Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / bmcweb / cdf25ffb6b2d99c829094c9a4c4907aec46e3a2e / . / include / sessions.hpp
blob: d97c54daa824de6df92cfd992cd12d1c232f5a61 [file] [log] [blame]
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]1#pragma once
2
Ed Tanous04e438c2020-10-03 08:06:26 -0700[diff] [blame]3#include "logging.hpp"
Ed Tanous2c6ffdb2023-06-28 11:28:38 -0700[diff] [blame]4#include "ossl_random.hpp"
Ed Tanous04e438c2020-10-03 08:06:26 -0700[diff] [blame]5#include "utility.hpp"
Ed Tanous3ccb3ad2023-01-13 17:40:03 -0800[diff] [blame]6#include "utils/ip_utils.hpp"
Ed Tanousfc76b8a2020-09-28 17:21:52 -0700[diff] [blame]7
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]8#include <nlohmann/json.hpp>
Ratan Gupta12c04ef2019-04-03 10:08:11 +0530[diff] [blame]9
Xie Ning9fa06f12022-06-29 18:27:47 +0800[diff] [blame]10#include <algorithm>
Gunnar Mills1214b7e2020-06-04 10:11:30 -0500[diff] [blame]11#include <csignal>
Ed Tanous89cda632024-04-16 08:45:54 -0700[diff] [blame]12#include <memory>
Ed Tanousbb759e32022-08-02 17:07:54 -0700[diff] [blame]13#include <optional>
Gunnar Mills1214b7e2020-06-04 10:11:30 -0500[diff] [blame]14#include <random>
Ed Tanousb7f3a822024-06-05 08:45:25 -0700[diff] [blame]15#include <string>
Ed Tanous89cda632024-04-16 08:45:54 -0700[diff] [blame]16#include <vector>
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]17
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]18namespace persistent_data
19{
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]20
Ed Tanous51dae672018-09-05 16:07:32 -0700[diff] [blame]21// entropy: 20 characters, 62 possibilities. log2(62^20) = 119 bits of
22// entropy. OWASP recommends at least 64
23// https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#session-id-entropy
24constexpr std::size_t sessionTokenSize = 20;
25
Ed Tanous89cda632024-04-16 08:45:54 -0700[diff] [blame]26enum class SessionType
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]27{
Ed Tanous89cda632024-04-16 08:45:54 -0700[diff] [blame]28 None,
29 Basic,
30 Session,
31 Cookie,
32 MutualTLS
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]33};
34
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]35struct UserSession
36{
37 std::string uniqueId;
38 std::string sessionToken;
39 std::string username;
40 std::string csrfToken;
Ed Tanousbb759e32022-08-02 17:07:54 -0700[diff] [blame]41 std::optional<std::string> clientId;
Sunitha Harish92f68222020-05-28 05:09:09 -0500[diff] [blame]42 std::string clientIp;
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]43 std::chrono::time_point<std::chrono::steady_clock> lastUpdated;
Ed Tanous89cda632024-04-16 08:45:54 -0700[diff] [blame]44 SessionType sessionType{SessionType::None};
Ed Tanous7e9c08e2023-06-16 11:29:37 -0700[diff] [blame]45 bool cookieAuth = false;
Joseph Reynolds3bf4e632020-02-06 14:44:32 -0600[diff] [blame]46 bool isConfigureSelfOnly = false;
Ed Tanous47f29342024-03-19 12:18:06 -0700[diff] [blame]47 std::string userRole;
48 std::vector<std::string> userGroups;
Joseph Reynolds3bf4e632020-02-06 14:44:32 -0600[diff] [blame]49
50 // There are two sources of truth for isConfigureSelfOnly:
51 // 1. When pamAuthenticateUser() returns PAM_NEW_AUTHTOK_REQD.
52 // 2. D-Bus User.Manager.GetUserInfo property UserPasswordExpired.
53 // These should be in sync, but the underlying condition can change at any
54 // time. For example, a password can expire or be changed outside of
55 // bmcweb. The value stored here is updated at the start of each
56 // operation and used as the truth within bmcweb.
