OidcUserDatabase::WithUser::WithUser(const OidcUserDatabase& self,
const Wt::Auth::User& user)
: transaction(self.session_)
{
self.getUser(user.id());
if (!self.user_)
throw InvalidObject("user", user.id());
}
void RDAUserDatabase::extendAuthTokenValidity(const Wt::Auth::User& user)
{
RDATData *prev=NULL;
char *d=NULL,*t=NULL;
/*
* David: find the token with hash 'loginTokenHash_' (for this user)
* and reset the expiration time to 30 minutes.
*/
if(SEC_TOKEN_FILENO==(-1))
{
return;
}
ZERNRD(SEC_TOKEN_FILENO);
FINDFLDSETSTRING(SEC_TOKEN_FILENO,"TOKEN",loginTokenHash_.c_str());
if(!EQLNRD(SEC_TOKEN_FILENO,1))
{
prev=RDATDataNEW(SEC_TOKEN_FILENO);
FINDFLDSETCHAR(SEC_TOKEN_FILENO,"DELETEFLAG",FALSE);
FINDFLDSETSTRING(SEC_TOKEN_FILENO,"USER IDENTIFICATION",user.id().c_str());
d=GETCURRENTDATE10();
t=GETCURRENTTIME();
if(d!=NULL) Rfree(d);
if(t!=NULL) Rfree(t);
WRTTRANS(SEC_TOKEN_FILENO,0,NULL,prev);
if(prev!=NULL) FreeRDATData(prev);
}
}
void RDAUserDatabase::removeAuthToken (const Wt::Auth::User &user,
const std::string &hash)
{
RDATData *prev=NULL;
/*
* David: remove a token from the user database
*/
// STUB START
// std::cerr << "Storing token: " << hash << " for " << user.id() << std::endl;
// STUB END
loginTokenHash_ = std::string();
if(SEC_TOKEN_FILENO==(-1))
{
return;
}
ZERNRD(SEC_TOKEN_FILENO);
FINDFLDSETSTRING(SEC_TOKEN_FILENO,"TOKEN",hash.c_str());
if(!EQLNRD(SEC_TOKEN_FILENO,1))
{
prev=RDATDataNEW(SEC_TOKEN_FILENO);
FINDFLDSETCHAR(SEC_TOKEN_FILENO,"DELETEFLAG",TRUE);
FINDFLDSETSTRING(SEC_TOKEN_FILENO,"USER IDENTIFICATION",user.id().c_str());
WRTTRANS(SEC_TOKEN_FILENO,0,NULL,prev);
if(prev!=NULL) FreeRDATData(prev);
DELNRD(SEC_TOKEN_FILENO);
}
}
Wt::WString RDAUserDatabase::identity (const Wt::Auth::User &user,
const std::string &provider) const
{
/*
* David: return here the name of the user with id user.id()
*/
return(user.id());
}
Wt::Json::Value OidcUserDatabase::idpJsonClaim(const Wt::Auth::User &user, const std::string &claim) const
{
WithUser find(*this, user);
if (claim == "name")
return Wt::Json::Value(user_->user()->name);
if (claim == "email") {
if (user.email().empty())
return Wt::Json::Value(user.unverifiedEmail());
else
return Wt::Json::Value(user.email());
}
if (claim == "email_verified") {
if (user.email().empty())
return Wt::Json::Value::False;
else
return Wt::Json::Value::True;
}
return Wt::Json::Value::Null;
}
void RDAUserDatabase::addAuthToken (const Wt::Auth::User &user,
const Wt::Auth::Token &token)
{
char *d=NULL,*t=NULL;
RDATData *prev=NULL;
/*
* David: add a token for the user to the database, with token.hash() and
* token.expirationTime() WDatetime values
*/
loginTokenHash_ = token.hash();
/*
std::cerr << "SEC_TOKEN_FILENO [" << SEC_TOKEN_FILENO << "]" << std::endl;
*/
if(SEC_TOKEN_FILENO==(-1))
{
return;
}
ZERNRD(SEC_TOKEN_FILENO);
FINDFLDSETSTRING(SEC_TOKEN_FILENO,"TOKEN",token.hash().c_str());
FINDFLDSETCHAR(SEC_TOKEN_FILENO,"DELETEFLAG",FALSE);
FINDFLDSETSTRING(SEC_TOKEN_FILENO,"USER IDENTIFICATION",user.id().c_str());
d=GETCURRENTDATE10();
t=GETCURRENTTIME();
WRTTRANS(SEC_TOKEN_FILENO,0,NULL,prev);
ZERNRD(SEC_USERS_FILENO);
FINDFLDSETSTRING(SEC_USERS_FILENO,"USER IDENTIFICATION",user.id().c_str());
if(EQLNRD(SEC_USERS_FILENO,1))
{
KEYNRD(SEC_USERS_FILENO,1);
} else {
prev=RDATDataNEW(SEC_USERS_FILENO);
FINDFLDSETSTRING(SEC_USERS_FILENO,"LAST LOGIN ATTEMPT DATE",d);
FINDFLDSETSTRING(SEC_USERS_FILENO,"LAST LOGIN ATTEMPT TIME",t);
WRTTRANS(SEC_USERS_FILENO,0,NULL,prev);
if(prev!=NULL) FreeRDATData(prev);
}
if(d!=NULL) Rfree(d);
if(t!=NULL) Rfree(t);
}
bool authModel::validateField(Field field) {
if(field == RememberMeField) return true;
y::ldap::account & account = ldapServer.getAccount(UID(valueText(LoginNameField)));
if(field == LoginNameField) {
if(!account.isNew()) {
setValid(LoginNameField);
return true;
} else {
setValidation(LoginNameField,
Wt::WValidator::Result(Wt::WValidator::Invalid,
Wt::WString::tr("Wt.Auth.user-name-invalid")));
return false;
}
}
if(field == PasswordField) {
if(account.isNew()) return false;
if(ldapServer.auth(account.dn(), PASSWORD(valueText(PasswordField)))) {
setValid(PasswordField);
Wt::Auth::User user = users().findWithIdentity(Wt::Auth::Identity::LoginName, account.uid().get().db());
if(!user.isValid()) {
Wt::Auth::User user = users().registerNew();
user.addIdentity(Wt::Auth::Identity::LoginName, account.uid().get().db());
}
return true;
} else {
setValidation(PasswordField,
Wt::WValidator::Result(Wt::WValidator::Invalid,
Wt::WString::tr("Wt.Auth.password-invalid")));
return false;
}
}
return true;
}
Wt::Auth::PasswordHash RDAUserDatabase::password (const Wt::Auth::User &user) const
{
char *pw=NULL,*pwm=NULL;
/*
* David: return here the password hash of the user with id user.id()
* Ideally, you should store 'function' and 'value' (salt is usually empty
* as it's part of the hash).
*/
/* Backload hashed password identification into the file */
/* use 7 methods / times bcrypt */
/*
Wt::WString pw="somethingIcaneasilyforget";
PasswordHash result;
result=Session::passwordAuth().verifier()->hashPassword(pw); */
/* */
// STUB START
std::string function = "bcrypt",f2use="";
std::string salt = "";
// hash of 'koen' with 7 rounds of bcrypt
// STUB END
if(SEC_USERS_FILENO==(-1))
{
return Wt::Auth::PasswordHash("", "", "");
}
ZERNRD(SEC_USERS_FILENO);
FINDFLDSETSTRING(SEC_USERS_FILENO,"USER IDENTIFICATION",user.id().c_str());
if(EQLNRD(SEC_USERS_FILENO,1))
{
KEYNRD(SEC_USERS_FILENO,1);
return Wt::Auth::PasswordHash("", "", "");
} else {
/* write PasswordHash result from above into WT PASSWORD */
FINDFLDGETSTRING(SEC_USERS_FILENO,"WT PASSWORD",&pw);
FINDFLDGETSTRING(SEC_USERS_FILENO,"WT PASSWORD METHOD",&pwm);
if(!isEMPTY(pwm)) f2use=pwm;
else f2use=function;
return Wt::Auth::PasswordHash(f2use, salt, pw);
}
}