otsdaq  3.03.00
WebUsers.h
1 #ifndef _ots_Utilities_WebUsers_h_
2 #define _ots_Utilities_WebUsers_h_
3 
4 #include "otsdaq/Macros/CoutMacros.h"
5 #include "otsdaq/Macros/StringMacros.h"
6 #include "otsdaq/MessageFacility/MessageFacility.h"
7 #include "otsdaq/SOAPUtilities/SOAPMessenger.h"
8 #pragma GCC diagnostic push
9 #pragma GCC diagnostic ignored "-Wunknown-pragmas"
10 #include <xgi/Method.h> //for cgicc::Cgicc
11 #pragma GCC diagnostic pop
12 
13 #include <iostream>
14 #include <mutex>
15 #include <string>
16 #include <unordered_map>
17 #include <vector>
18 #include "otsdaq/NetworkUtilities/TransceiverSocket.h" // for UDP remote login verify
19 
20 #define WEB_LOGIN_DB_PATH std::string(__ENV__("SERVICE_DATA_PATH")) + "/LoginData/"
21 #define WEB_LOGIN_CERTDATA_PATH std::string(__ENV__("CERT_DATA_PATH"))
22 #define HASHES_DB_PATH "HashesData/"
23 #define USERS_DB_PATH "UsersData/"
24 #define USERS_LOGIN_HISTORY_PATH USERS_DB_PATH + "UserLoginHistoryData/"
25 #define USERS_PREFERENCES_PATH USERS_DB_PATH + "UserPreferencesData/"
26 #define TOOLTIP_DB_PATH USERS_DB_PATH + "/TooltipData/"
27 
28 // clang-format off
29 
30 namespace ots
31 {
32 class HttpXmlDocument;
33 
37 class WebUsers
38 {
39  public:
40  WebUsers();
41 
42  enum
43  {
44  SESSION_ID_LENGTH = 512,
45  COOKIE_CODE_LENGTH = 512,
46  NOT_FOUND_IN_DATABASE = uint64_t(-1),
47  ACCOUNT_INACTIVE = uint64_t(-2),
48  ACCOUNT_BLACKLISTED = uint64_t(-3),
49  ACCOUNT_ERROR_THRESHOLD = uint64_t(-5),
50  USERNAME_LENGTH = 3,
51  DISPLAY_NAME_LENGTH = 4,
52  };
53 
54  enum
55  {
56  MOD_TYPE_UPDATE,
57  MOD_TYPE_ADD,
58  MOD_TYPE_DELETE
59  };
60 
61  using permissionLevel_t = uint8_t;
62  enum
63  {
64  PERMISSION_LEVEL_ADMIN = WebUsers::permissionLevel_t(-1),
65  PERMISSION_LEVEL_EXPERT = 100,
66  PERMISSION_LEVEL_USER = 10,
67  PERMISSION_LEVEL_NOVICE = 1,
68  PERMISSION_LEVEL_INACTIVE = 0,
69  };
70 
71  static const std::string OTS_OWNER;
72 
73  static const std::string DEFAULT_ADMIN_USERNAME;
74  static const std::string DEFAULT_ADMIN_DISPLAY_NAME;
75  static const std::string DEFAULT_ADMIN_EMAIL;
76  static const std::string DEFAULT_ITERATOR_USERNAME;
77  static const std::string DEFAULT_STATECHANGER_USERNAME;
78  static const std::string DEFAULT_USER_GROUP;
79 
80  static const std::string REQ_NO_LOGIN_RESPONSE;
81  static const std::string REQ_NO_PERMISSION_RESPONSE;
82  static const std::string REQ_USER_LOCKOUT_RESPONSE;
83  static const std::string REQ_LOCK_REQUIRED_RESPONSE;
84  static const std::string REQ_ALLOW_NO_USER;
85 
86  static const std::string SECURITY_TYPE_NONE;
87  static const std::string SECURITY_TYPE_DIGEST_ACCESS;
88  static const std::string SECURITY_TYPE_DEFAULT;
89 
90  struct User
91  {
92  //"Users" database associations ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
93  //
94  // Maintain list of existing Usernames and associate the following:
95  // - permissions map of group name to permission level (e.g. users, experts, masters) 0 to 255
96  // note: all users are at least in group WebUsers::DEFAULT_USER_GROUP
97  // 0 := account inactive, not allowed to login (e.g. could be due to too many failed login attempts)
98  // 1 := normal user
99  // 255 := admin for things in group
100  // permission level is determined by finding the highest permission level number (0 to
101  // 255) for an allowed group.. then that permission level is compared to the threshold.
102  //
103  // - Last Login attempt time, and last USERS_LOGIN_HISTORY_SIZE successful logins
104  // - Name to display
105  // - random salt, before first login salt is empty string ""
106  // - Keep count of login attempt failures. Limit failures per unit time (e.g. 5 per hour)
107  // - Preferences (e.g. color scheme, etc) Username appends to preferences file, and login history file
108  // - UsersLastModifierUsernameVector - is username of last admin user to modify something about account
109  // - UsersLastModifierTimeVector - is time of last modify by an admin user
110  User():lastLoginAttempt_(0),accountCreationTime_(0),loginFailureCount_(0),
111  lastModifierTime_(time(0)*100000 + (clock()%100000)) {}
112 
113  void setModifier(const std::string& modifierUsername)
114  {
115  lastModifierUsername_ = modifierUsername;
116  lastModifierTime_ = time(0)*100000 + (clock()%100000);
117  }
118 
119  void loadModifierUsername(const std::string& modifierUsername)
120  {
121  lastModifierUsername_ = modifierUsername;
122  }
123 
124  time_t& accessModifierTime() { return lastModifierTime_; }
125 
126  time_t getModifierTime(bool convertToRealTime = false) const { return (convertToRealTime?lastModifierTime_/100000:lastModifierTime_); }
127  const std::string& getModifierUsername() const { return lastModifierUsername_; }
128  std::string getNewAccountCode() const {
129 
130  if(salt_ != "")
131  return "";
132 
133  char charTimeStr[10];
134  sprintf(charTimeStr, "%5.5d", int(lastModifierTime_ & 0xffff));
135  return charTimeStr;
136  } //end getNewAccountCode()
137 
138  std::string username_, email_, displayName_, salt_;
139  std::map<std::string /*groupName*/, WebUsers::permissionLevel_t> permissions_;
140  uint64_t userId_;
141  time_t lastLoginAttempt_, accountCreationTime_;
142  uint8_t loginFailureCount_;
143 
144  private:
145  std::string lastModifierUsername_;
146  time_t lastModifierTime_;
147  }; //end User struct
148 
149  struct LoginSession
150  {
151  //"Login Session" database associations ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
152  // Generate random sessionId when receive a unique user ID (UUID)
153  // reject UUID that have been used recently (e.g. last 5 minutes)
154  // Maintain list of active sessionIds and associated UUID
155  // remove from list if been idle after some time or login attempts (e.g. 5 minutes or
156  // 3 login attempts) maybe track IP address, to block multiple failed login attempts
157  // from same IP. Use sessionId to un-jumble login attempts, lookup using UUID
158 
159  std::string id_, uuid_, ip_;
160  time_t startTime_;
161  uint8_t loginAttempts_;
162  }; //end LoginSession struct
163 
164  struct ActiveSession
165  {
166  //"Active Session" database associations ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
167  // Maintain list of valid cookieCodes and associated user - all requests
168  // must come with a valid cookieCode, else server fails request.
169  // On logout request, invalidate cookieCode.
170  // cookieCode expires after some idle time (e.g. 5 minutes) and
171  // is renewed and possibly changed each request.
172  // "single user - multiple locations" issue resolved using ActiveSessionIndex
173  // where each independent login starts a new thread of cookieCodes tagged with
174  // ActiveSessionIndex if cookieCode not refreshed, then return most recent cookie code
175 
176  std::string cookieCode_, ip_;
177  uint64_t userId_, sessionIndex_;
178  time_t startTime_;
179  }; //end ActiveSession struct
180 
181  struct Hash
182  {
183  //"Hashes" database associations ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
184  // Maintain list of acceptable encoded (SHA-512) salt+user+pw's
185 
186  std::string hash_;
187  time_t accessTime_;
188  }; //end Hash struct
189 
190  enum
191  {
192  SYS_CLEANUP_WILDCARD_TIME = 300,
193  };
194 
195  struct SystemMessage
196  {
197  // Members for system messages ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
198  // Set of vectors to delivers system messages to active users of the Web Gui
199  // When a message is generated, systemMessageLock is set,
200  // message is added and the vector set deliveredFlag = false,
201  // and systemMessageLock is unset.
202  // When a message is delivered deliveredFlag = true,
203  // During systemMessageCleanup(), systemMessageLock is set, delivered messages are removed,
204  // and systemMessageLock is unset.
