scottk/wlan-cloud-ucentralsec
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/wlan-cloud-ucentralsec.git synced 2025-10-30 02:12:32 +00:00
Code Issues Packages Projects Releases 10 Wiki Activity

Fixes for subscriber service.

Browse Source
This commit is contained in:
stephb9959
2021-12-14 14:23:24 -08:00
parent be46b46340
commit 524f79e825
7 changed files with 65 additions and 60 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
build
View File

@@ -1 +1 @@
116 117

76
src/AuthService.cpp
View File

@@ -78,14 +78,15 @@ namespace OpenWifi {
if(!CallToken.empty()) { if(!CallToken.empty()) {
auto Client = UserCache_.get(CallToken); auto Client = UserCache_.get(CallToken);
if( Client.isNull() ) { if( Client.isNull() ) {
SecurityObjects::UserInfoAndPolicy UInfo2; SecurityObjects::WebToken WT;
uint64_t RevocationDate=0; uint64_t RevocationDate=0;
if(StorageService()->GetToken(CallToken,UInfo2,RevocationDate)) { std::string UserId;
if(StorageService()->GetToken(CallToken, WT, UserId, RevocationDate)) {
if(RevocationDate!=0) if(RevocationDate!=0)
return false; return false;
Expired = (UInfo2.webtoken.created_ + UInfo2.webtoken.expires_in_) < time(nullptr); Expired = (WT.created_ + WT.expires_in_) < time(nullptr);
if(StorageService()->GetUserById(UInfo2.userinfo.Id,UInfo.userinfo)) { if(StorageService()->GetUserById(UserId,UInfo.userinfo)) {
UInfo.webtoken = UInfo2.webtoken; UInfo.webtoken = WT;
UserCache_.update(CallToken, UInfo); UserCache_.update(CallToken, UInfo);
SessionToken = CallToken; SessionToken = CallToken;
return true; return true;
@@ -121,14 +122,15 @@ namespace OpenWifi {
if(!CallToken.empty()) { if(!CallToken.empty()) {
auto Client = SubUserCache_.get(CallToken); auto Client = SubUserCache_.get(CallToken);
if( Client.isNull() ) { if( Client.isNull() ) {
SecurityObjects::UserInfoAndPolicy UInfo2; SecurityObjects::WebToken WT;
uint64_t RevocationDate=0; uint64_t RevocationDate=0;
if(StorageService()->GetSubToken(CallToken,UInfo2,RevocationDate)) { std::string UserId;
if(StorageService()->GetSubToken(CallToken,WT, UserId, RevocationDate)) {
if(RevocationDate!=0) if(RevocationDate!=0)
return false; return false;
Expired = (UInfo2.webtoken.created_ + UInfo2.webtoken.expires_in_) < time(nullptr); Expired = (WT.created_ + WT.expires_in_) < time(nullptr);
if(StorageService()->GetSubUserById(UInfo2.userinfo.Id,UInfo.userinfo)) { if(StorageService()->GetSubUserById(UserId,UInfo.userinfo)) {
UInfo.webtoken = UInfo2.webtoken; UInfo.webtoken = WT;
SubUserCache_.update(CallToken, UInfo); SubUserCache_.update(CallToken, UInfo);
SessionToken = CallToken; SessionToken = CallToken;
return true; return true;
@@ -156,7 +158,7 @@ namespace OpenWifi {
} }
void AuthService::RevokeSubToken(std::string & Token) { void AuthService::RevokeSubToken(std::string & Token) {
UserCache_.remove(Token); SubUserCache_.remove(Token);
StorageService()->RevokeSubToken(Token); StorageService()->RevokeSubToken(Token);
} }
@@ -631,57 +633,53 @@ namespace OpenWifi {
return true; return true;
} }
