Cavemanon/cavecomm
Archived
9
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

Minor bugfix:

Browse Source 
statement name, replace true/false with t/f due to postgresql, activate mustache variable for the logged in state
statment replacement since it's not possible to bind data into a string within a statement
This commit is contained in:
Tina_Azure
2023-05-08 16:40:51 +02:00
parent 7e8558989c
commit 123d98828c
4 changed files with 21 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/databaseStatementConstCollection.cpp
View File

@ -171,7 +171,7 @@ namespace DatabaseStatementConstCollection {
/* /*
* Name and Statement for prepared statement to try to add a new entry into the login lockout * Name and Statement for prepared statement to try to add a new entry into the login lockout
*/ */
const static std::string PREPARED_STATEMENT_INSERT_LOGIN_LOCK_OUT = "updateIncrementLoginLockOutAttempts"; const static std::string PREPARED_STATEMENT_INSERT_LOGIN_LOCK_OUT = "insertLoginLockOut";
const static std::string SQL_STATEMENT_INSERT_LOGIN_LOCK_OUT = "insert into loginlockout values ($1, 0, CURRENT_TIMESTAMP) on conflict do nothing;"; const static std::string SQL_STATEMENT_INSERT_LOGIN_LOCK_OUT = "insert into loginlockout values ($1, 0, CURRENT_TIMESTAMP) on conflict do nothing;";
/* /*
@ -184,7 +184,7 @@ namespace DatabaseStatementConstCollection {
* Name and Statement for prepared statement to update the expiration and reset the login attempts * Name and Statement for prepared statement to update the expiration and reset the login attempts
*/ */
const static std::string PREPARED_STATEMENT_UPDATE_EXPIRATION_LOGIN_LOCK_OUT = "updateExpirationLoginLockOut"; const static std::string PREPARED_STATEMENT_UPDATE_EXPIRATION_LOGIN_LOCK_OUT = "updateExpirationLoginLockOut";
const static std::string SQL_STATEMENT_UPDATE_EXPIRATION_LOGIN_LOCK_OUT = "update loginlockout set (attempts, expiration) = (0, CURRENT_TIMESTAMP + INTERVAL $2 ) where email = $1;"; const static std::string SQL_STATEMENT_UPDATE_EXPIRATION_LOGIN_LOCK_OUT = "update loginlockout set (attempts, expiration) = (0, CURRENT_TIMESTAMP + make_interval(secs => $2)) where email = $1;";
/* /*
* IDs of prepared statements * IDs of prepared statements

17
src/main.cpp
View File

@ -37,15 +37,20 @@ int main(int argc, char *argv[]) {
* Freelancer Profile listing for customers * Freelancer Profile listing for customers
*/ */
CROW_ROUTE(app, "/").methods("POST"_method, "GET"_method) CROW_ROUTE(app, "/").methods("POST"_method, "GET"_method)
([configuration](const crow::request& request) { ([&, configuration](const crow::request& request) {
int selectedPage = 1; int selectedPage = 1;
if (!request.url_params.keys().empty()) { if (!request.url_params.keys().empty() && request.url_params.get("page") != nullptr) {
string selectedPageString = request.url_params.get("page"); string selectedPageString = request.url_params.get("page");
if (!selectedPageString.empty()) if (!selectedPageString.empty())
selectedPage = stoi(selectedPageString); selectedPage = stoi(selectedPageString);
} }
auto page = crow::mustache::load(TEMPLATE_CUSTOMER_INDEX_FREELANCER_LISTING); auto page = crow::mustache::load(TEMPLATE_CUSTOMER_INDEX_FREELANCER_LISTING);
crow::mustache::context ctx(Utilities::getFreelancerListing(configuration, selectedPage)); crow::mustache::context ctx(Utilities::getFreelancerListing(configuration, selectedPage));
auto& cookieCtx = app.get_context<crow::CookieParser>(request);
if (Utilities::checkCookieLoginState(configuration, cookieCtx))
ctx[MUSTACHE_COOKIE_LOGGED_IN] = true;
if (configuration.itemsPerPage > 0) { if (configuration.itemsPerPage > 0) {
ctx[MUSTACHE_PAGINATION] = true; ctx[MUSTACHE_PAGINATION] = true;
vector<int> pages = Utilities::getFreelancerIndexPagination(configuration); vector<int> pages = Utilities::getFreelancerIndexPagination(configuration);
@ -477,10 +482,11 @@ int main(int argc, char *argv[]) {
ID_SELECT_CHECK_LOGIN_LOCK_OUT, ID_SELECT_CHECK_LOGIN_LOCK_OUT,
ID_SELECT_GET_LOGIN_LOCK_OUT_MINUTES ID_SELECT_GET_LOGIN_LOCK_OUT_MINUTES
}); });
pqxx::result checkloginLockedOut = Database::executePreparedStatement_SELECT_CHECK_LOGIN_LOCK_OUT(databaseConnection, email); pqxx::result checkloginLockedOut = Database::executePreparedStatement_SELECT_CHECK_LOGIN_LOCK_OUT(databaseConnection, email);
string checkloginLockedOutExtracted = checkloginLockedOut.at(0).at(0).c_str(); string checkloginLockedOutExtracted = "f";
if (checkloginLockedOutExtracted != "true") { if (!checkloginLockedOut.empty())
checkloginLockedOutExtracted = checkloginLockedOut.at(0).at(0).c_str();
if (checkloginLockedOutExtracted != "t") {
pqxx::result checkFreelancerExists = Database::executePreparedStatement_SELECT_CHECK_EMAIL_EXISTS(databaseConnection, email); pqxx::result checkFreelancerExists = Database::executePreparedStatement_SELECT_CHECK_EMAIL_EXISTS(databaseConnection, email);
int checkFreelancerExistsExtracted = stoi(checkFreelancerExists.at(0).at(0).c_str()); int checkFreelancerExistsExtracted = stoi(checkFreelancerExists.at(0).at(0).c_str());
if (checkFreelancerExistsExtracted == 1) { if (checkFreelancerExistsExtracted == 1) {
@ -499,6 +505,7 @@ int main(int argc, char *argv[]) {
cookieCtx.set_cookie("loginKey", loginKeyCookieValue); cookieCtx.set_cookie("loginKey", loginKeyCookieValue);
cookieCtx.set_cookie("freelancerEmail",freelancerEmailCookieValue); cookieCtx.set_cookie("freelancerEmail",freelancerEmailCookieValue);
ctx[MUSTACHE_LOGIN_SUCCESS] = true; ctx[MUSTACHE_LOGIN_SUCCESS] = true;
ctx[MUSTACHE_COOKIE_LOGGED_IN] = true;
} }
else { else {
ctx[MUSTACHE_LOGIN_ERROR] = true; ctx[MUSTACHE_LOGIN_ERROR] = true;