205  //"SystemMessage" database associations ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
206  // Maintain list of user system messages:
207  // time, message, deliveredFlag
208 
209  SystemMessage(const std::string& message)
210  : message_ (message)
211  , creationTime_ (time(0))
212  , delivered_ (false)
213  , deliveredRemote_ (false)
214  {} //end constructor
215 
216  std::string message_;
217  time_t creationTime_;
218  bool delivered_;
219  bool deliveredRemote_;
220  }; //end SystemMessage struct
221 
222  void addSystemMessage (const std::string& targetUsersCSV, const std::string& message);
223  void addSystemMessage (const std::string& targetUsersCSV, const std::string& subject, const std::string& message, bool doEmail);
224  void addSystemMessage (const std::vector<std::string>& targetUsers, const std::string& subject, const std::string& message, bool doEmail);
225  std::string getSystemMessage (const std::string& targetUser);
226  std::pair<std::string, time_t> getLastSystemMessage(void);
227  std::string getAllSystemMessages (void);
228 
229  private:
230  void addSystemMessageToMap (const std::string& targetUser, const std::string& fullMessage);
231  void systemMessageCleanup (void);
232  std::mutex systemMessageLock_;
233  std::map<std::string /*toUserDisplayName*/,std::vector<SystemMessage>> systemMessages_;
234 
235 
236  public:
237 
238 
239  struct RequestUserInfo
240  {
241  // WebUsers is a "Friend" class of RequestUserInfo so has access to private
242  // members.
243  friend class WebUsers;
244 
245  RequestUserInfo(const std::string& requestType, const std::string& cookieCode)
246  : requestType_(requestType)
247  , cookieCode_(cookieCode)
248  , uid_(-1)
250  {
251  }
252 
253  //------- setters --------///<
254  //===========================================
255  // setGroupPermissionLevels
256  bool setGroupPermissionLevels(const std::string& groupPermissionLevelsString)
257  {
258  //__COUTV__(groupPermissionLevelsString);
259  permissionLevel_ = 0;
260 
261  StringMacros::getMapFromString(
262  groupPermissionLevelsString,
263  groupPermissionLevelMap_);
264  getGroupPermissionLevel();
265 
266  //__COUTV__((unsigned int)permissionLevel_);
267  return true;
268  }
269 
270  //------- getters --------///<
271  const std::map<std::string /*groupName*/, WebUsers::permissionLevel_t>&
272  getGroupPermissionLevels() const
273  {
274  return groupPermissionLevelMap_;
275  }
276  //===========================================
277  // getGroupPermissionLevel
278  // sets up permissionLevel based on already prepared RequestUserInfo members
279  const WebUsers::permissionLevel_t& getGroupPermissionLevel()
280  {
281  permissionLevel_ = 0;
282 
283  // check groups allowed
284  // i.e. if user is a member of one of the groups allowed
285  // then consider for highest permission level
286  bool matchedAcceptGroup = false;
287  for(const auto& userGroupPair : groupPermissionLevelMap_)
288  if(StringMacros::inWildCardSet(
289  userGroupPair.first,
290  groupsAllowed_) &&
291  userGroupPair.second >
292  permissionLevel_)
293  {
294  permissionLevel_ =
295  userGroupPair.second;
296  matchedAcceptGroup = true;
297  }
298 
299  // if no group match in groups allowed, then failed
300  if(!matchedAcceptGroup && groupsAllowed_.size())
301  {
302  __COUT_INFO__
303  << "User (@" << ip_
304  << ") has insufficient group permissions: user is in these groups... "
305  << StringMacros::mapToString(groupPermissionLevelMap_)
306  << " and the allowed groups are... "
307  << StringMacros::setToString(groupsAllowed_) << std::endl;
308  return permissionLevel_;
309  }
310 
311  // if no access groups specified, then check groups disallowed
312  if(!groupsAllowed_.size())
313  {
314  for(const auto& userGroupPair : groupPermissionLevelMap_)
315  if(StringMacros::inWildCardSet(userGroupPair.first,
316  groupsDisallowed_))
317  {
318  __COUT_INFO__
319  << "User (@" << ip_
