From 1a79eaac5187c5726c2e08d8b9b4709ce829053f Mon Sep 17 00:00:00 2001 From: Albert S Date: Fri, 26 Mar 2021 22:50:55 +0100 Subject: [PATCH 1/2] Introduce HandlerUserSettings to change user settings, e. g. pw changes --- handlers/handlerfactory.cpp | 5 +++ handlers/handlerusersettings.cpp | 71 ++++++++++++++++++++++++++++++++ handlers/handlerusersettings.h | 13 ++++++ 3 files changed, 89 insertions(+) create mode 100644 handlers/handlerusersettings.cpp create mode 100644 handlers/handlerusersettings.h diff --git a/handlers/handlerfactory.cpp b/handlers/handlerfactory.cpp index a5938fc..f9e5ff7 100644 --- a/handlers/handlerfactory.cpp +++ b/handlers/handlerfactory.cpp @@ -32,6 +32,7 @@ SOFTWARE. #include "handlercategory.h" #include "handlerhistory.h" #include "handlerpagedelete.h" +#include "handlerusersettings.h" std::unique_ptr HandlerFactory::createHandler(const std::string &action, Session &userSession) { @@ -75,6 +76,10 @@ std::unique_ptr HandlerFactory::createHandler(const std::string &action { return produce(userSession); } + if(action == "usersettings") + { + return produce(userSession); + } return produce(userSession); } diff --git a/handlers/handlerusersettings.cpp b/handlers/handlerusersettings.cpp new file mode 100644 index 0000000..bd1aa1e --- /dev/null +++ b/handlers/handlerusersettings.cpp @@ -0,0 +1,71 @@ +#include "handlerusersettings.h" +#include "../authenticator.h" +#include "../random.h" + +Response HandlerUserSettings::handleRequest(const Request &r) +{ + if(r.getRequestMethod() == "POST") + { + if(r.post("do") == "submit") + { + std::string oldpassword = r.post("oldpassword"); + std::string newpassword = r.post("newpassword"); + std::string newpasswordconfirm = r.post("newpasswordconfirm"); + + if(newpassword != newpasswordconfirm) + { + //TODO: is not nice, users has to hit the back button... + return this->errorResponse("Passwords don't match", "The entered new passwords don't match"); + } + auto userDao = this->database->createUserDao(); + Authenticator authenticator(*userDao); + + std::variant authresult = authenticator.authenticate(this->userSession->user.login, oldpassword); + if(std::holds_alternative(authresult)) + { + return this->errorResponse("Invalid current password", "The old password you entered is invalid"); + } + Random r; + std::vector salt = r.getRandom(23); + User user = std::get(authresult); + user.salt = salt; + user.password = authenticator.hash(newpassword, user.salt); + if(user.password.empty()) + { + Logger::error() << "Authenticator pbkdf5 returned emptys hash"; + return this->errorResponse("Error", "An error occured while trying to store new password"); + } + try + { + userDao->save(user); + } + catch(const DatabaseException &e) + { + Logger::debug() << "Error saving user: " << e.what(); + return errorResponse("Error", "A database error occured while trying to save user with new settings"); + } + + return Response::redirectTemporarily(this->urlProvider->userSettings()); + } + } + + TemplatePage &userSettingsPage = this->templ->getPage("usersettings"); + setGeneralVars(userSettingsPage); + userSettingsPage.setVar("usersettingsurl", urlProvider->userSettings()); + userSettingsPage.setVar("title", createPageTitle("User settings - " + this->userSession->user.login)); + Response result; + result.setStatus(200); + result.setBody(userSettingsPage.render()); + + return result; +} + +bool HandlerUserSettings::canAccess(const Permissions &perms) +{ + return this->userSession->loggedIn; +} + +std::string HandlerUserSettings::accessErrorMessage() +{ + return "Only logged-in users can change their settings"; +} diff --git a/handlers/handlerusersettings.h b/handlers/handlerusersettings.h new file mode 100644 index 0000000..364e586 --- /dev/null +++ b/handlers/handlerusersettings.h @@ -0,0 +1,13 @@ +#ifndef HANDLERUSERSETTINGS_H +#define HANDLERUSERSETTINGS_H +#include "handler.h" +class HandlerUserSettings : public Handler +{ + public: + using Handler::Handler; + Response handleRequest(const Request &r); + bool canAccess(const Permissions &perms); + std::string accessErrorMessage(); +}; + +#endif // HANDLERUSERSETTINGS_H -- 2.46.2 From 30f86641b44a8b47c2ab2b89b4f18a74162f813d Mon Sep 17 00:00:00 2001 From: Albert S Date: Fri, 26 Mar 2021 22:51:35 +0100 Subject: [PATCH 2/2] template: Remove user_changepw, it's usersettings now --- template/quitesimple/user_changepw | 15 --------------- 1 file changed, 15 deletions(-) delete mode 100644 template/quitesimple/user_changepw diff --git a/template/quitesimple/user_changepw b/template/quitesimple/user_changepw deleted file mode 100644 index 1cfbad4..0000000 --- a/template/quitesimple/user_changepw +++ /dev/null @@ -1,15 +0,0 @@ -{qswiki:include:general_header} -
-

Login

-Change your current password -
-Current password:
-New Password:
-Repeat password:
- - - - -
-
-{qswiki:include:general_footer} \ No newline at end of file -- 2.46.2