From 123d98828c1ba9dfbe03dc79a3eba2828a2260cc Mon Sep 17 00:00:00 2001 From: Tina_Azure <-> Date: Mon, 8 May 2023 16:40:51 +0200 Subject: [PATCH] Minor bugfix: statement name, replace true/false with t/f due to postgresql, activate mustache variable for the logged in state statment replacement since it's not possible to bind data into a string within a statement --- src/databaseStatementConstCollection.cpp | 4 ++-- src/main.cpp | 17 ++++++++++++----- src/utilities.cpp | 3 ++- templates/freelancer_Login_Fulfilment.html | 6 +++++- 4 files changed, 21 insertions(+), 9 deletions(-) diff --git a/src/databaseStatementConstCollection.cpp b/src/databaseStatementConstCollection.cpp index 501c957..747319d 100644 --- a/src/databaseStatementConstCollection.cpp +++ b/src/databaseStatementConstCollection.cpp @@ -171,7 +171,7 @@ namespace DatabaseStatementConstCollection { /* * Name and Statement for prepared statement to try to add a new entry into the login lockout */ - const static std::string PREPARED_STATEMENT_INSERT_LOGIN_LOCK_OUT = "updateIncrementLoginLockOutAttempts"; + const static std::string PREPARED_STATEMENT_INSERT_LOGIN_LOCK_OUT = "insertLoginLockOut"; const static std::string SQL_STATEMENT_INSERT_LOGIN_LOCK_OUT = "insert into loginlockout values ($1, 0, CURRENT_TIMESTAMP) on conflict do nothing;"; /* @@ -184,7 +184,7 @@ namespace DatabaseStatementConstCollection { * Name and Statement for prepared statement to update the expiration and reset the login attempts */ const static std::string PREPARED_STATEMENT_UPDATE_EXPIRATION_LOGIN_LOCK_OUT = "updateExpirationLoginLockOut"; - const static std::string SQL_STATEMENT_UPDATE_EXPIRATION_LOGIN_LOCK_OUT = "update loginlockout set (attempts, expiration) = (0, CURRENT_TIMESTAMP + INTERVAL $2 ) where email = $1;"; + const static std::string SQL_STATEMENT_UPDATE_EXPIRATION_LOGIN_LOCK_OUT = "update loginlockout set (attempts, expiration) = (0, CURRENT_TIMESTAMP + make_interval(secs => $2)) where email = $1;"; /* * IDs of prepared statements diff --git a/src/main.cpp b/src/main.cpp index 0eb57a6..ebc3f0b 100644 --- a/src/main.cpp +++ b/src/main.cpp @@ -37,15 +37,20 @@ int main(int argc, char *argv[]) { * Freelancer Profile listing for customers */ CROW_ROUTE(app, "/").methods("POST"_method, "GET"_method) - ([configuration](const crow::request& request) { + ([&, configuration](const crow::request& request) { int selectedPage = 1; - if (!request.url_params.keys().empty()) { + if (!request.url_params.keys().empty() && request.url_params.get("page") != nullptr) { string selectedPageString = request.url_params.get("page"); if (!selectedPageString.empty()) selectedPage = stoi(selectedPageString); } auto page = crow::mustache::load(TEMPLATE_CUSTOMER_INDEX_FREELANCER_LISTING); crow::mustache::context ctx(Utilities::getFreelancerListing(configuration, selectedPage)); + + auto& cookieCtx = app.get_context(request); + if (Utilities::checkCookieLoginState(configuration, cookieCtx)) + ctx[MUSTACHE_COOKIE_LOGGED_IN] = true; + if (configuration.itemsPerPage > 0) { ctx[MUSTACHE_PAGINATION] = true; vector pages = Utilities::getFreelancerIndexPagination(configuration); @@ -477,10 +482,11 @@ int main(int argc, char *argv[]) { ID_SELECT_CHECK_LOGIN_LOCK_OUT, ID_SELECT_GET_LOGIN_LOCK_OUT_MINUTES }); - pqxx::result checkloginLockedOut = Database::executePreparedStatement_SELECT_CHECK_LOGIN_LOCK_OUT(databaseConnection, email); - string checkloginLockedOutExtracted = checkloginLockedOut.at(0).at(0).c_str(); - if (checkloginLockedOutExtracted != "true") { + string checkloginLockedOutExtracted = "f"; + if (!checkloginLockedOut.empty()) + checkloginLockedOutExtracted = checkloginLockedOut.at(0).at(0).c_str(); + if (checkloginLockedOutExtracted != "t") { pqxx::result checkFreelancerExists = Database::executePreparedStatement_SELECT_CHECK_EMAIL_EXISTS(databaseConnection, email); int checkFreelancerExistsExtracted = stoi(checkFreelancerExists.at(0).at(0).c_str()); if (checkFreelancerExistsExtracted == 1) { @@ -499,6 +505,7 @@ int main(int argc, char *argv[]) { cookieCtx.set_cookie("loginKey", loginKeyCookieValue); cookieCtx.set_cookie("freelancerEmail",freelancerEmailCookieValue); ctx[MUSTACHE_LOGIN_SUCCESS] = true; + ctx[MUSTACHE_COOKIE_LOGGED_IN] = true; } else { ctx[MUSTACHE_LOGIN_ERROR] = true; diff --git a/src/utilities.cpp b/src/utilities.cpp index c736e2c..79b132d 100644 --- a/src/utilities.cpp +++ b/src/utilities.cpp @@ -499,7 +499,8 @@ namespace Utilities { Database::executePreparedStatement_UPDATE_INCREMENT_LOGIN_LOCK_OUT_ATTEMPTS(connection, emailAddress); pqxx::result loginAttemptsCheck = Database::executePreparedStatement_CHECK_LOGIN_LOCK_OUT_ATTEMPTS(connection, emailAddress, configuration.bruteForceMitigationAttempts); std::string loginAttemptsCheckExtracted = loginAttemptsCheck.at(0).at(0).c_str(); - if (loginAttemptsCheckExtracted == "true") { + //a true false evaluation by postgresql delivers t or f + if (loginAttemptsCheckExtracted == "t") { Database::executePreparedStatement_UPDATE_EXPIRATION_LOGIN_LOCK_OUT(connection, emailAddress, configuration.bruteForceMitigationLockSeconds); } } diff --git a/templates/freelancer_Login_Fulfilment.html b/templates/freelancer_Login_Fulfilment.html index e815521..e1a04bc 100644 --- a/templates/freelancer_Login_Fulfilment.html +++ b/templates/freelancer_Login_Fulfilment.html @@ -7,12 +7,15 @@ {{#LOGIN_SUCCESS}}
Login Successfull +
+ +
{{/LOGIN_SUCCESS}} {{#LOGIN_ERROR}} {{#LOGIN_ERROR_LOCKED_OUT}}
- Login failed too often please try again in {{LOGIN_ERROR_LOCKED_OUT_MINUTES}} + Login failed too often please try again in {{LOGIN_ERROR_LOCKED_OUT_MINUTES}} Minutes
{{/LOGIN_ERROR_LOCKED_OUT}} {{#LOGIN_ERROR_LOGIN_DATA_INVALID}} @@ -32,5 +35,6 @@ {{/LOGIN_ERROR}} + {{> templateIncludes/freelancerLoginSignupProfileLogoutInterface.html.html}} \ No newline at end of file