roko.li/sharee.bike
4
0
Fork 0
mirror of https://gitlab.com/t6353/sharee.bike.git synced 2024-06-16 20:06:32 +02:00
Code Issues Packages Projects Releases Wiki Activity

session-cookie return by primary fix

Browse source
This commit is contained in:
Rainer Gümpelein 2022-02-11 20:29:10 +01:00
parent 4c11beb331
commit d5ea6afcd7
3 changed files with 57 additions and 42 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

90
copri4/main/src/Mod/APIfunc.pm
View file

@ -936,6 +936,7 @@ sub booking_update(){
#prevent reset occupied values OR only if genkey defined #prevent reset occupied values OR only if genkey defined
#if(($state eq "occupied" && $record_pos->{txt10} =~ /requested/) || ($state eq "occupied" && $record_pos->{txt10} =~ /occupied/ && $q->param('genkey') eq "1")) #if(($state eq "occupied" && $record_pos->{txt10} =~ /requested/) || ($state eq "occupied" && $record_pos->{txt10} =~ /occupied/ && $q->param('genkey') eq "1"))
if(($state_key == 3 && $record_pos->{int10} == 2) || ($state_key == 3 && $record_pos->{int10} == 3 && $q->param('genkey') eq "1")){ if(($state_key == 3 && $record_pos->{int10} == 2) || ($state_key == 3 && $record_pos->{int10} == 3 && $q->param('genkey') eq "1")){
$update_pos->{start_time} = "now()"; $update_pos->{start_time} = "now()";
$update_pos->{end_time} = "now()"; $update_pos->{end_time} = "now()";
#$update_pos->{txt05} = "$gps";#start GPS, not exist on request #$update_pos->{txt05} = "$gps";#start GPS, not exist on request
@ -1065,12 +1066,12 @@ sub booking_update(){
$booking_values->{response_state} = "Failure 2012: occupied bike " . $q->param('bike') . " cannot be $state"; $booking_values->{response_state} = "Failure 2012: occupied bike " . $q->param('bike') . " cannot be $state";
$booking_values->{response_text} = "Fahrrad Nr. " . $q->param('bike') . " ist in Benutzung und kann somit nicht storniert werden."; $booking_values->{response_text} = "Fahrrad Nr. " . $q->param('bike') . " ist in Benutzung und kann somit nicht storniert werden.";
}elsif($state_key == 3 && $record_pos->{int10} == 1){ }elsif($state_key == 3 && $record_pos->{int10} == 1){
$booking_values->{response_state} = "Failure 2016: occupied bike " . $q->param('bike') . " cannot be $state"; $booking_values->{response_state} = "Failure 2016: available bike " . $q->param('bike') . " have to be at first reserved, thats because cannot be $state";
$booking_values->{response_text} = "Fahrrad Nr. " . $q->param('bike') . " wurde nicht reserviert und kann somit nicht gemietet werden."; $booking_values->{response_text} = "Fahrrad Nr. " . $q->param('bike') . " wurde nicht reserviert und kann somit nicht gemietet werden.";
}else{ }else{
$booking_values->{response_state} = "Failure 2035: bike " . $q->param('bike') . " state change to $state not possible."; $booking_values->{response_state} = "Failure 2035: bike " . $q->param('bike') . " state change to $state not possible.";
$booking_values->{response_text} = "Fehler! Die Miete Fahrrad Nr. " . $q->param('bike') . " kann nicht mit dem vorhandnen Status $state_text werden."; $booking_values->{response_text} = "Fehler! Die Miete Fahrrad Nr. " . $q->param('bike') . " kann nicht mit dem vorhandenen Status $state_text werden.";
} }
#contenttrans #contenttrans
@ -2050,6 +2051,7 @@ sub auth_verify(){
user_tour => [], user_tour => [],
user_group => [] user_group => []
}; };
my $user_group = ""; my $user_group = "";
my $bike_group = ""; my $bike_group = "";
my $tariff_content = ""; my $tariff_content = "";
@ -2058,6 +2060,11 @@ sub auth_verify(){