320  << ") is in a disallowed group: user is in these groups... "
321  << StringMacros::mapToString(groupPermissionLevelMap_)
322  << " and the disallowed groups are... "
323  << StringMacros::setToString(groupsDisallowed_) << std::endl;
324  return permissionLevel_;
325  }
326  }
327 
328  // if no groups have been explicitly allowed nor disallowed
329  // then permission level should come from WebUsers::DEFAULT_USER_GROUP
330  auto findIt = groupPermissionLevelMap_.find(WebUsers::DEFAULT_USER_GROUP);
331  if(findIt != groupPermissionLevelMap_.end())
332  {
333  // found default group, take permission level
334  permissionLevel_ = findIt->second;
335  }
336 
337  return permissionLevel_;
338  } // end getGroupPermissionLevel()
339 
340  inline bool isInactive() const
341  {
342  return permissionLevel_ == WebUsers::PERMISSION_LEVEL_INACTIVE;
343  }
344  inline bool isAdmin() const
345  {
346  return permissionLevel_ == WebUsers::PERMISSION_LEVEL_ADMIN;
347  }
348 
349  // members extracted from supervisor properties on a per request type basis
350  const std::string& requestType_;
351  std::string cookieCode_;
352 
353  bool automatedCommand_, NonXMLRequestType_, NoXmlWhiteSpace_;
354  bool checkLock_, requireLock_, allowNoUser_, requireSecurity_;
355 
356  std::set<std::string> groupsAllowed_, groupsDisallowed_;
357 
358  WebUsers::permissionLevel_t permissionLevel_, permissionsThreshold_;
359  std::string ip_;
360  uint64_t uid_ /*only WebUser owner has access to uid, RemoteWebUsers do not*/;
361  std::string username_, displayName_, usernameWithLock_;
362  uint64_t userSessionIndex_;
363 
364  private:
365  std::map<std::string /*groupName*/, WebUsers::permissionLevel_t>
366  groupPermissionLevelMap_;
367  }; //end RequestUserInfo struct
368 
372  bool xmlRequestOnGateway(cgicc::Cgicc& cgi,
373  std::ostringstream* out,
374  HttpXmlDocument* xmldoc,
375  WebUsers::RequestUserInfo& userInfo);
376 
377  public:
378 
380  static void initializeRequestUserInfo(cgicc::Cgicc& cgi,
381  WebUsers::RequestUserInfo& userInfo);
382  static bool checkRequestAccess(cgicc::Cgicc& cgi,
383  std::ostringstream* out,
384  HttpXmlDocument* xmldoc,
385  WebUsers::RequestUserInfo& userInfo,
386  bool isWizardMode = false,
387  const std::string& wizardModeSequence = "");
388 
389  void createNewAccount(const std::string& username,
390  const std::string& displayName,
391  const std::string& email);
392  void cleanupExpiredEntries(std::vector<std::string>* loggedOutUsernames = 0);
393  void cleanupExpiredRemoteEntries(void);
394  std::string createNewLoginSession(const std::string& uuid, const std::string& ip);
395 
396  uint64_t attemptActiveSession(const std::string& uuid,
397  std::string& jumbledUser,
398  const std::string& jumbledPw,
399  std::string& newAccountCode,
400  const std::string& ip);
401  uint64_t attemptActiveSessionWithCert(const std::string& uuid,
402  std::string& jumbledEmail,
403  std::string& cookieCode,
404  std::string& username,
405  const std::string& ip);
406  uint64_t isCookieCodeActiveForLogin(const std::string& uuid,
407  std::string& cookieCode,
408  std::string& username);
409  bool cookieCodeIsActiveForRequest(
410  std::string& cookieCode,
411  std::map<std::string /*groupName*/, WebUsers::permissionLevel_t>*
412  userPermissions = 0,
413  uint64_t* uid = 0,
414  const std::string& ip = "0",
415  bool refresh = true,
416  bool doNotGoRemote = false,
417  std::string* userWithLock = 0,
418  uint64_t* userSessionIndex = 0);
419  uint64_t cookieCodeLogout(const std::string& cookieCode,
420  bool logoutOtherUserSessions,
421  uint64_t* uid = 0,
422  const std::string& ip = "0");
423  bool checkIpAccess(const std::string& ip);
424 
425  std::string getUsersDisplayName(uint64_t uid);
426  std::string getUsersUsername(uint64_t uid);
427  std::map<std::string /*groupName*/, WebUsers::permissionLevel_t>
428  getPermissionsForUser(uint64_t uid);
429 
430  uint64_t getActiveSessionCountForUser(uint64_t uid);
