otsdaq  3.07.00
WebUsers.h
1 #ifndef _ots_Utilities_WebUsers_h_
2 #define _ots_Utilities_WebUsers_h_
3 
4 #include "otsdaq/Macros/CoutMacros.h"
5 #include "otsdaq/Macros/StringMacros.h"
6 #include "otsdaq/MessageFacility/MessageFacility.h"
7 #include "otsdaq/SOAPUtilities/SOAPMessenger.h"
8 #pragma GCC diagnostic push
9 #pragma GCC diagnostic ignored "-Wunknown-pragmas"
10 #include <xgi/Method.h> //for cgicc::Cgicc
11 #pragma GCC diagnostic pop
12 
13 #include <iostream>
14 #include <mutex>
15 #include <string>
16 #include <unordered_map>
17 #include <vector>
18 #include "otsdaq/NetworkUtilities/TransceiverSocket.h" // for UDP remote login verify
19 
20 #define WEB_LOGIN_DB_PATH std::string(__ENV__("SERVICE_DATA_PATH")) + "/LoginData/"
21 #define WEB_LOGIN_CERTDATA_PATH std::string(__ENV__("CERT_DATA_PATH"))
22 #define HASHES_DB_PATH "HashesData/"
23 #define USERS_DB_PATH "UsersData/"
24 #define USERS_LOGIN_HISTORY_PATH USERS_DB_PATH + "UserLoginHistoryData/"
25 #define USERS_PREFERENCES_PATH USERS_DB_PATH + "UserPreferencesData/"
26 #define TOOLTIP_DB_PATH USERS_DB_PATH + "/TooltipData/"
27 
28 // clang-format off
29 
30 namespace ots
31 {
32 class HttpXmlDocument;
33 
37 class WebUsers
38 {
39  public:
40  WebUsers();
41 
42  enum
43  {
44  SESSION_ID_LENGTH = 512,
45  COOKIE_CODE_LENGTH = 512,
46  NOT_FOUND_IN_DATABASE = uint64_t(-1),
47  ACCOUNT_INACTIVE = uint64_t(-2),
48  ACCOUNT_BLACKLISTED = uint64_t(-3),
49  ACCOUNT_ERROR_THRESHOLD = uint64_t(-5),
50  USERNAME_LENGTH = 3,
51  DISPLAY_NAME_LENGTH = 4,
52  };
53 
54  enum
55  {
56  MOD_TYPE_UPDATE,
57  MOD_TYPE_ADD,
58  MOD_TYPE_DELETE
59  };
60 
61  using permissionLevel_t = uint8_t;
62  enum
63  {
64  PERMISSION_LEVEL_ADMIN = WebUsers::permissionLevel_t(-1),
65  PERMISSION_LEVEL_EXPERT = 100,
66  PERMISSION_LEVEL_USER = 10,
67  PERMISSION_LEVEL_NOVICE = 1,
68  PERMISSION_LEVEL_INACTIVE = 0,
69  };
70 
71  static const std::string OTS_OWNER;
72 
73  static const std::string DEFAULT_ADMIN_USERNAME;
74  static const std::string DEFAULT_ADMIN_DISPLAY_NAME;
75  static const std::string DEFAULT_ADMIN_EMAIL;
76  static const std::string DEFAULT_ITERATOR_USERNAME;
77  static const std::string DEFAULT_STATECHANGER_USERNAME;
78  static const std::string DEFAULT_USER_GROUP;
79 
80  static const std::string REQ_NO_LOGIN_RESPONSE;
81  static const std::string REQ_NO_PERMISSION_RESPONSE;
82  static const std::string REQ_USER_LOCKOUT_RESPONSE;
83  static const std::string REQ_LOCK_REQUIRED_RESPONSE;
84  static const std::string REQ_ALLOW_NO_USER;
85 
86  static const std::string SECURITY_TYPE_NONE;
87  static const std::string SECURITY_TYPE_DIGEST_ACCESS;
88  static const std::string SECURITY_TYPE_DEFAULT;
89 
90  struct User
91  {
92  //"Users" database associations ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
93  //
94  // Maintain list of existing Usernames and associate the following:
95  // - permissions map of group name to permission level (e.g. users, experts, masters) 0 to 255
96  // note: all users are at least in group WebUsers::DEFAULT_USER_GROUP
97  // 0 := account inactive, not allowed to login (e.g. could be due to too many failed login attempts)
98  // 1 := normal user
99  // 255 := admin for things in group
100  // permission level is determined by finding the highest permission level number (0 to
101  // 255) for an allowed group.. then that permission level is compared to the threshold.
