2023-01-07 15:51:56 +00:00
|
|
|
/*
|
2024-01-05 23:57:19 +00:00
|
|
|
* Copyright (C) 2022-2024 Jordan Bancino <@jordan:bancino.net> with
|
|
|
|
* other valuable contributors. See CONTRIBUTORS.txt for the full list.
|
2023-01-07 15:51:56 +00:00
|
|
|
*
|
|
|
|
* Permission is hereby granted, free of charge, to any person
|
|
|
|
* obtaining a copy of this software and associated documentation files
|
|
|
|
* (the "Software"), to deal in the Software without restriction,
|
|
|
|
* including without limitation the rights to use, copy, modify, merge,
|
|
|
|
* publish, distribute, sublicense, and/or sell copies of the Software,
|
|
|
|
* and to permit persons to whom the Software is furnished to do so,
|
|
|
|
* subject to the following conditions:
|
|
|
|
*
|
|
|
|
* The above copyright notice and this permission notice shall be
|
|
|
|
* included in all copies or portions of the Software.
|
|
|
|
*
|
|
|
|
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
|
|
|
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
|
|
|
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
|
|
|
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
|
|
|
|
* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
|
|
|
|
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
|
|
|
|
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
|
|
* SOFTWARE.
|
|
|
|
*/
|
|
|
|
#include <User.h>
|
Use `Makefile`s instead of a custom script (#38)
This pull request also requires the use of the external [Cytoplasm](/Telodendria/Cytoplasm) repository by removing the in-tree copy of Cytoplasm. The increased modularity requires a little more complex build process, but is overall better. Closes #19
The appropriate documentation has been updated. Closes #18
---
Please review the developer certificate of origin:
1. The contribution was created in whole or in part by me, and I have
the right to submit it under the open source licenses of the
Telodendria project; or
1. The contribution is based upon a previous work that, to the best of
my knowledge, is covered under an appropriate open source license and
I have the right under that license to submit that work with
modifications, whether created in whole or in part by me, under the
Telodendria project license; or
1. The contribution was provided directly to me by some other person
who certified (1), (2), or (3), and I have not modified it.
1. I understand and agree that this project and the contribution are
made public and that a record of the contribution—including all
personal information I submit with it—is maintained indefinitely
and may be redistributed consistent with this project or the open
source licenses involved.
- [x] I have read the Telodendria Project development certificate of
origin, and I certify that I have permission to submit this patch
under the conditions specified in it.
Reviewed-on: https://git.telodendria.io/Telodendria/Telodendria/pulls/38
2023-11-01 16:27:45 +00:00
|
|
|
#include <Cytoplasm/Util.h>
|
|
|
|
#include <Cytoplasm/Memory.h>
|
|
|
|
#include <Cytoplasm/Str.h>
|
|
|
|
#include <Cytoplasm/Sha.h>
|
|
|
|
#include <Cytoplasm/Json.h>
|
|
|
|
#include <Cytoplasm/Int64.h>
|
|
|
|
#include <Cytoplasm/UInt64.h>
|
2023-01-07 15:51:56 +00:00
|
|
|
|
|
|
|
#include <string.h>
|
|
|
|
|
2023-01-07 16:15:11 +00:00
|
|
|
struct User
|
|
|
|
{
|
|
|
|
Db *db;
|
|
|
|
DbRef *ref;
|
2023-01-09 19:22:09 +00:00
|
|
|
|
|
|
|
char *name;
|
2023-05-11 03:03:40 +00:00
|
|
|
char *deviceId;
|
2023-01-07 16:15:11 +00:00
|
|
|
};
|
|
|
|
|
2023-01-07 15:51:56 +00:00
|
|
|
int
|
|
|
|
UserValidate(char *localpart, char *domain)
|
|
|
|
{
|
|
|
|
size_t maxLen = 255 - strlen(domain) - 1;
|
|
|
|
size_t i = 0;
|
|
|
|
|
|
|
|
while (localpart[i])
|
|
|
|
{
|
|
|
|
char c = localpart[i];
|
|
|
|
|
|
|
|
if (i > maxLen)
|
|
|
|
{
