WIP - more experimenting with the security manager

This commit is contained in:
Rick Watson 2019-05-16 00:19:41 +01:00
parent cf693ca341
commit 7817010533
3 changed files with 56 additions and 20 deletions

View File

@ -1,6 +1,7 @@
#ifndef Async_Json_Request_Web_Handler_H_ #ifndef Async_Json_Request_Web_Handler_H_
#define Async_Json_Request_Web_Handler_H_ #define Async_Json_Request_Web_Handler_H_
#include <ESPAsyncWebServer.h>
#include <ArduinoJson.h> #include <ArduinoJson.h>
#define ASYNC_JSON_REQUEST_DEFAULT_MAX_SIZE 1024 #define ASYNC_JSON_REQUEST_DEFAULT_MAX_SIZE 1024

View File

@ -74,9 +74,11 @@ void SecurityManager::signIn(AsyncWebServerRequest *request, JsonDocument &jsonD
// authenticate user // authenticate user
String username = jsonDocument["username"]; String username = jsonDocument["username"];
String password = jsonDocument["password"]; String password = jsonDocument["password"];
User user = authenticate(username, password); Authentication authentication = authenticate(username, password);
if (authentication.isAuthenticated()) {
User& user = authentication.getUser();
if (user.isAuthenticated()) {
// create JWT // create JWT
DynamicJsonDocument _jsonDocument(MAX_JWT_SIZE); DynamicJsonDocument _jsonDocument(MAX_JWT_SIZE);
JsonObject jwt = _jsonDocument.to<JsonObject>(); JsonObject jwt = _jsonDocument.to<JsonObject>();
@ -104,7 +106,6 @@ void SecurityManager::testVerification(AsyncWebServerRequest *request, JsonDocum
DynamicJsonDocument parsedJwt(MAX_JWT_SIZE); DynamicJsonDocument parsedJwt(MAX_JWT_SIZE);
jwtHandler.parseJWT(accessToken, parsedJwt); jwtHandler.parseJWT(accessToken, parsedJwt);
if (parsedJwt.is<JsonObject>()){ if (parsedJwt.is<JsonObject>()){
// authentication successful
AsyncWebServerResponse *response = request->beginResponse(200); AsyncWebServerResponse *response = request->beginResponse(200);
request->send(response); request->send(response);
return; return;
@ -131,21 +132,36 @@ void SecurityManager::begin() {
jwtHandler.setSecret(_jwtSecret); jwtHandler.setSecret(_jwtSecret);
} }
User SecurityManager::verifyUser(String jwt) { /*
// TODO * TODO - VERIFY JWT IS CORRECT!
return NOT_AUTHENTICATED; */
Authentication SecurityManager::verify(String jwt) {
DynamicJsonDocument parsedJwt(MAX_JWT_SIZE);
jwtHandler.parseJWT(jwt, parsedJwt);
if (parsedJwt.is<JsonObject>()) {
String username = parsedJwt["username"];
for (User _user : _users) {
if (_user.getUsername() == username){
return Authentication::forUser(_user);
}
}
}
return Authentication::notAuthenticated();
} }
User SecurityManager::authenticate(String username, String password) { Authentication SecurityManager::authenticate(String username, String password) {
for (User _user : _users) { for (User _user : _users) {
if (_user.getUsername() == username && _user.getPassword() == password){ if (_user.getUsername() == username && _user.getPassword() == password){
return _user; return Authentication::forUser(_user);
} }
} }
return NOT_AUTHENTICATED; return Authentication::notAuthenticated();
} }
String SecurityManager::generateJWT(User user) { String SecurityManager::generateJWT(User user) {
// TODO DynamicJsonDocument _jsonDocument(MAX_JWT_SIZE);
return ""; JsonObject jwt = _jsonDocument.to<JsonObject>();
jwt["username"] = user.getUsername();
jwt["role"] = user.getRole();
return jwtHandler.buildJWT(jwt);
} }

View File

@ -43,13 +43,32 @@ class User {
String getRole() { String getRole() {
return _role; return _role;
} }
bool isAuthenticated() {
return _username != ANONYMOUS_USERNAME;
}
}; };
const User NOT_AUTHENTICATED = User(ANONYMOUS_USERNAME, ANONYMOUS_PASSWORD, ANONYMOUS_ROLE); const User NOT_AUTHENTICATED = User(ANONYMOUS_USERNAME, ANONYMOUS_PASSWORD, ANONYMOUS_ROLE);
class Authentication {
private:
User _user;
boolean _authenticated;
Authentication(User user, boolean authenticated) : _user(user), _authenticated(authenticated) {}
public:
// NOOP
~Authentication(){}
User& getUser() {
return _user;
}
bool isAuthenticated() {
return _authenticated;
}
static Authentication forUser(User user){
return Authentication(user, true);
}
static Authentication notAuthenticated(){
return Authentication(NOT_AUTHENTICATED, false);
}
};
class SecurityManager : public SettingsPersistence { class SecurityManager : public SettingsPersistence {
public: public:
@ -62,12 +81,12 @@ class SecurityManager : public SettingsPersistence {
/* /*
* Lookup the user by JWT * Lookup the user by JWT
*/ */
User verifyUser(String jwt); Authentication verify(String jwt);
/* /*
* Authenticate, returning the user if found. * Authenticate, returning the user if found.
*/ */
User authenticate(String username, String password); Authentication authenticate(String username, String password);
/* /*
* Generate a JWT for the user provided * Generate a JWT for the user provided