std::string TToken{Token}; std::string TToken{Token}, UserId;
if(StorageService()->IsTokenRevoked(TToken)) {
return false;
}
// get the token from disk...
SecurityObjects::UserInfoAndPolicy UInfo; SecurityObjects::UserInfoAndPolicy UInfo;
SecurityObjects::WebToken WT;
uint64_t RevocationDate=0; uint64_t RevocationDate=0;
if(StorageService()->GetToken(TToken, UInfo, RevocationDate)) { if(StorageService()->GetToken(TToken, WT, UserId, RevocationDate)) {
if(RevocationDate!=0) if(RevocationDate!=0)
return false; return false;
Expired = (UInfo.webtoken.created_ + UInfo.webtoken.expires_in_) < std::time(nullptr); Expired = (WT.created_ + WT.expires_in_) < std::time(nullptr);
if(StorageService()->GetUserById(UInfo.userinfo.Id,UInfo.userinfo)) { if(StorageService()->GetUserById(UserId,UInfo.userinfo)) {
WebToken = UInfo.webtoken; WebToken = WT;
UserCache_.update(UInfo.webtoken.access_token_, UInfo); UserCache_.update(UInfo.webtoken.access_token_, UInfo);
return true; return true;
} }
return false;
} }
return IsValidSubToken(Token, WebToken, UserInfo, Expired); return IsValidSubToken(Token, WebToken, UserInfo, Expired);
} }
bool AuthService::IsValidSubToken(const std::string &Token, SecurityObjects::WebToken &WebToken, SecurityObjects::UserInfo &UserInfo, bool & Expired) { bool AuthService::IsValidSubToken(const std::string &Token, SecurityObjects::WebToken &WebToken, SecurityObjects::UserInfo &UserInfo, bool & Expired) {
std::lock_guard G(Mutex_); std::lock_guard G(Mutex_);
auto Now = std::time(nullptr);
Expired = false; Expired = false;
auto Client = SubUserCache_.get(Token); auto Client = SubUserCache_.get(Token);
if(!Client.isNull()) { if(!Client.isNull()) {
Expired = (Client->webtoken.created_ + Client->webtoken.expires_in_) < std::time(nullptr); Expired = (Client->webtoken.created_ + Client->webtoken.expires_in_) < Now ;
WebToken = Client->webtoken; WebToken = Client->webtoken;
UserInfo = Client->userinfo; UserInfo = Client->userinfo;
return true; return true;
} }
std::string TToken{Token}; std::string TToken{Token}, UserId;
if(StorageService()->IsSubTokenRevoked(TToken)) { SecurityObjects::UserInfoAndPolicy UInfo;
SecurityObjects::WebToken WT;
uint64_t RevocationDate=0;
if(StorageService()->GetSubToken(TToken, WT, UserId, RevocationDate)) {
if(RevocationDate!=0)
return false;
Expired = (WT.created_ + WT.expires_in_) < std::time(nullptr);
if(StorageService()->GetSubUserById(UserId,UInfo.userinfo)) {
WebToken = WT;
UserCache_.update(UInfo.webtoken.access_token_, UInfo);
return true;
}
return false; return false;
} }
// get the token from disk...
SecurityObjects::UserInfoAndPolicy UInfo;
uint64_t RevocationDate=0;
if(StorageService()->GetSubToken(TToken, UInfo, RevocationDate)) {
if(RevocationDate!=0)
return false;
Expired = (UInfo.webtoken.created_ + UInfo.webtoken.expires_in_) < std::time(nullptr);
if(StorageService()->GetSubUserById(UInfo.userinfo.Id,UInfo.userinfo)) {
WebToken = UInfo.webtoken;
SubUserCache_.update(UInfo.webtoken.access_token_, UInfo);
return true;
}
}
return false; return false;
} }