$return->{merchant_id} = $1 if($cgi_authcookie && $cgi_authcookie =~ /\w+_(\w+)$/); $return->{merchant_id} = $1 if($cgi_authcookie && $cgi_authcookie =~ /\w+_(\w+)$/);
my $netloc = $q->url(-base=>1); my $netloc = $q->url(-base=>1);
$bw->log("--> auth_verify on dbname $varenv{dbname},\n Starting with authcookie: $cgi_authcookie",$netloc,""); $bw->log("--> auth_verify on dbname $varenv{dbname},\n Starting with authcookie: $cgi_authcookie",$netloc,"");
my $debug=1;
my $now_dt = strftime "%Y-%m-%d %H:%M:%S", localtime;
open(FILE,">>$varenv{logdir}/authcookie.log") if($debug);
print FILE "\n*-->$now_dt $netloc | $varenv{dbname} | $cgi_authcookie\n" if($debug);
if($cgi_authcookie && length($cgi_authcookie) > 30){ if($cgi_authcookie && length($cgi_authcookie) > 30){
my $authref = { my $authref = {
table => "contentadr", table => "contentadr",
@ -2069,16 +2076,18 @@ sub auth_verify(){
$auth_operator = $dbt->fetch_record($dbh,$authref); $auth_operator = $dbt->fetch_record($dbh,$authref);
$bw->log("auth_verified on operator $varenv{dbname} anchor 1",$auth_operator->{c_id},""); $bw->log("auth_verified on operator $varenv{dbname} anchor 1",$auth_operator->{c_id},"");
my $auth_primary = { c_id => 0 };
my $auth_operator = { c_id => 0 };
#just part of operator-routing (sharee account management) #just part of operator-routing (sharee account management)
#primary select if($varenv{dbname} ne "sharee_primary"){
if(1==1){ #primary select
if($varenv{dbname} ne "sharee_primary"){
my $dbh_primary = $dbt->dbconnect_extern("sharee_primary"); my $dbh_primary = $dbt->dbconnect_extern("sharee_primary");
my $auth_primary = { c_id => 0 };
$auth_primary = $dbt->fetch_record($dbh_primary,$authref); $auth_primary = $dbt->fetch_record($dbh_primary,$authref);
if($auth_primary->{c_id} && $auth_primary->{c_id} > 0){ if($auth_primary->{c_id} && $auth_primary->{c_id} > 0){
$bw->log("auth_verified on primary anchor 2 by dbname $varenv{dbname}",$auth_primary->{c_id},""); $bw->log("auth_verified on primary anchor 2 by dbname $varenv{dbname}",$auth_primary->{c_id},"");
print FILE "auth_verified on primary anchor 2 by dbname $varenv{dbname} | pri $auth_primary->{c_id}\n if($debug)";
#On booking_request, user must be authenticated and addr must exist #On booking_request, user must be authenticated and addr must exist
#At first insert/update Operator dbname array on primary #At first insert/update Operator dbname array on primary
@ -2086,8 +2095,9 @@ sub auth_verify(){
#first, save operator array which are used #first, save operator array which are used
my %operator_hash = ();#local DB my %operator_hash = ();#local DB
$bw->log("booking_request auth_verified by dbname $varenv{dbname} (dbname=$varenv{dbname})",$auth_operator->{c_id},""); $bw->log("booking_request auth_verified by dbname $varenv{dbname}",$auth_operator->{c_id},"");
print FILE "booking_request auth_verified by dbname $varenv{dbname} | pri $auth_primary->{c_id}\n if($debug)";
if($auth_primary->{txt17} && $auth_primary->{txt17} =~ /\w\s\w/){#append DB's if($auth_primary->{txt17} && $auth_primary->{txt17} =~ /\w\s\w/){#append DB's
%operator_hash = map { $_ => 1 } split(/\s+/,$auth_primary->{txt17}); %operator_hash = map { $_ => 1 } split(/\s+/,$auth_primary->{txt17});
}elsif($auth_primary->{txt17}){ }elsif($auth_primary->{txt17}){
@ -2097,6 +2107,7 @@ sub auth_verify(){
my @operator_array = keys %operator_hash; my @operator_array = keys %operator_hash;
$bw->log("auth_verified update operator keys by array: @operator_array",\%operator_hash,""); $bw->log("auth_verified update operator keys by array: @operator_array",\%operator_hash,"");
print FILE "auth_verified update operator keys by array: @operator_array | pri $auth_primary->{c_id}\n" if($debug);
my $update_primary = { my $update_primary = {
table => "contentadr", table => "contentadr",
txt17 => "@operator_array",#operator ids txt17 => "@operator_array",#operator ids
@ -2132,13 +2143,15 @@ sub auth_verify(){
my $auth_operator3 = { c_id => 0 }; my $auth_operator3 = { c_id => 0 };
$auth_operator3 = $dbt->fetch_record($dbh,$authref);# if($uid); $auth_operator3 = $dbt->fetch_record($dbh,$authref);# if($uid);
$bw->log("auth_verified on operator anchor 3 by dbname $varenv{dbname}",$auth_operator3->{c_id},""); $bw->log("auth_verified on operator anchor 3 by dbname $varenv{dbname}",$auth_operator3->{c_id},"");
print FILE "auth_verified on operator anchor 3 by dbname $varenv{dbname} | op3 $auth_operator3->{c_id}\n" if($debug);
#if user on operator available by userid c_id, then update authcookie #if user on operator available by userid c_id, then update authcookie
if($auth_operator3->{c_id} > 0){ if($auth_operator3->{c_id} > 0){
my $authcookies = $auth_operator3->{txt05} . "|" . $cgi_authcookie; my $authcookies = $auth_operator3->{txt05} . "|" . $cgi_authcookie;
$bw->log("UPDATE adr on operator by dbname $varenv{dbname}",$auth_operator3->{c_id},"");
print FILE "UPDATE adr on operator by dbname $varenv{dbname} | op3 $auth_operator3->{c_id}\n" if($debug);
my $update = { my $update = {
table => "contentadr", table => "contentadr",
#txt05 => "$auth_primary->{txt05}",#authcookies
txt05 => "$authcookies",#authcookies txt05 => "$authcookies",#authcookies
atime => "now()", atime => "now()",
#mtime => "now()",#only set mtime on real user-data change #mtime => "now()",#only set mtime on real user-data change
@ -2152,6 +2165,7 @@ sub auth_verify(){
my $c_id = 0; my $c_id = 0;
if($auth_primary->{c_id} > 0){ if($auth_primary->{c_id} > 0){
$bw->log("INSERT adr from record_primary to operator by dbname $varenv{dbname}",$auth_primary->{c_id},""); $bw->log("INSERT adr from record_primary to operator by dbname $varenv{dbname}",$auth_primary->{c_id},"");
print FILE "INSERT adr from record_primary to operator by dbname $varenv{dbname} | pri $auth_primary->{c_id}\n" if($debug);
my $insert = { my $insert = {
%$auth_primary, %$auth_primary,
table => "contentadr", table => "contentadr",
@ -2162,42 +2176,40 @@ sub auth_verify(){
} }
}else{ }else{
$bw->log("auth_verified on operator anchor 3 FAILS by dbname $varenv{dbname}. user seem not be activated",$auth_operator->{c_id},""); $bw->log("auth_verified on operator anchor 3 FAILS by dbname $varenv{dbname}. user seem not be activated",$auth_operator->{c_id},"");
print FILE "auth_verified on operator anchor 3 FAILS by dbname $varenv{dbname}. user seem not be activated | op $auth_operator->{c_id}\n" if($debug);
} }
} }
$auth_operator = $dbt->fetch_record($dbh,$authref); $auth_operator = $dbt->fetch_record($dbh,$authref);
if($auth_operator->{c_id} > 0){ if($auth_operator->{c_id} > 0){
$record = $auth_operator;#At first try using operator to get Tarif $record = $auth_operator;#At first try using operator to get Tarif
$bw->log("auth_verified on operator anchor 2.2 by dbname $varenv{dbname}",$auth_operator->{c_id},""); $bw->log("auth_verified on operator anchor 2.2 by dbname $varenv{dbname}",$auth_operator->{c_id},"");
print FILE "auth_verified on operator anchor 2.2 by dbname $varenv{dbname} | op $auth_operator->{c_id}\n" if($debug);
}else{ }else{
$record = $auth_primary; $record = $auth_primary;
$bw->log("auth_verified on primary anchor 2.3 by dbname $varenv{dbname}",$auth_primary->{c_id},""); $bw->log("auth_verified on primary anchor 2.3 by dbname $varenv{dbname}",$auth_primary->{c_id},"");
print FILE "auth_verified on primary anchor 2.3 by dbname $varenv{dbname} | pri $auth_primary->{c_id}\n" if($debug);
} }
}else{# if($auth_primary->{c_id}){ fails }else{# if($auth_primary->{c_id}) fails
$bw->log("auth_verified on primary anchor 4 FAILS by dbname $varenv{dbname}.",$auth_primary->{c_id},""); $bw->log("auth_verified on primary anchor 4 FAILS by dbname $varenv{dbname}.",$auth_primary->{c_id},"");
print FILE "auth_verified on primary anchor 4 FAILS by dbname $varenv{dbname} | pri $auth_primary->{c_id}\n" if($debug);
$auth_operator = $dbt->fetch_record($dbh,$authref); $auth_operator = $dbt->fetch_record($dbh,$authref);
$record = $auth_operator; $record = $auth_operator;
$bw->log("auth_verified on operator anchor 9 by dbname $varenv{dbname}.",$auth_operator->{c_id},""); $bw->log("auth_verified on operator anchor 9 by dbname $varenv{dbname}.",$auth_operator->{c_id},"");
print FILE "auth_verified on operator anchor 9 by dbname $varenv{dbname} | op $auth_operator->{c_id}\n" if($debug);
} }
}else{# if($varenv{dbname} eq "sharee_primary") }else{# if($varenv{dbname} eq "sharee_primary")
my $auth_operator = { c_id => 0 }; $auth_primary = $dbt->fetch_record($dbh,$authref);
$auth_operator = $dbt->fetch_record($dbh,$authref); $bw->log("auth_verified on operator anchor 4 by dbname $varenv{dbname}",$auth_primary->{c_id},"");
$bw->log("auth_verified on operator anchor 4 by dbname $varenv{dbname}",$auth_operator->{c_id},""); print FILE "auth_verified on operator anchor 4 by dbname $varenv{dbname} | pri $auth_primary->{c_id}\n" if($debug);
$record = $auth_operator; $record = $auth_primary;
}#end if($varenv{dbname} ne "sharee_primary") }#end if($varenv{dbname} ne "sharee_primary")
}else{ if($varenv{dbname} ne "sharee_primary"){
my $auth_operator = { c_id => 0 }; ($bike_group,$user_group,$tariff_content,$user_tour) = $self->fetch_tariff($record,$q->param('authcookie'));
$auth_operator = $dbt->fetch_record($dbh,$authref);
$bw->log("auth_verified on operator anchor 6 by dbname $varenv{dbname}",$auth_operator->{c_id},"");
$record = $auth_operator;
} }
if($varenv{dbname} ne "sharee_primary"){ if($auth_primary->{c_id} > 0 && length($auth_primary->{txt05}) > 30){
($bike_group,$user_group,$tariff_content,$user_tour) = $self->fetch_tariff($record,$q->param('authcookie')); my @check_cookies = split(/\|/,$auth_primary->{txt05});
}
if ($record->{c_id} > 0 && length($record->{txt05}) > 30){
my @check_cookies = split(/\|/,$record->{txt05});
foreach(@check_cookies){ foreach(@check_cookies){
if(length($_) > 30 && $_ =~ /$cgi_authcookie/){ if(length($_) > 30 && $_ =~ /$cgi_authcookie/){
$return->{authcookie} = $cgi_authcookie; $return->{authcookie} = $cgi_authcookie;
@ -2209,8 +2221,7 @@ sub auth_verify(){
} }
} }
} }
} }elsif($userc_id && looks_like_number($userc_id) && length($userc_id) >= 4){
elsif($userc_id && looks_like_number($userc_id) && length($userc_id) >= 4){
my $authref = { my $authref = {
table => "contentadr", table => "contentadr",
fetch => "one", fetch => "one",
@ -2232,6 +2243,7 @@ sub auth_verify(){
} }
}else{ }else{
$bw->log("auth_verified on operator anchor FAILS by dbname $varenv{dbname}, no authcookie, dump \$q",$q,""); $bw->log("auth_verified on operator anchor FAILS by dbname $varenv{dbname}, no authcookie, dump \$q",$q,"");
