Mirrors/overte
3
0
Fork 0
mirror of https://github.com/overte-org/overte.git synced 2025-04-11 13:42:38 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Tidy processing user connect request

Browse source
This commit is contained in:
David Rowe 2020-08-02 20:54:09 +12:00
parent c3769a5f74
commit fdb4a5605a
2 changed files with 20 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
domain-server/src/DomainGatekeeper.cpp
View file

@ -517,20 +517,15 @@ SharedNodePointer DomainGatekeeper::processAgentConnectRequest(const NodeConnect
#endif
return SharedNodePointer();
} else if (!_verifiedDomainUserIdentities.contains(domainUsername)
|| _verifiedDomainUserIdentities[domainUsername] != QPair<QString, QString>(domainAccessToken, domainRefreshToken)) {
// ####### TODO: Write a function for the above test.
} else if (needToVerifyDomainUserIdentity(domainUsername, domainAccessToken, domainRefreshToken)) {
// User's domain identity needs to be confirmed.
if (_verifiedDomainUserIdentities.contains(domainUsername)) {
_verifiedDomainUserIdentities.remove(domainUsername);
}
requestDomainUser(domainUsername, domainAccessToken, domainRefreshToken);
#ifdef WANT_DEBUG
qDebug() << "Stalling login because we haven't authenticated user yet:" << domainUsername;
#endif
} else if (verifyDomainUserSignature(domainUsername, domainAccessToken, domainRefreshToken,
nodeConnection.senderSockAddr)) {
} else if (verifyDomainUserIdentity(domainUsername, domainAccessToken, domainRefreshToken,
nodeConnection.senderSockAddr)) {
// User's domain identity is confirmed.
getDomainGroupMemberships(domainUsername);
verifiedDomainUsername = domainUsername.toLower();
@ -758,13 +753,17 @@ bool DomainGatekeeper::verifyUserSignature(const QString& username,
return false;
}
// ####### TODO: Rename to verifyDomainUser()?
bool DomainGatekeeper::verifyDomainUserSignature(const QString& username, const QString& accessToken,
const QString& refreshToken, const HifiSockAddr& senderSockAddr) {
// ####### TODO: Verify response from domain OAuth2 request to WordPress, if it's arrived yet.
// #### Or assume the verification step has already occurred?
if (_verifiedDomainUserIdentities.contains(username)) {
bool DomainGatekeeper::needToVerifyDomainUserIdentity(const QString& username, const QString& accessToken,
const QString& refreshToken) {
return !_verifiedDomainUserIdentities.contains(username)
|| _verifiedDomainUserIdentities.value(username) != QPair<QString, QString>(accessToken, refreshToken);
}
bool DomainGatekeeper::verifyDomainUserIdentity(const QString& username, const QString& accessToken,
const QString& refreshToken, const HifiSockAddr& senderSockAddr) {
if (_verifiedDomainUserIdentities.contains(username)
&& _verifiedDomainUserIdentities.value(username) == QPair<QString, QString>(accessToken, refreshToken)) {
return true;
}
@ -1236,6 +1235,10 @@ void DomainGatekeeper::requestDomainUser(const QString& username, const QString&
}
_inFlightDomainUserIdentityRequests.insert(username, QPair<QString, QString>(accessToken, refreshToken));
if (_verifiedDomainUserIdentities.contains(username)) {
_verifiedDomainUserIdentities.remove(username);
}
QString apiBase = _server->_settingsManager.valueForKeyPath(AUTHENTICATION_WORDPRESS_URL_BASE).toString();
if (!apiBase.endsWith("/")) {
apiBase += "/";

5
domain-server/src/DomainGatekeeper.h
View file

@ -90,8 +90,9 @@ private:
bool verifyUserSignature(const QString& username, const QByteArray& usernameSignature,
const HifiSockAddr& senderSockAddr);
bool verifyDomainUserSignature(const QString& username, const QString& accessToken, const QString& refreshToken,
const HifiSockAddr& senderSockAddr);
bool needToVerifyDomainUserIdentity(const QString& username, const QString& accessToken, const QString& refreshToken);
bool verifyDomainUserIdentity(const QString& username, const QString& accessToken, const QString& refreshToken,
const HifiSockAddr& senderSockAddr);
bool isWithinMaxCapacity();