From 524f79e825849f5c82bc19b35d2228bbe31aab20 Mon Sep 17 00:00:00 2001 From: stephb9959 Date: Tue, 14 Dec 2021 14:23:24 -0800 Subject: [PATCH] Fixes for subscriber service. --- build | 2 +- src/AuthService.cpp | 76 ++++++++++----------- src/RESTObjects/RESTAPI_SecurityObjects.cpp | 3 + src/RESTObjects/RESTAPI_SecurityObjects.h | 2 +- src/StorageService.h | 4 +- src/storage/storage_subtokens.cpp | 18 ++--- src/storage/storage_tokens.cpp | 20 +++--- 7 files changed, 65 insertions(+), 60 deletions(-) diff --git a/build b/build index d2c5ed2..1bda760 100644 --- a/build +++ b/build @@ -1 +1 @@ -116 \ No newline at end of file +117 \ No newline at end of file diff --git a/src/AuthService.cpp b/src/AuthService.cpp index 92ba483..f612b52 100644 --- a/src/AuthService.cpp +++ b/src/AuthService.cpp @@ -78,14 +78,15 @@ namespace OpenWifi { if(!CallToken.empty()) { auto Client = UserCache_.get(CallToken); if( Client.isNull() ) { - SecurityObjects::UserInfoAndPolicy UInfo2; - uint64_t RevocationDate=0; - if(StorageService()->GetToken(CallToken,UInfo2,RevocationDate)) { + SecurityObjects::WebToken WT; + uint64_t RevocationDate=0; + std::string UserId; + if(StorageService()->GetToken(CallToken, WT, UserId, RevocationDate)) { if(RevocationDate!=0) return false; - Expired = (UInfo2.webtoken.created_ + UInfo2.webtoken.expires_in_) < time(nullptr); - if(StorageService()->GetUserById(UInfo2.userinfo.Id,UInfo.userinfo)) { - UInfo.webtoken = UInfo2.webtoken; + Expired = (WT.created_ + WT.expires_in_) < time(nullptr); + if(StorageService()->GetUserById(UserId,UInfo.userinfo)) { + UInfo.webtoken = WT; UserCache_.update(CallToken, UInfo); SessionToken = CallToken; return true; @@ -121,14 +122,15 @@ namespace OpenWifi { if(!CallToken.empty()) { auto Client = SubUserCache_.get(CallToken); if( Client.isNull() ) { - SecurityObjects::UserInfoAndPolicy UInfo2; - uint64_t RevocationDate=0; - if(StorageService()->GetSubToken(CallToken,UInfo2,RevocationDate)) { + SecurityObjects::WebToken WT; + uint64_t RevocationDate=0; + std::string UserId; + if(StorageService()->GetSubToken(CallToken,WT, UserId, RevocationDate)) { if(RevocationDate!=0) return false; - Expired = (UInfo2.webtoken.created_ + UInfo2.webtoken.expires_in_) < time(nullptr); - if(StorageService()->GetSubUserById(UInfo2.userinfo.Id,UInfo.userinfo)) { - UInfo.webtoken = UInfo2.webtoken; + Expired = (WT.created_ + WT.expires_in_) < time(nullptr); + if(StorageService()->GetSubUserById(UserId,UInfo.userinfo)) { + UInfo.webtoken = WT; SubUserCache_.update(CallToken, UInfo); SessionToken = CallToken; return true; @@ -156,7 +158,7 @@ namespace OpenWifi { } void AuthService::RevokeSubToken(std::string & Token) { - UserCache_.remove(Token); + SubUserCache_.remove(Token); StorageService()->RevokeSubToken(Token); } @@ -631,57 +633,53 @@ namespace OpenWifi { return true; } - std::string TToken{Token}; - if(StorageService()->IsTokenRevoked(TToken)) { - return false; - } - - // get the token from disk... + std::string TToken{Token}, UserId; SecurityObjects::UserInfoAndPolicy UInfo; + SecurityObjects::WebToken WT; uint64_t RevocationDate=0; - if(StorageService()->GetToken(TToken, UInfo, RevocationDate)) { + if(StorageService()->GetToken(TToken, WT, UserId, RevocationDate)) { if(RevocationDate!