scottk/wlan-cloud-ucentralsec
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/wlan-cloud-ucentralsec.git synced 2025-11-01 19:27:59 +00:00
Code Issues Packages Projects Releases 10 Wiki Activity

Framework update top allow insecure RESTAPI for ALB support.

Browse Source
This commit is contained in:
stephb9959
2022-03-22 22:30:04 -07:00
parent 80af312318
commit 7b767ae03f
2 changed files with 19 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/AuthService.cpp
View File

@@ -66,14 +66,19 @@ namespace OpenWifi {
{ {
std::lock_guard Guard(Mutex_); std::lock_guard Guard(Mutex_);
Expired = false; Expired = false;
std::cout << __LINE__ << std::endl;
try { try {
std::string CallToken; std::string CallToken;
std::cout << __LINE__ << std::endl;
Poco::Net::OAuth20Credentials Auth(Request); Poco::Net::OAuth20Credentials Auth(Request);
if (Auth.getScheme() == "Bearer") { if (Auth.getScheme() == "Bearer") {
std::cout << __LINE__ << std::endl;
CallToken = Auth.getBearerToken(); CallToken = Auth.getBearerToken();
} }
std::cout << __LINE__ << std::endl;
if(CallToken.empty()) { if(CallToken.empty()) {
std::cout << __LINE__ << std::endl;
return false; return false;
} }
@@ -92,6 +97,7 @@ namespace OpenWifi {
} }
return false; return false;
} catch(const Poco::Exception &E) { } catch(const Poco::Exception &E) {
std::cout << __LINE__ << std::endl;
Logger().log(E); Logger().log(E);
} }
return false; return false;

13
src/RESTAPI/RESTAPI_oauth2_handler.cpp
View File

@@ -61,9 +61,12 @@ namespace OpenWifi {
auto password = GetS(RESTAPI::Protocol::PASSWORD, Obj); auto password = GetS(RESTAPI::Protocol::PASSWORD, Obj);
auto newPassword = GetS(RESTAPI::Protocol::NEWPASSWORD, Obj); auto newPassword = GetS(RESTAPI::Protocol::NEWPASSWORD, Obj);
std::cout << __LINE__ << std::endl;
Poco::toLowerInPlace(userId); Poco::toLowerInPlace(userId);
std::cout << __LINE__ << std::endl;
if(GetBoolParameter(RESTAPI::Protocol::REQUIREMENTS, false)) { if(GetBoolParameter(RESTAPI::Protocol::REQUIREMENTS, false)) {
std::cout << __LINE__ << std::endl;
Logger_.information(Poco::format("POLICY-REQUEST(%s): Request.", Request->clientAddress().toString())); Logger_.information(Poco::format("POLICY-REQUEST(%s): Request.", Request->clientAddress().toString()));
Poco::JSON::Object Answer; Poco::JSON::Object Answer;
Answer.set(RESTAPI::Protocol::PASSWORDPATTERN, AuthService()->PasswordValidationExpression()); Answer.set(RESTAPI::Protocol::PASSWORDPATTERN, AuthService()->PasswordValidationExpression());
@@ -72,10 +75,13 @@ namespace OpenWifi {
return ReturnObject(Answer); return ReturnObject(Answer);
} }
std::cout << __LINE__ << std::endl;
if(GetBoolParameter(RESTAPI::Protocol::FORGOTPASSWORD,false)) { if(GetBoolParameter(RESTAPI::Protocol::FORGOTPASSWORD,false)) {
std::cout << __LINE__ << std::endl;
SecurityObjects::UserInfo UInfo1; SecurityObjects::UserInfo UInfo1;
auto UserExists = StorageService()->UserDB().GetUserByEmail(userId,UInfo1); auto UserExists = StorageService()->UserDB().GetUserByEmail(userId,UInfo1);
if(UserExists) { if(UserExists) {
std::cout << __LINE__ << std::endl;
Logger_.information(Poco::format("FORGOTTEN-PASSWORD(%s): Request for %s", Request->clientAddress().toString(), userId)); Logger_.information(Poco::format("FORGOTTEN-PASSWORD(%s): Request for %s", Request->clientAddress().toString(), userId));
SecurityObjects::ActionLink NewLink; SecurityObjects::ActionLink NewLink;
@@ -101,9 +107,12 @@ namespace OpenWifi {
} }
} }
std::cout << __LINE__ << std::endl;
if(GetBoolParameter(RESTAPI::Protocol::RESENDMFACODE,false)) { if(GetBoolParameter(RESTAPI::Protocol::RESENDMFACODE,false)) {
std::cout << __LINE__ << std::endl;
Logger_.information(Poco::format("RESEND-MFA-CODE(%s): Request for %s", Request->clientAddress().toString(), userId)); Logger_.information(Poco::format("RESEND-MFA-CODE(%s): Request for %s", Request->clientAddress().toString(), userId));
if(Obj->has("uuid")) { if(Obj->has("uuid")) {
std::cout << __LINE__ << std::endl;
auto uuid = Obj->get("uuid").toString(); auto uuid = Obj->get("uuid").toString();
if(MFAServer()->ResendCode(uuid)) if(MFAServer()->ResendCode(uuid))
return OK(); return OK();
@@ -111,6 +120,7 @@ namespace OpenWifi {
return UnAuthorized(RESTAPI::Errors::InvalidCredentials, BAD_MFA_TRANSACTION); return UnAuthorized(RESTAPI::Errors::InvalidCredentials, BAD_MFA_TRANSACTION);
} }
std::cout << __LINE__ << std::endl;
if(GetBoolParameter(RESTAPI::Protocol::COMPLETEMFACHALLENGE,false)) { if(GetBoolParameter(RESTAPI::Protocol::COMPLETEMFACHALLENGE,false)) {
Logger_.information(Poco::format("COMPLETE-MFA-CHALLENGE(%s): Request for %s", Request->clientAddress().toString(), userId)); Logger_.information(Poco::format("COMPLETE-MFA-CHALLENGE(%s): Request for %s", Request->clientAddress().toString(), userId));
if(Obj->has("uuid")) { if(Obj->has("uuid")) {
@@ -124,9 +134,12 @@ namespace OpenWifi {
return UnAuthorized(RESTAPI::Errors::InvalidCredentials, MFA_FAILURE); return UnAuthorized(RESTAPI::Errors::InvalidCredentials, MFA_FAILURE);
} }
std::cout << __LINE__ << std::endl;
SecurityObjects::UserInfoAndPolicy UInfo; SecurityObjects::UserInfoAndPolicy UInfo;
bool Expired=false; bool Expired=false;
std::cout << __LINE__ << std::endl;
auto Code=AuthService()->Authorize(userId, password, newPassword, UInfo, Expired); auto Code=AuthService()->Authorize(userId, password, newPassword, UInfo, Expired);
std::cout << __LINE__ << std::endl;
if (Code==SUCCESS) { if (Code==SUCCESS) {
Poco::JSON::Object ReturnObj; Poco::JSON::Object ReturnObj;
if(AuthService()->RequiresMFA(UInfo)) { if(AuthService()->RequiresMFA(UInfo)) {