packaging
/
j7s-jwt-mosquitto-auth
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Drop the expiration time stuff.

This commit is contained in:
James Pace 2022-03-25 03:15:47 +00:00
parent 0b4a73e2b7
commit 3b4be67de3
6 changed files with 23 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
include/j7s-plugin/AuthList.hpp
View File

@ -24,7 +24,7 @@ class AuthList
public: public:
AuthList(); AuthList();
void add(const std::string& username, const time_T& expr_time); void add(const std::string& username, const time_T& login_time);
void remove(const std::string& username); void remove(const std::string& username);
bool confirm(const std::string& username); bool confirm(const std::string& username);

3
include/j7s-plugin/utils.h
View File

@ -19,8 +19,7 @@
std::optional<std::string> read_key(const std::string &key_file); std::optional<std::string> read_key(const std::string &key_file);
std::tuple<bool, std::chrono::time_point<std::chrono::system_clock>> validate( bool validate(const std::string &token, const std::string &username, const std::string &pub_key);
const std::string &token, const std::string &username, const std::string &pub_key);
std::string gen_token( std::string gen_token(
const std::string &username, const std::string &username,

14
src/AuthList.cpp
View File

@ -16,11 +16,11 @@
AuthList::AuthList() : _map{} {} AuthList::AuthList() : _map{} {}
void AuthList::add(const std::string &username, const time_T &expr_time) void AuthList::add(const std::string &username, const time_T &login_time)
{ {
// Add the user to the list or update it's expr time if // Add the user to the list or update it's login time if
// it's already there. // it's already there.
_map[username] = expr_time; _map[username] = login_time;
} }
void AuthList::remove(const std::string &username) void AuthList::remove(const std::string &username)
@ -39,13 +39,5 @@ bool AuthList::confirm(const std::string &username)
return false; return false;
} }
// Has the token expired?
const auto now = std::chrono::system_clock::now();
const auto expr_time = std::get<1>(*iter);
if (now < expr_time)
{
return true; return true;
}
return false;
} }

8
src/Authorizer.cpp
View File

@ -45,7 +45,7 @@ bool Authorizer::add(const std::string &token, const std::string &username)
return false; return false;
} }
const auto [validated, expr_time] = validate(token, username, key.value()); const bool validated = validate(token, username, key.value());
if (not validated) if (not validated)
{ {
std::cerr << "Not validated." << std::endl; std::cerr << "Not validated." << std::endl;
@ -57,11 +57,11 @@ bool Authorizer::add(const std::string &token, const std::string &username)
if (can_read) if (can_read)
{ {
_readList.add(username, expr_time); _readList.add(username, std::chrono::system_clock::now());
} }
if (can_write) if (can_write)
{ {
_writeList.add(username, expr_time); _writeList.add(username, std::chrono::system_clock::now());
} }
return true; return true;
@ -86,7 +86,7 @@ void Authorizer::logout(const std::string &username)
void Authorizer::add_unknown(const std::string &username) void Authorizer::add_unknown(const std::string &username)
{ {
_unknownList.add(username, time_T::max()); _unknownList.add(username, std::chrono::system_clock::now());
} }
bool Authorizer::is_unknown(const std::string &username) bool Authorizer::is_unknown(const std::string &username)

19
src/utils.cpp
View File

@ -39,12 +39,11 @@ std::optional<std::string> read_key(const std::string &key_file)
return key; return key;
} }
std::tuple<bool, std::chrono::time_point<std::chrono::system_clock>> validate( bool validate(const std::string &token, const std::string &username, const std::string &pub_key)
const std::string &token, const std::string &username, const std::string &pub_key)
{ {
if (token.empty() or username.empty() or pub_key.empty()) if (token.empty() or username.empty() or pub_key.empty())
{ {
return std::make_tuple(false, std::chrono::system_clock::now()); return false;
} }
const auto decoded_token = jwt::decode(token); const auto decoded_token = jwt::decode(token);
@ -58,7 +57,7 @@ std::tuple<bool, std::chrono::time_point<std::chrono::system_clock>> validate(
catch (std::system_error &exception) catch (std::system_error &exception)
{ {
std::cerr << "Token Verification Failed: " << exception.what() << std::endl; std::cerr << "Token Verification Failed: " << exception.what() << std::endl;
return std::make_tuple(false, std::chrono::system_clock::now()); return false;
} }
auto claims = decoded_token.get_payload_claims(); auto claims = decoded_token.get_payload_claims();
@ -66,34 +65,34 @@ std::tuple<bool, std::chrono::time_point<std::chrono::system_clock>> validate(
if (not claims.contains("upn")) if (not claims.contains("upn"))
{ {
std::cerr << "Missing upn." << std::endl; std::cerr << "Missing upn." << std::endl;
return std::make_tuple(false, std::chrono::system_clock::now()); return false;
} }
if (claims["upn"].as_string() != username) if (claims["upn"].as_string() != username)
{ {
std::cerr << "Wrong username." << std::endl; std::cerr << "Wrong username." << std::endl;
return std::make_tuple(false, std::chrono::system_clock::now()); return false;
} }
// Check for mqtt-write claim value. // Check for mqtt-write claim value.
if (not claims.contains("mqtt")) if (not claims.contains("mqtt"))
{ {
std::cerr << "Missing mqtt claim." << std::endl; std::cerr << "Missing mqtt claim." << std::endl;
return std::make_tuple(false, std::chrono::system_clock::now()); return false;
} }
if (not(claims["mqtt"].as_string() == "true")) if (not(claims["mqtt"].as_string() == "true"))
{ {
std::cerr << "Not claiming can do mqtt." << std::endl; std::cerr << "Not claiming can do mqtt." << std::endl;
return std::make_tuple(false, std::chrono::system_clock::now()); return false;
} }
// Do we have an expiration time? // Do we have an expiration time?
if (not claims.contains("exp")) if (not claims.contains("exp"))
{ {
std::cerr << "Missing expiration time claim." << std::endl; std::cerr << "Missing expiration time claim." << std::endl;
return std::make_tuple(false, std::chrono::system_clock::now()); return false;
} }
return std::make_tuple(true, claims["exp"].as_date()); return true;
} }
std::string gen_token( std::string gen_token(

12
test/token_test.cpp
View File

@ -108,13 +108,9 @@ TEST(TokenTest, SimpleTwoWay)
const auto token = gen_token(username, pub_key_a, priv_key_a, now, expire); const auto token = gen_token(username, pub_key_a, priv_key_a, now, expire);
auto [valid, end] = validate(token, username, pub_key_a); const bool valid = validate(token, username, pub_key_a);
std::time_t expire_time = std::chrono::system_clock::to_time_t(expire);
std::time_t end_time = std::chrono::system_clock::to_time_t(end);
EXPECT_TRUE(valid); EXPECT_TRUE(valid);
EXPECT_EQ(end_time, expire_time);
} }
TEST(TokenTest, InvalidUsername) TEST(TokenTest, InvalidUsername)
@ -125,7 +121,7 @@ TEST(TokenTest, InvalidUsername)
const auto token = gen_token(username, pub_key_a, priv_key_a, now, expire); const auto token = gen_token(username, pub_key_a, priv_key_a, now, expire);
const std::string notjames = "not_james"; const std::string notjames = "not_james";
const auto [valid, end] = validate(token, notjames, pub_key_a); const bool valid = validate(token, notjames, pub_key_a);
EXPECT_FALSE(valid); EXPECT_FALSE(valid);
} }
@ -137,7 +133,7 @@ TEST(TokenTest, WrongKey)
const time_T expire = now + std::chrono::seconds(1); const time_T expire = now + std::chrono::seconds(1);
const auto token = gen_token(username, pub_key_a, priv_key_a, now, expire); const auto token = gen_token(username, pub_key_a, priv_key_a, now, expire);
const auto [valid, end] = validate(token, username, pub_key_b); const bool valid = validate(token, username, pub_key_b);
EXPECT_FALSE(valid); EXPECT_FALSE(valid);
} }
@ -151,7 +147,7 @@ TEST(TokenTest, NonsenseKey)
const std::string nonsenseKey = "lslslslsl"; const std::string nonsenseKey = "lslslslsl";
const auto [valid, end] = validate(token, username, nonsenseKey); const bool valid = validate(token, username, nonsenseKey);
EXPECT_FALSE(valid); EXPECT_FALSE(valid);
} }