Secure Cookie Values from hardcoding to const static variable
This commit is contained in:
Tina_Azure
@ -288,8 +288,8 @@ int main(int argc, char *argv[]) {
|
|||||||
pqxx::connection databaseConnection(configuration.databaseConnectionString);
|
pqxx::connection databaseConnection(configuration.databaseConnectionString);
|
||||||
Database::prepareStatement(databaseConnection, ID_UPDATE_LOGIN_VALIDATION_KEY);
|
Database::prepareStatement(databaseConnection, ID_UPDATE_LOGIN_VALIDATION_KEY);
|
||||||
Database::executePreparedStatement_UPDATE_LOGIN_VALIDATION_KEY(databaseConnection, "EXPIRED", freelancerEmail);
|
Database::executePreparedStatement_UPDATE_LOGIN_VALIDATION_KEY(databaseConnection, "EXPIRED", freelancerEmail);
|
||||||
ctx.set_cookie("loginKey", Utilities::generateExpiredCookie());
|
ctx.set_cookie(COOKIE_LOGIN_KEY, Utilities::generateExpiredCookie());
|
||||||
ctx.set_cookie("freelancerEmail", Utilities::generateExpiredCookie());
|
ctx.set_cookie(COOKIE_FREELANCER_EMAIL, Utilities::generateExpiredCookie());
|
||||||
}
|
}
|
||||||
res.redirect("/");
|
res.redirect("/");
|
||||||
res.end();
|
res.end();
|
||||||
@ -502,8 +502,8 @@ int main(int argc, char *argv[]) {
|
|||||||
Database::executePreparedStatement_UPDATE_LOGIN_VALIDATION_KEY(databaseConnection, loginKeyValue, email);
|
Database::executePreparedStatement_UPDATE_LOGIN_VALIDATION_KEY(databaseConnection, loginKeyValue, email);
|
||||||
std::string loginKeyCookieValue = Utilities::generateSecureCookieLoginKeyValue(loginKeyValue, stayLoggedIn);
|
std::string loginKeyCookieValue = Utilities::generateSecureCookieLoginKeyValue(loginKeyValue, stayLoggedIn);
|
||||||
std::string freelancerEmailCookieValue = Utilities::generateSecureCookieFreelancerEmailValue(email, stayLoggedIn);
|
std::string freelancerEmailCookieValue = Utilities::generateSecureCookieFreelancerEmailValue(email, stayLoggedIn);
|
||||||
cookieCtx.set_cookie("loginKey", loginKeyCookieValue);
|
cookieCtx.set_cookie(COOKIE_LOGIN_KEY, loginKeyCookieValue);
|
||||||
cookieCtx.set_cookie("freelancerEmail",freelancerEmailCookieValue);
|
cookieCtx.set_cookie(COOKIE_FREELANCER_EMAIL,freelancerEmailCookieValue);
|
||||||
ctx[MUSTACHE_LOGIN_SUCCESS] = true;
|
ctx[MUSTACHE_LOGIN_SUCCESS] = true;
|
||||||
ctx[MUSTACHE_COOKIE_LOGGED_IN] = true;
|
ctx[MUSTACHE_COOKIE_LOGGED_IN] = true;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -61,5 +61,8 @@ namespace TemplateConstCollection {
|
|||||||
const static std::string MUSTACHE_PAGINATION_PREVIOUS = "PAGINATION_PREVIOUS";
|
const static std::string MUSTACHE_PAGINATION_PREVIOUS = "PAGINATION_PREVIOUS";
|
||||||
const static std::string MUSTACHE_PAGINATION_NEXT = "PAGINATION_NEXT";
|
const static std::string MUSTACHE_PAGINATION_NEXT = "PAGINATION_NEXT";
|
||||||
|
|
||||||
|
//Cookie names
|
||||||
|
const static std::string COOKIE_LOGIN_KEY = "loginKey";
|
||||||
|
const static std::string COOKIE_FREELANCER_EMAIL = "freelancerEmail";
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
@ -476,8 +476,8 @@ namespace Utilities {
|
|||||||
*/
|
*/
|
||||||
bool checkCookieLoginState(const Utilities::config& configuration, const crow::CookieParser::context& ctx) {
|
bool checkCookieLoginState(const Utilities::config& configuration, const crow::CookieParser::context& ctx) {
|
||||||
bool loginValid = false;
|
bool loginValid = false;
|
||||||
std::string loginKey = ctx.get_cookie("loginKey");
|
std::string loginKey = ctx.get_cookie(COOKIE_LOGIN_KEY);
|
||||||
std::string freelancerEmail = ctx.get_cookie("freelancerEmail");
|
std::string freelancerEmail = ctx.get_cookie(COOKIE_FREELANCER_EMAIL);
|
||||||
if (!freelancerEmail.empty() && !loginKey.empty())
|
if (!freelancerEmail.empty() && !loginKey.empty())
|
||||||
if (Utilities::checkFreelancerLoginState(configuration, loginKey, freelancerEmail))
|
if (Utilities::checkFreelancerLoginState(configuration, loginKey, freelancerEmail))
|
||||||
loginValid = true;
|
loginValid = true;
|
||||||
|
|||||||
Reference in New Issue
Block a user