csu3_am335x/EVSE/GPL/libwebsockets-2.2.2-stable-org/plugins/generic-sessions/handlers.c

/*
 * ws protocol handler plugin for "generic sessions"
 *
 * Copyright (C) 2010-2016 Andy Green <andy@warmcat.com>
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation:
 * version 2.1 of the License.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * General Public License for more details.
 *
 * You should have received a copy of the GNU General Public
 * License along with this library; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
 * MA  02110-1301  USA
 */

#include "private-lwsgs.h"

/* handle account confirmation links */

int
lwsgs_handler_confirm(struct per_vhost_data__gs *vhd, struct lws *wsi,
		      struct per_session_data__gs *pss)
{
	char cookie[1024], s[256], esc[50];
	struct lws_gs_event_args a;
	struct lwsgs_user u;

	if (lws_hdr_copy_fragment(wsi, cookie, sizeof(cookie),
				  WSI_TOKEN_HTTP_URI_ARGS, 0) < 0)
		goto verf_fail;

	if (strncmp(cookie, "token=", 6))
		goto verf_fail;

	u.username[0] = '\0';
	lws_snprintf(s, sizeof(s) - 1,
		 "select username,email,verified from users where token = '%s';",
		 lws_sql_purify(esc, &cookie[6], sizeof(esc) - 1));
	if (sqlite3_exec(vhd->pdb, s, lwsgs_lookup_callback_user, &u, NULL) !=
	    SQLITE_OK) {
		lwsl_err("Unable to lookup token: %s\n",
			 sqlite3_errmsg(vhd->pdb));
		goto verf_fail;
	}

	if (!u.username[0] || u.verified != 1) {
		lwsl_notice("verify token doesn't map to unverified user\n");
		goto verf_fail;
	}

	lwsl_notice("Verifying %s\n", u.username);
	lws_snprintf(s, sizeof(s) - 1,
		 "update users set verified=%d where username='%s';",
		 LWSGS_VERIFIED_ACCEPTED,
		 lws_sql_purify(esc, u.username, sizeof(esc) - 1));
	if (sqlite3_exec(vhd->pdb, s, lwsgs_lookup_callback_user, &u, NULL) !=
	    SQLITE_OK) {
		lwsl_err("Unable to lookup token: %s\n",
			 sqlite3_errmsg(vhd->pdb));

		goto verf_fail;
	}

	lwsl_notice("deleting account\n");

	a.event = LWSGSE_CREATED;
	a.username = u.username;
	a.email = u.email;
	lws_callback_vhost_protocols(wsi, LWS_CALLBACK_GS_EVENT, &a, 0);

	lws_snprintf(pss->onward, sizeof(pss->onward),
		 "%s/post-verify-ok.html", vhd->email_confirm_url);

	pss->login_expires = lws_now_secs() + vhd->timeout_absolute_secs;

	pss->delete_session.id[0] = '\0';
	lwsgs_get_sid_from_wsi(wsi, &pss->delete_session);

	/* we need to create a new, authorized session */

	if (lwsgs_new_session_id(vhd, &pss->login_session, u.username,
				 pss->login_expires))
		goto verf_fail;

	lwsl_notice("Creating new session: %s, redir to %s\n",
		    pss->login_session.id, pss->onward);

	return 0;

verf_fail:
	pss->delete_session.id[0] = '\0';
	lwsgs_get_sid_from_wsi(wsi, &pss->delete_session);
	pss->login_expires = 0;

	lws_snprintf(pss->onward, sizeof(pss->onward), "%s/post-verify-fail.html",
		 vhd->email_confirm_url);

	return 1;
}

/* handle forgot password confirmation links */

int
lwsgs_handler_forgot(struct per_vhost_data__gs *vhd, struct lws *wsi,
		     struct per_session_data__gs *pss)
{
	char cookie[1024], s[256], esc[50];
	struct lwsgs_user u;
	const char *a;

	a = lws_get_urlarg_by_name(wsi, "token=", cookie, sizeof(cookie));
	if (!a)
		goto forgot_fail;

