hyperion.ng/include/hyperion/AuthManager.h
LordGrey efc2046ab5
Various Cleanups (#1075)
* LedDevice - Address clang findings

* Fix Windows Warnings

* Ensure newInput is initialised

* Clean-up unused elements for Plaform Capture

* Fix initialization problem and spellings

* Address clang findings and spelling corrections

* LedDevice clean-ups

* Cleanups

* Align that getLedCount is int

* Have "display" as default for Grabbers

* Fix config during start-up for missing elements

* Framegrabber Clean-up - Remove non supported grabbers from selection, filter valid options

* Typo

* Framegrabber.json - Fix property numbering

* Preselect active Grabbertype

* Sort Grabbernames

* Align options with selected element

* Fix deletion of pointer to incomplete type 'BonjourBrowserWrapper'

* Address macOS compile warnings

* Have default layout = 1 LED only to avoid errors as in #673

* Address lgtm findings

* Address finding that params passed to LedDevice discovery were not considered

* Cleanups after merging with latest master

* Update Changelog

* Address lgtm findings

* Fix comment

* Test Fix

* Fix Python Warning

* Handle Dummy Device assignment correctly

* Address delete called on non-final 'commandline::Option' that has virtual functions but non-virtual destructor

* Correct that QTimer.start accepts only int

* Have Release Python GIL & reset threat state chnage downward compatible

* Correct format specifier

* LedDevice - add assertions

* Readonly DB - Fix merge issue

* Smoothing - Fix wrong defaults

* LedDevice - correct assertion

* Show smoothing config set# in debug and related values.

* Suppress error on windows, if default file is "/dev/null"

* CMAKE - Allow to define QT_BASE_DIR dynamically via environment-variable

* Ignore Visual Studio specific files

Co-authored-by: Paulchen Panther <16664240+Paulchen-Panther@users.noreply.github.com>
2020-11-14 17:58:56 +01:00