102  //
103  // - Last Login attempt time, and last USERS_LOGIN_HISTORY_SIZE successful logins
104  // - Name to display
105  // - random salt, before first login salt is empty string ""
106  // - Keep count of login attempt failures. Limit failures per unit time (e.g. 5 per hour)
107  // - Preferences (e.g. color scheme, etc) Username appends to preferences file, and login history file
108  // - UsersLastModifierUsernameVector - is username of last admin user to modify something about account
109  // - UsersLastModifierTimeVector - is time of last modify by an admin user
110  User():lastLoginAttempt_(0),accountCreationTime_(0),loginFailureCount_(0),
111  lastModifierTime_(time(0)*100000 + (clock()%100000)) {}
112 
113  void setModifier(const std::string& modifierUsername)
114  {
115  lastModifierUsername_ = modifierUsername;
116  lastModifierTime_ = time(0)*100000 + (clock()%100000);
117  }
118 
119  void loadModifierUsername(const std::string& modifierUsername)
120  {
121  lastModifierUsername_ = modifierUsername;
122  }
123 
124  time_t& accessModifierTime() { return lastModifierTime_; }
125 
126  time_t getModifierTime(bool convertToRealTime = false) const { return (convertToRealTime?lastModifierTime_/100000:lastModifierTime_); }
127  const std::string& getModifierUsername() const { return lastModifierUsername_; }
128  std::string getNewAccountCode() const {
129 
130  if(salt_ != "")
131  return "";
132 
133  char charTimeStr[10];
134  sprintf(charTimeStr, "%5.5d", int(lastModifierTime_ & 0xffff));
135  return charTimeStr;
136  } //end getNewAccountCode()
137 
138  std::string username_, email_, displayName_, salt_;
139  std::map<std::string /*groupName*/, WebUsers::permissionLevel_t> permissions_;
140  uint64_t userId_;
141  time_t lastLoginAttempt_, accountCreationTime_;
142  uint8_t loginFailureCount_;
143 
144  private:
145  std::string lastModifierUsername_;
146  time_t lastModifierTime_;
147  }; //end User struct
148 
149  struct LoginSession
150  {
151  //"Login Session" database associations ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
152  // Generate random sessionId when receive a unique user ID (UUID)
153  // reject UUID that have been used recently (e.g. last 5 minutes)
154  // Maintain list of active sessionIds and associated UUID
155  // remove from list if been idle after some time or login attempts (e.g. 5 minutes or
156  // 3 login attempts) maybe track IP address, to block multiple failed login attempts
157  // from same IP. Use sessionId to un-jumble login attempts, lookup using UUID
158 
159  std::string id_, uuid_, ip_;
160  time_t startTime_;
161  uint8_t loginAttempts_;
162  }; //end LoginSession struct
163 
164  struct ActiveSession
165  {
166  //"Active Session" database associations ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
167  // Maintain list of valid cookieCodes and associated user - all requests
168  // must come with a valid cookieCode, else server fails request.
169  // On logout request, invalidate cookieCode.
170  // cookieCode expires after some idle time (e.g. 5 minutes) and
171  // is renewed and possibly changed each request.
172  // "single user - multiple locations" issue resolved using ActiveSessionIndex
173  // where each independent login starts a new thread of cookieCodes tagged with
174  // ActiveSessionIndex if cookieCode not refreshed, then return most recent cookie code
175 
176  std::string cookieCode_, ip_;
177  uint64_t userId_, sessionIndex_;
178  time_t startTime_;
179  }; //end ActiveSession struct
180 
181  struct Hash
182  {
183  //"Hashes" database associations ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
184  // Maintain list of acceptable encoded (SHA-512) salt+user+pw's
185 
186  std::string hash_;
187  time_t accessTime_;
188  }; //end Hash struct
189 
190  enum
191  {
192  SYS_CLEANUP_WILDCARD_TIME = 300,
193  SYS_CLEANUP_USER_MESSAGE_TIME = 15,
194  };
195 
196  struct SystemMessage
197  {
198  // Members for system messages ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
199  // Set of vectors to delivers system messages to active users of the Web Gui
200  // When a message is generated, systemMessageLock is set,
201  // message is added and the vector set deliveredFlag = false,
202  // and systemMessageLock is unset.
203  // When a message is delivered deliveredFlag = true,
204  // During systemMessageCleanup(), systemMessageLock is set, delivered messages are removed,
205  // and systemMessageLock is unset.
206  // Note: User-specific messages persist for SYS_CLEANUP_USER_MESSAGE_TIME (15 seconds) after
207  // first delivery to allow multiple browser tabs/devices to receive the same message.
208  // The client side should suppress duplicate messages with the same text and timestamp.
209  //"SystemMessage" database associations ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
210  // Maintain list of user system messages:
211  // time, message, deliveredFlag
212 
213  SystemMessage(const std::string& message)
214  : message_ (message)
215  , creationTime_ (time(0))
216  , firstDeliveryTime_(0)
217  , delivered_ (false)
218  , deliveredRemote_ (false)
219  {} //end constructor
220 
221  std::string message_;
222  time_t creationTime_;
223  time_t firstDeliveryTime_;
224  bool delivered_;
225  bool deliveredRemote_;
226  }; //end SystemMessage struct
227 
228  void addSystemMessage (const std::string& targetUsersCSV, const std::string& message);
229  void addSystemMessage (const std::string& targetUsersCSV, const std::string& subject, const std::string& message, bool doEmail);
230  void addSystemMessage (const std::vector<std::string>& targetUsers, const std::string& subject, const std::string& message, bool doEmail);
231  std::string getSystemMessage (const std::string& targetUser);
232  std::pair<std::string, time_t> getLastSystemMessage(void);
233  std::string getAllSystemMessages (void);
234 
235  private:
236  void addSystemMessageToMap (const std::string& targetUser, const std::string& fullMessage);
237  void systemMessageCleanup (void);
238  std::mutex systemMessageLock_;
239  std::map<std::string /*toUserDisplayName*/,std::vector<SystemMessage>> systemMessages_;
240 
241 
242  public:
243 
244 
245  struct RequestUserInfo
246  {
247  // WebUsers is a "Friend" class of RequestUserInfo so has access to private
248  // members.
249  friend class WebUsers;
250 
251  RequestUserInfo(const std::string& requestType, const std::string& cookieCode)
252  : requestType_(requestType)
253  , cookieCode_(cookieCode)
254  , uid_(-1)
256  {
257  }
258 
259  //------- setters --------///<
260  //===========================================
261  // setGroupPermissionLevels
262  bool setGroupPermissionLevels(const std::string& groupPermissionLevelsString)
263  {
264  //__COUTV__(groupPermissionLevelsString);
265  permissionLevel_ = 0;
266 
267  StringMacros::getMapFromString(
268  groupPermissionLevelsString,
269  groupPermissionLevelMap_);
270  getGroupPermissionLevel();
271 
272  //__COUTV__((unsigned int)permissionLevel_);
273  return true;
274  }
275 
276  //------- getters --------///<
277  const std::map<std::string /*groupName*/, WebUsers::permissionLevel_t>&
278  getGroupPermissionLevels() const
279  {
280  return groupPermissionLevelMap_;
281  }
282  //===========================================
283  // getGroupPermissionLevel
284  // sets up permissionLevel based on already prepared RequestUserInfo members
285  const WebUsers::permissionLevel_t& getGroupPermissionLevel()
286  {
287  permissionLevel_ = 0;
288 
289  // check groups allowed
290  // i.e. if user is a member of one of the groups allowed
291  // then consider for highest permission level
292  bool matchedAcceptGroup = false;
293  for(const auto& userGroupPair : groupPermissionLevelMap_)
294  if(StringMacros::inWildCardSet(
295  userGroupPair.first,
296  groupsAllowed_) &&
297  userGroupPair.second >
298  permissionLevel_)
299  {
300  permissionLevel_ =
301  userGroupPair.second;
302  matchedAcceptGroup = true;
303  }
304 
305  // if no group match in groups allowed, then failed
306  if(!matchedAcceptGroup && groupsAllowed_.size())
307  {
308  __COUT_INFO__
309  << "User (@" << ip_
310  << ") has insufficient group permissions: user is in these groups... "
311  << StringMacros::mapToString(groupPermissionLevelMap_)
312  << " and the allowed groups are... "
313  << StringMacros::setToString(groupsAllowed_) << std::endl;
314  return permissionLevel_;
315  }
316 
317  // if no access groups specified, then check groups disallowed
318  if(!groupsAllowed_.size())
319  {
320  for(const auto& userGroupPair : groupPermissionLevelMap_)
321  if(StringMacros::inWildCardSet(userGroupPair.first,
322  groupsDisallowed_))
323  {
324  __COUT_INFO__
325  << "User (@" << ip_
326  << ") is in a disallowed group: user is in these groups... "
327  << StringMacros::mapToString(groupPermissionLevelMap_)
328  << " and the disallowed groups are... "
