From 9f624560ffb625d7766480c4621169025df32c33 Mon Sep 17 00:00:00 2001
From: Andreas Baumann <mail@andreasbaumann.cc>
Date: Fri, 31 Jul 2015 15:30:32 +0200
Subject: checking password with cracklib now added printName (the visible name
 of the user in registration and login)

---
 CMakeLists.txt         |  3 ++-
 sql/sqlite3.sql        |  4 +++-
 src/cracklib.cpp       | 22 +++++++++++++++++++++
 src/cracklib.hpp       | 13 +++++++++++++
 src/master.cpp         |  5 +++++
 src/master_content.hpp |  1 +
 src/user.cpp           | 53 +++++++++++++++++++++++++++++++++++++-------------
 src/user.hpp           |  8 +++++++-
 src/user_content.hpp   |  1 +
 templates/master.tmpl  |  4 ++++
 10 files changed, 97 insertions(+), 17 deletions(-)
 create mode 100644 src/cracklib.cpp
 create mode 100644 src/cracklib.hpp

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 00812f3..af1da58 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -48,6 +48,7 @@ set(SRC
 	src/main.cpp
 	src/strusCms.cpp
 	src/captcha.cpp
+	src/cracklib.cpp
 	src/mail.cpp
 	src/master.cpp
 	src/intro.cpp
@@ -75,7 +76,7 @@ endif()
 link_directories( "${PROJECT_SOURCE_DIR}/3rdParty/captcha" )
 link_directories( "${PROJECT_SOURCE_DIR}/3rdParty/libb64" )
 link_directories( "${PROJECT_SOURCE_DIR}/3rdParty/libquickmail" )
-target_link_libraries(strusCms ${BOOSTER} ${CPPCMS} ${CPPDB} captcha b64 quickmail curl cryptopp)
+target_link_libraries(strusCms ${BOOSTER} ${CPPCMS} ${CPPDB} captcha b64 quickmail curl cryptopp crack)
 
 #~ set(LOCALES de fr)
 #~ 
diff --git a/sql/sqlite3.sql b/sql/sqlite3.sql
index ff22476..46a9d83 100644
--- a/sql/sqlite3.sql
+++ b/sql/sqlite3.sql
@@ -17,6 +17,7 @@ insert into userstatus values( 'D', 'User disabled' );
 create table user(
 	id integer primary key autoincrement not null,
 	username varchar(32) unique not null,
+	printname varchar(32) unique not null,
 	password varchar(32) not null,
 	email varchar(32),
 	status char(1) references userstatus(status) default 'U',
@@ -24,7 +25,8 @@ create table user(
 	code varchar(32)
 );
 
-insert into user(username, password, status) values('admin','admin', 'A');
+-- dangerous, disable default admin if necessary
+insert into user( username, printname, password, status ) values( 'admin', 'The Root', 'admin', 'A' );
 
 create table login(
 	id integer primary key autoincrement not null,
diff --git a/src/cracklib.cpp b/src/cracklib.cpp
new file mode 100644
index 0000000..022aff0
--- /dev/null
+++ b/src/cracklib.cpp
@@ -0,0 +1,22 @@
+#include "cracklib.hpp"
+
+#include <cstdlib>
+
+#include "crack.h"
+
+PasswordCheck checkPassword( const std::string login, const std::string name, const std::string password )
+{
+	PasswordCheck c;
+	const char *m;
+		
+	m = FascistCheckUser( password.c_str( ), NULL, login.c_str( ), name.c_str( ) );
+	if( m == NULL ) {
+		c.ok = true;
+		c.msg = "Password ok";
+	} else {
+		c.ok = false;
+		c.msg = std::string( m );
+	}
+
+	return c;
+}
diff --git a/src/cracklib.hpp b/src/cracklib.hpp
new file mode 100644
index 0000000..0a7f400
--- /dev/null
+++ b/src/cracklib.hpp
@@ -0,0 +1,13 @@
+#ifndef CRACKLIB_HPP
+#define CRACKLIB_HPP
+
+#include <string>
+
+typedef struct PasswordCheck {
+	bool ok;
+	std::string msg;
+} PasswordCheck;
+
+PasswordCheck checkPassword( const std::string login, const std::string name, const std::string password );
+				    
+#endif
diff --git a/src/master.cpp b/src/master.cpp
index bd3e5df..021fdb2 100644
--- a/src/master.cpp
+++ b/src/master.cpp
@@ -22,6 +22,11 @@ void master::ini( content::master &c )
 	} else {
 		c.username = "";
 	}
+	if( session( ).is_set( "printName" ) ) {
+		c.printName = session( )["printName" ];
+	} else {
+		c.printName = "";
+	}
 	c.login_link = cms.root( ) + "/login";
 	c.logout_link = cms.root( ) + "/logout";
 	c.register_link = cms.root( ) + "/register";
diff --git a/src/master_content.hpp b/src/master_content.hpp
index 11eabd5..5ea54ee 100644
--- a/src/master_content.hpp
+++ b/src/master_content.hpp
@@ -20,6 +20,7 @@ struct master : public cppcms::base_content {
 	std::string logout_link;
 	std::string register_link;
 	std::string username;
+	std::string printName;
 	std::string _root;
 	std::string url;
 
diff --git a/src/user.cpp b/src/user.cpp
index 33e7296..64154a7 100644
--- a/src/user.cpp
+++ b/src/user.cpp
@@ -2,6 +2,7 @@
 #include "user.hpp"
 #include "strusCms.hpp"
 #include "captcha.hpp"
+#include "cracklib.hpp"
 
 #include <cppcms/url_dispatcher.h>  
 #include <cppcms/url_mapper.h>   
@@ -42,6 +43,23 @@ user::user( strusCms &cms )
 	cms.dispatcher( ).assign( "/api/user/(\\w+)", &user::api_user, this, 1 );
 }
 
+User user::getUserData( const std::string username )
+{
+	User user;
+
+	cppdb::session sql( cms.conn );
+	cppdb::result r;
+	r = sql << "SELECT username, printname, email FROM user WHERE username=?" << username << cppdb::row;
+	if( r.empty( ) ) {
+		return user;
+	}
+	r >> user.name;
+	r >> user.printName;
+	r >> user.email;
+
+	return user;
+}
+
 void user::login( )
 {
 	content::user c( cms );
@@ -53,6 +71,9 @@ void user::login( )
 			session( ).erase( "prelogin" );
 			session( )["username"] = c.login.username.value( );
 			session( ).expose( "username" );
+			User u = getUserData( c.login.username.value( ) );
+			session( )["printName"] = u.printName;
+			session( ).expose( "printName" );
 			response( ).set_redirect_header( cms.root( ) );
 		} else {
 			booster::ptime::sleep( booster::ptime( 5, 0 ) );
@@ -79,7 +100,8 @@ void user::register_user( )
 		c.register_user.load( context( ) );
 		if( c.register_user.validate( ) ) {
 			std::string code = registration_start( c.register_user.username.value( ),
-				c.register_user.password.value( ), c.register_user.email.value( ) );
+				c.register_user.password.value( ), c.register_user.printName.value( ),
+				c.register_user.email.value( ) );
 
 			cms.mail.subject = "Registration request";
 			
@@ -131,11 +153,12 @@ void user::api_users( )
 {
 	cppdb::session sql( cms.conn );
 	cppdb::result r;
-	r = sql << "SELECT username, email FROM user";
+	r = sql << "SELECT username, printname, email FROM user";
 	std::vector<User> users;
 	while( r.next( ) ) {	
 		User user;
 		r >> user.name;
+		r >> user.printName;
 		r >> user.email;
 		users.push_back( user );
 	}
@@ -149,15 +172,7 @@ void user::api_users( )
 
 void user::api_user( std::string username )
 {
-	cppdb::session sql( cms.conn );
-	cppdb::result r;
-	r = sql << "SELECT username, email FROM user WHERE username=?" << username << cppdb::row;
-	if( r.empty( ) ) {
-		return;
-	}
-	User user;
-	r >> user.name;
-	r >> user.email;
+	User user = getUserData( username );
 	
 	cppcms::json::value j;
 	
@@ -248,7 +263,7 @@ std::string compute_token_hash( const std::string user, const std::string token
 
 }
 
-std::string user::registration_start( const std::string user, const std::string password, const std::string email )
+std::string user::registration_start( const std::string user, const std::string password, const std::string printName, const std::string email )
 {
 	std::time_t now_time = std::time( 0 );
 	std::tm now = *std::localtime( &now_time );
@@ -257,8 +272,8 @@ std::string user::registration_start( const std::string user, const std::string
 
 	cppdb::session sql( cms.conn );	
 	cppdb::statement stmt;
-	stmt = sql << "INSERT INTO user(username, password, email, status, registration_start, code ) VALUES( ?, ?, ?, 'R', ?, ? )" 
-		<< user << password << email << now << code;
+	stmt = sql << "INSERT INTO user(username, password, printName, email, status, registration_start, code ) VALUES( ?, ?, ?, ?, 'R', ?, ? )" 
+		<< user << password << printName << email << now << code;
 	stmt.exec( );
 	
