SessionPtr WebUserManager::authenticate(const string& aUserName, const string& aPassword, bool aIsSecure, uint64_t aMaxInactivityMinutes, bool aUserSession) noexcept { auto u = getUser(aUserName); if (!u) { return nullptr; } if (u->getPassword() != aPassword) { return nullptr; } u->setLastLogin(GET_TIME()); u->addSession(); fire(WebUserManagerListener::UserUpdated(), u); auto uuid = boost::uuids::random_generator()(); auto session = std::make_shared<Session>(u, boost::uuids::to_string(uuid), aIsSecure, server, aMaxInactivityMinutes, aUserSession); { WLock l(cs); sessionsRemoteId.emplace(session->getAuthToken(), session); sessionsLocalId.emplace(session->getId(), session); } if (aUserSession) { ActivityManager::getInstance()->updateActivity(); } return session; }
websocketpp::http::status_code::value SessionApi::handleLogin(ApiRequest& aRequest, bool aIsSecure, const WebSocketPtr& aSocket, const string& aIP) { const auto& reqJson = aRequest.getRequestBody(); auto username = JsonUtil::getField<string>("username", reqJson, false); auto password = JsonUtil::getField<string>("password", reqJson, false); auto inactivityMinutes = JsonUtil::getOptionalFieldDefault<uint64_t>("max_inactivity", reqJson, WEBCFG(DEFAULT_SESSION_IDLE_TIMEOUT).uint64()); auto userSession = JsonUtil::getOptionalFieldDefault<bool>("user_session", reqJson, false); auto session = WebServerManager::getInstance()->getUserManager().authenticate(username, password, aIsSecure, inactivityMinutes, userSession, aIP); if (!session) { aRequest.setResponseErrorStr("Invalid username or password"); return websocketpp::http::status_code::unauthorized; } json retJson = { { "permissions", session->getUser()->getPermissions() }, { "token", session->getAuthToken() }, { "user", session->getUser()->getUserName() }, { "system", getSystemInfo(aIP) }, { "run_wizard", SETTING(WIZARD_RUN) }, { "cid", ClientManager::getInstance()->getMyCID().toBase32() }, }; if (aSocket) { session->onSocketConnected(aSocket); aSocket->setSession(session); } aRequest.setResponseBody(retJson); return websocketpp::http::status_code::ok; }
//-------------------------------------------------------------- bool API::authenticate( string _api_key, string _api_secret, Permissions perms ){ api_key = _api_key; api_secret = _api_secret; // try to load from xml ofxXmlSettings xml; bool bLoaded = xml.loadFile("flickr.xml"); if ( bLoaded ){ xml.pushTag("settings");{ auth_token = xml.getValue("token", ""); if (auth_token == "" ){ bLoaded = false; } }; xml.popTag(); } // not loaded, definitely need to get one if ( !bLoaded ) { bAuthenticated = getAuthToken( perms ); } else { // loaded, might not be valid! check to see if we need to load if ( !checkAuthToken( api_key, auth_token, perms ) ){ bAuthenticated = getAuthToken( perms ); } else { bAuthenticated = true; } } if ( bAuthenticated ) { currentPerms = perms; } else { currentPerms = FLICKR_NONE; } return bAuthenticated; }
void Posterous::upload(const QUrl &localUrl, const QByteArray &medium, const QByteArray &mediumType) { PosterousSettings::self()->load(); KIO::StoredTransferJob *job = 0; if (PosterousSettings::basic()) { QString login = PosterousSettings::login(); QString pass = Choqok::PasswordManager::self()->readPassword(QStringLiteral("posterous_%1").arg(PosterousSettings::login())); QString token = getAuthToken(localUrl); if (!token.isEmpty()) { QUrl url(QLatin1String("http://posterous.com/api/2/users/me/sites/primary/posts")); QMap<QString, QByteArray> formdata; formdata[QLatin1String("post[title]")] = QByteArray(); formdata[QLatin1String("post[body]")] = QByteArray(); formdata[QLatin1String("autopost")] = "0"; formdata[QLatin1String("source")] = "Choqok"; formdata[QLatin1String("api_token")] = token.toUtf8(); QMap<QString, QByteArray> mediafile; mediafile[QLatin1String("name")] = "media"; mediafile[QLatin1String("filename")] = localUrl.fileName().toUtf8(); mediafile[QLatin1String("mediumType")] = mediumType; mediafile[QLatin1String("medium")] = medium; QList< QMap<QString, QByteArray> > listMediafiles; listMediafiles.append(mediafile); QByteArray data = Choqok::MediaManager::createMultipartFormData(formdata, listMediafiles); job = KIO::storedHttpPost(data, url, KIO::HideProgressInfo); job->addMetaData(QLatin1String("customHTTPHeader"), QLatin1String("Authorization: Basic ") + QLatin1String(QStringLiteral("%1:%2").arg(login).arg(pass).toUtf8().toBase64())); } } else if (PosterousSettings::oauth()) { QString alias = PosterousSettings::alias(); if (alias.isEmpty()) { qCritical() << "No account to use"; Q_EMIT uploadingFailed(localUrl, i18n("There is no Twitter account configured to use.")); return; } TwitterApiAccount *acc = qobject_cast<TwitterApiAccount *> (Choqok::AccountManager::self()->findAccount(alias)); if (!acc) { return; } QUrl url(QLatin1String("http://posterous.com/api2/upload.json")); QMap<QString, QByteArray> formdata; formdata[QLatin1String("source")] = "Choqok"; formdata[QLatin1String("sourceLink")] = "http://choqok.gnufolks.org/"; QMap<QString, QByteArray> mediafile; mediafile[QLatin1String("name")] = "media"; mediafile[QLatin1String("filename")] = localUrl.fileName().toUtf8(); mediafile[QLatin1String("mediumType")] = mediumType; mediafile[QLatin1String("medium")] = medium; QList< QMap<QString, QByteArray> > listMediafiles; listMediafiles.append(mediafile); QByteArray data = Choqok::MediaManager::createMultipartFormData(formdata, listMediafiles); KIO::StoredTransferJob *job = KIO::storedHttpPost(data, url, KIO::HideProgressInfo) ; QOAuth::ParamMap params; QString requrl = QLatin1String("https://api.twitter.com/1/account/verify_credentials.json"); QByteArray credentials = acc->oauthInterface()->createParametersString(requrl, QOAuth::GET, acc->oauthToken(), acc->oauthTokenSecret(), QOAuth::HMAC_SHA1, params, QOAuth::ParseForHeaderArguments); QString cHeader = QLatin1String("X-Verify-Credentials-Authorization: ") + QLatin1String(credentials) + QLatin1String("\r\n"); cHeader.append(QLatin1String("X-Auth-Service-Provider: https://api.twitter.com/1/account/verify_credentials.json")); job->addMetaData(QLatin1String("customHTTPHeader"), cHeader); } if (!job) { qCritical() << "Cannot create a http POST request!"; return; } job->addMetaData(QStringLiteral("content-type"), QStringLiteral("Content-Type: multipart/form-data; boundary=AaB03x")); mUrlMap[job] = localUrl; connect(job, SIGNAL(result(KJob*)), SLOT(slotUpload(KJob*))); job->start(); }