	u.username[0] = '\0';
	lws_snprintf(s, sizeof(s) - 1,
		 "select username,verified from users where verified=%d and "
		 "token = '%s' and token_time != 0;",
		 LWSGS_VERIFIED_ACCEPTED,
		 lws_sql_purify(esc, &cookie[6], sizeof(esc) - 1));
	if (sqlite3_exec(vhd->pdb, s, lwsgs_lookup_callback_user, &u, NULL) !=
	    SQLITE_OK) {
		lwsl_err("Unable to lookup token: %s\n",
			 sqlite3_errmsg(vhd->pdb));

		goto forgot_fail;
	}

	if (!u.username[0]) {
		puts(s);
		lwsl_notice("forgot token doesn't map to verified user\n");
		goto forgot_fail;
	}

	/* mark user as having validated forgot flow just now */

	lws_snprintf(s, sizeof(s) - 1,
		 "update users set token_time=0,last_forgot_validated=%lu "
		 "where username='%s';",
		 (unsigned long)lws_now_secs(),
		 lws_sql_purify(esc, u.username, sizeof(esc) - 1));

	if (sqlite3_exec(vhd->pdb, s, lwsgs_lookup_callback_user, &u, NULL) !=
	    SQLITE_OK) {
		lwsl_err("Unable to lookup token: %s\n",
			 sqlite3_errmsg(vhd->pdb));
		goto forgot_fail;
	}

	a = lws_get_urlarg_by_name(wsi, "good=", cookie, sizeof(cookie));
	if (!a)
		a = "broken-forget-post-good-url";

	lws_snprintf(pss->onward, sizeof(pss->onward),
		 "%s/%s", vhd->email_confirm_url, a);

	pss->login_expires = lws_now_secs() + vhd->timeout_absolute_secs;

	pss->delete_session.id[0] = '\0';
	lwsgs_get_sid_from_wsi(wsi, &pss->delete_session);

	/* we need to create a new, authorized session */
	if (lwsgs_new_session_id(vhd, &pss->login_session,
				 u.username,
				 pss->login_expires))
		goto forgot_fail;

	lwsl_notice("Creating new session: %s, redir to %s\n",
		    pss->login_session.id, pss->onward);

	return 0;

forgot_fail:
	pss->delete_session.id[0] = '\0';
	lwsgs_get_sid_from_wsi(wsi, &pss->delete_session);
	pss->login_expires = 0;

	a = lws_get_urlarg_by_name(wsi, "bad=", cookie, sizeof(cookie));
	if (!a)
		a = "broken-forget-post-bad-url";

	lws_snprintf(pss->onward, sizeof(pss->onward), "%s/%s",
		 vhd->email_confirm_url, a);

	return 1;
}

/* support dynamic username / email checking */

int
lwsgs_handler_check(struct per_vhost_data__gs *vhd,
		    struct lws *wsi, struct per_session_data__gs *pss)
{
	static const char * const colname[] = { "username", "email" };
	char cookie[1024], s[256], esc[50], *pc;
	unsigned char *p, *start, *end, buffer[LWS_PRE + 256];
	struct lwsgs_user u;
	int n;

	/*
	 * either /check?email=xxx@yyy   or: /check?username=xxx
	 * returns '0' if not already registered, else '1'
	 */

	u.username[0] = '\0';
	if (lws_hdr_copy_fragment(wsi, cookie, sizeof(cookie),
				  WSI_TOKEN_HTTP_URI_ARGS, 0) < 0)
		goto reply;

	n = !strncmp(cookie, "email=", 6);
	pc = strchr(cookie, '=');
	if (!pc) {
		lwsl_notice("cookie has no =\n");
		goto reply;
	}
	pc++;