3
src/RESTObjects/RESTAPI_SecurityObjects.cpp
View File

@@ -54,6 +54,8 @@ namespace OpenWifi::SecurityObjects {
return ADMIN; return ADMIN;
else if (!Poco::icompare(U,"subscriber")) else if (!Poco::icompare(U,"subscriber"))
return SUBSCRIBER; return SUBSCRIBER;
else if (!Poco::icompare(U,"partner"))
return PARTNER;
else if (!Poco::icompare(U,"csr")) else if (!Poco::icompare(U,"csr"))
return CSR; return CSR;
else if (!Poco::icompare(U, "system")) else if (!Poco::icompare(U, "system"))
@@ -72,6 +74,7 @@ namespace OpenWifi::SecurityObjects {
case ROOT: return "root"; case ROOT: return "root";
case ADMIN: return "admin"; case ADMIN: return "admin";
case SUBSCRIBER: return "subscriber"; case SUBSCRIBER: return "subscriber";
case PARTNER: return "partner";
case CSR: return "csr"; case CSR: return "csr";
case SYSTEM: return "system"; case SYSTEM: return "system";
case INSTALLER: return "installer"; case INSTALLER: return "installer";

2
src/RESTObjects/RESTAPI_SecurityObjects.h
View File

@@ -43,7 +43,7 @@ namespace OpenWifi {
}; };
enum USER_ROLE { enum USER_ROLE {
UNKNOWN, ROOT, ADMIN, SUBSCRIBER, CSR, SYSTEM, INSTALLER, NOC, ACCOUNTING UNKNOWN, ROOT, ADMIN, SUBSCRIBER, CSR, SYSTEM, INSTALLER, NOC, ACCOUNTING, PARTNER
}; };
USER_ROLE UserTypeFromString(const std::string &U); USER_ROLE UserTypeFromString(const std::string &U);

4
src/StorageService.h
View File

@@ -131,14 +131,14 @@ namespace OpenWifi {
bool IsTokenRevoked( std::string & Token ); bool IsTokenRevoked( std::string & Token );
bool CleanExpiredTokens(); bool CleanExpiredTokens();
bool RevokeAllTokens( std::string & UserName ); bool RevokeAllTokens( std::string & UserName );
bool GetToken(std::string &Token, SecurityObjects::UserInfoAndPolicy &UInfo, uint64_t &RevocationDate); bool GetToken(std::string &Token, SecurityObjects::WebToken &WT, std::string & UserId, uint64_t &RevocationDate);
bool AddSubToken(std::string &UserId, std::string &Token, std::string &RefreshToken, std::string & TokenType, uint64_t Expires, uint64_t TimeOut); bool AddSubToken(std::string &UserId, std::string &Token, std::string &RefreshToken, std::string & TokenType, uint64_t Expires, uint64_t TimeOut);
bool RevokeSubToken( std::string & Token ); bool RevokeSubToken( std::string & Token );
bool IsSubTokenRevoked( std::string & Token ); bool IsSubTokenRevoked( std::string & Token );
bool CleanExpiredSubTokens(); bool CleanExpiredSubTokens();
bool RevokeAllSubTokens( std::string & UserName ); bool RevokeAllSubTokens( std::string & UserName );
bool GetSubToken(std::string &Token, SecurityObjects::UserInfoAndPolicy &UInfo, uint64_t &RevocationDate); bool GetSubToken(std::string &Token, SecurityObjects::WebToken &WT, std::string & UserId, uint64_t &RevocationDate);
/* /*
* All ActionLinks functions * All ActionLinks functions

