From 7817010533f9cb0293d59a2e747fcea73109f085 Mon Sep 17 00:00:00 2001 From: Rick Watson Date: Thu, 16 May 2019 00:19:41 +0100 Subject: [PATCH] WIP - more experimenting with the security manager --- src/AsyncJsonRequestWebHandler.h | 1 + src/SecurityManager.cpp | 46 +++++++++++++++++++++----------- src/SecurityManager.h | 29 ++++++++++++++++---- 3 files changed, 56 insertions(+), 20 deletions(-) diff --git a/src/AsyncJsonRequestWebHandler.h b/src/AsyncJsonRequestWebHandler.h index aa8498a..e149129 100644 --- a/src/AsyncJsonRequestWebHandler.h +++ b/src/AsyncJsonRequestWebHandler.h @@ -1,6 +1,7 @@ #ifndef Async_Json_Request_Web_Handler_H_ #define Async_Json_Request_Web_Handler_H_ +#include #include #define ASYNC_JSON_REQUEST_DEFAULT_MAX_SIZE 1024 diff --git a/src/SecurityManager.cpp b/src/SecurityManager.cpp index 73596b6..96091b5 100644 --- a/src/SecurityManager.cpp +++ b/src/SecurityManager.cpp @@ -74,9 +74,11 @@ void SecurityManager::signIn(AsyncWebServerRequest *request, JsonDocument &jsonD // authenticate user String username = jsonDocument["username"]; String password = jsonDocument["password"]; - User user = authenticate(username, password); + Authentication authentication = authenticate(username, password); + + if (authentication.isAuthenticated()) { + User& user = authentication.getUser(); - if (user.isAuthenticated()) { // create JWT DynamicJsonDocument _jsonDocument(MAX_JWT_SIZE); JsonObject jwt = _jsonDocument.to(); @@ -104,7 +106,6 @@ void SecurityManager::testVerification(AsyncWebServerRequest *request, JsonDocum DynamicJsonDocument parsedJwt(MAX_JWT_SIZE); jwtHandler.parseJWT(accessToken, parsedJwt); if (parsedJwt.is()){ - // authentication successful AsyncWebServerResponse *response = request->beginResponse(200); request->send(response); return; @@ -131,21 +132,36 @@ void SecurityManager::begin() { jwtHandler.setSecret(_jwtSecret); } -User SecurityManager::verifyUser(String jwt) { - // TODO - return NOT_AUTHENTICATED; -} - -User SecurityManager::authenticate(String username, String password) { - for (User _user : _users) { - if (_user.getUsername() == username && _user.getPassword() == password){ - return _user; +/* +* TODO - VERIFY JWT IS CORRECT! +*/ +Authentication SecurityManager::verify(String jwt) { + DynamicJsonDocument parsedJwt(MAX_JWT_SIZE); + jwtHandler.parseJWT(jwt, parsedJwt); + if (parsedJwt.is()) { + String username = parsedJwt["username"]; + for (User _user : _users) { + if (_user.getUsername() == username){ + return Authentication::forUser(_user); + } } } - return NOT_AUTHENTICATED; + return Authentication::notAuthenticated(); +} + +Authentication SecurityManager::authenticate(String username, String password) { + for (User _user : _users) { + if (_user.getUsername() == username && _user.getPassword() == password){ + return Authentication::forUser(_user); + } + } + return Authentication::notAuthenticated(); } String SecurityManager::generateJWT(User user) { - // TODO - return ""; + DynamicJsonDocument _jsonDocument(MAX_JWT_SIZE); + JsonObject jwt = _jsonDocument.to(); + jwt["username"] = user.getUsername(); + jwt["role"] = user.getRole(); + return jwtHandler.buildJWT(jwt); } diff --git a/src/SecurityManager.h b/src/SecurityManager.h index 2dd0352..6bb4d0a 100644 --- a/src/SecurityManager.h +++ b/src/SecurityManager.h @@ -43,13 +43,32 @@ class User { String getRole() { return _role; } - bool isAuthenticated() { - return _username != ANONYMOUS_USERNAME; - } }; const User NOT_AUTHENTICATED = User(ANONYMOUS_USERNAME, ANONYMOUS_PASSWORD, ANONYMOUS_ROLE); +class Authentication { + private: + User _user; + boolean _authenticated; + Authentication(User user, boolean authenticated) : _user(user), _authenticated(authenticated) {} + public: + // NOOP + ~Authentication(){} + User& getUser() { + return _user; + } + bool isAuthenticated() { + return _authenticated; + } + static Authentication forUser(User user){ + return Authentication(user, true); + } + static Authentication notAuthenticated(){ + return Authentication(NOT_AUTHENTICATED, false); + } +}; + class SecurityManager : public SettingsPersistence { public: @@ -62,12 +81,12 @@ class SecurityManager : public SettingsPersistence { /* * Lookup the user by JWT */ - User verifyUser(String jwt); + Authentication verify(String jwt); /* * Authenticate, returning the user if found. */ - User authenticate(String username, String password); + Authentication authenticate(String username, String password); /* * Generate a JWT for the user provided