Mirrors/overte
3
0
Fork 0
mirror of https://github.com/overte-org/overte.git synced 2025-04-20 11:45:36 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

allow a user to be let into domain-server based on role

Browse source
This commit is contained in:
Stephen Birarda 2014-07-21 17:41:22 -07:00
parent f78a1f7033
commit 8082e2f88b
3 changed files with 26 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

27
domain-server/src/DomainServer.cpp
View file

@ -1289,13 +1289,25 @@ bool DomainServer::isAuthenticatedRequest(HTTPConnection* connection, const QUrl
if (_argumentVariantMap.value(ADMIN_USERS_CONFIG_KEY).toJsonValue().toArray().contains(profileUsername)) {
// this is an authenticated user
return true;
} else {
QString unauthenticatedRequest = "You do not have permission to access this domain-server.";
connection->respond(HTTPConnection::StatusCode401, unauthenticatedRequest.toUtf8());
// the user does not have allowed username or role, return 401
return false;
}
// loop the roles of this user and see if they are in the admin-roles array
QJsonArray adminRolesArray = _argumentVariantMap.value(ADMIN_ROLES_CONFIG_KEY).toJsonValue().toArray();
if (!adminRolesArray.isEmpty()) {
foreach(const QString& userRole, sessionData.getRoles()) {
if (adminRolesArray.contains(userRole)) {
// this user has a role that allows them to administer the domain-server
return true;
}
}
}
QString unauthenticatedRequest = "You do not have permission to access this domain-server.";
connection->respond(HTTPConnection::StatusCode401, unauthenticatedRequest.toUtf8());
// the user does not have allowed username or role, return 401
return false;
} else {
// re-direct this user to OAuth page
@ -1402,9 +1414,10 @@ Headers DomainServer::setupCookieHeadersFromProfileReply(QNetworkReply* profileR
QUuid cookieUUID = QUuid::createUuid();
QJsonDocument profileDocument = QJsonDocument::fromJson(profileReply->readAll());
QJsonObject userObject = profileDocument.object()["data"].toObject()["user"].toObject();
// add the profile to our in-memory data structure so we know who the user is when they send us their cookie
_cookieSessionHash.insert(cookieUUID, DomainServerWebSessionData(profileDocument));
_cookieSessionHash.insert(cookieUUID, DomainServerWebSessionData(userObject));
// setup expiry for cookie to 1 month from today
QDateTime cookieExpiry = QDateTime::currentDateTimeUtc().addMonths(1);

9
domain-server/src/DomainServerWebSessionData.cpp
View file

@ -9,7 +9,8 @@
// See the accompanying file LICENSE or http://www.apache.org/licenses/LICENSE-2.0.html
//
#include <QtCore/QJsonDocument>
#include <QtCore/QDebug>
#include <QtCore/QJsonArray>
#include <QtCore/QJsonObject>
#include "DomainServerWebSessionData.h"
@ -21,13 +22,13 @@ DomainServerWebSessionData::DomainServerWebSessionData() :
}
DomainServerWebSessionData::DomainServerWebSessionData(const QJsonDocument& profileDocument) :
DomainServerWebSessionData::DomainServerWebSessionData(const QJsonObject& userObject) :
_roles()
{
_username = profileDocument.object()["user"].toObject()["username"].toString();
_username = userObject["username"].toString();
// pull each of the roles and throw them into our set
foreach(const QJsonValue& rolesValue, profileDocument.object()["user"].toObject()["roles"].toObject()) {
foreach(const QJsonValue& rolesValue, userObject["roles"].toArray()) {
_roles.insert(rolesValue.toString());
}
}

2
domain-server/src/DomainServerWebSessionData.h
View file

@ -19,7 +19,7 @@ class DomainServerWebSessionData : public QObject {
Q_OBJECT
public:
DomainServerWebSessionData();
DomainServerWebSessionData(const QJsonDocument& profileDocument);
DomainServerWebSessionData(const QJsonObject& userObject);
DomainServerWebSessionData(const DomainServerWebSessionData& otherSessionData);
DomainServerWebSessionData& operator=(const DomainServerWebSessionData& otherSessionData);