diff --git a/build b/build index 9d60796..ca7bf83 100644 --- a/build +++ b/build @@ -1 +1 @@ -11 \ No newline at end of file +13 \ No newline at end of file diff --git a/src/AuthService.cpp b/src/AuthService.cpp index 4524d3e..e3254e9 100644 --- a/src/AuthService.cpp +++ b/src/AuthService.cpp @@ -8,15 +8,17 @@ #include +#include "framework/MicroService.h" +#include "framework/KafkaTopics.h" + #include "Poco/Net/OAuth20Credentials.h" #include "Poco/JWT/Token.h" #include "Poco/JWT/Signer.h" #include "Poco/StringTokenizer.h" -#include "framework/MicroService.h" #include "StorageService.h" #include "AuthService.h" -#include "framework/KafkaTopics.h" + #include "SMTPMailerService.h" #include "MFAServer.h" @@ -142,18 +144,20 @@ namespace OpenWifi { return false; } - bool AuthService::IsAuthorized(Poco::Net::HTTPServerRequest & Request, std::string & SessionToken, SecurityObjects::UserInfoAndPolicy & UInfo, bool & Expired ) + bool AuthService::IsAuthorized(Poco::Net::HTTPServerRequest & Request, std::string & SessionToken, SecurityObjects::UserInfoAndPolicy & UInfo, std::uint64_t TID, bool & Expired ) { - std::lock_guard Guard(Mutex_); + // std::lock_guard Guard(Mutex_); + std::string CallToken; Expired = false; + try { - std::string CallToken; Poco::Net::OAuth20Credentials Auth(Request); if (Auth.getScheme() == "Bearer") { CallToken = Auth.getBearerToken(); } if(CallToken.empty()) { + poco_debug(Logger(), fmt::format("TokenValidation failed for TID={} Token={}", TID, CallToken)); return false; } @@ -161,35 +165,40 @@ namespace OpenWifi { uint64_t RevocationDate=0; std::string UserId; if(StorageService()->UserTokenDB().GetToken(CallToken, WT, UserId, RevocationDate)) { - if(RevocationDate!=0) + if(RevocationDate!=0) { + poco_debug(Logger(), fmt::format("TokenValidation failed for TID={} Token={}", TID, CallToken)); return false; + } auto now=OpenWifi::Now(); Expired = (WT.created_ + WT.expires_in_) < now; if(StorageService()->UserDB().GetUserById(UserId,UInfo.userinfo)) { UInfo.webtoken = WT; SessionToken = CallToken; + poco_debug(Logger(), fmt::format("TokenValidation success for TID={} Token={}", TID, CallToken)); return true; } } - return false; } catch(const Poco::Exception &E) { Logger().log(E); } + poco_debug(Logger(), fmt::format("TokenValidation failed for TID={} Token={}", TID, CallToken)); return false; } - bool AuthService::IsSubAuthorized(Poco::Net::HTTPServerRequest & Request, std::string & SessionToken, SecurityObjects::UserInfoAndPolicy & UInfo, bool & Expired ) + bool AuthService::IsSubAuthorized(Poco::Net::HTTPServerRequest & Request, std::string & SessionToken, SecurityObjects::UserInfoAndPolicy & UInfo, std::uint64_t TID, bool & Expired ) { - std::lock_guard Guard(Mutex_); + // std::lock_guard Guard(Mutex_); + + std::string CallToken; Expired = false; try { - std::string CallToken; Poco::Net::OAuth20Credentials Auth(Request); if (Auth.getScheme() == "Bearer") { CallToken = Auth.getBearerToken(); } if(CallToken.empty()) { + poco_debug(Logger(), fmt::format("TokenValidation failed for TID={} Token={}", TID, CallToken)); return false; } @@ -197,20 +206,23 @@ namespace OpenWifi { uint64_t RevocationDate=0; std::string UserId; if(StorageService()->SubTokenDB().GetToken(CallToken, WT, UserId, RevocationDate)) { - if(RevocationDate!=0) + if(RevocationDate!=0) { + poco_debug(Logger(), fmt::format("TokenValidation failed for TID={} Token={}", TID, CallToken)); return false; + } auto now=OpenWifi::Now(); Expired = (WT.created_ + WT.expires_in_) < now; if(StorageService()->SubDB().GetUserById(UserId,UInfo.userinfo)) { UInfo.webtoken = WT; SessionToken = CallToken; + poco_debug(Logger(), fmt::format("TokenValidation success for TID={} Token={}", TID, CallToken)); return true; } } - return false; } catch(const Poco::Exception &E) { Logger().log(E); } + poco_debug(Logger(), fmt::format("TokenValidation failed for TID={} Token={}", TID, CallToken)); return false; } diff --git a/src/AuthService.h b/src/AuthService.h index cc1ee59..0c3323c 100644 --- a/src/AuthService.h +++ b/src/AuthService.h @@ -11,6 +11,8 @@ #include +#include "framework/MicroService.h" + #include "Poco/JSON/Object.h" #include "Poco/Net/HTTPServerRequest.h" #include "Poco/Net/HTTPServerResponse.h" @@ -20,7 +22,6 @@ #include "Poco/HMACEngine.h" #include "Poco/ExpireLRUCache.h" -#include "framework/MicroService.h" #include "RESTObjects/RESTAPI_SecurityObjects.h" #include "MessagingTemplates.h" @@ -48,14 +49,14 @@ namespace OpenWifi{ int Start() override; void Stop() override; - [[nodiscard]] bool IsAuthorized(Poco::Net::HTTPServerRequest & Request,std::string &SessionToken, SecurityObjects::UserInfoAndPolicy & UInfo, bool & Expired); + [[nodiscard]] bool IsAuthorized(Poco::Net::HTTPServerRequest & Request,std::string &SessionToken, SecurityObjects::UserInfoAndPolicy & UInfo, std::uint64_t TID, bool & Expired); [[nodiscard]] UNAUTHORIZED_REASON Authorize( std::string & UserName, const std::string & Password, const std::string & NewPassword, SecurityObjects::UserInfoAndPolicy & UInfo, bool & Expired ); void CreateToken(const std::string & UserName, SecurityObjects::UserInfoAndPolicy &UInfo); [[nodiscard]] bool SetPassword(const std::string &Password, SecurityObjects::UserInfo & UInfo); [[nodiscard]] const std:: string & PasswordValidationExpression() const { return PasswordValidationStr_;}; void Logout(const std::string &token, bool EraseFromCache=true); - [[nodiscard]] bool IsSubAuthorized(Poco::Net::HTTPServerRequest & Request,std::string &SessionToken, SecurityObjects::UserInfoAndPolicy & UInfo, bool & Expired); + [[nodiscard]] bool IsSubAuthorized(Poco::Net::HTTPServerRequest & Request,std::string &SessionToken, SecurityObjects::UserInfoAndPolicy & UInfo, std::uint64_t TID, bool & Expired); [[nodiscard]] UNAUTHORIZED_REASON AuthorizeSub( std::string & UserName, const std::string & Password, const std::string & NewPassword, SecurityObjects::UserInfoAndPolicy & UInfo, bool & Expired ); void CreateSubToken(const std::string & UserName, SecurityObjects::UserInfoAndPolicy &UInfo); [[nodiscard]] bool SetSubPassword(const std::string &Password, SecurityObjects::UserInfo & UInfo); @@ -155,11 +156,11 @@ namespace OpenWifi{ inline auto AuthService() { return AuthService::instance(); } - [[nodiscard]] inline bool AuthServiceIsAuthorized(Poco::Net::HTTPServerRequest & Request,std::string &SessionToken, SecurityObjects::UserInfoAndPolicy & UInfo , bool & Expired, bool Sub ) { + [[nodiscard]] inline bool AuthServiceIsAuthorized(Poco::Net::HTTPServerRequest & Request,std::string &SessionToken, SecurityObjects::UserInfoAndPolicy & UInfo , std::uint64_t TID, bool & Expired, bool Sub ) { if(Sub) - return AuthService()->IsSubAuthorized(Request, SessionToken, UInfo, Expired ); + return AuthService()->IsSubAuthorized(Request, SessionToken, UInfo, TID, Expired ); else - return AuthService()->IsAuthorized(Request, SessionToken, UInfo, Expired ); + return AuthService()->IsAuthorized(Request, SessionToken, UInfo, TID, Expired ); } } // end of namespace diff --git a/src/Daemon.h b/src/Daemon.h index d76d428..4c3bd9a 100644 --- a/src/Daemon.h +++ b/src/Daemon.h @@ -10,6 +10,8 @@ #include #include +#include "framework/MicroService.h" + #include "Poco/Util/Application.h" #include "Poco/Util/ServerApplication.h" #include "Poco/Util/Option.h" @@ -20,7 +22,6 @@ #include "Poco/Crypto/CipherFactory.h" #include "Poco/Crypto/Cipher.h" -#include "framework/MicroService.h" namespace OpenWifi { diff --git a/src/MFAServer.cpp b/src/MFAServer.cpp index 9d952c4..1b8ac93 100644 --- a/src/MFAServer.cpp +++ b/src/MFAServer.cpp @@ -2,10 +2,11 @@ // Created by stephane bourque on 2021-10-11. // +#include "framework/MicroService.h" + #include "MFAServer.h" #include "SMSSender.h" #include "SMTPMailerService.h" -#include "framework/MicroService.h" #include "AuthService.h" #include "TotpCache.h" diff --git a/src/SMSSender.cpp b/src/SMSSender.cpp index 04faf98..40d64b6 100644 --- a/src/SMSSender.cpp +++ b/src/SMSSender.cpp @@ -2,16 +2,14 @@ // Created by stephane bourque on 2021-10-09. // -#include -#include #include -#include + +#include "framework/MicroService.h" #include "MFAServer.h" #include "SMS_provider_aws.h" #include "SMS_provider_twilio.h" #include "SMSSender.h" -#include "framework/MicroService.h" namespace OpenWifi { diff --git a/src/SMS_provider_twilio.cpp b/src/SMS_provider_twilio.cpp index 6ed9eb1..6376d07 100644 --- a/src/SMS_provider_twilio.cpp +++ b/src/SMS_provider_twilio.cpp @@ -4,12 +4,13 @@ #include "SMS_provider_twilio.h" +#include "framework/MicroService.h" + #include "Poco/Net/HTTPBasicCredentials.h" #include "Poco/URI.h" #include "Poco/Net/HTMLForm.h" #include "Poco/Net/HTTPSClientSession.h" #include "Poco/Net/HTTPResponse.h" -#include "framework/MicroService.h" namespace OpenWifi { bool SMS_provider_twilio::Initialize() { diff --git a/src/SMTPMailerService.cpp b/src/SMTPMailerService.cpp index 2f0040e..588e549 100644 --- a/src/SMTPMailerService.cpp +++ b/src/SMTPMailerService.cpp @@ -2,7 +2,8 @@ // Created by stephane bourque on 2021-06-17. // #include -#include + +#include "framework/MicroService.h" #include "Poco/Net/MailMessage.h" #include "Poco/Net/MailRecipient.h" @@ -15,7 +16,6 @@ #include "Poco/Net/NetException.h" #include "SMTPMailerService.h" -#include "framework/MicroService.h" #include "AuthService.h" namespace OpenWifi { diff --git a/src/StorageService.cpp b/src/StorageService.cpp index 3a8b944..194cb05 100644 --- a/src/StorageService.cpp +++ b/src/StorageService.cpp @@ -57,9 +57,10 @@ namespace OpenWifi { } void StorageService::Stop() { - Logger().notice("Stopping."); + Logger().notice("Stopping..."); Timer_.stop(); StorageClass::Stop(); + Logger().notice("Stopped..."); } void Archiver::onTimer([[maybe_unused]] Poco::Timer &timer) { diff --git a/src/TotpCache.h b/src/TotpCache.h index 1034f20..52ae1e3 100644 --- a/src/TotpCache.h +++ b/src/TotpCache.h @@ -6,6 +6,7 @@ #define OWSEC_TOTPCACHE_H #include "framework/MicroService.h" + #include "seclibs/cpptotp/bytes.h" #include "seclibs/qrcode/qrcodegen.hpp" #include "seclibs/cpptotp/otp.h" diff --git a/src/framework/MicroService.h b/src/framework/MicroService.h index 9c520a1..13d3f53 100644 --- a/src/framework/MicroService.h +++ b/src/framework/MicroService.h @@ -2882,12 +2882,13 @@ namespace OpenWifi { } inline void Stop() override { + poco_information(Logger(),"Stopping..."); std::lock_guard G(Mutex_); Cache_.clear(); + poco_information(Logger(),"Stopped..."); } inline void RemovedCachedToken(const std::string &Token) { - std::lock_guard G(Mutex_); Cache_.remove(Token); } @@ -2897,6 +2898,7 @@ namespace OpenWifi { inline bool RetrieveTokenInformation(const std::string & SessionToken, SecurityObjects::UserInfoAndPolicy & UInfo, + std::uint64_t TID, bool & Expired, bool & Contacted, bool Sub=false) { try { Types::StringPairVec QueryData; @@ -2922,7 +2924,6 @@ namespace OpenWifi { return false; } Expired = false; - std::lock_guard G(Mutex_); Cache_.update(SessionToken, UInfo); return true; } else { @@ -2930,14 +2931,15 @@ namespace OpenWifi { } } } catch (...) { + poco_error(Logger(),fmt::format("Failed to retrieve token={} for TID={}", SessionToken, TID)); } Expired = false; return false; } inline bool IsAuthorized(const std::string &SessionToken, SecurityObjects::UserInfoAndPolicy & UInfo, + std::uint64_t TID, bool & Expired, bool & Contacted, bool Sub = false) { - std::lock_guard G(Mutex_); auto User = Cache_.get(SessionToken); if(!User.isNull()) { if(IsTokenExpired(User->webtoken)) { @@ -2948,7 +2950,7 @@ namespace OpenWifi { UInfo = *User; return true; } - return