1 #ifndef _ots_Utilities_WebUsers_h_
2 #define _ots_Utilities_WebUsers_h_
4 #include "otsdaq-core/Macros/CoutMacros.h"
5 #include "otsdaq-core/Macros/StringMacros.h"
6 #include "otsdaq-core/MessageFacility/MessageFacility.h"
7 #include "otsdaq-core/SOAPUtilities/SOAPMessenger.h"
8 #include "xgi/Method.h"
12 #include <unordered_map>
15 #define WEB_LOGIN_DB_PATH std::string(__ENV__("SERVICE_DATA_PATH")) + "/LoginData/"
16 #define WEB_LOGIN_CERTDATA_PATH std::string(__ENV__("CERT_DATA_PATH"))
17 #define HASHES_DB_PATH "HashesData/"
18 #define USERS_DB_PATH "UsersData/"
19 #define USERS_LOGIN_HISTORY_PATH USERS_DB_PATH + "UserLoginHistoryData/"
20 #define USERS_PREFERENCES_PATH USERS_DB_PATH + "UserPreferencesData/"
21 #define TOOLTIP_DB_PATH USERS_DB_PATH + "/TooltipData/"
25 class HttpXmlDocument;
37 SESSION_ID_LENGTH = 512,
38 COOKIE_CODE_LENGTH = 512,
39 NOT_FOUND_IN_DATABASE = uint64_t(-1),
41 DISPLAY_NAME_LENGTH = 4,
44 using permissionLevel_t = uint8_t;
47 PERMISSION_LEVEL_ADMIN =
48 WebUsers::permissionLevel_t(-1),
49 PERMISSION_LEVEL_EXPERT = 100,
50 PERMISSION_LEVEL_USER = 10,
51 PERMISSION_LEVEL_NOVICE = 1,
52 PERMISSION_LEVEL_INACTIVE = 0,
55 static const std::string DEFAULT_ADMIN_USERNAME;
56 static const std::string DEFAULT_ADMIN_DISPLAY_NAME;
57 static const std::string DEFAULT_ADMIN_EMAIL;
58 static const std::string DEFAULT_ITERATOR_USERNAME;
59 static const std::string DEFAULT_STATECHANGER_USERNAME;
60 static const std::string DEFAULT_USER_GROUP;
62 static const std::string REQ_NO_LOGIN_RESPONSE;
63 static const std::string REQ_NO_PERMISSION_RESPONSE;
64 static const std::string REQ_USER_LOCKOUT_RESPONSE;
65 static const std::string REQ_LOCK_REQUIRED_RESPONSE;
66 static const std::string REQ_ALLOW_NO_USER;
68 static const std::string SECURITY_TYPE_NONE;
69 static const std::string SECURITY_TYPE_DIGEST_ACCESS;
77 RequestUserInfo(
const std::string& requestType,
const std::string& cookieCode)
78 : requestType_(requestType)
79 , cookieCode_(cookieCode)
88 bool setGroupPermissionLevels(
const std::string& groupPermissionLevelsString)
93 StringMacros::getMapFromString(
94 groupPermissionLevelsString,
95 groupPermissionLevelMap_);
96 getGroupPermissionLevel();
103 const std::map<std::string , WebUsers::permissionLevel_t>&
104 getGroupPermissionLevels()
const
106 return groupPermissionLevelMap_;
111 const WebUsers::permissionLevel_t& getGroupPermissionLevel()
113 permissionLevel_ = 0;
118 bool matchedAcceptGroup =
false;
119 for(
const auto& userGroupPair : groupPermissionLevelMap_)
120 if(StringMacros::inWildCardSet(
123 userGroupPair.second >
127 userGroupPair.second;
128 matchedAcceptGroup =
true;
132 if(!matchedAcceptGroup && groupsAllowed_.size())
136 <<
") has insufficient group permissions: user is in these groups... "
137 << StringMacros::mapToString(groupPermissionLevelMap_)
138 <<
" and the allowed groups are... "
139 << StringMacros::setToString(groupsAllowed_) << std::endl;
140 return permissionLevel_;
144 if(!groupsAllowed_.size())
146 for(
const auto& userGroupPair : groupPermissionLevelMap_)
147 if(StringMacros::inWildCardSet(userGroupPair.first,
152 <<
") is in a disallowed group: user is in these groups... "
153 << StringMacros::mapToString(groupPermissionLevelMap_)
154 <<
" and the disallowed groups are... "
155 << StringMacros::setToString(groupsDisallowed_) << std::endl;
156 return permissionLevel_;
162 auto findIt = groupPermissionLevelMap_.find(WebUsers::DEFAULT_USER_GROUP);
163 if(findIt != groupPermissionLevelMap_.end())
166 permissionLevel_ = findIt->second;
169 return permissionLevel_;
172 inline bool isInactive()
174 return permissionLevel_ == WebUsers::PERMISSION_LEVEL_INACTIVE;
176 inline bool isAdmin()
178 return permissionLevel_ == WebUsers::PERMISSION_LEVEL_ADMIN;
182 const std::string& requestType_;
183 std::string cookieCode_;
185 bool automatedCommand_, NonXMLRequestType_, NoXmlWhiteSpace_;
186 bool checkLock_, requireLock_, allowNoUser_;
188 std::set<std::string> groupsAllowed_, groupsDisallowed_;
