From e5ed1d6ae841b4ac49966a96be32156d577663ea Mon Sep 17 00:00:00 2001 From: Tomasz Sowa Date: Wed, 27 Jul 2022 01:25:49 +0200 Subject: [PATCH] fix: do not use cur if login winix function if config.use_internal_loggin_mechanism is false In the login winix function cur pointer will be null if config.use_internal_loggin_mechanism is false, in such a case those objects are not registered as winix functions but we have a public api (the public api should be moved somewhere e.g. make a service layer) --- winixd/functions/login.cpp | 18 ++++++++++++++++++ winixd/functions/login.h | 9 ++++++++- 2 files changed, 26 insertions(+), 1 deletion(-) diff --git a/winixd/functions/login.cpp b/winixd/functions/login.cpp index 57a4c5c..dd89b8f 100644 --- a/winixd/functions/login.cpp +++ b/winixd/functions/login.cpp @@ -113,6 +113,9 @@ bool Login::CheckUserPass(const std::wstring & login, const std::wstring & passw { bool result; + if( !cur ) + return false; + morm::Finder finder(model_connector); User user = finder. @@ -186,6 +189,9 @@ void Login::CheckBan() bool Login::ShouldUseCaptchaForCurrentIP() { + if( !cur ) + return false; + if( cur->session->ip_ban ) return ShouldUseCaptchaFor(*cur->session->ip_ban); @@ -195,6 +201,9 @@ return false; bool Login::ShouldUseCaptchaFor(const IPBan & ipban) { + if( !cur ) + return false; + if( ipban.expires != 0 && cur->request->start_time >= ipban.expires ) return false; // the 'ip block' has expired (but incorrect_login_events has the old value) @@ -204,6 +213,9 @@ return ipban.incorrect_login_events >= config->incorrect_login_captcha_treshold; bool Login::CannotLoginFromCurrentIP() { + if( !cur ) + return false; + if( cur->session->ip_ban ) return CannotLoginFrom(*cur->session->ip_ban); @@ -213,6 +225,9 @@ return false; bool Login::CannotLoginFrom(const IPBan & ipban) { + if( !cur ) + return false; + if( ipban.IsIPBanned() ) return true; @@ -260,6 +275,9 @@ bool Login::LoginUser(const std::wstring & login, const std::wstring & password, { long user_id; + if( !cur ) + return false; + if( cur->session->id == 0 ) { log << log2 << "Login: can't login in a temporary session (skipped)" << logend; diff --git a/winixd/functions/login.h b/winixd/functions/login.h index 03af481..bb748c4 100644 --- a/winixd/functions/login.h +++ b/winixd/functions/login.h @@ -45,7 +45,14 @@ namespace Winix namespace Fun { - +/* + * WARNING + * cur will be null if config.use_internal_loggin_mechanism is false + * in such a case those objects are not registered as winix functions + * but we have a public api + * (the public api should be moved somewhere e.g. make a service layer) + * + */ class Login : public FunctionBase { public: