playing with some ideas for security management

2019-04-30 23:49:28 +01:00 · 2019-04-30 23:49:28 +01:00 · eca14cf81c
commit eca14cf81c
parent a05129be38
4 changed files with 75 additions and 27 deletions
--- a/data/config/securitySettings.json
+++ b/data/config/securitySettings.json
@ -1,5 +1,6 @@
 {
    "jwt_secret":"esp8266-react",
    "roles": ["admin", "guest"],
    "users": [
        {
            "username": "admin",
--- a/src/SecurityManager.cpp
+++ b/src/SecurityManager.cpp
@ -1,51 +1,84 @@
 #include <SecurityManager.h>
 SecurityManager::SecurityManager(AsyncWebServer* server, FS* fs) : SettingsPersistence(fs, SECURITY_SETTINGS_FILE) {
  server->on(USERS_PATH, HTTP_GET, std::bind(&SecurityManager::fetchUsers, this, std::placeholders::_1));
 }
 SecurityManager::~SecurityManager() {}
 void SecurityManager::readFromJsonObject(JsonObject& root) {
  // secret  
  _jwtSecret = root["jwt_secret"] | DEFAULT_JWT_SECRET;
-  while (_numUsers > 0){
+  // roles
-    delete _users[--_numUsers];
+  _roles.clear();
  if (root["roles"].is<JsonArray>()) {
    JsonArray roles = root["roles"];
    for (JsonVariant role : roles) {
      _roles.push_back(role.as<String>());
    }
  }
  // users
  _users.clear();
  if (root["users"].is<JsonArray>()) {
    JsonArray users = root["users"];
-    _numUsers = 0;
+    for (JsonVariant user : users) {
-    // TODO - complete defence against bad data
+      String username =  user["username"];
    for (int i =0; i < min(SECURITY_MANAGER_MAX_USERS, (int) users.size()); i++){
      JsonObject user = users[i];
      String username =  user["username"];;
      String password = user["password"];
      String role = user["role"];
-      _users[_numUsers++] = new User(username, password, role);
+      _users.push_back(User(username, password, role));
    }
  }
 }
 void SecurityManager::writeToJsonObject(JsonObject& root) {
-  // TODO
+  // secret
  root["jwt_secret"] = _jwtSecret;
  // roles
  JsonArray roles = root.createNestedArray("roles");
  for (String _role : _roles) {
    roles.add(_role);
  }
  // users
  JsonArray users = root.createNestedArray("users");
  for (User _user : _users) {
    JsonObject user = users.createNestedObject();
    user["username"] = _user.getUsername();
    user["password"] = _user.getPassword();
    user["role"] = _user.getRole();
  }
 }
 void SecurityManager::fetchUsers(AsyncWebServerRequest *request) {
  AsyncJsonResponse * response = new AsyncJsonResponse(MAX_USERS_SIZE);
  JsonObject jsonObject = response->getRoot();  
  writeToJsonObject(jsonObject);
  response->setLength();
  request->send(response);
 }
 void SecurityManager::begin() {
-  // TODO
+  readFromFS();
 }
 User SecurityManager::verifyUser(String jwt) {
  // TODO
  return NOT_AUTHENTICATED;
 }
-User authenticate(String username, String password) {
+
-  // TODO
+User SecurityManager::authenticate(String username, String password) {
  for (User _user : _users) {
    if (_user.getUsername() == username && _user.getPassword() == password){
      return _user;
    }
  }
  return NOT_AUTHENTICATED;
 }
-String generateJWT(User user) {
+String SecurityManager::generateJWT(User user) {
  // TODO
  return "";
 }
--- a/src/SecurityManager.h
+++ b/src/SecurityManager.h
@ -1,5 +1,8 @@
-#ifndef APSettingsConfig_h
+#ifndef SecurityManager_h
-#define APSettingsConfig_h
+#define SecurityManager_h
 #include <list>
 #include <ArduinoJWT.h>
 #include <SettingsService.h>
 #include <DNSServer.h>
@ -8,16 +11,17 @@
 #define DEFAULT_JWT_SECRET "esp8266-react"
 #define SECURITY_SETTINGS_FILE "/config/securitySettings.json"
 #define USERS_PATH "/rest/users"
 #define AUTHENTICATE_PATH "/rest/authenticate"
 #define SECURITY_MANAGER_MAX_USERS 5
-#define UNAUTHENTICATED_USERNAME ""
+#define UNAUTHENTICATED_USERNAME "_anonymous"
 #define UNAUTHENTICATED_PASSWORD ""
 #define UNAUTHENTICATED_ROLE ""
-#define ROLE_ADMIN "admin"
+#define MAX_USERS_SIZE 1024
 #define ROLE_GUEST "guest"
 class User {
  private:
@ -38,9 +42,6 @@ class User {
    bool isAuthenticated() {
      return _username != UNAUTHENTICATED_USERNAME;
    }
    bool isAdmin() {
      return isAuthenticated() && _username == ROLE_ADMIN;
    }
 };
 const User NOT_AUTHENTICATED = User(UNAUTHENTICATED_USERNAME, UNAUTHENTICATED_PASSWORD, UNAUTHENTICATED_ROLE);
@ -55,7 +56,7 @@ class SecurityManager :  public SettingsPersistence {
    void begin();
    User verifyUser(String jwt);
-    User authenticate();
+    User authenticate(String username, String password);
    String generateJWT(User user);
  protected:
@ -65,10 +66,17 @@ class SecurityManager :  public SettingsPersistence {
  private:
    // server instance
    AsyncWebServer* _server;
    // access point settings
    String _jwtSecret;
-    User *_users[SECURITY_MANAGER_MAX_USERS];
+    std::list<String> _roles;
-    int _numUsers;
+    std::list<User> _users;
    // endpoint functions
    void fetchUsers(AsyncWebServerRequest *request);
 };
-#endif // end APSettingsConfig_h
+#endif // end SecurityManager_h
--- a/src/main.cpp
+++ b/src/main.cpp
@ -18,11 +18,14 @@
 #include <NTPStatus.h>
 #include <OTASettingsService.h>
 #include <APStatus.h>
 #include <SecurityManager.h>
 #define SERIAL_BAUD_RATE 115200
 AsyncWebServer server(80);
 SecurityManager securityManager = SecurityManager(&server, &SPIFFS);
 WiFiSettingsService wifiSettingsService = WiFiSettingsService(&server, &SPIFFS);
 APSettingsService apSettingsService = APSettingsService(&server, &SPIFFS);
 NTPSettingsService ntpSettingsService = NTPSettingsService(&server, &SPIFFS);
@ -40,6 +43,9 @@ void setup() {
    Serial.begin(SERIAL_BAUD_RATE);
    SPIFFS.begin();
    // start security manager
    securityManager.begin();
    // start services
    ntpSettingsService.begin();
    otaSettingsService.begin();