diff --git a/build b/build index 62f9457..301160a 100644 --- a/build +++ b/build @@ -1 +1 @@ -6 \ No newline at end of file +8 \ No newline at end of file diff --git a/src/AuthService.cpp b/src/AuthService.cpp index 99dac55..6d4008c 100644 --- a/src/AuthService.cpp +++ b/src/AuthService.cpp @@ -103,7 +103,7 @@ namespace OpenWifi { for(auto i=UserCache_.begin();i!=UserCache_.end();) { if (i->second.userinfo.email==UserName) { - Logout(i->first); + Logout(i->first, false); i = UserCache_.erase(i); } else { ++i; @@ -120,10 +120,11 @@ namespace OpenWifi { return std::regex_match(Password, PasswordValidation_); } - void AuthService::Logout(const std::string &token) { + void AuthService::Logout(const std::string &token, bool EraseFromCache) { std::lock_guard Guard(Mutex_); - UserCache_.erase(token); + if(EraseFromCache) + UserCache_.erase(token); try { Poco::JSON::Object Obj; diff --git a/src/AuthService.h b/src/AuthService.h index a35fdd3..2b653de 100644 --- a/src/AuthService.h +++ b/src/AuthService.h @@ -69,7 +69,7 @@ namespace OpenWifi{ [[nodiscard]] bool ValidateToken(const std::string & Token, std::string & SessionToken, SecurityObjects::UserInfoAndPolicy & UserInfo ); [[nodiscard]] bool SetPassword(const std::string &Password, SecurityObjects::UserInfo & UInfo); [[nodiscard]] const std:: string & PasswordValidationExpression() const { return PasswordValidationStr_;}; - void Logout(const std::string &token); + void Logout(const std::string &token, bool EraseFromCache=true); bool ValidatePassword(const std::string &pwd); diff --git a/src/framework/MicroService.h b/src/framework/MicroService.h index 0a64511..11350b6 100644 --- a/src/framework/MicroService.h +++ b/src/framework/MicroService.h @@ -1262,7 +1262,7 @@ namespace OpenWifi { RESTAPIHandler(BindingMap map, Poco::Logger &l, std::vector Methods, RESTAPI_GenericServer & Server, bool Internal=false, bool AlwaysAuthorize=true) : Bindings_(std::move(map)), Logger_(l), Methods_(std::move(Methods)), Server_(Server), Internal_(Internal), AlwaysAuthorize_(AlwaysAuthorize) {} - inline bool RoleIsAuthorized(std::string & Reason) { + inline bool RoleIsAuthorized(const std::string & Path, const std::string & Method, std::string & Reason) { return true; } @@ -1280,7 +1280,7 @@ namespace OpenWifi { } std::string Reason; - if(!RoleIsAuthorized(Reason)) { + if(!RoleIsAuthorized(RequestIn.getURI(), Request->getMethod(), Reason)) { UnAuthorized(Reason); return; } @@ -3095,15 +3095,6 @@ namespace OpenWifi { Internal) {} static const std::list PathName() { return std::list{"/api/v1/system"};} - bool RoleIsAuthorized(std::string & Reason) { - if( UserInfo_.userinfo.userRole != SecurityObjects::USER_ROLE::ROOT && - UserInfo_.userinfo.userRole != SecurityObjects::USER_ROLE::ADMIN ) { - Reason = "User must be ADMIN/ROOT to perform this operation."; - return false; - } - return true; - } - inline void DoGet() { std::string Arg; if(HasParameter("command",Arg) && Arg=="info") {