diff --git a/CMakeLists.txt b/CMakeLists.txt index 14f1167..9a217e8 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -175,7 +175,7 @@ add_executable( owsec src/TotpCache.h src/RESTAPI/RESTAPI_subtotp_handler.cpp src/RESTAPI/RESTAPI_subtotp_handler.h src/RESTAPI/RESTAPI_signup_handler.cpp src/RESTAPI/RESTAPI_signup_handler.h - src/MessagingTemplates.cpp src/MessagingTemplates.h src/RESTAPI/RESTAPI_apiKey_handler.cpp src/RESTAPI/RESTAPI_apiKey_handler.h src/storage/orm_apikeys.cpp src/storage/orm_apikeys.h src/RESTAPI/RESTAPI_validate_apikey.cpp src/RESTAPI/RESTAPI_validate_apikey.h) + src/MessagingTemplates.h src/RESTAPI/RESTAPI_apiKey_handler.cpp src/RESTAPI/RESTAPI_apiKey_handler.h src/storage/orm_apikeys.cpp src/storage/orm_apikeys.h src/RESTAPI/RESTAPI_validate_apikey.cpp src/RESTAPI/RESTAPI_validate_apikey.h) if(NOT SMALL_BUILD) target_link_libraries(owsec PUBLIC diff --git a/build b/build index e440e5c..62f9457 100644 --- a/build +++ b/build @@ -1 +1 @@ -3 \ No newline at end of file +6 \ No newline at end of file diff --git a/openpapi/owsec.yaml b/openpapi/owsec.yaml index caefa5a..50ef7c7 100644 --- a/openpapi/owsec.yaml +++ b/openpapi/owsec.yaml @@ -71,7 +71,8 @@ components: - 11 # BAD_MFA_TRANSACTION - 12 # MFA_FAILURE - 13 # SECURITY_SERVICE_UNREACHABLE - - 14 # CANNOT REFRESH TOKEN + - 14 # CANNOT_REFRESH_TOKEN + - 15 # ACCOUNT_SUSPENDED ErrorDetails: type: string ErrorDescription: diff --git a/src/ActionLinkManager.cpp b/src/ActionLinkManager.cpp index 3d708c5..670f066 100644 --- a/src/ActionLinkManager.cpp +++ b/src/ActionLinkManager.cpp @@ -67,7 +67,7 @@ namespace OpenWifi { switch(i.action) { case OpenWifi::SecurityObjects::LinkActions::FORGOT_PASSWORD: { - if(AuthService::SendEmailToUser(i.id, UInfo.email, MessagingTemplates::FORGOT_PASSWORD)) { + if(AuthService()->SendEmailToUser(i.id, UInfo.email, MessagingTemplates::FORGOT_PASSWORD)) { poco_information(Logger(),fmt::format("Send password reset link to {}",UInfo.email)); } StorageService()->ActionLinksDB().SentAction(i.id); @@ -75,7 +75,7 @@ namespace OpenWifi { break; case OpenWifi::SecurityObjects::LinkActions::VERIFY_EMAIL: { - if(AuthService::SendEmailToUser(i.id, UInfo.email, MessagingTemplates::EMAIL_VERIFICATION)) { + if(AuthService()->SendEmailToUser(i.id, UInfo.email, MessagingTemplates::EMAIL_VERIFICATION)) { poco_information(Logger(),fmt::format("Send email verification link to {}",UInfo.email)); } StorageService()->ActionLinksDB().SentAction(i.id); @@ -83,7 +83,7 @@ namespace OpenWifi { break; case OpenWifi::SecurityObjects::LinkActions::EMAIL_INVITATION: { - if(AuthService::SendEmailToUser(i.id, UInfo.email, MessagingTemplates::EMAIL_INVITATION)) { + if(AuthService()->SendEmailToUser(i.id, UInfo.email, MessagingTemplates::EMAIL_INVITATION)) { poco_information(Logger(),fmt::format("Send new subscriber email invitation link to {}",UInfo.email)); } StorageService()->ActionLinksDB().SentAction(i.id); @@ -92,7 +92,7 @@ namespace OpenWifi { case OpenWifi::SecurityObjects::LinkActions::SUB_FORGOT_PASSWORD: { auto Signup = Poco::StringTokenizer(UInfo.signingUp,":"); - if(AuthService::SendEmailToSubUser(i.id, UInfo.email,MessagingTemplates::SUB_FORGOT_PASSWORD, Signup.count()==1 ? "" : Signup[0])) { + if(AuthService()->SendEmailToSubUser(i.id, UInfo.email,MessagingTemplates::SUB_FORGOT_PASSWORD, Signup.count()==1 ? "" : Signup[0])) { poco_information(Logger(),fmt::format("Send subscriber password reset link to {}",UInfo.email)); } StorageService()->ActionLinksDB().SentAction(i.id); @@ -101,7 +101,7 @@ namespace OpenWifi { case OpenWifi::SecurityObjects::LinkActions::SUB_VERIFY_EMAIL: { auto Signup = Poco::StringTokenizer(UInfo.signingUp,":"); - if(AuthService::SendEmailToSubUser(i.id, UInfo.email, MessagingTemplates::SUB_EMAIL_VERIFICATION, Signup.count()==1 ? "" : Signup[0])) { + if(AuthService()->SendEmailToSubUser(i.id, UInfo.email, MessagingTemplates::SUB_EMAIL_VERIFICATION, Signup.count()==1 ? "" : Signup[0])) { poco_information(Logger(),fmt::format("Send subscriber email verification link to {}",UInfo.email)); } StorageService()->ActionLinksDB().SentAction(i.id); @@ -110,7 +110,7 @@ namespace OpenWifi { case OpenWifi::SecurityObjects::LinkActions::SUB_SIGNUP: { auto Signup = Poco::StringTokenizer(UInfo.signingUp,":"); - if(AuthService::SendEmailToSubUser(i.id, UInfo.email, MessagingTemplates::SUB_SIGNUP_VERIFICATION, Signup.count()==1 ? "" : Signup[0])) { + if(AuthService()->SendEmailToSubUser(i.id, UInfo.email, MessagingTemplates::SUB_SIGNUP_VERIFICATION, Signup.count()==1 ? "" : Signup[0])) { poco_information(Logger(),fmt::format("Send new subscriber email verification link to {}",UInfo.email)); } StorageService()->ActionLinksDB().SentAction(i.id); diff --git a/src/AuthService.cpp b/src/AuthService.cpp index 6131ddd..9dd8804 100644 --- a/src/AuthService.cpp +++ b/src/AuthService.cpp @@ -65,6 +65,21 @@ namespace OpenWifi { SubAccessPolicy_ = MicroServiceConfigGetString("subscriber.policy.access", "/wwwassets/access_policy.html"); SubPasswordPolicy_ = MicroServiceConfigGetString("subscriber.policy.password", "/wwwassets/password_policy.html"); + HelperEmail_ = MicroServiceConfigGetString("helper.user.email", "openwifi@telecominfraproject.com"); + SubHelperEmail_ = MicroServiceConfigGetString("helper.sub.email", "openwifi@telecominfraproject.com"); + + GlobalHelperEmail_ = MicroServiceConfigGetString("helper.user.global.email", "openwifi@telecominfraproject.com"); + GlobalSubHelperEmail_ = MicroServiceConfigGetString("helper.sub.global.email", "openwifi@telecominfraproject.com"); + + HelperSite_ = MicroServiceConfigGetString("helper.user.site", "telecominfraproject.com"); + SubHelperSite_ = MicroServiceConfigGetString("helper.sub.site", "telecominfraproject.com"); + + SystemLoginSite_ = MicroServiceConfigGetString("helper.user.login", "telecominfraproject.com"); + SubSystemLoginSite_ = MicroServiceConfigGetString("helper.sub.login", "telecominfraproject.com"); + + UserSignature_ = MicroServiceConfigGetString("helper.user.signature", "Telecom Infra Project"); + SubSignature_ = MicroServiceConfigGetString("helper.sub.signature", "Telecom Infra Project"); + return 0; } @@ -508,6 +523,11 @@ namespace OpenWifi { Poco::toLowerInPlace(UserName); if(StorageService()->UserDB().GetUserByEmail(UserName,UInfo.userinfo)) { + + if(UInfo.userinfo.suspended) { + return ACCOUNT_SUSPENDED; + } + if(UInfo.userinfo.waitingForEmailCheck) { return USERNAME_PENDING_VERIFICATION; } @@ -553,6 +573,11 @@ namespace OpenWifi { Poco::toLowerInPlace(UserName); if(StorageService()->SubDB().GetUserByEmail(UserName,UInfo.userinfo)) { + + if(UInfo.userinfo.suspended) { + return ACCOUNT_SUSPENDED; + } + if(UInfo.userinfo.waitingForEmailCheck) { return USERNAME_PENDING_VERIFICATION; } @@ -594,19 +619,33 @@ namespace OpenWifi { bool AuthService::SendEmailChallengeCode(const SecurityObjects::UserInfoAndPolicy &UInfo, const std::string &Challenge) { auto OperatorParts = Poco::StringTokenizer(UInfo.userinfo.signingUp,":"); + + bool IsSub = UInfo.userinfo.userRole==SecurityObjects::SUBSCRIBER; + if(UInfo.userinfo.signingUp.empty() || OperatorParts.count()!=2) { MessageAttributes Attrs; Attrs[RECIPIENT_EMAIL] = UInfo.userinfo.email; Attrs[LOGO] = AuthService::GetLogoAssetURI(); Attrs[SUBJECT] = "Login validation code"; Attrs[CHALLENGE_CODE] = Challenge; - return SMTPMailerService()->SendMessage(UInfo.userinfo.email, MessagingTemplates::TemplateName(MessagingTemplates::VERIFICATION_CODE), Attrs, false); + if(!IsSub) { + SMTPMailerService()->AddUserVars(Attrs); + } else { + SMTPMailerService()->AddSubVars(Attrs); + } + return SMTPMailerService()->SendMessage(UInfo.userinfo.email, MessagingTemplates::TemplateName( + MessagingTemplates::VERIFICATION_CODE), Attrs, false); } else { MessageAttributes Attrs; Attrs[RECIPIENT_EMAIL] = UInfo.userinfo.email; Attrs[LOGO] = AuthService::GetSubLogoAssetURI(); Attrs[SUBJECT] = "Login validation code"; Attrs[CHALLENGE_CODE] = Challenge; + if(!IsSub) { + SMTPMailerService()->AddUserVars(Attrs); + } else { + SMTPMailerService()->AddSubVars(Attrs); + } return SMTPMailerService()->SendMessage(UInfo.userinfo.email, MessagingTemplates::TemplateName(MessagingTemplates::SUB_VERIFICATION_CODE,OperatorParts[0]), Attrs, true ); } } @@ -624,6 +663,7 @@ namespace OpenWifi { Attrs[SUBJECT] = "Password reset link"; Attrs[ACTION_LINK] = MicroServiceGetPublicAPIEndPoint() + "/actionLink?action=password_reset&id=" + LinkId ; Attrs[ACTION_LINK_HTML] = "/api/v1/actionLink?action=password_reset&id=" + LinkId ; + SMTPMailerService()->AddUserVars(Attrs); SMTPMailerService()->SendMessage(UInfo.email, MessagingTemplates::TemplateName(MessagingTemplates::FORGOT_PASSWORD), Attrs, false); } break; @@ -635,20 +675,22 @@ namespace OpenWifi { Attrs[SUBJECT] = "e-mail Address Verification"; Attrs[ACTION_LINK] = MicroServiceGetPublicAPIEndPoint() + "/actionLink?action=email_verification&id=" + LinkId ; Attrs[ACTION_LINK_HTML] = "/api/v1/actionLink?action=email_verification&id=" + LinkId ; + SMTPMailerService()->AddUserVars(Attrs); SMTPMailerService()->SendMessage(UInfo.email, MessagingTemplates::TemplateName(MessagingTemplates::EMAIL_VERIFICATION), Attrs, false); UInfo.waitingForEmailCheck = true; } break; case MessagingTemplates::EMAIL_INVITATION: { - MessageAttributes Attrs; - Attrs[RECIPIENT_EMAIL] = UInfo.email; - Attrs[LOGO] = GetLogoAssetURI(); - Attrs[SUBJECT] = "e-mail Invitation"; - Attrs[ACTION_LINK] = MicroServiceGetPublicAPIEndPoint() + "/actionLink?action=email_invitation&id=" + LinkId ; - Attrs[ACTION_LINK_HTML] = "/api/v1/actionLink?action=email_invitation&id=" + LinkId ; - SMTPMailerService()->SendMessage(UInfo.email, MessagingTemplates::TemplateName(MessagingTemplates::EMAIL_INVITATION), Attrs, false); - UInfo.waitingForEmailCheck = true; + MessageAttributes Attrs; + Attrs[RECIPIENT_EMAIL] = UInfo.email; + Attrs[LOGO] = GetLogoAssetURI(); + Attrs[SUBJECT] = "e-mail Invitation"; + Attrs[ACTION_LINK] = MicroServiceGetPublicAPIEndPoint() + "/actionLink?action=email_invitation&id=" + LinkId ; + Attrs[ACTION_LINK_HTML] = "/api/v1/actionLink?action=email_invitation&id=" + LinkId ; + SMTPMailerService()->AddUserVars(Attrs); + SMTPMailerService()->SendMessage(UInfo.email, MessagingTemplates::TemplateName(MessagingTemplates::EMAIL_INVITATION), Attrs, false); + UInfo.waitingForEmailCheck = true; } break; @@ -673,6 +715,7 @@ namespace OpenWifi { Attrs[SUBJECT] = "Password reset link"; Attrs[ACTION_LINK] = MicroServiceGetPublicAPIEndPoint() + "/actionLink?action=sub_password_reset&id=" + LinkId ; Attrs[ACTION_LINK_HTML] = "/api/v1/actionLink?action=sub_password_reset&id=" + LinkId ; + SMTPMailerService()->AddSubVars(Attrs); SMTPMailerService()->SendMessage(UInfo.email, MessagingTemplates::TemplateName(MessagingTemplates::SUB_FORGOT_PASSWORD, OperatorName), Attrs, true); } break; @@ -684,6 +727,7 @@ namespace OpenWifi { Attrs[SUBJECT] = "e-mail Address Verification"; Attrs[ACTION_LINK] = MicroServiceGetPublicAPIEndPoint() + "/actionLink?action=sub_email_verification&id=" + LinkId ; Attrs[ACTION_LINK_HTML] = "/api/v1/actionLink?action=sub_email_verification&id=" + LinkId ; + SMTPMailerService()->AddSubVars(Attrs); SMTPMailerService()->SendMessage(UInfo.email, MessagingTemplates::TemplateName(MessagingTemplates::SUB_EMAIL_VERIFICATION, OperatorName), Attrs, true); UInfo.waitingForEmailCheck = true; } @@ -696,6 +740,7 @@ namespace OpenWifi { Attrs[SUBJECT] = "Signup e-mail Address Verification"; Attrs[ACTION_LINK] = MicroServiceGetPublicAPIEndPoint() + "/actionLink?action=signup_verification&id=" + LinkId ; Attrs[ACTION_LINK_HTML] = "/api/v1/actionLink?action=signup_verification&id=" + LinkId ; + SMTPMailerService()->AddSubVars(Attrs); SMTPMailerService()->SendMessage(UInfo.email, MessagingTemplates::TemplateName(MessagingTemplates::SUB_SIGNUP_VERIFICATION, OperatorName), Attrs, true); UInfo.waitingForEmailCheck = true; } @@ -779,10 +824,12 @@ namespace OpenWifi { } bool AuthService::IsValidApiKey(const std::string &ApiKey, SecurityObjects::WebToken &WebToken, - SecurityObjects::UserInfo &UserInfo, bool &Expired, std::uint64_t &expiresOn) { + SecurityObjects::UserInfo &UserInfo, bool &Expired, std::uint64_t &expiresOn, + bool & Suspended) { std::lock_guard G(Mutex_); + Suspended = false; std::string UserId; SecurityObjects::WebToken WT; SecurityObjects::ApiKeyEntry ApiKeyEntry; @@ -792,6 +839,10 @@ namespace OpenWifi { if(Expired) return false; if(StorageService()->UserDB().GetUserById(ApiKeyEntry.userUuid,UserInfo)) { + if(UserInfo.suspended) { + Suspended=true; + return false; + } WebToken = WT; ApiKeyEntry.lastUse = Utils::Now(); StorageService()->ApiKeyDB().UpdateRecord("id", ApiKeyEntry.id, ApiKeyEntry); diff --git a/src/AuthService.h b/src/AuthService.h index f12d3b5..6c7eb94 100644 --- a/src/AuthService.h +++ b/src/AuthService.h @@ -77,7 +77,7 @@ namespace OpenWifi{ [[nodiscard]] std::string GenerateTokenJWT(const std::string & UserName, ACCESS_TYPE Type); [[nodiscard]] std::string GenerateTokenHMAC(const std::string & UserName, ACCESS_TYPE Type); - [[nodiscard]] bool IsValidApiKey(const std::string &ApiKey, SecurityObjects::WebToken &WebToken, SecurityObjects::UserInfo &UserInfo, bool & Expired, std::uint64_t & expiresOn); + [[nodiscard]] bool IsValidApiKey(const std::string &ApiKey, SecurityObjects::WebToken &WebToken, SecurityObjects::UserInfo &UserInfo, bool & Expired, std::uint64_t & expiresOn, bool & Suspended); [[nodiscard]] std::string ComputeNewPasswordHash(const std::string &UserName, const std::string &Password); [[nodiscard]] bool ValidatePasswordHash(const std::string & UserName, const std::string & Password, const std::string &StoredPassword); [[nodiscard]] bool ValidateSubPasswordHash(const std::string & UserName, const std::string & Password, const std::string &StoredPassword); @@ -91,8 +91,8 @@ namespace OpenWifi{ [[nodiscard]] static bool VerifyEmail(SecurityObjects::UserInfo &UInfo); [[nodiscard]] static bool VerifySubEmail(SecurityObjects::UserInfo &UInfo); - [[nodiscard]] static bool SendEmailToUser(const std::string &LinkId, std::string &Email, MessagingTemplates::EMAIL_REASON Reason); - [[nodiscard]] static bool SendEmailToSubUser(const std::string &LinkId, std::string &Email, MessagingTemplates::EMAIL_REASON Reason, const std::string &OperatorName); + [[nodiscard]] bool SendEmailToUser(const std::string &LinkId, std::string &Email, MessagingTemplates::EMAIL_REASON Reason); + [[nodiscard]] bool SendEmailToSubUser(const std::string &LinkId, std::string &Email, MessagingTemplates::EMAIL_REASON Reason, const std::string &OperatorName); [[nodiscard]] bool RequiresMFA(const SecurityObjects::UserInfoAndPolicy &UInfo); [[nodiscard]] bool SendEmailChallengeCode(const SecurityObjects::UserInfoAndPolicy &UInfo, const std::string &code); @@ -127,6 +127,17 @@ namespace OpenWifi{ bool RefreshUserToken(Poco::Net::HTTPServerRequest & Request, const std::string & RefreshToken, SecurityObjects::UserInfoAndPolicy & UI); bool RefreshSubToken(Poco::Net::HTTPServerRequest & Request, const std::string & RefreshToken, SecurityObjects::UserInfoAndPolicy & UI); + [[nodiscard]] inline auto HelperEmail() const { return HelperEmail_; }; + [[nodiscard]] inline auto SubHelperEmail() const { return SubHelperEmail_; }; + [[nodiscard]] inline auto GlobalHelperEmail() const { return GlobalHelperEmail_; }; + [[nodiscard]] inline auto GlobalSubHelperEmail() const { return GlobalSubHelperEmail_; }; + [[nodiscard]] inline auto HelperSite() const { return HelperSite_; }; + [[nodiscard]] inline auto SubHelperSite() const { return SubHelperSite_;}; + [[nodiscard]] inline auto SystemLoginSite() const { return SystemLoginSite_;}; + [[nodiscard]] inline auto SubSystemLoginSite() const { return SubSystemLoginSite_; }; + [[nodiscard]] inline auto UserSignature() const { return UserSignature_;}; + [[nodiscard]] inline auto SubSignature() const { return SubSignature_; }; + private: Poco::SHA2Engine SHA2_; @@ -143,6 +154,17 @@ namespace OpenWifi{ uint64_t HowManyOldPassword_=5; uint64_t RefreshTokenLifeSpan_ = 90 * 24 * 60 * 60 ; + std::string HelperEmail_; + std::string SubHelperEmail_; + std::string GlobalHelperEmail_; + std::string GlobalSubHelperEmail_; + std::string HelperSite_; + std::string SubHelperSite_; + std::string SystemLoginSite_; + std::string SubSystemLoginSite_; + std::string UserSignature_; + std::string SubSignature_; + class SHA256Engine : public Poco::Crypto::DigestEngine { public: diff --git a/src/MessagingTemplates.cpp b/src/MessagingTemplates.cpp