431  void insertSettingsForUser(uint64_t uid,
432  HttpXmlDocument* xmldoc,
433  bool includeAccounts = false);
434  std::string getGenericPreference(uint64_t uid,
435  const std::string& preferenceName,
436  HttpXmlDocument* xmldoc = 0) const;
437 
438  void changeSettingsForUser(uint64_t uid,
439  const std::string& bgcolor,
440  const std::string& dbcolor,
441  const std::string& wincolor,
442  const std::string& layout,
443  const std::string& syslayout,
444  const std::string& aliaslayout,
445  const std::string& sysaliaslayout);
446  void setGenericPreference(uint64_t uid,
447  const std::string& preferenceName,
448  const std::string& preferenceValue);
449  static void tooltipCheckForUsername(const std::string& username,
450  HttpXmlDocument* xmldoc,
451  const std::string& srcFile,
452  const std::string& srcFunc,
453  const std::string& srcId);
454  static void tooltipSetNeverShowForUsername(const std::string& username,
455  HttpXmlDocument* xmldoc,
456  const std::string& srcFile,
457  const std::string& srcFunc,
458  const std::string& srcId,
459  bool doNeverShow,
460  bool temporarySilence);
461 
462  void modifyAccountSettings(uint64_t actingUid,
463  uint8_t cmd_type,
464  const std::string& username,
465  const std::string& displayname,
466  const std::string& email,
467  const std::string& permissions);
468  bool setUserWithLock(uint64_t actingUid, bool lock, const std::string& username);
469  std::string getUserWithLock(void) { return usersUsernameWithLock_; }
470 
471  size_t getActiveUserCount(void);
472  std::string getActiveUsersString(void);
473 
474  bool isUsernameActive(const std::string& username) const;
475  bool isUserIdActive(uint64_t uid) const;
476  uint64_t getAdminUserID(void);
477  const std::string& getSecurity(void);
478 
479  static void deleteUserData(void);
480 
481  static void resetAllUserTooltips(const std::string& userNeedle = "*");
482  static void silenceAllUserTooltips(const std::string& username);
483 
484  static void NACDisplayThread(const std::string& nac, const std::string& user);
485 
486  void saveActiveSessions(void);
487  void loadActiveSessions(void);
488 
489  private:
490  inline WebUsers::permissionLevel_t getPermissionLevelForGroup(
491  const std::map<std::string /*groupName*/, WebUsers::permissionLevel_t>& permissionMap,
492  const std::string& groupName = WebUsers::DEFAULT_USER_GROUP);
493  inline bool isInactiveForGroup(
494  const std::map<std::string /*groupName*/, WebUsers::permissionLevel_t>& permissionMap,
495  const std::string& groupName = WebUsers::DEFAULT_USER_GROUP);
496  inline bool isAdminForGroup(
497  const std::map<std::string /*groupName*/, WebUsers::permissionLevel_t>& permissionMap,
498  const std::string& groupName = WebUsers::DEFAULT_USER_GROUP);
499 
500  void loadSecuritySelection(void);
501  void loadIPAddressSecurity(void);
502  void loadUserWithLock(void);
503  unsigned int hexByteStrToInt(const char* h);
504  void intToHexStr(uint8_t i, char* h);
505  std::string sha512(const std::string& user,
506  const std::string& password,
507  std::string& salt);
508  std::string dejumble(const std::string& jumbledUser, const std::string& sessionId);
509  std::string createNewActiveSession(uint64_t uid,
510  const std::string& ip = "0",
511  uint64_t asIndex = 0);
512  bool addToHashesDatabase(const std::string& hash);
513  std::string genCookieCode(void);
514  std::string refreshCookieCode(unsigned int i, bool enableRefresh = true);
515  bool deleteAccount(const std::string& username, const std::string& displayName);
516  void incrementIpBlacklistCount(const std::string& ip);
517 
518  void saveToDatabase(FILE* fp,
519  const std::string& field,
520  const std::string& value,
521  uint8_t type = DB_SAVE_OPEN_AND_CLOSE,
522  bool addNewLine = true);
523  bool saveDatabaseToFile(uint8_t db);
524  bool loadDatabases(void);
525 
526  uint64_t searchUsersDatabaseForUsername (const std::string& username) const;
527  uint64_t searchUsersDatabaseForDisplayName (const std::string& displayName) const;
