2019-07-12 16:54:26 +02:00
|
|
|
#pragma once
|
|
|
|
|
|
|
|
#include <utils/Logger.h>
|
|
|
|
#include <utils/settings.h>
|
|
|
|
|
|
|
|
//qt
|
|
|
|
#include <QMap>
|
2020-07-19 15:37:47 +02:00
|
|
|
#include <QVector>
|
2019-07-12 16:54:26 +02:00
|
|
|
|
|
|
|
class AuthTable;
|
2019-07-14 22:43:22 +02:00
|
|
|
class MetaTable;
|
2019-07-12 16:54:26 +02:00
|
|
|
class QTimer;
|
|
|
|
|
|
|
|
///
|
|
|
|
/// @brief Manage the authorization of user and tokens. This class is created once as part of the HyperionDaemon
|
|
|
|
/// To work with the global instance use AuthManager::getInstance()
|
|
|
|
///
|
|
|
|
class AuthManager : public QObject
|
|
|
|
{
|
|
|
|
Q_OBJECT
|
|
|
|
private:
|
|
|
|
friend class HyperionDaemon;
|
|
|
|
/// constructor is private, can be called from HyperionDaemon
|
2020-11-01 19:47:30 +01:00
|
|
|
AuthManager(QObject *parent = 0, bool readonlyMode = false);
|
2019-07-12 16:54:26 +02:00
|
|
|
|
|
|
|
public:
|
2020-03-26 17:59:41 +01:00
|
|
|
struct AuthDefinition
|
|
|
|
{
|
2019-07-12 16:54:26 +02:00
|
|
|
QString id;
|
|
|
|
QString comment;
|
2020-03-26 17:59:41 +01:00
|
|
|
QObject *caller;
|
2020-10-18 17:05:07 +02:00
|
|
|
int tan;
|
2019-07-12 16:54:26 +02:00
|
|
|
uint64_t timeoutTime;
|
|
|
|
QString token;
|
|
|
|
QString lastUse;
|
|
|
|
};
|
|
|
|
|
2019-07-14 22:43:22 +02:00
|
|
|
///
|
|
|
|
/// @brief Get the unique id (imported from removed class 'Stats')
|
|
|
|
/// @return The unique id
|
|
|
|
///
|
2020-08-08 23:12:43 +02:00
|
|
|
QString getID() const { return _uuid; }
|
2019-07-12 16:54:26 +02:00
|
|
|
|
|
|
|
///
|
|
|
|
/// @brief Check authorization is required according to the user setting
|
|
|
|
/// @return True if authorization required else false
|
|
|
|
///
|
2020-08-08 23:12:43 +02:00
|
|
|
bool isAuthRequired() const { return _authRequired; }
|
2019-07-12 16:54:26 +02:00
|
|
|
|
|
|
|
///
|
|
|
|
/// @brief Check if authorization is required for local network connections
|
|
|
|
/// @return True if authorization required else false
|
|
|
|
///
|
2020-08-08 23:12:43 +02:00
|
|
|
bool isLocalAuthRequired() const { return _localAuthRequired; }
|
2019-09-17 21:33:46 +02:00
|
|
|
|
|
|
|
///
|
|
|
|
/// @brief Check if authorization is required for local network connections for admin access
|
|
|
|
/// @return True if authorization required else false
|
|
|
|
///
|
2020-08-08 23:12:43 +02:00
|
|
|
bool isLocalAdminAuthRequired() const { return _localAdminAuthRequired; }
|
2019-09-17 21:33:46 +02:00
|
|
|
|
|
|
|
///
|
2020-03-26 17:59:41 +01:00
|
|
|
/// @brief Reset Hyperion user
|
|
|
|
/// @return True on success else false
|
2019-09-17 21:33:46 +02:00
|
|
|
///
|
2020-03-26 17:59:41 +01:00
|
|
|
bool resetHyperionUser();
|
2019-09-17 21:33:46 +02:00
|
|
|
|
|
|
|
///
|
2020-03-26 17:59:41 +01:00
|
|
|
/// @brief Check if user auth is temporary blocked due to failed attempts
|
|
|
|
/// @return True on blocked and no further Auth requests will be accepted
|
2019-09-17 21:33:46 +02:00
|
|
|
///
|
2020-08-08 23:12:43 +02:00
|
|
|
