scottk/wlan-cloud-ucentralsec
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/wlan-cloud-ucentralsec.git synced 2025-10-31 18:57:51 +00:00
Code Issues Packages Projects Releases 10 Wiki Activity

Bug: deleting a usr could revoke good tokens.

Browse Source
This commit is contained in:
stephb9959
2021-10-27 12:16:15 -07:00
parent 8ff25257ca
commit 56308dfa5e
4 changed files with 8 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
build
View File

@@ -1 +1 @@
6 8

5
src/AuthService.cpp
View File

@@ -103,7 +103,7 @@ namespace OpenWifi {
for(auto i=UserCache_.begin();i!=UserCache_.end();) { for(auto i=UserCache_.begin();i!=UserCache_.end();) {
if (i->second.userinfo.email==UserName) { if (i->second.userinfo.email==UserName) {
Logout(i->first); Logout(i->first, false);
i = UserCache_.erase(i); i = UserCache_.erase(i);
} else { } else {
++i; ++i;
@@ -120,9 +120,10 @@ namespace OpenWifi {
return std::regex_match(Password, PasswordValidation_); return std::regex_match(Password, PasswordValidation_);
} }
void AuthService::Logout(const std::string &token) { void AuthService::Logout(const std::string &token, bool EraseFromCache) {
std::lock_guard Guard(Mutex_); std::lock_guard Guard(Mutex_);
if(EraseFromCache)
UserCache_.erase(token); UserCache_.erase(token);
try { try {

2
src/AuthService.h
View File

@@ -69,7 +69,7 @@ namespace OpenWifi{
[[nodiscard]] bool ValidateToken(const std::string & Token, std::string & SessionToken, SecurityObjects::UserInfoAndPolicy & UserInfo ); [[nodiscard]] bool ValidateToken(const std::string & Token, std::string & SessionToken, SecurityObjects::UserInfoAndPolicy & UserInfo );
[[nodiscard]] bool SetPassword(const std::string &Password, SecurityObjects::UserInfo & UInfo); [[nodiscard]] bool SetPassword(const std::string &Password, SecurityObjects::UserInfo & UInfo);
[[nodiscard]] const std:: string & PasswordValidationExpression() const { return PasswordValidationStr_;}; [[nodiscard]] const std:: string & PasswordValidationExpression() const { return PasswordValidationStr_;};
void Logout(const std::string &token); void Logout(const std::string &token, bool EraseFromCache=true);
bool ValidatePassword(const std::string &pwd); bool ValidatePassword(const std::string &pwd);

13
src/framework/MicroService.h
View File

@@ -1262,7 +1262,7 @@ namespace OpenWifi {
RESTAPIHandler(BindingMap map, Poco::Logger &l, std::vector<std::string> Methods, RESTAPI_GenericServer & Server, bool Internal=false, bool AlwaysAuthorize=true) RESTAPIHandler(BindingMap map, Poco::Logger &l, std::vector<std::string> Methods, RESTAPI_GenericServer & Server, bool Internal=false, bool AlwaysAuthorize=true)
: Bindings_(std::move(map)), Logger_(l), Methods_(std::move(Methods)), Server_(Server), Internal_(Internal), AlwaysAuthorize_(AlwaysAuthorize) {} : Bindings_(std::move(map)), Logger_(l), Methods_(std::move(Methods)), Server_(Server), Internal_(Internal), AlwaysAuthorize_(AlwaysAuthorize) {}
inline bool RoleIsAuthorized(std::string & Reason) { inline bool RoleIsAuthorized(const std::string & Path, const std::string & Method, std::string & Reason) {
return true; return true;
} }
@@ -1280,7 +1280,7 @@ namespace OpenWifi {
} }
std::string Reason; std::string Reason;
if(!RoleIsAuthorized(Reason)) { if(!RoleIsAuthorized(RequestIn.getURI(), Request->getMethod(), Reason)) {
UnAuthorized(Reason); UnAuthorized(Reason);
return; return;
} }
@@ -3095,15 +3095,6 @@ namespace OpenWifi {
Internal) {} Internal) {}
static const std::list<const char *> PathName() { return std::list<const char *>{"/api/v1/system"};} static const std::list<const char *> PathName() { return std::list<const char *>{"/api/v1/system"};}
bool RoleIsAuthorized(std::string & Reason) {
if( UserInfo_.userinfo.userRole != SecurityObjects::USER_ROLE::ROOT &&
UserInfo_.userinfo.userRole != SecurityObjects::USER_ROLE::ADMIN ) {
Reason = "User must be ADMIN/ROOT to perform this operation.";
return false;
}
return true;
}
inline void DoGet() { inline void DoGet() {
std::string Arg; std::string Arg;
if(HasParameter("command",Arg) && Arg=="info") { if(HasParameter("command",Arg) && Arg=="info") {