190 WebUsers::permissionLevel_t permissionLevel_, permissionsThreshold_;
193 std::string username_, displayName_, usernameWithLock_;
194 uint64_t activeUserSessionIndex_;
197 std::map<std::string , WebUsers::permissionLevel_t>
198 groupPermissionLevelMap_;
204 bool xmlRequestOnGateway(cgicc::Cgicc& cgi,
205 std::ostringstream* out,
211 static void initializeRequestUserInfo(cgicc::Cgicc& cgi,
213 static bool checkRequestAccess(cgicc::Cgicc& cgi,
214 std::ostringstream* out,
217 bool isWizardMode =
false);
219 bool createNewAccount(
const std::string& username,
220 const std::string& displayName,
221 const std::string& email);
222 void cleanupExpiredEntries(std::vector<std::string>* loggedOutUsernames = 0);
223 std::string createNewLoginSession(
const std::string& uuid,
const std::string& ip);
225 uint64_t attemptActiveSession(
const std::string& uuid,
226 std::string& jumbledUser,
227 const std::string& jumbledPw,
228 std::string& newAccountCode,
229 const std::string& ip);
230 uint64_t attemptActiveSessionWithCert(
const std::string& uuid,
231 std::string& jumbledEmail,
232 std::string& cookieCode,
233 std::string& username,
234 const std::string& ip);
235 uint64_t isCookieCodeActiveForLogin(
const std::string& uuid,
236 std::string& cookieCode,
237 std::string& username);
238 bool cookieCodeIsActiveForRequest(
239 std::string& cookieCode,
240 std::map<std::string /*groupName*/, WebUsers::permissionLevel_t>*
243 const std::string& ip =
"0",
245 std::string* userWithLock = 0,
246 uint64_t* activeUserSessionIndex = 0);
247 uint64_t cookieCodeLogout(
const std::string& cookieCode,
248 bool logoutOtherUserSessions,
250 const std::string& ip =
"0");
251 bool checkIpAccess(
const std::string& ip);
253 std::string getUsersDisplayName(uint64_t uid);
254 std::string getUsersUsername(uint64_t uid);
255 uint64_t getActiveSessionCountForUser(uint64_t uid);
256 std::map<std::string , WebUsers::permissionLevel_t>
257 getPermissionsForUser(uint64_t uid);
258 void insertSettingsForUser(uint64_t uid,
260 bool includeAccounts =
false);
261 std::string getGenericPreference(uint64_t uid,
262 const std::string& preferenceName,
265 void changeSettingsForUser(uint64_t uid,
266 const std::string& bgcolor,
267 const std::string& dbcolor,
268 const std::string& wincolor,
269 const std::string& layout,
270 const std::string& syslayout);
271 void setGenericPreference(uint64_t uid,
272 const std::string& preferenceName,
273 const std::string& preferenceValue);
274 static void tooltipCheckForUsername(
const std::string& username,
276 const std::string& srcFile,
277 const std::string& srcFunc,
278 const std::string& srcId);
279 static void tooltipSetNeverShowForUsername(
const std::string& username,
281 const std::string& srcFile,
282 const std::string& srcFunc,
283 const std::string& srcId,
285 bool temporarySilence);
287 void modifyAccountSettings(uint64_t actingUid,
289 const std::string& username,
290 const std::string& displayname,
291 const std::string& email,
292 const std::string& permissions);
293 bool setUserWithLock(uint64_t actingUid,
bool lock,
const std::string& username);
294 std::string getUserWithLock(
void) {
return usersUsernameWithLock_; }
296 std::string getActiveUsersString(
void);
298 bool getUserInfoForCookie(std::string& cookieCode,
299 std::string* userName,
300 std::string* displayName = 0,
301 uint64_t* activeSessionIndex = 0);
303 bool isUsernameActive(
const std::string& username)
const;
304 bool isUserIdActive(uint64_t uid)
const;
305 uint64_t getAdminUserID(
void);
306 std::string getSecurity(
void);
308 static void deleteUserData(
void);
309 static void resetAllUserTooltips(
const std::string& userNeedle =
"*");
311 static void NACDisplayThread(
const std::string& nac,
const std::string& user);
313 void saveActiveSessions(
void);
314 void loadActiveSessions(
void);
317 inline WebUsers::permissionLevel_t getPermissionLevelForGroup(
318 std::map<std::string /*groupName*/, WebUsers::permissionLevel_t>& permissionMap,