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!((c >= 'a' && c <= 'z') || (c >= '0' && c <= '9') ||
|
|
|
|
(c == '.') || (c == '_') || (c == '=') || (c == '-') ||
|
|
|
|
(c == '/')))
|
|
|
|
{
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
i++;
|
|
|
|
}
|
|
|
|
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
UserHistoricalValidate(char *localpart, char *domain)
|
|
|
|
{
|
|
|
|
size_t maxLen = 255 - strlen(domain) - 1;
|
|
|
|
size_t i = 0;
|
|
|
|
|
|
|
|
while (localpart[i])
|
|
|
|
{
|
|
|
|
char c = localpart[i];
|
|
|
|
|
|
|
|
if (i > maxLen)
|
|
|
|
{
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2023-03-10 03:24:04 +00:00
|
|
|
if (!((c >= 0x21 && c <= 0x39) || (c >= 0x3B && c <= 0x7E)))
|
2023-01-07 15:51:56 +00:00
|
|
|
{
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
i++;
|
|
|
|
}
|
|
|
|
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
UserExists(Db * db, char *name)
|
|
|
|
{
|
|
|
|
return DbExists(db, 2, "users", name);
|
|
|
|
}
|
2023-01-09 19:22:09 +00:00
|
|
|
|
|
|
|
User *
|
|
|
|
UserLock(Db * db, char *name)
|
|
|
|
{
|
|
|
|
User *user = NULL;
|
|
|
|
DbRef *ref = NULL;
|
|
|
|
|
|
|
|
if (!UserExists(db, name))
|
|
|
|
{
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
ref = DbLock(db, 2, "users", name);
|
|
|
|
user = Malloc(sizeof(User));
|
|
|
|
user->db = db;
|
|
|
|
user->ref = ref;
|
|
|
|
user->name = StrDuplicate(name);
|
2023-05-11 03:03:40 +00:00
|
|
|
user->deviceId = NULL;
|
2023-01-09 19:22:09 +00:00
|
|
|
|
|
|
|
return user;
|
|
|
|
}
|
|
|
|
|
2023-01-17 01:36:22 +00:00
|
|
|
User *
|
|
|
|
UserAuthenticate(Db * db, char *accessToken)
|
|
|
|
{
|
|
|
|
User *user;
|
|
|
|
DbRef *atRef;
|
|
|
|
|
|
|
|
char *userName;
|
|
|
|
char *deviceId;
|
2023-08-13 03:11:40 +00:00
|
|
|
UInt64 expires;
|
2023-01-17 01:36:22 +00:00
|
|
|
|
|
|
|
if (!db || !accessToken)
|
|
|
|
{
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
atRef = DbLock(db, 3, "tokens", "access", accessToken);
|
|
|
|
if (!atRef)
|
|
|
|
{
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
userName = JsonValueAsString(HashMapGet(DbJson(atRef), "user"));
|
|
|
|
deviceId = JsonValueAsString(HashMapGet(DbJson(atRef), "device"));
|
2023-08-13 03:11:40 +00:00
|
|
|
expires = JsonValueAsInteger(HashMapGet(DbJson(atRef), "expires"));
|
2023-01-17 01:36:22 +00:00
|
|
|
|
|
|
|
user = UserLock(db, userName);
|
|
|
|
if (!user)
|
|
|
|
{
|
|
|
|
DbUnlock(db, atRef);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2023-08-13 03:11:40 +00:00
|
|
|
if (UInt64Neq(expires, UInt64Create(0, 0)) &&
|
|
|
|
UInt64Geq(UtilServerTs(), expires))
|
2023-01-17 01:36:22 +00:00
|
|
|
{
|
|
|
|
UserUnlock(user);
|
|
|
|
DbUnlock(db, atRef);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2023-05-11 03:03:40 +00:00
|
|
|
user->deviceId = StrDuplicate(deviceId);
|
2023-01-17 01:36:22 +00:00
|
|
|
|
|
|
|
DbUnlock(db, atRef);
|
|
|
|
return user;
|
|
|
|
}
|
|
|
|
|
2023-01-09 19:22:09 +00:00
|
|
|
int
|
|
|
|
UserUnlock(User * user)
|
|
|
|
{
|
2023-01-10 00:38:47 +00:00
|
|
|
int ret;
|
|
|
|
|
2023-01-09 19:22:09 +00:00
|
|
|
if (!user)
|
|
|
|
{
|
|
|
|
return 0;
|
|
|
|
}
|
2023-01-10 00:38:47 +00:00
|
|
|
|
2023-01-09 19:22:09 +00:00
|
|
|
Free(user->name);
|
2023-05-11 03:03:40 +00:00
|
|
|
Free(user->deviceId);
|
2023-01-10 00:38:47 +00:00
|
|
|
|
|
|
|
ret = DbUnlock(user->db, user->ref);
|
2023-01-09 19:22:09 +00:00
|
|
|
Free(user);
|
2023-01-10 00:38:47 +00:00
|
|
|
|
|
|
|
return ret;
|
2023-01-09 19:22:09 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
User *
|
|
|
|
UserCreate(Db * db, char *name, char *password)
|
|
|
|
{
|
|
|
|
User *user = NULL;
|
|
|
|
HashMap *json = NULL;
|
|
|
|
|
2023-08-13 03:11:40 +00:00
|
|
|
UInt64 ts = UtilServerTs();
|
2023-01-09 19:22:09 +00:00
|
|
|
|
|
|
|
/* TODO: Put some sort of password policy(like for example at least
|
|
|
|
