From 12f0120afd59194edb88bdca282c37bfbf788941 Mon Sep 17 00:00:00 2001 From: Proddy Date: Sat, 10 Feb 2024 16:17:40 +0100 Subject: [PATCH] fix standalone compiling --- lib_standalone/SecurityManager.h | 3 - lib_standalone/SecuritySettingsService.cpp | 104 +++------------------ lib_standalone/SecuritySettingsService.h | 63 ------------- platformio.ini | 5 +- 4 files changed, 15 insertions(+), 160 deletions(-) diff --git a/lib_standalone/SecurityManager.h b/lib_standalone/SecurityManager.h index d9e73e68c..80f83d049 100644 --- a/lib_standalone/SecurityManager.h +++ b/lib_standalone/SecurityManager.h @@ -69,9 +69,6 @@ class AuthenticationPredicates { class SecurityManager { public: - virtual Authentication authenticate(const String & username, const String & password) = 0; - virtual String generateJWT(User * user) = 0; - virtual Authentication authenticateRequest(AsyncWebServerRequest * request) = 0; virtual ArRequestFilterFunction filterRequest(AuthenticationPredicate predicate) = 0; virtual ArRequestHandlerFunction wrapRequest(ArRequestHandlerFunction onRequest, AuthenticationPredicate predicate) = 0; diff --git a/lib_standalone/SecuritySettingsService.cpp b/lib_standalone/SecuritySettingsService.cpp index 97e7d9223..58b894995 100644 --- a/lib_standalone/SecuritySettingsService.cpp +++ b/lib_standalone/SecuritySettingsService.cpp @@ -2,110 +2,30 @@ #include -#include "../../src/emsesp_stub.h" // proddy added +User ADMIN_USER = User(FACTORY_ADMIN_USERNAME, FACTORY_ADMIN_PASSWORD, true); SecuritySettingsService::SecuritySettingsService(AsyncWebServer * server, FS * fs) - : _httpEndpoint(SecuritySettings::read, SecuritySettings::update, this, server, SECURITY_SETTINGS_PATH, this) - , _fsPersistence(SecuritySettings::read, SecuritySettings::update, this, fs, SECURITY_SETTINGS_FILE) - , _jwtHandler(FACTORY_JWT_SECRET) { - addUpdateHandler([&](const String & originId) { configureJWTHandler(); }, false); + : SecurityManager() { } - -void SecuritySettingsService::begin() { - _fsPersistence.readFromFS(); - configureJWTHandler(); -} - -Authentication SecuritySettingsService::authenticateRequest(AsyncWebServerRequest * request) { - AsyncWebHeader * authorizationHeader = request->getHeader(AUTHORIZATION_HEADER); - if (authorizationHeader) { - String value = authorizationHeader->value(); - if (value.startsWith(AUTHORIZATION_HEADER_PREFIX)) { - value = value.substring(AUTHORIZATION_HEADER_PREFIX_LEN); - return authenticateJWT(value); - } - } else if (request->hasParam(ACCESS_TOKEN_PARAMATER)) { - AsyncWebParameter * tokenParamater = request->getParam(ACCESS_TOKEN_PARAMATER); - String value = tokenParamater->value(); - return authenticateJWT(value); - } - return Authentication(); -} - -void SecuritySettingsService::configureJWTHandler() { - _jwtHandler.setSecret(_state.jwtSecret); -} - -Authentication SecuritySettingsService::authenticateJWT(String & jwt) { - JsonDocument payloadDocument; - _jwtHandler.parseJWT(jwt, payloadDocument); - if (payloadDocument.is()) { - JsonObject parsedPayload = payloadDocument.as(); - String username = parsedPayload["username"]; - for (User _user : _state.users) { - if (_user.username == username && validatePayload(parsedPayload, &_user)) { - return Authentication(_user); - } - } - } - return Authentication(); -} - -Authentication SecuritySettingsService::authenticate(const String & username, const String & password) { - for (User _user : _state.users) { - if (_user.username == username && _user.password == password) { - return Authentication(_user); - } - } - return Authentication(); -} - -inline void populateJWTPayload(JsonObject payload, User * user) { - payload["username"] = user->username; - payload["admin"] = user->admin; -} - -boolean SecuritySettingsService::validatePayload(JsonObject parsedPayload, User * user) { - JsonDocument jsonDocument; - JsonObject payload = jsonDocument.to(); - populateJWTPayload(payload, user); - return payload == parsedPayload; -} - -String SecuritySettingsService::generateJWT(User * user) { - JsonDocument jsonDocument; - JsonObject payload = jsonDocument.to(); - populateJWTPayload(payload, user); - return _jwtHandler.buildJWT(payload); +SecuritySettingsService::~SecuritySettingsService() { } ArRequestFilterFunction SecuritySettingsService::filterRequest(AuthenticationPredicate predicate) { - return [this, predicate](AsyncWebServerRequest * request) { - Authentication