deleted file mode 100644 index 2352674..0000000 --- a/src/MessagingTemplates.cpp +++ /dev/null @@ -1,8 +0,0 @@ -// -// Created by stephane bourque on 2022-07-25. -// - -#include "MessagingTemplates.h" - -namespace OpenWifi { -} // OpenWifi \ No newline at end of file diff --git a/src/MessagingTemplates.h b/src/MessagingTemplates.h index fd06c75..a55b854 100644 --- a/src/MessagingTemplates.h +++ b/src/MessagingTemplates.h @@ -24,7 +24,14 @@ namespace OpenWifi { VERIFICATION_CODE, SUB_FORGOT_PASSWORD, SUB_EMAIL_VERIFICATION, - SUB_VERIFICATION_CODE + SUB_VERIFICATION_CODE, + CERTIFICATE_TRANSFER_NOTIFICATION, + CERTIFICATE_TRANSFER_AUTHORIZATION, + CERTIFICATE_DISPUTE_SUCCESS, + CERTIFICATE_DISPUTE_REJECTED, + CERTIFICATE_TRANSFER_CANCELED, + CERTIFICATE_TRANSFER_ACCEPTED, + CERTIFICATE_TRANSFER_REJECTED }; static std::string AddOperator(const std::string & filename, const std::string &OperatorName) { @@ -43,6 +50,13 @@ namespace OpenWifi { case SUB_FORGOT_PASSWORD: return AddOperator(EmailTemplateNames[SUB_FORGOT_PASSWORD],OperatorName); case SUB_EMAIL_VERIFICATION: return AddOperator(EmailTemplateNames[SUB_EMAIL_VERIFICATION],OperatorName); case SUB_VERIFICATION_CODE: return AddOperator(EmailTemplateNames[SUB_VERIFICATION_CODE],OperatorName); + case CERTIFICATE_TRANSFER_NOTIFICATION: return AddOperator(EmailTemplateNames[CERTIFICATE_TRANSFER_NOTIFICATION],OperatorName); + case CERTIFICATE_TRANSFER_AUTHORIZATION: return AddOperator(EmailTemplateNames[CERTIFICATE_TRANSFER_AUTHORIZATION],OperatorName); + case CERTIFICATE_DISPUTE_SUCCESS: return AddOperator(EmailTemplateNames[CERTIFICATE_DISPUTE_SUCCESS],OperatorName); + case CERTIFICATE_DISPUTE_REJECTED: return AddOperator(EmailTemplateNames[CERTIFICATE_DISPUTE_REJECTED],OperatorName); + case CERTIFICATE_TRANSFER_CANCELED: return AddOperator(EmailTemplateNames[CERTIFICATE_TRANSFER_CANCELED],OperatorName); + case CERTIFICATE_TRANSFER_ACCEPTED: return AddOperator(EmailTemplateNames[CERTIFICATE_TRANSFER_ACCEPTED],OperatorName); + case CERTIFICATE_TRANSFER_REJECTED: return AddOperator(EmailTemplateNames[CERTIFICATE_TRANSFER_REJECTED],OperatorName); default: return ""; } @@ -65,7 +79,14 @@ namespace OpenWifi { "verification_code", "sub_password_reset", "sub_email_verification", - "sub_verification_code" + "sub_verification_code", + "certificate_transfer_notification", + "certificate_transfer_authorization", + "certificate_dispute_success", + "certificate_dispute_rejected", + "certificate_transfer_canceled", + "certificate_transfer_accepted", + "certificate_transfer_rejected" }; }; diff --git a/src/RESTAPI/RESTAPI_action_links.cpp b/src/RESTAPI/RESTAPI_action_links.cpp index 0ceacac..5a78322 100644 --- a/src/RESTAPI/RESTAPI_action_links.cpp +++ b/src/RESTAPI/RESTAPI_action_links.cpp @@ -14,11 +14,21 @@ namespace OpenWifi { +#if defined(TIP_CERT_SERVICE) + bool ProcessExternalActionLinks(RESTAPIHandler &handler,const std::string &Id, const std::string &Action); +#endif + void RESTAPI_action_links::DoGet() { auto Action = GetParameter("action",""); auto Id = GetParameter("id",""); +#if defined(TIP_CERT_SERVICE) + if(!OpenWifi::ProcessExternalActionLinks(*this,Id,Action)) { + return; + } +#endif + SecurityObjects::ActionLink Link; if(!StorageService()->ActionLinksDB().GetActionLink(Id,Link)) return DoReturnA404(); @@ -52,11 +62,25 @@ namespace OpenWifi { return DoReturnA404(); } + void RESTAPI_action_links::AddGlobalVars(Types::StringPairVec & Vars) { + Vars.push_back(std::make_pair("USER_HELPER_EMAIL",AuthService()->HelperEmail())); + Vars.push_back(std::make_pair("SUB_HELPER_EMAIL",AuthService()->SubHelperEmail())); + Vars.push_back(std::make_pair("GLOBAL_USER_HELPER_EMAIL",AuthService()->GlobalHelperEmail())); + Vars.push_back(std::make_pair("GLOBAL_SUB_HELPER_EMAIL",AuthService()->GlobalSubHelperEmail())); + Vars.push_back(std::make_pair("USER_HELPER_SITE",AuthService()->HelperSite())); + Vars.push_back(std::make_pair("SUB_HELPER_SITE",AuthService()->SubHelperSite())); + Vars.push_back(std::make_pair("USER_SYSTEM_LOGIN",AuthService()->SystemLoginSite())); + Vars.push_back(std::make_pair("SUB_SYSTEM_LOGIN",AuthService()->SubSystemLoginSite())); + Vars.push_back(std::make_pair("USER_SIGNATURE",AuthService()->UserSignature())); + Vars.push_back(std::make_pair("SUB_SIGNATURE",AuthService()->SubSignature())); + } + void RESTAPI_action_links::RequestResetPassword(SecurityObjects::ActionLink &Link) { Logger_.information(fmt::format("REQUEST-PASSWORD-RESET({}): For ID={}", Request->clientAddress().toString(), Link.userId)); Poco::File FormFile{ Daemon()->AssetDir() + "/password_reset.html"}; Types::StringPairVec FormVars{ {"UUID", Link.id}, {"PASSWORD_VALIDATION", AuthService()->PasswordValidationExpression()}}; + AddGlobalVars(FormVars); SendHTMLFileBack(FormFile,FormVars); } @@ -65,6 +89,7 @@ namespace OpenWifi { Poco::File FormFile{ Daemon()->AssetDir() + "/sub_signup_verification.html"}; Types::StringPairVec FormVars{ {"UUID", Link.id}, {"PASSWORD_VALIDATION", AuthService()->PasswordValidationExpression()}}; + AddGlobalVars(FormVars); SendHTMLFileBack(FormFile,FormVars); } @@ -95,6 +120,7 @@ namespace OpenWifi { " accepted password creation restrictions. Please consult our on-line help" " to look at the our password policy. If you would like to contact us, please mention" " id(" + Id + ")"}}; + AddGlobalVars(FormVars); return SendHTMLFileBack(FormFile,FormVars); } @@ -105,6 +131,7 @@ namespace OpenWifi { Poco::File FormFile{ Daemon()->AssetDir() + "/password_reset_error.html"}; Types::StringPairVec FormVars{ {"UUID", Id}, {"ERROR_TEXT", "This request does not contain a valid user ID. Please contact your system administrator."