	/* admin user cannot be registered in user db */
	if (!strcmp(vhd->admin_user, pc)) {
		u.username[0] = 'a';
		goto reply;
	}

	lws_snprintf(s, sizeof(s) - 1,
		 "select username, email from users where %s = '%s';",
		 colname[n], lws_sql_purify(esc, pc, sizeof(esc) - 1));
	if (sqlite3_exec(vhd->pdb, s, lwsgs_lookup_callback_user, &u, NULL) !=
	    SQLITE_OK) {
		lwsl_err("Unable to lookup token: %s\n",
			 sqlite3_errmsg(vhd->pdb));
		goto reply;
	}

reply:
	s[0] = '0' + !!u.username[0];
	p = buffer + LWS_PRE;
	start = p;
	end = p + sizeof(buffer) - LWS_PRE;

	if (lws_add_http_header_status(wsi, HTTP_STATUS_OK, &p, end))
		return -1;
	if (lws_add_http_header_by_token(wsi, WSI_TOKEN_HTTP_CONTENT_TYPE,
					 (unsigned char *)"text/plain", 10,
					 &p, end))
		return -1;

	if (lws_add_http_header_content_length(wsi, 1, &p, end))
		return -1;

	if (lws_finalize_http_header(wsi, &p, end))
		return -1;

	n = lws_write(wsi, start, p - start, LWS_WRITE_HTTP_HEADERS);
	if (n != (p - start)) {
		lwsl_err("_write returned %d from %ld\n", n, (long)(p - start));
		return -1;
	}
	n = lws_write(wsi, (unsigned char *)s, 1, LWS_WRITE_HTTP);
	if (n != 1)
		return -1;

	return 0;
}

/* handle forgot password confirmation links */

int
lwsgs_handler_change_password(struct per_vhost_data__gs *vhd, struct lws *wsi,
			      struct per_session_data__gs *pss)
{
	char s[256], esc[50], username[50];
	struct lwsgs_user u;
	lwsgw_hash sid;
	int n = 0;

	/* see if he's logged in */
	username[0] = '\0';
	if (!lwsgs_get_sid_from_wsi(wsi, &sid)) {
		u.username[0] = '\0';
		if (!lwsgs_lookup_session(vhd, &sid, username, sizeof(username))) {
			n = 1; /* yes, logged in */
			if (lwsgs_lookup_user(vhd, username, &u))
				return 1;

			/* did a forgot pw ? */
			if (u.last_forgot_validated > lws_now_secs() - 300) {
				n |= LWSGS_AUTH_FORGOT_FLOW;
				lwsl_debug("within forgot password flow\n");
			}
		}
	}

	lwsl_debug("auth value %d\n", n);

	/* if he just did forgot pw flow, don't need old pw */
	if ((n & (LWSGS_AUTH_FORGOT_FLOW | 1)) != (LWSGS_AUTH_FORGOT_FLOW | 1)) {
		/* otherwise user:pass must be right */
		lwsl_debug("checking pw\n");
		if (lwsgs_check_credentials(vhd,
			   lws_spa_get_string(pss->spa, FGS_USERNAME),
			   lws_spa_get_string(pss->spa, FGS_CURPW))) {
			lwsl_notice("credentials bad\n");
			return 1;
		}

		lwsl_debug("current pw checks out\n");

		strncpy(u.username, lws_spa_get_string(pss->spa, FGS_USERNAME), sizeof(u.username) - 1);
		u.username[sizeof(u.username) - 1] = '\0';
	}

	/* does he want to delete his account? */

	if (lws_spa_get_length(pss->spa, FGS_DELETE)) {
		struct lws_gs_event_args a;

		lwsl_notice("deleting account\n");

		a.event = LWSGSE_DELETED;
		a.username = u.username;
		a.email = "";
		lws_callback_vhost_protocols(wsi, LWS_CALLBACK_GS_EVENT, &a, 0);

		lws_snprintf(s, sizeof(s) - 1,
			 "delete from users where username='%s';"
			 "delete from sessions where username='%s';",
			 lws_sql_purify(esc, u.username, sizeof(esc) - 1),
			 lws_sql_purify(esc, u.username, sizeof(esc) - 1));
		goto sql;
	}

	if (lwsgs_hash_password(vhd, lws_spa_get_string(pss->spa, FGS_PASSWORD), &u))
		return 1;