authentication = authenticateRequest(request); - return predicate(authentication); - }; + return [this, predicate](AsyncWebServerRequest * request) { return true; }; } +// Return the admin user on all request - disabling security features +Authentication SecuritySettingsService::authenticateRequest(AsyncWebServerRequest * request) { + return Authentication(ADMIN_USER); +} + +// Return the function unwrapped ArRequestHandlerFunction SecuritySettingsService::wrapRequest(ArRequestHandlerFunction onRequest, AuthenticationPredicate predicate) { - return [this, onRequest, predicate](AsyncWebServerRequest * request) { - Authentication authentication = authenticateRequest(request); - if (!predicate(authentication)) { - request->send(401); - return; - } - onRequest(request); - }; + return onRequest; } ArJsonRequestHandlerFunction SecuritySettingsService::wrapCallback(ArJsonRequestHandlerFunction onRequest, AuthenticationPredicate predicate) { - return [this, onRequest, predicate](AsyncWebServerRequest * request, JsonVariant json) { - Authentication authentication = authenticateRequest(request); - if (!predicate(authentication)) { - request->send(401); - return; - } - onRequest(request, json); - }; + return onRequest; } #endif \ No newline at end of file diff --git a/lib_standalone/SecuritySettingsService.h b/lib_standalone/SecuritySettingsService.h index 4195cf1e6..cf8dca1d9 100644 --- a/lib_standalone/SecuritySettingsService.h +++ b/lib_standalone/SecuritySettingsService.h @@ -25,69 +25,6 @@ #define SECURITY_SETTINGS_FILE "/config/securitySettings.json" #define SECURITY_SETTINGS_PATH "/rest/securitySettings" -class SecuritySettings { - public: - String jwtSecret; - std::list users; - - static void read(SecuritySettings & settings, JsonObject root) { - // secret - root["jwt_secret"] = settings.jwtSecret; - - // users - JsonArray users = root["users"].to(); - for (User user : settings.users) { - JsonObject userRoot = users.add(); - userRoot["username"] = user.username; - userRoot["password"] = user.password; - userRoot["admin"] = user.admin; - } - } - - static StateUpdateResult update(JsonObject root, SecuritySettings & settings) { - // secret - settings.jwtSecret = root["jwt_secret"] | FACTORY_JWT_SECRET; - - // users - settings.users.clear(); - if (root["users"].is()) { - for (JsonVariant user : root["users"].as()) { - settings.users.push_back(User(user["username"], user["password"], user["admin"])); - } - } else { - settings.users.push_back(User(FACTORY_ADMIN_USERNAME, FACTORY_ADMIN_PASSWORD, true)); - settings.users.push_back(User(FACTORY_GUEST_USERNAME, FACTORY_GUEST_PASSWORD, false)); - } - return StateUpdateResult::CHANGED; - } -}; - -class SecuritySettingsService : public StatefulService, public SecurityManager { - public: - SecuritySettingsService(AsyncWebServer * server, FS * fs); - - void begin(); - - // Functions to implement SecurityManager - Authentication authenticate(const String & username, const String & password); - Authentication authenticateRequest(AsyncWebServerRequest * request); - String generateJWT(User * user); - ArRequestFilterFunction filterRequest(AuthenticationPredicate predicate); - ArRequestHandlerFunction wrapRequest(ArRequestHandlerFunction onRequest, AuthenticationPredicate predicate); - ArJsonRequestHandlerFunction wrapCallback(ArJsonRequestHandlerFunction callback, AuthenticationPredicate predicate); - - private: - HttpEndpoint _httpEndpoint; - FSPersistence _fsPersistence; - ArduinoJsonJWT _jwtHandler; - - void configureJWTHandler(); - Authentication authenticateJWT(String & jwt); - boolean validatePayload(JsonObject parsedPayload, User * user); -}; - -#else - class SecuritySettingsService : public SecurityManager { public: SecuritySettingsService(AsyncWebServer * server, FS * fs); diff --git a/platformio.ini b/platformio.ini index c515f2765..a0345adf2 100644 --- a/platformio.ini +++ b/platformio.ini @@ -174,8 +174,9 @@ build_flags = -lpthread -std=gnu++11 -Og -ggdb build_src_flags = - -Wall -Wextra -Werror -Wswitch-enum -Wno-unused-parameter -Wno-inconsistent-missing-override -Wno-unused-lambda-capture -Wno-sign-compare - -Wno-missing-braces + -Wall -Wextra -Werror + -Wno-unused-parameter -Wno-sign-compare + ; -Wswitch-enum -Wno-unused-parameter -Wno-inconsistent-missing-override -Wno-unused-lambda-capture -Wno-missing-braces -I./lib_standalone -I./lib/ArduinoJson/src -I./lib/uuid-common/src