otsdaq  3.09.00
WebUsers.h
1 #ifndef _ots_Utilities_WebUsers_h_
2 #define _ots_Utilities_WebUsers_h_
3 
4 #include "otsdaq/Macros/CoutMacros.h"
5 #include "otsdaq/Macros/StringMacros.h"
6 #include "otsdaq/MessageFacility/MessageFacility.h"
7 #include "otsdaq/SOAPUtilities/SOAPMessenger.h"
8 #pragma GCC diagnostic push
9 #pragma GCC diagnostic ignored "-Wunknown-pragmas"
10 #include <xgi/Method.h> //for cgicc::Cgicc
11 #pragma GCC diagnostic pop
12 
13 #include <iostream>
14 #include <mutex>
15 #include <string>
16 #include <unordered_map>
17 #include <vector>
18 #include "otsdaq/NetworkUtilities/TransceiverSocket.h" // for UDP remote login verify
19 
20 #define WEB_LOGIN_DB_PATH std::string(__ENV__("SERVICE_DATA_PATH")) + "/LoginData/"
21 #define WEB_LOGIN_CERTDATA_PATH std::string(__ENV__("CERT_DATA_PATH"))
22 #define HASHES_DB_PATH "HashesData/"
23 #define USERS_DB_PATH "UsersData/"
24 #define USERS_LOGIN_HISTORY_PATH USERS_DB_PATH + "UserLoginHistoryData/"
25 #define USERS_PREFERENCES_PATH USERS_DB_PATH + "UserPreferencesData/"
26 #define TOOLTIP_DB_PATH USERS_DB_PATH + "/TooltipData/"
27 
28 // clang-format off
29 
30 namespace ots
31 {
32 class HttpXmlDocument;
33 
37 class WebUsers
38 {
39  public:
40  WebUsers();
41 
42  enum
43  {
44  SESSION_ID_LENGTH = 512,
45  COOKIE_CODE_LENGTH = 512,
46  NOT_FOUND_IN_DATABASE = uint64_t(-1),
47  ACCOUNT_INACTIVE = uint64_t(-2),
48  ACCOUNT_BLACKLISTED = uint64_t(-3),
49  ACCOUNT_ERROR_THRESHOLD = uint64_t(-5),
50  USERNAME_LENGTH = 3,
51  DISPLAY_NAME_LENGTH = 4,
52  };
53 
54  enum
55  {
56  MOD_TYPE_UPDATE,
57  MOD_TYPE_ADD,
58  MOD_TYPE_DELETE
59  };
60 
61  using permissionLevel_t = uint8_t;
62  enum
63  {
64  PERMISSION_LEVEL_ADMIN = WebUsers::permissionLevel_t(-1),
65  PERMISSION_LEVEL_EXPERT = 100,
66  PERMISSION_LEVEL_USER = 10,
67  PERMISSION_LEVEL_NOVICE = 1,
68  PERMISSION_LEVEL_INACTIVE = 0,
69  };
70 
71  static const std::string OTS_OWNER;
72 
73  static const std::string DEFAULT_ADMIN_USERNAME;
74  static const std::string DEFAULT_ADMIN_DISPLAY_NAME;
75  static const std::string DEFAULT_ADMIN_EMAIL;
76  static const std::string DEFAULT_ITERATOR_USERNAME;
77  static const std::string DEFAULT_STATECHANGER_USERNAME;
78  static const std::string DEFAULT_USER_GROUP;
79 
80  static const std::string REQ_NO_LOGIN_RESPONSE;
81  static const std::string REQ_NO_PERMISSION_RESPONSE;
82  static const std::string REQ_USER_LOCKOUT_RESPONSE;
83  static const std::string REQ_LOCK_REQUIRED_RESPONSE;
84  static const std::string REQ_ALLOW_NO_USER;
85 
86  static const std::string SECURITY_TYPE_NONE;
87  static const std::string SECURITY_TYPE_DIGEST_ACCESS;
88  static const std::string SECURITY_TYPE_DEFAULT;
89 
90  struct User
91  {
92  //"Users" database associations ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
93  //
94  // Maintain list of existing Usernames and associate the following:
95  // - permissions map of group name to permission level (e.g. users, experts, masters) 0 to 255
96  // note: all users are at least in group WebUsers::DEFAULT_USER_GROUP
97  // 0 := account inactive, not allowed to login (e.g. could be due to too many failed login attempts)
98  // 1 := normal user
99  // 255 := admin for things in group
100  // permission level is determined by finding the highest permission level number (0 to
101  // 255) for an allowed group.. then that permission level is compared to the threshold.
102  //
103  // - Last Login attempt time, and last USERS_LOGIN_HISTORY_SIZE successful logins
104  // - Name to display
105  // - random salt, before first login salt is empty string ""
106  // - Keep count of login attempt failures. Limit failures per unit time (e.g. 5 per hour)
107  // - Preferences (e.g. color scheme, etc) Username appends to preferences file, and login history file
108  // - UsersLastModifierUsernameVector - is username of last admin user to modify something about account
109  // - UsersLastModifierTimeVector - is time of last modify by an admin user
110  User():lastLoginAttempt_(0),accountCreationTime_(0),loginFailureCount_(0),
111  lastModifierTime_(time(0)*100000 + (clock()%100000)) {}
112 
113  void setModifier(const std::string& modifierUsername)
114  {
115  lastModifierUsername_ = modifierUsername;
116  lastModifierTime_ = time(0)*100000 + (clock()%100000);
117  }
118 
119  void loadModifierUsername(const std::string& modifierUsername)
120  {
121  lastModifierUsername_ = modifierUsername;
122  }
123 
124  time_t& accessModifierTime() { return lastModifierTime_; }
125 
126  time_t getModifierTime(bool convertToRealTime = false) const { return (convertToRealTime?lastModifierTime_/100000:lastModifierTime_); }
127  const std::string& getModifierUsername() const { return lastModifierUsername_; }
128  std::string getNewAccountCode() const {
129 
130  if(salt_ != "")
131  return "";
132 
133  char charTimeStr[10];
134  sprintf(charTimeStr, "%5.5d", int(lastModifierTime_ & 0xffff));
135  return charTimeStr;
136  } //end getNewAccountCode()
137 
138  std::string username_, email_, displayName_, salt_;
139  std::map<std::string /*groupName*/, WebUsers::permissionLevel_t> permissions_;
140  uint64_t userId_;
141  time_t lastLoginAttempt_, accountCreationTime_;
142  uint8_t loginFailureCount_;
143 
144  private:
145  std::string lastModifierUsername_;
146  time_t lastModifierTime_;
147  }; //end User struct
148 
149  struct LoginSession
150  {
151  //"Login Session" database associations ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
152  // Generate random sessionId when receive a unique user ID (UUID)
153  // reject UUID that have been used recently (e.g. last 5 minutes)
154  // Maintain list of active sessionIds and associated UUID
155  // remove from list if been idle after some time or login attempts (e.g. 5 minutes or
156  // 3 login attempts) maybe track IP address, to block multiple failed login attempts
157  // from same IP. Use sessionId to un-jumble login attempts, lookup using UUID
158 
159  std::string id_, uuid_, ip_;
160  time_t startTime_;
161  uint8_t loginAttempts_;
162  }; //end LoginSession struct
163 
164  struct ActiveSession
165  {
166  //"Active Session" database associations ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
167  // Maintain list of valid cookieCodes and associated user - all requests
168  // must come with a valid cookieCode, else server fails request.
169  // On logout request, invalidate cookieCode.
170  // cookieCode expires after some idle time (e.g. 5 minutes) and
171  // is renewed and possibly changed each request.
172  // "single user - multiple locations" issue resolved using ActiveSessionIndex
173  // where each independent login starts a new thread of cookieCodes tagged with
174  // ActiveSessionIndex if cookieCode not refreshed, then return most recent cookie code
175 
176  std::string cookieCode_, ip_;
177  uint64_t userId_, sessionIndex_;
178  time_t startTime_;
179  time_t lastActivityTime_;
180  }; //end ActiveSession struct
181 
182  struct Hash
183  {
184  //"Hashes" database associations ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
185  // Maintain list of acceptable encoded (SHA-512) salt+user+pw's
186 
187  std::string hash_;
188  time_t accessTime_;
189  }; //end Hash struct
190 
191  enum
192  {
193  SYS_CLEANUP_WILDCARD_TIME = 300,
194  SYS_CLEANUP_USER_MESSAGE_TIME = 15,
195  };
196 
197  struct SystemMessage
198  {
199  // Members for system messages ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
200  // Set of vectors to delivers system messages to active users of the Web Gui
201  // When a message is generated, systemMessageLock is set,
202  // message is added and the vector set deliveredFlag = false,
203  // and systemMessageLock is unset.
204  // When a message is delivered deliveredFlag = true,
205  // During systemMessageCleanup(), systemMessageLock is set, delivered messages are removed,
206  // and systemMessageLock is unset.
207  // Note: User-specific messages persist for SYS_CLEANUP_USER_MESSAGE_TIME (15 seconds) after
208  // first delivery to allow multiple browser tabs/devices to receive the same message.
209  // The client side should suppress duplicate messages with the same text and timestamp.