bool isUserAuthBlocked() const { return (_userAuthAttempts.length() >= 10); }
|
2019-09-17 21:33:46 +02:00
|
|
|
|
|
|
|
///
|
2020-03-26 17:59:41 +01:00
|
|
|
/// @brief Check if token auth is temporary blocked due to failed attempts
|
|
|
|
/// @return True on blocked and no further Auth requests will be accepted
|
2019-09-17 21:33:46 +02:00
|
|
|
///
|
2020-08-08 23:12:43 +02:00
|
|
|
bool isTokenAuthBlocked() const { return (_tokenAuthAttempts.length() >= 25); }
|
2019-07-12 16:54:26 +02:00
|
|
|
|
2020-03-26 17:59:41 +01:00
|
|
|
/// Pointer of this instance
|
|
|
|
static AuthManager *manager;
|
|
|
|
/// Get Pointer of this instance
|
2020-08-08 23:12:43 +02:00
|
|
|
static AuthManager *getInstance() { return manager; }
|
2020-03-26 17:59:41 +01:00
|
|
|
|
|
|
|
public slots:
|
2019-07-12 16:54:26 +02:00
|
|
|
|
|
|
|
///
|
|
|
|
/// @brief Check if user is authorized
|
|
|
|
/// @param user The username
|
|
|
|
/// @param pw The password
|
|
|
|
/// @return True if authorized else false
|
|
|
|
///
|
2020-03-26 17:59:41 +01:00
|
|
|
bool isUserAuthorized(const QString &user, const QString &pw);
|
2019-07-12 16:54:26 +02:00
|
|
|
|
|
|
|
///
|
|
|
|
/// @brief Check if token is authorized
|
|
|
|
/// @param token The token
|
|
|
|
/// @return True if authorized else false
|
|
|
|
///
|
2020-03-26 17:59:41 +01:00
|
|
|
bool isTokenAuthorized(const QString &token);
|
2019-07-12 16:54:26 +02:00
|
|
|
|
2019-09-17 21:33:46 +02:00
|
|
|
///
|
|
|
|
/// @brief Check if token is authorized
|
|
|
|
/// @param usr The username
|
|
|
|
/// @param token The token
|
|
|
|
/// @return True if authorized else false
|
|
|
|
///
|
2020-03-26 17:59:41 +01:00
|
|
|
bool isUserTokenAuthorized(const QString &usr, const QString &token);
|
2019-09-17 21:33:46 +02:00
|
|
|
|
|
|
|
///
|
2020-03-26 17:59:41 +01:00
|
|
|
/// @brief Create a new token and skip the usual chain
|
|
|
|
/// @param comment The comment that should be used for
|
|
|
|
/// @return The new Auth definition
|
2019-09-17 21:33:46 +02:00
|
|
|
///
|
2020-03-26 17:59:41 +01:00
|
|
|
AuthManager::AuthDefinition createToken(const QString &comment);
|
2019-09-17 21:33:46 +02:00
|
|
|
|
|
|
|
///
|
2020-03-26 17:59:41 +01:00
|
|
|
/// @brief Rename a token by id
|
|
|
|
/// @param id The token id
|
|
|
|
/// @param comment The new comment
|
|
|
|
/// @return True on success else false (or not found)
|
2019-09-17 21:33:46 +02:00
|
|
|
///
|
2020-03-26 17:59:41 +01:00
|
|
|
bool renameToken(const QString &id, const QString &comment);
|
|
|
|
|
|
|
|
///
|
|
|
|
/// @brief Delete a token by id
|
|
|
|
/// @param id The token id
|
|
|
|
/// @return True on success else false (or not found)
|
|
|
|
///
|
|
|
|
bool deleteToken(const QString &id);
|
2019-09-17 21:33:46 +02:00
|
|
|
|
|
|
|
///
|
|
|
|
/// @brief Change password of user
|
|
|
|
/// @param user The username
|
|
|
|
/// @param pw The CURRENT password
|
|
|
|
/// @param newPw The new password
|
|
|
|
/// @return True on success else false
|
|
|
|
///
|
2020-03-26 17:59:41 +01:00
|
|
|
bool updateUserPassword(const QString &user, const QString &pw, const QString &newPw);
