1 #ifndef _ots_Utilities_WebUsers_h_
2 #define _ots_Utilities_WebUsers_h_
4 #include "otsdaq/Macros/CoutMacros.h"
5 #include "otsdaq/Macros/StringMacros.h"
6 #include "otsdaq/MessageFacility/MessageFacility.h"
7 #include "otsdaq/SOAPUtilities/SOAPMessenger.h"
8 #include "xgi/Method.h"
12 #include <unordered_map>
15 #define WEB_LOGIN_DB_PATH std::string(__ENV__("SERVICE_DATA_PATH")) + "/LoginData/"
16 #define WEB_LOGIN_CERTDATA_PATH std::string(__ENV__("CERT_DATA_PATH"))
17 #define HASHES_DB_PATH "HashesData/"
18 #define USERS_DB_PATH "UsersData/"
19 #define USERS_LOGIN_HISTORY_PATH USERS_DB_PATH + "UserLoginHistoryData/"
20 #define USERS_PREFERENCES_PATH USERS_DB_PATH + "UserPreferencesData/"
21 #define TOOLTIP_DB_PATH USERS_DB_PATH + "/TooltipData/"
25 class HttpXmlDocument;
39 SESSION_ID_LENGTH = 512,
40 COOKIE_CODE_LENGTH = 512,
41 NOT_FOUND_IN_DATABASE = uint64_t(-1),
43 DISPLAY_NAME_LENGTH = 4,
46 using permissionLevel_t = uint8_t;
49 PERMISSION_LEVEL_ADMIN =
50 WebUsers::permissionLevel_t(-1),
51 PERMISSION_LEVEL_EXPERT = 100,
52 PERMISSION_LEVEL_USER = 10,
53 PERMISSION_LEVEL_NOVICE = 1,
54 PERMISSION_LEVEL_INACTIVE = 0,
57 static const std::string OTS_OWNER;
59 static const std::string DEFAULT_ADMIN_USERNAME;
60 static const std::string DEFAULT_ADMIN_DISPLAY_NAME;
61 static const std::string DEFAULT_ADMIN_EMAIL;
62 static const std::string DEFAULT_ITERATOR_USERNAME;
63 static const std::string DEFAULT_STATECHANGER_USERNAME;
64 static const std::string DEFAULT_USER_GROUP;
66 static const std::string REQ_NO_LOGIN_RESPONSE;
67 static const std::string REQ_NO_PERMISSION_RESPONSE;
68 static const std::string REQ_USER_LOCKOUT_RESPONSE;
69 static const std::string REQ_LOCK_REQUIRED_RESPONSE;
70 static const std::string REQ_ALLOW_NO_USER;
72 static const std::string SECURITY_TYPE_NONE;
73 static const std::string SECURITY_TYPE_DIGEST_ACCESS;
81 RequestUserInfo(
const std::string& requestType,
const std::string& cookieCode)
82 : requestType_(requestType)
83 , cookieCode_(cookieCode)
92 bool setGroupPermissionLevels(
const std::string& groupPermissionLevelsString)
97 StringMacros::getMapFromString(
98 groupPermissionLevelsString,
99 groupPermissionLevelMap_);
100 getGroupPermissionLevel();
107 const std::map<std::string , WebUsers::permissionLevel_t>&
108 getGroupPermissionLevels()
const
110 return groupPermissionLevelMap_;
115 const WebUsers::permissionLevel_t& getGroupPermissionLevel()
117 permissionLevel_ = 0;
122 bool matchedAcceptGroup =
false;
123 for(
const auto& userGroupPair : groupPermissionLevelMap_)
124 if(StringMacros::inWildCardSet(
127 userGroupPair.second >
131 userGroupPair.second;
132 matchedAcceptGroup =
true;
136 if(!matchedAcceptGroup && groupsAllowed_.size())
140 <<
") has insufficient group permissions: user is in these groups... "
141 << StringMacros::mapToString(groupPermissionLevelMap_)
142 <<
" and the allowed groups are... "
143 << StringMacros::setToString(groupsAllowed_) << std::endl;
144 return permissionLevel_;
148 if(!groupsAllowed_.size())
150 for(
const auto& userGroupPair : groupPermissionLevelMap_)
151 if(StringMacros::inWildCardSet(userGroupPair.first,
156 <<
") is in a disallowed group: user is in these groups... "
157 << StringMacros::mapToString(groupPermissionLevelMap_)
158 <<
" and the disallowed groups are... "
159 << StringMacros::setToString(groupsDisallowed_) << std::endl;
160 return permissionLevel_;
166 auto findIt = groupPermissionLevelMap_.find(WebUsers::DEFAULT_USER_GROUP);
167 if(findIt != groupPermissionLevelMap_.end())
170 permissionLevel_ = findIt->second;
173 return permissionLevel_;
176 inline bool isInactive()
const
178 return permissionLevel_ == WebUsers::PERMISSION_LEVEL_INACTIVE;
180 inline bool isAdmin()
const
182 return permissionLevel_ == WebUsers::PERMISSION_LEVEL_ADMIN;
186 const std::string& requestType_;
187 std::string cookieCode_;
189 bool automatedCommand_, NonXMLRequestType_, NoXmlWhiteSpace_;
190 bool checkLock_, requireLock_, allowNoUser_, requireSecurity_;
192 std::set<std::string> groupsAllowed_, groupsDisallowed_;
194 WebUsers::permissionLevel_t permissionLevel_, permissionsThreshold_;
197 std::string username_, displayName_, usernameWithLock_;
198 uint64_t activeUserSessionIndex_;
201 std::map<std::string , WebUsers::permissionLevel_t>
202 groupPermissionLevelMap_;
208 bool xmlRequestOnGateway(cgicc::Cgicc& cgi,
209 std::ostringstream* out,
216 static void initializeRequestUserInfo(cgicc::Cgicc& cgi,
218 static bool checkRequestAccess(cgicc::Cgicc& cgi,
219 std::ostringstream* out,
222 bool isWizardMode =
false,
223 const std::string& wizardModeSequence =
"");
225 bool createNewAccount(
const std::string& username,
226 const std::string& displayName,
227 const std::string& email);
228 void cleanupExpiredEntries(std::vector<std::string>* loggedOutUsernames = 0);
229 std::string createNewLoginSession(
const std::string& uuid,
const std::string& ip);
231 uint64_t attemptActiveSession(
const std::string& uuid,
232 std::string& jumbledUser,
233 const std::string& jumbledPw,
234 std::string& newAccountCode,
235 const std::string& ip);
236 uint64_t attemptActiveSessionWithCert(
const std::string& uuid,
237 std::string& jumbledEmail,
238 std::string& cookieCode,
239 std::string& username,
240 const std::string& ip);
241 uint64_t isCookieCodeActiveForLogin(
const std::string& uuid,
242 std::string& cookieCode,
243 std::string& username);
244 bool cookieCodeIsActiveForRequest(
245 std::string& cookieCode,
246 std::map<std::string /*groupName*/, WebUsers::permissionLevel_t>*
249 const std::string& ip =
"0",
251 std::string* userWithLock = 0,
252 uint64_t* activeUserSessionIndex = 0);
253 uint64_t cookieCodeLogout(
const std::string& cookieCode,
254 bool logoutOtherUserSessions,
256 const std::string& ip =
"0");
257 bool checkIpAccess(
const std::string& ip);
259 std::string getUsersDisplayName(uint64_t uid);
260 std::string getUsersUsername(uint64_t uid);
261 uint64_t getActiveSessionCountForUser(uint64_t uid);
262 std::map<std::string , WebUsers::permissionLevel_t>
263 getPermissionsForUser(uint64_t uid);
264 void insertSettingsForUser(uint64_t uid,
266 bool includeAccounts =
false);
267 std::string getGenericPreference(uint64_t uid,
268 const std::string& preferenceName,
271 void changeSettingsForUser(uint64_t uid,
272 const std::string& bgcolor,
273 const std::string& dbcolor,
274 const std::string& wincolor,
275 const std::string& layout,
276 const std::string& syslayout);
277 void setGenericPreference(uint64_t uid,
278 const std::string& preferenceName,
279 const std::string& preferenceValue);
280 static void tooltipCheckForUsername(
const std::string& username,
282 const std::string& srcFile,
283 const std::string& srcFunc,
284 const std::string& srcId);
285 static void tooltipSetNeverShowForUsername(
const std::string& username,
287 const std::string& srcFile,
288 const std::string& srcFunc,
289 const std::string& srcId,
291 bool temporarySilence);
293 void modifyAccountSettings(uint64_t actingUid,
295 const std::string& username,
296 const std::string& displayname,
297 const std::string& email,
298 const std::string& permissions);
299 bool setUserWithLock(uint64_t actingUid,
bool lock,
const std::string& username);
300 std::string getUserWithLock(
void) {
return usersUsernameWithLock_; }
302 std::string getActiveUsersString(
void);
304 bool getUserInfoForCookie(std::string& cookieCode,
305 std::string* userName,
306 std::string* displayName = 0,
307 uint64_t* activeSessionIndex = 0);
309 bool isUsernameActive(
const std::string& username)
const;
310 bool isUserIdActive(uint64_t uid)
const;
311 uint64_t getAdminUserID(
void);
312 std::string getSecurity(
void);
314 static void deleteUserData(
void);
316 static void resetAllUserTooltips(
const std::string& userNeedle =
"*");
317 static void silenceAllUserTooltips(
const std::string& username);
319 static void NACDisplayThread(
const std::string& nac,
const std::string& user);
321 void saveActiveSessions(
void);
322 void loadActiveSessions(
void);
325 inline WebUsers::permissionLevel_t getPermissionLevelForGroup(
