IT4Change/gradido
3
0
Fork 0
mirror of https://github.com/IT4Change/gradido.git synced 2025-12-13 07:45:54 +00:00
Code Issues Packages Projects Releases Wiki Activity
gradido/src/cpsp/login.cpsp

296 lines
10 KiB
Plaintext
Raw Blame History

<%@ page class="LoginPage" %>
<%@ page form="true" %>
<%@ page baseClass="SessionHTTPRequestHandler" %>
<%@ page ctorArg="Session*" %>
<%@ header include="SessionHTTPRequestHandler.h" %>
<%@ page compressed="true" %>
<%!
#include "../gettext.h"
#include "Poco/Net/HTTPCookie.h"
#include "Poco/Net/HTTPServerParams.h"
#include "Poco/URI.h"
#include "Poco/Logger.h"
#include "../SingletonManager/SessionManager.h"
#include "../SingletonManager/LanguageManager.h"
#include "../SingletonManager/ErrorManager.h"
#include "../lib/JsonRequest.h"
%>
<%%
const char* pageName = "Login";
auto sm = SessionManager::getInstance();
auto lm = LanguageManager::getInstance();
auto em = ErrorManager::getInstance();
auto uri = Poco::URI(request.getURI());
auto query_parameter = uri.getQueryParameters();
std::string caller_uri = "";
auto lang = chooseLanguage(request);
//printf("choose language return: %d\n", lang);
auto langCatalog = lm->getFreeCatalog(lang);
std::string presetEmail("");
if(mSession && mSession->getNewUser()) {
presetEmail = mSession->getNewUser()->getModel()->getEmail();
}
if(!form.empty()) {
caller_uri = form.get("caller_uri", "");
//printf("form.get: caller_uri: %s\n", caller_uri.data());
bool langUpdatedByBtn = false;
auto langBtn = form.get("lang", "");
if(langBtn != "") {
langUpdatedByBtn = true;
}
/*
auto langInput = form.get("lang", "");
auto updatedLang = LANG_NULL;
if(langBtn != "") {
updatedLang = chooseLanguage(request, langBtn);
langUpdatedByBtn = true;
} else if(langInput != "") {
updatedLang = chooseLanguage(request, langInput);
}
if(updatedLang != LANG_NULL && updatedLang != lang) {
lang = updatedLang;
langCatalog = lm->getFreeCatalog(lang);
}
*/
auto email = form.get("login-email", "");
auto password = form.get("login-password", "");
/*
if(email != "" && password != "") {
//auto session = sm->getSession(request);
//if(!mSession) mSession = sm->findByEmail(email);
if(!mSession) {
mSession = sm->getNewSession();
mSession->setLanguageCatalog(langCatalog);
// get language
// first check url, second check language header
// for debugging client ip
auto client_host = request.clientAddress().host();
//auto client_ip = request.clientAddress();
// X-Real-IP forwarded ip from nginx config
auto client_host_string = request.get("X-Real-IP", client_host.toString());
std::string clientIpString = "client ip: ";
client_host = Poco::Net::IPAddress(client_host_string);
clientIpString += client_ip.toString();
// clientIpString += client_host_string;
Poco::Logger::get("requestLog").information(clientIpString);
// debugging end
auto user_host = request.clientAddress().host();
mSession->setClientIp(user_host);
// mSession->setClientIp(client_host);
response.addCookie(mSession->getLoginCookie());
} else {
langCatalog = mSession->getLanguageCatalog();
*/
/*if(mSession) {
printf("start with session: %d\n", mSession->getHandle());
} else {
printf("start without session\n");
}*/
if(!mSession) {
mSession = sm->getNewSession();
mSession->setLanguageCatalog(langCatalog);
// get language
// first check url, second check language header
// for debugging client ip
auto client_host = request.clientAddress().host();
//auto client_ip = request.clientAddress();
// X-Real-IP forwarded ip from nginx config
auto client_host_string = request.get("X-Real-IP", client_host.toString());
std::string clientIpString = "client ip: ";
client_host = Poco::Net::IPAddress(client_host_string);
clientIpString += client_host_string;
Poco::Logger::get("requestLog").information(clientIpString);
// debugging end
mSession->setClientIp(client_host);
// TODO: check for valid url
if(caller_uri != "") {
mSession->setCallerUri(caller_uri);
}
response.addCookie(mSession->getLoginCookie());
} else {
langCatalog = mSession->getLanguageCatalog();
if(caller_uri == "") {
caller_uri = mSession->getCallerUri();
}
}
//printf("after session: caller_uri: %s\n", caller_uri.data());
if(email != "" && password != "") {
UserState user_state;
try {
user_state = mSession->loadUser(email, password);
} catch (Poco::Exception& ex) {
addError(new ParamError("login", "exception by calling loadUser: ", ex.displayText()));
sendErrorsAsEmail();
addError(new Error("Error", "Intern Server error, please try again later"));
}
auto user = mSession->getNewUser();
if(user_state >= USER_LOADED_FROM_DB && !user->getModel()->getPublicKey()) {
if(mSession->generateKeys(true, true)) {
user_state = USER_COMPLETE;
if(user->getModel()->isDisabled()) {
user_state = USER_DISABLED;
}
}
} else {
//printf("pubkey exist: %p\n",user->getModel()->getPublicKey());
}
getErrors(mSession);
auto lastExternReferer = mSession->getLastReferer();
//printf("user_state: %d\n", user_state);
switch(user_state) {
case USER_EMPTY:
case USER_PASSWORD_INCORRECT:
addError(new Error(langCatalog->gettext("Login"), langCatalog->gettext("E-Mail or password isn't right, please try again!")), false);
if(mSession) {
getErrors(mSession);
sm->releaseSession(mSession);
}
sm->deleteLoginCookies(request, response);
break;
case USER_PASSWORD_ENCRYPTION_IN_PROCESS:
addError(new Error(langCatalog->gettext("Passwort"), langCatalog->gettext("Passwort wird noch berechnet, bitte versuche es in etwa 1 Minute erneut.")), false);
break;
case USER_KEYS_DONT_MATCH:
addError(new Error(langCatalog->gettext("User"), langCatalog->gettext("Error in saved data, the server admin will look at it.")));
break;
case USER_DISABLED:
addError(new Error(langCatalog->gettext("User"), langCatalog->gettext("Benutzer ist deaktiviert, kein Login möglich!")));
if(mSession) {
getErrors(mSession);
sm->releaseSession(mSession);
mSession = nullptr;
}
sm->deleteLoginCookies(request, response);
break;
case USER_NO_GROUP:
response.redirect(getBaseUrl() + "/userUpdateGroup");
return;
case USER_NO_PRIVATE_KEY:
case USER_COMPLETE:
case USER_EMAIL_NOT_ACTIVATED:
for(auto it = query_parameter.begin(); it != query_parameter.end(); it++) {
printf("query parameter: %s: %s\n", it->first.data(), it->second.data());
if(it->first == "caller_uri") {
std::string redirect_url = it->second;
redirect_url += "?session_id=" + std::to_string(mSession->getHandle());
response.redirect(redirect_url);
}
}
auto referer = request.find("Referer");
std::string refererString;
if (referer != request.end()) {
refererString = referer->second;
}
if(caller_uri != "")
{
std::string redirect_url = caller_uri;
redirect_url += "?session_id=" + std::to_string(mSession->getHandle());
response.redirect(redirect_url);
}
else if(lastExternReferer != "") {
printf("redirect to: %s (last extern referer)\n", lastExternReferer.data());
response.redirect(lastExternReferer);
}
else if(refererString != "" && refererString != "/" &&
refererString.find("login") == std::string::npos &&
refererString.find("logout") == std::string::npos &&
refererString.find("user_delete") == std::string::npos &&
refererString != getBaseUrl() + request.getURI() &&
refererString != user->getGroupBaseUrl() + request.getURI())
{
std::string uri = request.getURI();
printf("request uri: %s, redirect to: %s\n", uri.data(), refererString.data());
response.redirect(refererString);
}
else
{
if(user->getModel()->getGroupId() != 0) {
printf("redirect to: %s/\n", user->getGroupBaseUrl().data());
auto group = controller::Group::load(user->getModel()->getGroupId());
response.redirect(user->getGroupBaseUrl() + "/");
} else {
response.redirect("https://" + request.getHost() + "/");
}
}
return;
}
} else if(!langUpdatedByBtn && caller_uri == "") {
addError(new Error(langCatalog->gettext("Login"), langCatalog->gettext("Username and password are needed!")), false);
}
} else {
// on enter login page with empty form
//auto session = sm->getSession(request);
// remove old cookies and session if exist
if(mSession) {
getErrors(mSession);
sm->releaseSession(mSession);
}
sm->deleteLoginCookies(request, response);
}
std::string form_action_url = ServerConfig::g_serverPath + "/";
if(mSession && !mSession->getNewUser().isNull()) {
form_action_url = mSession->getNewUser()->getGroupBaseUrl() + "/";
} else {
form_action_url = getBaseUrl() + "/";
}
%><%@ include file="header.cpsp" %>
<%= getErrorsHtml() %>
<!--<input type="hidden" name="lang" value="<%= LanguageManager::keyForLanguage(lang) %>">-->
<div class="center-form-container">
<%@ include file="flags.cpsp" %>
<div class="center-form-form">
<form action="<%= form_action_url %>" method="POST">
<input class="form-control" type="text" name="login-email" placeholder="<%= langCatalog->gettext("E-Mail") %>" value="<%= presetEmail %>"/>
<input class="form-control" type="password" name="login-password" placeholder="<%= langCatalog->gettext("Password") %>" />
<button type="submit" name="submit" class="center-form-submit form-button"><%= langCatalog->gettext(" Login ") %></button>
</form>
</div>
<div class="center-form-bottom">
<div class="signup-link">
<p><%= langCatalog->gettext("You haven't any account yet? Please follow the link to create one.") %></p>
<a href="https://elopage.com/s/gradido/registration-de/payment?locale=de">
<%= langCatalog->gettext("Create New Account") %>
</a>
</div>
<div class="reset-pwd-link">
<a href="<%= getBaseUrl() %>/resetPassword"><%= langCatalog->gettext("Passwort vergessen") %></a>
</div>
</div>
</div>
<p>&nbsp;</p>
<div class="container">
<a href="https://docs.google.com/document/d/1jZp-DiiMPI9ZPNXmjsvOQ1BtnfDFfx8BX7CDmA8KKjY/edit?usp=sharing" target="_blank">Zum Whitepaper</a>
<br>
<br>
<a href="https://docs.google.com/document/d/1kcX1guOi6tDgnFHD9tf7fB_MneKTx-0nHJxzdN8ygNs/edit?usp=sharing" target="_blank">To the Whitepaper</a>
</div>
<%@ include file="footer.cpsp" %>
Reference in New Issue View Git Blame Copy Permalink