Hardening SMS code.

2025-10-30 02:12:32 +00:00 · 2021-11-12 08:59:45 -08:00
parent 7bd5b4d4e6
commit 48610bac5d
3 changed files with 17 additions and 36 deletions
--- a/2
+++ b/2
@@ -1 +1 @@
-51
+53
--- a/src/MFAServer.cpp
+++ b/src/MFAServer.cpp
@@ -20,39 +20,26 @@ namespace OpenWifi {
    bool MFAServer::StartMFAChallenge(const SecurityObjects::UserInfoAndPolicy &UInfo, Poco::JSON::Object &ChallengeStart) {
        std::lock_guard G(Mutex_);

-        std::cout << __func__ << " : " << __LINE__ << std::endl;
        CleanCache();
-        std::cout << __func__ << " : " << __LINE__ << std::endl;

        if(!MethodEnabled(UInfo.userinfo.userTypeProprietaryInfo.mfa.method))
            return false;
-        std::cout << __func__ << " : " << __LINE__ << std::endl;

        std::string Challenge = MakeChallenge();
-        std::cout << __func__ << " : " << __LINE__ << std::endl;
        std::string uuid = MicroService::instance().CreateUUID();
-        std::cout << __func__ << " : " << __LINE__ << std::endl;
        uint64_t Created = std::time(nullptr);
-        std::cout << __func__ << " : " << __LINE__ << std::endl;

        ChallengeStart.set("uuid",uuid);
-        std::cout << __func__ << " : " << __LINE__ << std::endl;
        ChallengeStart.set("created", Created);
-        std::cout << __func__ << " : " << __LINE__ << std::endl;
        ChallengeStart.set("method", UInfo.userinfo.userTypeProprietaryInfo.mfa.method);
-        std::cout << __func__ << " : " << __LINE__ << std::endl;

        Cache_[uuid] = MFACacheEntry{ .UInfo = UInfo, .Answer=Challenge, .Created=Created, .Method=UInfo.userinfo.userTypeProprietaryInfo.mfa.method };
-        std::cout << __func__ << " : " << __LINE__ << std::endl;
        return SendChallenge(UInfo, UInfo.userinfo.userTypeProprietaryInfo.mfa.method, Challenge);
    }

    bool MFAServer::SendChallenge(const SecurityObjects::UserInfoAndPolicy &UInfo, const std::string &Method, const std::string &Challenge) {
-        std::cout << __func__ << " : " << __LINE__ << std::endl;
        if(Method=="sms" && SMSSender()->Enabled() && !UInfo.userinfo.userTypeProprietaryInfo.mobiles.empty()) {
-            std::cout << __func__ << " : " << __LINE__ << std::endl;
            std::string Message = "This is your login code: " + Challenge + " Please enter this in your login screen.";
-            std::cout << __func__ << " : " << __LINE__ << std::endl;
            return SMSSender()->Send(UInfo.userinfo.userTypeProprietaryInfo.mobiles[0].number, Message);
        }

--- a/src/SMS_provider_aws.cpp
+++ b/src/SMS_provider_aws.cpp
@@ -40,33 +40,27 @@ namespace OpenWifi {
    }

    bool SMS_provider_aws::Send(const std::string &PhoneNumber, const std::string &Message) {
-        std::cout << __func__ << " : " << __LINE__ << std::endl;
        if(!Running_)
            return false;

-        std::cout << __func__ << " : " << __LINE__ << std::endl;
-        Aws::SNS::SNSClient sns(AwsCreds_,AwsConfig_);
-        std::cout << __func__ << " : " << __LINE__ << std::endl;
-        Aws::SNS::Model::PublishRequest psms_req;
-        std::cout << __func__ << " : " << __LINE__ << std::endl;
-        psms_req.SetMessage(Message.c_str());
-        std::cout << __func__ << " : " << __LINE__ << std::endl;
-        psms_req.SetPhoneNumber(PhoneNumber.c_str());
-        std::cout << __func__ << " : " << __LINE__ << std::endl;
+        try {
+            Aws::SNS::SNSClient sns(AwsCreds_,AwsConfig_);
+            Aws::SNS::Model::PublishRequest psms_req;
+            psms_req.SetMessage(Message.c_str());
+            psms_req.SetPhoneNumber(PhoneNumber.c_str());
+
+            auto psms_out = sns.Publish(psms_req);
+            if (psms_out.IsSuccess()) {
+                Logger_.debug(Poco::format("SMS sent to %s",PhoneNumber));
+                return true;
+            }
+            std::string ErrMsg{psms_out.GetError().GetMessage()};
+            Logger_.debug(Poco::format("SMS NOT sent to %s: %s",PhoneNumber, ErrMsg));
+            return false;
+        } catch (...) {

-        auto psms_out = sns.Publish(psms_req);
-        std::cout << __func__ << " : " << __LINE__ << std::endl;
-        if (psms_out.IsSuccess()) {
-            std::cout << __func__ << " : " << __LINE__ << std::endl;
-            Logger_.debug(Poco::format("SMS sent to %s",PhoneNumber));
-            std::cout << __func__ << " : " << __LINE__ << std::endl;
-            return true;
        }
-        std::cout << __func__ << " : " << __LINE__ << std::endl;
-        std::string ErrMsg{psms_out.GetError().GetMessage()};
-        std::cout << __func__ << " : " << __LINE__ << std::endl;
-        Logger_.debug(Poco::format("SMS NOT sent to %s: %s",PhoneNumber, ErrMsg));
-        std::cout << __func__ << " : " << __LINE__ << std::endl;
+        Logger_.debug(Poco::format("SMS NOT sent to %s: failure in SMS service",PhoneNumber));
        return false;
    }