Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / bmcweb / 55c7b7a2e58779580f33046d2dd8649243776700 / . / include / sessions.hpp
blob: f7f937df07afa943fa78d1df5f110c162c49cacd [file] [log] [blame]
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]1#pragma once
2
3#include <nlohmann/json.hpp>
4#include <pam_authenticate.hpp>
5#include <webassets.hpp>
6#include <random>
7#include <crow/app.h>
8#include <crow/http_request.h>
9#include <crow/http_response.h>
10#include <boost/container/flat_map.hpp>
11#include <boost/uuid/uuid.hpp>
12#include <boost/uuid/uuid_generators.hpp>
13#include <boost/uuid/uuid_io.hpp>
14
15namespace crow {
16
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame^]17namespace persistent_data {
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]18
19enum class PersistenceType {
20 TIMEOUT, // User session times out after a predetermined amount of time
21 SINGLE_REQUEST // User times out once this request is completed.
22};
23
24struct UserSession {
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame^]25 std::string uniqueId;
26 std::string sessionToken;
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]27 std::string username;
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame^]28 std::string csrfToken;
29 std::chrono::time_point<std::chrono::steady_clock> lastUpdated;
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]30 PersistenceType persistence;
Kowalski, Kamil5cef0f72018-02-15 15:26:51 +0100[diff] [blame]31
32 /**
33 * @brief Fills object with data from UserSession's JSON representation
34 *
35 * This replaces nlohmann's from_json to ensure no-throw approach
36 *
37 * @param[in] j JSON object from which data should be loaded
38 *
Ed Tanouse1ae5332018-07-09 15:21:27 -0700[diff] [blame]39 * @return a shared pointer if data has been loaded properly, nullptr otherwise
Kowalski, Kamil5cef0f72018-02-15 15:26:51 +0100[diff] [blame]40 */
Ed Tanouse1ae5332018-07-09 15:21:27 -0700[diff] [blame]41 static std::shared_ptr<UserSession> fromJson(const nlohmann::json& j) {
42 std::shared_ptr<UserSession> userSession = std::make_shared<UserSession>();
43 for (const auto& element : j.items()) {
44 const std::string* thisValue =
45 element.value().get_ptr<const std::string*>();
46 if (thisValue == nullptr) {
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame^]47 BMCWEB_LOG_ERROR << "Error reading persistent store. Property "
Ed Tanouse1ae5332018-07-09 15:21:27 -0700[diff] [blame]48 << element.key() << " was not of type string";
49 return nullptr;
50 }
51 if (element.key() == "unique_id") {
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame^]52 userSession->uniqueId = *thisValue;
Ed Tanouse1ae5332018-07-09 15:21:27 -0700[diff] [blame]53 } else if (element.key() == "session_token") {
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame^]54 userSession->sessionToken = *thisValue;
Ed Tanouse1ae5332018-07-09 15:21:27 -0700[diff] [blame]55 } else if (element.key() == "csrf_token") {
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame^]56 userSession->csrfToken = *thisValue;
Ed Tanouse1ae5332018-07-09 15:21:27 -0700[diff] [blame]57 } else if (element.key() == "username") {
58 userSession->username = *thisValue;
59 } else {
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame^]60 BMCWEB_LOG_ERROR << "Got unexpected property reading persistent file: "
Ed Tanouse1ae5332018-07-09 15:21:27 -0700[diff] [blame]61 << element.key();
62 return nullptr;
63 }
Kowalski, Kamil5cef0f72018-02-15 15:26:51 +0100[diff] [blame]64 }
65
Ed Tanouse1ae5332018-07-09 15:21:27 -0700[diff] [blame]66 // For now, sessions that were persisted through a reboot get their idle
67 // timer reset. This could probably be overcome with a better understanding
68 // of wall clock time and steady timer time, possibly persisting values with
Kowalski, Kamil5cef0f72018-02-15 15:26:51 +0100[diff] [blame]69 // wall clock time instead of steady timer, but the tradeoffs of all the
70 // corner cases involved are non-trivial, so this is done temporarily
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame^]71 userSession->lastUpdated = std::chrono::steady_clock::now();
Ed Tanouse1ae5332018-07-09 15:21:27 -0700[diff] [blame]72 userSession->persistence = PersistenceType::TIMEOUT;
Kowalski, Kamil5cef0f72018-02-15 15:26:51 +0100[diff] [blame]73
Ed Tanouse1ae5332018-07-09 15:21:27 -0700[diff] [blame]74 return userSession;
Kowalski, Kamil5cef0f72018-02-15 15:26:51 +0100[diff] [blame]75 }
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]76};
77
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]78class Middleware;
79
80class SessionStore {
81 public:
