Leosac  0.8.0
Open Source Access Control
APIAuth.cpp
Go to the documentation of this file.
1 /*
2  Copyright (C) 2014-2016 Leosac
3 
4  This file is part of Leosac.
5 
6  Leosac is free software: you can redistribute it and/or modify
7  it under the terms of the GNU Affero General Public License as published by
8  the Free Software Foundation, either version 3 of the License, or
9  (at your option) any later version.
10 
11  Leosac is distributed in the hope that it will be useful,
12  but WITHOUT ANY WARRANTY; without even the implied warranty of
13  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14  GNU Affero General Public License for more details.
15 
16  You should have received a copy of the GNU Affero General Public License
17  along with this program. If not, see <http://www.gnu.org/licenses/>.
18 */
19 
20 #include "APIAuth.hpp"
21 #include "WSServer.hpp"
22 #include "core/CoreAPI.hpp"
23 #include "core/CoreUtils.hpp"
24 #include "core/GetServiceRegistry.hpp"
25 #include "core/auth/Token_odb.h"
26 #include "core/auth/User.hpp"
27 #include "core/auth/UserGroupMembership.hpp"
28 #include "core/auth/User_odb.h"
29 #include "tools/GenGuid.h"
30 #include "tools/Mail.hpp"
31 #include "tools/db/MultiplexedSession.hpp"
32 #include "tools/db/MultiplexedTransaction.hpp"
33 #include "tools/db/database.hpp"
34 #include "tools/log.hpp"
35 #include <algorithm>
36 #include <boost/algorithm/string.hpp>
37 #include <odb/object-result.hxx>
38 #include <odb/session.hxx>
39 
40 using namespace Leosac;
41 using namespace Leosac::Module;
42 using namespace Leosac::Module::WebSockAPI;
43 
44 APIAuth::APIAuth(WSServer &srv)
45  : server_(srv)
46 {
47 }
48 
49 void APIAuth::invalidate_token(Auth::TokenPtr token) const
50 {
51  ASSERT_LOG(token, "nullptr passed when excepting non-null token.");
52 
53  using namespace odb;
54  using namespace odb::core;
55  odb::transaction t(server_.db()->begin());
56  server_.db()->erase<Auth::Token>(token->id());
57  t.commit();
58 }
59 
60 Auth::TokenPtr APIAuth::authenticate_token(const std::string &token_str) const
61 {
62  using namespace odb;
63  using namespace odb::core;
64  using query = odb::query<Auth::Token>;
65 
66  auto db = server_.db();
67  transaction t(db->begin());
68  db::MultiplexedSession s;
69 
70  Auth::TokenPtr token(db->query_one<Auth::Token>(query::token == token_str));
71  if (token && token->is_valid())
72  {
73  enforce_user_enabled(*token->owner());
74  token->expire_in(std::chrono::minutes(20));
75  db->update(token);
76  t.commit();
77  return token;
78  }
79  return nullptr;
80 }
81 
82 Auth::TokenPtr APIAuth::authenticate_credentials(const std::string &username,
83  const std::string &password) const
84 {
85  using namespace odb;
86  using namespace odb::core;
87  using query = odb::query<Auth::User>;
88  {
89  auto db = server_.db();
90  transaction t(db->begin());
91 
92  auto username_lowercase = boost::algorithm::to_lower_copy(username);
93  Auth::UserPtr user =
94  db->query_one<Auth::User>(query::username == username_lowercase);
95  if (user && user->verify_password(password))
96  {
97  enforce_user_enabled(*user);
98  // Create new token.
99  auto token = std::make_shared<Auth::Token>(gen_uuid(), user);
100  // Valid for 20m
101  token->expire_in(std::chrono::minutes(20));
102  db->persist(*token);
103  t.commit();
104 
105  if (user->username() == "admin")
106  {
107  if (const auto &mailer =
108  get_service_registry().get_service<SMTPService>())
109  {
110  MailInfo mail;
111  mail.title = "Admin Connected";
112  mail.body = "The user `admin` logged in !";
113  mailer->async_send_to_admin(mail);
114  }
115  }
116 
117  return token;
118  }
119  }
120  return nullptr;
121 }
122 
123 void APIAuth::enforce_user_enabled(const Auth::User &u) const
124 {
125  const auto &validity = u.validity();
126  if (!validity.is_enabled())
127  throw LEOSACException(BUILD_STR("This user account is disabled."));
128  if (!validity.is_in_range())
129  throw LEOSACException(
130  BUILD_STR("This user account is not currently active."));
131 }
BUILD_STR
#define BUILD_STR(param)
Internal macro.
