Secure Cookie Values from hardcoding to const static variable

2023-05-11 18:23:49 +02:00
parent dd64311766
commit b0b8dd5ec0
3 changed files with 9 additions and 6 deletions
--- a/src/main.cpp
+++ b/src/main.cpp
@ -288,8 +288,8 @@ int main(int argc, char *argv[]) {
                    pqxx::connection databaseConnection(configuration.databaseConnectionString);
                    Database::prepareStatement(databaseConnection, ID_UPDATE_LOGIN_VALIDATION_KEY);
                    Database::executePreparedStatement_UPDATE_LOGIN_VALIDATION_KEY(databaseConnection, "EXPIRED", freelancerEmail);
-                    ctx.set_cookie("loginKey", Utilities::generateExpiredCookie());
-                    ctx.set_cookie("freelancerEmail", Utilities::generateExpiredCookie());
+                    ctx.set_cookie(COOKIE_LOGIN_KEY, Utilities::generateExpiredCookie());
+                    ctx.set_cookie(COOKIE_FREELANCER_EMAIL, Utilities::generateExpiredCookie());
                }
                res.redirect("/");
                res.end();
@ -502,8 +502,8 @@ int main(int argc, char *argv[]) {
                                Database::executePreparedStatement_UPDATE_LOGIN_VALIDATION_KEY(databaseConnection, loginKeyValue, email);
                                std::string loginKeyCookieValue = Utilities::generateSecureCookieLoginKeyValue(loginKeyValue, stayLoggedIn);
                                std::string freelancerEmailCookieValue = Utilities::generateSecureCookieFreelancerEmailValue(email, stayLoggedIn);
-                                cookieCtx.set_cookie("loginKey", loginKeyCookieValue);
-                                cookieCtx.set_cookie("freelancerEmail",freelancerEmailCookieValue);
+                                cookieCtx.set_cookie(COOKIE_LOGIN_KEY, loginKeyCookieValue);
+                                cookieCtx.set_cookie(COOKIE_FREELANCER_EMAIL,freelancerEmailCookieValue);
                                ctx[MUSTACHE_LOGIN_SUCCESS] = true;
                                ctx[MUSTACHE_COOKIE_LOGGED_IN] = true;
                            }
--- a/src/templateConstCollection.cpp
+++ b/src/templateConstCollection.cpp
@ -61,5 +61,8 @@ namespace TemplateConstCollection {
    const static std::string MUSTACHE_PAGINATION_PREVIOUS = "PAGINATION_PREVIOUS";
    const static std::string MUSTACHE_PAGINATION_NEXT = "PAGINATION_NEXT";

+    //Cookie names
+    const static std::string COOKIE_LOGIN_KEY = "loginKey";
+    const static std::string COOKIE_FREELANCER_EMAIL = "freelancerEmail";
 }
 #endif
--- a/src/utilities.cpp
+++ b/src/utilities.cpp
@ -476,8 +476,8 @@ namespace Utilities {
     */
    bool checkCookieLoginState(const Utilities::config& configuration, const crow::CookieParser::context& ctx) {
        bool loginValid = false;
-        std::string loginKey = ctx.get_cookie("loginKey");
-        std::string freelancerEmail = ctx.get_cookie("freelancerEmail");
+        std::string loginKey = ctx.get_cookie(COOKIE_LOGIN_KEY);
+        std::string freelancerEmail = ctx.get_cookie(COOKIE_FREELANCER_EMAIL);
        if (!freelancerEmail.empty() && !loginKey.empty())
            if (Utilities::checkFreelancerLoginState(configuration, loginKey, freelancerEmail))
                loginValid = true;