scottk/wlan-cloud-ucentralsec
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/wlan-cloud-ucentralsec.git synced 2025-11-02 03:37:51 +00:00
Code Issues Packages Projects Releases 10 Wiki Activity

Adding error codes on login.

Browse Source
This commit is contained in:
stephb9959
2021-11-11 17:52:20 -08:00
parent e97b8e64be
commit 5f900883e8
6 changed files with 37 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
build
View File

@@ -1 +1 @@
38 41

10
openpapi/ucentralsec/owsec.yaml
View File

@@ -51,6 +51,16 @@ components:
properties: properties:
ErrorCode: ErrorCode:
type: integer type: integer
enum:
- 0 # Success
- 1 # PASSWORD_CHANGE_REQUIRED,
- 2 # INVALID_CREDENTIALS,
- 3 # PASSWORD_ALREADY_USED,
- 4 # USERNAME_PENDING_VERIFICATION,
- 5 # PASSWORD_INVALID,
- 6 # INTERNAL_ERROR,
- 7 # ACCESS_DENIED,
- 8 # INVALID_TOKEN
ErrorDetails: ErrorDetails:
type: string type: string
ErrorDescription: ErrorDescription:

2
src/AuthService.cpp
View File

@@ -253,7 +253,7 @@ namespace OpenWifi {
return false; return false;
} }
AuthService::AUTH_ERROR AuthService::Authorize( std::string & UserName, const std::string & Password, const std::string & NewPassword, SecurityObjects::UserInfoAndPolicy & UInfo ) UNAUTHORIZED_REASON AuthService::Authorize( std::string & UserName, const std::string & Password, const std::string & NewPassword, SecurityObjects::UserInfoAndPolicy & UInfo )
{ {
std::lock_guard Guard(Mutex_); std::lock_guard Guard(Mutex_);

12
src/AuthService.h
View File

@@ -35,16 +35,6 @@ namespace OpenWifi{
CUSTOM CUSTOM
}; };
enum AUTH_ERROR {
SUCCESS,
PASSWORD_CHANGE_REQUIRED,
INVALID_CREDENTIALS,
PASSWORD_ALREADY_USED,
USERNAME_PENDING_VERIFICATION,
PASSWORD_INVALID,
INTERNAL_ERROR
};
enum EMAIL_REASON { enum EMAIL_REASON {
FORGOT_PASSWORD, FORGOT_PASSWORD,
EMAIL_VERIFICATION EMAIL_VERIFICATION
@@ -62,7 +52,7 @@ namespace OpenWifi{
void Stop() override; void Stop() override;
[[nodiscard]] bool IsAuthorized(Poco::Net::HTTPServerRequest & Request,std::string &SessionToken, SecurityObjects::UserInfoAndPolicy & UInfo ); [[nodiscard]] bool IsAuthorized(Poco::Net::HTTPServerRequest & Request,std::string &SessionToken, SecurityObjects::UserInfoAndPolicy & UInfo );
[[nodiscard]] AUTH_ERROR Authorize( std::string & UserName, const std::string & Password, const std::string & NewPassword, SecurityObjects::UserInfoAndPolicy & UInfo ); [[nodiscard]] UNAUTHORIZED_REASON Authorize( std::string & UserName, const std::string & Password, const std::string & NewPassword, SecurityObjects::UserInfoAndPolicy & UInfo );
void CreateToken(const std::string & UserName, SecurityObjects::UserInfoAndPolicy &UInfo); void CreateToken(const std::string & UserName, SecurityObjects::UserInfoAndPolicy &UInfo);
[[nodiscard]] bool SetPassword(const std::string &Password, SecurityObjects::UserInfo & UInfo); [[nodiscard]] bool SetPassword(const std::string &Password, SecurityObjects::UserInfo & UInfo);
[[nodiscard]] const std:: string & PasswordValidationExpression() const { return PasswordValidationStr_;}; [[nodiscard]] const std:: string & PasswordValidationExpression() const { return PasswordValidationStr_;};