RetrieveTokenInformation(SessionToken, UInfo, Expired, Contacted, Sub); + return RetrieveTokenInformation(SessionToken, UInfo, TID, Expired, Contacted, Sub); } private: @@ -4776,7 +4778,7 @@ namespace OpenWifi { } #ifdef TIP_SECURITY_SERVICE - [[nodiscard]] bool AuthServiceIsAuthorized(Poco::Net::HTTPServerRequest & Request,std::string &SessionToken, SecurityObjects::UserInfoAndPolicy & UInfo, bool & Expired , bool Sub ); + [[nodiscard]] bool AuthServiceIsAuthorized(Poco::Net::HTTPServerRequest & Request,std::string &SessionToken, SecurityObjects::UserInfoAndPolicy & UInfo, std::uint64_t TID, bool & Expired , bool Sub ); #endif inline bool RESTAPIHandler::IsAuthorized( bool & Expired , [[maybe_unused]] bool & Contacted , bool Sub ) { if(Internal_ && Request->has("X-INTERNAL-NAME")) { @@ -4784,17 +4786,20 @@ namespace OpenWifi { Contacted = true; if(!Allowed) { if(Server_.LogBadTokens(false)) { - poco_debug(Logger_,fmt::format("I-REQ-DENIED({}): Method={} Path={}", - Utils::FormatIPv6(Request->clientAddress().toString()), - Request->getMethod(), Request->getURI())); + poco_debug(Logger_,fmt::format("I-REQ-DENIED({}): TID={} Method={} Path={}", + Utils::FormatIPv6(Request->clientAddress().toString()), + TransactionId_, + Request->getMethod(), Request->getURI())); } } else { auto Id = Request->get("X-INTERNAL-NAME", "unknown"); REST_Requester_ = Id; if(Server_.LogIt(Request->getMethod(),true)) { - poco_debug(Logger_,fmt::format("I-REQ-ALLOWED({}): User='{}' Method={} Path={}", - Utils::FormatIPv6(Request->clientAddress().toString()), Id, - Request->getMethod(), Request->getURI())); + poco_debug(Logger_,fmt::format("I-REQ-ALLOWED({}): TID={} User='{}' Method={} Path={}", + Utils::FormatIPv6(Request->clientAddress().toString()), + TransactionId_, + Id, + Request->getMethod(), Request->getURI())); } } return Allowed; @@ -4810,25 +4815,28 @@ namespace OpenWifi { } } #ifdef TIP_SECURITY_SERVICE - if (AuthServiceIsAuthorized(*Request, SessionToken_, UserInfo_, Expired, Sub)) { + if (AuthServiceIsAuthorized(*Request, SessionToken_, UserInfo_, TransactionId_, Expired, Sub)) { #else - if (AuthClient()->IsAuthorized( SessionToken_, UserInfo_, Expired, Contacted, Sub)) { + if (AuthClient()->IsAuthorized( SessionToken_, UserInfo_, TransactionId_, Expired, Contacted, Sub)) { #endif REST_Requester_ = UserInfo_.userinfo.email; if(Server_.LogIt(Request->getMethod(),true)) { - poco_debug(Logger_,fmt::format("X-REQ-ALLOWED({}): User='{}@{}' Method={} Path={}", - UserInfo_.userinfo.email, - Utils::FormatIPv6(Request->clientAddress().toString()), - Request->clientAddress().toString(), - Request->getMethod(), - Request->getURI())); + poco_debug(Logger_,fmt::format("X-REQ-ALLOWED({}): TID={} User='{}@{}' Method={} Path={}", + UserInfo_.userinfo.email, + TransactionId_, + Utils::FormatIPv6(Request->clientAddress().toString()), + Request->clientAddress().toString(), + Request->getMethod(), + Request->getURI())); } return true; } else { if(Server_.LogBadTokens(true)) { - poco_debug(Logger_,fmt::format("X-REQ-DENIED({}): Method={} Path={}", - Utils::FormatIPv6(Request->clientAddress().toString()), - Request->getMethod(), Request->getURI())); + poco_debug(Logger_,fmt::format("X-REQ-DENIED({}): TID={} Method={} Path={}", + Utils::FormatIPv6(Request->clientAddress().toString()), + TransactionId_, + Request->getMethod(), + Request->getURI())); } } return false; @@ -5113,7 +5121,7 @@ namespace OpenWifi { auto Tokens = Utils::Split(Frame, ':'); bool Expired = false, Contacted = false; if (Tokens.size() == 2 && - AuthClient()->IsAuthorized(Tokens[1], UserInfo_, Expired, Contacted)) { + AuthClient()->IsAuthorized(Tokens[1], UserInfo_, 0, Expired, Contacted)) { Authenticated_ = true; UserName_ = UserInfo_.userinfo.email; poco_warning(Logger(),Poco::format("START(%s): %s UI Client is starting WS connection.", Id_, UserName_));