Changeset - 8d190f8548e7
Parent rev.
Child rev.
[Not reviewed]
0 1 0
Jan Kaluza - 10 years ago 2016-02-19 22:23:54
jkaluza@redhat.com
Web interface: Do not allow empty password when it is needed
1 file changed with 3 insertions and 2 deletions:
spectrum_manager/src/APIServer.cpp
3
2
0 comments (0 inline, 0 general)
spectrum_manager/src/APIServer.cpp
Show inline comments
 
@@ -238,58 +238,59 @@ void APIServer::serve_instances_unregister(Server *server, Server::session *sess
 
	}
 
	else {
 
		send_ack(conn, true, "You are not registered to this Spectrum 2 instance.");
 
	}
 
}
 

			




	
	
	
		
 
void APIServer::serve_instances_register(Server *server, Server::session *session, struct mg_connection *conn, struct http_message *hm) {

			




	
	
	
		
 
	std::string uri(hm->uri.p, hm->uri.len);

			




	
	
	
		
 
	std::string instance = uri.substr(uri.rfind("/") + 1);

			




	
	
	
		
 

			




	
	
	
		
 
	UserInfo info;

			




	
	
	
		
 
	m_storage->getUser(session->user, info);

			




	
	
	
		
 

			




	
	
	
		
 
	std::string username = "";

			




	
	
	
		
 
	int type = (int) TYPE_STRING;

			




	
	
	
		
 
	m_storage->getUserSetting(info.id, instance, type, username);

			




	
	
	
		
 

			




	
	
	
		
 
	std::string jid = get_http_var(hm, "jid");

			




	
	
	
		
 
	std::string uin = get_http_var(hm, "uin");

			




	
	
	
		
 
	std::string password = get_http_var(hm, "password");

			




	
	
	
		
 

			




	
	
	
		
 
	// For some networks like IRC, there is no registration.

			




	
	
	
		
 
	// We detect such networks according to registration_fields and use

			




	
	
	
		
 
	// "unknown" uin for them.

			




	
	
	
		
 
	if (uin.empty()) {

			




	
	
	
		
 
	if (uin.empty() || password.empty()) {

			




	
	
	
		
 
		std::string response = server->send_command(instance, "registration_fields");

			




	
	
	
		
 
		std::vector<std::string> fields;

			




	
	
	
		
 
		boost::split(fields, response, boost::is_any_of("\n"));

			




	
	
	
		
 
		if (fields.size() == 1) {

			




	
	
	
		
 
			uin = "unknown";

			




	
	
	
		
 
			password = "unknown";

			




	
	
	
		
 
		}

			




	
	
	
		
 
	}

			




	
	
	
		
 

			




	
	
	
		
 
	if (jid.empty() || uin.empty()) {

			




	
	
	
		
 
	if (jid.empty() || uin.empty() || password.empty()) {

			




	
	
	
		
 
		send_ack(conn, true, "Insufficient data.");

			




	
	
	
		
 
	}

			




	
	
	
		
 
	else {

			




	
	
	
		
 
		// Check if the frontend wants to use OAuth2 (Slack for example).

			




	
	
	
		
 
		std::string response = server->send_command(instance, "get_oauth2_url " + jid + " " + uin + " " + password);

			




	
	
	
		
 
		if (!response.empty()) {

			




	
	
	
		
 
			Document json;

			




	
	
	
		
 
			json.SetObject();

			




	
	
	
		
 
			json.AddMember("error", false, json.GetAllocator());

			




	
	
	
		
 
			json.AddMember("oauth2_url", response.c_str(), json.GetAllocator());

			




	
	
	
		
 
			send_json(conn, json);

			




	
	
	
		
 
		}

			




	
	
	
		
 
		else {

			




	
	
	
		
 
			response = server->send_command(instance, "register " + jid + " " + uin + " " + password);

			




	
	
	
		
 
			if (!response.empty()) {

			




	
	
	
		
 
				std::string value = jid;

			




	
	
	
		
 
				int type = (int) TYPE_STRING;

			




	
	
	
		
 
				m_storage->updateUserSetting(info.id, instance, value);

			




	
	
	
		
 
			}

			




	
	
	
		
 
			else {

			




	
	
	
		
 
				send_ack(conn, true, response);

			




	
	
	
		
 
				return;

			




	
	
	
		
 
			}

			




	
	
	
		
 
		}

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        Server instance: srv01-12228
    
    
        This site is powered by
            Kallithea,
        which is
        © 2010–2021 by various authors & licensed under GPLv3.
            – Support