3
src/utilities.cpp
View File

@ -499,7 +499,8 @@ namespace Utilities {
Database::executePreparedStatement_UPDATE_INCREMENT_LOGIN_LOCK_OUT_ATTEMPTS(connection, emailAddress); Database::executePreparedStatement_UPDATE_INCREMENT_LOGIN_LOCK_OUT_ATTEMPTS(connection, emailAddress);
pqxx::result loginAttemptsCheck = Database::executePreparedStatement_CHECK_LOGIN_LOCK_OUT_ATTEMPTS(connection, emailAddress, configuration.bruteForceMitigationAttempts); pqxx::result loginAttemptsCheck = Database::executePreparedStatement_CHECK_LOGIN_LOCK_OUT_ATTEMPTS(connection, emailAddress, configuration.bruteForceMitigationAttempts);
std::string loginAttemptsCheckExtracted = loginAttemptsCheck.at(0).at(0).c_str(); std::string loginAttemptsCheckExtracted = loginAttemptsCheck.at(0).at(0).c_str();
if (loginAttemptsCheckExtracted == "true") { //a true false evaluation by postgresql delivers t or f
if (loginAttemptsCheckExtracted == "t") {
Database::executePreparedStatement_UPDATE_EXPIRATION_LOGIN_LOCK_OUT(connection, emailAddress, configuration.bruteForceMitigationLockSeconds); Database::executePreparedStatement_UPDATE_EXPIRATION_LOGIN_LOCK_OUT(connection, emailAddress, configuration.bruteForceMitigationLockSeconds);
} }
} }

6
templates/freelancer_Login_Fulfilment.html
View File

@ -7,12 +7,15 @@
{{#LOGIN_SUCCESS}} {{#LOGIN_SUCCESS}}
<div> <div>
Login Successfull Login Successfull
<form action="/" method="get">
<button type="submit" class="button">Return to Freelancer Selection</button>
</form>
</div> </div>
{{/LOGIN_SUCCESS}} {{/LOGIN_SUCCESS}}
{{#LOGIN_ERROR}} {{#LOGIN_ERROR}}
{{#LOGIN_ERROR_LOCKED_OUT}} {{#LOGIN_ERROR_LOCKED_OUT}}
<div> <div>
Login failed too often please try again in {{LOGIN_ERROR_LOCKED_OUT_MINUTES}} Login failed too often please try again in {{LOGIN_ERROR_LOCKED_OUT_MINUTES}} Minutes
</div> </div>
{{/LOGIN_ERROR_LOCKED_OUT}} {{/LOGIN_ERROR_LOCKED_OUT}}
{{#LOGIN_ERROR_LOGIN_DATA_INVALID}} {{#LOGIN_ERROR_LOGIN_DATA_INVALID}}
@ -32,5 +35,6 @@
<button type="submit" class="button">Log In Error: Return to login</button> <button type="submit" class="button">Log In Error: Return to login</button>
</form> </form>
{{/LOGIN_ERROR}} {{/LOGIN_ERROR}}
{{> templateIncludes/freelancerLoginSignupProfileLogoutInterface.html.html}}
</body> </body>
</html> </html>