* 8 chars, or maybe check it's entropy)? */
|
|
|
|
if (!db || (name && UserExists(db, name)) || !password || !strlen(password))
|
|
|
|
{
|
|
|
|
/* User exists or cannot be registered, therefore, do NOT
|
|
|
|
* bother */
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
user = Malloc(sizeof(User));
|
|
|
|
user->db = db;
|
|
|
|
|
|
|
|
if (!name)
|
|
|
|
{
|
|
|
|
user->name = StrRandom(12);
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
user->name = StrDuplicate(name);
|
|
|
|
}
|
|
|
|
|
|
|
|
user->ref = DbCreate(db, 2, "users", user->name);
|
|
|
|
if (!user->ref)
|
|
|
|
{
|
|
|
|
/* The only scenario where I can see that occur is if for some
|
|
|
|
* strange reason, Db fails to create a file(e.g fs is full) */
|
|
|
|
Free(user->name);
|
|
|
|
Free(user);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2023-02-17 03:18:24 +00:00
|
|
|
UserSetPassword(user, password);
|
2023-01-09 19:22:09 +00:00
|
|
|
|
2023-02-17 03:18:24 +00:00
|
|
|
json = DbJson(user->ref);
|
2023-01-16 21:17:44 +00:00
|
|
|
HashMapSet(json, "createdOn", JsonValueInteger(ts));
|
|
|
|
HashMapSet(json, "deactivated", JsonValueBoolean(0));
|
2023-01-09 19:22:09 +00:00
|
|
|
|
|
|
|
return user;
|
|
|
|
}
|
|
|
|
|
2023-01-16 21:17:44 +00:00
|
|
|
UserLoginInfo *
|
|
|
|
UserLogin(User * user, char *password, char *deviceId, char *deviceDisplayName,
|
|
|
|
int withRefresh)
|
2023-01-09 19:22:09 +00:00
|
|
|
{
|
2023-01-16 21:17:44 +00:00
|
|
|
DbRef *rtRef = NULL;
|
|
|
|
|
|
|
|
HashMap *devices;
|
|
|
|
HashMap *device;
|
|
|
|
|
|
|
|
UserLoginInfo *result;
|
|
|
|
|
|
|
|
if (!user || !password)
|
|
|
|
{
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2023-03-15 13:36:49 +00:00
|
|
|
if (!UserCheckPassword(user, password) || UserDeactivated(user))
|
2023-01-16 21:17:44 +00:00
|
|
|
{
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
result = Malloc(sizeof(UserLoginInfo));
|
|
|
|
if (!result)
|
|
|
|
{
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
result->refreshToken = NULL;
|
|
|
|
|
2023-02-17 03:18:24 +00:00
|
|
|
if (!deviceId)
|
|
|
|
{
|
|
|
|
deviceId = StrRandom(10);
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
deviceId = StrDuplicate(deviceId);
|
|
|
|
}
|
2023-01-16 21:17:44 +00:00
|
|
|
|
2023-02-17 03:18:24 +00:00
|
|
|
/* Generate an access token */
|
2023-03-06 22:09:57 +00:00
|
|
|
result->accessToken = UserAccessTokenGenerate(user, deviceId, withRefresh);
|
2023-02-17 03:18:24 +00:00
|
|
|
UserAccessTokenSave(user->db, result->accessToken);
|
2023-01-16 21:17:44 +00:00
|
|
|
|
|
|
|
if (withRefresh)
|
|
|
|
{
|
|
|
|
result->refreshToken = StrRandom(64);
|
|
|
|
rtRef = DbCreate(user->db, 3, "tokens", "refresh", result->refreshToken);
|
|
|
|
|
|
|
|
HashMapSet(DbJson(rtRef), "refreshes",
|
2023-02-24 00:17:56 +00:00
|
|
|
JsonValueString(result->accessToken->string));
|
2023-01-16 21:17:44 +00:00
|
|
|
DbUnlock(user->db, rtRef);
|
|
|
|
}
|
|
|
|
|
|
|
|
devices = JsonValueAsObject(HashMapGet(DbJson(user->ref), "devices"));
|
|
|
|
if (!devices)
|
|
|
|
{
|
|
|
|
devices = HashMapCreate();
|
|
|
|
HashMapSet(DbJson(user->ref), "devices", JsonValueObject(devices));
|
|
|
|
}
|
|
|
|
|
2023-02-17 03:18:24 +00:00
|
|
|
device = JsonValueAsObject(HashMapGet(devices, deviceId));
|
2023-01-16 21:17:44 +00:00
|
|
|
|
|
|
|
if (device)
|
|
|
|
{
|
|
|
|
JsonValue *val;
|
|
|
|
|
|
|
|
val = HashMapDelete(device, "accessToken");
|
|
|
|
if (val)
|
|
|
|
{
|
|
|
|
DbDelete(user->db, 3, "tokens", "access", JsonValueAsString(val));
|
|
|
|
JsonValueFree(val);
|
|
|
|
}
|
|
|
|
|
|
|
|
val = HashMapDelete(device, "refreshToken");
|
|
|
|
if (val)
|
|
|
|
{
|
|
|
|
DbDelete(user->db, 3, "tokens", "refresh", JsonValueAsString(val));
|
|
|
|
JsonValueFree(val);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
device = HashMapCreate();
|
2023-02-17 03:18:24 +00:00
|
|
|