329  << StringMacros::setToString(groupsDisallowed_) << std::endl;
330  return permissionLevel_;
331  }
332  }
333 
334  // if no groups have been explicitly allowed nor disallowed
335  // then permission level should come from WebUsers::DEFAULT_USER_GROUP
336  auto findIt = groupPermissionLevelMap_.find(WebUsers::DEFAULT_USER_GROUP);
337  if(findIt != groupPermissionLevelMap_.end())
338  {
339  // found default group, take permission level
340  permissionLevel_ = findIt->second;
341  }
342 
343  return permissionLevel_;
344  } // end getGroupPermissionLevel()
345 
346  inline bool isInactive() const
347  {
348  return permissionLevel_ == WebUsers::PERMISSION_LEVEL_INACTIVE;
349  }
350  inline bool isAdmin() const
351  {
352  return permissionLevel_ == WebUsers::PERMISSION_LEVEL_ADMIN;
353  }
354 
355  // members extracted from supervisor properties on a per request type basis
356  const std::string& requestType_;
357  std::string cookieCode_;
358 
359  bool automatedCommand_, NonXMLRequestType_, NoXmlWhiteSpace_;
360  bool checkLock_, requireLock_, allowNoUser_, requireSecurity_;
361 
362  std::set<std::string> groupsAllowed_, groupsDisallowed_;
363 
364  WebUsers::permissionLevel_t permissionLevel_, permissionsThreshold_;
365  std::string ip_;
366  uint64_t uid_ /*only WebUser owner has access to uid, RemoteWebUsers do not*/;
367  std::string username_, displayName_, usernameWithLock_;
368  uint64_t userSessionIndex_;
369 
370  private:
371  std::map<std::string /*groupName*/, WebUsers::permissionLevel_t>
372  groupPermissionLevelMap_;
373  }; //end RequestUserInfo struct
374 
378  bool xmlRequestOnGateway (cgicc::Cgicc& cgi,
379  std::ostringstream* out,
380  HttpXmlDocument* xmldoc,
381  WebUsers::RequestUserInfo& userInfo);
382 
383  public:
384 
386  static void initializeRequestUserInfo (cgicc::Cgicc& cgi, WebUsers::RequestUserInfo& userInfo);
387  static bool checkRequestAccess (cgicc::Cgicc& cgi,
388  std::ostringstream* out,
389  HttpXmlDocument* xmldoc,
390  WebUsers::RequestUserInfo& userInfo,
391  bool isWizardMode = false,
392  const std::string& wizardModeSequence = "");
393 
394  void createNewAccount (const std::string& username,
395  const std::string& displayName,
396  const std::string& email);
397  void cleanupExpiredEntries (std::vector<std::string>* loggedOutUsernames = 0);
398  void cleanupExpiredRemoteEntries (void);
399  std::string createNewLoginSession (const std::string& uuid, const std::string& ip);
400 
401  uint64_t attemptActiveSession (const std::string& uuid,
402  std::string& jumbledUser,
403  const std::string& jumbledPw,
404  std::string& newAccountCode,
405  const std::string& ip);
406  uint64_t attemptActiveSessionWithCert (const std::string& uuid,
407  std::string& jumbledEmail,
408  std::string& cookieCode,
409  std::string& username,
410  const std::string& ip);
411  uint64_t isCookieCodeActiveForLogin (const std::string& uuid,
412  std::string& cookieCode,
413  std::string& username);
414  bool cookieCodeIsActiveForRequest (
415  std::string& cookieCode,
416  std::map<std::string /*groupName*/, WebUsers::permissionLevel_t>* userPermissions = 0,
417  uint64_t* uid = 0,
418  const std::string& ip = "0",
419  bool refresh = true,
420  bool doNotGoRemote = false,
421  std::string* userWithLock = 0,
422  uint64_t* userSessionIndex = 0);
423  uint64_t cookieCodeLogout (const std::string& cookieCode,
424  bool logoutOtherUserSessions,
425  uint64_t* uid = 0,
426  const std::string& ip = "0");
427  bool checkIpAccess (const std::string& ip);
428 
429  std::string getUsersDisplayName (uint64_t uid);
430  std::string getUsersUsername (uint64_t uid);
431  std::map<std::string /*groupName*/, WebUsers::permissionLevel_t>
432  getPermissionsForUser (uint64_t uid);
433 
434  uint64_t getActiveSessionCountForUser (uint64_t uid);
435  void insertSettingsForUser (uint64_t uid,
436  HttpXmlDocument* xmldoc,
437  bool includeAccounts = false,
438  std::map<std::string /*groupName*/,
439  WebUsers::permissionLevel_t> permissionMap = {});
440  std::string getGenericPreference (uint64_t uid,
441  const std::string& preferenceName,
442  HttpXmlDocument* xmldoc = 0) const;
443 
444  void changeSettingsForUser (uint64_t uid,
