now signup and login with storage of a hashed password works.

12 years ago · 9cd89f97cf
18 changed files with 91 additions and 53 deletions
--- a/include/application/application.h
+++ b/include/application/application.h
@ -29,7 +29,7 @@
 #include "session.h"
 #include "queue.h"
 #include "auth/credential.h"
-#include "storage.h"
+#include "storage/storage.h"
 #include "session.h"
 #include "user.h"

--- a/include/auth/storage.h
+++ b/include/auth/storage.h
@ -28,8 +28,7 @@
 #include <openssl/sha.h>

 #include "class.h"
-#include <storage.h> // storage must move to storage/storage.h
-                     // to be loadable with "
+#include "storage/storage.h"


 #define SALT_SIZE	32
--- a/include/storage/storage.h
+++ b/include/storage/storage.h
--- a/include/user.h
+++ b/include/user.h
@ -26,7 +26,7 @@
 #include <sys/types.h>

 #include "class.h"
-#include "storage.h"
+#include "storage/storage.h"


 CLASS(User) {
--- a/signuptest.html
+++ b/signuptest.html
@ -0,0 +1,32 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+	<head>
+		<title>Signuptest</title>
+	</head>
+
+	<body> 
+		<form action="http://localhost:11212/signup/" method="POST">
+			<label for="email">email:</label>
+			<input id="email" name="email" type="text" />
+			<br />
+			<label for="password">password:</label>
+			<input id="password" name="password" type="password" />
+			<br />
+			<label for="pwrepeat">repeat password:</label>
+			<input id="pwrepeat" name="pwrepeat" type="password" />
+			<br />
+			<label for="firstname">firstname:</label>
+			<input id="firstname" name="firstname" type="text" />
+			<br />
+			<label for="surname">surname:</label>
+			<input id="surname" name="surname" type="text" />
+			<br />
+			<input name="submit" type="submit" />
+		</form>
+	</body>
+</html>
+
+<!-- vim: set ts=4 sw=4: -->
--- a/src/application/adapter/http/update.c
+++ b/src/application/adapter/http/update.c
@ -195,14 +195,14 @@ signupAdapter(Application application, HttpWorker worker, Session session)
 			NULL == firstname ||
 			NULL == surname) {
 		// maybe this is not a 500...have to check repsonse codes.
-		worker->current_response = httpResponse500();
+		worker->current_response = (HttpMessage)httpResponse500();
 		return;
 	}

 	if (password->nvalue != pwrepeat->nvalue ||
 			0 != memcmp(password->value, pwrepeat->value, password->nvalue)) {
 		// maybe this is not a 500...have to check repsonse codes.
-		worker->current_response = httpResponse500();
+		worker->current_response = (HttpMessage)httpResponse500();
 		return;
 	}

@ -217,7 +217,7 @@ signupAdapter(Application application, HttpWorker worker, Session session)
 			(char *)(surname->value), surname->nvalue);

 	if (! applicationSignup(application, credential, user, session)) {
-		worker->current_response = httpResponse500();
+		worker->current_response = (HttpMessage)httpResponse500();
 	} else {
 		loginAdapter(application, worker, session);
 	}
--- a/src/application/application.c
+++ b/src/application/application.c
@ -27,7 +27,7 @@
 #include "class.h"
 #include "queue.h"
 #include "application/application.h"
-#include "storage.h"
+#include "storage/storage.h"

 #include "utils/memory.h"

@ -40,6 +40,16 @@ applicationCtor(void * _this, va_list * params)

 	this->val   = va_arg(*params, struct randval *);

+	/*
+	 * @TODO for both of these...each user should be identified
+	 * by a number...that way I could use that number in the
+	 * passwords db and no direct association between email and
+	 * password could be made when someone get the hands on the
+	 * password database.
+	 */
+	this->users     = va_arg(*params, Storage);
+	this->passwords = va_arg(*params, Storage);
+
 	// initialize authenticators to use.
 	this->nauth = va_arg(*params, size_t);
 	this->auth  = memMalloc(this->nauth * sizeof(void*));
@ -49,16 +59,6 @@ applicationCtor(void * _this, va_list * params)

 	this->active_sessions = new(Queue);

-	/*
-	 * @TODO for both of these...each user should be identified
-	 * by a number...that way I could use that number in the
-	 * passwords db and no direct association between email and
-	 * password could be made when someone get the hands on the
-	 * password database.
-	 */
-	this->users     = new(Storage, "./run/users.db");
-	this->passwords = new(Storage, "./run/passwords.db");
-
 	return 0;
 }

@ -69,8 +69,6 @@ applicationDtor(void * _this)
 	Application this = _this;
 	size_t      i;

-	delete(this->passwords);
-	delete(this->users);
 	delete(this->active_sessions);

 	for (i=0; i<this->nauth; i++) {
--- a/src/application/signup.c
+++ b/src/application/signup.c
@ -41,8 +41,8 @@ applicationSignup(
 		Session     session)
 {
 	unsigned char   hash_data[SALT_SIZE+HASH_SIZE];
-	unsigned char * salt = hash_data;
-	unsigned char * hash = hash_data + SALT_SIZE;
+	unsigned char * salt = NULL;
+	unsigned char * hash = hash_data+SALT_SIZE;

 	if (NULL != userLoad(user, this->users)) {
 		/*
@ -67,6 +67,10 @@ applicationSignup(
 		return 0;
 	}