Kowalski, Kamil5cef0f72018-02-15 15:26:51 +0100[diff] [blame]57
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]58 /**
59 * @brief Fills object with data from UserSession's JSON representation
60 *
61 * This replaces nlohmann's from_json to ensure no-throw approach
62 *
63 * @param[in] j JSON object from which data should be loaded
64 *
65 * @return a shared pointer if data has been loaded properly, nullptr
66 * otherwise
67 */
Ed Tanous0bdda662023-08-03 17:27:34 -0700[diff] [blame]68 static std::shared_ptr<UserSession>
69 fromJson(const nlohmann::json::object_t& j)
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]70 {
71 std::shared_ptr<UserSession> userSession =
72 std::make_shared<UserSession>();
Ed Tanous0bdda662023-08-03 17:27:34 -0700[diff] [blame]73 for (const auto& element : j)
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]74 {
75 const std::string* thisValue =
Ed Tanous0bdda662023-08-03 17:27:34 -0700[diff] [blame]76 element.second.get_ptr<const std::string*>();
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]77 if (thisValue == nullptr)
78 {
Ed Tanous62598e32023-07-17 17:06:25 -0700[diff] [blame]79 BMCWEB_LOG_ERROR(
80 "Error reading persistent store. Property {} was not of type string",
Ed Tanous0bdda662023-08-03 17:27:34 -0700[diff] [blame]81 element.first);
Ed Tanousdc511aa2020-10-21 12:33:42 -0700[diff] [blame]82 continue;
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]83 }
Ed Tanous0bdda662023-08-03 17:27:34 -0700[diff] [blame]84 if (element.first == "unique_id")
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]85 {
86 userSession->uniqueId = *thisValue;
87 }
Ed Tanous0bdda662023-08-03 17:27:34 -0700[diff] [blame]88 else if (element.first == "session_token")
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]89 {
90 userSession->sessionToken = *thisValue;
91 }
Ed Tanous0bdda662023-08-03 17:27:34 -0700[diff] [blame]92 else if (element.first == "csrf_token")
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]93 {
94 userSession->csrfToken = *thisValue;
95 }
Ed Tanous0bdda662023-08-03 17:27:34 -0700[diff] [blame]96 else if (element.first == "username")
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]97 {
98 userSession->username = *thisValue;
99 }
Ed Tanous0bdda662023-08-03 17:27:34 -0700[diff] [blame]100 else if (element.first == "client_id")
Sunitha Harish08bdcc72020-05-12 05:17:57 -0500[diff] [blame]101 {
102 userSession->clientId = *thisValue;
103 }
Ed Tanous0bdda662023-08-03 17:27:34 -0700[diff] [blame]104 else if (element.first == "client_ip")
Sunitha Harish92f68222020-05-28 05:09:09 -0500[diff] [blame]105 {
106 userSession->clientIp = *thisValue;
107 }
108
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]109 else
110 {
Ed Tanous62598e32023-07-17 17:06:25 -0700[diff] [blame]111 BMCWEB_LOG_ERROR(
112 "Got unexpected property reading persistent file: {}",
Ed Tanous0bdda662023-08-03 17:27:34 -0700[diff] [blame]113 element.first);
Ed Tanousdc511aa2020-10-21 12:33:42 -0700[diff] [blame]114 continue;
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]115 }
116 }
Ed Tanousdc511aa2020-10-21 12:33:42 -0700[diff] [blame]117 // If any of these fields are missing, we can't restore the session, as
118 // we don't have enough information. These 4 fields have been present
119 // in every version of this file in bmcwebs history, so any file, even
120 // on upgrade, should have these present
121 if (userSession->uniqueId.empty() || userSession->username.empty() ||
122 userSession->sessionToken.empty() || userSession->csrfToken.empty())
123 {
Ed Tanous62598e32023-07-17 17:06:25 -0700[diff] [blame]124 BMCWEB_LOG_DEBUG("Session missing required security "
125 "information, refusing to restore");
Ed Tanousdc511aa2020-10-21 12:33:42 -0700[diff] [blame]126 return nullptr;
127 }
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]128
129 // For now, sessions that were persisted through a reboot get their idle
130 // timer reset. This could probably be overcome with a better
131 // understanding of wall clock time and steady timer time, possibly
132 // persisting values with wall clock time instead of steady timer, but
133 // the tradeoffs of all the corner cases involved are non-trivial, so
134 // this is done temporarily
135 userSession->lastUpdated = std::chrono::steady_clock::now();
Ed Tanous89cda632024-04-16 08:45:54 -0700[diff] [blame]136 userSession->sessionType = SessionType::Session;
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]137
138 return userSession;
Kowalski, Kamil5cef0f72018-02-15 15:26:51 +0100[diff] [blame]139 }
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]140};
141
Ed Tanous3ce36882024-06-09 10:58:16 -0700[diff] [blame]142enum class MTLSCommonNameParseMode
143{
144 Invalid = 0,
145 // This section approximately matches Redfish AccountService
146 // CertificateMappingAttribute, plus bmcweb defined OEM ones.
147 // Note, IDs in this enum must be maintained between versions, as they are
148 // persisted to disk
149 Whole = 1,
150 CommonName = 2,
151 UserPrincipalName = 3,
152
153 // Intentional gap for future DMTF-defined enums
154
155 // OEM parsing modes for various OEMs
156 Meta = 100,
157};
158
159inline MTLSCommonNameParseMode getMTLSCommonNameParseMode(std::string_view name)
160{
161 if (name == "CommonName")
162 {
163 return MTLSCommonNameParseMode::CommonName;
164 }
165 if (name == "Whole")
166 {
167 // Not yet supported
168 // return MTLSCommonNameParseMode::Whole;
169 }
170 if (name == "UserPrincipalName")
171 {
172 // Not yet supported
173 // return MTLSCommonNameParseMode::UserPrincipalName;
174 }
175 if constexpr (BMCWEB_META_TLS_COMMON_NAME_PARSING)
176 {
177 if (name == "Meta")
178 {
179 return MTLSCommonNameParseMode::Meta;
180 }
181 }
182 return MTLSCommonNameParseMode::Invalid;
183}
184
Zbigniew Kurzynski78158632019-11-05 12:57:37 +0100[diff] [blame]185struct AuthConfigMethods
186{
Ed Tanous3281bcf2024-06-25 16:02:05 -0700[diff] [blame]187 // Authentication paths
Ed Tanous25b54db2024-04-17 15:40:31 -0700[diff] [blame]188 bool basic = BMCWEB_BASIC_AUTH;
189 bool sessionToken = BMCWEB_SESSION_AUTH;
190 bool xtoken = BMCWEB_XTOKEN_AUTH;
191 bool cookie = BMCWEB_COOKIE_AUTH;
192 bool tls = BMCWEB_MUTUAL_TLS_AUTH;
Zbigniew Kurzynski78158632019-11-05 12:57:37 +0100[diff] [blame]193
Ed Tanous3281bcf2024-06-25 16:02:05 -0700[diff] [blame]194 // Whether or not unauthenticated TLS should be accepted
195 // true = reject connections if mutual tls is not provided
196 // false = allow connection, and allow user to use other auth method
197 // Always default to false, because root certificates will not
198 // be provisioned at startup
199 bool tlsStrict = false;
200
Ed Tanous3ce36882024-06-09 10:58:16 -0700[diff] [blame]201 MTLSCommonNameParseMode mTLSCommonNameParsingMode =
202 getMTLSCommonNameParseMode(
203 BMCWEB_MUTUAL_TLS_COMMON_NAME_PARSING_DEFAULT);
204
Ed Tanous0bdda662023-08-03 17:27:34 -0700[diff] [blame]205 void fromJson(const nlohmann::json::object_t& j)
Zbigniew Kurzynski78158632019-11-05 12:57:37 +0100[diff] [blame]206 {
Ed Tanous0bdda662023-08-03 17:27:34 -0700[diff] [blame]207 for (const auto& element : j)
Zbigniew Kurzynski78158632019-11-05 12:57:37 +0100[diff] [blame]208 {
Ed Tanous0bdda662023-08-03 17:27:34 -0700[diff] [blame]209 const bool* value = element.second.get_ptr<const bool*>();
Ed Tanous3ce36882024-06-09 10:58:16 -0700[diff] [blame]210 if (value != nullptr)
Zbigniew Kurzynski78158632019-11-05 12:57:37 +0100[diff] [blame]211 {
Ed Tanous3ce36882024-06-09 10:58:16 -0700[diff] [blame]212 if (element.first == "XToken")
213 {
214 xtoken = *value;
215 }
216 else if (element.first == "Cookie")
217 {
218 cookie = *value;
219 }
220 else if (element.first == "SessionToken")
221 {
222 sessionToken = *value;
223 }
224 else if (element.first == "BasicAuth")
225 {
226 basic = *value;
227 }
228 else if (element.first == "TLS")
229 {
230 tls = *value;
231 }
Ed Tanous3281bcf2024-06-25 16:02:05 -0700[diff] [blame]232 else if (element.first == "TLSStrict")