528  uint64_t searchUsersDatabaseForUserEmail (const std::string& useremail) const;
529  uint64_t searchUsersDatabaseForUserId (uint64_t uid) const;
530  uint64_t searchLoginSessionDatabaseForUUID (const std::string& uuid) const;
531  uint64_t searchHashesDatabaseForHash (const std::string& hash);
532  uint64_t searchActiveSessionDatabaseForCookie (const std::string& cookieCode) const;
533  uint64_t searchRemoteSessionDatabaseForCookie (const std::string& cookieCode) const;
534  uint64_t checkRemoteLoginVerification (std::string& cookieCode, bool refresh, bool doNotGoRemote, const std::string& ip);
535 
536  static std::string getTooltipFilename(const std::string& username,
537  const std::string& srcFile,
538  const std::string& srcFunc,
539  const std::string& srcId);
540  std::string getUserEmailFromFingerprint(const std::string& fingerprint);
541 
542  enum
543  {
544  DB_USERS,
545  DB_HASHES
546  };
547 
548  enum
549  {
550  DB_SAVE_OPEN_AND_CLOSE,
551  DB_SAVE_OPEN,
552  DB_SAVE_CLOSE
553  };
554 
555  std::unordered_map<std::string, std::string> certFingerprints_;
556 
557  static const std::vector<std::string> UsersDatabaseEntryFields_, HashesDatabaseEntryFields_;
558  static volatile bool CareAboutCookieCodes_;
559  std::string securityType_;
560  std::set<std::string /* ip */> ipAccessAccept_;
561  std::set<std::string /* ip */> ipAccessReject_;
562  std::set<std::string /* ip */> ipAccessBlacklist_;
563 
565  std::vector<LoginSession> LoginSessions_;
572  enum
573  {
574  LOGIN_SESSION_EXPIRATION_TIME = 5 * 60,
575  LOGIN_SESSION_ATTEMPTS_MAX = 5,
576  };
577 
579  std::vector<ActiveSession> ActiveSessions_;
580  std::map<std::string /* cookieCode */, ActiveSession > RemoteSessions_;
590  enum
591  {
592  ACTIVE_SESSION_EXPIRATION_TIME = 120 * 60,
595  ACTIVE_SESSION_COOKIE_OVERLAP_TIME =
596  10 * 60,
597  ACTIVE_SESSION_STALE_COOKIE_LIMIT =
598  10,
599  };
600 
602  std::vector<User> Users_;
621  uint64_t usersNextUserId_;
622  enum
623  {
624  USERS_LOGIN_HISTORY_SIZE = 20,
625  USERS_GLOBAL_HISTORY_SIZE = 1000,
626  USERS_MAX_LOGIN_FAILURES = 20,
627  };
628  std::string usersUsernameWithLock_;
629 
630  std::vector<std::string> UsersLoggedOutUsernames_;
631 
633  std::vector<Hash> Hashes_;
636  enum
637  {
638  IP_BLACKLIST_COUNT_THRESHOLD = 200,
639  };
640  std::map<std::string /*ip*/, uint32_t /*errorCount*/> ipBlacklistCounts_;
641 
642  std::mutex webUserMutex_;
643 
644  std::unique_ptr<TransceiverSocket> remoteLoginVerificationSocket_;
645  std::unique_ptr<Socket> remoteLoginVerificationSocketTarget_;
646 
647  time_t ipSecurityLastLoadTime_ = time(0);
648 
649  public:
650  std::atomic<time_t> remoteLoginVerificationEnabledBlackoutTime_ = 0;
651  static std::atomic<bool> remoteLoginVerificationEnabled_;
652  std::string remoteLoginVerificationIP_, remoteGatewaySelfName_;
653  int remoteLoginVerificationPort_;
654 };
655 } // namespace ots
656 
657 // clang-format on
658 
659 #endif
ots::WebUsers::addSystemMessage
void addSystemMessage(const std::string &targetUsersCSV, const std::string &message)
Definition: WebUsers.cc:3553
ots::WebUsers::getSecurity
const std::string & getSecurity(void)
WebUsers::getSecurity.
Definition: WebUsers.cc:3953
ots::WebUsers::getGenericPreference
std::string getGenericPreference(uint64_t uid, const std::string &preferenceName, HttpXmlDocument *xmldoc=0) const
Definition: WebUsers.cc:3115
ots::WebUsers::setUserWithLock
bool setUserWithLock(uint64_t actingUid, bool lock, const std::string &username)
Definition: WebUsers.cc:3224
ots::WebUsers::checkRequestAccess
static bool checkRequestAccess(cgicc::Cgicc &cgi, std::ostringstream *out, HttpXmlDocument *xmldoc, WebUsers::RequestUserInfo &userInfo, bool isWizardMode=false, const std::string &wizardModeSequence="")
Definition: WebUsers.cc:257
ots::WebUsers::silenceAllUserTooltips
static void silenceAllUserTooltips(const std::string &username)
Definition: WebUsers.cc:2919
ots::WebUsers::getActiveUserCount
size_t getActiveUserCount(void)
Definition: WebUsers.cc:3454
ots::WebUsers::getPermissionsForUser
std::map< std::string, WebUsers::permissionLevel_t > getPermissionsForUser(uint64_t uid)
from Gateway, use public version which considers remote users
Definition: WebUsers.cc:2607
ots::WebUsers::attemptActiveSession
uint64_t attemptActiveSession(const std::string &uuid, std::string &jumbledUser, const std::string &jumbledPw, std::string &newAccountCode, const std::string &ip)
Definition: WebUsers.cc:1107
ots::WebUsers::setGenericPreference
void setGenericPreference(uint64_t uid, const std::string &preferenceName, const std::string &preferenceValue)
Definition: WebUsers.cc:3074
ots::WebUsers::getAllSystemMessages
std::string getAllSystemMessages(void)
Definition: WebUsers.cc:3812
ots::WebUsers::cleanupExpiredEntries
void cleanupExpiredEntries(std::vector< std::string > *loggedOutUsernames=0)
Definition: WebUsers.cc:2347
ots::WebUsers::isCookieCodeActiveForLogin
uint64_t isCookieCodeActiveForLogin(const std::string &uuid, std::string &cookieCode, std::string &username)
Definition: WebUsers.cc:1896
ots::WebUsers::createNewLoginSession
std::string createNewLoginSession(const std::string &uuid, const std::string &ip)
Definition: WebUsers.cc:2468
ots::WebUsers::getActiveUsersString
std::string getActiveUsersString(void)
Definition: WebUsers.cc:3466
ots::WebUsers::createNewAccount
void createNewAccount(const std::string &username, const std::string &displayName, const std::string &email)
Definition: WebUsers.cc:1004
ots::WebUsers::modifyAccountSettings
void modifyAccountSettings(uint64_t actingUid, uint8_t cmd_type, const std::string &username, const std::string &displayname, const std::string &email, const std::string &permissions)
WebUsers::modifyAccountSettings.
Definition: WebUsers.cc:3294
ots::WebUsers::remoteLoginVerificationPort_
int remoteLoginVerificationPort_
Port of remote Gateway to be used for login verification.
Definition: WebUsers.h:653
ots::WebUsers::isUsernameActive
bool isUsernameActive(const std::string &username) const
Definition: WebUsers.cc:1652
ots::WebUsers::isUserIdActive
bool isUserIdActive(uint64_t uid) const
Definition: WebUsers.cc:1663
ots::WebUsers::saveActiveSessions
void saveActiveSessions(void)
Definition: WebUsers.cc:403
ots::WebUsers::remoteLoginVerificationEnabled_
static std::atomic< bool > remoteLoginVerificationEnabled_
true if this supervisor is under control of a remote supervisor
Definition: WebUsers.h:651
ots::WebUsers::getAdminUserID
uint64_t getAdminUserID(void)
Definition: WebUsers.cc:3499
ots::WebUsers::SYS_CLEANUP_WILDCARD_TIME
@ SYS_CLEANUP_WILDCARD_TIME
300 seconds
Definition: WebUsers.h:192
ots::WebUsers::getUsersUsername
std::string getUsersUsername(uint64_t uid)
from Gateway, use public version which considers remote users
Definition: WebUsers.cc:2076
ots::WebUsers::initializeRequestUserInfo
static void initializeRequestUserInfo(cgicc::Cgicc &cgi, WebUsers::RequestUserInfo &userInfo)
used by gateway and other supervisors to verify requests consistently
Definition: WebUsers.cc:236
ots::WebUsers::checkIpAccess
bool checkIpAccess(const std::string &ip)
Definition: WebUsers.cc:1988
ots::WebUsers::xmlRequestOnGateway
bool xmlRequestOnGateway(cgicc::Cgicc &cgi, std::ostringstream *out, HttpXmlDocument *xmldoc, WebUsers::RequestUserInfo &userInfo)
Definition: WebUsers.cc:177
ots::WebUsers::cookieCodeLogout
uint64_t cookieCodeLogout(const std::string &cookieCode, bool logoutOtherUserSessions, uint64_t *uid=0, const std::string &ip="0")
Definition: WebUsers.cc:2095
ots::WebUsers::getSystemMessage
std::string getSystemMessage(const std::string &targetUser)
Definition: WebUsers.cc:3844
ots::WebUsers::getActiveSessionCountForUser
uint64_t getActiveSessionCountForUser(uint64_t uid)
Definition: WebUsers.cc:1953
ots::WebUsers::resetAllUserTooltips
static void resetAllUserTooltips(const std::string &userNeedle="*")
WebUsers::resetAllUserTooltips.