326 std::map<std::string /*groupName*/, WebUsers::permissionLevel_t>& permissionMap,
327 const std::string& groupName = WebUsers::DEFAULT_USER_GROUP);
328 inline bool isInactiveForGroup(
329 std::map<std::string /*groupName*/, WebUsers::permissionLevel_t>& permissionMap,
330 const std::string& groupName = WebUsers::DEFAULT_USER_GROUP);
331 inline bool isAdminForGroup(
332 std::map<std::string /*groupName*/, WebUsers::permissionLevel_t>& permissionMap,
333 const std::string& groupName = WebUsers::DEFAULT_USER_GROUP);
335 void loadSecuritySelection(
void);
336 void loadUserWithLock(
void);
337 unsigned int hexByteStrToInt(
const char* h);
338 void intToHexStr(uint8_t i,
char* h);
339 std::string sha512(
const std::string& user,
340 const std::string& password,
342 std::string dejumble(
const std::string& jumbledUser,
const std::string& sessionId);
343 std::string createNewActiveSession(uint64_t uid,
344 const std::string& ip =
"0",
345 uint64_t asIndex = 0);
346 bool addToHashesDatabase(
const std::string& hash);
347 std::string genCookieCode(
void);
348 std::string refreshCookieCode(
unsigned int i,
bool enableRefresh =
true);
349 void removeActiveSessionEntry(
unsigned int i);
350 void removeLoginSessionEntry(
unsigned int i);
351 bool deleteAccount(
const std::string& username,
const std::string& displayName);
352 void incrementIpBlacklistCount(
const std::string& ip);
354 void saveToDatabase(FILE* fp,
355 const std::string& field,
356 const std::string& value,
357 uint8_t type = DB_SAVE_OPEN_AND_CLOSE,
358 bool addNewLine =
true);
359 bool saveDatabaseToFile(uint8_t db);
360 bool loadDatabases(
void);
362 uint64_t searchUsersDatabaseForUsername(
const std::string& username)
const;
363 uint64_t searchUsersDatabaseForUserEmail(
const std::string& useremail)
const;
364 uint64_t searchUsersDatabaseForUserId(uint64_t uid)
const;
365 uint64_t searchLoginSessionDatabaseForUUID(
const std::string& uuid)
const;
366 uint64_t searchHashesDatabaseForHash(
const std::string& hash);
367 uint64_t searchActiveSessionDatabaseForCookie(
const std::string& cookieCode)
const;
369 static std::string getTooltipFilename(
const std::string& username,
370 const std::string& srcFile,
371 const std::string& srcFunc,
372 const std::string& srcId);
373 std::string getUserEmailFromFingerprint(
const std::string& fingerprint);
390 DB_SAVE_OPEN_AND_CLOSE,
395 std::unordered_map<std::string, std::string> certFingerprints_;
397 std::vector<std::string> UsersDatabaseEntryFields, HashesDatabaseEntryFields;
398 bool CareAboutCookieCodes_;
399 std::string securityType_;
408 std::vector<std::string> LoginSessionIdVector, LoginSessionUUIDVector,
409 LoginSessionIpVector;
410 std::vector<time_t> LoginSessionStartTimeVector;
411 std::vector<uint8_t> LoginSessionAttemptsVector;
414 LOGIN_SESSION_EXPIRATION_TIME = 5 * 60,
415 LOGIN_SESSION_ATTEMPTS_MAX = 5,
428 std::vector<std::string> ActiveSessionCookieCodeVector, ActiveSessionIpVector;
429 std::vector<uint64_t> ActiveSessionUserIdVector, ActiveSessionIndex;
430 std::vector<time_t> ActiveSessionStartTimeVector;
433 ACTIVE_SESSION_EXPIRATION_TIME = 120 * 60,
436 ACTIVE_SESSION_COOKIE_OVERLAP_TIME =
438 ACTIVE_SESSION_STALE_COOKIE_LIMIT =
461 std::vector<std::string> UsersUsernameVector, UsersUserEmailVector,
462 UsersDisplayNameVector, UsersSaltVector, UsersLastModifierUsernameVector;
463 std::vector<std::map<std::string , WebUsers::permissionLevel_t> >
464 UsersPermissionsVector;
465 std::vector<uint64_t> UsersUserIdVector;
466 std::vector<time_t> UsersLastLoginAttemptVector, UsersAccountCreatedTimeVector,
467 UsersLastModifiedTimeVector;
468 std::vector<uint8_t> UsersLoginFailureCountVector;
469 uint64_t usersNextUserId_;
472 USERS_LOGIN_HISTORY_SIZE = 20,
473 USERS_GLOBAL_HISTORY_SIZE = 1000,
474 USERS_MAX_LOGIN_FAILURES = 20,
476 std::string usersUsernameWithLock_;
478 std::vector<std::string> UsersLoggedOutUsernames_;
482 std::vector<std::string> HashesVector;
483 std::vector<time_t> HashesAccessTimeVector;
487 IP_BLACKLIST_COUNT_THRESHOLD = 200,
489 std::map<std::string , uint32_t > ipBlacklistCounts_;