpCryptoKey, crypto_box_SEEDBYTES, *ServerConfig::g_ServerCryptoKey); + lock(); if (pwdHashed == mPasswordHashed) { if (!mCryptoKey) { mCryptoKey = cmpCryptoKey; @@ -351,11 +419,12 @@ bool User::validatePwd(const std::string& pwd, ErrorList* validationErrorsToPrin else { delete cmpCryptoKey; } + unlock(); return true; } delete cmpCryptoKey; - + unlock(); return false; } @@ -386,10 +455,13 @@ bool User::deleteFromDB() } try { + lock(); auto result = deleteFromDB.execute(); + unlock(); //printf("[User::deleteFromDB] %s deleted: %d\n", tables[i].data(), result); } catch (Poco::Exception& ex) { + unlock(); em->addError(new ParamError("[User::deleteFromDB]", "error deleting user tables", ex.displayText().data())); em->sendErrorsAsEmail(); //return false; @@ -412,6 +484,9 @@ void User::duplicate() void User::release() { + if (!mCreateCryptoKeyTask.isNull() && mCreateCryptoKeyTask->isTaskFinished()) { + mCreateCryptoKeyTask = nullptr; + } mWorkingMutex.lock(); mReferenceCount--; #ifdef DEBUG_USER_DELETE_ENV @@ -436,7 +511,9 @@ ObfusArray* User::createCryptoKey(const std::string& password) sha_context context_sha512; //unsigned char* hash512 = (unsigned char*)malloc(SHA_512_SIZE); if (SHA_512_SIZE < crypto_pwhash_SALTBYTES) { + lock(); addError(new Error(__FUNCTION__, "sha512 is to small for libsodium pwhash saltbytes")); + unlock(); return nullptr; } @@ -450,7 +527,9 @@ ObfusArray* User::createCryptoKey(const std::string& password) unsigned char* key = (unsigned char *)malloc(crypto_box_SEEDBYTES); // 32U if (crypto_pwhash(key, crypto_box_SEEDBYTES, password.data(), password.size(), hash512_salt, 10U, 33554432, 2) != 0) { + lock(); addError(new ParamError(__FUNCTION__, " error creating pwd hash, maybe to much memory requestet? error:", strerror(errno))); + unlock(); //printf("[User::%s] error creating pwd hash, maybe to much memory requestet? error: %s\n", __FUNCTION__, strerror(errno)); //printf("pwd: %s\n", pwd); return nullptr; @@ -551,30 +630,33 @@ Poco::Data::Statement User::insertIntoDB(Poco::Data::Session session) return insert; } -bool User::updateIntoDB(const char* fieldName) +bool User::updateIntoDB(UserFields fieldType) { if (mDBId == 0) { addError(new Error("User::updateIntoDB", "user id is zero")); return false; } - - if (strcmp(fieldName, "password") == 0 && mPasswordHashed != 0) { + if (USER_FIELDS_PASSWORD == fieldType || USER_FIELDS_EMAIL_CHECKED == fieldType) { auto session = ConnectionManager::getInstance()->getConnection(CONNECTION_MYSQL_LOGIN_SERVER); Poco::Data::Statement update(session); - // UPDATE `table_name` SET `column_name` = `new_value' [WHERE condition]; - update << "UPDATE users SET password = ? where id = ?", - use(mPasswordHashed), use(mDBId); + if (USER_FIELDS_PASSWORD == fieldType) { + update << "UPDATE users SET password = ? where id = ?", + use(mPasswordHashed), use(mDBId); + } + else if (USER_FIELDS_EMAIL_CHECKED == fieldType) { + update << "UPDATE users SET email_checked = ? where id = ?", + use(mEmailChecked), use(mDBId); + } try { if (update.execute() == 1) return true; - addError(new ParamError("User::updateIntoDB", "update not affected 1 rows", fieldName)); + addError(new ParamError("User::updateIntoDB", "update not affected 1 rows", fieldType)); } catch (Poco::Exception& ex) { auto em = ErrorManager::getInstance(); em->addError(new ParamError("User::updateIntoDB", "mysql error", ex.displayText().data())); em->sendErrorsAsEmail(); } - } return false; diff --git a/src/cpp/model/User.h b/src/cpp/model/User.h index 66f7154f6..9e6a5a78d 100644 --- a/src/cpp/model/User.h +++ b/src/cpp/model/User.h @@ -3,7 +3,7 @@ #include "../Crypto/KeyPair.h" #include -#include "ErrorList.h" +#include "ModelBase.h" #include "Poco/Thread.h" #include "Poco/Types.h" @@ -17,6 +17,26 @@ class Session; class UserWriteCryptoKeyHashIntoDB; +enum UserStates +{ + USER_EMPTY, + USER_LOADED_FROM_DB, + USER_PASSWORD_INCORRECT, + USER_EMAIL_NOT_ACTIVATED, + USER_NO_KEYS, + USER_NO_PRIVATE_KEY, + USER_COMPLETE +}; + +enum UserFields +{ + USER_FIELDS_ID, + USER_FIELDS_FIRST_NAME, + USER_FIELDS_LAST_NAME, + USER_FIELDS_PASSWORD, + USER_FIELDS_EMAIL_CHECKED +}; + class User : public ErrorList { friend NewUser; @@ -51,17 +71,20 @@ public: inline const char* getFirstName() const { return mFirstName.data(); } inline const char* getLastName() const { return mLastName.data(); } inline int getDBId() const { return mDBId; } - inline void setEmailChecked() { mEmailChecked = true; } - inline bool isEmailChecked() { return mEmailChecked; } inline std::string getPublicKeyHex() { lock(); std::string pubkeyHex = mPublicHex; unlock(); return pubkeyHex; } inline void setPublicKeyHex(const std::string& publicKeyHex) { lock(); mPublicHex = publicKeyHex; unlock(); } + UserStates getUserState(); + + void setEmailChecked(); bool isEmptyPassword(); bool setNewPassword(const std::string& newPassword); bool validatePwd(const std::string& pwd, ErrorList* validationErrorsToPrint); Poco::Data::BLOB* encrypt(const ObfusArray* data); + + // for poco auto ptr void duplicate(); void release(); @@ -71,10 +94,10 @@ protected: ObfusArray* createCryptoKey(const std::string& password); inline void setCryptoKey(ObfusArray* cryptoKey) { lock(); mCryptoKey = cryptoKey; unlock(); } - + void detectState(); Poco::Data::Statement insertIntoDB(Poco::Data::Session session); - bool updateIntoDB(const char* fieldName); + bool updateIntoDB(UserFields fieldType); inline passwordHashed getPwdHashed() { lock(); auto ret = mPasswordHashed; unlock(); return ret; } inline void setPwdHashed(passwordHashed pwdHashed) { lock(); mPasswordHashed = pwdHashed; unlock(); } @@ -84,16 +107,27 @@ protected: private: + UserStates mState; + + // ************************* DB FIELDS ****************************** int mDBId; std::string mEmail; std::string mFirstName; std::string mLastName; passwordHashed mPasswordHashed; - bool mEmailChecked; - // crypto key as obfus array - ObfusArray* mCryptoKey; + std::string mPublicHex; + ObfusArray* mPrivateKey; + // TODO: insert created if necessary + + bool mEmailChecked; + + // ************************ DB FIELDS END ****************************** + // crypto key as obfus array + // only in memory, if user has typed in password + ObfusArray* mCryptoKey; + Poco::Mutex mWorkingMutex; // for poco auto ptr diff --git a/src/cpsp/checkEmail.cpsp b/src/cpsp/checkEmail.cpsp index d9820a834..eddca7dde 100644 --- a/src/cpsp/checkEmail.cpsp +++ b/src/cpsp/checkEmail.cpsp @@ -5,7 +5,7 @@ <%@ page form="true" %> <%@ page compressed="true" %> <%! -#include "../model/Profiler.h" +#include "../SingletonManager/SessionManager.h" enum PageState { @@ -14,11 +14,12 @@ enum PageState }; %> <%% - Profiler timeUsed; - bool hasErrors = false; + // remove old cookies if exist + auto sm = SessionManager::getInstance(); + sm->deleteLoginCookies(request, response, mSession); PageState state = ASK_VERIFICATION_CODE; if(mSession) { - hasErrors = mSession->errorCount() > 0; + getErrors(mSession); if(mSession->getSessionState() < SESSION_STATE_EMAIL_VERIFICATION_SEND) { state = MAIL_NOT_SEND; } @@ -53,10 +54,9 @@ label:not(.grd_radio_label) {
- <% if(mSession && hasErrors) {%> - <%= mSession->getErrorsHtml() %> - <%} %> +

