From 413aad47bd3443e18aa802f85bd9d5ab2241eeb1 Mon Sep 17 00:00:00 2001
From: mrfry <mr.fry@tutanota.com>
Date: Sat, 6 May 2023 09:56:49 +0200
Subject: [PATCH] removed validation check, added pw check

---
 src/middlewares/auth.middleware.ts           |  2 +-
 src/modules/api/p2p/p2putils.ts              |  2 +-
 src/modules/api/submodules/userManagement.ts | 85 +++++---------------
 submodules/qmining-page                      |  2 +-
 4 files changed, 24 insertions(+), 67 deletions(-)

diff --git a/src/middlewares/auth.middleware.ts b/src/middlewares/auth.middleware.ts
index 2405541..a5346bd 100644
--- a/src/middlewares/auth.middleware.ts
+++ b/src/middlewares/auth.middleware.ts
@@ -27,7 +27,7 @@ import dbtools from '../utils/dbtools'
 const EXCEPTIONS = [
     '/api/registerscript',
     '/api/login',
-    '/api/validationtoken',
+    '/api/ispwvalid',
     '/api/syncp2pdata',
     '/api/selfInfo',
     '/favicon.ico',
diff --git a/src/modules/api/p2p/p2putils.ts b/src/modules/api/p2p/p2putils.ts
index 7a1439e..96d97df 100644
--- a/src/modules/api/p2p/p2putils.ts
+++ b/src/modules/api/p2p/p2putils.ts
@@ -211,7 +211,7 @@ export async function loginAndPostDataToAllPeers<
             ) {
                 results.errors.push(peer)
                 console.error(
-                    `Error: posting data to ${peerToString(peer)}`,
+                    `Error posting data to ${peerToString(peer)}`,
                     res.error || JSON.stringify(res.data)
                 )
             } else {
diff --git a/src/modules/api/submodules/userManagement.ts b/src/modules/api/submodules/userManagement.ts
index ead5605..ac926b1 100644
--- a/src/modules/api/submodules/userManagement.ts
+++ b/src/modules/api/submodules/userManagement.ts
@@ -18,7 +18,7 @@
 
  ------------------------------------------------------------------------- */
 
-import { v4 as uuidv4, v5, validate as validateuuid } from 'uuid'
+import { v4 as uuidv4 } from 'uuid'
 import type { Database } from 'better-sqlite3'
 
 import logger from '../../../utils/logger'
@@ -80,19 +80,6 @@ function createDefaultUser(userDb: Database) {
     logger.Log('It can be also viewed in the users db file.')
 }
 
-// TODO: figure out if this is needed
-// const validationTokenNameFile = 'data/validationTokenName'
-// function readValidationTokenName() {
-//     if (utils.FileExists(validationTokenNameFile)) {
-//         return utils.ReadFile(validationTokenNameFile)
-//     } else {
-//         throw new Error(
-//             `Validation token file does not exist! Should be: "${validationTokenNameFile}", content should be: "name for uuidv5 (any text)"`
-//         )
-//     }
-// }
-const validationTokenName = 'qmining' // readValidationTokenName()
-
 function setup(data: SubmoduleData): Submodule {
     const { app, userDB } = data
 
@@ -186,6 +173,26 @@ function setup(data: SubmoduleData): Submodule {
         })
     })
 
+    app.post('/ispwvalid', (req: Request, res: any) => {
+        logger.LogReq(req)
+
+        const pw = req.body.pw
+            ? req.body.pw.replace(/'/g, '').replace(/"/g, '').replace(/;/g, '')
+            : false
+
+        console.log(req.body)
+
+        const user: User = dbtools.Select(userDB, 'users', {
+            pw: pw,
+        })[0]
+
+        if (user) {
+            res.json({ success: true })
+        } else {
+            res.json({ success: false })
+        }
+    })
+
     app.post('/login', (req: Request, res: any) => {
         logger.LogReq(req)
         const pw = req.body.pw
@@ -320,56 +327,6 @@ function setup(data: SubmoduleData): Submodule {
         })
     })
 
-    app.get(
-        '/validationtoken',
-        (req: Request<{ token: string; userid: string }>, res: any) => {
-            logger.LogReq(req)
-            const user: User = req.session.user
-            const { token, userid } = req.query
-            const isQueryValid = validateuuid(token) && !Number.isNaN(+userid)
-
-            if (isQueryValid) {
-                const specifiedUser = dbtools.Select(userDB, 'users', {
-                    id: +userid,
-                })
-
-                if (specifiedUser.length === 0 || !specifiedUser[0]) {
-                    res.json({
-                        result: 'nouserid',
-                        msg: 'couldnt find user',
-                    })
-                }
-                const key = v5(validationTokenName, specifiedUser[0].pw)
-                const isValid = key === token
-
-                res.json({
-                    result: 'success',
-                    isValid: isValid,
-                })
-            } else if ((token || userid) && !isQueryValid) {
-                res.json({
-                    result: 'invalid',
-                    msg: 'token or user id is not valid, or undefined',
-                })
-            } else if (!user) {
-                res.json({
-                    result: 'nouser',
-                    msg: 'you are not logged in',
-                })
-            } else {
-                const key = v5(validationTokenName, user.pw)
-
-                res.json({
-                    result: 'newtoken',
-                    key: key,
-                    ...((token || userid) && {
-                        msg: 'userid or token was provided, but was invalid',
-                    }),
-                })
-            }
-        }
-    )
-
     function getDayDiff(dateString: string | Date | number) {
         const msdiff = new Date().getTime() - new Date(dateString).getTime()
         return Math.floor(msdiff / (1000 * 3600 * 24))
diff --git a/submodules/qmining-page b/submodules/qmining-page
index 96d1daf..b008eee 160000
--- a/submodules/qmining-page
+++ b/submodules/qmining-page
@@ -1 +1 @@
-Subproject commit 96d1dafe90a55a476876958b384958b3d394f963
+Subproject commit b008eee6f17441ea833ed4036b687da180dcf370