From f01cf733020916bfb98a23c45aa454a1eba7be74 Mon Sep 17 00:00:00 2001
From: Dario <dario.rekowski@gmx.de>
Date: Fri, 29 May 2020 21:02:34 +0200
Subject: [PATCH] Update texte password reset, remove check new password is
 same, release session after password reset

---
 src/cpp/HTTPInterface/PassphrasePage.cpp      |  8 ++++----
 .../HTTPInterface/UpdateUserPasswordPage.cpp  | 19 ++++++++++++-------
 src/cpp/model/User.cpp                        |  9 +++++----
 src/cpsp/passphrase.cpsp                      |  4 ++--
 src/cpsp/updateUserPassword.cpsp              |  9 +++++++--
 5 files changed, 30 insertions(+), 19 deletions(-)

diff --git a/src/cpp/HTTPInterface/PassphrasePage.cpp b/src/cpp/HTTPInterface/PassphrasePage.cpp
index 37d641943..336994e65 100644
--- a/src/cpp/HTTPInterface/PassphrasePage.cpp
+++ b/src/cpp/HTTPInterface/PassphrasePage.cpp
@@ -574,14 +574,14 @@ void PassphrasePage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::
 	responseStream << "\t  <div class=\"col-md-10 mx-auto\">\n";
 	responseStream << "\t\t<div class=\"form-group row showcase_row_area\">\n";
 	responseStream << "\t\t  <div class=\"col-md-12 col-lg-12 \">\n";
-	responseStream << "\t\t\t<div class=\"col-lg-12 col-md-12 mx-auto alert alert-primary\" style=\"text-align:center\">\n";
-	responseStream << "\t\t\t  <h5 class=\"alert-heading\">";
-#line 295 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\passphrase.cpsp"
+	responseStream << "\t\t\t<h5 class=\"alert-heading\">";
+#line 294 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\passphrase.cpsp"
 	responseStream << ( gettext("Konto wiederherstellen / Neues Passwort anlegen") );
 	responseStream << "</h5>\n";
+	responseStream << "\t\t\t<div class=\"col-lg-12 col-md-12 mx-auto alert alert-primary\" style=\"text-align:center\">\n";
 	responseStream << "\t\t\t  <p>";
 #line 296 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\passphrase.cpsp"
-	responseStream << ( gettext("Um dein Konto wiederherzustellen, dir ein Neues Passwort auswählen zu können, tippe hier bitte die Wörter deiner Passphrase in der richtigen Reihenfolge ein, welche du dir aufgeschrieben hast.") );
+	responseStream << ( gettext("Um dein Konto wiederherzustellen und dir ein Neues Passwort auswählen zu können, tippe hier bitte die Wörter deiner Passphrase in der richtigen Reihenfolge ein, welche du dir aufgeschrieben hast.") );
 	responseStream << "</p>\n";
 	responseStream << "\t\t\t</div>\n";
 	responseStream << "\t\t\t<form method=\"POST\" action=\"";
diff --git a/src/cpp/HTTPInterface/UpdateUserPasswordPage.cpp b/src/cpp/HTTPInterface/UpdateUserPasswordPage.cpp
index eeffb5fc0..e04bb7218 100644
--- a/src/cpp/HTTPInterface/UpdateUserPasswordPage.cpp
+++ b/src/cpp/HTTPInterface/UpdateUserPasswordPage.cpp
@@ -78,6 +78,9 @@ void UpdateUserPasswordPage::handleRequest(Poco::Net::HTTPServerRequest& request
 					if(sessionState == SESSION_STATE_RESET_PASSWORD_REQUEST) {
 						state = PAGE_STATE_SUCCEED;
 						mSession->updateState(SESSION_STATE_RESET_PASSWORD_SUCCEED);
+						sm->deleteLoginCookies(request, response, mSession);
+						sm->releaseSession(mSession);
+						mSession = nullptr;
 					} else {
 						response.redirect(uri_start + "/passphrase");
 						return;
@@ -86,9 +89,11 @@ void UpdateUserPasswordPage::handleRequest(Poco::Net::HTTPServerRequest& request
 			}
 		}
 	}
-	getErrors(mSession);
+	if(mSession) {
+		getErrors(mSession);
+	}
 	getErrors(user);
-	printf("session state end [UpdateUserPassword Page]: %s\n", mSession->getSessionStateString());
+	//printf("session state end [UpdateUserPassword Page]: %s\n", mSession->getSessionStateString());
 	std::ostream& _responseStream = response.send();
 	Poco::DeflatingOutputStream _gzipStream(_responseStream, Poco::DeflatingStreamBuf::STREAM_GZIP, 1);
 	std::ostream& responseStream = _compressResponse ? _gzipStream : _responseStream;
@@ -159,11 +164,11 @@ void UpdateUserPasswordPage::handleRequest(Poco::Net::HTTPServerRequest& request
 	responseStream << "\n";
 	responseStream << "<div class=\"grd_container\">\n";
 	responseStream << "\t";
-#line 72 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\UpdateUserPassword.cpsp"
+#line 77 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\UpdateUserPassword.cpsp"
  if(PAGE_STATE_ASK_PASSWORD == state ) { 	responseStream << "\n";
 	responseStream << "\t<h1>Passwort bestimmen</h1>\n";
 	responseStream << "\t";
-#line 74 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\UpdateUserPassword.cpsp"
+#line 79 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\UpdateUserPassword.cpsp"
 	responseStream << ( getErrorsHtml() );
 	responseStream << "\n";
 	responseStream << "\t<form method=\"POST\">\t\n";
@@ -184,15 +189,15 @@ void UpdateUserPasswordPage::handleRequest(Poco::Net::HTTPServerRequest& request
 	responseStream << "\t\t<input class=\"grd-form-bn grd-form-bn-succeed grd_clickable\" type=\"submit\" name=\"submit\" value=\"&Auml;nderung(en) speichern\">\n";
 	responseStream << "\t</form>\n";
 	responseStream << "\t";
-#line 92 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\UpdateUserPassword.cpsp"
+#line 97 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\UpdateUserPassword.cpsp"
  } else if(PAGE_STATE_SUCCEED == state) { 	responseStream << "\n";
 	responseStream << "\t\t<p>Deine Daten werden jetzt mit dem neuen Passwort verschl&uuml;sselt. Du kannst dich in etwa 1 Minute mit deinem neuen Passwort einloggen</p>\n";
 	responseStream << "\t\t<a href=\"";
-#line 94 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\UpdateUserPassword.cpsp"
+#line 99 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\UpdateUserPassword.cpsp"
 	responseStream << ( uri_start );
 	responseStream << "/login\" class=\"grd-form-bn grd-form-bn-succeed\">Zum Login</a>\n";
 	responseStream << "\t";
-#line 95 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\UpdateUserPassword.cpsp"
+#line 100 "F:\\Gradido\\gradido_login_server\\src\\cpsp\\UpdateUserPassword.cpsp"
  } 	responseStream << "\n";
 	responseStream << "</div>\n";
 	// begin include footer.cpsp
diff --git a/src/cpp/model/User.cpp b/src/cpp/model/User.cpp
index 212a8ab69..a36ba62b4 100644
--- a/src/cpp/model/User.cpp
+++ b/src/cpp/model/User.cpp
@@ -652,15 +652,16 @@ bool User::updatePassword(const std::string& newPassword, const std::string& pas
 	bool passwordHashedCalculated = false;
 
 	// no previous password set
-	if (!mPasswordHashed) {
+
+	//if (!mPasswordHashed) {
 		duplicate();
 		lock(functionName);
 		//printf("[User::setNewPassword] start create crypto key task with this: %d\n", this);
 		mCreateCryptoKeyTask = new UserCreateCryptoKey(this, newUser, newPassword, ServerConfig::g_CPUScheduler);
 		mCreateCryptoKeyTask->scheduleTask(mCreateCryptoKeyTask);
 		unlock();
-	}
-	else {
+	//}
+	/*else {
 		// compare with previous password
 		auto cryptoKey = createCryptoKey(newPassword);
 		auto passwordHash = createPasswordHashed(cryptoKey);
@@ -678,7 +679,7 @@ bool User::updatePassword(const std::string& newPassword, const std::string& pas
 		}
 		mCryptoKey = cryptoKey;
 		unlock();
-	}
+	}*/
 
 	duplicate();
 	UniLib::controller::TaskPtr savePassword(nullptr);
diff --git a/src/cpsp/passphrase.cpsp b/src/cpsp/passphrase.cpsp
index e438d2e1c..83ac8506c 100644
--- a/src/cpsp/passphrase.cpsp
+++ b/src/cpsp/passphrase.cpsp
@@ -291,9 +291,9 @@ enum PageState
 	  <div class="col-md-10 mx-auto">
 		<div class="form-group row showcase_row_area">
 		  <div class="col-md-12 col-lg-12 ">
+			<h5 class="alert-heading"><%= gettext("Konto wiederherstellen / Neues Passwort anlegen") %></h5>
 			<div class="col-lg-12 col-md-12 mx-auto alert alert-primary" style="text-align:center">
-			  <h5 class="alert-heading"><%= gettext("Konto wiederherstellen / Neues Passwort anlegen") %></h5>
-			  <p><%= gettext("Um dein Konto wiederherzustellen, dir ein Neues Passwort auswählen zu können, tippe hier bitte die Wörter deiner Passphrase in der richtigen Reihenfolge ein, welche du dir aufgeschrieben hast.") %></p>
+			  <p><%= gettext("Um dein Konto wiederherzustellen und dir ein Neues Passwort auswählen zu können, tippe hier bitte die Wörter deiner Passphrase in der richtigen Reihenfolge ein, welche du dir aufgeschrieben hast.") %></p>
 			</div>
 			<form method="POST" action="<%= uri_start %>/passphrase">
 				<textarea class="form-control" name="passphrase-existing" cols="12" rows="5"><%= !form.empty() ? form.get("passphrase-existing", "") : "" %></textarea>
diff --git a/src/cpsp/updateUserPassword.cpsp b/src/cpsp/updateUserPassword.cpsp
index 57cd5d907..c1279d747 100644
--- a/src/cpsp/updateUserPassword.cpsp
+++ b/src/cpsp/updateUserPassword.cpsp
@@ -56,6 +56,9 @@ enum PageState {
 					if(sessionState == SESSION_STATE_RESET_PASSWORD_REQUEST) {
 						state = PAGE_STATE_SUCCEED;
 						mSession->updateState(SESSION_STATE_RESET_PASSWORD_SUCCEED);
+						sm->deleteLoginCookies(request, response, mSession);
+						sm->releaseSession(mSession);
+						mSession = nullptr;
 					} else {
 						response.redirect(uri_start + "/passphrase");
 						return;
@@ -64,9 +67,11 @@ enum PageState {
 			}
 		}
 	}
-	getErrors(mSession);
+	if(mSession) {
+		getErrors(mSession);
+	}
 	getErrors(user);
-	printf("session state end [UpdateUserPassword Page]: %s\n", mSession->getSessionStateString());
+	//printf("session state end [UpdateUserPassword Page]: %s\n", mSession->getSessionStateString());
 %><%@ include file="header_old.cpsp" %>
 <div class="grd_container">
 	<% if(PAGE_STATE_ASK_PASSWORD == state ) { %>