HashMapSet(devices, deviceId, JsonValueObject(device));
|
2023-01-16 21:17:44 +00:00
|
|
|
|
|
|
|
if (deviceDisplayName)
|
|
|
|
{
|
|
|
|
HashMapSet(device, "displayName",
|
2023-02-24 00:17:56 +00:00
|
|
|
JsonValueString(deviceDisplayName));
|
2023-01-16 21:17:44 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
2023-02-23 23:19:23 +00:00
|
|
|
Free(deviceId);
|
|
|
|
|
2023-01-16 21:17:44 +00:00
|
|
|
if (result->refreshToken)
|
|
|
|
{
|
|
|
|
HashMapSet(device, "refreshToken",
|
2023-02-24 00:17:56 +00:00
|
|
|
JsonValueString(result->refreshToken));
|
2023-01-16 21:17:44 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
HashMapSet(device, "accessToken",
|
2023-02-24 00:17:56 +00:00
|
|
|
JsonValueString(result->accessToken->string));
|
2023-01-16 21:17:44 +00:00
|
|
|
|
|
|
|
return result;
|
2023-01-09 19:22:09 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
char *
|
|
|
|
UserGetName(User * user)
|
|
|
|
{
|
|
|
|
return user ? user->name : NULL;
|
|
|
|
}
|
2023-01-16 21:17:44 +00:00
|
|
|
|
2023-05-11 03:03:40 +00:00
|
|
|
char *
|
|
|
|
UserGetDeviceId(User * user)
|
|
|
|
{
|
|
|
|
return user ? user->deviceId : NULL;
|
|
|
|
}
|
|
|
|
|
2023-01-16 21:17:44 +00:00
|
|
|
int
|
|
|
|
UserCheckPassword(User * user, char *password)
|
|
|
|
{
|
|
|
|
HashMap *json;
|
|
|
|
|
|
|
|
char *storedHash;
|
|
|
|
char *salt;
|
|
|
|
|
2023-06-17 17:36:11 +00:00
|
|
|
unsigned char *hashBytes;
|
2023-01-16 21:17:44 +00:00
|
|
|
char *hashedPwd;
|
|
|
|
char *tmp;
|
|
|
|
|
|
|
|
int result;
|
|
|
|
|
|
|
|
if (!user || !password)
|
|
|
|
{
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
json = DbJson(user->ref);
|
|
|
|
|
|
|
|
storedHash = JsonValueAsString(HashMapGet(json, "password"));
|
|
|
|
salt = JsonValueAsString(HashMapGet(json, "salt"));
|
|
|
|
|
|
|
|
if (!storedHash || !salt)
|
|
|
|
{
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
tmp = StrConcat(2, password, salt);
|
2023-06-17 17:36:11 +00:00
|
|
|
hashBytes = Sha256(tmp);
|
|
|
|
hashedPwd = ShaToHex(hashBytes);
|
2023-01-16 21:17:44 +00:00
|
|
|
Free(tmp);
|
2023-06-17 17:36:11 +00:00
|
|
|
Free(hashBytes);
|
2023-01-16 21:17:44 +00:00
|
|
|
|
2023-05-06 22:34:36 +00:00
|
|
|
result = StrEquals(hashedPwd, storedHash);
|
2023-01-16 21:17:44 +00:00
|
|
|
|
|
|
|
Free(hashedPwd);
|
|
|
|
|
|
|
|
return result;
|
|
|
|
}
|
2023-02-17 03:18:24 +00:00
|
|
|
|
|
|
|
int
|
2023-02-17 03:23:25 +00:00
|
|
|
UserSetPassword(User * user, char *password)
|
2023-02-17 03:18:24 +00:00
|
|
|
{
|
|
|
|
HashMap *json;
|
|
|
|
|
2023-06-17 17:36:11 +00:00
|
|
|
unsigned char *hashBytes;
|
2023-02-17 03:18:24 +00:00
|
|
|
char *hash = NULL;
|
|
|
|
char *salt = NULL;
|
|
|
|
char *tmpstr = NULL;
|
|
|
|
|
|
|
|
if (!user || !password)
|
|
|
|
{
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
json = DbJson(user->ref);
|
|
|
|
|
|
|
|
salt = StrRandom(16);
|
|
|
|
tmpstr = StrConcat(2, password, salt);
|
2023-06-17 17:36:11 +00:00
|
|
|
hashBytes = Sha256(tmpstr);
|
|
|
|
hash = ShaToHex(hashBytes);
|
2023-02-17 03:18:24 +00:00
|
|
|
|
|
|
|
JsonValueFree(HashMapSet(json, "salt", JsonValueString(salt)));
|
|
|
|
JsonValueFree(HashMapSet(json, "password", JsonValueString(hash)));
|
|
|
|
|
2023-02-24 00:17:56 +00:00
|
|
|
Free(salt);
|
|
|
|
Free(hash);
|
2023-06-17 17:36:11 +00:00
|
|
|
Free(hashBytes);
|
2023-02-24 00:17:56 +00:00
|
|
|
Free(tmpstr);
|
|
|
|
|
2023-02-17 03:18:24 +00:00
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
2023-09-25 13:39:21 +00:00
|
|
|
UserDeactivate(User * user, char * from, char * reason)
|
2023-02-17 03:18:24 +00:00
|
|
|
{
|
|
|
|
HashMap *json;
|
2023-09-25 13:39:21 +00:00
|
|
|
JsonValue *val;
|
2023-02-17 03:18:24 +00:00
|
|
|
|
|
|
|
if (!user)
|
|
|
|
{
|
|
|
|
return 0;
|
|
|
|
}
|
2023-09-25 13:39:21 +00:00
|
|
|
|
|
|
|
/* By default, it's the target's username */
|
|
|
|
if (!from)
|
|
|
|
{
|
|
|
|
from = UserGetName(user);
|
|
|
|
}
|
2023-02-17 03:18:24 +00:00
|
|
|
|
|
|
|
json = DbJson(user->ref);
|
|
|
|
|
|
|
|
JsonValueFree(HashMapSet(json, "deactivated", JsonValueBoolean(1)));
|
|
|
|
|
2023-09-25 13:39:21 +00:00
|
|
|
val = JsonValueString(from);
|
|
|
|
JsonValueFree(JsonSet(json, val, 2, "deactivate", "by"));
|
|
|
|
if (reason)
|
|
|
|
{
|
|
|
|
val = JsonValueString(reason);
|
|
|
|
JsonValueFree(JsonSet(json, val, 2, "deactivate", "reason"));
|
|
|
|
}
|
|
|
|
|
|
|
|
return 1;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
UserReactivate(User * user)
|
|
|
|
{
|
|
|
|
HashMap *json;
|
|
|
|
|
|
|
|
if (!user)
|
|
|
|
{
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
json = DbJson(user->ref);
|
|
|
|
|
|
|
|
|
|
|
|
JsonValueFree(HashMapSet(json, "deactivated", JsonValueBoolean(0)));
|
|
|
|
|
|
|
|
JsonValueFree(HashMapDelete(json, "deactivate"));
|
|
|
|
|
2023-02-17 03:18:24 +00:00
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
2023-03-15 13:36:49 +00:00
|
|
|
int
|
2023-03-16 12:29:38 +00:00
|
|
|
UserDeactivated(User * user)
|
2023-03-15 13:36:49 +00:00
|
|
|
{
|
|
|
|
HashMap *json;
|
|
|
|
|
|
|
|
if (!user)
|
|
|
|
{
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
json = DbJson(user->ref);
|
|
|
|
|
|
|
|
return JsonValueAsBoolean(HashMapGet(json, "deactivated"));
|
|
|
|
}
|
|
|
|
|
2023-02-17 03:18:24 +00:00
|
|
|
HashMap *
|
2023-02-17 03:23:25 +00:00
|
|
|
UserGetDevices(User * user)
|
2023-02-17 03:18:24 +00:00
|
|
|
{
|
|
|
|
HashMap *json;
|
|
|
|
|
|
|
|
if (!user)
|
|
|
|
{
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
json = DbJson(user->ref);
|
|
|
|
|
|
|
|
return JsonValueAsObject(HashMapGet(json, "devices"));
|
|
|
|
}
|
|
|
|
|
|
|
|
UserAccessToken *
|
2023-03-06 22:09:57 +00:00
|
|
|
UserAccessTokenGenerate(User * user, char *deviceId, int withRefresh)
|
2023-02-17 03:18:24 +00:00
|
|
|
{
|
|
|
|
UserAccessToken *token;
|
|
|
|
|
|
|
|
if (!user || !deviceId)
|
|
|
|
{
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
token = Malloc(sizeof(UserAccessToken));
|
|
|
|
if (!token)
|
|
|
|
{
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
token->user = StrDuplicate(user->name);
|
|
|
|
token->deviceId = StrDuplicate(deviceId);
|
|
|
|
|
|
|
|
token->string = StrRandom(64);
|
|
|
|
|
|
|
|
if (withRefresh)
|
|
|
|
{
|
2023-08-13 03:11:40 +00:00
|
|
|
token->lifetime = Int64Create(0, 1000 * 60 * 60 * 24 * 7); /* 1 Week */
|
2023-02-17 03:18:24 +00:00
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
2023-08-13 03:11:40 +00:00
|
|
|
token->lifetime = Int64Create(0, 0);
|
2023-02-17 03:18:24 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
return token;
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
2023-02-17 03:23:25 +00:00
|
|
|
UserAccessTokenSave(Db * db, UserAccessToken * token)
|
2023-02-17 03:18:24 +00:00
|
|
|
{
|
|
|
|
DbRef *ref;
|
|
|
|
HashMap *json;
|
|
|
|
|
|
|
|
if (!token)
|
|
|
|
{
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
ref = DbCreate(db, 3, "tokens", "access", token->string);
|
|
|
|
|
|
|
|
if (!ref)
|
|
|
|
{
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
json = DbJson(ref);
|
|
|
|
|
2023-02-24 00:17:56 +00:00
|
|
|
HashMapSet(json, "user", JsonValueString(token->user));
|
|
|
|
HashMapSet(json, "device", JsonValueString(token->deviceId));
|
2023-02-17 03:18:24 +00:00
|
|
|
|
2023-08-13 03:11:40 +00:00
|
|
|
if (Int64Neq(token->lifetime, Int64Create(0, 0)))
|
2023-02-17 03:18:24 +00:00
|
|
|
{
|
2023-08-13 03:11:40 +00:00
|
|
|
HashMapSet(json, "expires", JsonValueInteger(UInt64Add(UtilServerTs(), token->lifetime)));
|
2023-02-17 03:18:24 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
return DbUnlock(db, ref);
|
|
|
|
}
|
2023-02-23 15:13:39 +00:00
|
|
|
|
2023-02-24 00:17:56 +00:00
|
|
|
void
|
|
|
|
