From 7591b8cd44ebd41b09ea630d44ba07f769fc76f5 Mon Sep 17 00:00:00 2001 From: stephb9959 Date: Mon, 9 May 2022 09:43:20 -0700 Subject: [PATCH] Cleanup for null oauth body. --- build | 2 +- src/AuthService.cpp | 18 +++++++++--------- src/MFAServer.cpp | 4 ++-- src/RESTAPI/RESTAPI_oauth2_handler.cpp | 10 +++++++--- src/RESTAPI/RESTAPI_preferences.cpp | 2 +- src/RESTAPI/RESTAPI_signup_handler.cpp | 6 +++--- src/RESTAPI/RESTAPI_suboauth2_handler.cpp | 2 +- src/RESTAPI/RESTAPI_subpreferences.cpp | 2 +- src/RESTAPI/RESTAPI_subuser_handler.cpp | 2 +- src/RESTAPI/RESTAPI_user_handler.cpp | 2 +- src/RESTObjects/RESTAPI_SecurityObjects.cpp | 4 ++-- src/RESTObjects/RESTAPI_SecurityObjects.h | 6 +++--- src/SMSSender.cpp | 4 ++-- src/SMSSender.h | 2 +- src/SMTPMailerService.cpp | 2 +- src/SpecialUserHelpers.h | 2 +- src/TotpCache.h | 6 +++--- src/storage/orm_actionLinks.cpp | 8 ++++---- src/storage/orm_logins.cpp | 4 ++-- 19 files changed, 46 insertions(+), 42 deletions(-) diff --git a/build b/build index 6139554..8783e30 100644 --- a/build +++ b/build @@ -1 +1 @@ -52 \ No newline at end of file +53 \ No newline at end of file diff --git a/src/AuthService.cpp b/src/AuthService.cpp index f63055f..1590d75 100644 --- a/src/AuthService.cpp +++ b/src/AuthService.cpp @@ -282,7 +282,7 @@ namespace OpenWifi { } [[nodiscard]] std::string AuthService::GenerateTokenHMAC(const std::string & UserName, [[maybe_unused]] ACCESS_TYPE Type) { - std::string Identity(UserName + ":" + fmt::format("{}",std::time(nullptr)) + ":" + std::to_string(rand())); + std::string Identity(UserName + ":" + fmt::format("{}",OpenWifi::Now()) + ":" + std::to_string(rand())); HMAC_.update(Identity); return Poco::DigestEngine::digestToHex(HMAC_.digest()); } @@ -498,14 +498,14 @@ namespace OpenWifi { UInfo.webtoken.errorCode = 1; return PASSWORD_ALREADY_USED; } - UInfo.userinfo.lastPasswordChange = std::time(nullptr); + UInfo.userinfo.lastPasswordChange = OpenWifi::Now(); UInfo.userinfo.changePassword = false; - UInfo.userinfo.modified = std::time(nullptr); + UInfo.userinfo.modified = OpenWifi::Now(); StorageService()->UserDB().UpdateUserInfo(AUTHENTICATION_SYSTEM, UInfo.userinfo.id,UInfo.userinfo); } // so we have a good password, password up date has taken place if need be, now generate the token. - UInfo.userinfo.lastLogin=std::time(nullptr); + UInfo.userinfo.lastLogin=OpenWifi::Now(); StorageService()->UserDB().SetLastLogin(UInfo.userinfo.id); CreateToken(UserName, UInfo ); @@ -544,14 +544,14 @@ namespace OpenWifi { UInfo.webtoken.errorCode = 1; return PASSWORD_ALREADY_USED; } - UInfo.userinfo.lastPasswordChange = std::time(nullptr); + UInfo.userinfo.lastPasswordChange = OpenWifi::Now(); UInfo.userinfo.changePassword = false; - UInfo.userinfo.modified = std::time(nullptr); + UInfo.userinfo.modified = OpenWifi::Now(); StorageService()->SubDB().UpdateUserInfo(AUTHENTICATION_SYSTEM, UInfo.userinfo.id,UInfo.userinfo); } // so we have a good password, password update has taken place if need be, now generate the token. - UInfo.userinfo.lastLogin=std::time(nullptr); + UInfo.userinfo.lastLogin=OpenWifi::Now(); StorageService()->SubDB().SetLastLogin(UInfo.userinfo.id); CreateSubToken(UserName, UInfo ); @@ -648,7 +648,7 @@ namespace OpenWifi { A.action = OpenWifi::SecurityObjects::LinkActions::VERIFY_EMAIL; A.userId = UInfo.id; A.id = MicroService::CreateUUID(); - A.created = std::time(nullptr); + A.created = OpenWifi::Now(); A.expires = A.created + 24*60*60; A.userAction = true; StorageService()->ActionLinksDB().CreateAction(A); @@ -663,7 +663,7 @@ namespace OpenWifi { A.action = OpenWifi::SecurityObjects::LinkActions::SUB_VERIFY_EMAIL; A.userId = UInfo.id; A.id = MicroService::CreateUUID(); - A.created = std::time(nullptr); + A.created = OpenWifi::Now(); A.expires = A.created + 24*60*60; A.userAction = false; StorageService()->ActionLinksDB().CreateAction(A); diff --git a/src/MFAServer.cpp b/src/MFAServer.cpp index 0d8b4fc..5bc9399 100644 --- a/src/MFAServer.cpp +++ b/src/MFAServer.cpp @@ -28,7 +28,7 @@ namespace OpenWifi { std::string Challenge = MakeChallenge(); std::string uuid = MicroService::CreateUUID(); - uint64_t Created = std::time(nullptr); + uint64_t Created = OpenWifi::Now(); ChallengeStart.set("uuid",uuid); ChallengeStart.set("created", Created); @@ -107,7 +107,7 @@ namespace OpenWifi { void MFAServer::CleanCache() { // it is assumed that you have locked Cache_ at this point. - uint64_t Now = std::time(nullptr); + uint64_t Now = OpenWifi::Now(); for(auto i=begin(Cache_);i!=end(Cache_);) { if((Now-i->second.Created)>300) { i = Cache_.erase(i); diff --git a/src/RESTAPI/RESTAPI_oauth2_handler.cpp b/src/RESTAPI/RESTAPI_oauth2_handler.cpp index 7c2b6e6..1472923 100644 --- a/src/RESTAPI/RESTAPI_oauth2_handler.cpp +++ b/src/RESTAPI/RESTAPI_oauth2_handler.cpp @@ -25,8 +25,7 @@ namespace OpenWifi { return UnAuthorized(RESTAPI::Errors::EXPIRED_TOKEN); return UnAuthorized(RESTAPI::Errors::INVALID_TOKEN); } - bool GetMe = GetBoolParameter(RESTAPI::Protocol::ME, false); - if(GetMe) { + if(GetBoolParameter(RESTAPI::Protocol::ME)) { Logger_.information(fmt::format("REQUEST-ME({}): Request for {}", Request->clientAddress().toString(), UserInfo_.userinfo.email)); Poco::JSON::Object Me; SecurityObjects::UserInfo ReturnedUser = UserInfo_.userinfo; @@ -56,7 +55,12 @@ namespace OpenWifi { } void RESTAPI_oauth2_handler::DoPost() { + const auto & Obj = ParsedBody_; + if(Obj == nullptr) { + return BadRequest(RESTAPI::Errors::InvalidJSONDocument); + } + auto userId = GetS(RESTAPI::Protocol::USERID, Obj); auto password = GetS(RESTAPI::Protocol::PASSWORD, Obj); auto newPassword = GetS(RESTAPI::Protocol::NEWPASSWORD, Obj); @@ -164,7 +168,7 @@ namespace OpenWifi { case PASSWORD_CHANGE_REQUIRED: return UnAuthorized(RESTAPI::Errors::PASSWORD_CHANGE_REQUIRED); default: - return UnAuthorized(RESTAPI::Errors::INVALID_CREDENTIALS); break; + return UnAuthorized(RESTAPI::Errors::INVALID_CREDENTIALS); } return; } diff --git a/src/RESTAPI/RESTAPI_preferences.cpp b/src/RESTAPI/RESTAPI_preferences.cpp index ecb1d80..6b6b67e 100644 --- a/src/RESTAPI/RESTAPI_preferences.cpp +++ b/src/RESTAPI/RESTAPI_preferences.cpp @@ -25,7 +25,7 @@ namespace OpenWifi { } P.id = UserInfo_.userinfo.id; - P.modified = std::time(nullptr); + P.modified = OpenWifi::Now(); StorageService()->PreferencesDB().SetPreferences(P); Poco::JSON::Object Answer; diff --git a/src/RESTAPI/RESTAPI_signup_handler.cpp b/src/RESTAPI/RESTAPI_signup_handler.cpp index 8cf6f06..ff0fbd2 100644 --- a/src/RESTAPI/RESTAPI_signup_handler.cpp +++ b/src/RESTAPI/RESTAPI_signup_handler.cpp @@ -40,8 +40,8 @@ namespace OpenWifi { NewSub.signingUp = signupUUID; NewSub.waitingForEmailCheck = true; NewSub.name = UserName; - NewSub.modified = std::time(nullptr); - NewSub.creationDate = std::time(nullptr); + NewSub.modified = OpenWifi::Now(); + NewSub.creationDate = OpenWifi::Now(); NewSub.id = MicroService::instance().CreateUUID(); NewSub.email = UserName; NewSub.userRole = SecurityObjects::SUBSCRIBER; @@ -56,7 +56,7 @@ namespace OpenWifi { NewLink.action = OpenWifi::SecurityObjects::LinkActions::SUB_SIGNUP; NewLink.id = MicroService::CreateUUID(); NewLink.userId = NewSub.id; - NewLink.created = std::time(nullptr); + NewLink.created = OpenWifi::Now(); NewLink.expires = NewLink.created + (1*60*60); // 1 hour NewLink.userAction = false; StorageService()->ActionLinksDB().CreateAction(NewLink); diff --git a/src/RESTAPI/RESTAPI_suboauth2_handler.cpp b/src/RESTAPI/RESTAPI_suboauth2_handler.cpp index 61f75d1..30303aa 100644 --- a/src/RESTAPI/RESTAPI_suboauth2_handler.cpp +++ b/src/RESTAPI/RESTAPI_suboauth2_handler.cpp @@ -89,7 +89,7 @@ namespace OpenWifi { NewLink.action = OpenWifi::SecurityObjects::LinkActions::SUB_FORGOT_PASSWORD; NewLink.id = MicroService::CreateUUID(); NewLink.userId = UInfo1.id; - NewLink.created = std::time(nullptr); + NewLink.created = OpenWifi::Now(); NewLink.expires = NewLink.created + (24*60*60); NewLink.userAction = false; StorageService()->ActionLinksDB().CreateAction(NewLink); diff --git a/src/RESTAPI/RESTAPI_subpreferences.cpp b/src/RESTAPI/RESTAPI_subpreferences.cpp index 659f1de..8a5b0f4 100644 --- a/src/RESTAPI/RESTAPI_subpreferences.cpp +++ b/src/RESTAPI/RESTAPI_subpreferences.cpp @@ -25,7 +25,7 @@ namespace OpenWifi { } P.id = UserInfo_.userinfo.id; - P.modified = std::time(nullptr); + P.modified = OpenWifi::Now(); StorageService()->SubPreferencesDB().SetPreferences(P); Poco::JSON::Object Answer; diff --git a/src/RESTAPI/RESTAPI_subuser_handler.cpp b/src/RESTAPI/RESTAPI_subuser_handler.cpp index 83d9e81..98ceaa5 100644 --- a/src/RESTAPI/RESTAPI_subuser_handler.cpp +++ b/src/RESTAPI/RESTAPI_subuser_handler.cpp @@ -233,7 +233,7 @@ namespace OpenWifi { SecurityObjects::NoteInfoVec NIV; NIV = RESTAPI_utils::to_object_array(RawObject->get("notes").toString()); for(auto const &i:NIV) { - SecurityObjects::NoteInfo ii{.created=(uint64_t)std::time(nullptr), .createdBy=UserInfo_.userinfo.email, .note=i.note}; + SecurityObjects::NoteInfo ii{.created=(uint64_t)OpenWifi::Now(), .createdBy=UserInfo_.userinfo.email, .note=i.note}; Existing.notes.push_back(ii); } } diff --git a/src/RESTAPI/RESTAPI_user_handler.cpp b/src/RESTAPI/RESTAPI_user_handler.cpp index d5c1c95..b04980f 100644 --- a/src/RESTAPI/RESTAPI_user_handler.cpp +++ b/src/RESTAPI/RESTAPI_user_handler.cpp @@ -243,7 +243,7 @@ namespace OpenWifi { SecurityObjects::NoteInfoVec NIV; NIV = RESTAPI_utils::to_object_array(RawObject->get("notes").toString()); for(auto const &i:NIV) { - SecurityObjects::NoteInfo ii{.created=(uint64_t)std::time(nullptr), .createdBy=UserInfo_.userinfo.email, .note=i.note}; + SecurityObjects::NoteInfo ii{.created=(uint64_t)OpenWifi::Now(), .createdBy=UserInfo_.userinfo.email, .note=i.note}; Existing.notes.push_back(ii); } } diff --git a/src/RESTObjects/RESTAPI_SecurityObjects.cpp b/src/RESTObjects/RESTAPI_SecurityObjects.cpp index 7964b2d..a077e40 100644 --- a/src/RESTObjects/RESTAPI_SecurityObjects.cpp +++ b/src/RESTObjects/RESTAPI_SecurityObjects.cpp @@ -433,7 +433,7 @@ namespace OpenWifi::SecurityObjects { SecurityObjects::NoteInfoVec NIV; NIV = RESTAPI_utils::to_object_array(Obj->get("notes").toString()); for(auto const &i:NIV) { - SecurityObjects::NoteInfo ii{.created=(uint64_t)std::time(nullptr), .createdBy=UInfo.email, .note=i.note}; + SecurityObjects::NoteInfo ii{.created=(uint64_t)OpenWifi::Now(), .createdBy=UInfo.email, .note=i.note}; Notes.push_back(ii); } } @@ -446,7 +446,7 @@ namespace OpenWifi::SecurityObjects { bool MergeNotes(const NoteInfoVec & NewNotes, const UserInfo &UInfo, NoteInfoVec & ExistingNotes) { for(auto const &i:NewNotes) { - SecurityObjects::NoteInfo ii{.created=(uint64_t)std::time(nullptr), .createdBy=UInfo.email, .note=i.note}; + SecurityObjects::NoteInfo ii{.created=(uint64_t)OpenWifi::Now(), .createdBy=UInfo.email, .note=i.note}; ExistingNotes.push_back(ii); } return true; diff --git a/src/RESTObjects/RESTAPI_SecurityObjects.h b/src/RESTObjects/RESTAPI_SecurityObjects.h index 66c1646..210b3a8 100644 --- a/src/RESTObjects/RESTAPI_SecurityObjects.h +++ b/src/RESTObjects/RESTAPI_SecurityObjects.h @@ -55,7 +55,7 @@ namespace OpenWifi { std::string UserTypeToString(USER_ROLE U); struct NoteInfo { - uint64_t created=0; // = std::time(nullptr); + uint64_t created=0; // = OpenWifi::Now(); std::string createdBy; std::string note; @@ -94,7 +94,7 @@ namespace OpenWifi { std::string uuid; std::string question; std::string method; - uint64_t created = std::time(nullptr); + uint64_t created = OpenWifi::Now(); void to_json(Poco::JSON::Object &Obj) const; bool from_json(const Poco::JSON::Object::Ptr &Obj); @@ -256,7 +256,7 @@ namespace OpenWifi { std::string locale; std::string message; uint64_t sent=0; - uint64_t created=std::time(nullptr); + uint64_t created=OpenWifi::Now(); uint64_t expires=0; uint64_t completed=0; uint64_t canceled=0; diff --git a/src/SMSSender.cpp b/src/SMSSender.cpp index e829024..4053934 100644 --- a/src/SMSSender.cpp +++ b/src/SMSSender.cpp @@ -34,7 +34,7 @@ namespace OpenWifi { } void SMSSender::CleanCache() { - uint64_t Now=std::time(nullptr); + uint64_t Now=OpenWifi::Now(); for(auto i=begin(Cache_);i!=end(Cache_);) { if((Now-i->Created)>300) i = Cache_.erase(i); @@ -46,7 +46,7 @@ namespace OpenWifi { bool SMSSender::StartValidation(const std::string &Number, const std::string &UserName) { std::lock_guard G(Mutex_); CleanCache(); - uint64_t Now=std::time(nullptr); + uint64_t Now=OpenWifi::Now(); auto Challenge = MFAServer::MakeChallenge(); Cache_.emplace_back(SMSValidationCacheEntry{.Number=Number, .Code=Challenge, .UserName=UserName, .Created=Now}); std::string Message = "Please enter the following code on your login screen: " + Challenge; diff --git a/src/SMSSender.h b/src/SMSSender.h index 355a0d4..fcb422e 100644 --- a/src/SMSSender.h +++ b/src/SMSSender.h @@ -18,7 +18,7 @@ namespace OpenWifi { std::string Number; std::string Code; std::string UserName; - uint64_t Created = std::time(nullptr); + uint64_t Created = OpenWifi::Now(); bool Validated = false; }; diff --git a/src/SMTPMailerService.cpp b/src/SMTPMailerService.cpp index 724da7a..046d40f 100644 --- a/src/SMTPMailerService.cpp +++ b/src/SMTPMailerService.cpp @@ -55,7 +55,7 @@ namespace OpenWifi { bool SMTPMailerService::SendMessage([[maybe_unused]] const std::string &Recipient, const std::string &Name, const MessageAttributes &Attrs) { std::lock_guard G(Mutex_); - PendingMessages_.push_back(MessageEvent{.Posted=(uint64_t )std::time(nullptr), + PendingMessages_.push_back(MessageEvent{.Posted= OpenWifi::Now(), .LastTry=0, .Sent=0, .File=Poco::File(TemplateDir_ + "/" +Name), diff --git a/src/SpecialUserHelpers.h b/src/SpecialUserHelpers.h index 9e9a483..136f6a2 100644 --- a/src/SpecialUserHelpers.h +++ b/src/SpecialUserHelpers.h @@ -22,7 +22,7 @@ namespace OpenWifi { U.email = MicroService::instance().ConfigGetString("authentication.default.username", ""); U.id = NewDefaultUseridStockUUID; U.userRole = SecurityObjects::ROOT; - U.creationDate = std::time(nullptr); + U.creationDate = OpenWifi::Now(); U.validated = true; U.name = "Default User"; U.description = "Default user should be deleted."; diff --git a/src/TotpCache.h b/src/TotpCache.h index 628b8e2..6de63c7 100644 --- a/src/TotpCache.h +++ b/src/TotpCache.h @@ -53,7 +53,7 @@ namespace OpenWifi { } static bool ValidateCode( const std::string &Secret, const std::string &Code, std::string & Expecting) { - uint64_t Now = std::time(nullptr); + uint64_t Now = OpenWifi::Now(); uint32_t p = CppTotp::totp(CppTotp::Bytes::ByteString{ (const u_char *)Secret.c_str()}, Now, 0, 30, 6); char buffer[16]; sprintf(buffer,"%06u",p); @@ -76,7 +76,7 @@ namespace OpenWifi { if(Reset) { std::string Base32Secret; Hint->second.Subscriber = Subscriber; - Hint->second.Start = std::time(nullptr); + Hint->second.Start = OpenWifi::Now(); Hint->second.Done = 0; Hint->second.Verifications = 0; Hint->second.Secret = GenerateSecret(20,Base32Secret); @@ -156,7 +156,7 @@ namespace OpenWifi { inline bool CompleteValidation(const SecurityObjects::UserInfo &User, bool Subscriber, std::string & Secret) { auto Hint = Cache_.find(User.id); - uint64_t Now = std::time(nullptr); + uint64_t Now = OpenWifi::Now(); if(Hint!=Cache_.end() && Subscriber==Hint->second.Subscriber && (Now-Hint->second.Start)<(15*60) && Hint->second.Done!=0) { Secret = Hint->second.Secret; Cache_.erase(Hint); diff --git a/src/storage/orm_actionLinks.cpp b/src/storage/orm_actionLinks.cpp index 635faa1..444eab6 100644 --- a/src/storage/orm_actionLinks.cpp +++ b/src/storage/orm_actionLinks.cpp @@ -67,7 +67,7 @@ namespace OpenWifi { bool ActionLinkDB::SentAction(std::string &ActionId) { SecurityObjects::ActionLink A; if(GetRecord("id",ActionId,A)) { - A.sent = std::time(nullptr); + A.sent = OpenWifi::Now(); return UpdateRecord("id",ActionId,A); } return false; @@ -80,7 +80,7 @@ namespace OpenWifi { bool ActionLinkDB::CompleteAction(std::string &ActionId) { SecurityObjects::ActionLink A; if(GetRecord("id",ActionId,A)) { - A.completed = std::time(nullptr); + A.completed = OpenWifi::Now(); return UpdateRecord("id",ActionId,A); } return false; @@ -89,14 +89,14 @@ namespace OpenWifi { bool ActionLinkDB::CancelAction(std::string &ActionId) { SecurityObjects::ActionLink A; if(GetRecord("id",ActionId,A)) { - A.canceled = std::time(nullptr); + A.canceled = OpenWifi::Now(); return UpdateRecord("id",ActionId,A); } return false; } void ActionLinkDB::CleanOldActionLinks() { - uint64_t CutOff = std::time(nullptr) - (30 * 24 * 60 * 60); + uint64_t CutOff = OpenWifi::Now() - (30 * 24 * 60 * 60); std::string WhereClause{" Created <= " + std::to_string(CutOff) + " "}; DeleteRecords(WhereClause); } diff --git a/src/storage/orm_logins.cpp b/src/storage/orm_logins.cpp index 95786da..f1b28ab 100644 --- a/src/storage/orm_logins.cpp +++ b/src/storage/orm_logins.cpp @@ -38,7 +38,7 @@ namespace OpenWifi { R.sessionId = MakeSessionId(token); R.userId = userId; R.email = email; - R.login = std::time(nullptr); + R.login = OpenWifi::Now(); R.logout = 0; CreateRecord(R); } @@ -48,7 +48,7 @@ namespace OpenWifi { SecurityObjects::LoginRecordInfo R; if(GetRecord("session", Session, R)) { - R.logout = std::time(nullptr); + R.logout = OpenWifi::Now(); UpdateRecord("session", Session, R); } }