13
src/RESTAPI/RESTAPI_oauth2Handler.cpp
View File

@@ -116,7 +116,7 @@ namespace OpenWifi {
SecurityObjects::UserInfoAndPolicy UInfo; SecurityObjects::UserInfoAndPolicy UInfo;
auto Code=AuthService()->Authorize(userId, password, newPassword, UInfo); auto Code=AuthService()->Authorize(userId, password, newPassword, UInfo);
if (Code==AuthService::SUCCESS) { if (Code==SUCCESS) {
Poco::JSON::Object ReturnObj; Poco::JSON::Object ReturnObj;
if(AuthService()->RequiresMFA(UInfo)) { if(AuthService()->RequiresMFA(UInfo)) {
if(MFAServer().StartMFAChallenge(UInfo, ReturnObj)) { if(MFAServer().StartMFAChallenge(UInfo, ReturnObj)) {
@@ -127,12 +127,13 @@ namespace OpenWifi {
UInfo.webtoken.to_json(ReturnObj); UInfo.webtoken.to_json(ReturnObj);
return ReturnObject(ReturnObj); return ReturnObject(ReturnObj);
} else { } else {
switch(Code) { switch(Code) {
case AuthService::INVALID_CREDENTIALS: return UnAuthorized("Unrecognized credentials (username/password)."); break; case INVALID_CREDENTIALS: return UnAuthorized("Unrecognized credentials (username/password).", Code); break;
case AuthService::PASSWORD_INVALID: return UnAuthorized("Invalid password."); break; case PASSWORD_INVALID: return UnAuthorized("Invalid password.", Code); break;
case AuthService::PASSWORD_ALREADY_USED: return UnAuthorized("Password already used previously."); break; case PASSWORD_ALREADY_USED: return UnAuthorized("Password already used previously.", Code); break;
case AuthService::USERNAME_PENDING_VERIFICATION: return UnAuthorized("User access pending email verification."); break; case USERNAME_PENDING_VERIFICATION: return UnAuthorized("User access pending email verification.", Code); break;
case AuthService::PASSWORD_CHANGE_REQUIRED: return UnAuthorized("Password change expected."); break; case PASSWORD_CHANGE_REQUIRED: return UnAuthorized("Password change expected.", Code); break;
default: return UnAuthorized("Unrecognized credentials (username/password)."); break; default: return UnAuthorized("Unrecognized credentials (username/password)."); break;
} }
return; return;

21
src/framework/MicroService.h
View File

@@ -70,6 +70,19 @@ using namespace std::chrono_literals;
#include "nlohmann/json.hpp" #include "nlohmann/json.hpp"
namespace OpenWifi { namespace OpenWifi {
enum UNAUTHORIZED_REASON {
SUCCESS=0,
PASSWORD_CHANGE_REQUIRED,
INVALID_CREDENTIALS,
PASSWORD_ALREADY_USED,
USERNAME_PENDING_VERIFICATION,
PASSWORD_INVALID,
INTERNAL_ERROR,
ACCESS_DENIED,
INVALID_TOKEN
};
class AppServiceRegistry { class AppServiceRegistry {
public: public:
inline AppServiceRegistry(); inline AppServiceRegistry();
@@ -1522,7 +1535,7 @@ namespace OpenWifi {
std::string Reason; std::string Reason;
if(!RoleIsAuthorized(RequestIn.getURI(), Request->getMethod(), Reason)) { if(!RoleIsAuthorized(RequestIn.getURI(), Request->getMethod(), Reason)) {
UnAuthorized(Reason); UnAuthorized(Reason, ACCESS_DENIED);
return; return;
} }
@@ -1743,10 +1756,10 @@ namespace OpenWifi {
Poco::JSON::Stringifier::stringify(ErrorObject, Answer); Poco::JSON::Stringifier::stringify(ErrorObject, Answer);
} }
inline void UnAuthorized(const std::string & Reason = "") { inline void UnAuthorized(const std::string & Reason = "", int Code = INVALID_CREDENTIALS ) {
PrepareResponse(Poco::Net::HTTPResponse::HTTP_FORBIDDEN); PrepareResponse(Poco::Net::HTTPResponse::HTTP_FORBIDDEN);
Poco::JSON::Object ErrorObject; Poco::JSON::Object ErrorObject;
ErrorObject.set("ErrorCode",403); ErrorObject.set("ErrorCode",Code);
ErrorObject.set("ErrorDetails",Request->getMethod()); ErrorObject.set("ErrorDetails",Request->getMethod());
ErrorObject.set("ErrorDescription",Reason.empty() ? "No access allowed." : Reason) ; ErrorObject.set("ErrorDescription",Reason.empty() ? "No access allowed." : Reason) ;
std::ostream &Answer = Response->send(); std::ostream &Answer = Response->send();
@@ -3658,7 +3671,7 @@ namespace OpenWifi {
Utils::FormatIPv6(Request->clientAddress().toString()), Utils::FormatIPv6(Request->clientAddress().toString()),
Request->getMethod(), Request->getURI())); Request->getMethod(), Request->getURI()));
} }
UnAuthorized(); UnAuthorized("Invalid token", INVALID_TOKEN);
} }
return false; return false;
} }