|
2019-09-17 21:33:46 +02:00
|
|
|
|
2019-07-12 16:54:26 +02:00
|
|
|
///
|
|
|
|
/// @brief Generate a new pending token request with the provided comment and id as identifier helper
|
|
|
|
/// @param caller The QObject of the caller to deliver the reply
|
|
|
|
/// @param comment The comment as ident helper
|
|
|
|
/// @param id The id created by the caller
|
2020-10-18 17:05:07 +02:00
|
|
|
/// @param tan The tan created by the caller
|
2019-07-12 16:54:26 +02:00
|
|
|
///
|
2020-10-18 17:05:07 +02:00
|
|
|
void setNewTokenRequest(QObject *caller, const QString &comment, const QString &id, const int &tan = 0);
|
2019-07-12 16:54:26 +02:00
|
|
|
|
|
|
|
///
|
2020-03-26 17:59:41 +01:00
|
|
|
/// @brief Cancel a pending token request with the provided comment and id as identifier helper
|
|
|
|
/// @param caller The QObject of the caller to deliver the reply
|
|
|
|
/// @param id The id created by the caller
|
2019-07-12 16:54:26 +02:00
|
|
|
///
|
2020-10-18 17:05:07 +02:00
|
|
|
void cancelNewTokenRequest(QObject *caller, const QString &, const QString &id);
|
2019-07-12 16:54:26 +02:00
|
|
|
|
|
|
|
///
|
2020-03-26 17:59:41 +01:00
|
|
|
/// @brief Handle a token request by id, generate token and inform token caller or deny
|
2019-07-12 16:54:26 +02:00
|
|
|
/// @param id The id of the request
|
2020-03-26 17:59:41 +01:00
|
|
|
/// @param accept The accept or deny the request
|
2019-07-12 16:54:26 +02:00
|
|
|
///
|
2020-08-08 13:09:15 +02:00
|
|
|
void handlePendingTokenRequest(const QString &id, bool accept);
|
2019-07-12 16:54:26 +02:00
|
|
|
|
|
|
|
///
|
|
|
|
/// @brief Get pending requests
|
|
|
|
/// @return All pending requests
|
|
|
|
///
|
2020-08-08 23:12:43 +02:00
|
|
|
QVector<AuthManager::AuthDefinition> getPendingRequests() const;
|
2019-07-12 16:54:26 +02:00
|
|
|
|
|
|
|
///
|
2020-03-26 17:59:41 +01:00
|
|
|
/// @brief Get the current valid token for user. Make sure this call is allowed!
|
|
|
|
/// @param usr the defined user
|
|
|
|
/// @return The token
|
2019-07-12 16:54:26 +02:00
|
|
|
///
|
2020-08-08 23:12:43 +02:00
|
|
|
QString getUserToken(const QString &usr = "Hyperion") const;
|
2019-07-12 16:54:26 +02:00
|
|
|
|
2020-03-26 17:59:41 +01:00
|
|
|
///
|
|
|
|
/// @brief Get all available token entries
|
|
|
|
///
|
2020-08-08 23:12:43 +02:00
|
|
|
QVector<AuthManager::AuthDefinition> getTokenList() const;
|
2019-07-12 16:54:26 +02:00
|
|
|
|
|
|
|
///
|
|
|
|
/// @brief Handle settings update from Hyperion Settingsmanager emit
|
|
|
|
/// @param type settings type from enum
|
|
|
|
/// @param config configuration object
|
|
|
|
///
|
2020-08-08 13:09:15 +02:00
|
|
|
void handleSettingsUpdate(settings::type type, const QJsonDocument &config);
|
2019-07-12 16:54:26 +02:00
|
|
|
|
|
|
|
signals:
|
|
|
|
///
|
|
|
|
/// @brief Emits whenever a new token Request has been created along with the id and comment
|
|
|
|
/// @param id The id of the request
|
2020-03-26 17:59:41 +01:00
|
|
|
/// @param comment The comment of the request; If the comment is EMPTY, it's a revoke of the caller!
|
2019-07-12 16:54:26 +02:00
|
|
|
///
|
2020-03-26 17:59:41 +01:00
|
|
|
void newPendingTokenRequest(const QString &id, const QString &comment);
|
2019-07-12 16:54:26 +02:00
|
|
|
|
|
|
|
///
|
|
|
|
/// @brief Emits when the user has accepted or denied a token
|
|
|
|
/// @param success If true the request was accepted else false and no token will be available
|
|
|
|
/// @param caller The origin caller instance who requested this token
|
|
|
|
/// @param token The new token that is now valid
|
|
|
|
/// @param comment The comment that was part of the request
|
|
|
|
/// @param id The id that was part of the request
|
2020-10-18 17:05:07 +02:00
|
|
|
/// @param tan The tan that was part of the request
|
2019-07-12 16:54:26 +02:00
|
|
|
///
|
2020-10-18 17:05:07 +02:00
|
|
|
void tokenResponse(bool success, QObject *caller, const QString &token, const QString &comment, const QString &id, const int &tan);
|
2020-03-26 17:59:41 +01:00
|
|
|
|
|
|
|
///
|
|
|
|
/// @brief Emits whenever the token list changes
|
|
|
|
/// @param data The full list of tokens
|
|
|
|
///
|
|
|
|
void tokenChange(QVector<AuthManager::AuthDefinition>);
|
2019-07-12 16:54:26 +02:00
|
|
|
|
|
|
|
private:
|
2019-09-17 21:33:46 +02:00
|
|
|
///
|
|
|
|
/// @brief Increment counter for token/user auth
|
|
|
|
/// @param user If true we increment USER auth instead of token
|
|
|
|
///
|
2020-08-08 13:09:15 +02:00
|
|
|
void setAuthBlock(bool user = false);
|
2019-09-17 21:33:46 +02:00
|
|
|
|
2019-07-12 16:54:26 +02:00
|
|
|
/// Database interface for auth table
|
2020-03-26 17:59:41 +01:00
|
|
|
AuthTable *_authTable;
|
2019-07-12 16:54:26 +02:00
|
|
|
|
2019-07-14 22:43:22 +02:00
|
|
|
/// Database interface for meta table
|
2020-03-26 17:59:41 +01:00
|
|
|
MetaTable *_metaTable;
|
2019-07-14 22:43:22 +02:00
|
|
|
|
|
|
|
/// Unique ID (imported from removed class 'Stats')
|
|
|
|
QString _uuid;
|
|
|
|
|
2019-07-12 16:54:26 +02:00
|
|
|
/// All pending requests
|
2020-03-26 17:59:41 +01:00
|
|
|
QMap<QString, AuthDefinition> _pendingRequests;
|
2019-07-12 16:54:26 +02:00
|
|
|
|
|
|
|
/// Reflect state of global auth
|
|
|
|
bool _authRequired;
|
|
|
|
|
|
|
|
/// Reflect state of local auth
|
|
|
|
bool _localAuthRequired;
|
|
|
|
|
2019-09-17 21:33:46 +02:00
|
|
|
/// Reflect state of local admin auth
|
|
|
|
bool _localAdminAuthRequired;
|
|
|
|
|
2019-07-12 16:54:26 +02:00
|
|
|
/// Timer for counting against pendingRequest timeouts
|
2020-03-26 17:59:41 +01:00
|
|
|
QTimer *_timer;
|
2019-07-12 16:54:26 +02:00
|
|
|
|
2019-09-17 21:33:46 +02:00
|
|
|
// Timer which cleans up the block counter
|
2020-03-26 17:59:41 +01:00
|
|
|
QTimer *_authBlockTimer;
|
2019-09-17 21:33:46 +02:00
|
|
|
|
|
|
|
// Contains timestamps of failed user login attempts
|
|
|
|
QVector<uint64_t> _userAuthAttempts;
|
|
|
|
|
|
|
|
// Contains timestamps of failed token login attempts
|
|
|
|
QVector<uint64_t> _tokenAuthAttempts;
|
|
|
|
|
2019-07-12 16:54:26 +02:00
|
|
|
private slots:
|
|
|
|
///
|
|
|
|
/// @brief Check timeout of pending requests
|
|
|
|
///
|
|
|
|
void checkTimeout();
|
2019-09-17 21:33:46 +02:00
|
|
|
|
|
|
|
///
|
|
|
|
/// @brief Check if there are timeouts for failed login attempts
|
|
|
|
///
|
|
|
|
void checkAuthBlockTimeout();
|
2020-07-19 15:37:47 +02:00
|
|
|
};
|