Drop the expiration time stuff.
This commit is contained in:
parent
0b4a73e2b7
commit
3b4be67de3
|
|
@ -24,7 +24,7 @@ class AuthList
|
|||
public:
|
||||
AuthList();
|
||||
|
||||
void add(const std::string& username, const time_T& expr_time);
|
||||
void add(const std::string& username, const time_T& login_time);
|
||||
void remove(const std::string& username);
|
||||
bool confirm(const std::string& username);
|
||||
|
||||
|
|
|
|||
|
|
@ -19,8 +19,7 @@
|
|||
|
||||
std::optional<std::string> read_key(const std::string &key_file);
|
||||
|
||||
std::tuple<bool, std::chrono::time_point<std::chrono::system_clock>> validate(
|
||||
const std::string &token, const std::string &username, const std::string &pub_key);
|
||||
bool validate(const std::string &token, const std::string &username, const std::string &pub_key);
|
||||
|
||||
std::string gen_token(
|
||||
const std::string &username,
|
||||
|
|
|
|||
|
|
@ -16,11 +16,11 @@
|
|||
|
||||
AuthList::AuthList() : _map{} {}
|
||||
|
||||
void AuthList::add(const std::string &username, const time_T &expr_time)
|
||||
void AuthList::add(const std::string &username, const time_T &login_time)
|
||||
{
|
||||
// Add the user to the list or update it's expr time if
|
||||
// Add the user to the list or update it's login time if
|
||||
// it's already there.
|
||||
_map[username] = expr_time;
|
||||
_map[username] = login_time;
|
||||
}
|
||||
|
||||
void AuthList::remove(const std::string &username)
|
||||
|
|
@ -39,13 +39,5 @@ bool AuthList::confirm(const std::string &username)
|
|||
return false;
|
||||
}
|
||||
|
||||
// Has the token expired?
|
||||
const auto now = std::chrono::system_clock::now();
|
||||
const auto expr_time = std::get<1>(*iter);
|
||||
if (now < expr_time)
|
||||
{
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
return true;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -45,7 +45,7 @@ bool Authorizer::add(const std::string &token, const std::string &username)
|
|||
return false;
|
||||
}
|
||||
|
||||
const auto [validated, expr_time] = validate(token, username, key.value());
|
||||
const bool validated = validate(token, username, key.value());
|
||||
if (not validated)
|
||||
{
|
||||
std::cerr << "Not validated." << std::endl;
|
||||
|
|
@ -57,11 +57,11 @@ bool Authorizer::add(const std::string &token, const std::string &username)
|
|||
|
||||
if (can_read)
|
||||
{
|
||||
_readList.add(username, expr_time);
|
||||
_readList.add(username, std::chrono::system_clock::now());
|
||||
}
|
||||
if (can_write)
|
||||
{
|
||||
_writeList.add(username, expr_time);
|
||||
_writeList.add(username, std::chrono::system_clock::now());
|
||||
}
|
||||
|
||||
return true;
|
||||
|
|
@ -86,7 +86,7 @@ void Authorizer::logout(const std::string &username)
|
|||
|
||||
void Authorizer::add_unknown(const std::string &username)
|
||||
{
|
||||
_unknownList.add(username, time_T::max());
|
||||
_unknownList.add(username, std::chrono::system_clock::now());
|
||||
}
|
||||
|
||||
bool Authorizer::is_unknown(const std::string &username)
|
||||
|
|
|
|||
|
|
@ -39,12 +39,11 @@ std::optional<std::string> read_key(const std::string &key_file)
|
|||
return key;
|
||||
}
|
||||
|
||||
std::tuple<bool, std::chrono::time_point<std::chrono::system_clock>> validate(
|
||||
const std::string &token, const std::string &username, const std::string &pub_key)
|
||||
bool validate(const std::string &token, const std::string &username, const std::string &pub_key)
|
||||
{
|
||||
if (token.empty() or username.empty() or pub_key.empty())
|
||||
{
|
||||
return std::make_tuple(false, std::chrono::system_clock::now());
|
||||
return false;
|
||||
}
|
||||
|
||||
const auto decoded_token = jwt::decode(token);
|
||||
|
|
@ -58,7 +57,7 @@ std::tuple<bool, std::chrono::time_point<std::chrono::system_clock>> validate(
|
|||
catch (std::system_error &exception)
|
||||
{
|
||||
std::cerr << "Token Verification Failed: " << exception.what() << std::endl;
|
||||
return std::make_tuple(false, std::chrono::system_clock::now());
|
||||
return false;
|
||||
}
|
||||
auto claims = decoded_token.get_payload_claims();
|
||||
|
||||
|
|
@ -66,34 +65,34 @@ std::tuple<bool, std::chrono::time_point<std::chrono::system_clock>> validate(
|
|||
if (not claims.contains("upn"))
|
||||
{
|
||||
std::cerr << "Missing upn." << std::endl;
|
||||
return std::make_tuple(false, std::chrono::system_clock::now());
|
||||
return false;
|
||||
}
|
||||
if (claims["upn"].as_string() != username)
|
||||
{
|
||||
std::cerr << "Wrong username." << std::endl;
|
||||
return std::make_tuple(false, std::chrono::system_clock::now());
|
||||
return false;
|
||||
}
|
||||
|
||||
// Check for mqtt-write claim value.
