password reset fulfillment handler
This commit is contained in:
Tina_Azure
55
src/main.cpp
55
src/main.cpp
@ -337,6 +337,59 @@ int main(int argc, char *argv[]) {
|
||||
return page.render(ctx);
|
||||
});
|
||||
|
||||
/*
|
||||
* Page for fulfillment of password reset
|
||||
*/
|
||||
CROW_ROUTE(app, "/passwordreset/<string>/fulfilment").methods("POST"_method)
|
||||
([&, configuration](const crow::request& postRequest, string passwordResetKey) {
|
||||
crow::mustache::context ctx;
|
||||
string postRequestBody = postRequest.body;
|
||||
Utilities::decodeString(postRequestBody);
|
||||
vector<string> splitPostRequestBody = Utilities::splitStringIntoVector(postRequestBody, '&');
|
||||
string password;
|
||||
for (const string& item : splitPostRequestBody) {
|
||||
vector<string> splitItem = Utilities::splitStringIntoVector(item, '=');
|
||||
if (splitItem.at(0) == "freelancerpassword")
|
||||
password = splitItem.at(1);
|
||||
}
|
||||
pqxx::connection databaseConnection(configuration.databaseConnectionString);
|
||||
pqxx::result freelancerEmail = Database::executePreparedStatement_SELECT_FREELANCER_EMAIL_FROM_PASSWORD_RESET_KEY(databaseConnection, passwordResetKey);
|
||||
if (!freelancerEmail.empty() && !password.empty()) {
|
||||
string email = freelancerEmail.at(0).at(0).c_str();
|
||||
pqxx::result keyExpiration = Database::executePreparedStatement_SELECT_CHECK_FREELANCER_RESET_KEY_EXPIRED(databaseConnection, email);
|
||||
if (stoi(keyExpiration.at(0).at(0).c_str()) == 0) {
|
||||
Database::executePreparedStatement_DELETE_FREELANCER_RESET_KEY(databaseConnection, email);
|
||||
string pwsalt = Utilities::generateSalt();
|
||||
string pwhash = Utilities::hashPassword(pwsalt, password);
|
||||
|
||||
int errorLevel = Database::executePreparedStatement_UPDATE_FREELANCER_PASSWORD_HASH(databaseConnection, pwhash, pwsalt, email);
|
||||
|
||||
if (errorLevel == 0) {
|
||||
ctx["RESET_SUCCESS"] = true;
|
||||
ctx["freelanceremail"] = email;
|
||||
}
|
||||
else {
|
||||
ctx["RESET_ERROR"] = true;
|
||||
if (errorLevel == 1)
|
||||
ctx["RESET_ERROR_QUERY"] = true;
|
||||
if (errorLevel == 2)
|
||||
ctx["RESET_ERROR_CRITICAL"] = true;
|
||||
}
|
||||
}
|
||||
else {
|
||||
ctx["PASSWORD_RESET_EXPIRED"] = true;
|
||||
}
|
||||
}
|
||||
else {
|
||||
if (password.empty())
|
||||
ctx["PASSWORD_EMPTY"] = true;
|
||||
if (freelancerEmail.empty())
|
||||
ctx["PASSWORD_RESET_DOES_NOT_EXIST"] = true;
|
||||
}
|
||||
auto page = crow::mustache::load("passwordReset_Fulfillment.html");
|
||||
return page.render(ctx);
|
||||
});
|
||||
|
||||
/*
|
||||
* Page for freelancer to log in fulfillment
|
||||
*/
|
||||
@ -374,7 +427,7 @@ int main(int argc, char *argv[]) {
|
||||
if (checkFreelancerHashExtracted == 1) {
|
||||
//create secureCookie
|
||||
auto& cookieCtx = app.get_context<crow::CookieParser>(postRequest);
|
||||
std::string loginKeyValue = Utilities::generateLoginKeyValue();
|
||||
std::string loginKeyValue = Utilities::generateRandomHashValueSHA512();
|
||||
Database::executePreparedStatement_UPDATE_LOGIN_VALIDATION_KEY(databaseConnection, loginKeyValue, email);
|
||||
std::string loginKeyCookieValue = Utilities::generateSecureCookieLoginKeyValue(loginKeyValue, stayLoggedIn);
|
||||
std::string freelancerEmailCookieValue = Utilities::generateSecureCookieFreelancerEmailValue(email, stayLoggedIn);
|
||||
|
||||
Reference in New Issue
Block a user