diff --git a/CMakeLists.txt b/CMakeLists.txt index 85e1dcc..9824012 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -85,6 +85,7 @@ add_executable( owsec src/RESTAPI/RESTAPI_suboauth2_handler.h src/RESTAPI/RESTAPI_suboauth2_handler.cpp src/RESTAPI/RESTAPI_subuser_handler.h src/RESTAPI/RESTAPI_subuser_handler.cpp src/RESTAPI/RESTAPI_subusers_handler.h src/RESTAPI/RESTAPI_subusers_handler.cpp + src/RESTAPI/RESTAPI_validate_sub_token_handler.cpp src/RESTAPI/RESTAPI_validate_sub_token_handler.h src/APIServers.cpp src/Daemon.h src/Daemon.cpp src/AuthService.h src/AuthService.cpp diff --git a/build b/build index 4800c7d..3d9aebb 100644 --- a/build +++ b/build @@ -1 +1 @@ -58 \ No newline at end of file +68 \ No newline at end of file diff --git a/src/APIServers.cpp b/src/APIServers.cpp index 384f69a..1b90693 100644 --- a/src/APIServers.cpp +++ b/src/APIServers.cpp @@ -18,6 +18,7 @@ #include "RESTAPI/RESTAPI_suboauth2_handler.h" #include "RESTAPI/RESTAPI_subuser_handler.h" #include "RESTAPI/RESTAPI_subusers_handler.h" +#include "RESTAPI/RESTAPI_validate_sub_token_handler.h" namespace OpenWifi { @@ -49,6 +50,7 @@ namespace OpenWifi { RESTAPI_system_command, RESTAPI_action_links, RESTAPI_validate_token_handler, + RESTAPI_validate_sub_token_handler, RESTAPI_sms_handler, RESTAPI_suboauth2_handler, RESTAPI_subuser_handler, diff --git a/src/ActionLinkManager.cpp b/src/ActionLinkManager.cpp index d4d855e..61d04d7 100644 --- a/src/ActionLinkManager.cpp +++ b/src/ActionLinkManager.cpp @@ -43,23 +43,52 @@ namespace OpenWifi { break; SecurityObjects::UserInfo UInfo; - if(!StorageService()->GetUserById(i.userId,UInfo)) { + if((i.action==OpenWifi::SecurityObjects::LinkActions::FORGOT_PASSWORD || + i.action==OpenWifi::SecurityObjects::LinkActions::VERIFY_EMAIL) && !StorageService()->GetUserById(i.userId,UInfo)) { + StorageService()->CancelAction(i.id); + continue; + } else if(( i.action==OpenWifi::SecurityObjects::LinkActions::SUB_FORGOT_PASSWORD || + i.action==OpenWifi::SecurityObjects::LinkActions::SUB_VERIFY_EMAIL) && !StorageService()->GetSubUserById(i.userId,UInfo)) { StorageService()->CancelAction(i.id); continue; } - if(i.action==OpenWifi::SecurityObjects::LinkActions::FORGOT_PASSWORD) { - if(AuthService::SendEmailToUser(i.id, UInfo.email, AuthService::FORGOT_PASSWORD)) { - Logger_.information(Poco::format("Send password reset link to %s",UInfo.email)); + switch(i.action) { + case OpenWifi::SecurityObjects::LinkActions::FORGOT_PASSWORD: { + if(AuthService::SendEmailToUser(i.id, UInfo.email, AuthService::FORGOT_PASSWORD)) { + Logger_.information(Poco::format("Send password reset link to %s",UInfo.email)); + } + StorageService()->SentAction(i.id); + } + break; + + case OpenWifi::SecurityObjects::LinkActions::VERIFY_EMAIL: { + if(AuthService::SendEmailToUser(i.id, UInfo.email, AuthService::EMAIL_VERIFICATION)) { + Logger_.information(Poco::format("Send email verification link to %s",UInfo.email)); + } + StorageService()->SentAction(i.id); + } + break; + + case OpenWifi::SecurityObjects::LinkActions::SUB_FORGOT_PASSWORD: { + if(AuthService::SendEmailToSubUser(i.id, UInfo.email, AuthService::FORGOT_PASSWORD)) { + Logger_.information(Poco::format("Send subscriber password reset link to %s",UInfo.email)); + } + StorageService()->SentAction(i.id); + } + break; + + case OpenWifi::SecurityObjects::LinkActions::SUB_VERIFY_EMAIL: { + if(AuthService::SendEmailToSubUser(i.id, UInfo.email, AuthService::EMAIL_VERIFICATION)) { + Logger_.information(Poco::format("Send subscriber email verification link to %s",UInfo.email)); + } + StorageService()->SentAction(i.id); + } + break; + + default: { + StorageService()->SentAction(i.id); } - StorageService()->SentAction(i.id); - } else if (i.action==OpenWifi::SecurityObjects::LinkActions::VERIFY_EMAIL) { - if(AuthService::SendEmailToUser(i.id, UInfo.email, AuthService::EMAIL_VERIFICATION)) { - Logger_.information(Poco::format("Send email verification link to %s",UInfo.email)); - } - StorageService()->SentAction(i.id); - } else { - StorageService()->SentAction(i.id); } } } diff --git a/src/ActionLinkManager.h b/src/ActionLinkManager.h index 5cf8737..3caae7a 100644 --- a/src/ActionLinkManager.h +++ b/src/ActionLinkManager.h @@ -12,11 +12,13 @@ namespace OpenWifi { class ActionLinkManager : public SubSystemServer, Poco::Runnable { public: - enum Actions { +/* enum Actions { FORGOT_PASSWORD, - VERIFY_EMAIL + VERIFY_EMAIL, + SUB_FORGOT_PASSWORD, + SUB_VERIFY_EMAIL }; - +*/ static ActionLinkManager * instance() { static auto * instance_ = new ActionLinkManager; return instance_; diff --git a/src/AuthService.cpp b/src/AuthService.cpp index 8ca1e21..0184f04 100644 --- a/src/AuthService.cpp +++ b/src/AuthService.cpp @@ -46,10 +46,17 @@ namespace OpenWifi { Signer_.setRSAKey(MicroService::instance().Key()); Signer_.addAllAlgorithms(); Logger_.notice("Starting..."); - PasswordValidation_ = PasswordValidationStr_ = MicroService::instance().ConfigGetString("authentication.validation.expression","^(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9])(?=.*?[#?!@$%^&*-]).{8,}$"); - SubPasswordValidation_ = SubPasswordValidationStr_ = MicroService::instance().ConfigGetString("authentication.subvalidation.expression","^(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9])(?=.*?[#?!@$%^&*-]).{8,}$"); TokenAging_ = (uint64_t) MicroService::instance().ConfigGetInt("authentication.token.ageing", 30 * 24 * 60 * 60); HowManyOldPassword_ = MicroService::instance().ConfigGetInt("authentication.oldpasswords", 5); + + AccessPolicy_ = MicroService::instance().ConfigPath("openwifi.document.policy.access", "/wwwassets/access_policy.html"); + PasswordPolicy_ = MicroService::instance().ConfigPath("openwifi.document.policy.password", "/wwwassets/password_policy.html"); + PasswordValidation_ = PasswordValidationStr_ = MicroService::instance().ConfigGetString("authentication.validation.expression","^(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9])(?=.*?[#?!@$%^&*-]).{8,}$"); + + SubPasswordValidation_ = SubPasswordValidationStr_ = MicroService::instance().ConfigGetString("subscriber.validation.expression","^(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9])(?=.*?[#?!@$%^&*-]).{8,}$"); + SubAccessPolicy_ = MicroService::instance().ConfigPath("subscriber.policy.access", "/wwwassets/access_policy.html"); + SubPasswordPolicy_ = MicroService::instance().ConfigPath("subscriber.policy.password", "/wwwassets/password_policy.html"); + return 0; } @@ -601,7 +608,7 @@ namespace OpenWifi { bool AuthService::VerifySubEmail(SecurityObjects::UserInfo &UInfo) { SecurityObjects::ActionLink A; - A.action = OpenWifi::SecurityObjects::LinkActions::VERIFY_EMAIL; + A.action = OpenWifi::SecurityObjects::LinkActions::SUB_VERIFY_EMAIL; A.userId = UInfo.email; A.id = MicroService::CreateUUID(); A.created = std::time(nullptr); diff --git a/src/AuthService.h b/src/AuthService.h index 6db7062..9eaa192 100644 --- a/src/AuthService.h +++ b/src/AuthService.h @@ -104,6 +104,12 @@ namespace OpenWifi{ return MicroService::instance().WWWAssetsDir() + "/the_logo.png"; } + inline const std::string & GetPasswordPolicy() const { return PasswordPolicy_; } + inline const std::string & GetAccessPolicy() const { return AccessPolicy_; } + + inline const std::string & GetSubPasswordPolicy() const { return SubPasswordPolicy_; } + inline const std::string & GetSubAccessPolicy() const { return SubAccessPolicy_; } + private: Poco::JWT::Signer Signer_; Poco::SHA2Engine SHA2_; @@ -111,6 +117,10 @@ namespace OpenWifi{ Poco::ExpireLRUCache UserCache_{256,1200000}; Poco::ExpireLRUCache SubUserCache_{4096,1200000}; + std::string AccessPolicy_; + std::string PasswordPolicy_; + std::string SubAccessPolicy_; + std::string SubPasswordPolicy_; std::string PasswordValidationStr_; std::string SubPasswordValidationStr_; std::regex PasswordValidation_; diff --git a/src/Daemon.cpp b/src/Daemon.cpp index 41f9d48..81115fe 100644 --- a/src/Daemon.cpp +++ b/src/Daemon.cpp @@ -56,8 +56,6 @@ namespace OpenWifi { void Daemon::initialize() { AssetDir_ = MicroService::instance().ConfigPath("openwifi.restapi.wwwassets"); - AccessPolicy_ = MicroService::instance().ConfigPath("openwifi.document.policy.access", "/wwwassets/access_policy.html"); - PasswordPolicy_ = MicroService::instance().ConfigPath("openwifi.document.policy.password", "/wwwassets/password_policy.html"); } void MicroServicePostInitialization() { diff --git a/src/Daemon.h b/src/Daemon.h index 30ca216..884a2cb 100644 --- a/src/Daemon.h +++ b/src/Daemon.h @@ -43,13 +43,9 @@ namespace OpenWifi { void initialize(); static Daemon *instance(); inline const std::string & AssetDir() { return AssetDir_; } - inline const std::string & GetPasswordPolicy() const { return PasswordPolicy_; } - inline const std::string & GetAccessPolicy() const { return AccessPolicy_; } private: static Daemon *instance_; std::string AssetDir_; - std::string PasswordPolicy_; - std::string AccessPolicy_; }; inline Daemon * Daemon() { return Daemon::instance(); } diff --git a/src/RESTAPI/RESTAPI_oauth2_handler.cpp b/src/RESTAPI/RESTAPI_oauth2_handler.cpp index cd823c2..02981a7 100644 --- a/src/RESTAPI/RESTAPI_oauth2_handler.cpp +++ b/src/RESTAPI/RESTAPI_oauth2_handler.cpp @@ -73,8 +73,8 @@ namespace OpenWifi { Logger_.information(Poco::format("POLICY-REQUEST(%s): Request.", Request->clientAddress().toString())); Poco::JSON::Object Answer; Answer.set(RESTAPI::Protocol::PASSWORDPATTERN, AuthService()->PasswordValidationExpression()); - Answer.set(RESTAPI::Protocol::ACCESSPOLICY, Daemon()->GetAccessPolicy()); - Answer.set(RESTAPI::Protocol::PASSWORDPOLICY, Daemon()->GetPasswordPolicy()); + Answer.set(RESTAPI::Protocol::ACCESSPOLICY, AuthService()->GetAccessPolicy()); + Answer.set(RESTAPI::Protocol::PASSWORDPOLICY, AuthService()->GetPasswordPolicy()); return ReturnObject(Answer); } diff --git a/src/RESTAPI/RESTAPI_suboauth2_handler.cpp b/src/RESTAPI/RESTAPI_suboauth2_handler.cpp index b9b5fe6..56dc8e4 100644 --- a/src/RESTAPI/RESTAPI_suboauth2_handler.cpp +++ b/src/RESTAPI/RESTAPI_suboauth2_handler.cpp @@ -47,7 +47,7 @@ namespace OpenWifi { auto Token = GetBinding(RESTAPI::Protocol::TOKEN, "..."); if (Token == SessionToken_) { - AuthService()->Logout(Token); + AuthService()->SubLogout(Token); return ReturnStatus(Poco::Net::HTTPResponse::HTTP_NO_CONTENT, true); } @@ -61,16 +61,14 @@ namespace OpenWifi { auto password = GetS(RESTAPI::Protocol::PASSWORD, Obj); auto newPassword = GetS(RESTAPI::Protocol::NEWPASSWORD, Obj); - Logger_.information("Doing post"); - Poco::toLowerInPlace(userId); if(GetBoolParameter(RESTAPI::Protocol::REQUIREMENTS, false)) { Logger_.information(Poco::format("POLICY-REQUEST(%s): Request.", Request->clientAddress().toString())); Poco::JSON::Object Answer; Answer.set(RESTAPI::Protocol::PASSWORDPATTERN, AuthService()->SubPasswordValidationExpression()); - Answer.set(RESTAPI::Protocol::ACCESSPOLICY, Daemon()->GetAccessPolicy()); - Answer.set(RESTAPI::Protocol::PASSWORDPOLICY, Daemon()->GetPasswordPolicy()); + Answer.set(RESTAPI::Protocol::ACCESSPOLICY, AuthService()->GetSubAccessPolicy()); + Answer.set(RESTAPI::Protocol::PASSWORDPOLICY, AuthService()->GetSubPasswordPolicy()); return ReturnObject(Answer); } @@ -81,7 +79,7 @@ namespace OpenWifi { Logger_.information(Poco::format("FORGOTTEN-PASSWORD(%s): Request for %s", Request->clientAddress().toString(), userId)); SecurityObjects::ActionLink NewLink; - NewLink.action = OpenWifi::SecurityObjects::LinkActions::FORGOT_PASSWORD; + NewLink.action = OpenWifi::SecurityObjects::LinkActions::SUB_FORGOT_PASSWORD; NewLink.id = MicroService::CreateUUID(); NewLink.userId = UInfo1.Id; NewLink.created = std::time(nullptr); diff --git a/src/RESTObjects/RESTAPI_SecurityObjects.h b/src/RESTObjects/RESTAPI_SecurityObjects.h index 647eb77..3e07629 100644 --- a/src/RESTObjects/RESTAPI_SecurityObjects.h +++ b/src/RESTObjects/RESTAPI_SecurityObjects.h @@ -6,8 +6,7 @@ // Arilia Wireless Inc. // -#ifndef UCENTRAL_RESTAPI_SECURITYOBJECTS_H -#define UCENTRAL_RESTAPI_SECURITYOBJECTS_H +#pragma once #include "framework/OpenWifiTypes.h" #include "Poco/JSON/Object.h" @@ -224,7 +223,9 @@ namespace OpenWifi::SecurityObjects { enum LinkActions { FORGOT_PASSWORD=1, - VERIFY_EMAIL + VERIFY_EMAIL, + SUB_FORGOT_PASSWORD, + SUB_VERIFY_EMAIL }; struct ActionLink { @@ -253,5 +254,3 @@ namespace OpenWifi::SecurityObjects { bool from_json(Poco::JSON::Object::Ptr &Obj); }; } - -#endif //UCENTRAL_RESTAPI_SECURITYOBJECTS_H \ No newline at end of file diff --git a/src/storage/storage_actionLinks.h b/src/storage/storage_actionLinks.h index 1a7d766..ac95ba7 100644 --- a/src/storage/storage_actionLinks.h +++ b/src/storage/storage_actionLinks.h @@ -2,8 +2,7 @@ // Created by stephane bourque on 2021-11-08. // -#ifndef OWSEC_STORAGE_ACTIONLINKS_H -#define OWSEC_STORAGE_ACTIONLINKS_H +#pragma once #include #include @@ -74,6 +73,3 @@ namespace OpenWifi { typedef std::vector ActionLinkRecordList; } - - -#endif //OWSEC_STORAGE_ACTIONLINKS_H diff --git a/src/storage/storage_avatar.h b/src/storage/storage_avatar.h index b6735f3..98878e0 100644 --- a/src/storage/storage_avatar.h +++ b/src/storage/storage_avatar.h @@ -2,8 +2,7 @@ // Created by stephane bourque on 2021-07-15. // -#ifndef WLAN_CLOUD_UCENTRALSEC_STORAGE_AVATAR_H -#define WLAN_CLOUD_UCENTRALSEC_STORAGE_AVATAR_H +#pragma once namespace OpenWifi { @@ -37,6 +36,3 @@ namespace OpenWifi { } - - -#endif //WLAN_CLOUD_UCENTRALSEC_STORAGE_AVATAR_H diff --git a/src/storage/storage_preferences.h b/src/storage/storage_preferences.h index 9f2024b..fb015cb 100644 --- a/src/storage/storage_preferences.h +++ b/src/storage/storage_preferences.h @@ -2,8 +2,7 @@ // Created by stephane bourque on 2021-11-16. // -#ifndef OWSEC_STORAGE_PREFERENCES_H -#define OWSEC_STORAGE_PREFERENCES_H +#pragma once #include #include @@ -35,5 +34,3 @@ namespace OpenWifi { typedef std::vector PreferencesRecordList; } - -#endif //OWSEC_STORAGE_PREFERENCES_H diff --git a/src/storage/storage_tokens.h b/src/storage/storage_tokens.h index e4bda6c..d663d47 100644 --- a/src/storage/storage_tokens.h +++ b/src/storage/storage_tokens.h @@ -2,8 +2,7 @@ // Created by stephane bourque on 2021-11-08. // -#ifndef OWSEC_STORAGE_TOKENS_H -#define OWSEC_STORAGE_TOKENS_H +#pragma once #include #include @@ -26,5 +25,3 @@ namespace OpenWifi { } - -#endif //OWSEC_STORAGE_TOKENS_H