}}; + AddGlobalVars(FormVars); return SendHTMLFileBack(FormFile,FormVars); } @@ -112,6 +139,7 @@ namespace OpenWifi { Poco::File FormFile{ Daemon()->AssetDir() + "/password_reset_error.html"}; Types::StringPairVec FormVars{ {"UUID", Id}, {"ERROR_TEXT", "Please contact our system administrators. We have identified an error in your account that must be resolved first."}}; + AddGlobalVars(FormVars); return SendHTMLFileBack(FormFile,FormVars); } @@ -120,6 +148,7 @@ namespace OpenWifi { Poco::File FormFile{ Daemon()->AssetDir() + "/password_reset_error.html"}; Types::StringPairVec FormVars{ {"UUID", Id}, {"ERROR_TEXT", "You cannot reuse one of your recent passwords."}}; + AddGlobalVars(FormVars); return SendHTMLFileBack(FormFile,FormVars); } @@ -133,6 +162,7 @@ namespace OpenWifi { Types::StringPairVec FormVars{ {"UUID", Id}, {"USERNAME", UInfo.email}, {"ACTION_LINK",MicroService::instance().GetUIURI()}}; + AddGlobalVars(FormVars); StorageService()->ActionLinksDB().CompleteAction(Id); SendHTMLFileBack(FormFile,FormVars); } else { @@ -167,6 +197,7 @@ namespace OpenWifi { " accepted password creation restrictions. Please consult our on-line help" " to look at the our password policy. If you would like to contact us, please mention" " id(" + Id + ")"}}; + AddGlobalVars(FormVars); return SendHTMLFileBack(FormFile,FormVars); } @@ -176,6 +207,7 @@ namespace OpenWifi { Poco::File FormFile{ Daemon()->AssetDir() + "/sub_signup_verification_error.html"}; Types::StringPairVec FormVars{ {"UUID", Id}, {"ERROR_TEXT", "This request does not contain a valid user ID. Please contact your system administrator."}}; + AddGlobalVars(FormVars); return SendHTMLFileBack(FormFile,FormVars); } @@ -183,6 +215,7 @@ namespace OpenWifi { Poco::File FormFile{ Daemon()->AssetDir() + "/sub_signup_verification_error.html"}; Types::StringPairVec FormVars{ {"UUID", Id}, {"ERROR_TEXT", "Please contact our system administrators. We have identified an error in your account that must be resolved first."}}; + AddGlobalVars(FormVars); return SendHTMLFileBack(FormFile,FormVars); } @@ -191,6 +224,7 @@ namespace OpenWifi { Poco::File FormFile{ Daemon()->AssetDir() + "/sub_signup_verification_error.html"}; Types::StringPairVec FormVars{ {"UUID", Id}, {"ERROR_TEXT", "You cannot reuse one of your recent passwords."}}; + AddGlobalVars(FormVars); return SendHTMLFileBack(FormFile,FormVars); } @@ -225,6 +259,7 @@ namespace OpenWifi { Response->stringify(ooo); Logger().information(fmt::format("({}): Completed subscriber e-mail verification. Provisioning notified, Error={}.", UInfo.email, Status)); + AddGlobalVars(FormVars); SendHTMLFileBack(FormFile,FormVars); Logger().information(fmt::format("({}): Completed subscriber e-mail verification. FORM notified.",UInfo.email)); } else { @@ -246,6 +281,7 @@ namespace OpenWifi { Types::StringPairVec FormVars{{"UUID", Link.id}, {"ERROR_TEXT", "This does not appear to be a valid email verification link.."}}; Poco::File FormFile{Daemon()->AssetDir() + "/email_verification_error.html"}; + AddGlobalVars(FormVars); return SendHTMLFileBack(FormFile, FormVars); } @@ -264,6 +300,7 @@ namespace OpenWifi { {"USERNAME", UInfo.email}, {"ACTION_LINK",MicroService::instance().GetUIURI()}}; Poco::File FormFile{Daemon()->AssetDir() + "/email_verification_success.html"}; + AddGlobalVars(FormVars); StorageService()->ActionLinksDB().CompleteAction(Link.id); SendHTMLFileBack(FormFile, FormVars); } @@ -271,6 +308,7 @@ namespace OpenWifi { void RESTAPI_action_links::DoReturnA404() { Types::StringPairVec FormVars; Poco::File FormFile{Daemon()->AssetDir() + "/404_error.html"}; + AddGlobalVars(FormVars); SendHTMLFileBack(FormFile, FormVars); } diff --git a/src/RESTAPI/RESTAPI_action_links.h b/src/RESTAPI/RESTAPI_action_links.h index e3a5f8a..bca3a24 100644 --- a/src/RESTAPI/RESTAPI_action_links.h +++ b/src/RESTAPI/RESTAPI_action_links.h @@ -30,6 +30,7 @@ namespace OpenWifi { void DoReturnA404(); void DoNewSubVerification(SecurityObjects::ActionLink &Link); void CompleteEmailInvitation(); + static void AddGlobalVars(Types::StringPairVec & Vars); void DoGet() final; void DoPost() final; diff --git a/src/RESTAPI/RESTAPI_oauth2_handler.cpp b/src/RESTAPI/RESTAPI_oauth2_handler.cpp index 886df1c..0f2c79c 100644 --- a/src/RESTAPI/RESTAPI_oauth2_handler.cpp +++ b/src/RESTAPI/RESTAPI_oauth2_handler.cpp @@ -12,11 +12,10 @@ #include "RESTAPI_oauth2_handler.h" #include "MFAServer.h" #include "framework/ow_constants.h" +#include "framework/MicroService.h" #include "StorageService.h" #include "RESTAPI_db_helpers.h" -#include "framework/MicroServiceFuncs.h" - namespace OpenWifi { void RESTAPI_oauth2_handler::DoGet() { @@ -100,7 +99,7 @@ namespace OpenWifi { SecurityObjects::ActionLink NewLink; NewLink.action = OpenWifi::SecurityObjects::LinkActions::FORGOT_PASSWORD; - NewLink.id = MicroServiceCreateUUID(); + NewLink.id = MicroService::CreateUUID(); NewLink.userId = UInfo1.id; NewLink.created = OpenWifi::Now(); NewLink.expires = NewLink.created + (24*60*60); @@ -147,33 +146,33 @@ namespace OpenWifi { SecurityObjects::UserInfoAndPolicy UInfo; bool Expired=false; auto Code=AuthService()->Authorize(userId, password, newPassword, UInfo, Expired); - if (Code==SUCCESS) { - Poco::JSON::Object ReturnObj; - if(AuthService()->RequiresMFA(UInfo)) { - if(MFAServer()->StartMFAChallenge(UInfo, ReturnObj)) { + switch(Code) { + case SUCCESS: + { + Poco::JSON::Object ReturnObj; + if(AuthService()->RequiresMFA(UInfo)) { + if(MFAServer()->StartMFAChallenge(UInfo, ReturnObj)) { + return ReturnObject(ReturnObj); + } + Logger_.warning("MFA Seems to be broken. Please fix. Disabling MFA checking for now."); + } + UInfo.webtoken.to_json(ReturnObj); return ReturnObject(ReturnObj); } - Logger_.warning("MFA Seems to be broken. Please fix. Disabling MFA checking for now."); - } - UInfo.webtoken.to_json(ReturnObj); - return ReturnObject(ReturnObj); - } else { - - switch(Code) { - case INVALID_CREDENTIALS: - return UnAuthorized(RESTAPI::Errors::INVALID_CREDENTIALS); - case PASSWORD_INVALID: - return UnAuthorized(RESTAPI::Errors::PASSWORD_INVALID); - case PASSWORD_ALREADY_USED: - return UnAuthorized(RESTAPI::Errors::PASSWORD_ALREADY_USED); - case USERNAME_PENDING_VERIFICATION: - return UnAuthorized(RESTAPI::Errors::USERNAME_PENDING_VERIFICATION); - case PASSWORD_CHANGE_REQUIRED: - return UnAuthorized(RESTAPI::Errors::PASSWORD_CHANGE_REQUIRED); - default: - return UnAuthorized(RESTAPI::Errors::INVALID_CREDENTIALS); - } - return; + case INVALID_CREDENTIALS: + return UnAuthorized(RESTAPI::Errors::INVALID_CREDENTIALS); + case PASSWORD_INVALID: + return UnAuthorized(RESTAPI::Errors::PASSWORD_INVALID); + case PASSWORD_ALREADY_USED: + return UnAuthorized(RESTAPI::Errors::PASSWORD_ALREADY_USED); + case USERNAME_PENDING_VERIFICATION: + return UnAuthorized(RESTAPI::Errors::USERNAME_PENDING_VERIFICATION); + case PASSWORD_CHANGE_REQUIRED: + return UnAuthorized(RESTAPI::Errors::PASSWORD_CHANGE_REQUIRED); + case ACCOUNT_SUSPENDED: + return UnAuthorized(RESTAPI::Errors::ACCOUNT_SUSPENDED); + default: + return UnAuthorized(RESTAPI::Errors::INVALID_CREDENTIALS); } } } \ No newline at end of file diff --git a/src/RESTAPI/RESTAPI_suboauth2_handler.cpp b/src/RESTAPI/RESTAPI_suboauth2_handler.cpp index 2781c98..a7ad358 100644 --- a/src/RESTAPI/RESTAPI_suboauth2_handler.cpp +++ b/src/RESTAPI/RESTAPI_suboauth2_handler.cpp @@ -133,32 +133,33 @@ namespace OpenWifi { SecurityObjects::UserInfoAndPolicy UInfo; bool Expired=false; auto Code=AuthService()->AuthorizeSub(userId, password, newPassword, UInfo, Expired); - if (Code==SUCCESS) { - Poco::JSON::Object ReturnObj; - if(AuthService()->RequiresMFA(UInfo)) { - if(MFAServer()->StartMFAChallenge(UInfo, ReturnObj)) { - return ReturnObject(ReturnObj); + switch(Code) { + case SUCCESS: + { + Poco::JSON::Object ReturnObj; + if(AuthService()->RequiresMFA(UInfo)) { + if(MFAServer()->StartMFAChallenge(UInfo, ReturnObj)) { + return ReturnObject(ReturnObj); + } + Logger_.warning("MFA Seems to be broken. Please fix. Disabling MFA checking for now."); } - Logger_.warning("MFA Seems to be broken. Please fix. Disabling MFA checking for now."); + UInfo.webtoken.to_json(ReturnObj); + return ReturnObject(ReturnObj); } - UInfo.webtoken.to_json(ReturnObj); - return ReturnObject(ReturnObj); - } else { - switch(Code) { - case INVALID_CREDENTIALS: - return UnAuthorized(RESTAPI::Errors::INVALID_CREDENTIALS); - case PASSWORD_INVALID: - return UnAuthorized(RESTAPI::Errors::PASSWORD_INVALID); - case PASSWORD_ALREADY_USED: - return UnAuthorized(RESTAPI::Errors::PASSWORD_ALREADY_USED); - case USERNAME_PENDING_VERIFICATION: - return UnAuthorized(RESTAPI::Errors::USERNAME_PENDING_VERIFICATION); - case PASSWORD_CHANGE_REQUIRED: - return UnAuthorized(RESTAPI::Errors::PASSWORD_CHANGE_REQUIRED); - default: - return UnAuthorized(RESTAPI::Errors::INVALID_CREDENTIALS); break; - } - return; + case INVALID_CREDENTIALS: + return UnAuthorized(RESTAPI::Errors::INVALID_CREDENTIALS); + case PASSWORD_INVALID: + return UnAuthorized(RESTAPI::Errors::PASSWORD_INVALID); + case PASSWORD_ALREADY_USED: + return UnAuthorized(RESTAPI::Errors::PASSWORD_ALREADY_USED); + case USERNAME_PENDING_VERIFICATION: + return UnAuthorized(RESTAPI::Errors::USERNAME_PENDING_VERIFICATION); + case PASSWORD_CHANGE_REQUIRED: + return UnAuthorized(RESTAPI::Errors::PASSWORD_CHANGE_REQUIRED); + case ACCOUNT_SUSPENDED: + return UnAuthorized(RESTAPI::Errors::ACCOUNT_SUSPENDED); + default: + return UnAuthorized(RESTAPI::Errors::INVALID_CREDENTIALS); } } } \ No newline at end of file diff --git a/src/RESTAPI/RESTAPI_validate_apikey.cpp b/src/RESTAPI/RESTAPI_validate_apikey.cpp index 41854eb..7029f46 100644 --- a/src/RESTAPI/RESTAPI_validate_apikey.cpp +++ b/src/RESTAPI/RESTAPI_validate_apikey.cpp @@ -15,13 +15,16 @@ namespace OpenWifi { // can we find this token? SecurityObjects::UserInfoAndPolicy SecObj; bool Expired = false; + bool Suspended = false; std::uint64_t expiresOn=0; - if (AuthService()->IsValidApiKey(i.second, SecObj.webtoken, SecObj.userinfo, Expired, expiresOn)) { + if (AuthService()->IsValidApiKey(i.second, SecObj.webtoken, SecObj.userinfo, Expired, expiresOn, Suspended)) { Poco::JSON::Object Answer; SecObj.to_json(Answer); Answer.set("expiresOn", expiresOn); return ReturnObject(Answer); } + if(Suspended) + return UnAuthorized(RESTAPI::Errors::ACCOUNT_SUSPENDED); return UnAuthorized(RESTAPI::Errors::ACCESS_DENIED); } } diff --git a/src/SMTPMailerService.cpp b/src/SMTPMailerService.cpp index e29ec75..7bc2232 100644 --- a/src/SMTPMailerService.cpp +++ b/src/SMTPMailerService.cpp @@ -40,6 +40,22 @@ namespace OpenWifi { } } + void SMTPMailerService::AddUserVars(MessageAttributes & Attrs) { + Attrs[USER_HELPER_EMAIL] = AuthService()->HelperEmail(); + Attrs[USER_SYSTEM_LOGIN] = AuthService()->SystemLoginSite(); + Attrs[USER_HELPER_SITE] = AuthService()->HelperSite(); + Attrs[GLOBAL_USER_HELPER_EMAIL] = AuthService()->GlobalHelperEmail(); + Attrs[USER_SIGNATURE] = AuthService()->UserSignature(); + } + + void