AuthRepositoryPatch AuthRepositoryServer::apply ( const AuthRepositoryPatch& clientSync )
{
LogConfig::logger()->info ( "input: %s %s", clientSync.get_oldCommit().c_str(), clientSync.get_diffJson().c_str() );
authrepo::PPatch patch = authrepo::JsonPatch::parseString ( clientSync.get_diffJson() );
authrepo::DBDataSource src;
//do patch
authrepo::CommitNode myHead ( &m_dbStructure, src.getTaggedCommit ( "head" ) );
myHead.load ( &src );
myHead.setUserPermissions ( m_userStaticId );
authrepo::GeneralPatcher p ( &myHead, patch );
p.apply();
DBSession s = DBSessionFactory::getSession();
s.BeginTransaction();
authrepo::DBDataCollector coll ( s );
myHead.storeUpdates ( &coll );
coll.writeTag ( "head", myHead.getId() );
s.CommitTransaction();
//return current db status
authrepo::CommitNode initialCommit ( &m_dbStructure, "initial" );
initialCommit.load ( &src );
AuthRepositoryPatch result;
authrepo::DiffCalculator dc ( &initialCommit, &myHead );
result.set_diffJson(authrepo::JsonPatch::stringify ( dc.diff ( m_userStaticId ) ));
result.set_newCommit(myHead.getId());
LogConfig::logger()->debug ( "repo output: %s %s", result.get_diffJson().c_str(), result.get_newCommit().c_str() );
return result;
}
void AuthRepositoryServer::setUserPassword ( const std::string &userStaticId, const std::string &newPassword )
{
LogConfig::logger()->info ( "changing password for: %s", userStaticId.c_str() );
//check permissions
if ( m_userStaticId == userStaticId ) {
setCredentials ( userStaticId, newPassword );
} else {
authrepo::DBDataSource src;
authrepo::CommitNode myHead ( &m_dbStructure, src.getTaggedCommit ( "head" ) );
myHead.load ( &src );
myHead.setUserPermissions ( m_userStaticId );
const authrepo::DBEntity *user = m_dbStructure.getByName ( "user" );
authrepo::DataNode * userNode = myHead.getIndex()->getIndex ( user )->findStaticId ( userStaticId );
if ( userNode ) {
authrepo::PermissionInfo p ( authrepo::pfEditPermissions, user );
userNode->checkPermission ( p );
if ( p.isNoFlags() )
setCredentials ( userStaticId, newPassword );
else
throw std::runtime_error ( "no permissions for user: "******"unknown user: " + userStaticId );
}
}
ListNode* removeElements(ListNode* head, int val) {
ListNode myHead(0); myHead.next = head;
ListNode* p = &myHead;
while (p->next) {
if (p->next->val == val)
p->next = p->next->next;
else
p = p->next;
}
return myHead.next;
}
AddUserResult AuthRepositoryServer::updateUserWithRole (
const std::string &licenseStaticId, const std::string &login, const std::string &password,
const std::string &fullName, const std::string &email, const std::string &phone,
bool enabled, const std::string& roleStaticId, const std::vector<std::string> & groupStaticIdList,
const std::string &userStaticId
)
{
AddUserResult result;
try {
authrepo::DBDataSource src;
authrepo::CommitNode myHead ( &m_dbStructure, src.getTaggedCommit ( "head" ) );
myHead.load ( &src );
myHead.setUserPermissions ( m_userStaticId );
validateUpdateUserParams ( myHead, licenseStaticId, login, password, fullName, email, phone, enabled, userStaticId );
updateUser ( myHead,
licenseStaticId, login, password,
fullName, email, phone, enabled,
roleStaticId, groupStaticIdList, userStaticId
);
//write
DBSession s = DBSessionFactory::getSession();
s.BeginTransaction();
authrepo::DBDataCollector coll ( s );
myHead.storeUpdates ( &coll );
coll.writeTag ( "head", myHead.getId() );
if (!password.empty()) {
std::string newSalt = authtools::generateRandomSalt();
std::string pwdHash = authtools::calculatePwdHash ( password, newSalt );
std::string computeridToken = authtools::calculatePwdHash ( licenseStaticId, authtools::generateRandomSalt() );
s.execUpdate ( "DELETE FROM repo.user_credentials WHERE userstaticid = %s", userStaticId.c_str() );
s.execUpdate ( "INSERT INTO repo.user_credentials(userstaticid, pwdhash, pwdsalt) VALUES (%s, %s, %s)", userStaticId.c_str(), pwdHash.c_str(), newSalt.c_str() );
}
s.CommitTransaction();
result.set_successful ( true );
} catch ( ValidationException &re ) {
result.set_successful ( false );
result.set_errorMessage ( re.what() );
} catch ( authrepo::util::permissions_check_error& e ) {
result.set_successful ( false );
result.set_errorMessage ( "insufficient permissions" );
}
return result;
}
void AuthRepositoryServer::setDeviceIdent ( const std::string& deviceStaticId, const std::string& deviceident )
{
authrepo::DBDataSource src;
authrepo::CommitNode myHead ( &m_dbStructure, src.getTaggedCommit ( "head" ) );
myHead.load ( &src );
myHead.setUserPermissions ( m_userStaticId );
authrepo::DataNode *device = myHead.getIndex()->getIndex ( m_dbStructure.getByName ( "device" ) )->findStaticId ( deviceStaticId );
if ( !device ) throw std::runtime_error ( "AuthRepositoryServer::setDeviceIdent unknown device: " + deviceStaticId );
device->setField("deviceident", deviceident);
device->setField("friendsstatus", "2");
//write
DBSession s = DBSessionFactory::getSession();
s.BeginTransaction();
authrepo::DBDataCollector coll ( s );
myHead.storeUpdates ( &coll );
coll.writeTag ( "head", myHead.getId() );
s.CommitTransaction();
}
std::string AuthRepositoryServer::registerNewTrial ( const RegistrationParams& params )
{
try {
authrepo::DBDataSource src;
authrepo::CommitNode myHead ( &m_dbStructure, src.getTaggedCommit ( "head" ) );
myHead.load ( &src );
myHead.setRootPermissions();
validateTrialParams ( myHead, params );
std::string userStaticId;
std::string licenseStaticId;
addTrial ( myHead, params, userStaticId, licenseStaticId );
//write
DBSession s = DBSessionFactory::getSession();
s.BeginTransaction();
authrepo::DBDataCollector coll ( s );
myHead.storeUpdates ( &coll );
coll.writeTag ( "head", myHead.getId() );
std::string newSalt = authtools::generateRandomSalt();
std::string pwdHash = authtools::calculatePwdHash ( params.get_password(), newSalt );
std::string computeridToken = authtools::calculatePwdHash ( licenseStaticId, authtools::generateRandomSalt());
s.execUpdate ( "DELETE FROM repo.user_credentials WHERE userstaticid = %s", userStaticId.c_str() );
s.execUpdate ( "INSERT INTO repo.user_credentials(userstaticid, pwdhash, pwdsalt) VALUES (%s, %s, %s)", userStaticId.c_str(), pwdHash.c_str(), newSalt.c_str() );
s.execUpdate ( "INSERT INTO license_token(licensestaticid, computerid_token) VALUES (%s, %s)", licenseStaticId.c_str(), computeridToken.c_str());
s.CommitTransaction();
} catch ( ValidationException &re ) {
return std::string ( re.what() );
}
return std::string();
}
void AuthRepositoryServer::ensureRootPermission()
{
LogConfig::logger()->info("Begin check root role");
authrepo::DBDataSource src;
authrepo::CommitNode myHead ( &m_dbStructure, src.getTaggedCommit( "head" ) );
//NOTE: load commit tree
myHead.load ( &src );
//NOTE: Allow any changes on commit tree
myHead.setRootPermissions();
//NOTE: scheme has user entity?
const authrepo::DBEntity * p_userEntity = 0;
try {
p_userEntity = m_dbStructure.getByName( "user" );
} catch(authrepo::util::runtime_error & err) {
LogConfig::logger()->error("Seems scheme has no information about user entity: %s", err.what());
return;
}
//NOTE: should not be the case since exception catched above
if(!p_userEntity) {
LogConfig::logger()->error("Seems scheme has no information about user entity");
return;
}
//NOTE: commit contains root user?
authrepo::DataNode * p_user = myHead.getIndex()->getIndex(p_userEntity)->findStaticId("root_user");
if(!p_user) {
LogConfig::logger()->error("Seems root user not found");
return;
}
//NOTE: root user has a license?
authrepo::ObjectNode * p_license = p_user->getParent();
if(!p_license) {
LogConfig::logger()->error("Seems root user license found");
return;
}
//NOTE: license is connected to group?
authrepo::ObjectNode * p_userRootGroup = p_license->getParent();
if(!p_userRootGroup) {
LogConfig::logger()->error("Seems root's root group not found");
return;
}
//NOTE: no need to save changes sofar
bool hasChanges = false;
bool hasRole = false;
//NOTE: read the security role id form user's fields
const std::map<std::string, std::string>::const_iterator cit_srid = p_user->fields().find("srid");
//NOTE: when srid field is set, check role is there too
if(cit_srid != p_user->fields().end()) {
//NOTE: scheme has role entity?
const authrepo::DBEntity * p_roleEntity = 0;
try {
p_roleEntity = m_dbStructure.getByName( "role" );
} catch(authrepo::util::runtime_error & err) {
LogConfig::logger()->error("Seems scheme has no information about user entity: %s", err.what());
return;
}
//NOTE: check user's role exists
authrepo::DataNode * p_role = myHead.getIndex()->getIndex(p_roleEntity)->findStaticId(cit_srid->second);
if(p_role) {
//NOTE: role found, cancel role creation
hasRole = true;
}
}
if(!hasRole) {
//NOTE: the security role id field is blank - no roles found
LogConfig::logger()->info("No role found on root user, create one");
authrepo::DataNode *role = p_userRootGroup->createChild ( "role", authrepo::util::generateId ( "" ) );
role->setField("name", "Built-in Administrator");
p_user->setField("srid",role->getStaticId());
const std::map<std::string, authrepo::DBEntity *> & entities = m_dbStructure.getAll();
for (
std::map<std::string, authrepo::DBEntity *>::const_iterator c_itKind = entities.begin();
c_itKind!= entities.end(); ++c_itKind
) {
authrepo::DataNode * permissionrole = role->createChild ( "permissionrole", authrepo::util::generateId ( "" ) );
permissionrole->setField ( "kind", c_itKind->first ); //NOTE: Table name
permissionrole->setField ( "mask", "15" ); //FIXME: Full permissions hardcoded
}
//NOTE: yep, save the role
hasChanges = true;
}
//NOTE: scheme has grouplink entity?
const authrepo::DBEntity * p_grouplinkEntity = 0;
try {
p_grouplinkEntity = m_dbStructure.getByName( "grouplink" );
} catch(authrepo::util::runtime_error & err) {
LogConfig::logger()->error("Seems scheme has no information about grouplink entity: %s", err.what());
return;
}
authrepo::TableIndex *p_grouplinkIndex = myHead.getIndex()->getIndex(p_grouplinkEntity);
bool hasGrouplink = false;
//NOTE: check the grouplink is there
if(p_grouplinkIndex) {
for( std::map< std::string, authrepo::DataNode*>::const_iterator iGrouplink = p_grouplinkIndex->data().begin();
iGrouplink != p_grouplinkIndex->data().end();
++iGrouplink
) {
std::map<std::string, std::string>::const_iterator citGroup = iGrouplink->second->fields().find("sgid");
if(citGroup != iGrouplink->second->fields().end() && citGroup->second == p_userRootGroup->getStaticId()) {
//NOTE: root's grop grouplink found, no need to make any changes
hasGrouplink = true;
break;
}
}
}
if(!hasGrouplink) {
//NOTE: link root group with root user
LogConfig::logger()->info("Restore grouplink to root group");
authrepo::DataNode *grouplink = p_user->createChild ( "grouplink", authrepo::util::generateId ( "" ) );
grouplink->setField("sgid", p_userRootGroup->getStaticId());
hasChanges = true;
}
if(hasChanges) {
LogConfig::logger()->info("Save role");
DBSession s = DBSessionFactory::getSession();
s.BeginTransaction();
authrepo::DBDataCollector coll ( s );
myHead.storeUpdates ( &coll );
coll.writeTag ( "head", myHead.getId() );
s.CommitTransaction();
}
LogConfig::logger()->info("Root role check finished successfully");
}