	lwsl_notice("updating password hash\n");

	lws_snprintf(s, sizeof(s) - 1,
		 "update users set pwhash='%s', pwsalt='%s', "
		 "last_forgot_validated=0 where username='%s';",
		 u.pwhash.id, u.pwsalt.id,
		 lws_sql_purify(esc, u.username, sizeof(esc) - 1));

sql:
	if (sqlite3_exec(vhd->pdb, s, NULL, NULL, NULL) != SQLITE_OK) {
		lwsl_err("Unable to update pw hash: %s\n",
			 sqlite3_errmsg(vhd->pdb));
		return 1;
	}

	return 0;
}

int
lwsgs_handler_forgot_pw_form(struct per_vhost_data__gs *vhd,
			     struct lws *wsi,
			     struct per_session_data__gs *pss)
{
	char s[LWSGS_EMAIL_CONTENT_SIZE];
	unsigned char buffer[LWS_PRE + LWSGS_EMAIL_CONTENT_SIZE];
	char esc[50], esc1[50], esc2[50], esc3[50], esc4[50];
	struct lwsgs_user u;
	lwsgw_hash hash;
	unsigned char sid_rand[20];
	int n;

	lwsl_notice("FORGOT %s %s\n",
		    lws_spa_get_string(pss->spa, FGS_USERNAME),
		    lws_spa_get_string(pss->spa, FGS_EMAIL));

	if (!lws_spa_get_string(pss->spa, FGS_USERNAME) &&
	    !lws_spa_get_string(pss->spa, FGS_EMAIL)) {
		lwsl_err("Form must provide either "
			  "username or email\n");
		return -1;
	}

	if (!lws_spa_get_string(pss->spa, FGS_FORGOT_GOOD) ||
	    !lws_spa_get_string(pss->spa, FGS_FORGOT_BAD) ||
	    !lws_spa_get_string(pss->spa, FGS_FORGOT_POST_GOOD) ||
	    !lws_spa_get_string(pss->spa, FGS_FORGOT_POST_BAD)) {
		lwsl_err("Form must provide reg-good "
			  "and reg-bad (and post-*)"
			  "targets\n");
		return -1;
	}

	u.username[0] = '\0';
	if (lws_spa_get_string(pss->spa, FGS_USERNAME))
		lws_snprintf(s, sizeof(s) - 1,
		 "select username,email "
		 "from users where username = '%s';",
		 lws_sql_purify(esc, lws_spa_get_string(pss->spa, FGS_USERNAME),
				 sizeof(esc) - 1));
	else
		lws_snprintf(s, sizeof(s) - 1,
		 "select username,email "
		 "from users where email = '%s';",
		 lws_sql_purify(esc, lws_spa_get_string(pss->spa, FGS_EMAIL), sizeof(esc) - 1));
	if (sqlite3_exec(vhd->pdb, s, lwsgs_lookup_callback_user, &u, NULL) !=
	    SQLITE_OK) {
		lwsl_err("Unable to lookup token: %s\n",
			 sqlite3_errmsg(vhd->pdb));
		return 1;
	}
	if (!u.username[0]) {
		lwsl_err("No match found %s\n", s);
		return 1;
	}

