Fixing fake macAddresses

src/RESTAPI/RESTAPI_signup_handler.cpp

@@ -13,6 +13,7 @@ namespace OpenWifi {
         Poco::toLowerInPlace(UserName);
         auto macAddress = GetParameter("macAddress","");
         Poco::toLowerInPlace(macAddress);
+        auto deviceID = GetParameter("deviceID","");
 
         if(UserName.empty() || macAddress.empty()) {
             return BadRequest(RESTAPI::Errors::MissingOrInvalidParameters);
@@ -30,6 +31,11 @@ namespace OpenWifi {
         SignupDB::RecordVec SEs;
         if(StorageService()->SignupDB().GetRecords(0,100, SEs, " email='" + UserName + "' and serialNumber='"+macAddress+"' ")) {
             for(const auto &i:SEs) {
+
+                if(!i.deviceID.empty() && i.deviceID!=deviceID) {
+                    return BadRequest("Invalid deviceID");
+                }
+
                 if (i.statusCode == ProvObjects::SignupStatusCodes::SignupWaitingForEmail ||
                     i.statusCode == ProvObjects::SignupStatusCodes::SignupWaitingForDevice ||
                     i.statusCode == ProvObjects::SignupStatusCodes::SignupSuccess ) {
@@ -94,6 +100,7 @@ namespace OpenWifi {
             SE.error = 0 ;
             SE.userId = UI.id;
             SE.email = UserName;
+            SE.deviceID = deviceID;
             SE.status = "waiting-for-email-verification";
             SE.statusCode = ProvObjects::SignupStatusCodes::SignupWaitingForEmail;
             StorageService()->SignupDB().CreateRecord(SE);
@@ -191,6 +198,7 @@ namespace OpenWifi {
         auto EMail = GetParameter("email", "");
         auto SignupUUID = GetParameter("signupUUID", "");
         auto macAddress = GetParameter("macAddress", "");
+        auto deviceID = GetParameter("deviceID","");
 
         if(!SignupUUID.empty()) {
             if(StorageService()->SignupDB().DeleteRecord("id", SignupUUID)) {

src/RESTObjects/RESTAPI_ProvObjects.cpp

@@ -673,6 +673,7 @@ namespace OpenWifi::ProvObjects {
         RESTAPI_utils::field_to_json( Obj,"status", status);
         RESTAPI_utils::field_to_json( Obj,"error", error);
         RESTAPI_utils::field_to_json( Obj,"statusCode", statusCode);
+        RESTAPI_utils::field_to_json( Obj,"deviceID", deviceID);
     }
 
     bool SignupEntry::from_json(const Poco::JSON::Object::Ptr &Obj) {
@@ -687,6 +688,7 @@ namespace OpenWifi::ProvObjects {
             RESTAPI_utils::field_from_json( Obj,"status", status);
             RESTAPI_utils::field_from_json( Obj,"error", error);
             RESTAPI_utils::field_from_json( Obj,"statusCode", statusCode);
+            RESTAPI_utils::field_from_json( Obj,"deviceID", deviceID);
             return true;
         } catch(...) {
 

src/RESTObjects/RESTAPI_ProvObjects.h

@@ -436,6 +436,7 @@ namespace OpenWifi::ProvObjects {
         std::string         status;
         uint64_t            error=0;
         uint64_t            statusCode=0;
+        std::string         deviceID;
 
         void to_json(Poco::JSON::Object &Obj) const;
         bool from_json(const Poco::JSON::Object::Ptr &Obj);

src/storage/storage_signup.cpp

@@ -28,7 +28,9 @@ namespace OpenWifi {
             ORM::Field{"completed",ORM::FieldType::FT_BIGINT},
             ORM::Field{"status",ORM::FieldType::FT_TEXT},
             ORM::Field{"error",ORM::FieldType::FT_BIGINT},
-            ORM::Field{"statusCode",ORM::FieldType::FT_BIGINT}
+            ORM::Field{"statusCode",ORM::FieldType::FT_BIGINT},
+            ORM::Field{"macAddress",ORM::FieldType::FT_TEXT},
+            ORM::Field{"deviceID",ORM::FieldType::FT_TEXT}
     };
 
     const static  ORM::IndexVec    SignupDB_Indexes{
@@ -39,7 +41,7 @@ namespace OpenWifi {
     };
 
     SignupDB::SignupDB( OpenWifi::DBType T, Poco::Data::SessionPool & P, Poco::Logger &L) noexcept :
-            DB(T, "signups2", SignupDB_Fields, SignupDB_Indexes, P, L, "sig") {
+            DB(T, "signups3", SignupDB_Fields, SignupDB_Indexes, P, L, "sig") {
     }
 
     bool SignupDB::GetIncompleteSignups(SignupDB::RecordVec &Signups) {
@@ -131,6 +133,8 @@ template<> void ORM::DB<    OpenWifi::SignupDBRecordType, OpenWifi::ProvObjects:
     Out.status = In.get<11>();
     Out.error = In.get<12>();
     Out.statusCode = In.get<13>();
+    Out.macAddress = In.get<14>();
+    Out.deviceID = In.get<15>();
 }
 
 template<> void ORM::DB<    OpenWifi::SignupDBRecordType, OpenWifi::ProvObjects::SignupEntry>::Convert(const OpenWifi::ProvObjects::SignupEntry &In, OpenWifi::SignupDBRecordType &Out) {
@@ -148,4 +152,6 @@ template<> void ORM::DB<    OpenWifi::SignupDBRecordType, OpenWifi::ProvObjects:
     Out.set<11>(In.status);
     Out.set<12>(In.error);
     Out.set<13>(In.statusCode);
+    Out.set<14>(In.macAddress);
+    Out.set<15>(In.deviceID);
 }

src/storage/storage_signup.h

@@ -22,7 +22,9 @@ namespace OpenWifi {
             uint64_t,
             std::string,
             uint64_t,
-            uint64_t
+            uint64_t,
+            std::string,
+            std::string
     > SignupDBRecordType;
 
     class SignupDB : public ORM::DB<SignupDBRecordType, ProvObjects::SignupEntry> {

test_scripts/curl/cli

@@ -469,7 +469,7 @@ affecteddevices() {
 }
 
 signup() {
-    curl    ${FLAGS} -X POST "https://${OWPROV}/api/v1/signup?email=stephane.bourque@gmail.com&serialNumber=24f5a207a130" \
+    curl    ${FLAGS} -X POST "https://${OWPROV}/api/v1/signup?email=stephane.bourque@gmail.com&macAddress=04f8f8fc3771" \
     -H "Content-Type: application/json" \
     -H "Authorization: Bearer ${token}" \
     -H "accept: application/json" > ${result_file}