Einen neuen Account anlegen

+ <%= getErrorsHtml() %> <% if(state == MAIL_NOT_SEND) { %>

Die E-Mail wurde noch nicht verschickt, bitte habe noch etwas Geduld.

@@ -75,7 +75,7 @@ label:not(.grd_radio_label) { <% } %>
- <%= timeUsed.string() %> + <%= mTimeProfiler.string() %>
diff --git a/src/cpsp/dashboard.cpsp b/src/cpsp/dashboard.cpsp index e343efdbc..8005c8154 100644 --- a/src/cpsp/dashboard.cpsp +++ b/src/cpsp/dashboard.cpsp @@ -6,15 +6,16 @@ <%@ page compressed="true" %> <%! #include "../SingletonManager/SessionManager.h" -#include "../model/Profiler.h" +#include "Poco/Net/HTTPServerParams.h" %> <% - Profiler timeUsed; + //Poco::Net::NameValueCollection cookies; //request.getCookies(cookies); if(!form.empty()) { //form.get("email-verification-code") } + auto uri_start = request.serverParams().getServerName(); %> @@ -44,11 +45,11 @@ <% } %> - Abmelden - Account löschen + Abmelden + Account löschen
- <%= timeUsed.string() %> + <%= mTimeProfiler.string() %>
diff --git a/src/cpsp/login.cpsp b/src/cpsp/login.cpsp index b762437eb..2e7695efe 100644 --- a/src/cpsp/login.cpsp +++ b/src/cpsp/login.cpsp @@ -1,5 +1,7 @@ <%@ page class="LoginPage" %> <%@ page form="true" %> +<%@ page baseClass="PageRequestMessagedHandler" %> +<%@ header include="PageRequestMessagedHandler.h" %> <%@ page compressed="true" %> <%! #include "../SingletonManager/SessionManager.h" @@ -9,28 +11,56 @@ %> <%% - Profiler timeUsed; - auto session = SessionManager::getInstance()->getNewSession(); + + auto sm = SessionManager::getInstance(); if(!form.empty()) { auto email = form.get("login-email", ""); auto password = form.get("login-password", ""); - if(session->loadUser(email, password)) { - auto user_host = request.clientAddress().host(); - session->setClientIp(user_host); - response.addCookie(session->getLoginCookie()); + + if(email != "" && password != "") { + auto session = sm->getSession(request); + if(!session) { + session = sm->getNewSession(); + auto user_host = request.clientAddress().host(); + session->setClientIp(user_host); + response.addCookie(session->getLoginCookie()); + } + auto userState = session->loadUser(email, password); + getErrors(session); + auto uri_start = request.serverParams().getServerName(); - //response.redirect(uri_start + "/"); - response.redirect("./"); - return; + + switch(userState) { + case USER_EMPTY: + case USER_PASSWORD_INCORRECT: + addError(new Error("Login", "E-Mail oder Passwort nicht korrekt, bitte versuche es erneut!")); + break; + case USER_EMAIL_NOT_ACTIVATED: + // response.redirect(uri_start + "/checkEmail"); + session->addError(new Error("Account", "E-Mail Adresse wurde noch nicht bestätigt, hast du schon eine E-Mail erhalten?")); + response.redirect("./checkEmail"); + return; + case USER_NO_KEYS: + // response.redirect(uri_start + "/passphrase"); + response.redirect("./passphrase"); + return; + case USER_NO_PRIVATE_KEY: + case USER_COMPLETE: + // response.redirect(uri_start + "/"); + response.redirect("./"); + return; + } + + } else { + addError(new Error("Login", "Benutzernamen und Passwort müssen angegeben werden!")); } + } else { + // on enter login page with empty form // remove old cookies if exist - auto keks = Poco::Net::HTTPCookie("GRADIDO_LOGIN", ""); - // max age of 0 delete cookie - keks.setMaxAge(0); - response.addCookie(keks); - } + sm->deleteLoginCookies(request, response); + } %> @@ -62,7 +92,7 @@ label:not(.grd_radio_label) {

Login

- <%= session->getErrorsHtml() %> + <%= getErrorsHtml() %>
Login

Bitte gebe deine Zugangsdaten ein um dich einzuloggen.

@@ -81,8 +111,8 @@ label:not(.grd_radio_label) { Neuen Account anlegen
- <%= timeUsed.string() %> + <%= mTimeProfiler.string() %>
- + \ No newline at end of file diff --git a/src/cpsp/passphrase.cpsp b/src/cpsp/passphrase.cpsp index f0ad89d3c..754129d7a 100644 --- a/src/cpsp/passphrase.cpsp +++ b/src/cpsp/passphrase.cpsp @@ -6,6 +6,8 @@ <%@ page compressed="true" %> <%! #include "../model/Profiler.h" +#include "../SingletonManager/SessionManager.h" + enum PageState { @@ -14,10 +16,11 @@ enum PageState }; %> <%% - Profiler timeUsed; PageState state = PAGE_ASK_PASSPHRASE; - bool hasErrors = mSession->errorCount() > 0; + auto sm = SessionManager::getInstance(); + // remove old cookies if exist + sm->deleteLoginCookies(request, response, mSession); // save login cookie, because maybe we've get an new session response.addCookie(mSession->getLoginCookie()); @@ -34,7 +37,7 @@ enum PageState state = PAGE_SHOW_PASSPHRASE; } else { - mSession->addError(new Error("Merkspruch", "Dieser Merkspruch ist ungültig, bitte überprüfen oder neu generieren (lassen).")); + addError(new Error("Passphrase", "Diese Passphrase ist ungültig, bitte überprüfen oder neu generieren (lassen).")); } } else if (registerKeyChoice == "yes") { @@ -46,6 +49,7 @@ enum PageState state = PAGE_SHOW_PASSPHRASE; mSession->updateState(SESSION_STATE_PASSPHRASE_SHOWN); } + getErrors(mSession); %> @@ -74,10 +78,8 @@ label:not(.grd_radio_label) {
- <% if(mSession && hasErrors) {%> - <%= mSession->getErrorsHtml() %> - <%} %>

Einen neuen Account anlegen

+ <%= getErrorsHtml() %> <% if(state == PAGE_SHOW_PASSPHRASE) {%>
@@ -90,7 +92,7 @@ label:not(.grd_radio_label) {
<% } else if(state == PAGE_ASK_PASSPHRASE) { %>

Deine E-Mail Adresse wurde erfolgreich bestätigt.

-
+
Neue Gradido Adresse anlegen / wiederherstellen

Hast du schonmal ein Gradido Konto besessen?

@@ -114,7 +116,7 @@ label:not(.grd_radio_label) { <% } %>
- <%= timeUsed.string() %> + <%= mTimeProfiler.string() %>
diff --git a/src/cpsp/register.cpsp b/src/cpsp/register.cpsp index 79f6c1507..b39aa0691 100644 --- a/src/cpsp/register.cpsp +++ b/src/cpsp/register.cpsp @@ -1,32 +1,42 @@ <%@ page class="RegisterPage" %> <%@ page form="true" %> <%@ page compressed="true" %> +<%@ page baseClass="PageRequestMessagedHandler" %> +<%@ header include="PageRequestMessagedHandler.h" %> <%! #include "../SingletonManager/SessionManager.h" #include "Poco/Net/HTTPCookie.h" -#include "../model/Profiler.h" %> <%% - Profiler timeUsed; - auto session = SessionManager::getInstance()->getNewSession(); + auto sm = SessionManager::getInstance(); + bool userReturned = false; if(!form.empty()) { if(form.get("register-password2") != form.get("register-password")) { - session->addError(new Error("Passwort", "Passwörter sind nicht identisch.")); + addError(new Error("Passwort", "Passwörter sind nicht identisch.")); } else { + auto session = sm->getSession(request); + if(!session) { + session = sm->getNewSession(); + auto user_host = request.clientAddress().host(); + session->setClientIp(user_host); + response.addCookie(session->getLoginCookie()); + } + userReturned = session->createUser( form.get("register-first-name"), form.get("register-last-name"), form.get("register-email"), form.get("register-password") ); + getErrors(session); } - if(userReturned) { - auto user_host = request.clientAddress().host(); - session->setClientIp(user_host); - response.addCookie(session->getLoginCookie()); - } + + } else { + // on enter login page with empty form + // remove old cookies if exist + sm->deleteLoginCookies(request, response); } %> @@ -57,8 +67,8 @@ label:not(.grd_radio_label) {

