WordClockESP/src/SecurityManager.cpp

#include <SecurityManager.h>

SecurityManager::SecurityManager(AsyncWebServer* server, FS* fs) :  SettingsService(server, fs, SECURITY_SETTINGS_PATH, SECURITY_SETTINGS_FILE) {}
SecurityManager::~SecurityManager() {}

void SecurityManager::readFromJsonObject(JsonObject& root) {
  // secret  
  _jwtSecret = root["jwt_secret"] | DEFAULT_JWT_SECRET;
  _jwtHandler.setSecret(_jwtSecret);

  // users
  _users.clear();
  if (root["users"].is<JsonArray>()) {
    for (JsonVariant user :  root["users"].as<JsonArray>()) {
      _users.push_back(User(user["username"], user["password"], user["admin"]));
    }
  }
}


void SecurityManager::writeToJsonObject(JsonObject& root) {
  // secret
  root["jwt_secret"] = _jwtSecret;

  // users
  JsonArray users = root.createNestedArray("users");
  for (User _user : _users) {
    JsonObject user = users.createNestedObject();
    user["username"] = _user.getUsername();
    user["password"] = _user.getPassword();
    user["admin"] = _user.isAdmin();
  }
}

void SecurityManager::begin() {
  readFromFS();
}

Authentication SecurityManager::authenticateRequest(AsyncWebServerRequest *request) {
  AsyncWebHeader* authorizationHeader = request->getHeader(AUTHORIZATION_HEADER);
  if (authorizationHeader) {
    String value = authorizationHeader->value();
    if (value.startsWith(AUTHORIZATION_HEADER_PREFIX)){
      value = value.substring(AUTHORIZATION_HEADER_PREFIX_LEN);
      return authenticateJWT(value);
    }   
  }  
  return Authentication();
}

Authentication SecurityManager::authenticateJWT(String jwt) {
  DynamicJsonDocument payloadDocument(MAX_JWT_SIZE);
  _jwtHandler.parseJWT(jwt, payloadDocument);
  if (payloadDocument.is<JsonObject>()) {
    JsonObject parsedPayload = payloadDocument.as<JsonObject>();
    String username = parsedPayload["username"];
    for (User _user : _users) {
      if (_user.getUsername() == username && validatePayload(parsedPayload, &_user)){
        return Authentication(_user);
      }
    }
  }
  return Authentication();
}

Authentication SecurityManager::authenticate(String username, String password) {
  for (User _user : _users) {
    if (_user.getUsername() == username && _user.getPassword() == password){
      return Authentication(_user);
    }
  }
  return Authentication();
}

inline void populateJWTPayload(JsonObject &payload, User *user) {
  payload["username"] = user->getUsername();
  payload["admin"] = user -> isAdmin();  
}

boolean SecurityManager::validatePayload(JsonObject &parsedPayload, User *user) {
  DynamicJsonDocument _jsonDocument(MAX_JWT_SIZE);      
  JsonObject payload = _jsonDocument.to<JsonObject>();
  populateJWTPayload(payload, user);
  return payload == parsedPayload;
}

String SecurityManager::generateJWT(User *user) {
  DynamicJsonDocument _jsonDocument(MAX_JWT_SIZE);      
  JsonObject payload = _jsonDocument.to<JsonObject>();
  populateJWTPayload(payload, user);
  return _jwtHandler.buildJWT(payload);
}
Start work on security manager 2019-04-29 23:30:43 +00:00			`#include <SecurityManager.h>`

rename endpoint 2019-05-27 20:21:05 +00:00			`SecurityManager::SecurityManager(AsyncWebServer* server, FS* fs) : SettingsService(server, fs, SECURITY_SETTINGS_PATH, SECURITY_SETTINGS_FILE) {}`
Start work on security manager 2019-04-29 23:30:43 +00:00			`SecurityManager::~SecurityManager() {}`

			`void SecurityManager::readFromJsonObject(JsonObject& root) {`
playing with some ideas for security management 2019-04-30 22:49:28 +00:00			`// secret`
Start work on security manager 2019-04-29 23:30:43 +00:00			`_jwtSecret = root["jwt_secret"] \| DEFAULT_JWT_SECRET;`
add security form, begin work on routing 2019-05-26 18:09:34 +00:00			`_jwtHandler.setSecret(_jwtSecret);`
Start work on security manager 2019-04-29 23:30:43 +00:00
playing with some ideas for security management 2019-04-30 22:49:28 +00:00			`// users`
			`_users.clear();`
Start work on security manager 2019-04-29 23:30:43 +00:00			`if (root["users"].is<JsonArray>()) {`
Upgrade to material ui 4 Add user management and roles - TBA Menu Label Renames - TBA 2019-05-24 11:19:27 +00:00			`for (JsonVariant user : root["users"].as<JsonArray>()) {`
remove roles, as a simplification 2019-05-25 08:45:49 +00:00			`_users.push_back(User(user["username"], user["password"], user["admin"]));`
Start work on security manager 2019-04-29 23:30:43 +00:00			`}`
			`}`
			`}`

Upgrade to material ui 4 Add user management and roles - TBA Menu Label Renames - TBA 2019-05-24 11:19:27 +00:00
Start work on security manager 2019-04-29 23:30:43 +00:00			`void SecurityManager::writeToJsonObject(JsonObject& root) {`
playing with some ideas for security management 2019-04-30 22:49:28 +00:00			`// secret`
			`root["jwt_secret"] = _jwtSecret;`

			`// users`
			`JsonArray users = root.createNestedArray("users");`
			`for (User _user : _users) {`
			`JsonObject user = users.createNestedObject();`
			`user["username"] = _user.getUsername();`
			`user["password"] = _user.getPassword();`
remove roles, as a simplification 2019-05-25 08:45:49 +00:00			`user["admin"] = _user.isAdmin();`
playing with some ideas for security management 2019-04-30 22:49:28 +00:00			`}`
			`}`

Start work on security manager 2019-04-29 23:30:43 +00:00			`void SecurityManager::begin() {`
playing with some ideas for security management 2019-04-30 22:49:28 +00:00			`readFromFS();`
Start work on security manager 2019-04-29 23:30:43 +00:00			`}`

add authentication service 2019-05-18 18:35:27 +00:00			`Authentication SecurityManager::authenticateRequest(AsyncWebServerRequest *request) {`
			`AsyncWebHeader* authorizationHeader = request->getHeader(AUTHORIZATION_HEADER);`
			`if (authorizationHeader) {`
			`String value = authorizationHeader->value();`
fix encoding where signature contains a zero 2019-05-25 16:41:27 +00:00			`if (value.startsWith(AUTHORIZATION_HEADER_PREFIX)){`
			`value = value.substring(AUTHORIZATION_HEADER_PREFIX_LEN);`
			`return authenticateJWT(value);`
			`}`
add authentication service 2019-05-18 18:35:27 +00:00			`}`
			`return Authentication();`
			`}`

			`Authentication SecurityManager::authenticateJWT(String jwt) {`
			`DynamicJsonDocument payloadDocument(MAX_JWT_SIZE);`
add security form, begin work on routing 2019-05-26 18:09:34 +00:00			`_jwtHandler.parseJWT(jwt, payloadDocument);`
add authentication service 2019-05-18 18:35:27 +00:00			`if (payloadDocument.is<JsonObject>()) {`
			`JsonObject parsedPayload = payloadDocument.as<JsonObject>();`
			`String username = parsedPayload["username"];`
WIP - more experimenting with the security manager 2019-05-15 23:19:41 +00:00			`for (User _user : _users) {`
add authentication service 2019-05-18 18:35:27 +00:00			`if (_user.getUsername() == username && validatePayload(parsedPayload, &_user)){`
			`return Authentication(_user);`
WIP - more experimenting with the security manager 2019-05-15 23:19:41 +00:00			`}`
			`}`
			`}`
add authentication service 2019-05-18 18:35:27 +00:00			`return Authentication();`
Start work on security manager 2019-04-29 23:30:43 +00:00			`}`
playing with some ideas for security management 2019-04-30 22:49:28 +00:00
WIP - more experimenting with the security manager 2019-05-15 23:19:41 +00:00			`Authentication SecurityManager::authenticate(String username, String password) {`
playing with some ideas for security management 2019-04-30 22:49:28 +00:00			`for (User _user : _users) {`
			`if (_user.getUsername() == username && _user.getPassword() == password){`
add authentication service 2019-05-18 18:35:27 +00:00			`return Authentication(_user);`
playing with some ideas for security management 2019-04-30 22:49:28 +00:00			`}`
			`}`
add authentication service 2019-05-18 18:35:27 +00:00			`return Authentication();`
			`}`

			`inline void populateJWTPayload(JsonObject &payload, User *user) {`
			`payload["username"] = user->getUsername();`
remove roles, as a simplification 2019-05-25 08:45:49 +00:00			`payload["admin"] = user -> isAdmin();`
add authentication service 2019-05-18 18:35:27 +00:00			`}`

			`boolean SecurityManager::validatePayload(JsonObject &parsedPayload, User *user) {`
			`DynamicJsonDocument _jsonDocument(MAX_JWT_SIZE);`
			`JsonObject payload = _jsonDocument.to<JsonObject>();`
			`populateJWTPayload(payload, user);`
			`return payload == parsedPayload;`
Start work on security manager 2019-04-29 23:30:43 +00:00			`}`

add authentication service 2019-05-18 18:35:27 +00:00			`String SecurityManager::generateJWT(User *user) {`
WIP - more experimenting with the security manager 2019-05-15 23:19:41 +00:00			`DynamicJsonDocument _jsonDocument(MAX_JWT_SIZE);`
add authentication service 2019-05-18 18:35:27 +00:00			`JsonObject payload = _jsonDocument.to<JsonObject>();`
			`populateJWTPayload(payload, user);`
add security form, begin work on routing 2019-05-26 18:09:34 +00:00			`return _jwtHandler.buildJWT(payload);`
Start work on security manager 2019-04-29 23:30:43 +00:00			`}`