WIP - more experimenting with the security manager

This commit is contained in:
Rick Watson 2019-05-16 00:19:41 +01:00
parent cf693ca341
commit 7817010533
3 changed files with 56 additions and 20 deletions

View File

@ -1,6 +1,7 @@
#ifndef Async_Json_Request_Web_Handler_H_
#define Async_Json_Request_Web_Handler_H_
#include <ESPAsyncWebServer.h>
#include <ArduinoJson.h>
#define ASYNC_JSON_REQUEST_DEFAULT_MAX_SIZE 1024

View File

@ -74,9 +74,11 @@ void SecurityManager::signIn(AsyncWebServerRequest *request, JsonDocument &jsonD
// authenticate user
String username = jsonDocument["username"];
String password = jsonDocument["password"];
User user = authenticate(username, password);
Authentication authentication = authenticate(username, password);
if (authentication.isAuthenticated()) {
User& user = authentication.getUser();
if (user.isAuthenticated()) {
// create JWT
DynamicJsonDocument _jsonDocument(MAX_JWT_SIZE);
JsonObject jwt = _jsonDocument.to<JsonObject>();
@ -104,7 +106,6 @@ void SecurityManager::testVerification(AsyncWebServerRequest *request, JsonDocum
DynamicJsonDocument parsedJwt(MAX_JWT_SIZE);
jwtHandler.parseJWT(accessToken, parsedJwt);
if (parsedJwt.is<JsonObject>()){
// authentication successful
AsyncWebServerResponse *response = request->beginResponse(200);
request->send(response);
return;
@ -131,21 +132,36 @@ void SecurityManager::begin() {
jwtHandler.setSecret(_jwtSecret);
}
User SecurityManager::verifyUser(String jwt) {
// TODO
return NOT_AUTHENTICATED;
/*
* TODO - VERIFY JWT IS CORRECT!
*/
Authentication SecurityManager::verify(String jwt) {
DynamicJsonDocument parsedJwt(MAX_JWT_SIZE);
jwtHandler.parseJWT(jwt, parsedJwt);
if (parsedJwt.is<JsonObject>()) {
String username = parsedJwt["username"];
for (User _user : _users) {
if (_user.getUsername() == username){
return Authentication::forUser(_user);
}
}
}
return Authentication::notAuthenticated();
}
User SecurityManager::authenticate(String username, String password) {
Authentication SecurityManager::authenticate(String username, String password) {
for (User _user : _users) {
if (_user.getUsername() == username && _user.getPassword() == password){
return _user;
return Authentication::forUser(_user);
}
}
return NOT_AUTHENTICATED;
return Authentication::notAuthenticated();
}
String SecurityManager::generateJWT(User user) {
// TODO
return "";
DynamicJsonDocument _jsonDocument(MAX_JWT_SIZE);
JsonObject jwt = _jsonDocument.to<JsonObject>();
jwt["username"] = user.getUsername();
jwt["role"] = user.getRole();
return jwtHandler.buildJWT(jwt);
}

View File

@ -43,13 +43,32 @@ class User {
String getRole() {
return _role;
}
bool isAuthenticated() {
return _username != ANONYMOUS_USERNAME;
}
};
const User NOT_AUTHENTICATED = User(ANONYMOUS_USERNAME, ANONYMOUS_PASSWORD, ANONYMOUS_ROLE);
class Authentication {
private:
User _user;
boolean _authenticated;
Authentication(User user, boolean authenticated) : _user(user), _authenticated(authenticated) {}
public:
// NOOP
~Authentication(){}
User& getUser() {
return _user;
}
bool isAuthenticated() {
return _authenticated;
}
static Authentication forUser(User user){
return Authentication(user, true);
}
static Authentication notAuthenticated(){
return Authentication(NOT_AUTHENTICATED, false);
}
};
class SecurityManager : public SettingsPersistence {
public:
@ -62,12 +81,12 @@ class SecurityManager : public SettingsPersistence {
/*
* Lookup the user by JWT
*/
User verifyUser(String jwt);
Authentication verify(String jwt);
/*
* Authenticate, returning the user if found.
*/
User authenticate(String username, String password);
Authentication authenticate(String username, String password);
/*
* Generate a JWT for the user provided