Minor bugfix:

statement name, replace true/false with t/f due to postgresql, activate mustache variable for the logged in state statment replacement since it's not possible to bind data into a string within a statement
2023-05-08 16:40:51 +02:00
parent 7e8558989c
commit 123d98828c
4 changed files with 21 additions and 9 deletions
--- a/src/databaseStatementConstCollection.cpp
+++ b/src/databaseStatementConstCollection.cpp
@ -171,7 +171,7 @@ namespace DatabaseStatementConstCollection {
    /*
     * Name and Statement for prepared statement to try to add a new entry into the login lockout
     */
-    const static std::string PREPARED_STATEMENT_INSERT_LOGIN_LOCK_OUT = "updateIncrementLoginLockOutAttempts";
+    const static std::string PREPARED_STATEMENT_INSERT_LOGIN_LOCK_OUT = "insertLoginLockOut";
    const static std::string SQL_STATEMENT_INSERT_LOGIN_LOCK_OUT = "insert into loginlockout values ($1, 0, CURRENT_TIMESTAMP) on conflict do nothing;";

    /*
@ -184,7 +184,7 @@ namespace DatabaseStatementConstCollection {
     * Name and Statement for prepared statement to update the expiration and reset the login attempts
     */
    const static std::string PREPARED_STATEMENT_UPDATE_EXPIRATION_LOGIN_LOCK_OUT = "updateExpirationLoginLockOut";
-    const static std::string SQL_STATEMENT_UPDATE_EXPIRATION_LOGIN_LOCK_OUT = "update loginlockout set (attempts, expiration) = (0, CURRENT_TIMESTAMP + INTERVAL $2 )  where email = $1;";
+    const static std::string SQL_STATEMENT_UPDATE_EXPIRATION_LOGIN_LOCK_OUT = "update loginlockout set (attempts, expiration) = (0, CURRENT_TIMESTAMP + make_interval(secs => $2))  where email = $1;";

    /*
     * IDs of prepared statements
--- a/src/main.cpp
+++ b/src/main.cpp
@ -37,15 +37,20 @@ int main(int argc, char *argv[]) {
     * Freelancer Profile listing for customers
     */
    CROW_ROUTE(app, "/").methods("POST"_method, "GET"_method)
-            ([configuration](const crow::request& request) {
+            ([&, configuration](const crow::request& request) {
                int selectedPage = 1;
-                if (!request.url_params.keys().empty()) {
+                if (!request.url_params.keys().empty() && request.url_params.get("page") != nullptr)  {
                    string selectedPageString = request.url_params.get("page");
                    if (!selectedPageString.empty())
                        selectedPage = stoi(selectedPageString);
                }
                auto page = crow::mustache::load(TEMPLATE_CUSTOMER_INDEX_FREELANCER_LISTING);
                crow::mustache::context ctx(Utilities::getFreelancerListing(configuration, selectedPage));
+
+                auto& cookieCtx = app.get_context<crow::CookieParser>(request);
+                if (Utilities::checkCookieLoginState(configuration, cookieCtx))
+                    ctx[MUSTACHE_COOKIE_LOGGED_IN] = true;
+
                if (configuration.itemsPerPage > 0) {
                    ctx[MUSTACHE_PAGINATION] = true;
                    vector<int> pages = Utilities::getFreelancerIndexPagination(configuration);
@ -477,10 +482,11 @@ int main(int argc, char *argv[]) {
                            ID_SELECT_CHECK_LOGIN_LOCK_OUT,
                            ID_SELECT_GET_LOGIN_LOCK_OUT_MINUTES
                    });
-
                    pqxx::result checkloginLockedOut = Database::executePreparedStatement_SELECT_CHECK_LOGIN_LOCK_OUT(databaseConnection, email);
-                    string checkloginLockedOutExtracted = checkloginLockedOut.at(0).at(0).c_str();
-                    if (checkloginLockedOutExtracted != "true") {
+                    string checkloginLockedOutExtracted = "f";
+                    if (!checkloginLockedOut.empty())
+                        checkloginLockedOutExtracted = checkloginLockedOut.at(0).at(0).c_str();
+                    if (checkloginLockedOutExtracted != "t") {
                        pqxx::result checkFreelancerExists = Database::executePreparedStatement_SELECT_CHECK_EMAIL_EXISTS(databaseConnection, email);
                        int checkFreelancerExistsExtracted = stoi(checkFreelancerExists.at(0).at(0).c_str());
                        if (checkFreelancerExistsExtracted == 1) {
@ -499,6 +505,7 @@ int main(int argc, char *argv[]) {
                                cookieCtx.set_cookie("loginKey", loginKeyCookieValue);
                                cookieCtx.set_cookie("freelancerEmail",freelancerEmailCookieValue);
                                ctx[MUSTACHE_LOGIN_SUCCESS] = true;
+                                ctx[MUSTACHE_COOKIE_LOGGED_IN] = true;
                            }
                            else {
                                ctx[MUSTACHE_LOGIN_ERROR] = true;
--- a/src/utilities.cpp
+++ b/src/utilities.cpp
@ -499,7 +499,8 @@ namespace Utilities {
        Database::executePreparedStatement_UPDATE_INCREMENT_LOGIN_LOCK_OUT_ATTEMPTS(connection, emailAddress);
        pqxx::result loginAttemptsCheck = Database::executePreparedStatement_CHECK_LOGIN_LOCK_OUT_ATTEMPTS(connection, emailAddress, configuration.bruteForceMitigationAttempts);
        std::string loginAttemptsCheckExtracted = loginAttemptsCheck.at(0).at(0).c_str();
-        if (loginAttemptsCheckExtracted == "true") {
+        //a true false evaluation by postgresql delivers t or f
+        if (loginAttemptsCheckExtracted == "t") {
            Database::executePreparedStatement_UPDATE_EXPIRATION_LOGIN_LOCK_OUT(connection, emailAddress, configuration.bruteForceMitigationLockSeconds);
        }
    }