From b93641042bd0e27a1595a520bf40a3dd18b8c4f1 Mon Sep 17 00:00:00 2001 From: Tina_Azure <-> Date: Thu, 27 Apr 2023 00:31:06 +0200 Subject: [PATCH] password reset fulfillment handler --- src/main.cpp | 55 +++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 54 insertions(+), 1 deletion(-) diff --git a/src/main.cpp b/src/main.cpp index f5e1ec7..7ae0c22 100644 --- a/src/main.cpp +++ b/src/main.cpp @@ -337,6 +337,59 @@ int main(int argc, char *argv[]) { return page.render(ctx); }); + /* + * Page for fulfillment of password reset + */ + CROW_ROUTE(app, "/passwordreset//fulfilment").methods("POST"_method) + ([&, configuration](const crow::request& postRequest, string passwordResetKey) { + crow::mustache::context ctx; + string postRequestBody = postRequest.body; + Utilities::decodeString(postRequestBody); + vector splitPostRequestBody = Utilities::splitStringIntoVector(postRequestBody, '&'); + string password; + for (const string& item : splitPostRequestBody) { + vector splitItem = Utilities::splitStringIntoVector(item, '='); + if (splitItem.at(0) == "freelancerpassword") + password = splitItem.at(1); + } + pqxx::connection databaseConnection(configuration.databaseConnectionString); + pqxx::result freelancerEmail = Database::executePreparedStatement_SELECT_FREELANCER_EMAIL_FROM_PASSWORD_RESET_KEY(databaseConnection, passwordResetKey); + if (!freelancerEmail.empty() && !password.empty()) { + string email = freelancerEmail.at(0).at(0).c_str(); + pqxx::result keyExpiration = Database::executePreparedStatement_SELECT_CHECK_FREELANCER_RESET_KEY_EXPIRED(databaseConnection, email); + if (stoi(keyExpiration.at(0).at(0).c_str()) == 0) { + Database::executePreparedStatement_DELETE_FREELANCER_RESET_KEY(databaseConnection, email); + string pwsalt = Utilities::generateSalt(); + string pwhash = Utilities::hashPassword(pwsalt, password); + + int errorLevel = Database::executePreparedStatement_UPDATE_FREELANCER_PASSWORD_HASH(databaseConnection, pwhash, pwsalt, email); + + if (errorLevel == 0) { + ctx["RESET_SUCCESS"] = true; + ctx["freelanceremail"] = email; + } + else { + ctx["RESET_ERROR"] = true; + if (errorLevel == 1) + ctx["RESET_ERROR_QUERY"] = true; + if (errorLevel == 2) + ctx["RESET_ERROR_CRITICAL"] = true; + } + } + else { + ctx["PASSWORD_RESET_EXPIRED"] = true; + } + } + else { + if (password.empty()) + ctx["PASSWORD_EMPTY"] = true; + if (freelancerEmail.empty()) + ctx["PASSWORD_RESET_DOES_NOT_EXIST"] = true; + } + auto page = crow::mustache::load("passwordReset_Fulfillment.html"); + return page.render(ctx); + }); + /* * Page for freelancer to log in fulfillment */ @@ -374,7 +427,7 @@ int main(int argc, char *argv[]) { if (checkFreelancerHashExtracted == 1) { //create secureCookie auto& cookieCtx = app.get_context(postRequest); - std::string loginKeyValue = Utilities::generateLoginKeyValue(); + std::string loginKeyValue = Utilities::generateRandomHashValueSHA512(); Database::executePreparedStatement_UPDATE_LOGIN_VALIDATION_KEY(databaseConnection, loginKeyValue, email); std::string loginKeyCookieValue = Utilities::generateSecureCookieLoginKeyValue(loginKeyValue, stayLoggedIn); std::string freelancerEmailCookieValue = Utilities::generateSecureCookieFreelancerEmailValue(email, stayLoggedIn);