Add userToken Auth

2025-03-01 10:33:28 +00:00 · 2019-08-29 18:17:06 +02:00
parent 7f444a5a92
commit 034bd164a2
5 changed files with 113 additions and 4 deletions
--- a/include/api/JsonAPI.h
+++ b/include/api/JsonAPI.h
@@ -91,6 +91,11 @@ signals:
 	///
 	void forwardJsonMessage(QJsonObject);

+	///
+	/// @brief The API might decide to block connections for security reasons, this emitter should close the socket
+	///
+	void forceClose();
+
 private:
 	/// Auth management pointer
 	AuthManager* _authManager;
--- a/include/db/AuthTable.h
+++ b/include/db/AuthTable.h
@@ -80,6 +80,52 @@ public:
 		return false;
 	}

+	///
+	/// @brief Test if a user token is authorized for access.
+	/// @param usr   The user name
+	/// @param token The token
+	/// @return       True on success else false
+	///
+	inline bool isUserTokenAuthorized(const QString& usr, const QString& token)
+	{
+		if(getUserToken(usr) == token.toUtf8())
+		{
+			updateUserUsed(usr);
+			return true;
+		}
+		return false;
+	}
+
+	///
+	/// @brief Update token of a user. It's an alternate login path which is replaced on startup. This token is NOT hashed(!)
+	/// @param user   The user name
+	/// @return       True on success else false
+	///
+	inline bool setUserToken(const QString& user)
+	{
+		QVariantMap map;
+		map["token"] = QCryptographicHash::hash(QUuid::createUuid().toByteArray(), QCryptographicHash::Sha512).toHex();
+
+		VectorPair cond;
+		cond.append(CPair("user", user));
+		return updateRecord(cond, map);
+	}
+
+	///
+	/// @brief Get token of a user. This token is NOT hashed(!)
+	/// @param user   The user name
+	/// @return       The token
+	///
+	inline const QByteArray getUserToken(const QString& user)
+	{
+		QVariantMap results;
+		VectorPair cond;
+		cond.append(CPair("user", user));
+		getRecord(cond, results, QStringList()<<"token");
+
+		return results["token"].toByteArray();
+	}
+
 	///
 	/// @brief update password of given user. The user should be tested (isUserAuthorized) to verify this change
 	/// @param user   The user name
--- a/include/hyperion/AuthManager.h
+++ b/include/hyperion/AuthManager.h
@@ -61,6 +61,19 @@ public:
 	///
 	const bool & isLocalAdminAuthRequired() { return _localAdminAuthRequired; };

+	///
+	/// @brief Check if Hyperion user has default password
+	/// @return       True if so, else false
+	///
+	const bool hasHyperionDefaultPw() { return isUserAuthorized("Hyperion","hyperion"); };
+
+	///
+	/// @brief Get the current valid token for user. Make sure this call is allowed!
+	/// @param For the defined user
+	/// @return       The token
+	///
+	const QString getUserToken(const QString & usr = "Hyperion");
+
 	///
 	/// @brief Reset Hyperion user
 	/// @return        True on success else false
@@ -89,6 +102,14 @@ public:
 	///
 	bool isTokenAuthorized(const QString& token);

+	///
+	/// @brief Check if token is authorized
+	/// @param  usr    The username
+	/// @param  token  The token
+	/// @return        True if authorized else false
+	///
+	bool isUserTokenAuthorized(const QString& usr, const QString& token);
+
 	///
 	/// @brief Change password of user
 	/// @param  user  The username