WIP - more experimenting with the security manager

src/AsyncJsonRequestWebHandler.h

@@ -1,6 +1,7 @@
 #ifndef Async_Json_Request_Web_Handler_H_
 #define Async_Json_Request_Web_Handler_H_
 
+#include <ESPAsyncWebServer.h>
 #include <ArduinoJson.h>
 
 #define ASYNC_JSON_REQUEST_DEFAULT_MAX_SIZE 1024

src/SecurityManager.cpp

@@ -74,9 +74,11 @@ void SecurityManager::signIn(AsyncWebServerRequest *request, JsonDocument &jsonD
     // authenticate user
     String username =  jsonDocument["username"];
     String password = jsonDocument["password"];
-    User user = authenticate(username, password);
+    Authentication authentication = authenticate(username, password);
+
+    if (authentication.isAuthenticated()) {
+      User& user = authentication.getUser();
 
-    if (user.isAuthenticated()) {
       // create JWT
       DynamicJsonDocument _jsonDocument(MAX_JWT_SIZE);      
       JsonObject jwt = _jsonDocument.to<JsonObject>();
@@ -104,7 +106,6 @@ void SecurityManager::testVerification(AsyncWebServerRequest *request, JsonDocum
     DynamicJsonDocument parsedJwt(MAX_JWT_SIZE);
     jwtHandler.parseJWT(accessToken, parsedJwt);
     if (parsedJwt.is<JsonObject>()){
-      // authentication successful
       AsyncWebServerResponse *response =  request->beginResponse(200);
       request->send(response);
       return;
@@ -131,21 +132,36 @@ void SecurityManager::begin() {
   jwtHandler.setSecret(_jwtSecret);
 }
 
-User SecurityManager::verifyUser(String jwt) {
-  // TODO
-  return NOT_AUTHENTICATED;
+/*
+* TODO - VERIFY JWT IS CORRECT!
+*/
+Authentication SecurityManager::verify(String jwt) {
+  DynamicJsonDocument parsedJwt(MAX_JWT_SIZE);
+  jwtHandler.parseJWT(jwt, parsedJwt);
+  if (parsedJwt.is<JsonObject>()) {
+    String username = parsedJwt["username"];
+    for (User _user : _users) {
+      if (_user.getUsername() == username){
+        return Authentication::forUser(_user);
+      }
+    }
+  }
+  return Authentication::notAuthenticated();
 }
 
-User SecurityManager::authenticate(String username, String password) {
+Authentication SecurityManager::authenticate(String username, String password) {
   for (User _user : _users) {
     if (_user.getUsername() == username && _user.getPassword() == password){
-      return _user;
+      return Authentication::forUser(_user);
     }
   }
-  return NOT_AUTHENTICATED;
+  return Authentication::notAuthenticated();
 }
 
 String SecurityManager::generateJWT(User user) {
-  // TODO
-  return "";
+  DynamicJsonDocument _jsonDocument(MAX_JWT_SIZE);      
+  JsonObject jwt = _jsonDocument.to<JsonObject>();
+  jwt["username"] = user.getUsername();
+  jwt["role"] = user.getRole();
+  return jwtHandler.buildJWT(jwt);
 }

src/SecurityManager.h

@@ -43,13 +43,32 @@ class User {
     String getRole() {
       return _role;
     }
-    bool isAuthenticated() {
-      return _username != ANONYMOUS_USERNAME;
-    }
 };
 
 const User NOT_AUTHENTICATED = User(ANONYMOUS_USERNAME, ANONYMOUS_PASSWORD, ANONYMOUS_ROLE);
 
+class Authentication {
+  private:
+    User _user;
+    boolean _authenticated;
+    Authentication(User user, boolean authenticated) : _user(user), _authenticated(authenticated) {}
+  public:
+    // NOOP
+    ~Authentication(){}
+    User& getUser() {
+      return _user;
+    }
+    bool isAuthenticated() {
+      return _authenticated;
+    }
+    static Authentication forUser(User user){
+      return Authentication(user, true);
+    }
+    static Authentication notAuthenticated(){
+      return Authentication(NOT_AUTHENTICATED, false);
+    }
+};
+
 class SecurityManager :  public SettingsPersistence {
 
   public:
@@ -62,12 +81,12 @@ class SecurityManager :  public SettingsPersistence {
     /*
     * Lookup the user by JWT
     */
-    User verifyUser(String jwt);
+    Authentication verify(String jwt);
 
     /*
     * Authenticate, returning the user if found.
     */
-    User authenticate(String username, String password);
+    Authentication authenticate(String username, String password);
 
     /*
     * Generate a JWT for the user provided