print FILE "auth_verified on operator anchor FAILS by dbname $varenv{dbname}, no authcookie\n" if($debug);
} }
$return->{agb_checked} = "0"; $return->{agb_checked} = "0";
$return->{agb_checked} = "1" if($record->{int14});#sharee AGB global $return->{agb_checked} = "1" if($record->{int14});#sharee AGB global
@ -2275,9 +2287,15 @@ sub auth_verify(){
if(!$users_serviceapp->{u_id} || $users_serviceapp->{u_id} == 0){ if(!$users_serviceapp->{u_id} || $users_serviceapp->{u_id} == 0){
$record = { c_id => 0 }; $record = { c_id => 0 };
$return = { c_id => 0 };
$bw->log("reset auth_verify because of only Servicetool users access:",$record,""); $bw->log("reset auth_verify because of only Servicetool users access:",$record,"");
} }
print FILE "users_serviceapp: $users_serviceapp->{u_id} | $return->{authcookie}\n" if($debug);
} }
print FILE "final return: $return->{authcookie}\n" if($debug);
close(FILE) if($debug);
return ($return,$record); return ($return,$record);
}#end auth_verify }#end auth_verify
@ -2297,15 +2315,13 @@ sub authorization(){
my $user_pw = $q->param('user_pw') || $q->param('txt04'); my $user_pw = $q->param('user_pw') || $q->param('txt04');
#print "user_pw:" . $q->param('user_pw') . "|txt04:" . $q->param('txt04') . "|user_pw:" . $q->param('user_pw'); #print "user_pw:" . $q->param('user_pw') . "|txt04:" . $q->param('txt04') . "|user_pw:" . $q->param('user_pw');
my $pw_length = 6;#only 6 and if < 8 user failure will be set my $pw_length = 8;
$user_pw = "mo2Xah6a" if(length($user_pw) < $pw_length);
my $record = { c_id => 0 };#if fails my $record = { c_id => 0 };#if fails
my $return = { authcookie => 0 };#if fails my $return = { authcookie => "" };#if fails
#print "$hw_id | $merchant_id | $user_id | $user_pw\n";exit; #print "$hw_id | $merchant_id | $user_id | $user_pw\n";exit;
if($user_id && length($user_id) >= 4 && length($user_pw) >= $pw_length && length($hw_id) >= 10 && length($merchant_id) >= 8){ if($user_id && length($user_id) >= 4 && $user_pw && length($user_pw) >= $pw_length && length($hw_id) >= 10 && length($merchant_id) >= 8){
my $authref = { my $authref = {
table => "contentadr", table => "contentadr",
fetch => "one", fetch => "one",
@ -2334,7 +2350,7 @@ sub authorization(){
$return = $self->authcookie_manager($dbh,$q,$record,$merchant_id,$hw_id,$aowner); $return = $self->authcookie_manager($dbh,$q,$record,$merchant_id,$hw_id,$aowner);
}else{ }else{
$bw->log("authorization fals because of failing condition: if($user_id && length($user_id) >= 4 && length($user_pw) >= $pw_length && length($hw_id) >= 10 && length($merchant_id) >= 8)","",""); $bw->log("authorization fails because of failing condition: if($user_id && length($user_id) >= 4 && length($user_pw) >= $pw_length && length($hw_id) >= 10 && length($merchant_id) >= 8)","","");
} }
return $return; return $return;
}#end authorization }#end authorization
@ -2351,7 +2367,7 @@ sub authcookie_manager {
my $user_agent = $q->user_agent(); my $user_agent = $q->user_agent();
my $clientIP = $q->remote_addr(); my $clientIP = $q->remote_addr();
my $return = { authcookie => 0 };#if fails my $return = { authcookie => "" };#if fails
my %varenv = $cf->envonline(); my %varenv = $cf->envonline();
my $authcookie=md5_hex($record->{txt08}.$q->escapeHTML($hw_id)); my $authcookie=md5_hex($record->{txt08}.$q->escapeHTML($hw_id));

5
copri4/main/src/Mod/APIjsonserver.pm
View file

@ -416,7 +416,6 @@ elsif($q->param('request') eq "user_bikes_occupied"){
#bikes_available #bikes_available