233 {
234 tlsStrict = *value;
235 }
Zbigniew Kurzynski78158632019-11-05 12:57:37 +0100[diff] [blame]236 }
Ed Tanous3ce36882024-06-09 10:58:16 -0700[diff] [blame]237 const uint64_t* intValue =
238 element.second.get_ptr<const uint64_t*>();
239 if (intValue != nullptr)
Zbigniew Kurzynski78158632019-11-05 12:57:37 +0100[diff] [blame]240 {
Ed Tanous3ce36882024-06-09 10:58:16 -0700[diff] [blame]241 if (element.first == "MTLSCommonNameParseMode")
242 {
243 if (*intValue <= 2 || *intValue == 100)
244 {
245 mTLSCommonNameParsingMode =
246 static_cast<MTLSCommonNameParseMode>(*intValue);
247 }
248 else
249 {
250 BMCWEB_LOG_ERROR(
251 "Json value of {} was out of range of the enum. Ignoring",
252 *intValue);
253 }
254 }
Zbigniew Kurzynski501f1e52019-10-02 11:22:11 +0200[diff] [blame]255 }
Zbigniew Kurzynski78158632019-11-05 12:57:37 +0100[diff] [blame]256 }
257 }
258};
259
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]260class SessionStore
261{
262 public:
263 std::shared_ptr<UserSession> generateUserSession(
Ed Tanous26ccae32023-02-16 10:28:44 -0800[diff] [blame]264 std::string_view username, const boost::asio::ip::address& clientIp,
Ed Tanous89cda632024-04-16 08:45:54 -0700[diff] [blame]265 const std::optional<std::string>& clientId, SessionType sessionType,
Sunitha Harishd3239222021-02-24 15:33:29 +0530[diff] [blame]266 bool isConfigureSelfOnly = false)
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]267 {
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]268 // Only need csrf tokens for cookie based auth, token doesn't matter
Ed Tanousb7f3a822024-06-05 08:45:25 -0700[diff] [blame]269 std::string sessionToken =
270 bmcweb::getRandomIdOfLength(sessionTokenSize);
271 std::string csrfToken = bmcweb::getRandomIdOfLength(sessionTokenSize);
272 std::string uniqueId = bmcweb::getRandomIdOfLength(10);
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]273
Ed Tanousb7f3a822024-06-05 08:45:25 -0700[diff] [blame]274 //
275 if (sessionToken.empty() || csrfToken.empty() || uniqueId.empty())
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]276 {
Ed Tanousb7f3a822024-06-05 08:45:25 -0700[diff] [blame]277 BMCWEB_LOG_ERROR("Failed to generate session tokens");
278 return nullptr;
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]279 }
Jiaqing Zhao41d61c82021-12-07 13:21:47 +0800[diff] [blame]280
Ed Tanous47f29342024-03-19 12:18:06 -0700[diff] [blame]281 auto session = std::make_shared<UserSession>(
282 UserSession{uniqueId,
283 sessionToken,
284 std::string(username),
285 csrfToken,
286 clientId,
287 redfish::ip_util::toString(clientIp),
288 std::chrono::steady_clock::now(),
Ed Tanous89cda632024-04-16 08:45:54 -0700[diff] [blame]289 sessionType,
Ed Tanous47f29342024-03-19 12:18:06 -0700[diff] [blame]290 false,
291 isConfigureSelfOnly,
292 "",
293 {}});
Patrick Williams41713dd2022-09-28 06:48:07 -0500[diff] [blame]294 auto it = authTokens.emplace(sessionToken, session);
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]295 // Only need to write to disk if session isn't about to be destroyed.