UserAccessTokenFree(UserAccessToken * token)
|
|
|
|
{
|
|
|
|
if (!token)
|
|
|
|
{
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
Free(token->user);
|
|
|
|
Free(token->string);
|
|
|
|
Free(token->deviceId);
|
|
|
|
Free(token);
|
|
|
|
}
|
|
|
|
|
2023-02-23 15:13:39 +00:00
|
|
|
int
|
|
|
|
UserDeleteToken(User * user, char *token)
|
|
|
|
{
|
2023-02-24 01:06:02 +00:00
|
|
|
char *username;
|
|
|
|
char *deviceId;
|
|
|
|
char *refreshToken;
|
2023-02-23 15:13:39 +00:00
|
|
|
|
2023-02-24 01:06:02 +00:00
|
|
|
Db *db;
|
|
|
|
DbRef *tokenRef;
|
2023-02-23 15:13:39 +00:00
|
|
|
|
2023-02-24 01:06:02 +00:00
|
|
|
HashMap *tokenJson;
|
|
|
|
HashMap *userJson;
|
|
|
|
HashMap *deviceObj;
|
2023-02-23 15:13:39 +00:00
|
|
|
|
2023-02-24 01:06:02 +00:00
|
|
|
JsonValue *deletedVal;
|
2023-02-23 15:13:39 +00:00
|
|
|
|
|
|
|
if (!user || !token)
|
|
|
|
{
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
db = user->db;
|
|
|
|
/* First check if the token even exists */
|
|
|
|
if (!DbExists(db, 3, "tokens", "access", token))
|
|
|
|
{
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* If it does, get it's username. */
|
2023-02-24 01:06:02 +00:00
|
|
|
tokenRef = DbLock(db, 3, "tokens", "access", token);
|
2023-02-23 15:13:39 +00:00
|
|
|
|
2023-02-24 01:06:02 +00:00
|
|
|
if (!tokenRef)
|
2023-02-23 15:13:39 +00:00
|
|
|
{
|
|
|
|
return 0;
|
|
|
|
}
|
2023-02-24 01:06:02 +00:00
|
|
|
tokenJson = DbJson(tokenRef);
|
|
|
|
username = JsonValueAsString(HashMapGet(tokenJson, "user"));
|
|
|
|
deviceId = JsonValueAsString(HashMapGet(tokenJson, "device"));
|
2023-02-23 15:13:39 +00:00
|
|
|
|
2023-05-06 23:02:46 +00:00
|
|
|
if (!StrEquals(username, UserGetName(user)))
|
2023-02-23 15:13:39 +00:00
|
|
|
{
|
|
|
|
/* Token does not match user, do not delete it */
|
2023-02-24 01:06:02 +00:00
|
|
|
DbUnlock(db, tokenRef);
|
2023-02-23 15:13:39 +00:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2023-02-24 01:06:02 +00:00
|
|
|
userJson = DbJson(user->ref);
|
|
|
|
deviceObj = JsonValueAsObject(HashMapGet(userJson, "devices"));
|
|
|
|
|
|
|
|
if (!deviceObj)
|
2023-02-23 15:13:39 +00:00
|
|
|
{
|
2023-02-24 01:06:02 +00:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Delete refresh token, if present */
|
|
|
|
refreshToken = JsonValueAsString(JsonGet(deviceObj, 2, deviceId, "refreshToken"));
|
|
|
|
if (refreshToken)
|
|
|
|
{
|
|
|
|
DbDelete(db, 3, "tokens", "refresh", refreshToken);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Delete the device object */
|
|
|
|
deletedVal = HashMapDelete(deviceObj, deviceId);
|
|
|
|
if (!deletedVal)
|
|
|
|
{
|
|
|
|
return 0;
|
2023-02-23 15:13:39 +00:00
|
|
|
}
|
2023-02-24 01:06:02 +00:00
|
|
|
JsonValueFree(deletedVal);
|
2023-02-23 15:13:39 +00:00
|
|
|
|
2023-02-24 01:06:02 +00:00
|
|
|
/* Delete the access token. */
|
|
|
|
if (!DbUnlock(db, tokenRef) || !DbDelete(db, 3, "tokens", "access", token))
|
2023-02-23 15:13:39 +00:00
|
|
|
{
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
return 1;
|
|
|
|
}
|
2023-02-28 13:44:34 +00:00
|
|
|
|
2023-04-14 17:50:14 +00:00
|
|
|
char *
|
2023-04-14 21:20:56 +00:00
|
|
|
UserGetProfile(User * user, char *name)
|
2023-04-14 17:50:14 +00:00
|
|
|
{
|
|
|
|
HashMap *json = NULL;
|
|
|
|
|
|
|
|
if (!user || !name)
|
|
|
|
{
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
json = DbJson(user->ref);
|
2023-04-14 21:20:56 +00:00
|
|
|
|
2023-04-14 17:50:14 +00:00
|
|
|
return JsonValueAsString(JsonGet(json, 2, "profile", name));
|
|
|
|
}
|
|
|
|
|
|
|
|
void
|
2023-04-14 21:20:56 +00:00
|
|
|
UserSetProfile(User * user, char *name, char *val)
|
2023-04-14 17:50:14 +00:00
|
|
|
{
|
|
|
|
HashMap *json = NULL;
|
|
|
|
|
|
|
|
if (!user || !name || !val)
|
|
|
|
{
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
json = DbJson(user->ref);
|
|
|
|
JsonValueFree(JsonSet(json, JsonValueString(val), 2, "profile", name));
