From b0b8dd5ec0aa12d61b05749f6a0bc31d713c24d0 Mon Sep 17 00:00:00 2001 From: Tina_Azure <-> Date: Thu, 11 May 2023 18:23:49 +0200 Subject: [PATCH] Secure Cookie Values from hardcoding to const static variable --- src/main.cpp | 8 ++++---- src/templateConstCollection.cpp | 3 +++ src/utilities.cpp | 4 ++-- 3 files changed, 9 insertions(+), 6 deletions(-) diff --git a/src/main.cpp b/src/main.cpp index 94a5eda..a46c486 100644 --- a/src/main.cpp +++ b/src/main.cpp @@ -288,8 +288,8 @@ int main(int argc, char *argv[]) { pqxx::connection databaseConnection(configuration.databaseConnectionString); Database::prepareStatement(databaseConnection, ID_UPDATE_LOGIN_VALIDATION_KEY); Database::executePreparedStatement_UPDATE_LOGIN_VALIDATION_KEY(databaseConnection, "EXPIRED", freelancerEmail); - ctx.set_cookie("loginKey", Utilities::generateExpiredCookie()); - ctx.set_cookie("freelancerEmail", Utilities::generateExpiredCookie()); + ctx.set_cookie(COOKIE_LOGIN_KEY, Utilities::generateExpiredCookie()); + ctx.set_cookie(COOKIE_FREELANCER_EMAIL, Utilities::generateExpiredCookie()); } res.redirect("/"); res.end(); @@ -502,8 +502,8 @@ int main(int argc, char *argv[]) { Database::executePreparedStatement_UPDATE_LOGIN_VALIDATION_KEY(databaseConnection, loginKeyValue, email); std::string loginKeyCookieValue = Utilities::generateSecureCookieLoginKeyValue(loginKeyValue, stayLoggedIn); std::string freelancerEmailCookieValue = Utilities::generateSecureCookieFreelancerEmailValue(email, stayLoggedIn); - cookieCtx.set_cookie("loginKey", loginKeyCookieValue); - cookieCtx.set_cookie("freelancerEmail",freelancerEmailCookieValue); + cookieCtx.set_cookie(COOKIE_LOGIN_KEY, loginKeyCookieValue); + cookieCtx.set_cookie(COOKIE_FREELANCER_EMAIL,freelancerEmailCookieValue); ctx[MUSTACHE_LOGIN_SUCCESS] = true; ctx[MUSTACHE_COOKIE_LOGGED_IN] = true; } diff --git a/src/templateConstCollection.cpp b/src/templateConstCollection.cpp index eda90e9..9ea0d8c 100644 --- a/src/templateConstCollection.cpp +++ b/src/templateConstCollection.cpp @@ -61,5 +61,8 @@ namespace TemplateConstCollection { const static std::string MUSTACHE_PAGINATION_PREVIOUS = "PAGINATION_PREVIOUS"; const static std::string MUSTACHE_PAGINATION_NEXT = "PAGINATION_NEXT"; + //Cookie names + const static std::string COOKIE_LOGIN_KEY = "loginKey"; + const static std::string COOKIE_FREELANCER_EMAIL = "freelancerEmail"; } #endif \ No newline at end of file diff --git a/src/utilities.cpp b/src/utilities.cpp index 79b132d..3c13e54 100644 --- a/src/utilities.cpp +++ b/src/utilities.cpp @@ -476,8 +476,8 @@ namespace Utilities { */ bool checkCookieLoginState(const Utilities::config& configuration, const crow::CookieParser::context& ctx) { bool loginValid = false; - std::string loginKey = ctx.get_cookie("loginKey"); - std::string freelancerEmail = ctx.get_cookie("freelancerEmail"); + std::string loginKey = ctx.get_cookie(COOKIE_LOGIN_KEY); + std::string freelancerEmail = ctx.get_cookie(COOKIE_FREELANCER_EMAIL); if (!freelancerEmail.empty() && !loginKey.empty()) if (Utilities::checkFreelancerLoginState(configuration, loginKey, freelancerEmail)) loginValid = true;