 	return code;
@@ -349,6 +364,7 @@ register_user_form::register_user_form( apps::strusCms &cms  )
 {
 	username.message( "Your login" );
 	username.error_message( "Your login is illegal" );
+	printName.message( "Your real name (optional)" );
 	password.message( "Your password" );
 	password.error_message( "Your password is illegal" );
 	password2.message( "Your password (again)" );
@@ -360,6 +376,7 @@ register_user_form::register_user_form( apps::strusCms &cms  )
 	submit.value( "Register user" );
 	
 	add( username );
+	add( printName );
 	add( password );
 	add( password2 );
 	add( email );
@@ -392,6 +409,14 @@ bool register_user_form::validate( )
 		password2.error_message( "Passwords didn't match" );
 		return false;
 	}
+	
+	PasswordCheck check = checkPassword( username.value( ), printName.value( ), password.value( ) );
+	if( !check.ok ) {
+		password.valid( false );
+		password2.valid( false );
+		password.error_message( check.msg );
+		password2.error_message( check.msg );
+	}
 
 	if( captcha.value( ).compare( cms.user.last_captcha ) != 0 ) {
 		captcha.valid( false );
diff --git a/src/user.hpp b/src/user.hpp
index 8960512..d3463d9 100644
--- a/src/user.hpp
+++ b/src/user.hpp
@@ -7,6 +7,8 @@
 
 #include <cppcms/json.h>
 
+struct User;
+
 namespace apps {
 
 class user : public master {
@@ -15,8 +17,9 @@ class user : public master {
 		bool check_login( const std::string user, const std::string password );
 		bool user_exists( const std::string user );
 		void delete_user( const std::string user );
-		std::string registration_start( const std::string user, const std::string password, const std::string email );
+		std::string registration_start( const std::string user, const std::string password, const std::string printName, const std::string email );
 		bool verify_registration_code( const std::string code );
+		User getUserData( const std::string username );
 
 	public:
 		std::string last_captcha;
@@ -36,6 +39,7 @@ class user : public master {
 
 struct User {
 	std::string name;
+	std::string printName;
 	std::string email;
 };
 
@@ -52,6 +56,7 @@ struct traits<User> {
 			throw bad_value_cast( );
 		}
 		u.name = v.get<std::string>( "name" );
+		u.printName = v.get<std::string>( "printName" );
 		u.email = v.get<std::string>( "email" );
 		return u;
 	}
@@ -59,6 +64,7 @@ struct traits<User> {
 	static void set( value &v, User const &u )
 	{
 		v.set( "name", u.name );
+		v.set( "printName", u.printName );
 		v.set( "email", u.email );
 	}
 		
diff --git a/src/user_content.hpp b/src/user_content.hpp
index 756f314..29df43d 100644
--- a/src/user_content.hpp
+++ b/src/user_content.hpp
@@ -22,6 +22,7 @@ struct login_form : public cppcms::form {
 struct register_user_form : public cppcms::form {
 	apps::strusCms &cms;
 	cppcms::widgets::text username;
+	cppcms::widgets::text printName;
 	cppcms::widgets::password password;
 	cppcms::widgets::password password2;
 	cppcms::widgets::text email;
diff --git a/templates/master.tmpl b/templates/master.tmpl
index 118e114..e54a5e1 100644
--- a/templates/master.tmpl
+++ b/templates/master.tmpl
@@ -25,6 +25,7 @@
           <li><a href="http://brokestream.com/captcha.html"</li>libcaptcha</a><br/>a C standalone Captcha generator</li>
           <li><a href="http://libb64.sourceforge.net/"</li>libb64</a><br/>a C++ BASE64 encoder/decoder library</li>
           <li><a href="http://sourceforge.net/projects/libquickmail/">libquickmail</a><br/>a C++ library to send emails</li>
+          <li><a href="http://sourceforge.net/projects/cracklib">cracklib</a><br/>for checking password strength</li>
           <li><a href="http://www.cryptopp.com/">Crypto++</a><br/>a C++ crypto library</li>
           <li><a href="http://bitwiseshiftleft.github.io/sjcl/">SJCL</a><br/>the Stanford Javascript Crypto Library</li>
         </ul>
@@ -34,6 +35,9 @@
 		<h2><% include title( ) %></h2>
 		<% if not empty username %>
 			<p>Logged in as <%= username %>
+			<% if not empty printName %>
+				(<%= printName%>)
+			<% end %>
 			<a href="<%= logout_link %>">Logout</a></p>
 		<% else %>
 			<p>Currently not logged in</p>
-- 
cgit v1.2.3-54-g00ecf