319 const std::string& groupName = WebUsers::DEFAULT_USER_GROUP);
320 inline bool isInactiveForGroup(
321 std::map<std::string /*groupName*/, WebUsers::permissionLevel_t>& permissionMap,
322 const std::string& groupName = WebUsers::DEFAULT_USER_GROUP);
323 inline bool isAdminForGroup(
324 std::map<std::string /*groupName*/, WebUsers::permissionLevel_t>& permissionMap,
325 const std::string& groupName = WebUsers::DEFAULT_USER_GROUP);
327 void loadSecuritySelection(
void);
328 void loadUserWithLock(
void);
329 unsigned int hexByteStrToInt(
const char* h);
330 void intToHexStr(uint8_t i,
char* h);
331 std::string sha512(
const std::string& user,
332 const std::string& password,
334 std::string dejumble(
const std::string& jumbledUser,
const std::string& sessionId);
335 std::string createNewActiveSession(uint64_t uid,
336 const std::string& ip =
"0",
337 uint64_t asIndex = 0);
338 bool addToHashesDatabase(
const std::string& hash);
339 std::string genCookieCode(
void);
340 std::string refreshCookieCode(
unsigned int i,
bool enableRefresh =
true);
341 void removeActiveSessionEntry(
unsigned int i);
342 void removeLoginSessionEntry(
unsigned int i);
343 bool deleteAccount(
const std::string& username,
const std::string& displayName);
344 void incrementIpBlacklistCount(
const std::string& ip);
346 void saveToDatabase(FILE* fp,
347 const std::string& field,
348 const std::string& value,
349 uint8_t type = DB_SAVE_OPEN_AND_CLOSE,
350 bool addNewLine =
true);
351 bool saveDatabaseToFile(uint8_t db);
352 bool loadDatabases(
void);
354 uint64_t searchUsersDatabaseForUsername(
const std::string& username)
const;
355 uint64_t searchUsersDatabaseForUserEmail(
const std::string& useremail)
const;
356 uint64_t searchUsersDatabaseForUserId(uint64_t uid)
const;
357 uint64_t searchLoginSessionDatabaseForUUID(
const std::string& uuid)
const;
358 uint64_t searchHashesDatabaseForHash(
const std::string& hash);
359 uint64_t searchActiveSessionDatabaseForCookie(
const std::string& cookieCode)
const;
361 static std::string getTooltipFilename(
const std::string& username,
362 const std::string& srcFile,
363 const std::string& srcFunc,
364 const std::string& srcId);
365 std::string getUserEmailFromFingerprint(
const std::string& fingerprint);
382 DB_SAVE_OPEN_AND_CLOSE,
387 std::unordered_map<std::string, std::string> certFingerprints_;
389 std::vector<std::string> UsersDatabaseEntryFields, HashesDatabaseEntryFields;
390 bool CareAboutCookieCodes_;
391 std::string securityType_;
400 std::vector<std::string> LoginSessionIdVector, LoginSessionUUIDVector,
401 LoginSessionIpVector;
402 std::vector<time_t> LoginSessionStartTimeVector;
403 std::vector<uint8_t> LoginSessionAttemptsVector;
406 LOGIN_SESSION_EXPIRATION_TIME = 5 * 60,
407 LOGIN_SESSION_ATTEMPTS_MAX = 5,
420 std::vector<std::string> ActiveSessionCookieCodeVector, ActiveSessionIpVector;
421 std::vector<uint64_t> ActiveSessionUserIdVector, ActiveSessionIndex;
422 std::vector<time_t> ActiveSessionStartTimeVector;
425 ACTIVE_SESSION_EXPIRATION_TIME = 120 * 60,
428 ACTIVE_SESSION_COOKIE_OVERLAP_TIME =
430 ACTIVE_SESSION_STALE_COOKIE_LIMIT =
453 std::vector<std::string> UsersUsernameVector, UsersUserEmailVector,
454 UsersDisplayNameVector, UsersSaltVector, UsersLastModifierUsernameVector;
455 std::vector<std::map<std::string , WebUsers::permissionLevel_t> >
456 UsersPermissionsVector;
457 std::vector<uint64_t> UsersUserIdVector;
458 std::vector<time_t> UsersLastLoginAttemptVector, UsersAccountCreatedTimeVector,
459 UsersLastModifiedTimeVector;
460 std::vector<uint8_t> UsersLoginFailureCountVector;
461 uint64_t usersNextUserId_;
464 USERS_LOGIN_HISTORY_SIZE = 20,
465 USERS_GLOBAL_HISTORY_SIZE = 1000,
466 USERS_MAX_LOGIN_FAILURES = 20,
468 std::string usersUsernameWithLock_;
470 std::vector<std::string> UsersLoggedOutUsernames_;
474 std::vector<std::string> HashesVector;
475 std::vector<time_t> HashesAccessTimeVector;
479 IP_BLACKLIST_COUNT_THRESHOLD = 200,
481 std::map<std::string , uint32_t > ipBlacklistCounts_;