445  const std::string& bgcolor,
446  const std::string& dbcolor,
447  const std::string& wincolor,
448  const std::string& layout,
449  const std::string& syslayout,
450  const std::string& aliaslayout,
451  const std::string& sysaliaslayout);
452  void setGenericPreference (uint64_t uid,
453  const std::string& preferenceName,
454  const std::string& preferenceValue);
455  static void tooltipCheckForUsername (const std::string& username,
456  HttpXmlDocument* xmldoc,
457  const std::string& srcFile,
458  const std::string& srcFunc,
459  const std::string& srcId);
460  static void tooltipSetNeverShowForUsername (const std::string& username,
461  HttpXmlDocument* xmldoc,
462  const std::string& srcFile,
463  const std::string& srcFunc,
464  const std::string& srcId,
465  bool doNeverShow,
466  bool temporarySilence);
467 
468  void modifyAccountSettings (uint64_t actingUid,
469  uint8_t cmd_type,
470  const std::string& username,
471  const std::string& displayname,
472  const std::string& email,
473  const std::string& permissions);
474  bool setUserWithLock (uint64_t actingUid, bool lock, const std::string& username);
475  std::string getUserWithLock (void) { return usersUsernameWithLock_; }
476 
477  size_t getActiveUserCount (void);
478  std::string getActiveUserDisplayNamesString (void);
479  std::string getActiveUsernamesString (void);
480 
481  bool isUsernameActive (const std::string& username) const;
482  bool isUserIdActive (uint64_t uid) const;
483  uint64_t getAdminUserID (void);
484  const std::string& getSecurity (void);
485 
486  static void deleteUserData (void);
487 
488  static void resetAllUserTooltips (const std::string& userNeedle = "*");
489  static void silenceAllUserTooltips (const std::string& username);
490 
491  static void NACDisplayThread (const std::string& nac, const std::string& user);
492 
493  void saveActiveSessions (void);
494  void loadActiveSessions (void);
495 
496  private:
497  inline WebUsers::permissionLevel_t getPermissionLevelForGroup(
498  const std::map<std::string /*groupName*/, WebUsers::permissionLevel_t>& permissionMap,
499  const std::string& groupName = WebUsers::DEFAULT_USER_GROUP);
500  inline bool isInactiveForGroup(
501  const std::map<std::string /*groupName*/, WebUsers::permissionLevel_t>& permissionMap,
502  const std::string& groupName = WebUsers::DEFAULT_USER_GROUP);
503  inline bool isAdminForGroup(
504  const std::map<std::string /*groupName*/, WebUsers::permissionLevel_t>& permissionMap,
505  const std::string& groupName = WebUsers::DEFAULT_USER_GROUP);
506 
507  void loadSecuritySelection(void);
508  void loadIPAddressSecurity(void);
509  void loadUserWithLock(void);
510  unsigned int hexByteStrToInt(const char* h);
511  void intToHexStr(uint8_t i, char* h);
512  std::string sha512(const std::string& user,
513  const std::string& password,
514  std::string& salt);
515  std::string dejumble(const std::string& jumbledUser, const std::string& sessionId);
516  std::string createNewActiveSession(uint64_t uid,
517  const std::string& ip = "0",
518  uint64_t asIndex = 0);
519  bool addToHashesDatabase(const std::string& hash);
520  std::string genCookieCode(void);
521  std::string refreshCookieCode(unsigned int i, bool enableRefresh = true);
522  bool deleteAccount(const std::string& username, const std::string& displayName);
523  void incrementIpBlacklistCount(const std::string& ip);
524 
525  void saveToDatabase(FILE* fp,
526  const std::string& field,
527  const std::string& value,
528  uint8_t type = DB_SAVE_OPEN_AND_CLOSE,
529  bool addNewLine = true);
530  bool saveDatabaseToFile(uint8_t db);
531  bool loadDatabases(void);
532  void saveLoginFailureCounts(void);
533  void loadLoginFailureCounts(void);
534 
535  uint64_t searchUsersDatabaseForUsername (const std::string& username) const;
536  uint64_t searchUsersDatabaseForDisplayName (const std::string& displayName) const;
537  uint64_t searchUsersDatabaseForUserEmail (const std::string& useremail) const;
538  uint64_t searchUsersDatabaseForUserId (uint64_t uid) const;
539  uint64_t searchLoginSessionDatabaseForUUID (const std::string& uuid) const;
540  uint64_t searchHashesDatabaseForHash (const std::string& hash);
541  uint64_t searchActiveSessionDatabaseForCookie (const std::string& cookieCode) const;
542  uint64_t searchRemoteSessionDatabaseForCookie (const std::string& cookieCode) const;
543  uint64_t checkRemoteLoginVerification (std::string& cookieCode, bool refresh, bool doNotGoRemote, const std::string& ip);
544 
545  static std::string getTooltipFilename(const std::string& username,
546  const std::string& srcFile,
547  const std::string& srcFunc,
548  const std::string& srcId);
549  std::string getUserEmailFromFingerprint(const std::string& fingerprint);
550 
551  enum
552  {
553  DB_USERS,
554  DB_HASHES
555  };
556 
557  enum
558  {
559  DB_SAVE_OPEN_AND_CLOSE,
560  DB_SAVE_OPEN,
561  DB_SAVE_CLOSE
562  };
563 
564  std::unordered_map<std::string, std::string> certFingerprints_;
565 
566  static const std::vector<std::string> UsersDatabaseEntryFields_, HashesDatabaseEntryFields_;
567  static volatile bool CareAboutCookieCodes_;
568  std::string securityType_;
569  std::set<std::string /* ip */> ipAccessAccept_;
570  std::set<std::string /* ip */> ipAccessReject_;
571  std::set<std::string /* ip */> ipAccessBlacklist_;
572 
574  std::vector<LoginSession> LoginSessions_;
581  enum
582  {
583  LOGIN_SESSION_EXPIRATION_TIME = 5 * 60,
584  LOGIN_SESSION_ATTEMPTS_MAX = 5,
585  };
586 
588  std::vector<ActiveSession> ActiveSessions_;
589  std::map<std::string /* cookieCode */, ActiveSession > RemoteSessions_;
599  enum
600  {
601  ACTIVE_SESSION_EXPIRATION_TIME = 120 * 60,
604  ACTIVE_SESSION_COOKIE_OVERLAP_TIME =
605  10 * 60,
606  ACTIVE_SESSION_STALE_COOKIE_LIMIT =
607  10,
608  };
609 
611  std::vector<User> Users_;
630  uint64_t usersNextUserId_;
631  enum
632  {
633  USERS_LOGIN_HISTORY_SIZE = 20,
634  USERS_GLOBAL_HISTORY_SIZE = 1000,
635  USERS_MAX_LOGIN_FAILURES = 20,
636  };
637  std::string usersUsernameWithLock_;
638 
639  std::vector<std::string> UsersLoggedOutUsernames_;
640 
642  std::vector<Hash> Hashes_;
645  enum
646  {
647  IP_BLACKLIST_COUNT_THRESHOLD = 200,
648  };
649  std::map<std::string /*ip*/, uint32_t /*errorCount*/> ipBlacklistCounts_;
650 
651  std::mutex webUserMutex_;
652 
653  std::unique_ptr<TransceiverSocket> remoteLoginVerificationSocket_;
654  std::unique_ptr<Socket> remoteLoginVerificationSocketTarget_;
655 
656  time_t ipSecurityLastLoadTime_ = time(0);
657 
658  public:
659  std::atomic<time_t> remoteLoginVerificationEnabledBlackoutTime_ = 0;
660  static std::atomic<bool> remoteLoginVerificationEnabled_;
661  std::string remoteLoginVerificationIP_, remoteGatewaySelfName_;
662  int remoteLoginVerificationPort_;
663 };
664 } // namespace ots
665 
666 // clang-format on
667 
668 #endif
ots::WebUsers::addSystemMessage
void addSystemMessage(const std::string &targetUsersCSV, const std::string &message)
Definition: WebUsers.cc:3710
ots::WebUsers::getSecurity
const std::string & getSecurity(void)
WebUsers::getSecurity.
Definition: WebUsers.cc:4140
ots::WebUsers::getGenericPreference
std::string getGenericPreference(uint64_t uid, const std::string &preferenceName, HttpXmlDocument *xmldoc=0) const
Definition: WebUsers.cc:3224
ots::WebUsers::setUserWithLock
bool setUserWithLock(uint64_t actingUid, bool lock, const std::string &username)
Definition: WebUsers.cc:3333
ots::WebUsers::checkRequestAccess
static bool checkRequestAccess(cgicc::Cgicc &cgi, std::ostringstream *out, HttpXmlDocument *xmldoc, WebUsers::RequestUserInfo &userInfo, bool isWizardMode=false, const std::string &wizardModeSequence="")
Definition: WebUsers.cc:270
ots::WebUsers::silenceAllUserTooltips
static void silenceAllUserTooltips(const std::string &username)
Definition: WebUsers.cc:3020
ots::WebUsers::insertSettingsForUser
void insertSettingsForUser(uint64_t uid, HttpXmlDocument *xmldoc, bool includeAccounts=false, std::map< std::string, WebUsers::permissionLevel_t > permissionMap={})
if empty, fetches local permissions; if provided, overrides with given permissions (e....
Definition: WebUsers.cc:3057
ots::WebUsers::getActiveUserCount
size_t getActiveUserCount(void)
Definition: WebUsers.cc:3566
ots::WebUsers::getActiveUsernamesString
std::string getActiveUsernamesString(void)
All active usernames.
Definition: WebUsers.cc:3619
ots::WebUsers::getPermissionsForUser
std::map< std::string, WebUsers::permissionLevel_t > getPermissionsForUser(uint64_t uid)
from Gateway, use public version which considers remote users
Definition: WebUsers.cc:2708
ots::WebUsers::attemptActiveSession
uint64_t attemptActiveSession(const std::string &uuid, std::string &jumbledUser, const std::string &jumbledPw, std::string &newAccountCode, const std::string &ip)
Definition: WebUsers.cc:1182
ots::WebUsers::setGenericPreference
void setGenericPreference(uint64_t uid, const std::string &preferenceName, const std::string &preferenceValue)
Definition: WebUsers.cc:3183
ots::WebUsers::getAllSystemMessages
std::string getAllSystemMessages(void)
Definition: WebUsers.cc:3969
ots::WebUsers::cleanupExpiredEntries
void cleanupExpiredEntries(std::vector< std::string > *loggedOutUsernames=0)
Definition: WebUsers.cc:2448
ots::WebUsers::isCookieCodeActiveForLogin
uint64_t isCookieCodeActiveForLogin(const std::string &uuid, std::string &cookieCode, std::string &username)
Definition: WebUsers.cc:1997
ots::WebUsers::createNewLoginSession
std::string createNewLoginSession(const std::string &uuid, const std::string &ip)
Definition: WebUsers.cc:2569
ots::WebUsers::createNewAccount
void createNewAccount(const std::string &username, const std::string &displayName, const std::string &email)
Definition: WebUsers.cc:1079
ots::WebUsers::modifyAccountSettings
void modifyAccountSettings(uint64_t actingUid, uint8_t cmd_type, const std::string &username, const std::string &displayname, const std::string &email, const std::string &permissions)
WebUsers::modifyAccountSettings.
Definition: WebUsers.cc:3405
ots::WebUsers::remoteLoginVerificationPort_
int remoteLoginVerificationPort_
Port of remote Gateway to be used for login verification.
Definition: WebUsers.h:662
ots::WebUsers::isUsernameActive
bool isUsernameActive(const std::string &username) const
Definition: WebUsers.cc:1753
ots::WebUsers::isUserIdActive
bool isUserIdActive(uint64_t uid) const
Definition: WebUsers.cc:1764
ots::WebUsers::saveActiveSessions
void saveActiveSessions(void)
Definition: WebUsers.cc:416
ots::WebUsers::getActiveUserDisplayNamesString
std::string getActiveUserDisplayNamesString(void)
All active display names.
Definition: WebUsers.cc:3582
ots::WebUsers::remoteLoginVerificationEnabled_
static std::atomic< bool > remoteLoginVerificationEnabled_
true if this supervisor is under control of a remote supervisor
Definition: WebUsers.h:660
ots::WebUsers::getAdminUserID
uint64_t getAdminUserID(void)
Definition: WebUsers.cc:3656
ots::WebUsers::SYS_CLEANUP_WILDCARD_TIME
@ SYS_CLEANUP_WILDCARD_TIME
300 seconds
Definition: WebUsers.h:192
ots::WebUsers::SYS_CLEANUP_USER_MESSAGE_TIME
@ SYS_CLEANUP_USER_MESSAGE_TIME
15 seconds - allows multiple browser tabs/devices to receive the same message
Definition: WebUsers.h:193
ots::WebUsers::getUsersUsername
std::string getUsersUsername(uint64_t uid)
from Gateway, use public version which considers remote users
Definition: WebUsers.cc:2177
ots::WebUsers::initializeRequestUserInfo
static void initializeRequestUserInfo(cgicc::Cgicc &cgi, WebUsers::RequestUserInfo &userInfo)
used by gateway and other supervisors to verify requests consistently
Definition: WebUsers.cc:249
ots::WebUsers::checkIpAccess
bool checkIpAccess(const std::string &ip)
Definition: WebUsers.cc:2089
ots::WebUsers::xmlRequestOnGateway
bool xmlRequestOnGateway(cgicc::Cgicc &cgi, std::ostringstream *out, HttpXmlDocument *xmldoc, WebUsers::RequestUserInfo &userInfo)
Definition: WebUsers.cc:181
ots::WebUsers::cookieCodeLogout
uint64_t cookieCodeLogout(const std::string &cookieCode, bool logoutOtherUserSessions, uint64_t *uid=0, const std::string &ip="0")
Definition: WebUsers.cc:2196
ots::WebUsers::getSystemMessage
std::string getSystemMessage(const std::string &targetUser)
Definition: WebUsers.cc:4001
ots::WebUsers::getActiveSessionCountForUser
uint64_t getActiveSessionCountForUser(uint64_t uid)
Definition: WebUsers.cc:2054
ots::WebUsers::resetAllUserTooltips
static void resetAllUserTooltips(const std::string &userNeedle="*")
WebUsers::resetAllUserTooltips.
Definition: WebUsers.cc:3009
ots::WebUsers::tooltipSetNeverShowForUsername
static void tooltipSetNeverShowForUsername(const std::string &username, HttpXmlDocument *xmldoc, const std::string &srcFile, const std::string &srcFunc, const std::string &srcId, bool doNeverShow, bool temporarySilence)
Definition: WebUsers.cc:2873
ots::WebUsers::cleanupExpiredRemoteEntries
void cleanupExpiredRemoteEntries(void)
Definition: WebUsers.cc:2546
ots::WebUsers::getUsersDisplayName
std::string getUsersDisplayName(uint64_t uid)
from Gateway, use public version which considers remote users
Definition: WebUsers.cc:2167
ots::WebUsers::loadActiveSessions
void loadActiveSessions(void)
Definition: WebUsers.cc:456
ots::WebUsers::getLastSystemMessage
std::pair< std::string, time_t > getLastSystemMessage(void)
Definition: WebUsers.cc:3948
ots::WebUsers::attemptActiveSessionWithCert
uint64_t attemptActiveSessionWithCert(const std::string &uuid, std::string &jumbledEmail, std::string &cookieCode, std::string &username, const std::string &ip)
Definition: WebUsers.cc:1392
ots::WebUsers::OTS_OWNER
static const std::string OTS_OWNER
defined by environment variable, e.g. experiment name
Definition: WebUsers.h:71
ots::WebUsers::tooltipCheckForUsername
static void tooltipCheckForUsername(const std::string &username, HttpXmlDocument *xmldoc, const std::string &srcFile, const std::string &srcFunc, const std::string &srcId)
Definition: WebUsers.cc:2941
ots::WebUsers::remoteGatewaySelfName_
std::string remoteGatewaySelfName_
IP of remote Gateway to be used for login verification.
Definition: WebUsers.h:661
ots::WebUsers::cookieCodeIsActiveForRequest
bool cookieCodeIsActiveForRequest(std::string &cookieCode, std::map< std::string, WebUsers::permissionLevel_t > *userPermissions=0, uint64_t *uid=0, const std::string &ip="0", bool refresh=true, bool doNotGoRemote=false, std::string *userWithLock=0, uint64_t *userSessionIndex=0)
Definition: WebUsers.cc:2269
ots::WebUsers::changeSettingsForUser
void changeSettingsForUser(uint64_t uid, const std::string &bgcolor, const std::string &dbcolor, const std::string &wincolor, const std::string &layout, const std::string &syslayout, const std::string &aliaslayout, const std::string &sysaliaslayout)
WebUsers::changeSettingsForUser.
Definition: WebUsers.cc:3280
ots::WebUsers::PERMISSION_LEVEL_ADMIN
@ PERMISSION_LEVEL_ADMIN
max permission level!
Definition: WebUsers.h:64
ots
defines used also by OtsConfigurationWizardSupervisor
Definition: ArtdaqOtsBuildInfo_module.cc:10
ots::StringMacros::setToString
static std::string setToString(const std::set< T > &setToReturn, const std::string &delimeter=", ")
setToString ~
ots::StringMacros::inWildCardSet
static bool inWildCardSet(const std::string &needle, const std::set< std::string > &haystack)
Definition: StringMacros.cc:145
ots::StringMacros::mapToString
static std::string mapToString(const std::map< std::string, T > &mapToReturn, const std::string &primaryDelimeter=", ", const std::string &secondaryDelimeter=": ")
ots::StringMacros::getMapFromString
static void getMapFromString(const std::string &inputString, std::map< S, T > &mapToReturn, const std::set< char > &pairPairDelimiter={',', '|', '&'}, const std::set< char > &nameValueDelimiter={'=', ':'}, const std::set< char > &whitespace={' ', '\t', '\n', '\r'})
getMapFromString ~
ots::WebUsers::Hash::accessTime_
time_t accessTime_
last login month resolution, blurred by 1/2 month
Definition: WebUsers.h:187
ots::WebUsers::RequestUserInfo::userSessionIndex_
uint64_t userSessionIndex_
can use session index to track a user's session on multiple devices/browsers
Definition: WebUsers.h:368
ots::WebUsers::RequestUserInfo::getGroupPermissionLevel
const WebUsers::permissionLevel_t & getGroupPermissionLevel()
Definition: WebUsers.h:285
ots::WebUsers::RequestUserInfo::RequestUserInfo
RequestUserInfo(const std::string &requestType, const std::string &cookieCode)
Definition: WebUsers.h:251
ots::WebUsers::RequestUserInfo::setGroupPermissionLevels
bool setGroupPermissionLevels(const std::string &groupPermissionLevelsString)
end setGroupPermissionLevels()
Definition: WebUsers.h:262
ots::WebUsers::SystemMessage::firstDeliveryTime_
time_t firstDeliveryTime_
time of first delivery, 0 if not yet delivered
Definition: WebUsers.h:223
ots::WebUsers::User::getNewAccountCode
std::string getNewAccountCode() const
Definition: WebUsers.h:128
ots::WebUsers::User::setModifier
void setModifier(const std::string &modifierUsername)
Definition: WebUsers.h:113