esp8266-react-framework/src/SecurityManager.cpp

152 lines
4.6 KiB
C++
Raw Normal View History

2019-04-29 23:30:43 +00:00
#include <SecurityManager.h>
SecurityManager::SecurityManager(AsyncWebServer* server, FS* fs) : SettingsPersistence(fs, SECURITY_SETTINGS_FILE) {
2019-05-02 23:31:20 +00:00
// fetch users
server->on(USERS_PATH, HTTP_GET, std::bind(&SecurityManager::fetchUsers, this, std::placeholders::_1));
2019-05-02 23:31:20 +00:00
// sign in request
_signInRequestHandler.setUri(SIGN_IN_PATH);
_signInRequestHandler.setMethod(HTTP_POST);
_signInRequestHandler.setMaxContentLength(MAX_SECURITY_MANAGER_SETTINGS_SIZE);
_signInRequestHandler.onRequest(std::bind(&SecurityManager::signIn, this, std::placeholders::_1, std::placeholders::_2));
server->addHandler(&_signInRequestHandler);
2019-05-06 14:50:19 +00:00
// sign in request
_testVerifiction.setUri(TEST_VERIFICATION_PATH);
_testVerifiction.setMethod(HTTP_POST);
_testVerifiction.setMaxContentLength(MAX_SECURITY_MANAGER_SETTINGS_SIZE);
_testVerifiction.onRequest(std::bind(&SecurityManager::testVerification, this, std::placeholders::_1, std::placeholders::_2));
server->addHandler(&_testVerifiction);
2019-04-29 23:30:43 +00:00
}
SecurityManager::~SecurityManager() {}
void SecurityManager::readFromJsonObject(JsonObject& root) {
// secret
2019-04-29 23:30:43 +00:00
_jwtSecret = root["jwt_secret"] | DEFAULT_JWT_SECRET;
// roles
_roles.clear();
if (root["roles"].is<JsonArray>()) {
JsonArray roles = root["roles"];
for (JsonVariant role : roles) {
_roles.push_back(role.as<String>());
}
2019-04-29 23:30:43 +00:00
}
// users
_users.clear();
2019-04-29 23:30:43 +00:00
if (root["users"].is<JsonArray>()) {
JsonArray users = root["users"];
for (JsonVariant user : users) {
String username = user["username"];
2019-04-29 23:30:43 +00:00
String password = user["password"];
String role = user["role"];
_users.push_back(User(username, password, role));
2019-04-29 23:30:43 +00:00
}
}
}
void SecurityManager::writeToJsonObject(JsonObject& root) {
// secret
root["jwt_secret"] = _jwtSecret;
// roles
JsonArray roles = root.createNestedArray("roles");
for (String _role : _roles) {
roles.add(_role);
}
// users
JsonArray users = root.createNestedArray("users");
for (User _user : _users) {
JsonObject user = users.createNestedObject();
user["username"] = _user.getUsername();
user["password"] = _user.getPassword();
user["role"] = _user.getRole();
}
}
2019-05-02 23:31:20 +00:00
// TODO - Decide about default role behaviour, don't over-engineer (multiple roles, boolean admin flag???).
void SecurityManager::signIn(AsyncWebServerRequest *request, JsonDocument &jsonDocument){
if (jsonDocument.is<JsonObject>()) {
// authenticate user
String username = jsonDocument["username"];
String password = jsonDocument["password"];
User user = authenticate(username, password);
if (user.isAuthenticated()) {
// create JWT
DynamicJsonDocument _jsonDocument(MAX_JWT_SIZE);
JsonObject jwt = _jsonDocument.to<JsonObject>();
2019-05-06 14:50:19 +00:00
jwt["username"] = user.getUsername();
2019-05-02 23:31:20 +00:00
jwt["role"] = user.getRole();
// send JWT response
AsyncJsonResponse * response = new AsyncJsonResponse(MAX_USERS_SIZE);
JsonObject jsonObject = response->getRoot();
2019-05-06 14:50:19 +00:00
jsonObject["access_token"] = jwtHandler.buildJWT(jwt);
2019-05-02 23:31:20 +00:00
response->setLength();
request->send(response);
2019-05-06 14:50:19 +00:00
return;
}
}
// authentication failed
AsyncWebServerResponse *response = request->beginResponse(401);
request->send(response);
}
void SecurityManager::testVerification(AsyncWebServerRequest *request, JsonDocument &jsonDocument){
if (jsonDocument.is<JsonObject>()) {
String accessToken = jsonDocument["access_token"];
2019-05-06 20:46:28 +00:00
DynamicJsonDocument parsedJwt(MAX_JWT_SIZE);
jwtHandler.parseJWT(accessToken, parsedJwt);
if (parsedJwt.is<JsonObject>()){
// authentication successful
AsyncWebServerResponse *response = request->beginResponse(200);
request->send(response);
return;
2019-05-02 23:31:20 +00:00
}
}
// authentication failed
AsyncWebServerResponse *response = request->beginResponse(401);
request->send(response);
}
void SecurityManager::fetchUsers(AsyncWebServerRequest *request) {
AsyncJsonResponse * response = new AsyncJsonResponse(MAX_USERS_SIZE);
JsonObject jsonObject = response->getRoot();
writeToJsonObject(jsonObject);
response->setLength();
request->send(response);
2019-04-29 23:30:43 +00:00
}
void SecurityManager::begin() {
2019-05-02 23:31:20 +00:00
// read config
readFromFS();
2019-05-02 23:31:20 +00:00
// configure secret
2019-05-06 14:50:19 +00:00
jwtHandler.setSecret(_jwtSecret);
2019-04-29 23:30:43 +00:00
}
User SecurityManager::verifyUser(String jwt) {
// TODO
return NOT_AUTHENTICATED;
}
User SecurityManager::authenticate(String username, String password) {
for (User _user : _users) {
if (_user.getUsername() == username && _user.getPassword() == password){
return _user;
}
}
2019-04-29 23:30:43 +00:00
return NOT_AUTHENTICATED;
}
String SecurityManager::generateJWT(User user) {
2019-04-29 23:30:43 +00:00
// TODO
return "";
}