Leosac
0.8.0
Open Source Access Control
PasswordChange.cpp
Go to the documentation of this file.
1
/*
2
Copyright (C) 2014-2016 Leosac
3
4
This file is part of Leosac.
5
6
Leosac is free software: you can redistribute it and/or modify
7
it under the terms of the GNU Affero General Public License as published by
8
the Free Software Foundation, either version 3 of the License, or
9
(at your option) any later version.
10
11
Leosac is distributed in the hope that it will be useful,
12
but WITHOUT ANY WARRANTY; without even the implied warranty of
13
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14
GNU Affero General Public License for more details.
15
16
You should have received a copy of the GNU Affero General Public License
17
along with this program. If not, see <http://www.gnu.org/licenses/>.
18
*/
19
20
#include "
PasswordChange.hpp
"
21
#include "
Exceptions.hpp
"
22
#include "
WSServer.hpp
"
23
#include "
api/APISession.hpp
"
24
#include "
core/audit/AuditFactory.hpp
"
25
#include "
core/audit/UserEvent.hpp
"
26
#include "core/auth/User_odb.h"
27
#include "
exception/EntityNotFound.hpp
"
28
#include "
exception/PermissionDenied.hpp
"
29
#include "
tools/db/DBService.hpp
"
30
31
using namespace
Leosac
;
32
using namespace
Leosac::Module
;
33
using namespace
Leosac::Module::WebSockAPI
;
34
35
PasswordChange::PasswordChange
(
RequestContext
ctx)
36
:
MethodHandler
(ctx)
37
{
38
}
39
40
MethodHandlerUPtr
PasswordChange::create
(
RequestContext
ctx)
41
{
42
return
std::make_unique<PasswordChange>(ctx);
43
}
44
45
json
PasswordChange::process_impl
(
const
json
&req)
46
{
47
json
rep;
48
49
using
query = odb::query<Auth::User>;
50
DBPtr
db =
ctx_
.
dbsrv
->db();
51
odb::transaction t(db->begin());
52
auto
uid = req.at(
"user_id"
).get<
Auth::UserId
>();
53
auto
new_password = req.at(
"new_password"
).get<std::string>();
54
55
Auth::UserPtr
user = db->query_one<
Auth::User
>(query::id == uid);
56
if
(user)
57
{
58
using namespace
FlagSetOperator;
59
Audit::IUserEventPtr
audit =
Audit::Factory::UserEvent
(db, user,
ctx_
.
audit
);
60
61
if
(uid ==
ctx_
.
session
->current_user_id())
62
{
63
auto
current_password = req.at(
"current_password"
).get<std::string>();
64
// When changing our own password, we check the `current_password` field.
65
if
(!user->verify_password(current_password))
66
{
67
audit->event_mask(
Audit::EventType::USER_PASSWORD_CHANGE_FAILURE
);
68
audit->finalize();
69
t.commit();
70
throw
PermissionDenied
(
"Invalid `current_password`."
);
71
}
72
}
73
audit->event_mask(
Audit::EventType::USER_EDITED
|
74
Audit::EventType::USER_PASSWORD_CHANGED
);
75
user->password(new_password);
76
77
ctx_
.
server
.
clear_user_sessions
(user,
ctx_
.
session
);
78
audit->finalize();
79
db->update(user);
80
}
81
else
82
throw
EntityNotFound
(uid,
"user"
);
83
t.commit();
84
return
rep;
85
}
86
87
std::vector<ActionActionParam>
88
PasswordChange::required_permission
(
const
json
&req)
const
89
{
90
std::vector<ActionActionParam> perm;
91
SecurityContext::UserActionParam
uap{};
92
uap.
user_id
= req.at(
"user_id"
).get<
Auth::UserId
>();
93
94
perm.emplace_back(
SecurityContext::Action::USER_CHANGE_PASSWORD
, uap);
95
return
perm;
96
}
AuditFactory.hpp
Exceptions.hpp
Leosac::Module::WebSockAPI::PasswordChange::required_permission
std::vector< ActionActionParam > required_permission(const json &req) const override
Return a list of "Action" / "ActionParam" that must pass before the request is processed.
Definition:
PasswordChange.cpp:88
Leosac::Module::WebSockAPI::PasswordChange::process_impl
virtual json process_impl(const json &req) override
The API method implementation.
Definition:
PasswordChange.cpp:45
Leosac::Module::WebSockAPI::RequestContext::dbsrv
DBServicePtr dbsrv
Definition:
RequestContext.hpp:39
Leosac::Module::WebSockAPI::PasswordChange::create
static MethodHandlerUPtr create(RequestContext)
Definition:
PasswordChange.cpp:40
Leosac::Auth::UserPtr
std::shared_ptr< User > UserPtr
Definition:
AuthFwd.hpp:31
Leosac::SecurityContext::UserActionParam
Definition:
SecurityContext.hpp:172
Leosac::Module::WebSockAPI::WSServer::clear_user_sessions
void clear_user_sessions(Auth::UserPtr user, APIPtr exception)
Deauthenticate all the connections of user, except the exception APISession.
Definition:
WSServer.cpp:410
Leosac::DBPtr
std::shared_ptr< odb::database > DBPtr
Definition:
db_fwd.hpp:31
Leosac::Module
All modules that provides features to Leosac shall be in this namespace.
Leosac::EntityNotFound
Definition:
EntityNotFound.hpp:27
Leosac::Module::WebSockAPI::MethodHandler
The base class for API method handler implementation.
Definition:
MethodHandler.hpp:46
Leosac
This is the header file for a generated source file, GitSHA1.cpp.
Definition:
APIStatusCode.hpp:22
PermissionDenied.hpp
Leosac::Module::WebSockAPI::PasswordChange::PasswordChange
PasswordChange(RequestContext ctx)
Definition:
PasswordChange.cpp:35
Leosac::Auth::User
Represent a user.
Definition:
User.hpp:42
Leosac::Audit::IUserEventPtr
std::shared_ptr< IUserEvent > IUserEventPtr
Definition:
AuditFwd.hpp:46
Leosac::Audit::EventType::USER_PASSWORD_CHANGE_FAILURE
@ USER_PASSWORD_CHANGE_FAILURE
An attempt to change the password failed.
Leosac::Module::WebSockAPI::MethodHandler::ctx_
RequestContext ctx_
Definition:
MethodHandler.hpp:90
PasswordChange.hpp
Leosac::Audit::EventType::USER_PASSWORD_CHANGED
@ USER_PASSWORD_CHANGED
UserEvent.hpp
WSServer.hpp
Leosac::Module::WebSockAPI::MethodHandlerUPtr
std::unique_ptr< MethodHandler > MethodHandlerUPtr
Definition:
WebSockFwd.hpp:36
Leosac::Audit::Factory::UserEvent
static IUserEventPtr UserEvent(const DBPtr &database, Auth::UserPtr target_user, IAuditEntryPtr parent)
Definition:
AuditFactory.cpp:43
DBService.hpp
APISession.hpp
Leosac::Audit::EventType::USER_EDITED
@ USER_EDITED
Leosac::Module::WebSockAPI::RequestContext::audit
Audit::IAuditEntryPtr audit
The initial audit trail for the request.
Definition:
RequestContext.hpp:55
Leosac::SecurityContext::Action::USER_CHANGE_PASSWORD
@ USER_CHANGE_PASSWORD
Leosac::Module::WebSockAPI::json
nlohmann::json json
Definition:
AccessOverview.hpp:30
Leosac::Auth::UserId
unsigned long UserId
Definition:
AuthFwd.hpp:34
Leosac::Module::WebSockAPI::RequestContext
Holds valuable pointer to provide context to a request.
Definition:
RequestContext.hpp:36
Leosac::Module::WebSockAPI::RequestContext::server
WSServer & server
Definition:
RequestContext.hpp:40
Leosac::Module::WebSockAPI
Definition:
ActionActionParam.hpp:28
Leosac::SecurityContext::UserActionParam::user_id
Auth::UserId user_id
Definition:
SecurityContext.hpp:174
EntityNotFound.hpp
Leosac::Module::WebSockAPI::RequestContext::session
APIPtr session
Definition:
RequestContext.hpp:38
PermissionDenied
An exception that can be throw when the permission for a given operation is denied.
Definition:
PermissionDenied.hpp:28
src
modules
websock-api
api
PasswordChange.cpp
Generated on Tue Mar 22 2022 10:48:28 for Leosac by
1.8.17