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame^]82 std::shared_ptr<UserSession> generateUserSession(
Ed Tanouse0d918b2018-03-27 17:41:04 -0700[diff] [blame]83 const boost::string_view username,
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]84 PersistenceType persistence = PersistenceType::TIMEOUT) {
85 // TODO(ed) find a secure way to not generate session identifiers if
86 // persistence is set to SINGLE_REQUEST
87 static constexpr std::array<char, 62> alphanum = {
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame^]88 '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'b', 'C',
89 'D', 'E', 'F', 'g', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P',
90 'Q', 'r', 'S', 'T', 'U', 'v', 'W', 'X', 'Y', 'Z', 'a', 'b', 'c',
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]91 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p',
92 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z'};
93
94 // entropy: 30 characters, 62 possibilities. log2(62^30) = 178 bits of
95 // entropy. OWASP recommends at least 60
96 // https://www.owasp.org/index.php/Session_Management_Cheat_Sheet#Session_ID_Entropy
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame^]97 std::string sessionToken;
98 sessionToken.resize(20, '0');
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]99 std::uniform_int_distribution<int> dist(0, alphanum.size() - 1);
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame^]100 for (int i = 0; i < sessionToken.size(); ++i) {
101 sessionToken[i] = alphanum[dist(rd)];
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]102 }
103 // Only need csrf tokens for cookie based auth, token doesn't matter
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame^]104 std::string csrfToken;
105 csrfToken.resize(20, '0');
106 for (int i = 0; i < csrfToken.size(); ++i) {
107 csrfToken[i] = alphanum[dist(rd)];
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]108 }
109
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame^]110 std::string uniqueId;
111 uniqueId.resize(10, '0');
112 for (int i = 0; i < uniqueId.size(); ++i) {
113 uniqueId[i] = alphanum[dist(rd)];
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]114 }
Ed Tanouse0d918b2018-03-27 17:41:04 -0700[diff] [blame]115 auto session = std::make_shared<UserSession>(
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame^]116 UserSession{uniqueId, sessionToken, std::string(username), csrfToken,
Ed Tanouse0d918b2018-03-27 17:41:04 -0700[diff] [blame]117 std::chrono::steady_clock::now(), persistence});
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame^]118 auto it = authTokens.emplace(std::make_pair(sessionToken, session));
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]119 // Only need to write to disk if session isn't about to be destroyed.
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame^]120 needWrite = persistence == PersistenceType::TIMEOUT;
Ed Tanouse0d918b2018-03-27 17:41:04 -0700[diff] [blame]121 return it.first->second;
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]122 }
123
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame^]124 std::shared_ptr<UserSession> loginSessionByToken(
Ed Tanouse0d918b2018-03-27 17:41:04 -0700[diff] [blame]125 const boost::string_view token) {
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame^]126 applySessionTimeouts();
127 auto sessionIt = authTokens.find(std::string(token));
128 if (sessionIt == authTokens.end()) {
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]129 return nullptr;
130 }
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame^]131 std::shared_ptr<UserSession> userSession = sessionIt->second;
132 userSession->lastUpdated = std::chrono::steady_clock::now();
133 return userSession;
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]134 }
135
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame^]136 std::shared_ptr<UserSession> getSessionByUid(const boost::string_view uid) {
137 applySessionTimeouts();
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]138 // TODO(Ed) this is inefficient
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame^]139 auto sessionIt = authTokens.begin();
140 while (sessionIt != authTokens.end()) {
141 if (sessionIt->second->uniqueId == uid) {
142 return sessionIt->second;
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]143 }
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame^]144 sessionIt++;
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]145 }
146 return nullptr;
147 }
148
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame^]149 void removeSession(std::shared_ptr<UserSession> session) {
150 authTokens.erase(session->sessionToken);