265 lines
7.7 KiB
C++

#pragma once
#include <utils/Logger.h>
#include <utils/settings.h>
//qt
#include <QMap>
#include <QVector>
class AuthTable;
class MetaTable;
class QTimer;
///
/// @brief Manage the authorization of user and tokens. This class is created once as part of the HyperionDaemon
/// To work with the global instance use AuthManager::getInstance()
///
class AuthManager : public QObject
{
Q_OBJECT
private:
friend class HyperionDaemon;
/// constructor is private, can be called from HyperionDaemon
AuthManager(QObject *parent = nullptr, bool readonlyMode = false);
public:
struct AuthDefinition
{
QString id;
QString comment;
QObject *caller;
int tan;
uint64_t timeoutTime;
QString token;
QString lastUse;
};
///
/// @brief Get the unique id (imported from removed class 'Stats')
/// @return The unique id
///
QString getID() const { return _uuid; }
///
/// @brief Check authorization is required according to the user setting
/// @return True if authorization required else false
///
bool isAuthRequired() const { return _authRequired; }
///
/// @brief Check if authorization is required for local network connections
/// @return True if authorization required else false
///
bool isLocalAuthRequired() const { return _localAuthRequired; }
///
/// @brief Check if authorization is required for local network connections for admin access
/// @return True if authorization required else false
///
bool isLocalAdminAuthRequired() const { return _localAdminAuthRequired; }
///
/// @brief Reset Hyperion user
/// @return True on success else false
///
bool resetHyperionUser();
///
/// @brief Check if user auth is temporary blocked due to failed attempts
/// @return True on blocked and no further Auth requests will be accepted
///
bool isUserAuthBlocked() const { return (_userAuthAttempts.length() >= 10); }
///
/// @brief Check if token auth is temporary blocked due to failed attempts
/// @return True on blocked and no further Auth requests will be accepted
///
bool isTokenAuthBlocked() const { return (_tokenAuthAttempts.length() >= 25); }
/// Pointer of this instance
static AuthManager *manager;
/// Get Pointer of this instance
static AuthManager *getInstance() { return manager; }
public slots:
///
/// @brief Check if user is authorized
/// @param user The username
/// @param pw The password
/// @return True if authorized else false
///
bool isUserAuthorized(const QString &user, const QString &pw);
///
/// @brief Check if token is authorized
/// @param token The token
/// @return True if authorized else false
///
bool isTokenAuthorized(const QString &token);
///
/// @brief Check if token is authorized
/// @param usr The username
/// @param token The token
/// @return True if authorized else false
///
bool isUserTokenAuthorized(const QString &usr, const QString &token);
///
/// @brief Create a new token and skip the usual chain
/// @param comment The comment that should be used for
/// @return The new Auth definition
///
AuthManager::AuthDefinition createToken(const QString &comment);
///
/// @brief Rename a token by id
/// @param id The token id
/// @param comment The new comment
/// @return True on success else false (or not found)
///
bool renameToken(const QString &id, const QString &comment);
///
/// @brief Delete a token by id
/// @param id The token id
/// @return True on success else false (or not found)
///
bool deleteToken(const QString &id);
///
/// @brief Change password of user
/// @param user The username
/// @param pw The CURRENT password
/// @param newPw The new password
/// @return True on success else false
///
bool updateUserPassword(const QString &user, const QString &pw, const QString &newPw);
///
/// @brief Generate a new pending token request with the provided comment and id as identifier helper
/// @param caller The QObject of the caller to deliver the reply
/// @param comment The comment as ident helper
/// @param id The id created by the caller
/// @param tan The tan created by the caller
///
void setNewTokenRequest(QObject *caller, const QString &comment, const QString &id, const int &tan = 0);
///
/// @brief Cancel a pending token request with the provided comment and id as identifier helper
/// @param caller The QObject of the caller to deliver the reply
/// @param id The id created by the caller
///
void cancelNewTokenRequest(QObject *caller, const QString &, const QString &id);
///
/// @brief Handle a token request by id, generate token and inform token caller or deny
/// @param id The id of the request
/// @param accept The accept or deny the request
///
void handlePendingTokenRequest(const QString &id, bool accept);
///
/// @brief Get pending requests
/// @return All pending requests
///
QVector<AuthManager::AuthDefinition> getPendingRequests() const;
///
/// @brief Get the current valid token for user. Make sure this call is allowed!
/// @param usr the defined user
/// @return The token
///
QString getUserToken(const QString &usr = "Hyperion") const;
///
/// @brief Get all available token entries
///
QVector<AuthManager::AuthDefinition> getTokenList() const;
///
/// @brief Handle settings update from Hyperion Settingsmanager emit
/// @param type settings type from enum
/// @param config configuration object
///
void handleSettingsUpdate(settings::type type, const QJsonDocument &config);
signals:
///
/// @brief Emits whenever a new token Request has been created along with the id and comment
/// @param id The id of the request
/// @param comment The comment of the request; If the comment is EMPTY, it's a revoke of the caller!
///
void newPendingTokenRequest(const QString &id, const QString &comment);
///
/// @brief Emits when the user has accepted or denied a token
/// @param success If true the request was accepted else false and no token will be available
/// @param caller The origin caller instance who requested this token
/// @param token The new token that is now valid
/// @param comment The comment that was part of the request
/// @param id The id that was part of the request
/// @param tan The tan that was part of the request
///
void tokenResponse(bool success, QObject *caller, const QString &token, const QString &comment, const QString &id, const int &tan);
///
/// @brief Emits whenever the token list changes
/// @param data The full list of tokens
///
void tokenChange(QVector<AuthManager::AuthDefinition>);
private:
///
/// @brief Increment counter for token/user auth
/// @param user If true we increment USER auth instead of token
///
void setAuthBlock(bool user = false);
/// Database interface for auth table
AuthTable *_authTable;
/// Database interface for meta table
MetaTable *_metaTable;
/// Unique ID (imported from removed class 'Stats')
QString _uuid;
/// All pending requests
QMap<QString, AuthDefinition> _pendingRequests;
/// Reflect state of global auth
bool _authRequired;
/// Reflect state of local auth
bool _localAuthRequired;
/// Reflect state of local admin auth
bool _localAdminAuthRequired;
/// Timer for counting against pendingRequest timeouts
QTimer *_timer;
// Timer which cleans up the block counter
QTimer *_authBlockTimer;
// Contains timestamps of failed user login attempts
QVector<uint64_t> _userAuthAttempts;
// Contains timestamps of failed token login attempts
QVector<uint64_t> _tokenAuthAttempts;
private slots:
///
/// @brief Check timeout of pending requests
///
void checkTimeout();
///
/// @brief Check if there are timeouts for failed login attempts
///
void checkAuthBlockTimeout();
};