wtv-mail-count header should return mail for all users instead of just the primary one if you aren't logged in

- this was a deeper rabbit hole than I expected
2022-10-15 18:12:45 -04:00
parent f36733e9c1
commit 8fc0d116f6
10 changed files with 92 additions and 51 deletions
--- a/zefie_wtvp_minisrv/ServiceVault/wtv-1800/preregister.js
+++ b/zefie_wtvp_minisrv/ServiceVault/wtv-1800/preregister.js
@@ -40,7 +40,10 @@ if (socket.ssid) {
 	data = errpage[1];
 }

-if (request_headers.query.relogin && session_data.getSessionData("registered")) gourl += "relogin=true";
+if (request_headers.query.relogin && session_data.getSessionData("registered")) {
+	gourl += "relogin=true";
+	session_data.setUserLoggedIn(false);
+}
 if (request_headers.query.reconnect && session_data.getSessionData("registered")) gourl += "reconnect=true";

 if (session_data.data_store.wtvsec_login) {
--- a/zefie_wtvp_minisrv/ServiceVault/wtv-head-waiter/ValidateLogin.js
+++ b/zefie_wtvp_minisrv/ServiceVault/wtv-head-waiter/ValidateLogin.js
@@ -9,13 +9,12 @@ if (request_headers.query.hangup) {
 Location: client:gototvhome
 wtv-visit: client:hangupphone`
 } else {
-
 	var user_id = (request_headers.query.user_id) ? request_headers.query.user_id : session_data.user_id;

 	if (socket.ssid !== null && user_id !== null) session_data.switchUserID(user_id);

 	if (socket.ssid !== null && !session_data.get("wtvsec_login")) {
-		wtvsec_login = new WTVSec(minisrv_config);
+		wtvsec_login = session_data.createWTVSecSession();
 		wtvsec_login.IssueChallenge();
 		wtvsec_login.set_incarnation(request_headers["wtv-incarnation"]);
 		session_data.set("wtvsec_login", wtvsec_login);
@@ -52,7 +51,7 @@ wtv-visit: client:hangupphone`
 		if (request_headers.query.skip_splash) gourl += "&skip_splash=true";
 	}

-	if (user_id != null && !request_headers.query.initial_login && !request_headers.query.user_login) {
+	if (user_id != null && !request_headers.query.initial_login && !request_headers.query.user_login && !request_headers.query.relogin) {
 		if (request_headers.query.password == "") {
 			headers = `403 Please enter your password and try again
 minisrv-no-mail-count: true
@@ -73,9 +72,10 @@ minisrv-no-mail-count: true
 		if (session_data.baddisk === true) {
 			gourl = "wtv-head-waiter:/bad-disk?"
 		}
-		else if (session_data.getNumberOfUserAccounts() > 1 && user_id === 0 && request_headers.query.initial_login) {
+		else if (session_data.getNumberOfUserAccounts() > 1 && user_id === 0 && (request_headers.query.initial_login || request_headers.query.relogin)) {
 			gourl = "wtv-head-waiter:/choose-user?"
 		} else {
+			if (!session_data.getUserPasswordEnabled() && request_headers.query.user_login) session_data.setUserLoggedIn(true);
 			var limitedLogin = (!session_data.lockdown && (!session_data.get('password_valid') && session_data.getUserPasswordEnabled()));
 			var limitedLoginRegistered = (limitedLogin && session_data.isRegistered());
 		}
@@ -89,7 +89,7 @@ Content-Type: text/html`;
 wtv-encrypted: true`;
 			if (wtvsec_login) session_data.data_store.wtvsec_login.update_ticket = true;
 		}
-		if (limitedLoginRegistered) gourl = "wtv-head-waiter:/password?";
+		if (limitedLoginRegistered && session_data.getUserPasswordEnabled()) gourl = "wtv-head-waiter:/password?";
 		headers += `
 wtv-visit: ${gourl}`;

--- a/zefie_wtvp_minisrv/ServiceVault/wtv-head-waiter/choose-user.js
+++ b/zefie_wtvp_minisrv/ServiceVault/wtv-head-waiter/choose-user.js
@@ -1,6 +1,9 @@
 var minisrv_service_file = true;

-if (socket.ssid !== null) session_data.switchUserID(0);
+if (socket.ssid !== null) {
+    session_data.switchUserID(0);
+    session_data.setUserLoggedIn(false);
+}

 headers = `200 OK
 minisrv-no-mail-count: true
--- a/zefie_wtvp_minisrv/ServiceVault/wtv-head-waiter/login-stage-two.js
+++ b/zefie_wtvp_minisrv/ServiceVault/wtv-head-waiter/login-stage-two.js
@@ -47,7 +47,8 @@ else {
 		var gourl = "wtv-home:/splash?";
 	}
 	var limitedLogin = session_data.lockdown;
-	var limitedLoginRegistered = (limitedLogin || (session_data.isRegistered() && !session_data.isUserLoggedIn()));
+	var limitedLoginRegistered = (limitedLogin || (session_data.isRegistered() && !session_data.isUserLoggedIn()) && session_data.getUserPasswordEnabled());
+	if (!session_data.getUserPasswordEnabled()) session_data.setUserLoggedIn(true);
 	var offline_user_list = null;
 	if (session_data.isRegistered()) {
 		// check for SMTP Password
--- a/zefie_wtvp_minisrv/ServiceVault/wtv-head-waiter/login.js
+++ b/zefie_wtvp_minisrv/ServiceVault/wtv-head-waiter/login.js
@@ -4,9 +4,10 @@ session_data.setUserLoggedIn(false);
 var challenge_response, challenge_header = "";
 if (socket.ssid !== null) session_data.switchUserID(0);

-var gourl = "wtv-head-waiter:/ValidateLogin?initial_login=true&";
+var gourl = "wtv-head-waiter:/ValidateLogin?";
 if (request_headers.query.relogin) gourl += "relogin=true";
 else if (request_headers.query.reconnect) gourl += "reconnect=true";
+else gourl += "initial_login=true"

 if (request_headers.query.guest_login) {
 	if (request_headers.query.relogin || request_headers.query.reconnect) gourl += "&";
@@ -16,7 +17,6 @@ if (request_headers.query.guest_login) {

 var send_to_relogin = true;

-if (socket.ssid) {
 if (session_data) {
 	if (request_headers["wtv-ticket"]) {
 		if (session_data.data_store.wtvsec_login.ticket_b64 == null) {
@@ -44,7 +44,7 @@ if (socket.ssid) {
 			}
 		}
 	}
-	}
+	session_data.setUserLoggedIn(send_to_relogin);
 }

 if (!send_to_relogin) {
@@ -66,7 +66,6 @@ Content-type: text/html`;
 	data = '';

 } else {
-
 	headers = `200 OK
 Connection: Keep-Alive
 Expires: Wed, 09 Oct 1991 22:00:00 GMT
--- a/zefie_wtvp_minisrv/ServiceVault/wtv-head-waiter/relogin.js
+++ b/zefie_wtvp_minisrv/ServiceVault/wtv-head-waiter/relogin.js
@@ -1,4 +1,5 @@
 var minisrv_service_file = true;
+
 session_data.setUserLoggedIn(false);

 var gourl = "wtv-1800:/preregister?";
--- a/zefie_wtvp_minisrv/app.js
+++ b/zefie_wtvp_minisrv/app.js
@@ -1026,7 +1026,12 @@ async function sendToClient(socket, headers_obj, data) {
        if (!headers_obj['minisrv-no-mail-count']) {
            if (ssid_sessions[socket.ssid]) {
                if (ssid_sessions[socket.ssid].isRegistered()) {
-                    if (ssid_sessions[socket.ssid].mailstore) {
+                    console.log("logged in", ssid_sessions[socket.ssid].isUserLoggedIn())
+                    if (!ssid_sessions[socket.ssid].isUserLoggedIn()) {
+                        // not logged in probe all users
+                        headers_obj['wtv-mail-count'] = ssid_sessions[socket.ssid].getAccountTotalUnreadMessages();
+                    } else if (ssid_sessions[socket.ssid].mailstore) {
+                        // logged in
                        headers_obj['wtv-mail-count'] = ssid_sessions[socket.ssid].mailstore.countUnreadMessages(0);
                    }
                }
@@ -1410,8 +1415,10 @@ async function processRequest(socket, data_hex, skipSecure = false, encryptedReq
                        ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_b64 = headers["wtv-ticket"];
                        ssid_sessions[socket.ssid].data_store.wtvsec_login.DecodeTicket(ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_b64);
                        if (ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_store.user_id != null) {
-                            if (ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_store.user_id >= 0)
+                            if (ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_store.user_id >= 0) {
                                ssid_sessions[socket.ssid].switchUserID(ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_store.user_id, true, false);
+                                ssid_sessions[socket.ssid].setUserLoggedIn(true);
+                            }
                        }
                    } else {
                        if (ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_b64 != headers["wtv-ticket"]) {
@@ -1421,8 +1428,10 @@ async function processRequest(socket, data_hex, skipSecure = false, encryptedReq
                                ssid_sessions[socket.ssid].data_store.wtvsec_login.DecodeTicket(ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_b64);
                                if (headers["wtv-incarnation"]) ssid_sessions[socket.ssid].data_store.wtvsec_login.set_incarnation(headers["wtv-incarnation"]);
                                if (ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_store.user_id >= 0) {
-                                    if (ssid_sessions[socket.ssid].user_id != ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_store.user_id)
+                                    if (ssid_sessions[socket.ssid].user_id != ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_store.user_id) {
                                        ssid_sessions[socket.ssid].switchUserID(ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_store.user_id, true, false);
+                                        ssid_sessions[socket.ssid].setUserLoggedIn(true);
+                                    }
                                }
                            }
                        }
--- a/zefie_wtvp_minisrv/includes/WTVClientSessionData.js
+++ b/zefie_wtvp_minisrv/includes/WTVClientSessionData.js
@@ -48,14 +48,16 @@ class WTVClientSessionData {
        this.loginWhitelist = Object.assign([], this.lockdownWhitelist); // clone lockdown whitelist into login whitelist
        this.loginWhitelist.push("wtv-head-waiter:/choose-user");
        this.loginWhitelist.push("wtv-head-waiter:/password");
-        this.loginWhitelist.push("http://*"); // allow http proxy without login
-        this.loginWhitelist.push("https://*"); // allow https proxy without login
    }

    assignMailStore() {
        this.mailstore = new WTVMail(this.minisrv_config, this)
    }

+    assignFavoriteStore() {
+        this.mailstore = this.favstore = new WTVFavorites(this.minisrv_config, this)
+    }
+
    createWTVSecSession() {
        return new WTVSec(this.minisrv_config)
    }
@@ -66,22 +68,39 @@ class WTVClientSessionData {


        var total_unread_messages = 0;
-        for (var i = 0; i < this.minisrv_config.config.user_accounts.max_users_per_account; i++) {
-            var subUserSession = new this.constructor(this.minisrv_config, this.ssid);
-            subUserSession.switchUserID(i, false, false);
+        var accounts = this.listPrimaryAccountUsers();
+        var self = this;
+        Object.keys(accounts).forEach((k) => {
+            var user_id = accounts[k].user_id;
+            var subUserSession = new self.constructor(self.minisrv_config, self.ssid);
+            subUserSession.switchUserID(user_id, false, false);
            subUserSession.assignMailStore();
            if (subUserSession.mailstore) {
                total_unread_messages += subUserSession.mailstore.countUnreadMessages(0);
            }
-        }
+        });
        return total_unread_messages;
    }

-    switchUserID(user_id, update_mail = true, update_ticket = true) {
+    clearUserSessionMemory() {
+        this.setUserLoggedIn(false);
+        this.data_store = new Array();
+        this.session_store = {};
+        this.assignFavoriteStore();
+        this.assignMailStore()
+    }
+
+    switchUserID(user_id, update_mail = true, update_ticket = true, update_favorite = true) {
        this.user_id = user_id;
+        if (user_id != null) {
            this.loadSessionData();
-        if (this.isRegistered()) this.assignMailStore();
+            if (this.isRegistered() && update_mail) this.assignMailStore();
+            if (this.isRegistered() && update_favorite) this.assignMailStore();
            if (this.data_store.wtvsec_login && update_ticket) this.setTicketData('user_id', user_id);
+        } else {
+            this.user_id = 0;
+            this.clearUserSessionMemory();
+        }
    }

    setTicketData(key, value) {
@@ -140,8 +159,14 @@ class WTVClientSessionData {
                if (f.substr(0, 4) == "user") {
                    var user_file = master_directory + self.path.sep + f + self.path.sep + f + ".json";
                    if (self.fs.existsSync(user_file)) {
-                        if (f == "user0") account_data['subscriber'] = JSON.parse(this.fs.readFileSync(user_file));
-                        else account_data[f] = JSON.parse(this.fs.readFileSync(user_file));
+                        if (f == "user0") {
+                            account_data['subscriber'] = JSON.parse(this.fs.readFileSync(user_file));
+                            account_data['subscriber'].user_id = 0;
+                        }
+                        else {
+                            account_data[f] = JSON.parse(this.fs.readFileSync(user_file));
+                            account_data[f].user_id = parseInt(f.replace("user", ''))
+                        }
                    }
                }
            }
@@ -448,7 +473,6 @@ class WTVClientSessionData {
    }

    isUserLoggedIn() {
-        if (!this.getUserPasswordEnabled()) return true; // no password is set so always validate
        var password_valid = this.get("password_valid");
        return (password_valid);
    }
--- a/zefie_wtvp_minisrv/includes/WTVRegister.js
+++ b/zefie_wtvp_minisrv/includes/WTVRegister.js
@@ -24,7 +24,6 @@ class WTVRegister {
    checkUsernameSanity(username) {
        var regex_str = "^([A-Za-z0-9\-\_]{" + this.minisrv_config.config.user_accounts.min_username_length + "," + this.minisrv_config.config.user_accounts.max_username_length + "})$";
        var regex = new RegExp(regex_str);
-        console.log(username, username.length, regex.test(username));
        return regex.test(username);
    }

@@ -37,12 +36,14 @@ class WTVRegister {
        if (directory) search_dir = directory;
        this.fs.readdirSync(search_dir).forEach(file => {
            if (self.fs.lstatSync(search_dir + self.path.sep + file).isDirectory() && !return_val) {
-                return_val =  self.checkUsernameAvailable(username, search_dir + self.path.sep + file);
+                if (search_dir.match(/minisrv\_internal\_nntp/)) return;
+                return_val = !self.checkUsernameAvailable(username, search_dir + self.path.sep + file);
            }
-            if (!file.match(/.*\.json/ig)) return;
+            if (!file.match(/user.*\.json/ig)) return;
            try {
                var temp_session_data_file = self.fs.readFileSync(search_dir + self.path.sep + file, 'Utf8');
                var temp_session_data = JSON.parse(temp_session_data_file);
+                console.log(temp_session_data.subscriber_username.toLowerCase());
                if (temp_session_data.subscriber_username.toLowerCase() == username.toLowerCase()) {
                    return_val = true;
                }
--- a/zefie_wtvp_minisrv/includes/WTVShared.js
+++ b/zefie_wtvp_minisrv/includes/WTVShared.js
@@ -697,7 +697,7 @@ class WTVShared {
                break;
            case 400:
            case 500:
-                if (data === null) data = minisrv_config.config.errorMessages[code].replace(/\$\{(.+)\}/g, function (x) { console.log(x); return minisrv_config.config[x.replace("${", '').replace('}', '')] });
+                if (data === null) data = minisrv_config.config.errorMessages[code].replace(/\$\{(.+)\}/g, function (x) { return minisrv_config.config[x.replace("${", '').replace('}', '')] });
                if (details) data += "<br>Details:<br>" + details;
                if (pc_mode) headers = "500 Internal Server Error\n";
                else headers = code + " " + data + "\n";