=0) return false; - Expired = (UInfo.webtoken.created_ + UInfo.webtoken.expires_in_) < std::time(nullptr); - if(StorageService()->GetUserById(UInfo.userinfo.Id,UInfo.userinfo)) { - WebToken = UInfo.webtoken; + Expired = (WT.created_ + WT.expires_in_) < std::time(nullptr); + if(StorageService()->GetUserById(UserId,UInfo.userinfo)) { + WebToken = WT; UserCache_.update(UInfo.webtoken.access_token_, UInfo); return true; } + return false; } return IsValidSubToken(Token, WebToken, UserInfo, Expired); } bool AuthService::IsValidSubToken(const std::string &Token, SecurityObjects::WebToken &WebToken, SecurityObjects::UserInfo &UserInfo, bool & Expired) { std::lock_guard G(Mutex_); + auto Now = std::time(nullptr); Expired = false; auto Client = SubUserCache_.get(Token); if(!Client.isNull()) { - Expired = (Client->webtoken.created_ + Client->webtoken.expires_in_) < std::time(nullptr); + Expired = (Client->webtoken.created_ + Client->webtoken.expires_in_) < Now ; WebToken = Client->webtoken; UserInfo = Client->userinfo; return true; } - std::string TToken{Token}; - if(StorageService()->IsSubTokenRevoked(TToken)) { + std::string TToken{Token}, UserId; + SecurityObjects::UserInfoAndPolicy UInfo; + SecurityObjects::WebToken WT; + uint64_t RevocationDate=0; + if(StorageService()->GetSubToken(TToken, WT, UserId, RevocationDate)) { + if(RevocationDate!=0) + return false; + Expired = (WT.created_ + WT.expires_in_) < std::time(nullptr); + if(StorageService()->GetSubUserById(UserId,UInfo.userinfo)) { + WebToken = WT; + UserCache_.update(UInfo.webtoken.access_token_, UInfo); + return true; + } return false; } - // get the token from disk... - SecurityObjects::UserInfoAndPolicy UInfo; - uint64_t RevocationDate=0; - if(StorageService()->GetSubToken(TToken, UInfo, RevocationDate)) { - if(RevocationDate!=0) - return false; - Expired = (UInfo.webtoken.created_ + UInfo.webtoken.expires_in_) < std::time(nullptr); - if(StorageService()->GetSubUserById(UInfo.userinfo.Id,UInfo.userinfo)) { - WebToken = UInfo.webtoken; - SubUserCache_.update(UInfo.webtoken.access_token_, UInfo); - return true; - } - } return false; } diff --git a/src/RESTObjects/RESTAPI_SecurityObjects.cpp b/src/RESTObjects/RESTAPI_SecurityObjects.cpp index 614fd2e..58403b2 100644 --- a/src/RESTObjects/RESTAPI_SecurityObjects.cpp +++ b/src/RESTObjects/RESTAPI_SecurityObjects.cpp @@ -54,6 +54,8 @@ namespace OpenWifi::SecurityObjects { return ADMIN; else if (!Poco::icompare(U,"subscriber")) return SUBSCRIBER; + else if (!Poco::icompare(U,"partner")) + return PARTNER; else if (!Poco::icompare(U,"csr")) return CSR; else if (!Poco::icompare(U, "system")) @@ -72,6 +74,7 @@ namespace OpenWifi::SecurityObjects { case ROOT: return "root"; case ADMIN: return "admin"; case SUBSCRIBER: return "subscriber"; + case PARTNER: return "partner"; case CSR: return "csr"; case SYSTEM: return "system"; case INSTALLER: return "installer"; diff --git a/src/RESTObjects/RESTAPI_SecurityObjects.h b/src/RESTObjects/RESTAPI_SecurityObjects.h index 48d0628..fd01baa 100644 --- a/src/RESTObjects/RESTAPI_SecurityObjects.h +++ b/src/RESTObjects/RESTAPI_SecurityObjects.h @@ -43,7 +43,7 @@ namespace OpenWifi { }; enum USER_ROLE { - UNKNOWN, ROOT, ADMIN, SUBSCRIBER, CSR, SYSTEM, INSTALLER, NOC, ACCOUNTING + UNKNOWN, ROOT, ADMIN, SUBSCRIBER, CSR, SYSTEM, INSTALLER, NOC, ACCOUNTING, PARTNER }; USER_ROLE UserTypeFromString(const std::string &U); diff --git a/src/StorageService.h b/src/StorageService.h index ec80c02..773a0a2 100644 --- a/src/StorageService.h +++ b/src/StorageService.h @@ -131,14 +131,14 @@ namespace OpenWifi { bool IsTokenRevoked( std::string & Token ); bool CleanExpiredTokens(); bool RevokeAllTokens( std::string & UserName ); - bool GetToken(std::string &Token, SecurityObjects::UserInfoAndPolicy &UInfo, uint64_t &RevocationDate); + bool GetToken(std::string &Token, SecurityObjects::WebToken &WT, std::string & UserId, uint64_t &RevocationDate); bool AddSubToken(std::string &UserId, std::string &Token, std::string &RefreshToken, std::string & TokenType, uint64_t Expires, uint64_t TimeOut); bool RevokeSubToken( std::string & Token ); bool IsSubTokenRevoked( std::string & Token ); bool CleanExpiredSubTokens(); bool RevokeAllSubTokens( std::string & UserName ); - bool