Drop the expiration time stuff.
This commit is contained in:
parent
0b4a73e2b7
commit
3b4be67de3
|
|
@ -24,7 +24,7 @@ class AuthList
|
||||||
public:
|
public:
|
||||||
AuthList();
|
AuthList();
|
||||||
|
|
||||||
void add(const std::string& username, const time_T& expr_time);
|
void add(const std::string& username, const time_T& login_time);
|
||||||
void remove(const std::string& username);
|
void remove(const std::string& username);
|
||||||
bool confirm(const std::string& username);
|
bool confirm(const std::string& username);
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -19,8 +19,7 @@
|
||||||
|
|
||||||
std::optional<std::string> read_key(const std::string &key_file);
|
std::optional<std::string> read_key(const std::string &key_file);
|
||||||
|
|
||||||
std::tuple<bool, std::chrono::time_point<std::chrono::system_clock>> validate(
|
bool validate(const std::string &token, const std::string &username, const std::string &pub_key);
|
||||||
const std::string &token, const std::string &username, const std::string &pub_key);
|
|
||||||
|
|
||||||
std::string gen_token(
|
std::string gen_token(
|
||||||
const std::string &username,
|
const std::string &username,
|
||||||
|
|
|
||||||
|
|
@ -16,11 +16,11 @@
|
||||||
|
|
||||||
AuthList::AuthList() : _map{} {}
|
AuthList::AuthList() : _map{} {}
|
||||||
|
|
||||||
void AuthList::add(const std::string &username, const time_T &expr_time)
|
void AuthList::add(const std::string &username, const time_T &login_time)
|
||||||
{
|
{
|
||||||
// Add the user to the list or update it's expr time if
|
// Add the user to the list or update it's login time if
|
||||||
// it's already there.
|
// it's already there.
|
||||||
_map[username] = expr_time;
|
_map[username] = login_time;
|
||||||
}
|
}
|
||||||
|
|
||||||
void AuthList::remove(const std::string &username)
|
void AuthList::remove(const std::string &username)
|
||||||
|
|
@ -39,13 +39,5 @@ bool AuthList::confirm(const std::string &username)
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Has the token expired?
|
return true;
|
||||||
const auto now = std::chrono::system_clock::now();
|
|
||||||
const auto expr_time = std::get<1>(*iter);
|
|
||||||
if (now < expr_time)
|
|
||||||
{
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
|
|
||||||
return false;
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -45,7 +45,7 @@ bool Authorizer::add(const std::string &token, const std::string &username)
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
const auto [validated, expr_time] = validate(token, username, key.value());
|
const bool validated = validate(token, username, key.value());
|
||||||
if (not validated)
|
if (not validated)
|
||||||
{
|
{
|
||||||
std::cerr << "Not validated." << std::endl;
|
std::cerr << "Not validated." << std::endl;
|
||||||
|
|
@ -57,11 +57,11 @@ bool Authorizer::add(const std::string &token, const std::string &username)
|
||||||
|
|
||||||
if (can_read)
|
if (can_read)
|
||||||
{
|
{
|
||||||
_readList.add(username, expr_time);
|
_readList.add(username, std::chrono::system_clock::now());
|
||||||
}
|
}
|
||||||
if (can_write)
|
if (can_write)
|
||||||
{
|
{
|
||||||
_writeList.add(username, expr_time);
|
_writeList.add(username, std::chrono::system_clock::now());
|
||||||
}
|
}
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
|
|
@ -86,7 +86,7 @@ void Authorizer::logout(const std::string &username)
|
||||||
|
|
||||||
void Authorizer::add_unknown(const std::string &username)
|
void Authorizer::add_unknown(const std::string &username)
|
||||||
{
|
{
|
||||||
_unknownList.add(username, time_T::max());
|
_unknownList.add(username, std::chrono::system_clock::now());
|
||||||
}
|
}
|
||||||
|
|
||||||
bool Authorizer::is_unknown(const std::string &username)
|
bool Authorizer::is_unknown(const std::string &username)
|
||||||
|
|
|
||||||
|
|
@ -39,12 +39,11 @@ std::optional<std::string> read_key(const std::string &key_file)
|
||||||
return key;
|
return key;
|
||||||
}
|
}
|
||||||
|
|
||||||
std::tuple<bool, std::chrono::time_point<std::chrono::system_clock>> validate(
|
bool validate(const std::string &token, const std::string &username, const std::string &pub_key)
|
||||||
const std::string &token, const std::string &username, const std::string &pub_key)
|
|
||||||
{
|
{
|
||||||
if (token.empty() or username.empty() or pub_key.empty())
|
if (token.empty() or username.empty() or pub_key.empty())
|
||||||
{
|
{
|
||||||
return std::make_tuple(false, std::chrono::system_clock::now());
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
const auto decoded_token = jwt::decode(token);
|
const auto decoded_token = jwt::decode(token);
|
||||||
|
|
@ -58,7 +57,7 @@ std::tuple<bool, std::chrono::time_point<std::chrono::system_clock>> validate(
|
||||||
catch (std::system_error &exception)
|
catch (std::system_error &exception)
|
||||||
{
|
{
|
||||||
std::cerr << "Token Verification Failed: " << exception.what() << std::endl;
|
std::cerr << "Token Verification Failed: " << exception.what() << std::endl;
|
||||||
return std::make_tuple(false, std::chrono::system_clock::now());
|
return false;
|
||||||
}
|
}
|
||||||
auto claims = decoded_token.get_payload_claims();
|
auto claims = decoded_token.get_payload_claims();
|
||||||
|
|
||||||
|
|
@ -66,34 +65,34 @@ std::tuple<bool, std::chrono::time_point<std::chrono::system_clock>> validate(
|
||||||
if (not claims.contains("upn"))
|
if (not claims.contains("upn"))
|
||||||
{
|
{
|
||||||
std::cerr << "Missing upn." << std::endl;
|
std::cerr << "Missing upn." << std::endl;
|
||||||
return std::make_tuple(false, std::chrono::system_clock::now());
|
return false;
|
||||||
}
|
}
|
||||||
if (claims["upn"].as_string() != username)
|
if (claims["upn"].as_string() != username)
|
||||||
{
|
{
|
||||||
std::cerr << "Wrong username." << std::endl;
|
std::cerr << "Wrong username." << std::endl;
|
||||||
return std::make_tuple(false, std::chrono::system_clock::now());
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check for mqtt-write claim value.
|
// Check for mqtt-write claim value.
|
||||||
if (not claims.contains("mqtt"))
|
if (not claims.contains("mqtt"))
|
||||||
{
|
{
|
||||||
std::cerr << "Missing mqtt claim." << std::endl;
|
std::cerr << "Missing mqtt claim." << std::endl;
|
||||||
return std::make_tuple(false, std::chrono::system_clock::now());
|
return false;
|
||||||
}
|
}
|
||||||
if (not(claims["mqtt"].as_string() == "true"))
|
if (not(claims["mqtt"].as_string() == "true"))
|
||||||
{
|
{
|
||||||
std::cerr << "Not claiming can do mqtt." << std::endl;
|
std::cerr << "Not claiming can do mqtt." << std::endl;
|
||||||
return std::make_tuple(false, std::chrono::system_clock::now());
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Do we have an expiration time?
|
// Do we have an expiration time?
|
||||||
if (not claims.contains("exp"))
|
if (not claims.contains("exp"))
|
||||||
{
|
{
|
||||||
std::cerr << "Missing expiration time claim." << std::endl;
|
std::cerr << "Missing expiration time claim." << std::endl;
|
||||||
return std::make_tuple(false, std::chrono::system_clock::now());
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
return std::make_tuple(true, claims["exp"].as_date());
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
std::string gen_token(
|
std::string gen_token(
|
||||||
|
|
|
||||||
|
|
@ -108,13 +108,9 @@ TEST(TokenTest, SimpleTwoWay)
|
||||||
|
|
||||||
const auto token = gen_token(username, pub_key_a, priv_key_a, now, expire);
|
const auto token = gen_token(username, pub_key_a, priv_key_a, now, expire);
|
||||||
|
|
||||||
auto [valid, end] = validate(token, username, pub_key_a);
|
const bool valid = validate(token, username, pub_key_a);
|
||||||
|
|
||||||
std::time_t expire_time = std::chrono::system_clock::to_time_t(expire);
|
|
||||||
std::time_t end_time = std::chrono::system_clock::to_time_t(end);
|
|
||||||
|
|
||||||
EXPECT_TRUE(valid);
|
EXPECT_TRUE(valid);
|
||||||
EXPECT_EQ(end_time, expire_time);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
TEST(TokenTest, InvalidUsername)
|
TEST(TokenTest, InvalidUsername)
|
||||||
|
|
@ -125,7 +121,7 @@ TEST(TokenTest, InvalidUsername)
|
||||||
const auto token = gen_token(username, pub_key_a, priv_key_a, now, expire);
|
const auto token = gen_token(username, pub_key_a, priv_key_a, now, expire);
|
||||||
|
|
||||||
const std::string notjames = "not_james";
|
const std::string notjames = "not_james";
|
||||||
const auto [valid, end] = validate(token, notjames, pub_key_a);
|
const bool valid = validate(token, notjames, pub_key_a);
|
||||||
|
|
||||||
EXPECT_FALSE(valid);
|
EXPECT_FALSE(valid);
|
||||||
}
|
}
|
||||||
|
|
@ -137,7 +133,7 @@ TEST(TokenTest, WrongKey)
|
||||||
const time_T expire = now + std::chrono::seconds(1);
|
const time_T expire = now + std::chrono::seconds(1);
|
||||||
const auto token = gen_token(username, pub_key_a, priv_key_a, now, expire);
|
const auto token = gen_token(username, pub_key_a, priv_key_a, now, expire);
|
||||||
|
|
||||||
const auto [valid, end] = validate(token, username, pub_key_b);
|
const bool valid = validate(token, username, pub_key_b);
|
||||||
|
|
||||||
EXPECT_FALSE(valid);
|
EXPECT_FALSE(valid);
|
||||||
}
|
}
|
||||||
|
|
@ -151,7 +147,7 @@ TEST(TokenTest, NonsenseKey)
|
||||||
|
|
||||||
const std::string nonsenseKey = "lslslslsl";
|
const std::string nonsenseKey = "lslslslsl";
|
||||||
|
|
||||||
const auto [valid, end] = validate(token, username, nonsenseKey);
|
const bool valid = validate(token, username, nonsenseKey);
|
||||||
|
|
||||||
EXPECT_FALSE(valid);
|
EXPECT_FALSE(valid);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue