Feat: Add Admin API (#617)

* Push progress TODO: rework RESET, probably to main.cpp again * resetPassword rework * enable administration restriction * add short cmd for userdata * Js apis * Refactor JsonCB class * Add userToken Auth * Feat: Close connection if ext clients when def pw is set * Feat: Protect db against pw/token tests * WebUi PW Support (#9) * Initial WebUi Password Support * Small changes * Initial WebUi Password Support * Small changes * Basic WebUi Token support * added "removeStorage", added uiLock, updated login page * Small improvments * Small change * Fix: prevent downgrade of authorization * Add translation for localAdminAuth * Feat: Show always save button in led layout * Revert "Feat: Show always save button in led layout" This reverts commit caad1dfcde. * Feat: Password change link in notification * Fix: body padding modal overlap * Feat: Add instance index to response on switch * prevent schema error Signed-off-by: Paulchen-Panther <Paulchen-Panter@protonmail.com> * Feat: add pw save * Feat: callout settings/pw replaced with notification
2025-03-01 10:33:28 +00:00 · 2019-09-17 21:33:46 +02:00
parent 04c3bc8cc9
commit 5e559627be
28 changed files with 8047 additions and 137 deletions
--- a/include/db/AuthTable.h
+++ b/include/db/AuthTable.h
@@ -16,9 +16,14 @@ class AuthTable : public DBManager

 public:
 	/// construct wrapper with auth table
-	AuthTable(QObject* parent = nullptr)
+	AuthTable(const QString& rootPath = "", QObject* parent = nullptr)
 		: DBManager(parent)
 	{
+		if(!rootPath.isEmpty()){
+			// Init Hyperion database usage
+			setRootPath(rootPath);
+			setDatabaseName("hyperion");
+		}
 		// init Auth table
 		setTable("auth");
 		// create table columns
@@ -75,6 +80,82 @@ public:
 		return false;
 	}

+	///
+	/// @brief Test if a user token is authorized for access.
+	/// @param usr   The user name
+	/// @param token The token
+	/// @return       True on success else false
+	///
+	inline bool isUserTokenAuthorized(const QString& usr, const QString& token)
+	{
+		if(getUserToken(usr) == token.toUtf8())
+		{
+			updateUserUsed(usr);
+			return true;
+		}
+		return false;
+	}
+
+	///
+	/// @brief Update token of a user. It's an alternate login path which is replaced on startup. This token is NOT hashed(!)
+	/// @param user   The user name
+	/// @return       True on success else false
+	///
+	inline bool setUserToken(const QString& user)
+	{
+		QVariantMap map;
+		map["token"] = QCryptographicHash::hash(QUuid::createUuid().toByteArray(), QCryptographicHash::Sha512).toHex();
+
+		VectorPair cond;
+		cond.append(CPair("user", user));
+		return updateRecord(cond, map);
+	}
+
+	///
+	/// @brief Get token of a user. This token is NOT hashed(!)
+	/// @param user   The user name
+	/// @return       The token
+	///
+	inline const QByteArray getUserToken(const QString& user)
+	{
+		QVariantMap results;
+		VectorPair cond;
+		cond.append(CPair("user", user));
+		getRecord(cond, results, QStringList()<<"token");
+
+		return results["token"].toByteArray();
+	}
+
+	///
+	/// @brief update password of given user. The user should be tested (isUserAuthorized) to verify this change
+	/// @param user   The user name
+	/// @param newPw  The new password to set
+	/// @return       True on success else false
+	///
+	inline bool updateUserPassword(const QString& user, const QString& newPw)
+	{
+		QVariantMap map;
+		map["password"] = calcPasswordHashOfUser(user, newPw);
+
+		VectorPair cond;
+		cond.append(CPair("user", user));
+		return updateRecord(cond, map);
+	}
+
+	///
+	/// @brief Reset password of Hyperion user !DANGER! Used in Hyperion main.cpp
+	/// @return       True on success else false
+	///
+	inline bool resetHyperionUser()
+	{
+		QVariantMap map;
+		map["password"] = calcPasswordHashOfUser("Hyperion", "hyperion");
+
+		VectorPair cond;
+		cond.append(CPair("user", "Hyperion"));
+		return updateRecord(cond, map);
+	}
+
 	///
 	/// @brief Update 'last_use' column entry for the corresponding user
 	/// @param[in]  user   The user to search for