151 needWrite = true;
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]152 }
153
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame^]154 std::vector<const std::string*> getUniqueIds(
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]155 bool getAll = true,
156 const PersistenceType& type = PersistenceType::SINGLE_REQUEST) {
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame^]157 applySessionTimeouts();
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]158
159 std::vector<const std::string*> ret;
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame^]160 ret.reserve(authTokens.size());
161 for (auto& session : authTokens) {
Ed Tanouse0d918b2018-03-27 17:41:04 -0700[diff] [blame]162 if (getAll || type == session.second->persistence) {
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame^]163 ret.push_back(&session.second->uniqueId);
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]164 }
165 }
166 return ret;
167 }
168
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame^]169 bool needsWrite() { return needWrite; }
170 int getTimeoutInSeconds() const {
171 return std::chrono::seconds(timeoutInMinutes).count();
Borawski.Lukasz5d27b852018-02-08 13:24:24 +0100[diff] [blame]172 };
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]173
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame^]174 // Persistent data middleware needs to be able to serialize our authTokens
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]175 // structure, which is private
176 friend Middleware;
177
Borawski.Lukasz4b1b8682018-04-04 12:50:16 +0200[diff] [blame]178 static SessionStore& getInstance() {
179 static SessionStore sessionStore;
180 return sessionStore;
181 }
182
183 SessionStore(const SessionStore&) = delete;
184 SessionStore& operator=(const SessionStore&) = delete;
185
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]186 private:
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame^]187 SessionStore() : timeoutInMinutes(60) {}
Borawski.Lukasz4b1b8682018-04-04 12:50:16 +0200[diff] [blame]188
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame^]189 void applySessionTimeouts() {
190 auto timeNow = std::chrono::steady_clock::now();
191 if (timeNow - lastTimeoutUpdate > std::chrono::minutes(1)) {
192 lastTimeoutUpdate = timeNow;
193 auto authTokensIt = authTokens.begin();
194 while (authTokensIt != authTokens.end()) {
195 if (timeNow - authTokensIt->second->lastUpdated >= timeoutInMinutes) {
196 authTokensIt = authTokens.erase(authTokensIt);
197 needWrite = true;
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]198 } else {
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame^]199 authTokensIt++;
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]200 }
201 }
202 }
203 }
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame^]204 std::chrono::time_point<std::chrono::steady_clock> lastTimeoutUpdate;
Ed Tanouse0d918b2018-03-27 17:41:04 -0700[diff] [blame]205 boost::container::flat_map<std::string, std::shared_ptr<UserSession>>
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame^]206 authTokens;
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]207 std::random_device rd;
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame^]208 bool needWrite{false};
209 std::chrono::minutes timeoutInMinutes;
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]210};
211
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame^]212} // namespace persistent_data
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]213} // namespace crow
Borawski.Lukasz4b1b8682018-04-04 12:50:16 +0200[diff] [blame]214
215// to_json(...) definition for objects of UserSession type
216namespace nlohmann {
217template <>
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame^]218struct adl_serializer<std::shared_ptr<crow::persistent_data::UserSession>> {
Borawski.Lukasz4b1b8682018-04-04 12:50:16 +0200[diff] [blame]219 static void to_json(
220 nlohmann::json& j,
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame^]221 const std::shared_ptr<crow::persistent_data::UserSession>& p) {
Borawski.Lukasz4b1b8682018-04-04 12:50:16 +0200[diff] [blame]222 if (p->persistence !=
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame^]223 crow::persistent_data::PersistenceType::SINGLE_REQUEST) {
224 j = nlohmann::json{{"unique_id", p->uniqueId},
225 {"session_token", p->sessionToken},
Borawski.Lukasz4b1b8682018-04-04 12:50:16 +0200[diff] [blame]226 {"username", p->username},
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame^]227 {"csrf_token", p->csrfToken}};
Borawski.Lukasz4b1b8682018-04-04 12:50:16 +0200[diff] [blame]228 }
229 }
230};
231} // namespace nlohmann