|
|
|
|
}
|
|
|
|
|
2023-03-03 22:49:37 +00:00
|
|
|
int
|
2023-03-28 01:17:47 +00:00
|
|
|
UserDeleteTokens(User * user, char *exempt)
|
2023-03-03 22:49:37 +00:00
|
|
|
{
|
|
|
|
HashMap *devices;
|
|
|
|
char *deviceId;
|
|
|
|
JsonValue *deviceObj;
|
|
|
|
|
|
|
|
if (!user)
|
|
|
|
{
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
devices = JsonValueAsObject(HashMapGet(DbJson(user->ref), "devices"));
|
|
|
|
if (!devices)
|
|
|
|
{
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
while (HashMapIterate(devices, &deviceId, (void **) &deviceObj))
|
|
|
|
{
|
|
|
|
HashMap *device = JsonValueAsObject(deviceObj);
|
|
|
|
char *accessToken = JsonValueAsString(HashMapGet(device, "accessToken"));
|
|
|
|
char *refreshToken = JsonValueAsString(HashMapGet(device, "refreshToken"));
|
|
|
|
|
2023-05-06 22:34:36 +00:00
|
|
|
if (exempt && (StrEquals(accessToken, exempt)))
|
2023-03-28 01:17:47 +00:00
|
|
|
{
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
2023-03-03 22:49:37 +00:00
|
|
|
if (accessToken)
|
|
|
|
{
|
|
|
|
DbDelete(user->db, 3, "tokens", "access", accessToken);
|
|
|
|
}
|
|
|
|
|
|
|
|
if (refreshToken)
|
|
|
|
{
|
|
|
|
DbDelete(user->db, 3, "tokens", "refresh", refreshToken);
|
|
|
|
}
|
|
|
|
|
2023-03-28 01:17:47 +00:00
|
|
|
JsonValueFree(HashMapDelete(devices, deviceId));
|
|
|
|
}
|
2023-03-03 22:49:37 +00:00
|
|
|
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
2023-04-16 17:51:03 +00:00
|
|
|
int
|
2023-04-16 17:51:52 +00:00
|
|
|
UserGetPrivileges(User * user)
|
2023-04-16 17:51:03 +00:00
|
|
|
{
|
|
|
|
if (!user)
|
|
|
|
{
|
|
|
|
return USER_NONE;
|
|
|
|
}
|
|
|
|
|
2023-11-10 14:30:53 +00:00
|
|
|
return UserDecodePrivileges(JsonValueAsArray(HashMapGet(DbJson(user->ref), "privileges")));
|
2023-04-16 17:51:03 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
int
|
2023-04-16 17:51:52 +00:00
|
|
|
UserSetPrivileges(User * user, int privileges)
|
2023-04-16 17:51:03 +00:00
|
|
|
{
|
|
|
|
JsonValue *val;
|
|
|
|
|
|
|
|
if (!user)
|
|
|
|
{
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!privileges)
|
|
|
|
{
|
|
|
|
JsonValueFree(HashMapDelete(DbJson(user->ref), "privileges"));
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
2023-11-10 14:30:53 +00:00
|
|
|
val = JsonValueArray(UserEncodePrivileges(privileges));
|
2023-04-16 17:51:03 +00:00
|
|
|
if (!val)
|
|
|
|
{
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
JsonValueFree(HashMapSet(DbJson(user->ref), "privileges", val));
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
2023-11-10 14:30:53 +00:00
|
|
|
UserDecodePrivileges(Array * arr)
|
2023-04-16 17:51:03 +00:00
|
|
|
{
|
|
|
|
int privileges = USER_NONE;
|
|
|
|
|
|
|
|
size_t i;
|
|
|
|
|
2023-11-10 14:30:53 +00:00
|
|
|
if (!arr)
|
2023-04-16 17:51:03 +00:00
|
|
|
{
|
|
|
|
goto finish;
|
|
|
|
}
|
|
|
|
|
2023-11-10 14:30:53 +00:00
|
|
|
for (i = 0; i < ArraySize(arr); i++)
|
2023-04-16 17:51:03 +00:00
|
|
|
{
|
2023-11-10 14:30:53 +00:00
|
|
|
JsonValue *val = ArrayGet(arr, i);
|
|
|
|
if (!val || JsonValueType(val) != JSON_STRING)
|
2023-04-16 17:51:52 +00:00
|
|
|
{
|
2023-11-10 14:30:53 +00:00
|
|
|
continue;
|
2023-04-16 17:51:52 +00:00
|
|
|
}
|
2023-11-10 14:30:53 +00:00
|
|
|
|
|
|
|
privileges |= UserDecodePrivilege(JsonValueAsString(val));
|
2023-04-16 17:51:03 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
finish:
|
|
|
|
return privileges;
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
UserDecodePrivilege(const char *p)
|
|
|
|
{
|
|
|
|
if (!p)
|
|
|
|
{
|
|
|
|
return USER_NONE;
|
|
|
|
}
|
2023-05-06 22:34:36 +00:00
|
|
|
else if (StrEquals(p, "ALL"))
|
2023-04-16 17:51:03 +00:00
|
|
|
{
|
|
|
|
return USER_ALL;
|
|
|
|
}
|
2023-05-06 22:34:36 +00:00
|
|
|
else if (StrEquals(p, "DEACTIVATE"))
|
2023-04-16 17:51:03 +00:00
|
|
|
{
|
|
|
|
return USER_DEACTIVATE;
|
|
