WIP - more experimenting with the security manager
This commit is contained in:
Rick Watson
parent
cf693ca341
commit
7817010533
@ -1,6 +1,7 @@
|
|||||||
#ifndef Async_Json_Request_Web_Handler_H_
|
#ifndef Async_Json_Request_Web_Handler_H_
|
||||||
#define Async_Json_Request_Web_Handler_H_
|
#define Async_Json_Request_Web_Handler_H_
|
||||||
|
|
||||||
|
#include <ESPAsyncWebServer.h>
|
||||||
#include <ArduinoJson.h>
|
#include <ArduinoJson.h>
|
||||||
|
|
||||||
#define ASYNC_JSON_REQUEST_DEFAULT_MAX_SIZE 1024
|
#define ASYNC_JSON_REQUEST_DEFAULT_MAX_SIZE 1024
|
||||||
|
|||||||
@ -74,9 +74,11 @@ void SecurityManager::signIn(AsyncWebServerRequest *request, JsonDocument &jsonD
|
|||||||
// authenticate user
|
// authenticate user
|
||||||
String username = jsonDocument["username"];
|
String username = jsonDocument["username"];
|
||||||
String password = jsonDocument["password"];
|
String password = jsonDocument["password"];
|
||||||
User user = authenticate(username, password);
|
Authentication authentication = authenticate(username, password);
|
||||||
|
|
||||||
|
if (authentication.isAuthenticated()) {
|
||||||
|
User& user = authentication.getUser();
|
||||||
|
|
||||||
if (user.isAuthenticated()) {
|
|
||||||
// create JWT
|
// create JWT
|
||||||
DynamicJsonDocument _jsonDocument(MAX_JWT_SIZE);
|
DynamicJsonDocument _jsonDocument(MAX_JWT_SIZE);
|
||||||
JsonObject jwt = _jsonDocument.to<JsonObject>();
|
JsonObject jwt = _jsonDocument.to<JsonObject>();
|
||||||
@ -104,7 +106,6 @@ void SecurityManager::testVerification(AsyncWebServerRequest *request, JsonDocum
|
|||||||
DynamicJsonDocument parsedJwt(MAX_JWT_SIZE);
|
DynamicJsonDocument parsedJwt(MAX_JWT_SIZE);
|
||||||
jwtHandler.parseJWT(accessToken, parsedJwt);
|
jwtHandler.parseJWT(accessToken, parsedJwt);
|
||||||
if (parsedJwt.is<JsonObject>()){
|
if (parsedJwt.is<JsonObject>()){
|
||||||
// authentication successful
|
|
||||||
AsyncWebServerResponse *response = request->beginResponse(200);
|
AsyncWebServerResponse *response = request->beginResponse(200);
|
||||||
request->send(response);
|
request->send(response);
|
||||||
return;
|
return;
|
||||||
@ -131,21 +132,36 @@ void SecurityManager::begin() {
|
|||||||
jwtHandler.setSecret(_jwtSecret);
|
jwtHandler.setSecret(_jwtSecret);
|
||||||
}
|
}
|
||||||
|
|
||||||
User SecurityManager::verifyUser(String jwt) {
|
/*
|
||||||
// TODO
|
* TODO - VERIFY JWT IS CORRECT!
|
||||||
return NOT_AUTHENTICATED;
|
*/
|
||||||
}
|
Authentication SecurityManager::verify(String jwt) {
|
||||||
|
DynamicJsonDocument parsedJwt(MAX_JWT_SIZE);
|
||||||
User SecurityManager::authenticate(String username, String password) {
|
jwtHandler.parseJWT(jwt, parsedJwt);
|
||||||
for (User _user : _users) {
|
if (parsedJwt.is<JsonObject>()) {
|
||||||
if (_user.getUsername() == username && _user.getPassword() == password){
|
String username = parsedJwt["username"];
|
||||||
return _user;
|
for (User _user : _users) {
|
||||||
|
if (_user.getUsername() == username){
|
||||||
|
return Authentication::forUser(_user);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return NOT_AUTHENTICATED;
|
return Authentication::notAuthenticated();
|
||||||
|
}
|
||||||
|
|
||||||
|
Authentication SecurityManager::authenticate(String username, String password) {
|
||||||
|
for (User _user : _users) {
|
||||||
|
if (_user.getUsername() == username && _user.getPassword() == password){
|
||||||
|
return Authentication::forUser(_user);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return Authentication::notAuthenticated();
|
||||||
}
|
}
|
||||||
|
|
||||||
String SecurityManager::generateJWT(User user) {
|
String SecurityManager::generateJWT(User user) {
|
||||||
// TODO
|
DynamicJsonDocument _jsonDocument(MAX_JWT_SIZE);
|
||||||
return "";
|
JsonObject jwt = _jsonDocument.to<JsonObject>();
|
||||||
|
jwt["username"] = user.getUsername();
|
||||||
|
jwt["role"] = user.getRole();
|
||||||
|
return jwtHandler.buildJWT(jwt);
|
||||||
}
|
}
|
||||||
|
|||||||
@ -43,13 +43,32 @@ class User {
|
|||||||
String getRole() {
|
String getRole() {
|
||||||
return _role;
|
return _role;
|
||||||
}
|
}
|
||||||
bool isAuthenticated() {
|
|
||||||
return _username != ANONYMOUS_USERNAME;
|
|
||||||
}
|
|
||||||
};
|
};
|
||||||
|
|
||||||
const User NOT_AUTHENTICATED = User(ANONYMOUS_USERNAME, ANONYMOUS_PASSWORD, ANONYMOUS_ROLE);
|
const User NOT_AUTHENTICATED = User(ANONYMOUS_USERNAME, ANONYMOUS_PASSWORD, ANONYMOUS_ROLE);
|
||||||
|
|
||||||
|
class Authentication {
|
||||||
|
private:
|
||||||
|
User _user;
|
||||||
|
boolean _authenticated;
|
||||||
|
Authentication(User user, boolean authenticated) : _user(user), _authenticated(authenticated) {}
|
||||||
|
public:
|
||||||
|
// NOOP
|
||||||
|
~Authentication(){}
|
||||||
|
User& getUser() {
|
||||||
|
return _user;
|
||||||
|
}
|
||||||
|
bool isAuthenticated() {
|
||||||
|
return _authenticated;
|
||||||
|
}
|
||||||
|
static Authentication forUser(User user){
|
||||||
|
return Authentication(user, true);
|
||||||
|
}
|
||||||
|
static Authentication notAuthenticated(){
|
||||||
|
return Authentication(NOT_AUTHENTICATED, false);
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
class SecurityManager : public SettingsPersistence {
|
class SecurityManager : public SettingsPersistence {
|
||||||
|
|
||||||
public:
|
public:
|
||||||
@ -62,12 +81,12 @@ class SecurityManager : public SettingsPersistence {
|
|||||||
/*
|
/*
|
||||||
* Lookup the user by JWT
|
* Lookup the user by JWT
|
||||||
*/
|
*/
|
||||||
User verifyUser(String jwt);
|
Authentication verify(String jwt);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Authenticate, returning the user if found.
|
* Authenticate, returning the user if found.
|
||||||
*/
|
*/
|
||||||
User authenticate(String username, String password);
|
Authentication authenticate(String username, String password);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Generate a JWT for the user provided
|
* Generate a JWT for the user provided
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user