2019-04-29 23:30:43 +00:00
|
|
|
#include <SecurityManager.h>
|
|
|
|
|
|
|
|
|
|
SecurityManager::SecurityManager(AsyncWebServer* server, FS* fs) : SettingsPersistence(fs, SECURITY_SETTINGS_FILE) {
|
2019-05-02 23:31:20 +00:00
|
|
|
// fetch users
|
2019-04-30 22:49:28 +00:00
|
|
|
server->on(USERS_PATH, HTTP_GET, std::bind(&SecurityManager::fetchUsers, this, std::placeholders::_1));
|
2019-05-02 23:31:20 +00:00
|
|
|
|
|
|
|
|
// sign in request
|
|
|
|
|
_signInRequestHandler.setUri(SIGN_IN_PATH);
|
|
|
|
|
_signInRequestHandler.setMethod(HTTP_POST);
|
|
|
|
|
_signInRequestHandler.setMaxContentLength(MAX_SECURITY_MANAGER_SETTINGS_SIZE);
|
|
|
|
|
_signInRequestHandler.onRequest(std::bind(&SecurityManager::signIn, this, std::placeholders::_1, std::placeholders::_2));
|
|
|
|
|
server->addHandler(&_signInRequestHandler);
|
2019-05-06 14:50:19 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
// sign in request
|
|
|
|
|
_testVerifiction.setUri(TEST_VERIFICATION_PATH);
|
|
|
|
|
_testVerifiction.setMethod(HTTP_POST);
|
|
|
|
|
_testVerifiction.setMaxContentLength(MAX_SECURITY_MANAGER_SETTINGS_SIZE);
|
|
|
|
|
_testVerifiction.onRequest(std::bind(&SecurityManager::testVerification, this, std::placeholders::_1, std::placeholders::_2));
|
|
|
|
|
server->addHandler(&_testVerifiction);
|
2019-04-29 23:30:43 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
SecurityManager::~SecurityManager() {}
|
|
|
|
|
|
|
|
|
|
void SecurityManager::readFromJsonObject(JsonObject& root) {
|
2019-04-30 22:49:28 +00:00
|
|
|
// secret
|
2019-04-29 23:30:43 +00:00
|
|
|
_jwtSecret = root["jwt_secret"] | DEFAULT_JWT_SECRET;
|
|
|
|
|
|
2019-04-30 22:49:28 +00:00
|
|
|
// roles
|
|
|
|
|
_roles.clear();
|
|
|
|
|
if (root["roles"].is<JsonArray>()) {
|
|
|
|
|
JsonArray roles = root["roles"];
|
|
|
|
|
for (JsonVariant role : roles) {
|
|
|
|
|
_roles.push_back(role.as<String>());
|
|
|
|
|
}
|
2019-04-29 23:30:43 +00:00
|
|
|
}
|
|
|
|
|
|
2019-04-30 22:49:28 +00:00
|
|
|
// users
|
|
|
|
|
_users.clear();
|
2019-04-29 23:30:43 +00:00
|
|
|
if (root["users"].is<JsonArray>()) {
|
|
|
|
|
JsonArray users = root["users"];
|
2019-04-30 22:49:28 +00:00
|
|
|
for (JsonVariant user : users) {
|
|
|
|
|
String username = user["username"];
|
2019-04-29 23:30:43 +00:00
|
|
|
String password = user["password"];
|
|
|
|
|
String role = user["role"];
|
2019-04-30 22:49:28 +00:00
|
|
|
_users.push_back(User(username, password, role));
|
2019-04-29 23:30:43 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void SecurityManager::writeToJsonObject(JsonObject& root) {
|
2019-04-30 22:49:28 +00:00
|
|
|
// secret
|
|
|
|
|
root["jwt_secret"] = _jwtSecret;
|
|
|
|
|
|
|
|
|
|
// roles
|
|
|
|
|
JsonArray roles = root.createNestedArray("roles");
|
|
|
|
|
for (String _role : _roles) {
|
|
|
|
|
roles.add(_role);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// users
|
|
|
|
|
JsonArray users = root.createNestedArray("users");
|
|
|
|
|
for (User _user : _users) {
|
|
|
|
|
JsonObject user = users.createNestedObject();
|
|
|
|
|
user["username"] = _user.getUsername();
|
|
|
|
|
user["password"] = _user.getPassword();
|
|
|
|
|
user["role"] = _user.getRole();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2019-05-02 23:31:20 +00:00
|
|
|
// TODO - Decide about default role behaviour, don't over-engineer (multiple roles, boolean admin flag???).
|
|
|
|
|
void SecurityManager::signIn(AsyncWebServerRequest *request, JsonDocument &jsonDocument){
|
|
|
|
|
if (jsonDocument.is<JsonObject>()) {
|
|
|
|
|
// authenticate user
|
|
|
|
|
String username = jsonDocument["username"];
|
|
|
|
|
String password = jsonDocument["password"];
|
2019-05-15 23:19:41 +00:00
|
|
|
Authentication authentication = authenticate(username, password);
|
|
|
|
|
|
|
|
|
|
if (authentication.isAuthenticated()) {
|
|
|
|
|
User& user = authentication.getUser();
|
2019-05-02 23:31:20 +00:00
|
|
|
|
|
|
|
|
// create JWT
|
|
|
|
|
DynamicJsonDocument _jsonDocument(MAX_JWT_SIZE);
|
|
|
|
|
JsonObject jwt = _jsonDocument.to<JsonObject>();
|
2019-05-06 14:50:19 +00:00
|
|
|
jwt["username"] = user.getUsername();
|
2019-05-02 23:31:20 +00:00
|
|
|
jwt["role"] = user.getRole();
|
|
|
|
|
|
|
|
|
|
// send JWT response
|
|
|
|
|
AsyncJsonResponse * response = new AsyncJsonResponse(MAX_USERS_SIZE);
|
|
|
|
|
JsonObject jsonObject = response->getRoot();
|
2019-05-06 14:50:19 +00:00
|
|
|
jsonObject["access_token"] = jwtHandler.buildJWT(jwt);
|
2019-05-02 23:31:20 +00:00
|
|
|
response->setLength();
|
|
|
|
|
request->send(response);
|
2019-05-06 14:50:19 +00:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// authentication failed
|
|
|
|
|
AsyncWebServerResponse *response = request->beginResponse(401);
|
|
|
|
|
request->send(response);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void SecurityManager::testVerification(AsyncWebServerRequest *request, JsonDocument &jsonDocument){
|
|
|
|
|
if (jsonDocument.is<JsonObject>()) {
|
|
|
|
|
String accessToken = jsonDocument["access_token"];
|
2019-05-06 20:46:28 +00:00
|
|
|
DynamicJsonDocument parsedJwt(MAX_JWT_SIZE);
|
|
|
|
|
jwtHandler.parseJWT(accessToken, parsedJwt);
|
|
|
|
|
if (parsedJwt.is<JsonObject>()){
|
2019-05-11 14:11:11 +00:00
|
|
|
AsyncWebServerResponse *response = request->beginResponse(200);
|
|
|
|
|
request->send(response);
|
|
|
|
|
return;
|
2019-05-02 23:31:20 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
// authentication failed
|
|
|
|
|
AsyncWebServerResponse *response = request->beginResponse(401);
|
|
|
|
|
request->send(response);
|
|
|
|
|
}
|
|
|
|
|
|
2019-04-30 22:49:28 +00:00
|
|
|
void SecurityManager::fetchUsers(AsyncWebServerRequest *request) {
|
|
|
|
|
AsyncJsonResponse * response = new AsyncJsonResponse(MAX_USERS_SIZE);
|
|
|
|
|
JsonObject jsonObject = response->getRoot();
|
|
|
|
|
writeToJsonObject(jsonObject);
|
|
|
|
|
response->setLength();
|
|
|
|
|
request->send(response);
|
2019-04-29 23:30:43 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void SecurityManager::begin() {
|
2019-05-02 23:31:20 +00:00
|
|
|
// read config
|
2019-04-30 22:49:28 +00:00
|
|
|
readFromFS();
|
2019-05-02 23:31:20 +00:00
|
|
|
|
|
|
|
|
// configure secret
|
2019-05-06 14:50:19 +00:00
|
|
|
jwtHandler.setSecret(_jwtSecret);
|
2019-04-29 23:30:43 +00:00
|
|
|
}
|
|
|
|
|
|
2019-05-15 23:19:41 +00:00
|
|
|
/*
|
|
|
|
|
* TODO - VERIFY JWT IS CORRECT!
|
|
|
|
|
*/
|
|
|
|
|
Authentication SecurityManager::verify(String jwt) {
|
|
|
|
|
DynamicJsonDocument parsedJwt(MAX_JWT_SIZE);
|
|
|
|
|
jwtHandler.parseJWT(jwt, parsedJwt);
|
|
|
|
|
if (parsedJwt.is<JsonObject>()) {
|
|
|
|
|
String username = parsedJwt["username"];
|
|
|
|
|
for (User _user : _users) {
|
|
|
|
|
if (_user.getUsername() == username){
|
|
|
|
|
return Authentication::forUser(_user);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return Authentication::notAuthenticated();
|
2019-04-29 23:30:43 +00:00
|
|
|
}
|
2019-04-30 22:49:28 +00:00
|
|
|
|
2019-05-15 23:19:41 +00:00
|
|
|
Authentication SecurityManager::authenticate(String username, String password) {
|
2019-04-30 22:49:28 +00:00
|
|
|
for (User _user : _users) {
|
|
|
|
|
if (_user.getUsername() == username && _user.getPassword() == password){
|
2019-05-15 23:19:41 +00:00
|
|
|
return Authentication::forUser(_user);
|
2019-04-30 22:49:28 +00:00
|
|
|
}
|
|
|
|
|
}
|
2019-05-15 23:19:41 +00:00
|
|
|
return Authentication::notAuthenticated();
|
2019-04-29 23:30:43 +00:00
|
|
|
}
|
|
|
|
|
|
2019-04-30 22:49:28 +00:00
|
|
|
String SecurityManager::generateJWT(User user) {
|
2019-05-15 23:19:41 +00:00
|
|
|
DynamicJsonDocument _jsonDocument(MAX_JWT_SIZE);
|
|
|
|
|
JsonObject jwt = _jsonDocument.to<JsonObject>();
|
|
|
|
|
jwt["username"] = user.getUsername();
|
|
|
|
|
jwt["role"] = user.getRole();
|
|
|
|
|
return jwtHandler.buildJWT(jwt);
|
2019-04-29 23:30:43 +00:00
|
|
|
}
|