210  //"SystemMessage" database associations ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
211  // Maintain list of user system messages:
212  // time, message, deliveredFlag
213 
214  SystemMessage(const std::string& message)
215  : message_ (message)
216  , creationTime_ (time(0))
217  , firstDeliveryTime_(0)
218  , delivered_ (false)
219  , deliveredRemote_ (false)
220  {} //end constructor
221 
222  std::string message_;
223  time_t creationTime_;
224  time_t firstDeliveryTime_;
225  bool delivered_;
226  bool deliveredRemote_;
227  }; //end SystemMessage struct
228 
229  void addSystemMessage (const std::string& targetUsersCSV, const std::string& message);
230  void addSystemMessage (const std::string& targetUsersCSV, const std::string& subject, const std::string& message, bool doEmail);
231  void addSystemMessage (const std::vector<std::string>& targetUsers, const std::string& subject, const std::string& message, bool doEmail);
232  std::string getSystemMessage (const std::string& targetUser);
233  std::pair<std::string, time_t> getLastSystemMessage(void);
234  std::string getAllSystemMessages (void);
235 
236  private:
237  void addSystemMessageToMap (const std::string& targetUser, const std::string& fullMessage);
238  void systemMessageCleanup (void);
239  std::mutex systemMessageLock_;
240  std::map<std::string /*toUserDisplayName*/,std::vector<SystemMessage>> systemMessages_;
241 
242 
243  public:
244 
245 
246  struct RequestUserInfo
247  {
248  // WebUsers is a "Friend" class of RequestUserInfo so has access to private
249  // members.
250  friend class WebUsers;
251 
252  RequestUserInfo(const std::string& requestType, const std::string& cookieCode)
253  : requestType_(requestType)
254  , cookieCode_(cookieCode)
255  , uid_(-1)
257  {
258  }
259 
260  //------- setters --------///<
261  //===========================================
262  // setGroupPermissionLevels
263  bool setGroupPermissionLevels(const std::string& groupPermissionLevelsString)
264  {
265  //__COUTV__(groupPermissionLevelsString);
266  permissionLevel_ = 0;
267 
268  StringMacros::getMapFromString(
269  groupPermissionLevelsString,
270  groupPermissionLevelMap_);
271  getGroupPermissionLevel();
272 
273  //__COUTV__((unsigned int)permissionLevel_);
274  return true;
275  }
276 
277  //------- getters --------///<
278  const std::map<std::string /*groupName*/, WebUsers::permissionLevel_t>&
279  getGroupPermissionLevels() const
280  {
281  return groupPermissionLevelMap_;
282  }
283  //===========================================
284  // getGroupPermissionLevel
285  // sets up permissionLevel based on already prepared RequestUserInfo members
286  const WebUsers::permissionLevel_t& getGroupPermissionLevel()
287  {
288  permissionLevel_ = 0;
289 
290  // check groups allowed
291  // i.e. if user is a member of one of the groups allowed
292  // then consider for highest permission level
293  bool matchedAcceptGroup = false;
294  for(const auto& userGroupPair : groupPermissionLevelMap_)
295  if(StringMacros::inWildCardSet(
296  userGroupPair.first,
297  groupsAllowed_) &&
298  userGroupPair.second >
299  permissionLevel_)
300  {
301  permissionLevel_ =
302  userGroupPair.second;
303  matchedAcceptGroup = true;
304  }
305 
306  // if no group match in groups allowed, then failed
307  if(!matchedAcceptGroup && groupsAllowed_.size())
308  {
309  __COUT_INFO__
310  << "User (@" << ip_
311  << ") has insufficient group permissions: user is in these groups... "
312  << StringMacros::mapToString(groupPermissionLevelMap_)
313  << " and the allowed groups are... "
314  << StringMacros::setToString(groupsAllowed_) << std::endl;
315  return permissionLevel_;
316  }
317 
318  // if no access groups specified, then check groups disallowed
319  if(!groupsAllowed_.size())
320  {
321  for(const auto& userGroupPair : groupPermissionLevelMap_)
322  if(StringMacros::inWildCardSet(userGroupPair.first,
323  groupsDisallowed_))
324  {
325  __COUT_INFO__
326  << "User (@" << ip_
327  << ") is in a disallowed group: user is in these groups... "
328  << StringMacros::mapToString(groupPermissionLevelMap_)
329  << " and the disallowed groups are... "
330  << StringMacros::setToString(groupsDisallowed_) << std::endl;
331  return permissionLevel_;
332  }
333  }
334 
335  // if no groups have been explicitly allowed nor disallowed
336  // then permission level should come from WebUsers::DEFAULT_USER_GROUP
337  auto findIt = groupPermissionLevelMap_.find(WebUsers::DEFAULT_USER_GROUP);
338  if(findIt != groupPermissionLevelMap_.end())
339  {
340  // found default group, take permission level
341  permissionLevel_ = findIt->second;
342  }
343 
344  return permissionLevel_;
345  } // end getGroupPermissionLevel()
346 
347  inline bool isInactive() const
348  {
349  return permissionLevel_ == WebUsers::PERMISSION_LEVEL_INACTIVE;
350  }
351  inline bool isAdmin() const
352  {
353  return permissionLevel_ == WebUsers::PERMISSION_LEVEL_ADMIN;
354  }
355 
356  // members extracted from supervisor properties on a per request type basis
357  const std::string& requestType_;
358  std::string cookieCode_;
359 
360  bool automatedCommand_, NonXMLRequestType_, NoXmlWhiteSpace_;
361  bool checkLock_, requireLock_, allowNoUser_, requireSecurity_;
362 
363  std::set<std::string> groupsAllowed_, groupsDisallowed_;
364 
365  WebUsers::permissionLevel_t permissionLevel_, permissionsThreshold_;
366  std::string ip_;
367  uint64_t uid_ /*only WebUser owner has access to uid, RemoteWebUsers do not*/;
368  std::string username_, displayName_, usernameWithLock_;
369  uint64_t userSessionIndex_;
370 
371  private:
372  std::map<std::string /*groupName*/, WebUsers::permissionLevel_t>
373  groupPermissionLevelMap_;
374  }; //end RequestUserInfo struct
375 
379  bool xmlRequestOnGateway (cgicc::Cgicc& cgi,
380  std::ostringstream* out,
381  HttpXmlDocument* xmldoc,
382  WebUsers::RequestUserInfo& userInfo);
383 
384  public:
385 
387  static void initializeRequestUserInfo (cgicc::Cgicc& cgi, WebUsers::RequestUserInfo& userInfo);
388  static bool checkRequestAccess (cgicc::Cgicc& cgi,
389  std::ostringstream* out,
390  HttpXmlDocument* xmldoc,
391  WebUsers::RequestUserInfo& userInfo,
392  bool isWizardMode = false,
393  const std::string& wizardModeSequence = "");
394 
395  void createNewAccount (const std::string& username,
396  const std::string& displayName,
397  const std::string& email);
398  void cleanupExpiredEntries (std::vector<std::string>* loggedOutUsernames = 0);
399  void cleanupExpiredRemoteEntries (void);
400  std::string createNewLoginSession (const std::string& uuid, const std::string& ip);
401 
402  uint64_t attemptActiveSession (const std::string& uuid,
403  std::string& jumbledUser,
404  const std::string& jumbledPw,
405  std::string& newAccountCode,
406  const std::string& ip);
407  uint64_t attemptActiveSessionWithCert (const std::string& uuid,
408  std::string& jumbledEmail,
409  std::string& cookieCode,
410  std::string& username,
411  const std::string& ip);
412  uint64_t isCookieCodeActiveForLogin (const std::string& uuid,
413  std::string& cookieCode,
414  std::string& username);
415  bool cookieCodeIsActiveForRequest (
416  std::string& cookieCode,
417  std::map<std::string /*groupName*/, WebUsers::permissionLevel_t>* userPermissions = 0,
418  uint64_t* uid = 0,
419  const std::string& ip = "0",
420  bool refresh = true,
421  bool doNotGoRemote = false,
422  std::string* userWithLock = 0,
423  uint64_t* userSessionIndex = 0);
424  uint64_t cookieCodeLogout (const std::string& cookieCode,
425  bool logoutOtherUserSessions,
426  uint64_t* uid = 0,
427  const std::string& ip = "0");
428  bool checkIpAccess (const std::string& ip);
429 
430  std::string getUsersDisplayName (uint64_t uid);
431  std::string getUsersUsername (uint64_t uid);
432  std::map<std::string /*groupName*/, WebUsers::permissionLevel_t>
433  getPermissionsForUser (uint64_t uid);
434 
435  uint64_t getActiveSessionCountForUser (uint64_t uid);
436  void insertSettingsForUser (uint64_t uid,
437  HttpXmlDocument* xmldoc,
438  bool includeAccounts = false,
439  std::map<std::string /*groupName*/,
440  WebUsers::permissionLevel_t> permissionMap = {});
441  std::string getGenericPreference (uint64_t uid,
442  const std::string& preferenceName,
443  HttpXmlDocument* xmldoc = 0) const;
444 
445  void changeSettingsForUser (uint64_t uid,
446  const std::string& bgcolor,
447  const std::string& dbcolor,
448  const std::string& wincolor,
449  const std::string& layout,
450  const std::string& syslayout,
451  const std::string& aliaslayout,
452  const std::string& sysaliaslayout);
453  void setGenericPreference (uint64_t uid,
454  const std::string& preferenceName,
455  const std::string& preferenceValue);
456  static void tooltipCheckForUsername (const std::string& username,
457  HttpXmlDocument* xmldoc,
458  const std::string& srcFile,
459  const std::string& srcFunc,
460  const std::string& srcId);
461  static void tooltipSetNeverShowForUsername (const std::string& username,
462  HttpXmlDocument* xmldoc,
463  const std::string& srcFile,
464  const std::string& srcFunc,
465  const std::string& srcId,
466  bool doNeverShow,
467  bool temporarySilence);
468 
469  void modifyAccountSettings (uint64_t actingUid,
470  uint8_t cmd_type,
471  const std::string& username,
472  const std::string& displayname,
473  const std::string& email,
474  const std::string& permissions);
475  bool setUserWithLock (uint64_t actingUid, bool lock, const std::string& username);
476  std::string getUserWithLock (void) { return usersUsernameWithLock_; }
477 
478  size_t getActiveUserCount (void);
479  std::string getActiveUserDisplayNamesString (void);
480  std::string getActiveUsernamesString (void);
481 
482  bool isUsernameActive (const std::string& username) const;
483  bool isUserIdActive (uint64_t uid) const;
484  uint64_t getAdminUserID (void);
485  const std::string& getSecurity (void);
486 
487  static void deleteUserData (void);
488 
489  static void resetAllUserTooltips (const std::string& userNeedle = "*");
490  static void silenceAllUserTooltips (const std::string& username);
491 
492  static void NACDisplayThread (const std::string& nac, const std::string& user);
493 
494  void saveActiveSessions (void);
495  void loadActiveSessions (void);
496 
497  private:
498  inline WebUsers::permissionLevel_t getPermissionLevelForGroup(
499  const std::map<std::string /*groupName*/, WebUsers::permissionLevel_t>& permissionMap,
500  const std::string& groupName = WebUsers::DEFAULT_USER_GROUP);
501  inline bool isInactiveForGroup(
502  const std::map<std::string /*groupName*/, WebUsers::permissionLevel_t>& permissionMap,
503  const std::string& groupName = WebUsers::DEFAULT_USER_GROUP);
504  inline bool isAdminForGroup(
505  const std::map<std::string /*groupName*/, WebUsers::permissionLevel_t>& permissionMap,
506  const std::string& groupName = WebUsers::DEFAULT_USER_GROUP);
507 
508  void loadSecuritySelection(void);
509  void loadIPAddressSecurity(void);
510  void loadUserWithLock(void);
511  void saveLockStateToFile(void);
512  unsigned int hexByteStrToInt(const char* h);
513  void intToHexStr(uint8_t i, char* h);
514  std::string sha512(const std::string& user,
515  const std::string& password,
516  std::string& salt);
517  std::string dejumble(const std::string& jumbledUser, const std::string& sessionId);
518  std::string createNewActiveSession(uint64_t uid,
519  const std::string& ip = "0",
520  uint64_t asIndex = 0);
521  bool addToHashesDatabase(const std::string& hash);
522  std::string genCookieCode(void);
523  std::string refreshCookieCode(unsigned int i, bool enableRefresh = true);
524  bool deleteAccount(const std::string& username, const std::string& displayName);
525  void incrementIpBlacklistCount(const std::string& ip);
526 
527  void saveToDatabase(FILE* fp,
528  const std::string& field,
529  const std::string& value,
530  uint8_t type = DB_SAVE_OPEN_AND_CLOSE,
531  bool addNewLine = true);
532  bool saveDatabaseToFile(uint8_t db);
533  bool loadDatabases(void);
534  void saveLoginFailureCounts(void);
535  void loadLoginFailureCounts(void);
536 
537  uint64_t searchUsersDatabaseForUsername (const std::string& username) const;
538  uint64_t searchUsersDatabaseForDisplayName (const std::string& displayName) const;
539  uint64_t searchUsersDatabaseForUserEmail (const std::string& useremail) const;
540  uint64_t searchUsersDatabaseForUserId (uint64_t uid) const;
541  uint64_t searchLoginSessionDatabaseForUUID (const std::string& uuid) const;
542  uint64_t searchHashesDatabaseForHash (const std::string& hash);
543  uint64_t searchActiveSessionDatabaseForCookie (const std::string& cookieCode) const;
544  uint64_t searchRemoteSessionDatabaseForCookie (const std::string& cookieCode) const;
545  uint64_t checkRemoteLoginVerification (std::string& cookieCode, bool refresh, bool doNotGoRemote, const std::string& ip);
546 
547  static std::string getTooltipFilename(const std::string& username,
548  const std::string& srcFile,
549  const std::string& srcFunc,
550  const std::string& srcId);
551  std::string getUserEmailFromFingerprint(const std::string& fingerprint);
552 
553  enum
554  {
555  DB_USERS,
556  DB_HASHES
557  };
558 
559  enum
560  {
561  DB_SAVE_OPEN_AND_CLOSE,
562  DB_SAVE_OPEN,
563  DB_SAVE_CLOSE
564  };
565 
566  std::unordered_map<std::string, std::string> certFingerprints_;
567 
568  static const std::vector<std::string> UsersDatabaseEntryFields_, HashesDatabaseEntryFields_;
569  static volatile bool CareAboutCookieCodes_;
570  static bool ipBlacklistEnabled_;
571  std::string securityType_;
572  std::set<std::string /* ip */> ipAccessAccept_;
573  std::set<std::string /* ip */> ipAccessReject_;
574  std::set<std::string /* ip */> ipAccessBlacklist_;
575 
577  std::vector<LoginSession> LoginSessions_;
584  enum
585  {
586  LOGIN_SESSION_EXPIRATION_TIME = 5 * 60,
587  LOGIN_SESSION_ATTEMPTS_MAX = 5,
588  };
589 
591  std::vector<ActiveSession> ActiveSessions_;
592  std::map<std::string /* cookieCode */, ActiveSession > RemoteSessions_;
602  enum
603  {
604  ACTIVE_SESSION_EXPIRATION_TIME = 120 * 60,
607  ACTIVE_SESSION_COOKIE_OVERLAP_TIME =
608  10 * 60,
609  ACTIVE_SESSION_STALE_COOKIE_LIMIT =
610  10,
611  LOCK_INACTIVITY_TIMEOUT =
612  30 * 60,
613  };
614 
616  std::vector<User> Users_;
635  uint64_t usersNextUserId_;
636  enum
637  {
638  USERS_LOGIN_HISTORY_SIZE = 20,
639  USERS_GLOBAL_HISTORY_SIZE = 1000,
640  USERS_MAX_LOGIN_FAILURES = 20,
641  };
642  std::string usersUsernameWithLock_;
643 
644  std::vector<std::string> UsersLoggedOutUsernames_;
645 
647  std::vector<Hash> Hashes_;
650  enum
651  {
652  IP_BLACKLIST_COUNT_THRESHOLD = 200,
653  };
654  std::map<std::string /*ip*/, uint32_t /*errorCount*/> ipBlacklistCounts_;
655 
656  std::mutex webUserMutex_;
657 
658  std::unique_ptr<TransceiverSocket> remoteLoginVerificationSocket_;
659  std::unique_ptr<Socket> remoteLoginVerificationSocketTarget_;
660 
661  time_t ipSecurityLastLoadTime_ = time(0);
662 
663  public:
664  std::atomic<time_t> remoteLoginVerificationEnabledBlackoutTime_ = 0;
665  static std::atomic<bool> remoteLoginVerificationEnabled_;
666  std::string remoteLoginVerificationIP_, remoteGatewaySelfName_;
667  int remoteLoginVerificationPort_;
668 };
669 } // namespace ots
670 
671 // clang-format on
672 
673 #endif
ots::WebUsers::addSystemMessage
void addSystemMessage(const std::string &targetUsersCSV, const std::string &message)
Definition: WebUsers.cc:3809
ots::WebUsers::getSecurity
const std::string & getSecurity(void)
WebUsers::getSecurity.
Definition: WebUsers.cc:4239
ots::WebUsers::getGenericPreference
std::string getGenericPreference(uint64_t uid, const std::string &preferenceName, HttpXmlDocument *xmldoc=0) const
Definition: WebUsers.cc:3319
ots::WebUsers::setUserWithLock
bool setUserWithLock(uint64_t actingUid, bool lock, const std::string &username)
Definition: WebUsers.cc:3445
ots::WebUsers::checkRequestAccess
static bool checkRequestAccess(cgicc::Cgicc &cgi, std::ostringstream *out, HttpXmlDocument *xmldoc, WebUsers::RequestUserInfo &userInfo, bool isWizardMode=false, const std::string &wizardModeSequence="")
Definition: WebUsers.cc:271
ots::WebUsers::silenceAllUserTooltips
static void silenceAllUserTooltips(const std::string &username)
Definition: WebUsers.cc:3115
ots::WebUsers::insertSettingsForUser
void insertSettingsForUser(uint64_t uid, HttpXmlDocument *xmldoc, bool includeAccounts=false, std::map< std::string, WebUsers::permissionLevel_t > permissionMap={})
if empty, fetches local permissions; if provided, overrides with given permissions (e....
Definition: WebUsers.cc:3152
ots::WebUsers::getActiveUserCount
size_t getActiveUserCount(void)
Definition: WebUsers.cc:3665
ots::WebUsers::getActiveUsernamesString
std::string getActiveUsernamesString(void)
All active usernames.
Definition: WebUsers.cc:3718
ots::WebUsers::getPermissionsForUser
std::map< std::string, WebUsers::permissionLevel_t > getPermissionsForUser(uint64_t uid)
from Gateway, use public version which considers remote users
Definition: WebUsers.cc:2803
ots::WebUsers::attemptActiveSession
uint64_t attemptActiveSession(const std::string &uuid, std::string &jumbledUser, const std::string &jumbledPw, std::string &newAccountCode, const std::string &ip)
Definition: WebUsers.cc:1200
ots::WebUsers::setGenericPreference
void setGenericPreference(uint64_t uid, const std::string &preferenceName, const std::string &preferenceValue)
Definition: WebUsers.cc:3278
ots::WebUsers::getAllSystemMessages
std::string getAllSystemMessages(void)
Definition: WebUsers.cc:4068
ots::WebUsers::cleanupExpiredEntries
void cleanupExpiredEntries(std::vector< std::string > *loggedOutUsernames=0)
Definition: WebUsers.cc:2499
ots::WebUsers::isCookieCodeActiveForLogin
uint64_t isCookieCodeActiveForLogin(const std::string &uuid, std::string &cookieCode, std::string &username)
Definition: WebUsers.cc:2030
ots::WebUsers::createNewLoginSession
std::string createNewLoginSession(const std::string &uuid, const std::string &ip)
Definition: WebUsers.cc:2664
ots::WebUsers::createNewAccount
void createNewAccount(const std::string &username, const std::string &displayName, const std::string &email)
Definition: WebUsers.cc:1097
ots::WebUsers::modifyAccountSettings
void modifyAccountSettings(uint64_t actingUid, uint8_t cmd_type, const std::string &username, const std::string &displayname, const std::string &email, const std::string &permissions)
WebUsers::modifyAccountSettings.
Definition: WebUsers.cc:3504
ots::WebUsers::remoteLoginVerificationPort_
int remoteLoginVerificationPort_
Port of remote Gateway to be used for login verification.
Definition: WebUsers.h:667
ots::WebUsers::isUsernameActive
bool isUsernameActive(const std::string &username) const
Definition: WebUsers.cc:1780
ots::WebUsers::isUserIdActive
bool isUserIdActive(uint64_t uid) const
Definition: WebUsers.cc:1791
ots::WebUsers::saveActiveSessions
void saveActiveSessions(void)
Definition: WebUsers.cc:417
ots::WebUsers::getActiveUserDisplayNamesString
std::string getActiveUserDisplayNamesString(void)
All active display names.
Definition: WebUsers.cc:3681
ots::WebUsers::remoteLoginVerificationEnabled_
static std::atomic< bool > remoteLoginVerificationEnabled_
true if this supervisor is under control of a remote supervisor
Definition: WebUsers.h:665
ots::WebUsers::getAdminUserID
uint64_t getAdminUserID(void)
Definition: WebUsers.cc:3755
ots::WebUsers::SYS_CLEANUP_WILDCARD_TIME
@ SYS_CLEANUP_WILDCARD_TIME
300 seconds
Definition: WebUsers.h:193
ots::WebUsers::SYS_CLEANUP_USER_MESSAGE_TIME
@ SYS_CLEANUP_USER_MESSAGE_TIME
15 seconds - allows multiple browser tabs/devices to receive the same message
Definition: WebUsers.h:194
ots::WebUsers::getUsersUsername
std::string getUsersUsername(uint64_t uid)
from Gateway, use public version which considers remote users
Definition: WebUsers.cc:2214
ots::WebUsers::initializeRequestUserInfo
static void initializeRequestUserInfo(cgicc::Cgicc &cgi, WebUsers::RequestUserInfo &userInfo)
used by gateway and other supervisors to verify requests consistently
Definition: WebUsers.cc:250
ots::WebUsers::checkIpAccess
bool checkIpAccess(const std::string &ip)
Definition: WebUsers.cc:2122
ots::WebUsers::xmlRequestOnGateway
bool xmlRequestOnGateway(cgicc::Cgicc &cgi, std::ostringstream *out, HttpXmlDocument *xmldoc, WebUsers::RequestUserInfo &userInfo)
Definition: WebUsers.cc:182
ots::WebUsers::cookieCodeLogout
uint64_t cookieCodeLogout(const std::string &cookieCode, bool logoutOtherUserSessions, uint64_t *uid=0, const std::string &ip="0")
Definition: WebUsers.cc:2233
ots::WebUsers::getSystemMessage
std::string getSystemMessage(const std::string &targetUser)
Definition: WebUsers.cc:4100
ots::WebUsers::getActiveSessionCountForUser
uint64_t getActiveSessionCountForUser(uint64_t uid)
Definition: WebUsers.cc:2087
ots::WebUsers::resetAllUserTooltips
static void resetAllUserTooltips(const std::string &userNeedle="*")
WebUsers::resetAllUserTooltips.
Definition: WebUsers.cc:3104
ots::WebUsers::tooltipSetNeverShowForUsername
static void tooltipSetNeverShowForUsername(const std::string &username, HttpXmlDocument *xmldoc, const std::string &srcFile, const std::string &srcFunc, const std::string &srcId, bool doNeverShow, bool temporarySilence)
Definition: WebUsers.cc:2968
ots::WebUsers::cleanupExpiredRemoteEntries
void cleanupExpiredRemoteEntries(void)
Definition: WebUsers.cc:2641
ots::WebUsers::getUsersDisplayName
std::string getUsersDisplayName(uint64_t uid)
from Gateway, use public version which considers remote users
Definition: WebUsers.cc:2204
ots::WebUsers::loadActiveSessions
void loadActiveSessions(void)
Definition: WebUsers.cc:458
ots::WebUsers::getLastSystemMessage
std::pair< std::string, time_t > getLastSystemMessage(void)
Definition: WebUsers.cc:4047
ots::WebUsers::attemptActiveSessionWithCert
uint64_t attemptActiveSessionWithCert(const std::string &uuid, std::string &jumbledEmail, std::string &cookieCode, std::string &username, const std::string &ip)
Definition: WebUsers.cc:1419
ots::WebUsers::OTS_OWNER
static const std::string OTS_OWNER
defined by environment variable, e.g. experiment name
Definition: WebUsers.h:71
ots::WebUsers::tooltipCheckForUsername
static void tooltipCheckForUsername(const std::string &username, HttpXmlDocument *xmldoc, const std::string &srcFile, const std::string &srcFunc, const std::string &srcId)
Definition: WebUsers.cc:3036
ots::WebUsers::remoteGatewaySelfName_
std::string remoteGatewaySelfName_
IP of remote Gateway to be used for login verification.
Definition: WebUsers.h:666
ots::WebUsers::cookieCodeIsActiveForRequest
bool cookieCodeIsActiveForRequest(std::string &cookieCode, std::map< std::string, WebUsers::permissionLevel_t > *userPermissions=0, uint64_t *uid=0, const std::string &ip="0", bool refresh=true, bool doNotGoRemote=false, std::string *userWithLock=0, uint64_t *userSessionIndex=0)
Definition: WebUsers.cc:2320
ots::WebUsers::changeSettingsForUser
void changeSettingsForUser(uint64_t uid, const std::string &bgcolor, const std::string &dbcolor, const std::string &wincolor, const std::string &layout, const std::string &syslayout, const std::string &aliaslayout, const std::string &sysaliaslayout)
WebUsers::changeSettingsForUser.
Definition: WebUsers.cc:3375
ots::WebUsers::PERMISSION_LEVEL_ADMIN
@ PERMISSION_LEVEL_ADMIN
max permission level!
Definition: WebUsers.h:64
ots
defines used also by OtsConfigurationWizardSupervisor
Definition: ArtdaqOtsBuildInfo_module.cc:10
ots::StringMacros::setToString
static std::string setToString(const std::set< T > &setToReturn, const std::string &delimeter=", ")
setToString ~
ots::StringMacros::inWildCardSet
static bool inWildCardSet(const std::string &needle, const std::set< std::string > &haystack)
Definition: StringMacros.cc:145
ots::StringMacros::mapToString
static std::string mapToString(const std::map< std::string, T > &mapToReturn, const std::string &primaryDelimeter=", ", const std::string &secondaryDelimeter=": ")
ots::StringMacros::getMapFromString
static void getMapFromString(const std::string &inputString, std::map< S, T > &mapToReturn, const std::set< char > &pairPairDelimiter={',', '|', '&'}, const std::set< char > &nameValueDelimiter={'=', ':'}, const std::set< char > &whitespace={' ', '\t', '\n', '\r'})
getMapFromString ~
ots::WebUsers::ActiveSession::lastActivityTime_
time_t lastActivityTime_
time of last request that updated cookie code; used for inactivity lock release
Definition: WebUsers.h:179
ots::WebUsers::Hash::accessTime_
time_t accessTime_
last login month resolution, blurred by 1/2 month
Definition: WebUsers.h:188
ots::WebUsers::RequestUserInfo::userSessionIndex_
uint64_t userSessionIndex_
can use session index to track a user's session on multiple devices/browsers
Definition: WebUsers.h:369
ots::WebUsers::RequestUserInfo::getGroupPermissionLevel
const WebUsers::permissionLevel_t & getGroupPermissionLevel()
Definition: WebUsers.h:286
ots::WebUsers::RequestUserInfo::RequestUserInfo
RequestUserInfo(const std::string &requestType, const std::string &cookieCode)
Definition: WebUsers.h:252
ots::WebUsers::RequestUserInfo::setGroupPermissionLevels
bool setGroupPermissionLevels(const std::string &groupPermissionLevelsString)
end setGroupPermissionLevels()
Definition: WebUsers.h:263
ots::WebUsers::SystemMessage::firstDeliveryTime_
time_t firstDeliveryTime_
time of first delivery, 0 if not yet delivered
Definition: WebUsers.h:224
ots::WebUsers::User::getNewAccountCode
std::string getNewAccountCode() const
Definition: WebUsers.h:128
ots::WebUsers::User::setModifier
void setModifier(const std::string &modifierUsername)
Definition: WebUsers.h:113