cutelyst/authenticationrealm_8cpp_source.html

/*

 * SPDX-FileCopyrightText: (C) 2013-2022 Daniel Nicoletti <dantti12@gmail.com>

 * SPDX-License-Identifier: BSD-3-Clause

 */

#include "authenticationrealm.h"


#include "authenticationstore.h"

#include "common.h"

#include "context.h"

#include "credentialpassword.h"

#include "storeldap.h"


#include <Cutelyst/Plugins/Session/session.h>


using namespace Cutelyst;


Q_LOGGING_CATEGORY(C_AUTH_REALM, "cutelyst.plugin.authentication.realm", QtWarningMsg)


#define SESSION_AUTHENTICATION_USER "__authentication_user"

#define SESSION_AUTHENTICATION_USER_REALM "__authentication_user_realm" // in authentication.cpp


AuthenticationRealm::AuthenticationRealm(std::shared_ptr<AuthenticationStore> store,

                                         std::shared_ptr<AuthenticationCredential> credential,

                                         QStringView name,

                                         QObject *parent)

    : Component(parent)

    , m_store(store)

    , m_credential(credential)

{

    m_credential->setParent(this);


    const QString realmName = name.toString();

    setObjectName(realmName);

    setName(realmName);

}


AuthenticationRealm::~AuthenticationRealm()

{

}


std::shared_ptr<AuthenticationStore> AuthenticationRealm::store() const noexcept

{

    return m_store;

}


std::shared_ptr<AuthenticationCredential> AuthenticationRealm::credential() const noexcept

{

    return m_credential;

}


AuthenticationUser AuthenticationRealm::findUser(Context *c, const ParamsMultiMap &userinfo)

{

    AuthenticationUser ret = m_store->findUser(c, userinfo);


    if (ret.isNull()) {

        if (m_store->canAutoCreateUser()) {

            ret = m_store->autoCreateUser(c, userinfo);

        }

    } else {

        if (m_store->canAutoUpdateUser()) {

            ret = m_store->autoUpdateUser(c, userinfo);

        }

    }


    if (!ret.isNull() && ret.authRealm() != name()) {

        ret.setAuthRealm(name());

    }


    return ret;

}


AuthenticationUser AuthenticationRealm::authenticate(Context *c, const ParamsMultiMap &authinfo)

{

    return m_credential->authenticate(c, this, authinfo);

}


void AuthenticationRealm::removePersistedUser(Context *c)

{

    Session::deleteValues(c,

                          {QStringLiteral(SESSION_AUTHENTICATION_USER),

                           QStringLiteral(SESSION_AUTHENTICATION_USER_REALM)});

}


AuthenticationUser AuthenticationRealm::persistUser(Context *c, const AuthenticationUser &user)

{

    Session::setValue(c, QStringLiteral(SESSION_AUTHENTICATION_USER), m_store->forSession(c, user));

    Session::setValue(c, QStringLiteral(SESSION_AUTHENTICATION_USER_REALM), objectName());


    return user;

}


AuthenticationUser AuthenticationRealm::restoreUser(Context *c, const QVariant &frozenUser)

{

    AuthenticationUser user;

    QVariant _frozenUser = frozenUser;

    if (_frozenUser.isNull()) {

        _frozenUser = userIsRestorable(c);

    }


    if (_frozenUser.isNull()) {

        return user;

    }


    user = m_store->fromSession(c, _frozenUser);


    if (!user.isNull()) {

        // Sets the realm the user originated in

        user.setAuthRealm(objectName());

    } else {

        qCWarning(C_AUTH_REALM) << "Store claimed to have a restorable user, but restoration "

                                   "failed. Did you change the user's id_field?";

    }


    return user;

}


QVariant AuthenticationRealm::userIsRestorable(Context *c)

{

    // No need to check if session is valid

    // as ::value will do that for us

    return Session::value(c, QStringLiteral(SESSION_AUTHENTICATION_USER));

}


bool AuthenticationRealm::checkPassword(Context *c,

                                        const AuthenticationUser &user,

                                        const QString &password,

                                        const QString &passwordField)

{

    // If the credential is CredentialPassword with LdapBind mode, delegate to store's

    // validatePassword

    auto credPassword = std::dynamic_pointer_cast<CredentialPassword>(m_credential);

    if (credPassword &&

        credPassword->passwordType() == CredentialPassword::PasswordType::SelfCheck) {

        if (m_store) {

            return m_store->validatePassword(c, user, password);

        }

        return false;

    }

    // For other password types (Hashed, Clear, None), return false (handled by credential)

    return false;

}


#include "moc_authenticationrealm.cpp"

Cutelyst::AuthenticationRealm::credential
std::shared_ptr< AuthenticationCredential > credential() const noexcept
Definition authenticationrealm.cpp:46

Cutelyst::AuthenticationRealm::store
std::shared_ptr< AuthenticationStore > store() const noexcept
Definition authenticationrealm.cpp:41

Cutelyst::AuthenticationRealm::checkPassword
bool checkPassword(Context *c, const AuthenticationUser &user, const QString &password, const QString &passwordField=QStringLiteral("password"))
Definition authenticationrealm.cpp:124

Cutelyst::AuthenticationRealm::removePersistedUser
void removePersistedUser(Context *c)
Definition authenticationrealm.cpp:77

Cutelyst::AuthenticationRealm::authenticate
virtual AuthenticationUser authenticate(Context *c, const ParamsMultiMap &authinfo)
Definition authenticationrealm.cpp:72

Cutelyst::AuthenticationRealm::AuthenticationRealm
AuthenticationRealm(std::shared_ptr< AuthenticationStore > store, std::shared_ptr< AuthenticationCredential > credential, QStringView name=defaultRealm, QObject *parent=nullptr)
Definition authenticationrealm.cpp:22

Cutelyst::AuthenticationRealm::userIsRestorable
QVariant userIsRestorable(Context *c)
Definition authenticationrealm.cpp:117

Cutelyst::AuthenticationRealm::persistUser
AuthenticationUser persistUser(Context *c, const AuthenticationUser &user)
Definition authenticationrealm.cpp:84

Cutelyst::AuthenticationRealm::findUser
virtual AuthenticationUser findUser(Context *c, const ParamsMultiMap &userinfo)
Definition authenticationrealm.cpp:51

Cutelyst::AuthenticationRealm::restoreUser
AuthenticationUser restoreUser(Context *c, const QVariant &frozenUser)
Definition authenticationrealm.cpp:92

Cutelyst::AuthenticationUser
Container for user data retrieved from an AuthenticationStore.
Definition authenticationuser.h:31

Cutelyst::AuthenticationUser::authRealm
QString authRealm()
Definition authenticationuser.cpp:43

Cutelyst::AuthenticationUser::setAuthRealm
void setAuthRealm(const QString &authRealm)
Definition authenticationuser.cpp:48

Cutelyst::AuthenticationUser::isNull
bool isNull() const
Definition authenticationuser.cpp:38

Cutelyst::Component
The Cutelyst Component base class.
Definition component.h:30

Cutelyst::Component::name
QString name() const noexcept
Definition component.cpp:33

Cutelyst::Component::setName
void setName(const QString &name)
Definition component.cpp:39

Cutelyst::Context
The Cutelyst Context.
Definition context.h:42

Cutelyst::CredentialPassword::SelfCheck
@ SelfCheck
Definition credentialpassword.h:40

Cutelyst::Session::value
static QVariant value(Context *c, const QString &key, const QVariant &defaultValue=QVariant())
Definition session.cpp:171

Cutelyst::Session::setValue
static void setValue(Context *c, const QString &key, const QVariant &value)
Definition session.cpp:186

Cutelyst::Session::deleteValues
static void deleteValues(Context *c, const QStringList &keys)
Definition session.cpp:234

Cutelyst
The Cutelyst namespace holds all public Cutelyst API.
Definition group-core-actions.dox:1

QMultiMap

QObject

QObject::objectName
objectName

QObject::setObjectName
void setObjectName(QAnyStringView name)

QString

QStringView

QVariant

QVariant::isNull
bool isNull() const const