Tokengenerierung funktioniert und Sicherheitsmechanismus mittels Cryptographic Funktion auf VERAG_Prog_Allgemein verschlüsseltem Token an der URL zum PW Resetten

2021-10-08 13:45:16 +02:00
parent 46edf79845
commit 36e6191b5a
5 changed files with 107 additions and 23 deletions
--- a/login/ChangePW.aspx.vb
+++ b/login/ChangePW.aspx.vb
@@ -3,14 +3,18 @@ Partial Class login_ChangePW
    Inherits System.Web.UI.Page

    Protected Sub Page_Load(sender As Object, e As EventArgs)
+        Dim url = Request.ServerVariables("URL")
+        Session.Add("urltochangepw", url)

-        btn_submitpw.Enabled = False
-        txt_Pw_WH.Enabled = False
-        regexval_txt_Pw_WH.Enabled = False
-        If IsPostBack Then
-            reqPasswtxt.Validate()
-            reqPassw1txt.Validate()
-            Session.Add("urltochangepw", Request.Url.AbsoluteUri)
+        If getDateoftoken(VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par1"))) = True Then
+            txt_Pw_WH.Enabled = False
+            regexval_txt_Pw_WH.Enabled = False
+            If IsPostBack Then
+                reqPasswtxt.Validate()
+                reqPassw1txt.Validate()
+            End If
+        Else
+            btn_submitpw.Enabled = False
        End If
    End Sub

@@ -23,6 +27,16 @@ Partial Class login_ChangePW
            btn_submitpw.Enabled = False
        End If
    End Sub
+    Public Function geturlofpage() As String
+        Dim url = Request.Url.Authority + HttpContext.Current.Request.RawUrl.ToString()
+
+        If Request.ServerVariables("HTTPS") = "on" Then
+            url = "https://" + url
+        Else
+            url = "http://" + url
+        End If
+        Return url
+    End Function

    Protected Sub btn_submitpw_Click(sender As Object, e As EventArgs)
        Dim tempstr As String = ""
@@ -47,7 +61,6 @@ Partial Class login_ChangePW
            Msg = "PW nicht erfolgreich geändert!"
            Style = vbAbortRetryIgnore + vbCritical + vbDefaultButton1
            Title = "Error"
-
            MsgBox(Msg, Style, Title)
            If MsgBox(Msg, Style, Title).Retry Then
                Response.Redirect(Request.RawUrl)
@@ -73,4 +86,24 @@ Partial Class login_ChangePW
            regexval_txt_Pw_WH.Enabled = False
        End If
    End Sub
+
+    Function getDateoftoken(tokenname As String) As Boolean
+        Dim data() As Byte = Convert.FromBase64String(tokenname)
+        Dim wenn As DateTime = DateTime.FromBinary(BitConverter.ToInt64(data, 0))
+        tmr_PWToken.Interval = 30000
+        tmr_PWToken.Enabled = True
+
+        If wenn < DateTime.UtcNow.AddMinutes(-3) Then
+            Return False
+            MsgBox("Token nicht gefunden oder zu alt!" + Environment.NewLine + "Bitte erneut Mail senden!")
+        Else
+            tmr_PWToken.Enabled = False
+            Return True
+        End If
+    End Function
+
+
+    Protected Sub tmr_PWToken_Tick(sender As Object, e As EventArgs)
+        btn_submitpw.Enabled = False
+    End Sub
 End Class