scottk/wlan-cloud-ucentralsec
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/wlan-cloud-ucentralsec.git synced 2025-10-30 02:12:32 +00:00
Code Issues Packages Projects Releases 10 Wiki Activity

Fix for subscriber authentication tokens.

Browse Source
This commit is contained in:
stephb9959
2021-12-13 14:14:23 -08:00
parent 4b46e0c9c9
commit 4d474fe92c
2 changed files with 0 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/AuthService.cpp
View File

@@ -655,13 +655,9 @@ namespace OpenWifi {
bool AuthService::IsValidSubToken(const std::string &Token, SecurityObjects::WebToken &WebToken, SecurityObjects::UserInfo &UserInfo, bool & Expired) { bool AuthService::IsValidSubToken(const std::string &Token, SecurityObjects::WebToken &WebToken, SecurityObjects::UserInfo &UserInfo, bool & Expired) {
std::lock_guard G(Mutex_); std::lock_guard G(Mutex_);
std::cout << "Token: '" << Token << "'" << std::endl;
Expired = false; Expired = false;
_OWDEBUG_
auto Client = SubUserCache_.get(Token); auto Client = SubUserCache_.get(Token);
_OWDEBUG_
if(!Client.isNull()) { if(!Client.isNull()) {
_OWDEBUG_
Expired = (Client->webtoken.created_ + Client->webtoken.expires_in_) < std::time(nullptr); Expired = (Client->webtoken.created_ + Client->webtoken.expires_in_) < std::time(nullptr);
WebToken = Client->webtoken; WebToken = Client->webtoken;
UserInfo = Client->userinfo; UserInfo = Client->userinfo;
@@ -670,32 +666,22 @@ _OWDEBUG_
std::string TToken{Token}; std::string TToken{Token};
if(StorageService()->IsSubTokenRevoked(TToken)) { if(StorageService()->IsSubTokenRevoked(TToken)) {
_OWDEBUG_
return false; return false;
} }
// get the token from disk... // get the token from disk...
SecurityObjects::UserInfoAndPolicy UInfo; SecurityObjects::UserInfoAndPolicy UInfo;
uint64_t RevocationDate=0; uint64_t RevocationDate=0;
_OWDEBUG_
if(StorageService()->GetSubToken(TToken, UInfo, RevocationDate)) { if(StorageService()->GetSubToken(TToken, UInfo, RevocationDate)) {
_OWDEBUG_
if(RevocationDate!=0) if(RevocationDate!=0)
return false; return false;
_OWDEBUG_
std::cout << "UInfo:" << UInfo.userinfo.Id << std::endl;
Expired = (UInfo.webtoken.created_ + UInfo.webtoken.expires_in_) < std::time(nullptr); Expired = (UInfo.webtoken.created_ + UInfo.webtoken.expires_in_) < std::time(nullptr);
_OWDEBUG_
if(StorageService()->GetSubUserById(UInfo.userinfo.Id,UInfo.userinfo)) { if(StorageService()->GetSubUserById(UInfo.userinfo.Id,UInfo.userinfo)) {
_OWDEBUG_
WebToken = UInfo.webtoken; WebToken = UInfo.webtoken;
SubUserCache_.update(UInfo.webtoken.access_token_, UInfo); SubUserCache_.update(UInfo.webtoken.access_token_, UInfo);
_OWDEBUG_
return true; return true;
} }
_OWDEBUG_
} }
_OWDEBUG_
return false; return false;
} }

8
src/RESTAPI/RESTAPI_suboauth2_handler.cpp
View File

@@ -110,24 +110,16 @@ namespace OpenWifi {
return UnAuthorized(RESTAPI::Errors::InvalidCredentials); return UnAuthorized(RESTAPI::Errors::InvalidCredentials);
} }
_OWDEBUG_
if(GetBoolParameter(RESTAPI::Protocol::COMPLETEMFACHALLENGE,false)) { if(GetBoolParameter(RESTAPI::Protocol::COMPLETEMFACHALLENGE,false)) {
_OWDEBUG_
Logger_.information(Poco::format("COMPLETE-MFA-CHALLENGE(%s): Request for %s", Request->clientAddress().toString(), userId)); Logger_.information(Poco::format("COMPLETE-MFA-CHALLENGE(%s): Request for %s", Request->clientAddress().toString(), userId));
_OWDEBUG_
if(Obj->has("uuid") && Obj->has("answer")) { if(Obj->has("uuid") && Obj->has("answer")) {
_OWDEBUG_
std::cout << "UUID:" << Obj->get("uuid").toString() << " answer:" << Obj->get("answer").toString() << std::endl;
SecurityObjects::UserInfoAndPolicy UInfo; SecurityObjects::UserInfoAndPolicy UInfo;
_OWDEBUG_
if(MFAServer().CompleteMFAChallenge(Obj,UInfo)) { if(MFAServer().CompleteMFAChallenge(Obj,UInfo)) {
Poco::JSON::Object ReturnObj; Poco::JSON::Object ReturnObj;
UInfo.webtoken.to_json(ReturnObj); UInfo.webtoken.to_json(ReturnObj);
return ReturnObject(ReturnObj); return ReturnObject(ReturnObj);
} }
_OWDEBUG_
} }
_OWDEBUG_
return UnAuthorized(RESTAPI::Errors::InvalidCredentials); return UnAuthorized(RESTAPI::Errors::InvalidCredentials);
} }