SMTPMailerService::AddSubVars(MessageAttributes & Attrs) { + Attrs[SUB_HELPER_EMAIL] = AuthService()->SubHelperEmail(); + Attrs[SUB_SYSTEM_LOGIN] = AuthService()->SubSystemLoginSite(); + Attrs[SUB_HELPER_SITE] = AuthService()->SubHelperSite(); + Attrs[GLOBAL_SUB_HELPER_EMAIL] = AuthService()->GlobalSubHelperEmail(); + Attrs[SUB_SIGNATURE] = AuthService()->SubSignature(); + } + int SMTPMailerService::Start() { LoadMyConfig(); SenderThr_.start(*this); diff --git a/src/SMTPMailerService.h b/src/SMTPMailerService.h index bf4d012..a88ddb9 100644 --- a/src/SMTPMailerService.h +++ b/src/SMTPMailerService.h @@ -27,26 +27,63 @@ namespace OpenWifi { TEXT, CHALLENGE_CODE, SENDER, - ACTION_LINK_HTML + ACTION_LINK_HTML, + USER_HELPER_EMAIL, + SUB_HELPER_EMAIL, + GLOBAL_USER_HELPER_EMAIL, + GLOBAL_SUB_HELPER_EMAIL, + USER_HELPER_SITE, + SUB_HELPER_SITE, + USER_SYSTEM_LOGIN, + SUB_SYSTEM_LOGIN, + USER_SIGNATURE, + SUB_SIGNATURE, + TRANSFER_REQUESTER, + TRANSFER_ENTITY, + ORIGINAL_REDIRECTOR, + NEW_REDIRECTOR, + TRANSFER_REASON, + SERIAL_NUMBER, + ORIGINAL_ENTITY_NAME, + UUID }; static const std::map - MessageAttributeMap{ { RECIPIENT_EMAIL,"RECIPIENT_EMAIL"}, - { RECIPIENT_FIRST_NAME, "RECIPIENT_FIRST_NAME"}, - { RECIPIENT_LAST_NAME, "RECIPIENT_LAST_NAME"}, - { RECIPIENT_INITIALS, "RECIPIENT_INITIALS"}, - { RECIPIENT_FULL_NAME, "RECIPIENT_FULL_NAME"}, - { RECIPIENT_SALUTATION, "RECIPIENT_SALUTATION"}, - { ACTION_LINK, "ACTION_LINK"}, - { SUBJECT, "SUBJECT"}, - { TEMPLATE_TXT, "TEMPLATE_TXT"}, - { TEMPLATE_HTML, "TEMPLATE_HTML"}, - { LOGO, "LOGO"}, - { TEXT, "TEXT"}, - { CHALLENGE_CODE, "CHALLENGE_CODE"}, - { SENDER, "SENDER"}, - { ACTION_LINK_HTML, "ACTION_LINK_HTML"}, - }; + MessageAttributeMap{ + { RECIPIENT_EMAIL,"RECIPIENT_EMAIL"}, + { RECIPIENT_FIRST_NAME, "RECIPIENT_FIRST_NAME"}, + { RECIPIENT_LAST_NAME, "RECIPIENT_LAST_NAME"}, + { RECIPIENT_INITIALS, "RECIPIENT_INITIALS"}, + { RECIPIENT_FULL_NAME, "RECIPIENT_FULL_NAME"}, + { RECIPIENT_SALUTATION, "RECIPIENT_SALUTATION"}, + { ACTION_LINK, "ACTION_LINK"}, + { SUBJECT, "SUBJECT"}, + { TEMPLATE_TXT, "TEMPLATE_TXT"}, + { TEMPLATE_HTML, "TEMPLATE_HTML"}, + { LOGO, "LOGO"}, + { TEXT, "TEXT"}, + { CHALLENGE_CODE, "CHALLENGE_CODE"}, + { SENDER, "SENDER"}, + { ACTION_LINK_HTML, "SUB_SYSTEM_LOGIN"}, + { USER_HELPER_EMAIL, "USER_HELPER_EMAIL"}, + { SUB_HELPER_EMAIL, "SUB_HELPER_EMAIL"}, + { GLOBAL_USER_HELPER_EMAIL, "GLOBAL_USER_HELPER_EMAIL"}, + { GLOBAL_SUB_HELPER_EMAIL, "GLOBAL_SUB_HELPER_EMAIL"}, + { USER_HELPER_SITE, "USER_HELPER_SITE"}, + { SUB_HELPER_SITE, "SUB_USER_HELPER_SITE"}, + { USER_SYSTEM_LOGIN, "USER_SYSTEM_LOGIN"}, + { SUB_SYSTEM_LOGIN, "SUB_SYSTEM_LOGIN"}, + { USER_SIGNATURE, "USER_SIGNATURE" }, + { SUB_SIGNATURE, "SUB_USER_SIGNATURE"}, + { TRANSFER_REQUESTER, "TRANSFER_REQUESTER" }, + { TRANSFER_ENTITY, "TRANSFER_ENTITY"}, + { ORIGINAL_REDIRECTOR, "ORIGINAL_REDIRECTOR"}, + { NEW_REDIRECTOR, "NEW_REDIRECTOR" }, + { TRANSFER_REASON, "TRANSFER_REASON"}, + { SERIAL_NUMBER, "SERIAL_NUMBER"}, + { ORIGINAL_ENTITY_NAME, "ORIGINAL_ENTITY_NAME"}, + { UUID, "UUID" } + }; inline const std::string & MessageAttributeToVar(MESSAGE_ATTRIBUTES Attr) { static const std::string EmptyString{}; @@ -89,6 +126,9 @@ namespace OpenWifi { void reinitialize(Poco::Util::Application &self) override; bool Enabled() const { return Enabled_; } + void AddUserVars(MessageAttributes & Attrs); + void AddSubVars(MessageAttributes & Attrs); + private: std::string MailHost_; std::string Sender_; diff --git a/src/framework/AuthClient.cpp b/src/framework/AuthClient.cpp index 64c33a5..24c498d 100644 --- a/src/framework/AuthClient.cpp +++ b/src/framework/AuthClient.cpp @@ -76,7 +76,7 @@ namespace OpenWifi { bool AuthClient::RetrieveApiKeyInformation(const std::string & SessionToken, SecurityObjects::UserInfoAndPolicy & UInfo, std::uint64_t TID, - bool & Expired, bool & Contacted) { + bool & Expired, bool & Contacted, [[maybe_unused]] bool & Suspended) { try { Types::StringPairVec QueryData; QueryData.push_back(std::make_pair("apikey",SessionToken)); @@ -113,7 +113,7 @@ namespace OpenWifi { } bool AuthClient::IsValidApiKey(const std::string &SessionToken, SecurityObjects::UserInfoAndPolicy &UInfo, - std::uint64_t TID, bool &Expired, bool &Contacted) { + std::uint64_t TID, bool &Expired, bool &Contacted, bool & Suspended) { auto User = ApiKeyCache_.get(SessionToken); if (!User.isNull()) { if(User->ExpiresOn < Utils::Now()) { @@ -123,7 +123,7 @@ namespace OpenWifi { } ApiKeyCache_.remove(SessionToken); } - return RetrieveApiKeyInformation(SessionToken, UInfo, TID, Expired, Contacted); + return RetrieveApiKeyInformation(SessionToken, UInfo, TID, Expired, Contacted, Suspended); } } // namespace OpenWifi \ No newline at end of file diff --git a/src/framework/AuthClient.h b/src/framework/AuthClient.h index 44f16db..0ff4f6c 100644 --- a/src/framework/AuthClient.h +++ b/src/framework/AuthClient.h @@ -57,7 +57,7 @@ namespace OpenWifi { bool RetrieveApiKeyInformation(const std::string & SessionToken, SecurityObjects::UserInfoAndPolicy & UInfo, std::uint64_t TID, - bool & Expired, bool & Contacted); + bool & Expired, bool & Contacted, bool & Suspended); bool IsAuthorized(const std::string &SessionToken, SecurityObjects::UserInfoAndPolicy & UInfo, std::uint64_t TID, @@ -65,7 +65,7 @@ namespace OpenWifi { bool IsValidApiKey(const std::string &SessionToken, SecurityObjects::UserInfoAndPolicy & UInfo, std::uint64_t TID, - bool & Expired, bool & Contacted); + bool & Expired, bool & Contacted, bool & Suspended) ; private: diff --git a/src/framework/RESTAPI_Handler.h b/src/framework/RESTAPI_Handler.h index 17e73de..4c72497 100644 --- a/src/framework/RESTAPI_Handler.h +++ b/src/framework/RESTAPI_Handler.h @@ -705,11 +705,12 @@ namespace OpenWifi { return Allowed; } else if(!Internal_ && Request->has("X-API-KEY")) { SessionToken_ = Request->get("X-API-KEY", ""); + bool suspended=false; #ifdef TIP_SECURITY_SERVICE std::uint64_t expiresOn; - if (AuthService()->IsValidApiKey(SessionToken_, UserInfo_.webtoken, UserInfo_.userinfo, Expired, expiresOn)) { + if (AuthService()->IsValidApiKey(SessionToken_, UserInfo_.webtoken, UserInfo_.userinfo, Expired, expiresOn, suspended)) { #else - if (AuthClient()->IsValidApiKey( SessionToken_, UserInfo_, TransactionId_, Expired, Contacted)) { + if (AuthClient()->IsValidApiKey( SessionToken_, UserInfo_, TransactionId_, Expired, Contacted, suspended)) { #endif REST_Requester_ = UserInfo_.userinfo.email; if(Server_.LogIt(Request->getMethod(),true)) { diff --git a/src/framework/orm.h b/src/framework/orm.h index 744cf1f..347b1ad 100644 --- a/src/framework/orm.h +++ b/src/framework/orm.h @@ -139,7 +139,7 @@ namespace ORM { return Result; } - template std::string WHERE_AND_(std::string Result, const char *fieldName, const T &Value, Args... args) { + template std::string WHERE_AND_(std::string Result, const char *fieldName, const T & Value, Args... args) { if constexpr(std::is_same_v) { if(!Value.empty()) { @@ -152,6 +152,24 @@ namespace ORM { Result += "'"; } return WHERE_AND_(Result,args...); + } else if constexpr(std::is_same_v) { + if(*Value!=0) { + if(!Result.empty()) + Result += " and "; + Result += fieldName; + Result += '='; + Result += "'"; + Result += Escape(Value); + Result += "'"; + } + return WHERE_AND_(Result,args...); + } else if constexpr (std::is_same_v) { + if(!Result.empty()) + Result += " and "; + Result += fieldName; + Result += '='; + Result += Value ? "true" : "false"; + return WHERE_AND_(Result,args...); } else if constexpr (std::is_arithmetic_v) { if(!Result.empty()) Result += " and "; @@ -159,6 +177,8 @@ namespace ORM { Result += '='; Result += std::to_string(Value); return WHERE_AND_(Result,args...); + } else { + assert(false); } return WHERE_AND_(Result,args...); } diff --git a/src/framework/ow_constants.h b/src/framework/ow_constants.h index e62ffcf..cc9146a 100644 --- a/src/framework/ow_constants.h +++ b/src/framework/ow_constants.h @@ -35,7 +35,8 @@ namespace OpenWifi { BAD_MFA_TRANSACTION, MFA_FAILURE, SECURITY_SERVICE_UNREACHABLE, - CANNOT_REFRESH_TOKEN + CANNOT_REFRESH_TOKEN, + ACCOUNT_SUSPENDED }; } @@ -58,6 +59,7 @@ namespace OpenWifi::RESTAPI::Errors { static const struct msg MFA_FAILURE{12,"MFA failure."}; static const struct msg SECURITY_SERVICE_UNREACHABLE{13,"Security service is unreachable, try again later."}; static const struct msg CANNOT_REFRESH_TOKEN{14,"Cannot refresh token."}; + static const struct msg ACCOUNT_SUSPENDED{15,"Account has been suspended."}; static const struct msg MissingUUID{1000,"Missing UUID."}; static const struct msg MissingSerialNumber{1001,"Missing Serial Number."}; @@ -240,6 +242,15 @@ namespace OpenWifi::RESTAPI::Errors { static const struct msg RelocationDisabledForThisDevice{1159,"Relocation disabled for this device."}; static const struct msg CannotModifyServerCertificates{1160,"Server certificates cannot be modified."}; + static const struct msg TransferNotInDispute{1161,"The specified transfer is not being disputed."}; + static const struct msg MissingComment{1162,"Missing comment."}; + static const struct msg EntityNotAllowedToTransfer{1163,"Entity is not allowed to transfer devices."}; + static const struct msg DailyTransferQuotaExceeded{1164,"Entity has exceeded its daily quota."}; + static const struct msg CertificateWasNotRevoked{1165,"Certificate was not revoked, so it may not be re-created."}; + static const struct msg CertificateTransferNoLongerExists{1166,"The device certificate associated with this transfer no longer seem to exist."}; + static const struct msg CertificateTransferEntityNoLongerExists{1167,"The entity tied to this transfer no longer seems to exist."}; + static const struct msg CannotRollBackDueToDigiCert{1168,"The change could not be rolled back at this time. Please try later."}; + static const struct msg CertificateTransferAlreadyRolledBack{1169,"The certificate has already been rolled back."}; } @@ -493,6 +504,7 @@ namespace OpenWifi::uCentralProtocol::Events { static const char *TELEMETRY = "telemetry"; static const char *DEVICEUPDATE = "deviceupdate"; static const char *VENUE_BROADCAST = "venue_broadcast"; + static const char *ALARM = "alarm"; enum EVENT_MSG { ET_UNKNOWN, @@ -506,7 +518,10 @@ namespace OpenWifi::uCentralProtocol::Events { ET_RECOVERY, ET_DEVICEUPDATE, ET_TELEMETRY, - ET_VENUEBROADCAST + ET_VENUEBROADCAST, + ET_EVENT, + ET_WIFISCAN, + ET_ALARM }; inline EVENT_MSG EventFromString(const std::string & Method) { @@ -532,7 +547,13 @@ namespace OpenWifi::uCentralProtocol::Events { return ET_TELEMETRY; else if(strcmp(VENUE_BROADCAST,Method.c_str())==0) return ET_VENUEBROADCAST; - return ET_UNKNOWN; + else if(strcmp(EVENT,Method.c_str())==0) + return ET_EVENT; + else if(strcmp(WIFISCAN,Method.c_str())==0) + return ET_WIFISCAN; + else if(strcmp(ALARM,Method.c_str())==0) + return ET_WIFISCAN; + return ET_ALARM; }; }