	lws_get_peer_simple(wsi, pss->ip, sizeof(pss->ip));
	if (lws_get_random(vhd->context, sid_rand,
			   sizeof(sid_rand)) !=
			   sizeof(sid_rand)) {
		lwsl_err("Problem getting random for token\n");
		return 1;
	}
	sha1_to_lwsgw_hash(sid_rand, &hash);
	n = lws_snprintf(s, sizeof(s),
		"From: Forgot Password Assistant Noreply <%s>\n"
		"To: %s <%s>\n"
		  "Subject: Password reset request\n"
		  "\n"
		  "Hello, %s\n\n"
		  "We received a password reset request from IP %s for this email,\n"
		  "to confirm you want to do that, please click the link below.\n\n",
		lws_sql_purify(esc, vhd->email.email_from, sizeof(esc) - 1),
		lws_sql_purify(esc1, u.username, sizeof(esc1) - 1),
		lws_sql_purify(esc2, u.email, sizeof(esc2) - 1),
		lws_sql_purify(esc3, u.username, sizeof(esc3) - 1),
		lws_sql_purify(esc4, pss->ip, sizeof(esc4) - 1));
	lws_snprintf(s + n, sizeof(s) -n,
		  "%s/lwsgs-forgot?token=%s"
		   "&good=%s"
		   "&bad=%s\n\n"
		  "If this request is unexpected, please ignore it and\n"
		  "no further action will be taken.\n\n"
		"If you have any questions or concerns about this\n"
		"automated email, you can contact a real person at\n"
		"%s.\n"
		"\n.\n",
		vhd->email_confirm_url, hash.id,
		lws_urlencode(esc1,
			     lws_spa_get_string(pss->spa, FGS_FORGOT_POST_GOOD),
			     sizeof(esc1) - 1),
		lws_urlencode(esc3,
			      lws_spa_get_string(pss->spa, FGS_FORGOT_POST_BAD),
			      sizeof(esc3) - 1),
		vhd->email_contact_person);

	lws_snprintf((char *)buffer, sizeof(buffer) - 1,
		 "insert into email(username, content)"
		 " values ('%s', '%s');",
		lws_sql_purify(esc, u.username, sizeof(esc) - 1), s);
	if (sqlite3_exec(vhd->pdb, (char *)buffer, NULL,
			 NULL, NULL) != SQLITE_OK) {
		lwsl_err("Unable to insert email: %s\n",
			 sqlite3_errmsg(vhd->pdb));
		return 1;
	}

	lws_snprintf(s, sizeof(s) - 1,
		 "update users set token='%s',token_time='%ld' where username='%s';",
		 hash.id, (long)lws_now_secs(),
		 lws_sql_purify(esc, u.username, sizeof(esc) - 1));
	if (sqlite3_exec(vhd->pdb, s, NULL, NULL, NULL) !=
	    SQLITE_OK) {
		lwsl_err("Unable to set token: %s\n",
			 sqlite3_errmsg(vhd->pdb));
		return 1;
	}

	return 0;
}

int
lwsgs_handler_register_form(struct per_vhost_data__gs *vhd,
			     struct lws *wsi,
			     struct per_session_data__gs *pss)
{
	unsigned char buffer[LWS_PRE + LWSGS_EMAIL_CONTENT_SIZE];
	char esc[50], esc1[50], esc2[50], esc3[50], esc4[50];
	char s[LWSGS_EMAIL_CONTENT_SIZE];
	unsigned char sid_rand[20];
	struct lwsgs_user u;
	lwsgw_hash hash;

	lwsl_notice("REGISTER %s %s %s\n",
			lws_spa_get_string(pss->spa, FGS_USERNAME),
			lws_spa_get_string(pss->spa, FGS_PASSWORD),
			lws_spa_get_string(pss->spa, FGS_EMAIL));
	if (lwsgs_get_sid_from_wsi(wsi,
	    &pss->login_session))
		return 1;

	lws_get_peer_simple(wsi, pss->ip, sizeof(pss->ip));
	lwsl_notice("IP=%s\n", pss->ip);

	if (!lws_spa_get_string(pss->spa, FGS_REG_GOOD) ||
	    !lws_spa_get_string(pss->spa, FGS_REG_BAD)) {
		lwsl_info("Form must provide reg-good and reg-bad targets\n");
		return -1;
	}