GetSubToken(std::string &Token, SecurityObjects::UserInfoAndPolicy &UInfo, uint64_t &RevocationDate); + bool GetSubToken(std::string &Token, SecurityObjects::WebToken &WT, std::string & UserId, uint64_t &RevocationDate); /* * All ActionLinks functions diff --git a/src/storage/storage_subtokens.cpp b/src/storage/storage_subtokens.cpp index 1e77bac..91275e9 100644 --- a/src/storage/storage_subtokens.cpp +++ b/src/storage/storage_subtokens.cpp @@ -45,7 +45,7 @@ namespace OpenWifi { return false; } - bool Storage::GetSubToken(std::string &Token, SecurityObjects::UserInfoAndPolicy &UInfo, uint64_t &RevocationDate) { + bool Storage::GetSubToken(std::string &Token, SecurityObjects::WebToken &WT, std::string & UserId, uint64_t &RevocationDate) { try { Poco::Data::Session Sess = Pool_->get(); @@ -53,13 +53,13 @@ namespace OpenWifi { RevocationDate = 0 ; std::string St2{"SELECT " + AllSubTokensFieldsForSelect + " From SubTokens WHERE Token=?"}; Select << ConvertParams(St2), - Poco::Data::Keywords::into(UInfo.webtoken.access_token_), - Poco::Data::Keywords::into(UInfo.webtoken.refresh_token_), - Poco::Data::Keywords::into(UInfo.webtoken.token_type_), - Poco::Data::Keywords::into(UInfo.userinfo.Id), - Poco::Data::Keywords::into(UInfo.webtoken.created_), - Poco::Data::Keywords::into(UInfo.webtoken.expires_in_), - Poco::Data::Keywords::into(UInfo.webtoken.idle_timeout_), + Poco::Data::Keywords::into(WT.access_token_), + Poco::Data::Keywords::into(WT.refresh_token_), + Poco::Data::Keywords::into(WT.token_type_), + Poco::Data::Keywords::into(UserId), + Poco::Data::Keywords::into(WT.created_), + Poco::Data::Keywords::into(WT.expires_in_), + Poco::Data::Keywords::into(WT.idle_timeout_), Poco::Data::Keywords::into(RevocationDate), Poco::Data::Keywords::use(Token); Select.execute(); @@ -139,7 +139,7 @@ namespace OpenWifi { Poco::Data::Session Sess = Pool_->get(); Poco::Data::Statement Delete(Sess); - std::string St2{"DELETE SubFrom Tokens WHERE Username=?"}; + std::string St2{"DELETE From SubTokens WHERE Username=?"}; Delete << ConvertParams(St2), Poco::Data::Keywords::use(UserId); Delete.execute(); diff --git a/src/storage/storage_tokens.cpp b/src/storage/storage_tokens.cpp index 0d3f6b3..04a5d13 100644 --- a/src/storage/storage_tokens.cpp +++ b/src/storage/storage_tokens.cpp @@ -42,7 +42,7 @@ namespace OpenWifi { return false; } - bool Storage::GetToken(std::string &Token, SecurityObjects::UserInfoAndPolicy &UInfo, uint64_t &RevocationDate) { + bool Storage::GetToken(std::string &Token, SecurityObjects::WebToken &WT, std::string & UserId, uint64_t &RevocationDate) { try { Poco::Data::Session Sess = Pool_->get(); @@ -50,17 +50,21 @@ namespace OpenWifi { RevocationDate = 0 ; std::string St2{"SELECT " + AllTokensFieldsForSelect + " From Tokens WHERE Token=?"}; Select << ConvertParams(St2), - Poco::Data::Keywords::into(UInfo.webtoken.access_token_), - Poco::Data::Keywords::into(UInfo.webtoken.refresh_token_), - Poco::Data::Keywords::into(UInfo.webtoken.token_type_), - Poco::Data::Keywords::into(UInfo.userinfo.Id), - Poco::Data::Keywords::into(UInfo.webtoken.created_), - Poco::Data::Keywords::into(UInfo.webtoken.expires_in_), - Poco::Data::Keywords::into(UInfo.webtoken.idle_timeout_), + Poco::Data::Keywords::into(WT.access_token_), + Poco::Data::Keywords::into(WT.refresh_token_), + Poco::Data::Keywords::into(WT.token_type_), + Poco::Data::Keywords::into(UserId), + Poco::Data::Keywords::into(WT.created_), + Poco::Data::Keywords::into(WT.expires_in_), + Poco::Data::Keywords::into(WT.idle_timeout_), Poco::Data::Keywords::into(RevocationDate), Poco::Data::Keywords::use(Token); Select.execute(); + + if(Select.rowsExtracted()!=1) + return false; return true; + } catch (const Poco::Exception &E) { Logger().log(E); }