Ed Tanous89cda632024-04-16 08:45:54 -0700[diff] [blame]296 needWrite = sessionType != SessionType::Basic &&
297 sessionType != SessionType::MutualTLS;
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]298 return it.first->second;
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]299 }
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]300
Ed Tanous26ccae32023-02-16 10:28:44 -0800[diff] [blame]301 std::shared_ptr<UserSession> loginSessionByToken(std::string_view token)
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]302 {
303 applySessionTimeouts();
Ed Tanous51dae672018-09-05 16:07:32 -0700[diff] [blame]304 if (token.size() != sessionTokenSize)
305 {
306 return nullptr;
307 }
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]308 auto sessionIt = authTokens.find(std::string(token));
309 if (sessionIt == authTokens.end())
310 {
311 return nullptr;
312 }
313 std::shared_ptr<UserSession> userSession = sessionIt->second;
314 userSession->lastUpdated = std::chrono::steady_clock::now();
315 return userSession;
316 }
317
Ed Tanous26ccae32023-02-16 10:28:44 -0800[diff] [blame]318 std::shared_ptr<UserSession> getSessionByUid(std::string_view uid)
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]319 {
320 applySessionTimeouts();
321 // TODO(Ed) this is inefficient
322 auto sessionIt = authTokens.begin();
323 while (sessionIt != authTokens.end())
324 {
325 if (sessionIt->second->uniqueId == uid)
326 {
327 return sessionIt->second;
328 }
329 sessionIt++;
330 }
331 return nullptr;
332 }
333
Ed Tanousb5a76932020-09-29 16:16:58 -0700[diff] [blame]334 void removeSession(const std::shared_ptr<UserSession>& session)
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]335 {
336 authTokens.erase(session->sessionToken);
337 needWrite = true;
338 }
339
Ed Tanous89cda632024-04-16 08:45:54 -0700[diff] [blame]340 std::vector<std::string> getAllUniqueIds()
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]341 {
342 applySessionTimeouts();
Ed Tanous89cda632024-04-16 08:45:54 -0700[diff] [blame]343 std::vector<std::string> ret;
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]344 ret.reserve(authTokens.size());
345 for (auto& session : authTokens)
346 {
Ed Tanous89cda632024-04-16 08:45:54 -0700[diff] [blame]347 ret.push_back(session.second->uniqueId);
348 }
349 return ret;
350 }
351
352 std::vector<std::string> getUniqueIdsBySessionType(SessionType type)
353 {
354 applySessionTimeouts();
355
356 std::vector<std::string> ret;
357 ret.reserve(authTokens.size());
358 for (auto& session : authTokens)
359 {
360 if (type == session.second->sessionType)
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]361 {
Ed Tanous89cda632024-04-16 08:45:54 -0700[diff] [blame]362 ret.push_back(session.second->uniqueId);
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]363 }
364 }
365 return ret;
366 }
367
Ed Tanous89cda632024-04-16 08:45:54 -0700[diff] [blame]368 std::vector<std::shared_ptr<UserSession>> getSessions()
369 {
370 std::vector<std::shared_ptr<UserSession>> sessions;
371 sessions.reserve(authTokens.size());
372 for (auto& session : authTokens)
373 {
374 sessions.push_back(session.second);
375 }
376 return sessions;
377 }
378
Xie Ning9fa06f12022-06-29 18:27:47 +0800[diff] [blame]379 void removeSessionsByUsername(std::string_view username)
380 {
381 std::erase_if(authTokens, [username](const auto& value) {
382 if (value.second == nullptr)
383 {
384 return false;
385 }
386 return value.second->username == username;
387 });
388 }
389
Ravi Tejae518ef32024-05-16 10:33:08 -0500[diff] [blame]390 void removeSessionsByUsernameExceptSession(
391 std::string_view username, const std::shared_ptr<UserSession>& session)
392 {
393 std::erase_if(authTokens, [username, session](const auto& value) {
394 if (value.second == nullptr)
395 {
396 return false;
397 }
398
399 return value.second->username == username &&
400 value.second->uniqueId != session->uniqueId;
401 });
402 }
403
Zbigniew Kurzynski78158632019-11-05 12:57:37 +0100[diff] [blame]404 void updateAuthMethodsConfig(const AuthConfigMethods& config)
405 {
Zbigniew Kurzynski009c2a42019-11-14 13:37:15 +0100[diff] [blame]406 bool isTLSchanged = (authMethodsConfig.tls != config.tls);
Zbigniew Kurzynski78158632019-11-05 12:57:37 +0100[diff] [blame]407 authMethodsConfig = config;
408 needWrite = true;
Zbigniew Kurzynski009c2a42019-11-14 13:37:15 +0100[diff] [blame]409 if (isTLSchanged)
410 {
411 // recreate socket connections with new settings
412 std::raise(SIGHUP);
413 }
Zbigniew Kurzynski78158632019-11-05 12:57:37 +0100[diff] [blame]414 }
415
416 AuthConfigMethods& getAuthMethodsConfig()
417 {
418 return authMethodsConfig;
419 }
420
Ed Tanous9eb808c2022-01-25 10:19:23 -0800[diff] [blame]421 bool needsWrite() const
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]422 {
423 return needWrite;
424 }
Ed Tanous271584a2019-07-09 16:24:22 -0700[diff] [blame]425 int64_t getTimeoutInSeconds() const
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]426 {
Manojkiran Edaf2a4a602020-08-27 16:04:26 +0530[diff] [blame]427 return std::chrono::seconds(timeoutInSeconds).count();
428 }
429
430 void updateSessionTimeout(std::chrono::seconds newTimeoutInSeconds)
431 {
432 timeoutInSeconds = newTimeoutInSeconds;
433 needWrite = true;
Ed Tanous23a21a12020-07-25 04:45:05 +0000[diff] [blame]434 }
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]435
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]436 static SessionStore& getInstance()
437 {
438 static SessionStore sessionStore;
439 return sessionStore;
440 }
441
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]442 void applySessionTimeouts()
443 {
444 auto timeNow = std::chrono::steady_clock::now();
Manojkiran Edaf2a4a602020-08-27 16:04:26 +0530[diff] [blame]445 if (timeNow - lastTimeoutUpdate > std::chrono::seconds(1))
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]446 {
447 lastTimeoutUpdate = timeNow;
448 auto authTokensIt = authTokens.begin();
449 while (authTokensIt != authTokens.end())
450 {
451 if (timeNow - authTokensIt->second->lastUpdated >=
Manojkiran Edaf2a4a602020-08-27 16:04:26 +0530[diff] [blame]452 timeoutInSeconds)
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]453 {
454 authTokensIt = authTokens.erase(authTokensIt);
Ratan Gupta07386c62019-12-14 14:06:09 +0530[diff] [blame]455
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]456 needWrite = true;
457 }
458 else
459 {
460 authTokensIt++;
461 }
462 }
463 }
464 }
Gunnar Mills83cf8182020-11-11 15:37:34 -0600[diff] [blame]465
466 SessionStore(const SessionStore&) = delete;
467 SessionStore& operator=(const SessionStore&) = delete;
Ed Tanousecd6a3a2022-01-07 09:18:40 -0800[diff] [blame]468 SessionStore(SessionStore&&) = delete;
469 SessionStore& operator=(const SessionStore&&) = delete;
470 ~SessionStore() = default;
Gunnar Mills83cf8182020-11-11 15:37:34 -0600[diff] [blame]471
472 std::unordered_map<std::string, std::shared_ptr<UserSession>,
Ed Tanous724985f2024-06-05 09:19:06 -0700[diff] [blame]473 std::hash<std::string>, bmcweb::ConstantTimeCompare>
Gunnar Mills83cf8182020-11-11 15:37:34 -0600[diff] [blame]474 authTokens;
475
476 std::chrono::time_point<std::chrono::steady_clock> lastTimeoutUpdate;
477 bool needWrite{false};
478 std::chrono::seconds timeoutInSeconds;
479 AuthConfigMethods authMethodsConfig;
480
481 private:
Patrick Williams89492a12023-05-10 07:51:34 -0500[diff] [blame]482 SessionStore() : timeoutInSeconds(1800) {}
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]483};
484
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]485} // namespace persistent_data