Definition: log.hpp:63
Leosac::Auth::Token
An authentication token used for authenticating a user against Leosac.
Definition: Token.hpp:42
Leosac::Auth::TokenPtr
std::shared_ptr< Token > TokenPtr
Definition: AuthFwd.hpp:85
database.hpp
Leosac::Module::WebSockAPI::APIAuth::enforce_user_enabled
void enforce_user_enabled(const Auth::User &u) const
Make sure the User u is authorized to log in.
Definition: APIAuth.cpp:123
Leosac::Module::WebSockAPI::APIAuth::authenticate_token
Auth::TokenPtr authenticate_token(const std::string &token_str) const
Attempt to authenticate with an authentication token.
Definition: APIAuth.cpp:60
Leosac::get_service_registry
ServiceRegistry & get_service_registry()
A function to retrieve the ServiceRegistry from pretty much anywhere.
Definition: GetServiceRegistry.cpp:25
ASSERT_LOG
#define ASSERT_LOG(cond, msg)
Definition: log.hpp:190
Leosac::Auth::UserPtr
std::shared_ptr< User > UserPtr
Definition: AuthFwd.hpp:31
Leosac::db::MultiplexedSession
Acts like an odb::session, with the exception that it will save the current active session (if any) a...
Definition: MultiplexedSession.hpp:39
User.hpp
odb
Provide ODB magic to be able to store an Leosac::Audit::EventType (FlagSet) object.
Definition: AuditEventMaskODB.hpp:31
Leosac::Module::WebSockAPI::APIAuth::authenticate_credentials
Auth::TokenPtr authenticate_credentials(const std::string &username, const std::string &password) const
Attempt to authenticate with username/password credential and generate an authentication token.
Definition: APIAuth.cpp:82
Leosac::Module
All modules that provides features to Leosac shall be in this namespace.
UserGroupMembership.hpp
Mail.hpp
Leosac::MailInfo
Definition: Mail.hpp:30
Leosac
This is the header file for a generated source file, GitSHA1.cpp.
Definition: APIStatusCode.hpp:22
GetServiceRegistry.hpp
Leosac::Auth::User
Represent a user.
Definition: User.hpp:42
Leosac::Module::WebSockAPI::APIAuth::server_
WSServer & server_
Reference to the Websocket server.
Definition: APIAuth.hpp:89
MultiplexedTransaction.hpp
LEOSACException
A base class for Leosac specific exception.
Definition: leosacexception.hpp:40
Leosac::MailInfo::body
std::string body
Definition: Mail.hpp:34
Leosac::Module::WebSockAPI::WSServer
The implementation class that runs the websocket server.
Definition: WSServer.hpp:61
GenGuid.h
CoreAPI.hpp
Leosac::gen_uuid
std::string gen_uuid()
Generate a new UUID.
Definition: GenGuid.cpp:26
Leosac::Module::WebSockAPI::APIAuth::invalidate_token
void invalidate_token(Auth::TokenPtr token) const
Invalidate the authentication token, removing it from the database.
Definition: APIAuth.cpp:49
APIAuth.hpp
WSServer.hpp
Leosac::Module::WebSockAPI::APIAuth::APIAuth
APIAuth(WSServer &srv)
Definition: APIAuth.cpp:44
Leosac::Module::WebSockAPI::WSServer::db
DBPtr db()
Retrieve database handle.
Definition: WSServer.cpp:337
log.hpp
CoreUtils.hpp
Leosac::Auth::User::validity
const ValidityInfo & validity() const
Definition: User.cpp:113
MultiplexedSession.hpp
Leosac::Module::WebSockAPI
Definition: ActionActionParam.hpp:28
Leosac::MailInfo::title
std::string title
Definition: Mail.hpp:33