elsif($q->param('request') eq "bikes_available"){ elsif($q->param('request') eq "bikes_available"){
#use Time::HiRes qw/gettimeofday/;
if($varenv{syshost} eq "shareeapp-primary"){ if($varenv{syshost} eq "shareeapp-primary"){
($aowner,my $return_merchant) = $apif->fetch_merchant($q,\%varenv,$coo,$q->param('merchant_id')); ($aowner,my $return_merchant) = $apif->fetch_merchant($q,\%varenv,$coo,$q->param('merchant_id'));
$varenv{merchant_id} = $return_merchant->{merchant_id}; $varenv{merchant_id} = $return_merchant->{merchant_id};
@ -425,13 +424,13 @@ elsif($q->param('request') eq "bikes_available"){
my ($auth,$authraw) = $apif->auth_verify($q); my ($auth,$authraw) = $apif->auth_verify($q);
$response = { %$response, %$auth }; $response = { %$response, %$auth };
($response->{bikes},$response->{uri_operator_array},$response->{user_group},$response->{user_tour}) = $jsc->loop_sharees($q,$authraw,$return_merchant); ($response->{bikes},$response->{uri_operator_array},$response->{user_group},$response->{user_tour}) = $jsc->loop_sharees($q,$authraw,$return_merchant);
#my $stamp = gettimeofday;
#$bw->log("X bikes_available $varenv{syshost} $stamp: $response->{user_group}",$response,""); #$bw->log("X bikes_available $varenv{syshost} $stamp: $response->{user_group}",$response,"");
}else{ }else{
($aowner,my $return_merchant) = $apif->fetch_merchant($q,\%varenv,$coo,$q->param('merchant_id')); ($aowner,my $return_merchant) = $apif->fetch_merchant($q,\%varenv,$coo,$q->param('merchant_id'));
$varenv{merchant_id} = $return_merchant->{merchant_id}; $varenv{merchant_id} = $return_merchant->{merchant_id};
my ($auth,$authraw) = $apif->auth_verify($q);#on operator loop select, operator adr must be select to get user_group #on operator loop select, operator adr must be select to get user_group
my ($auth,$authraw) = $apif->auth_verify($q);
$response = { %$response, %$auth }; $response = { %$response, %$auth };
$bw->log("Y bikes_available by c_id $authraw->{c_id}, Tarif:",$authraw->{txt30},""); $bw->log("Y bikes_available by c_id $authraw->{c_id}, Tarif:",$authraw->{txt30},"");
$response->{bikes} = $apif->bikes_available($q,\%varenv,$authraw); $response->{bikes} = $apif->bikes_available($q,\%varenv,$authraw);

4
copri4/shareeweb-project/src/Lib/Mlogic.pm
View file

@ -47,8 +47,8 @@ sub tpl(){
if($users_sharee->{c_id} && $R::sharee_edit ne "delete_account2" && ($users_sharee->{c_id} eq $varenv->{superu_id} || $users_sharee->{c_id} eq "22262" || $dbt->{copri_conf}->{stage} eq "test")){ if($users_sharee->{c_id} && $R::sharee_edit ne "delete_account2" && ($users_sharee->{c_id} eq $varenv->{superu_id} || $users_sharee->{c_id} eq "22262" || $dbt->{copri_conf}->{stage} eq "test")){
my $coo = $q->cookie('domcookie') || $q->param('sessionid') || ""; my $coo = $q->cookie('domcookie') || $q->param('sessionid') || "";
my $api_test = "sharee_kn"; #my $api_test = "sharee_kn";
#my $api_test = "sharee_fr01"; my $api_test = "sharee_fr01";
print $q->div({-style=>'float:right;text-align:right;height:25px;padding:6px 15px;background-color:white'},$q->a({-style=>"color:#$bgcolor1;", -href=>"$varenv->{metahost}/src/scripts/tests/index.pl?sessionid=$coo\&api_test=$api_test", -target=>'_blank'}," [ $api_test ] ")),"\n"; print $q->div({-style=>'float:right;text-align:right;height:25px;padding:6px 15px;background-color:white'},$q->a({-style=>"color:#$bgcolor1;", -href=>"$varenv->{metahost}/src/scripts/tests/index.pl?sessionid=$coo\&api_test=$api_test", -target=>'_blank'}," [ $api_test ] ")),"\n";
} }