Definition: WebUsers.cc:2908
ots::WebUsers::tooltipSetNeverShowForUsername
static void tooltipSetNeverShowForUsername(const std::string &username, HttpXmlDocument *xmldoc, const std::string &srcFile, const std::string &srcFunc, const std::string &srcId, bool doNeverShow, bool temporarySilence)
Definition: WebUsers.cc:2772
ots::WebUsers::cleanupExpiredRemoteEntries
void cleanupExpiredRemoteEntries(void)
Definition: WebUsers.cc:2445
ots::WebUsers::getUsersDisplayName
std::string getUsersDisplayName(uint64_t uid)
from Gateway, use public version which considers remote users
Definition: WebUsers.cc:2066
ots::WebUsers::loadActiveSessions
void loadActiveSessions(void)
Definition: WebUsers.cc:443
ots::WebUsers::getLastSystemMessage
std::pair< std::string, time_t > getLastSystemMessage(void)
Definition: WebUsers.cc:3791
ots::WebUsers::attemptActiveSessionWithCert
uint64_t attemptActiveSessionWithCert(const std::string &uuid, std::string &jumbledEmail, std::string &cookieCode, std::string &username, const std::string &ip)
Definition: WebUsers.cc:1300
ots::WebUsers::OTS_OWNER
static const std::string OTS_OWNER
defined by environment variable, e.g. experiment name
Definition: WebUsers.h:71
ots::WebUsers::tooltipCheckForUsername
static void tooltipCheckForUsername(const std::string &username, HttpXmlDocument *xmldoc, const std::string &srcFile, const std::string &srcFunc, const std::string &srcId)
Definition: WebUsers.cc:2840
ots::WebUsers::remoteGatewaySelfName_
std::string remoteGatewaySelfName_
IP of remote Gateway to be used for login verification.
Definition: WebUsers.h:652
ots::WebUsers::cookieCodeIsActiveForRequest
bool cookieCodeIsActiveForRequest(std::string &cookieCode, std::map< std::string, WebUsers::permissionLevel_t > *userPermissions=0, uint64_t *uid=0, const std::string &ip="0", bool refresh=true, bool doNotGoRemote=false, std::string *userWithLock=0, uint64_t *userSessionIndex=0)
Definition: WebUsers.cc:2168
ots::WebUsers::changeSettingsForUser
void changeSettingsForUser(uint64_t uid, const std::string &bgcolor, const std::string &dbcolor, const std::string &wincolor, const std::string &layout, const std::string &syslayout, const std::string &aliaslayout, const std::string &sysaliaslayout)
WebUsers::changeSettingsForUser.
Definition: WebUsers.cc:3171
ots::WebUsers::insertSettingsForUser
void insertSettingsForUser(uint64_t uid, HttpXmlDocument *xmldoc, bool includeAccounts=false)
Definition: WebUsers.cc:2954
ots::WebUsers::PERMISSION_LEVEL_ADMIN
@ PERMISSION_LEVEL_ADMIN
max permission level!
Definition: WebUsers.h:64
ots::StringMacros::setToString
static std::string setToString(const std::set< T > &setToReturn, const std::string &delimeter=", ")
setToString ~
ots::StringMacros::inWildCardSet
static bool inWildCardSet(const std::string &needle, const std::set< std::string > &haystack)
Definition: StringMacros.cc:95
ots::StringMacros::mapToString
static std::string mapToString(const std::map< std::string, T > &mapToReturn, const std::string &primaryDelimeter=", ", const std::string &secondaryDelimeter=": ")
ots::StringMacros::getMapFromString
static void getMapFromString(const std::string &inputString, std::map< S, T > &mapToReturn, const std::set< char > &pairPairDelimiter={',', '|', '&'}, const std::set< char > &nameValueDelimiter={'=', ':'}, const std::set< char > &whitespace={' ', '\t', '\n', '\r'})
getMapFromString ~
ots::WebUsers::Hash::accessTime_
time_t accessTime_
last login month resolution, blurred by 1/2 month
Definition: WebUsers.h:187
ots::WebUsers::RequestUserInfo::userSessionIndex_
uint64_t userSessionIndex_
can use session index to track a user's session on multiple devices/browsers
Definition: WebUsers.h:362
ots::WebUsers::RequestUserInfo::getGroupPermissionLevel
const WebUsers::permissionLevel_t & getGroupPermissionLevel()
Definition: WebUsers.h:279
ots::WebUsers::RequestUserInfo::RequestUserInfo
RequestUserInfo(const std::string &requestType, const std::string &cookieCode)
Definition: WebUsers.h:245
ots::WebUsers::RequestUserInfo::setGroupPermissionLevels
bool setGroupPermissionLevels(const std::string &groupPermissionLevelsString)
end setGroupPermissionLevels()
Definition: WebUsers.h:256
ots::WebUsers::User::getNewAccountCode
std::string getNewAccountCode() const
Definition: WebUsers.h:128
ots::WebUsers::User::setModifier
void setModifier(const std::string &modifierUsername)
Definition: WebUsers.h:113