+	memcpy(hash_data, salt, SALT_SIZE);
+
+	MEM_FREE(salt);
+
 	storagePut(
 			this->passwords,
 			CRED_PWD(cred).user,
--- a/src/auth/storage/storage.c
+++ b/src/auth/storage/storage.c
@ -21,7 +21,7 @@
 */

 #include "class.h"
-#include "storage.h"
+#include "storage/storage.h"
 #include "auth.h"
 #include "commons.h"
 #include "utils/memory.h"
@ -90,6 +90,6 @@ authStorageAuthenticate(void * _this, Credential cred)

 INIT_IFACE(Class, authStorageCtor, authStorageDtor, NULL);
 INIT_IFACE(Auth, authStorageAuthenticate);
-CREATE_CLASS(AuthLdap, NULL, IFACE(Class), IFACE(Auth));
+CREATE_CLASS(AuthStorage, NULL, IFACE(Class), IFACE(Auth));

 // vim: set ts=4 sw=4:
--- a/src/storage/get.c
+++ b/src/storage/get.c
@ -25,8 +25,8 @@
 #include <stdlib.h>
 #include <sys/types.h>

-#include "storage.h"
 #include "class.h"
+#include "storage/storage.h"

 #include "utils/memory.h"

--- a/src/storage/put.c
+++ b/src/storage/put.c
@ -24,8 +24,8 @@
 #include <string.h>
 #include <sys/types.h>

-#include "storage.h"
 #include "class.h"
+#include "storage/storage.h"

 #include "utils/memory.h"

--- a/src/storage/storage.c
+++ b/src/storage/storage.c
@ -24,8 +24,8 @@
 #include <string.h>
 #include <sys/stat.h>

-#include "storage.h"
 #include "class.h"
+#include "storage/storage.h"

 #include "utils/memory.h"

--- a/src/storage/update.c
+++ b/src/storage/update.c
@ -24,8 +24,8 @@
 #include <string.h>
 #include <sys/types.h>

-#include "storage.h"
 #include "class.h"
+#include "storage/storage.h"

 #include "utils/memory.h"

--- a/src/taskrambler.c
+++ b/src/taskrambler.c
@ -140,7 +140,10 @@ main()

 		default:
 			{
-				AuthLdap               ldap;
+				Storage                users;
+				Storage                passwords;
+				AuthLdap               authLdap;
+				AuthStorage            authStorage;
 				Application            application;
 				ApplicationAdapterHttp adapterHttp;
 				HttpWorker             worker;
@ -154,12 +157,27 @@ main()

 				logger = new(LoggerSyslog, LOGGER_DEBUG);

-				worker      = new(HttpWorker, "testserver");
-				ldap        = new(
-						AuthLdap, "ldap://hosted/", CSTRA(LDAP_BASE));
-				application = new(Application, value, 1, ldap);
+				authLdap = new(
+						AuthLdap,
+						"ldap://hosted/",
+						CSTRA(LDAP_BASE));
+
+				users       = new(Storage, "./run/users.db");
+				passwords   = new(Storage, "./run/passwords.db");
+				authStorage = new(AuthStorage, passwords);
+
+				application = new(
+						Application,
+						value,
+						users,
+						passwords,
+						2,
+						authLdap,
+						authStorage);

 				adapterHttp = new(ApplicationAdapterHttp, application);
+
+				worker = new(HttpWorker, "testserver");
 				subjectAttach(worker, adapterHttp);

 				server = new(Server, logger, worker, 11212, SOMAXCONN);
@ -210,6 +228,10 @@ main()
 				delete(worker);
 				delete(adapterHttp);
 				delete(application);
+				delete(authStorage);
+				delete(passwords);
+				delete(users);
+				delete(authLdap);
 				delete(logger);

 				clearMimeTypes();
--- a/src/user/load.c
+++ b/src/user/load.c
@ -24,7 +24,7 @@
 #include <string.h>

 #include "user.h"
-#include "storage.h"
+#include "storage/storage.h"
 #include "class.h"

 #include "utils/memory.h"
--- a/src/user/save.c
+++ b/src/user/save.c
@ -24,7 +24,7 @@
 #include <string.h>

 #include "user.h"
-#include "storage.h"
+#include "storage/storage.h"
 #include "class.h"

 #include "utils/memory.h"
--- a/src/user/user.c
+++ b/src/user/user.c
@ -21,7 +21,7 @@
 */

 #include "user.h"
-#include "storage.h"
+#include "storage/storage.h"
 #include "class.h"

 #include "utils/memory.h"
--- a/src/utils/hash.c
+++ b/src/utils/hash.c
@ -52,21 +52,4 @@ sdbm(const unsigned char * str, size_t len)
 	return hash;
 }

-
-/*
- * this will use openssl to hash a given password with a given salt.
- * If salt is NULL a random salt is generated and returned in salt.
- * The memory for this is allocated via memMalloc and has to be freed
- * by the caller via MEM_FREE.
- * The size of the salt is always SALT_SIZE and that of hash is always
- * hash size. Both are defined in auth/storage.h
- */
-int
-hash_pw(
-		const char    *  password,
-		const size_t     npassword,
-		unsigned char *  pw_hash,
-		unsigned char ** salt)
-{
-}
 // vim: set ts=4 sw=4: