d7/d86/APIAuth_8cpp_source.html

 /*
     Copyright (C) 2014-2016 Leosac

     This file is part of Leosac.

     Leosac is free software: you can redistribute it and/or modify
     it under the terms of the GNU Affero General Public License as published by
     the Free Software Foundation, either version 3 of the License, or
     (at your option) any later version.

     Leosac is distributed in the hope that it will be useful,
     but WITHOUT ANY WARRANTY; without even the implied warranty of
     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
     GNU Affero General Public License for more details.

     You should have received a copy of the GNU Affero General Public License
     along with this program. If not, see <http://www.gnu.org/licenses/>.
 */

 #include "APIAuth.hpp"
 #include "WSServer.hpp"
 #include "core/CoreAPI.hpp"
 #include "core/CoreUtils.hpp"
 #include "core/GetServiceRegistry.hpp"
 #include "core/auth/Token_odb.h"
 #include "core/auth/User.hpp"
 #include "core/auth/UserGroupMembership.hpp"
 #include "core/auth/User_odb.h"
 #include "tools/GenGuid.h"
 #include "tools/Mail.hpp"
 #include "tools/db/MultiplexedSession.hpp"
 #include "tools/db/MultiplexedTransaction.hpp"
 #include "tools/db/database.hpp"
 #include "tools/log.hpp"
 #include <algorithm>
 #include <boost/algorithm/string.hpp>
 #include <odb/object-result.hxx>
 #include <odb/session.hxx>

 using namespace Leosac;
 using namespace Leosac::Module;
 using namespace Leosac::Module::WebSockAPI;

 APIAuth::APIAuth(WSServer &srv)
     : server_(srv)
 {
 }

 void APIAuth::invalidate_token(Auth::TokenPtr token) const
 {
     ASSERT_LOG(token, "nullptr passed when excepting non-null token.");

     using namespace odb;
     using namespace odb::core;
     odb::transaction t(server_.db()->begin());
     server_.db()->erase<Auth::Token>(token->id());
     t.commit();
 }

 Auth::TokenPtr APIAuth::authenticate_token(const std::string &token_str) const
 {
     using namespace odb;
     using namespace odb::core;
     using query = odb::query<Auth::Token>;

     auto db = server_.db();
     transaction t(db->begin());
     db::MultiplexedSession s;

     Auth::TokenPtr token(db->query_one<Auth::Token>(query::token == token_str));
     if (token && token->is_valid())
     {
         enforce_user_enabled(*token->owner());
         token->expire_in(std::chrono::minutes(20));
         db->update(token);
         t.commit();
         return token;
     }
     return nullptr;
 }

 Auth::TokenPtr APIAuth::authenticate_credentials(const std::string &username,
                                                  const std::string &password) const
 {
     using namespace odb;
     using namespace odb::core;
     using query = odb::query<Auth::User>;
     {
         auto db = server_.db();
         transaction t(db->begin());

         auto username_lowercase = boost::algorithm::to_lower_copy(username);
         Auth::UserPtr user =
             db->query_one<Auth::User>(query::username == username_lowercase);
         if (user && user->verify_password(password))
         {
             enforce_user_enabled(*user);
             // Create new token.
             auto token = std::make_shared<Auth::Token>(gen_uuid(), user);
             // Valid for 20m
             token->expire_in(std::chrono::minutes(20));
             db->persist(*token);
             t.commit();

             if (user->username() == "admin")
             {
                 if (const auto &mailer =
                         get_service_registry().get_service<SMTPService>())
                 {
                     MailInfo mail;
                     mail.title = "Admin Connected";
                     mail.body  = "The user `admin` logged in !";
                     mailer->async_send_to_admin(mail);
                 }
             }

             return token;
         }
     }
     return nullptr;
 }

 void APIAuth::enforce_user_enabled(const Auth::User &u) const
 {
     const auto &validity = u.validity();
     if (!validity.is_enabled())
         throw LEOSACException(BUILD_STR("This user account is disabled."));
     if (!validity.is_in_range())
         throw LEOSACException(
             BUILD_STR("This user account is not currently active."));
 }
User.hpp

Leosac::Auth::Token
An authentication token used for authenticating a user against Leosac.
Definition: Token.hpp:42

Leosac::Auth::TokenPtr
std::shared_ptr< Token > TokenPtr
Definition: AuthFwd.hpp:85

GetServiceRegistry.hpp

CoreAPI.hpp

Leosac::db::MultiplexedSession
Acts like an odb::session, with the exception that it will save the current active session (if any) a...
Definition: MultiplexedSession.hpp:39

Leosac
This is the header file for a generated source file, GitSHA1.cpp.
Definition: APIStatusCode.hpp:22

Mail.hpp

Leosac::Module::WebSockAPI::APIAuth::invalidate_token
void invalidate_token(Auth::TokenPtr token) const
Invalidate the authentication token, removing it from the database.
Definition: APIAuth.cpp:49

WSServer.hpp

Leosac::Module::WebSockAPI
Definition: ActionActionParam.hpp:28

Leosac::get_service_registry
ServiceRegistry & get_service_registry()
A function to retrieve the ServiceRegistry from pretty much anywhere.
Definition: GetServiceRegistry.cpp:25

APIAuth.hpp

Leosac::Auth::User
Represent a user.
Definition: User.hpp:42

Leosac::Module::WebSockAPI::APIAuth::authenticate_token
Auth::TokenPtr authenticate_token(const std::string &token_str) const
Attempt to authenticate with an authentication token.
Definition: APIAuth.cpp:60

GenGuid.h

Leosac::MailInfo::body
std::string body
Definition: Mail.hpp:34

Leosac::Module::WebSockAPI::APIAuth::enforce_user_enabled
void enforce_user_enabled(const Auth::User &u) const
Make sure the User u is authorized to log in.
Definition: APIAuth.cpp:123

Leosac::Module::WebSockAPI::WSServer
The implementation class that runs the websocket server.
Definition: WSServer.hpp:61

Leosac::Module::WebSockAPI::WSServer::db
DBPtr db()
Retrieve database handle.
Definition: WSServer.cpp:337

Leosac::Auth::UserPtr
std::shared_ptr< User > UserPtr
Definition: AuthFwd.hpp:31

Leosac::Module::WebSockAPI::APIAuth::authenticate_credentials
Auth::TokenPtr authenticate_credentials(const std::string &username, const std::string &password) const
Attempt to authenticate with username/password credential and generate an authentication token...
Definition: APIAuth.cpp:82

Leosac::Module
All modules that provides features to Leosac shall be in this namespace.

MultiplexedTransaction.hpp

Leosac::MailInfo
Definition: Mail.hpp:30

ASSERT_LOG
#define ASSERT_LOG(cond, msg)
Definition: log.hpp:221

Leosac::gen_uuid
std::string gen_uuid()
Generate a new UUID.
Definition: GenGuid.cpp:26

CoreUtils.hpp

odb
Provide ODB magic to be able to store an Leosac::Audit::EventType (FlagSet) object.
Definition: AuditEventMaskODB.hpp:31

UserGroupMembership.hpp

MultiplexedSession.hpp

database.hpp

Leosac::ServiceRegistry::get_service
std::shared_ptr< ServiceInterface > get_service() const
Retrieve the service instance implementing the ServiceInterface, or nullptr if no such service was re...
Definition: ServiceRegistry.hpp:290

BUILD_STR
#define BUILD_STR(param)
Internal macro.
Definition: log.hpp:66

Leosac::MailInfo::title
std::string title
Definition: Mail.hpp:33

LEOSACException
A base class for Leosac specific exception.
Definition: leosacexception.hpp:40

Leosac::SMTPService
Reference interface for SMTP module.
Definition: Mail.hpp:45

log.hpp

Leosac::Module::WebSockAPI::APIAuth::server_
WSServer & server_
Reference to the Websocket server.
Definition: APIAuth.hpp:89

Leosac::Auth::User::validity
const ValidityInfo & validity() const
Definition: User.cpp:113

Leosac::Module::WebSockAPI::APIAuth::APIAuth
APIAuth(WSServer &srv)
Definition: APIAuth.cpp:44