	/* admin user cannot be registered in user db */
	if (!strcmp(vhd->admin_user,
		    lws_spa_get_string(pss->spa, FGS_USERNAME)))
		return 1;

	if (!lwsgs_lookup_user(vhd,
			lws_spa_get_string(pss->spa, FGS_USERNAME), &u)) {
		lwsl_notice("user %s already registered\n",
			    lws_spa_get_string(pss->spa, FGS_USERNAME));
		return 1;
	}

	u.username[0] = '\0';
	lws_snprintf(s, sizeof(s) - 1, "select username, email from users where email = '%s';",
		 lws_sql_purify(esc, lws_spa_get_string(pss->spa, FGS_EMAIL),
		 sizeof(esc) - 1));

	if (sqlite3_exec(vhd->pdb, s,
			 lwsgs_lookup_callback_user, &u, NULL) != SQLITE_OK) {
		lwsl_err("Unable to lookup token: %s\n",
			 sqlite3_errmsg(vhd->pdb));
		return 1;
	}

	if (u.username[0]) {
		lwsl_notice("email %s already in use\n",
			    lws_spa_get_string(pss->spa, FGS_USERNAME));
		return 1;
	}

	if (lwsgs_hash_password(vhd, lws_spa_get_string(pss->spa, FGS_PASSWORD),
			        &u)) {
		lwsl_err("Password hash failed\n");
		return 1;
	}

	if (lws_get_random(vhd->context, sid_rand, sizeof(sid_rand)) !=
	    sizeof(sid_rand)) {
		lwsl_err("Problem getting random for token\n");
		return 1;
	}
	sha1_to_lwsgw_hash(sid_rand, &hash);

	lws_snprintf((char *)buffer, sizeof(buffer) - 1,
		 "insert into users(username,"
		 " creation_time, ip, email, verified,"
		 " pwhash, pwsalt, token, last_forgot_validated)"
		 " values ('%s', %lu, '%s', '%s', 0,"
		 " '%s', '%s', '%s', 0);",
		lws_sql_purify(esc, lws_spa_get_string(pss->spa, FGS_USERNAME), sizeof(esc) - 1),
		(unsigned long)lws_now_secs(),
		lws_sql_purify(esc1, pss->ip, sizeof(esc1) - 1),
		lws_sql_purify(esc2, lws_spa_get_string(pss->spa, FGS_EMAIL), sizeof(esc2) - 1),
		u.pwhash.id, u.pwsalt.id, hash.id);

	if (sqlite3_exec(vhd->pdb, (char *)buffer, NULL, NULL, NULL) != SQLITE_OK) {
		lwsl_err("Unable to insert user: %s\n",
			 sqlite3_errmsg(vhd->pdb));
		return 1;
	}

	lws_snprintf(s, sizeof(s),
		"From: Noreply <%s>\n"
		"To: %s <%s>\n"
		  "Subject: Registration verification\n"
		  "\n"
		  "Hello, %s\n\n"
		  "We received a registration from IP %s using this email,\n"
		  "to confirm it is legitimate, please click the link below.\n\n"
		  "%s/lwsgs-confirm?token=%s\n\n"
		  "If this request is unexpected, please ignore it and\n"
		  "no further action will be taken.\n\n"
		"If you have any questions or concerns about this\n"
		"automated email, you can contact a real person at\n"
		"%s.\n"
		"\n.\n",
		lws_sql_purify(esc, vhd->email.email_from, sizeof(esc) - 1),
		lws_sql_purify(esc1, lws_spa_get_string(pss->spa, FGS_USERNAME), sizeof(esc1) - 1),
		lws_sql_purify(esc2, lws_spa_get_string(pss->spa, FGS_EMAIL), sizeof(esc2) - 1),
		lws_sql_purify(esc3, lws_spa_get_string(pss->spa, FGS_USERNAME), sizeof(esc3) - 1),
		lws_sql_purify(esc4, pss->ip, sizeof(esc4) - 1),
		vhd->email_confirm_url, hash.id,
		vhd->email_contact_person);

	lws_snprintf((char *)buffer, sizeof(buffer) - 1,
		 "insert into email(username, content) values ('%s', '%s');",
		lws_sql_purify(esc, lws_spa_get_string(pss->spa, FGS_USERNAME),
			       sizeof(esc) - 1), s);

	if (sqlite3_exec(vhd->pdb, (char *)buffer, NULL, NULL, NULL) != SQLITE_OK) {
		lwsl_err("Unable to insert email: %s\n",
			 sqlite3_errmsg(vhd->pdb));
		return 1;
	}

	return 0;
}