|
|
}
|
2023-05-06 22:34:36 +00:00
|
|
|
else if (StrEquals(p, "ISSUE_TOKENS"))
|
2023-04-16 17:51:03 +00:00
|
|
|
{
|
|
|
|
return USER_ISSUE_TOKENS;
|
|
|
|
}
|
2023-05-06 22:34:36 +00:00
|
|
|
else if (StrEquals(p, "CONFIG"))
|
2023-04-16 17:51:03 +00:00
|
|
|
{
|
|
|
|
return USER_CONFIG;
|
|
|
|
}
|
2023-05-06 22:34:36 +00:00
|
|
|
else if (StrEquals(p, "GRANT_PRIVILEGES"))
|
2023-04-16 17:51:03 +00:00
|
|
|
{
|
|
|
|
return USER_GRANT_PRIVILEGES;
|
|
|
|
}
|
2023-05-06 22:34:36 +00:00
|
|
|
else if (StrEquals(p, "PROC_CONTROL"))
|
2023-04-19 00:33:38 +00:00
|
|
|
{
|
|
|
|
return USER_PROC_CONTROL;
|
|
|
|
}
|
2023-08-09 15:50:03 +00:00
|
|
|
else if (StrEquals(p, "ALIAS"))
|
|
|
|
{
|
|
|
|
return USER_ALIAS;
|
|
|
|
}
|
2023-04-16 17:51:03 +00:00
|
|
|
else
|
|
|
|
{
|
|
|
|
return USER_NONE;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-11-10 14:30:53 +00:00
|
|
|
Array *
|
2023-04-16 17:51:03 +00:00
|
|
|
UserEncodePrivileges(int privileges)
|
|
|
|
{
|
|
|
|
Array *arr = ArrayCreate();
|
2023-04-16 17:51:52 +00:00
|
|
|
|
2023-04-16 17:51:03 +00:00
|
|
|
if (!arr)
|
|
|
|
{
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2023-04-19 18:52:05 +00:00
|
|
|
if ((privileges & USER_ALL) == USER_ALL)
|
2023-04-16 17:51:03 +00:00
|
|
|
{
|
|
|
|
ArrayAdd(arr, JsonValueString("ALL"));
|
|
|
|
goto finish;
|
|
|
|
}
|
|
|
|
|
|
|
|
#define A(priv, as) \
|
2023-04-19 18:52:05 +00:00
|
|
|
if ((privileges & priv) == priv) \
|
2023-04-16 17:51:03 +00:00
|
|
|
{ \
|
|
|
|
ArrayAdd(arr, JsonValueString(as)); \
|
|
|
|
}
|
|
|
|
|
|
|
|
A(USER_DEACTIVATE, "DEACTIVATE");
|
|
|
|
A(USER_ISSUE_TOKENS, "ISSUE_TOKENS");
|
|
|
|
A(USER_CONFIG, "CONFIG");
|
|
|
|
A(USER_GRANT_PRIVILEGES, "GRANT_PRIVILEGES");
|
2023-04-19 00:33:38 +00:00
|
|
|
A(USER_PROC_CONTROL, "PROC_CONTROL");
|
2023-08-09 15:50:03 +00:00
|
|
|
A(USER_ALIAS, "ALIAS");
|
2023-04-16 17:51:03 +00:00
|
|
|
|
|
|
|
#undef A
|
|
|
|
|
|
|
|
finish:
|
2023-11-10 14:30:53 +00:00
|
|
|
return arr;
|
2023-04-16 17:51:03 +00:00
|
|
|
}
|
|
|
|
|
2023-02-28 13:44:34 +00:00
|
|
|
UserId *
|
2023-03-06 22:09:57 +00:00
|
|
|
UserIdParse(char *id, char *defaultServer)
|
2023-02-28 13:44:34 +00:00
|
|
|
{
|
|
|
|
UserId *userId;
|
|
|
|
|
|
|
|
if (!id)
|
|
|
|
{
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
id = StrDuplicate(id);
|
|
|
|
if (!id)
|
|
|
|
{
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
userId = Malloc(sizeof(UserId));
|
|
|
|
if (!userId)
|
|
|
|
{
|
|
|
|
goto finish;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Fully-qualified user ID */
|
|
|
|
if (*id == '@')
|
|
|
|
{
|
|
|
|
char *localStart = id + 1;
|
|
|
|
char *serverStart = localStart;
|
|
|
|
|
|
|
|
while (*serverStart != ':' && *serverStart != '\0')
|
|
|
|
{
|
|
|
|
serverStart++;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (*serverStart == '\0')
|
|
|
|
{
|
|
|
|
Free(userId);
|
|
|
|
userId = NULL;
|
|
|
|
goto finish;
|
|
|
|
}
|
|
|
|
|
|
|
|
*serverStart = '\0';
|
|
|
|
serverStart++;
|
|
|
|
|
|
|
|
userId->localpart = StrDuplicate(localStart);
|
|
|
|
userId->server = StrDuplicate(serverStart);
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
/* Treat it as just a localpart */
|
|
|
|
userId->localpart = StrDuplicate(id);
|
|
|
|
userId->server = StrDuplicate(defaultServer);
|
|
|
|
}
|
|
|
|
|
2023-03-06 22:09:57 +00:00
|
|
|
if (!UserHistoricalValidate(userId->localpart, userId->server))
|
|
|
|
{
|
|
|
|
UserIdFree(userId);
|
|
|
|
userId = NULL;
|
|
|
|
}
|
|
|
|
|
2023-02-28 13:44:34 +00:00
|
|
|
finish:
|
|
|
|
Free(id);
|
|
|
|
return userId;
|
|
|
|
}
|
|
|
|
|
2023-02-28 15:17:11 +00:00
|
|
|
void
|
2023-03-06 22:09:57 +00:00
|
|
|
UserIdFree(UserId * id)
|
2023-02-28 13:44:34 +00:00
|
|
|
{
|
|
|
|
if (id)
|
|
|
|
{
|
|
|
|
Free(id->localpart);
|
|
|
|
Free(id->server);
|
|
|
|
Free(id);
|
|
|
|
}
|
|
|
|
}
|