|
||||
if (not claims.contains("mqtt"))
|
||||
{
|
||||
std::cerr << "Missing mqtt claim." << std::endl;
|
||||
return std::make_tuple(false, std::chrono::system_clock::now());
|
||||
return false;
|
||||
}
|
||||
if (not(claims["mqtt"].as_string() == "true"))
|
||||
{
|
||||
std::cerr << "Not claiming can do mqtt." << std::endl;
|
||||
return std::make_tuple(false, std::chrono::system_clock::now());
|
||||
return false;
|
||||
}
|
||||
|
||||
// Do we have an expiration time?
|
||||
if (not claims.contains("exp"))
|
||||
{
|
||||
std::cerr << "Missing expiration time claim." << std::endl;
|
||||
return std::make_tuple(false, std::chrono::system_clock::now());
|
||||
return false;
|
||||
}
|
||||
|
||||
return std::make_tuple(true, claims["exp"].as_date());
|
||||
return true;
|
||||
}
|
||||
|
||||
std::string gen_token(
|
||||
|
|
|
|||
|
|
@ -108,13 +108,9 @@ TEST(TokenTest, SimpleTwoWay)
|
|||
|
||||
const auto token = gen_token(username, pub_key_a, priv_key_a, now, expire);
|
||||
|
||||
auto [valid, end] = validate(token, username, pub_key_a);
|
||||
|
||||
std::time_t expire_time = std::chrono::system_clock::to_time_t(expire);
|
||||
std::time_t end_time = std::chrono::system_clock::to_time_t(end);
|
||||
const bool valid = validate(token, username, pub_key_a);
|
||||
|
||||
EXPECT_TRUE(valid);
|
||||
EXPECT_EQ(end_time, expire_time);
|
||||
}
|
||||
|
||||
TEST(TokenTest, InvalidUsername)
|
||||
|
|
@ -125,7 +121,7 @@ TEST(TokenTest, InvalidUsername)
|
|||
const auto token = gen_token(username, pub_key_a, priv_key_a, now, expire);
|
||||
|
||||
const std::string notjames = "not_james";
|
||||
const auto [valid, end] = validate(token, notjames, pub_key_a);
|
||||
const bool valid = validate(token, notjames, pub_key_a);
|
||||
|
||||
EXPECT_FALSE(valid);
|
||||
}
|
||||
|
|
@ -137,7 +133,7 @@ TEST(TokenTest, WrongKey)
|
|||
const time_T expire = now + std::chrono::seconds(1);
|
||||
const auto token = gen_token(username, pub_key_a, priv_key_a, now, expire);
|
||||
|
||||
const auto [valid, end] = validate(token, username, pub_key_b);
|
||||
const bool valid = validate(token, username, pub_key_b);
|
||||
|
||||
EXPECT_FALSE(valid);
|
||||
}
|
||||
|
|
@ -151,7 +147,7 @@ TEST(TokenTest, NonsenseKey)
|
|||
|
||||
const std::string nonsenseKey = "lslslslsl";
|
||||
|
||||
const auto [valid, end] = validate(token, username, nonsenseKey);
|
||||
const bool valid = validate(token, username, nonsenseKey);
|
||||
|
||||
EXPECT_FALSE(valid);
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue