Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / bmcweb / 4859bdbafbb2b78ae414fb050ad197db2f2cb28b / . / include / sessions.hpp
blob: f549fde696157a36ffa913ea7ff1f95f63bbe370 [file] [log] [blame]
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]1#pragma once
2
3#include <nlohmann/json.hpp>
4#include <pam_authenticate.hpp>
5#include <webassets.hpp>
6#include <random>
7#include <crow/app.h>
8#include <crow/http_request.h>
9#include <crow/http_response.h>
10#include <boost/container/flat_map.hpp>
11#include <boost/uuid/uuid.hpp>
12#include <boost/uuid/uuid_generators.hpp>
13#include <boost/uuid/uuid_io.hpp>
14
15namespace crow {
16
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame]17namespace persistent_data {
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]18
19enum class PersistenceType {
20 TIMEOUT, // User session times out after a predetermined amount of time
21 SINGLE_REQUEST // User times out once this request is completed.
22};
23
24struct UserSession {
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame]25 std::string uniqueId;
26 std::string sessionToken;
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]27 std::string username;
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame]28 std::string csrfToken;
29 std::chrono::time_point<std::chrono::steady_clock> lastUpdated;
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]30 PersistenceType persistence;
Kowalski, Kamil5cef0f72018-02-15 15:26:51 +0100[diff] [blame]31
32 /**
33 * @brief Fills object with data from UserSession's JSON representation
34 *
35 * This replaces nlohmann's from_json to ensure no-throw approach
36 *
37 * @param[in] j JSON object from which data should be loaded
38 *
Ed Tanousa434f2b2018-07-27 13:04:22 -0700[diff] [blame]39 * @return a shared pointer if data has been loaded properly, nullptr
40 * otherwise
Kowalski, Kamil5cef0f72018-02-15 15:26:51 +0100[diff] [blame]41 */
Ed Tanouse1ae5332018-07-09 15:21:27 -0700[diff] [blame]42 static std::shared_ptr<UserSession> fromJson(const nlohmann::json& j) {
43 std::shared_ptr<UserSession> userSession = std::make_shared<UserSession>();
44 for (const auto& element : j.items()) {
45 const std::string* thisValue =
46 element.value().get_ptr<const std::string*>();
47 if (thisValue == nullptr) {
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame]48 BMCWEB_LOG_ERROR << "Error reading persistent store. Property "
Ed Tanousa434f2b2018-07-27 13:04:22 -0700[diff] [blame]49 << element.key() << " was not of type string";
Ed Tanouse1ae5332018-07-09 15:21:27 -0700[diff] [blame]50 return nullptr;
51 }
52 if (element.key() == "unique_id") {
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame]53 userSession->uniqueId = *thisValue;
Ed Tanouse1ae5332018-07-09 15:21:27 -0700[diff] [blame]54 } else if (element.key() == "session_token") {
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame]55 userSession->sessionToken = *thisValue;
Ed Tanouse1ae5332018-07-09 15:21:27 -0700[diff] [blame]56 } else if (element.key() == "csrf_token") {
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame]57 userSession->csrfToken = *thisValue;
Ed Tanouse1ae5332018-07-09 15:21:27 -0700[diff] [blame]58 } else if (element.key() == "username") {
59 userSession->username = *thisValue;
60 } else {
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame]61 BMCWEB_LOG_ERROR << "Got unexpected property reading persistent file: "
Ed Tanousa434f2b2018-07-27 13:04:22 -0700[diff] [blame]62 << element.key();
Ed Tanouse1ae5332018-07-09 15:21:27 -0700[diff] [blame]63 return nullptr;
64 }
Kowalski, Kamil5cef0f72018-02-15 15:26:51 +0100[diff] [blame]65 }
66
Ed Tanouse1ae5332018-07-09 15:21:27 -0700[diff] [blame]67 // For now, sessions that were persisted through a reboot get their idle
68 // timer reset. This could probably be overcome with a better understanding
69 // of wall clock time and steady timer time, possibly persisting values with
Kowalski, Kamil5cef0f72018-02-15 15:26:51 +0100[diff] [blame]70 // wall clock time instead of steady timer, but the tradeoffs of all the
71 // corner cases involved are non-trivial, so this is done temporarily
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame]72 userSession->lastUpdated = std::chrono::steady_clock::now();
Ed Tanouse1ae5332018-07-09 15:21:27 -0700[diff] [blame]73 userSession->persistence = PersistenceType::TIMEOUT;
Kowalski, Kamil5cef0f72018-02-15 15:26:51 +0100[diff] [blame]74
Ed Tanouse1ae5332018-07-09 15:21:27 -0700[diff] [blame]75 return userSession;
Kowalski, Kamil5cef0f72018-02-15 15:26:51 +0100[diff] [blame]76 }
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]77};
78
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]79class Middleware;
80
81class SessionStore {
82 public:
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame]83 std::shared_ptr<UserSession> generateUserSession(
Ed Tanouse0d918b2018-03-27 17:41:04 -0700[diff] [blame]84 const boost::string_view username,
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]85 PersistenceType persistence = PersistenceType::TIMEOUT) {
86 // TODO(ed) find a secure way to not generate session identifiers if
87 // persistence is set to SINGLE_REQUEST
88 static constexpr std::array<char, 62> alphanum = {
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame]89 '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'b', 'C',
90 'D', 'E', 'F', 'g', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P',
91 'Q', 'r', 'S', 'T', 'U', 'v', 'W', 'X', 'Y', 'Z', 'a', 'b', 'c',
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]92 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p',
93 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z'};
94
95 // entropy: 30 characters, 62 possibilities. log2(62^30) = 178 bits of
96 // entropy. OWASP recommends at least 60
97 // https://www.owasp.org/index.php/Session_Management_Cheat_Sheet#Session_ID_Entropy
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame]98 std::string sessionToken;
99 sessionToken.resize(20, '0');
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]100 std::uniform_int_distribution<int> dist(0, alphanum.size() - 1);
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame]101 for (int i = 0; i < sessionToken.size(); ++i) {
102 sessionToken[i] = alphanum[dist(rd)];
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]103 }
104 // Only need csrf tokens for cookie based auth, token doesn't matter
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame]105 std::string csrfToken;
106 csrfToken.resize(20, '0');
107 for (int i = 0; i < csrfToken.size(); ++i) {
108 csrfToken[i] = alphanum[dist(rd)];
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]109 }
110
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame]111 std::string uniqueId;
112 uniqueId.resize(10, '0');
113 for (int i = 0; i < uniqueId.size(); ++i) {
114 uniqueId[i] = alphanum[dist(rd)];
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]115 }
Ed Tanouse0d918b2018-03-27 17:41:04 -0700[diff] [blame]116 auto session = std::make_shared<UserSession>(
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame]117 UserSession{uniqueId, sessionToken, std::string(username), csrfToken,
Ed Tanouse0d918b2018-03-27 17:41:04 -0700[diff] [blame]118 std::chrono::steady_clock::now(), persistence});
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame]119 auto it = authTokens.emplace(std::make_pair(sessionToken, session));
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]120 // Only need to write to disk if session isn't about to be destroyed.
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame]121 needWrite = persistence == PersistenceType::TIMEOUT;
Ed Tanouse0d918b2018-03-27 17:41:04 -0700[diff] [blame]122 return it.first->second;
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]123 }
124
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame]125 std::shared_ptr<UserSession> loginSessionByToken(
Ed Tanouse0d918b2018-03-27 17:41:04 -0700[diff] [blame]126 const boost::string_view token) {
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame]127 applySessionTimeouts();
128 auto sessionIt = authTokens.find(std::string(token));
129 if (sessionIt == authTokens.end()) {
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]130 return nullptr;
131 }
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame]132 std::shared_ptr<UserSession> userSession = sessionIt->second;
133 userSession->lastUpdated = std::chrono::steady_clock::now();
134 return userSession;
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]135 }
136
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame]137 std::shared_ptr<UserSession> getSessionByUid(const boost::string_view uid) {
138 applySessionTimeouts();
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]139 // TODO(Ed) this is inefficient
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame]140 auto sessionIt = authTokens.begin();
141 while (sessionIt != authTokens.end()) {
142 if (sessionIt->second->uniqueId == uid) {
143 return sessionIt->second;
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]144 }
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame]145 sessionIt++;
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]146 }
147 return nullptr;
148 }
149
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame]150 void removeSession(std::shared_ptr<UserSession> session) {
151 authTokens.erase(session->sessionToken);
152 needWrite = true;
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]153 }
154
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame]155 std::vector<const std::string*> getUniqueIds(
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]156 bool getAll = true,
157 const PersistenceType& type = PersistenceType::SINGLE_REQUEST) {
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame]158 applySessionTimeouts();
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]159
160 std::vector<const std::string*> ret;
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame]161 ret.reserve(authTokens.size());
162 for (auto& session : authTokens) {
Ed Tanouse0d918b2018-03-27 17:41:04 -0700[diff] [blame]163 if (getAll || type == session.second->persistence) {
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame]164 ret.push_back(&session.second->uniqueId);
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]165 }
166 }
167 return ret;
168 }
169
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame]170 bool needsWrite() { return needWrite; }
171 int getTimeoutInSeconds() const {
172 return std::chrono::seconds(timeoutInMinutes).count();
Borawski.Lukasz5d27b852018-02-08 13:24:24 +0100[diff] [blame]173 };
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]174
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame]175 // Persistent data middleware needs to be able to serialize our authTokens
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]176 // structure, which is private
177 friend Middleware;
178
Borawski.Lukasz4b1b8682018-04-04 12:50:16 +0200[diff] [blame]179 static SessionStore& getInstance() {
180 static SessionStore sessionStore;
181 return sessionStore;
182 }
183
184 SessionStore(const SessionStore&) = delete;
185 SessionStore& operator=(const SessionStore&) = delete;
186
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]187 private:
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame]188 SessionStore() : timeoutInMinutes(60) {}
Borawski.Lukasz4b1b8682018-04-04 12:50:16 +0200[diff] [blame]189
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame]190 void applySessionTimeouts() {
191 auto timeNow = std::chrono::steady_clock::now();
192 if (timeNow - lastTimeoutUpdate > std::chrono::minutes(1)) {
193 lastTimeoutUpdate = timeNow;
194 auto authTokensIt = authTokens.begin();
195 while (authTokensIt != authTokens.end()) {
196 if (timeNow - authTokensIt->second->lastUpdated >= timeoutInMinutes) {
197 authTokensIt = authTokens.erase(authTokensIt);
198 needWrite = true;
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]199 } else {
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame]200 authTokensIt++;
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]201 }
202 }
203 }
204 }
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame]205 std::chrono::time_point<std::chrono::steady_clock> lastTimeoutUpdate;
Ed Tanouse0d918b2018-03-27 17:41:04 -0700[diff] [blame]206 boost::container::flat_map<std::string, std::shared_ptr<UserSession>>
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame]207 authTokens;
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]208 std::random_device rd;
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame]209 bool needWrite{false};
210 std::chrono::minutes timeoutInMinutes;
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]211};
212
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame]213} // namespace persistent_data
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]214} // namespace crow
Borawski.Lukasz4b1b8682018-04-04 12:50:16 +0200[diff] [blame]215
216// to_json(...) definition for objects of UserSession type
217namespace nlohmann {
218template <>
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame]219struct adl_serializer<std::shared_ptr<crow::persistent_data::UserSession>> {
Borawski.Lukasz4b1b8682018-04-04 12:50:16 +0200[diff] [blame]220 static void to_json(
221 nlohmann::json& j,
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame]222 const std::shared_ptr<crow::persistent_data::UserSession>& p) {
Borawski.Lukasz4b1b8682018-04-04 12:50:16 +0200[diff] [blame]223 if (p->persistence !=
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame]224 crow::persistent_data::PersistenceType::SINGLE_REQUEST) {
225 j = nlohmann::json{{"unique_id", p->uniqueId},
226 {"session_token", p->sessionToken},
Borawski.Lukasz4b1b8682018-04-04 12:50:16 +0200[diff] [blame]227 {"username", p->username},
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame]228 {"csrf_token", p->csrfToken}};
Borawski.Lukasz4b1b8682018-04-04 12:50:16 +0200[diff] [blame]229 }
230 }
231};
232} // namespace nlohmann