2019-04-29 23:30:43 +00:00
|
|
|
#include <SecurityManager.h>
|
|
|
|
|
|
2019-05-24 11:19:27 +00:00
|
|
|
SecurityManager::SecurityManager(AsyncWebServer* server, FS* fs) : SettingsService(server, fs, USERS_PATH, SECURITY_SETTINGS_FILE) {}
|
2019-04-29 23:30:43 +00:00
|
|
|
SecurityManager::~SecurityManager() {}
|
|
|
|
|
|
|
|
|
|
void SecurityManager::readFromJsonObject(JsonObject& root) {
|
2019-04-30 22:49:28 +00:00
|
|
|
// secret
|
2019-04-29 23:30:43 +00:00
|
|
|
_jwtSecret = root["jwt_secret"] | DEFAULT_JWT_SECRET;
|
|
|
|
|
|
2019-04-30 22:49:28 +00:00
|
|
|
// roles
|
|
|
|
|
_roles.clear();
|
|
|
|
|
if (root["roles"].is<JsonArray>()) {
|
|
|
|
|
JsonArray roles = root["roles"];
|
|
|
|
|
for (JsonVariant role : roles) {
|
|
|
|
|
_roles.push_back(role.as<String>());
|
|
|
|
|
}
|
2019-04-29 23:30:43 +00:00
|
|
|
}
|
|
|
|
|
|
2019-04-30 22:49:28 +00:00
|
|
|
// users
|
|
|
|
|
_users.clear();
|
2019-04-29 23:30:43 +00:00
|
|
|
if (root["users"].is<JsonArray>()) {
|
2019-05-24 11:19:27 +00:00
|
|
|
for (JsonVariant user : root["users"].as<JsonArray>()) {
|
|
|
|
|
std::list<String> roles;
|
|
|
|
|
if (user["roles"].is<JsonArray>()) {
|
|
|
|
|
for (JsonVariant role : user["roles"].as<JsonArray>()) {
|
|
|
|
|
roles.push_back(role.as<String>());
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
_users.push_back(User(user["username"], user["password"], roles));
|
2019-04-29 23:30:43 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2019-05-24 11:19:27 +00:00
|
|
|
|
2019-04-29 23:30:43 +00:00
|
|
|
void SecurityManager::writeToJsonObject(JsonObject& root) {
|
2019-04-30 22:49:28 +00:00
|
|
|
// secret
|
|
|
|
|
root["jwt_secret"] = _jwtSecret;
|
|
|
|
|
|
|
|
|
|
// roles
|
|
|
|
|
JsonArray roles = root.createNestedArray("roles");
|
|
|
|
|
for (String _role : _roles) {
|
|
|
|
|
roles.add(_role);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// users
|
|
|
|
|
JsonArray users = root.createNestedArray("users");
|
|
|
|
|
for (User _user : _users) {
|
|
|
|
|
JsonObject user = users.createNestedObject();
|
|
|
|
|
user["username"] = _user.getUsername();
|
|
|
|
|
user["password"] = _user.getPassword();
|
2019-05-24 11:19:27 +00:00
|
|
|
JsonArray roles = user.createNestedArray("roles");
|
|
|
|
|
for (String _role : _user.getRoles()){
|
|
|
|
|
roles.add(_role);
|
|
|
|
|
}
|
2019-04-30 22:49:28 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2019-04-29 23:30:43 +00:00
|
|
|
void SecurityManager::begin() {
|
2019-05-02 23:31:20 +00:00
|
|
|
// read config
|
2019-04-30 22:49:28 +00:00
|
|
|
readFromFS();
|
2019-05-02 23:31:20 +00:00
|
|
|
|
|
|
|
|
// configure secret
|
2019-05-06 14:50:19 +00:00
|
|
|
jwtHandler.setSecret(_jwtSecret);
|
2019-04-29 23:30:43 +00:00
|
|
|
}
|
|
|
|
|
|
2019-05-18 18:35:27 +00:00
|
|
|
Authentication SecurityManager::authenticateRequest(AsyncWebServerRequest *request) {
|
|
|
|
|
AsyncWebHeader* authorizationHeader = request->getHeader(AUTHORIZATION_HEADER);
|
|
|
|
|
if (authorizationHeader) {
|
|
|
|
|
String value = authorizationHeader->value();
|
|
|
|
|
value.startsWith(AUTHORIZATION_HEADER_PREFIX);
|
|
|
|
|
value = value.substring(AUTHORIZATION_HEADER_PREFIX_LEN);
|
|
|
|
|
return authenticateJWT(value);
|
|
|
|
|
}
|
|
|
|
|
return Authentication();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
Authentication SecurityManager::authenticateJWT(String jwt) {
|
|
|
|
|
DynamicJsonDocument payloadDocument(MAX_JWT_SIZE);
|
|
|
|
|
jwtHandler.parseJWT(jwt, payloadDocument);
|
|
|
|
|
if (payloadDocument.is<JsonObject>()) {
|
|
|
|
|
JsonObject parsedPayload = payloadDocument.as<JsonObject>();
|
|
|
|
|
String username = parsedPayload["username"];
|
2019-05-15 23:19:41 +00:00
|
|
|
for (User _user : _users) {
|
2019-05-18 18:35:27 +00:00
|
|
|
if (_user.getUsername() == username && validatePayload(parsedPayload, &_user)){
|
|
|
|
|
return Authentication(_user);
|
2019-05-15 23:19:41 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2019-05-18 18:35:27 +00:00
|
|
|
return Authentication();
|
2019-04-29 23:30:43 +00:00
|
|
|
}
|
2019-04-30 22:49:28 +00:00
|
|
|
|
2019-05-15 23:19:41 +00:00
|
|
|
Authentication SecurityManager::authenticate(String username, String password) {
|
2019-04-30 22:49:28 +00:00
|
|
|
for (User _user : _users) {
|
|
|
|
|
if (_user.getUsername() == username && _user.getPassword() == password){
|
2019-05-18 18:35:27 +00:00
|
|
|
return Authentication(_user);
|
2019-04-30 22:49:28 +00:00
|
|
|
}
|
|
|
|
|
}
|
2019-05-18 18:35:27 +00:00
|
|
|
return Authentication();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
inline void populateJWTPayload(JsonObject &payload, User *user) {
|
|
|
|
|
payload["username"] = user->getUsername();
|
2019-05-24 11:19:27 +00:00
|
|
|
JsonArray roles = payload.createNestedArray("roles");
|
|
|
|
|
for (String _role : user->getRoles()){
|
|
|
|
|
roles.add(_role);
|
|
|
|
|
}
|
2019-05-18 18:35:27 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
boolean SecurityManager::validatePayload(JsonObject &parsedPayload, User *user) {
|
|
|
|
|
DynamicJsonDocument _jsonDocument(MAX_JWT_SIZE);
|
|
|
|
|
JsonObject payload = _jsonDocument.to<JsonObject>();
|
|
|
|
|
populateJWTPayload(payload, user);
|
|
|
|
|
return payload == parsedPayload;
|
2019-04-29 23:30:43 +00:00
|
|
|
}
|
|
|
|
|
|
2019-05-18 18:35:27 +00:00
|
|
|
String SecurityManager::generateJWT(User *user) {
|
2019-05-15 23:19:41 +00:00
|
|
|
DynamicJsonDocument _jsonDocument(MAX_JWT_SIZE);
|
2019-05-18 18:35:27 +00:00
|
|
|
JsonObject payload = _jsonDocument.to<JsonObject>();
|
|
|
|
|
populateJWTPayload(payload, user);
|
|
|
|
|
return jwtHandler.buildJWT(payload);
|
2019-04-29 23:30:43 +00:00
|
|
|
}
|
