SessionPtr WebUserManager::authenticate(const string& aUserName, const string& aPassword, bool aIsSecure, uint64_t aMaxInactivityMinutes, bool aUserSession) noexcept {
auto u = getUser(aUserName);
if (!u) {
return nullptr;
}
if (u->getPassword() != aPassword) {
return nullptr;
}
u->setLastLogin(GET_TIME());
u->addSession();
fire(WebUserManagerListener::UserUpdated(), u);
auto uuid = boost::uuids::random_generator()();
auto session = std::make_shared<Session>(u, boost::uuids::to_string(uuid), aIsSecure, server, aMaxInactivityMinutes, aUserSession);
{
WLock l(cs);
sessionsRemoteId.emplace(session->getAuthToken(), session);
sessionsLocalId.emplace(session->getId(), session);
}
if (aUserSession) {
ActivityManager::getInstance()->updateActivity();
}
return session;
}
websocketpp::http::status_code::value SessionApi::handleLogin(ApiRequest& aRequest, bool aIsSecure, const WebSocketPtr& aSocket, const string& aIP) {
const auto& reqJson = aRequest.getRequestBody();
auto username = JsonUtil::getField<string>("username", reqJson, false);
auto password = JsonUtil::getField<string>("password", reqJson, false);
auto inactivityMinutes = JsonUtil::getOptionalFieldDefault<uint64_t>("max_inactivity", reqJson, WEBCFG(DEFAULT_SESSION_IDLE_TIMEOUT).uint64());
auto userSession = JsonUtil::getOptionalFieldDefault<bool>("user_session", reqJson, false);
auto session = WebServerManager::getInstance()->getUserManager().authenticate(username, password,
aIsSecure, inactivityMinutes, userSession, aIP);
if (!session) {
aRequest.setResponseErrorStr("Invalid username or password");
return websocketpp::http::status_code::unauthorized;
}
json retJson = {
{ "permissions", session->getUser()->getPermissions() },
{ "token", session->getAuthToken() },
{ "user", session->getUser()->getUserName() },
{ "system", getSystemInfo(aIP) },
{ "run_wizard", SETTING(WIZARD_RUN) },
{ "cid", ClientManager::getInstance()->getMyCID().toBase32() },
};
if (aSocket) {
session->onSocketConnected(aSocket);
aSocket->setSession(session);
}
aRequest.setResponseBody(retJson);
return websocketpp::http::status_code::ok;
}
//--------------------------------------------------------------
bool API::authenticate( string _api_key, string _api_secret, Permissions perms ){
api_key = _api_key;
api_secret = _api_secret;
// try to load from xml
ofxXmlSettings xml;
bool bLoaded = xml.loadFile("flickr.xml");
if ( bLoaded ){
xml.pushTag("settings");{
auth_token = xml.getValue("token", "");
if (auth_token == "" ){
bLoaded = false;
}
}; xml.popTag();
}
// not loaded, definitely need to get one
if ( !bLoaded ) {
bAuthenticated = getAuthToken( perms );
} else {
// loaded, might not be valid! check to see if we need to load
if ( !checkAuthToken( api_key, auth_token, perms ) ){
bAuthenticated = getAuthToken( perms );
} else {
bAuthenticated = true;
}
}
if ( bAuthenticated ) {
currentPerms = perms;
} else {
currentPerms = FLICKR_NONE;
}
return bAuthenticated;
}
void Posterous::upload(const QUrl &localUrl, const QByteArray &medium, const QByteArray &mediumType)
{
PosterousSettings::self()->load();
KIO::StoredTransferJob *job = 0;
if (PosterousSettings::basic()) {
QString login = PosterousSettings::login();
QString pass = Choqok::PasswordManager::self()->readPassword(QStringLiteral("posterous_%1").arg(PosterousSettings::login()));
QString token = getAuthToken(localUrl);
if (!token.isEmpty()) {
QUrl url(QLatin1String("http://posterous.com/api/2/users/me/sites/primary/posts"));
QMap<QString, QByteArray> formdata;
formdata[QLatin1String("post[title]")] = QByteArray();
formdata[QLatin1String("post[body]")] = QByteArray();
formdata[QLatin1String("autopost")] = "0";
formdata[QLatin1String("source")] = "Choqok";
formdata[QLatin1String("api_token")] = token.toUtf8();
QMap<QString, QByteArray> mediafile;
mediafile[QLatin1String("name")] = "media";
mediafile[QLatin1String("filename")] = localUrl.fileName().toUtf8();
mediafile[QLatin1String("mediumType")] = mediumType;
mediafile[QLatin1String("medium")] = medium;
QList< QMap<QString, QByteArray> > listMediafiles;
listMediafiles.append(mediafile);
QByteArray data = Choqok::MediaManager::createMultipartFormData(formdata, listMediafiles);
job = KIO::storedHttpPost(data, url, KIO::HideProgressInfo);
job->addMetaData(QLatin1String("customHTTPHeader"),
QLatin1String("Authorization: Basic ") +
QLatin1String(QStringLiteral("%1:%2").arg(login).arg(pass).toUtf8().toBase64()));
}
} else if (PosterousSettings::oauth()) {
QString alias = PosterousSettings::alias();
if (alias.isEmpty()) {
qCritical() << "No account to use";
Q_EMIT uploadingFailed(localUrl, i18n("There is no Twitter account configured to use."));
return;
}
TwitterApiAccount *acc = qobject_cast<TwitterApiAccount *> (Choqok::AccountManager::self()->findAccount(alias));
if (!acc) {
return;
}
QUrl url(QLatin1String("http://posterous.com/api2/upload.json"));
QMap<QString, QByteArray> formdata;
formdata[QLatin1String("source")] = "Choqok";
formdata[QLatin1String("sourceLink")] = "http://choqok.gnufolks.org/";
QMap<QString, QByteArray> mediafile;
mediafile[QLatin1String("name")] = "media";
mediafile[QLatin1String("filename")] = localUrl.fileName().toUtf8();
mediafile[QLatin1String("mediumType")] = mediumType;
mediafile[QLatin1String("medium")] = medium;
QList< QMap<QString, QByteArray> > listMediafiles;
listMediafiles.append(mediafile);
QByteArray data = Choqok::MediaManager::createMultipartFormData(formdata, listMediafiles);
KIO::StoredTransferJob *job = KIO::storedHttpPost(data, url, KIO::HideProgressInfo) ;
QOAuth::ParamMap params;
QString requrl = QLatin1String("https://api.twitter.com/1/account/verify_credentials.json");
QByteArray credentials = acc->oauthInterface()->createParametersString(requrl,
QOAuth::GET, acc->oauthToken(),
acc->oauthTokenSecret(),
QOAuth::HMAC_SHA1,
params, QOAuth::ParseForHeaderArguments);
QString cHeader = QLatin1String("X-Verify-Credentials-Authorization: ") + QLatin1String(credentials) + QLatin1String("\r\n");
cHeader.append(QLatin1String("X-Auth-Service-Provider: https://api.twitter.com/1/account/verify_credentials.json"));
job->addMetaData(QLatin1String("customHTTPHeader"), cHeader);
}
if (!job) {
qCritical() << "Cannot create a http POST request!";
return;
}
job->addMetaData(QStringLiteral("content-type"),
QStringLiteral("Content-Type: multipart/form-data; boundary=AaB03x"));
mUrlMap[job] = localUrl;
connect(job, SIGNAL(result(KJob*)),
SLOT(slotUpload(KJob*)));
job->start();
}