Einen neuen Account anlegen

+ <%= getErrorsHtml() %> <% if(!form.empty() && userReturned) {%> -
Deine Anmeldung wird verarbeitet und es wird dir eine E-Mail zugeschickt. @@ -67,10 +77,7 @@ label:not(.grd_radio_label) {
<% } else { %> - - <% if(!form.empty() && !userReturned) {%> - <%= session->getErrorsHtml() %> - <%} %> +
Account anlegen

Bitte gebe deine Daten um einen Account anzulegen

@@ -101,7 +108,7 @@ label:not(.grd_radio_label) { <% } %>
- <%= timeUsed.string() %> + <%= mTimeProfiler.string() %>
diff --git a/src/cpsp/saveKeys.cpsp b/src/cpsp/saveKeys.cpsp index 2ee62e925..ed4b6438c 100644 --- a/src/cpsp/saveKeys.cpsp +++ b/src/cpsp/saveKeys.cpsp @@ -17,11 +17,12 @@ enum PageState %> <%% - Profiler timeUsed; + bool hasErrors = mSession->errorCount() > 0; // crypto key only in memory, if user has tipped in his passwort in this session bool hasPassword = mSession->getUser()->hasCryptoKey(); PageState state = PAGE_ASK; + auto uri_start = request.serverParams().getServerName(); if(!form.empty()) { // privkey @@ -33,7 +34,7 @@ enum PageState auto pwd = form.get("save-privkey-password", ""); if(!mSession->isPwdValid(pwd)) { - mSession->addError(new Error("Passwort", "Das Passwort stimmt nicht. Bitte verwende dein Passwort von der Registrierung")); + addError(new Error("Passwort", "Das Passwort stimmt nicht. Bitte verwende dein Passwort von der Registrierung")); hasErrors = true; } else { savePrivkey = true; @@ -52,8 +53,8 @@ enum PageState hasErrors = true; } else if(mSession->getSessionState() >= SESSION_STATE_KEY_PAIR_GENERATED) { state = PAGE_SHOW_PUBKEY; - auto uri_start = request.serverParams().getServerName(); - printf("uri_start: %s\n", uri_start.data()); + + //printf("uri_start: %s\n", uri_start.data()); //response.redirect(uri_start + "/"); } else { state = PAGE_ERROR; @@ -62,6 +63,7 @@ enum PageState printf("SaveKeysPage: hasErrors: %d, session state: %d, target state: %d\n", hasErrors, mSession->getSessionState(), SESSION_STATE_KEY_PAIR_GENERATED); } + getErrors(mSession); %> @@ -90,10 +92,8 @@ label:not(.grd_radio_label) {
- <% if(hasErrors) {%> - <%= mSession->getErrorsHtml() %> - <%} %>

Daten speichern

+ <%= getErrorsHtml() %> <% if(state == PAGE_ASK) { %>
@@ -143,7 +143,7 @@ label:not(.grd_radio_label) {

<%= mSession->getUser()->getPublicKeyHex() %>

- Zurück zur Startseite + Zurück zur Startseite
<% } else if(state == PAGE_ERROR) { %>
@@ -153,7 +153,7 @@ label:not(.grd_radio_label) { <% } %>
- <%= timeUsed.string() %> + <%= mTimeProfiler.string() %>
diff --git a/src/cpsp/updateUserPassword.cpsp b/src/cpsp/updateUserPassword.cpsp index f92ab8004..5b21a5582 100644 --- a/src/cpsp/updateUserPassword.cpsp +++ b/src/cpsp/updateUserPassword.cpsp @@ -6,11 +6,12 @@ <%! #include "../SingletonManager/SessionManager.h" #include "Poco/Net/HTTPCookie.h" -#include "../model/Profiler.h" %> <%% - Profiler timeUsed; auto user = mSession->getUser(); + auto sm = SessionManager::getInstance(); + // remove old cookies if exist + sm->deleteLoginCookies(request, response, mSession); // save login cookie, because maybe we've get an new session response.addCookie(mSession->getLoginCookie()); @@ -29,6 +30,8 @@ } } } + getErrors(mSession); + getErrors(user); %> @@ -72,9 +75,8 @@ label:not(.grd_radio_label) {
- <%= mSession->getErrorsHtml() %> - <%= user->getErrorsHtml() %>

Passwort bestimmen

+ <%= getErrorsHtml() %>
@@ -94,7 +96,7 @@ label:not(.grd_radio_label) {
- <%= timeUsed.string() %> + <%= mTimeProfiler.string() %>