18
src/storage/storage_subtokens.cpp
View File

@@ -45,7 +45,7 @@ namespace OpenWifi {
return false; return false;
} }
bool Storage::GetSubToken(std::string &Token, SecurityObjects::UserInfoAndPolicy &UInfo, uint64_t &RevocationDate) { bool Storage::GetSubToken(std::string &Token, SecurityObjects::WebToken &WT, std::string & UserId, uint64_t &RevocationDate) {
try { try {
Poco::Data::Session Sess = Pool_->get(); Poco::Data::Session Sess = Pool_->get();
@@ -53,13 +53,13 @@ namespace OpenWifi {
RevocationDate = 0 ; RevocationDate = 0 ;
std::string St2{"SELECT " + AllSubTokensFieldsForSelect + " From SubTokens WHERE Token=?"}; std::string St2{"SELECT " + AllSubTokensFieldsForSelect + " From SubTokens WHERE Token=?"};
Select << ConvertParams(St2), Select << ConvertParams(St2),
Poco::Data::Keywords::into(UInfo.webtoken.access_token_), Poco::Data::Keywords::into(WT.access_token_),
Poco::Data::Keywords::into(UInfo.webtoken.refresh_token_), Poco::Data::Keywords::into(WT.refresh_token_),
Poco::Data::Keywords::into(UInfo.webtoken.token_type_), Poco::Data::Keywords::into(WT.token_type_),
Poco::Data::Keywords::into(UInfo.userinfo.Id), Poco::Data::Keywords::into(UserId),
Poco::Data::Keywords::into(UInfo.webtoken.created_), Poco::Data::Keywords::into(WT.created_),
Poco::Data::Keywords::into(UInfo.webtoken.expires_in_), Poco::Data::Keywords::into(WT.expires_in_),
Poco::Data::Keywords::into(UInfo.webtoken.idle_timeout_), Poco::Data::Keywords::into(WT.idle_timeout_),
Poco::Data::Keywords::into(RevocationDate), Poco::Data::Keywords::into(RevocationDate),
Poco::Data::Keywords::use(Token); Poco::Data::Keywords::use(Token);
Select.execute(); Select.execute();
@@ -139,7 +139,7 @@ namespace OpenWifi {
Poco::Data::Session Sess = Pool_->get(); Poco::Data::Session Sess = Pool_->get();
Poco::Data::Statement Delete(Sess); Poco::Data::Statement Delete(Sess);
std::string St2{"DELETE SubFrom Tokens WHERE Username=?"}; std::string St2{"DELETE From SubTokens WHERE Username=?"};
Delete << ConvertParams(St2), Delete << ConvertParams(St2),
Poco::Data::Keywords::use(UserId); Poco::Data::Keywords::use(UserId);
Delete.execute(); Delete.execute();

20
src/storage/storage_tokens.cpp
View File

@@ -42,7 +42,7 @@ namespace OpenWifi {
return false; return false;
} }
bool Storage::GetToken(std::string &Token, SecurityObjects::UserInfoAndPolicy &UInfo, uint64_t &RevocationDate) { bool Storage::GetToken(std::string &Token, SecurityObjects::WebToken &WT, std::string & UserId, uint64_t &RevocationDate) {
try { try {
Poco::Data::Session Sess = Pool_->get(); Poco::Data::Session Sess = Pool_->get();
@@ -50,17 +50,21 @@ namespace OpenWifi {
RevocationDate = 0 ; RevocationDate = 0 ;
std::string St2{"SELECT " + AllTokensFieldsForSelect + " From Tokens WHERE Token=?"}; std::string St2{"SELECT " + AllTokensFieldsForSelect + " From Tokens WHERE Token=?"};
Select << ConvertParams(St2), Select << ConvertParams(St2),
Poco::Data::Keywords::into(UInfo.webtoken.access_token_), Poco::Data::Keywords::into(WT.access_token_),
Poco::Data::Keywords::into(UInfo.webtoken.refresh_token_), Poco::Data::Keywords::into(WT.refresh_token_),
Poco::Data::Keywords::into(UInfo.webtoken.token_type_), Poco::Data::Keywords::into(WT.token_type_),
Poco::Data::Keywords::into(UInfo.userinfo.Id), Poco::Data::Keywords::into(UserId),
Poco::Data::Keywords::into(UInfo.webtoken.created_), Poco::Data::Keywords::into(WT.created_),
Poco::Data::Keywords::into(UInfo.webtoken.expires_in_), Poco::Data::Keywords::into(WT.expires_in_),
Poco::Data::Keywords::into(UInfo.webtoken.idle_timeout_), Poco::Data::Keywords::into(WT.idle_timeout_),
Poco::Data::Keywords::into(RevocationDate), Poco::Data::Keywords::into(RevocationDate),
Poco::Data::Keywords::use(Token); Poco::Data::Keywords::use(Token);
Select.execute(); Select.execute();
if(Select.rowsExtracted()!=1)
return false;
return true; return true;
} catch (const Poco::Exception &E) { } catch (const Poco::Exception &E) {
Logger().log(E); Logger().log(E);
} }