tdaq-develop-2025-02-12
WebUsers.h
1 #ifndef _ots_Utilities_WebUsers_h_
2 #define _ots_Utilities_WebUsers_h_
3 
4 #include "otsdaq/Macros/CoutMacros.h"
5 #include "otsdaq/Macros/StringMacros.h"
6 #include "otsdaq/MessageFacility/MessageFacility.h"
7 #include "otsdaq/SOAPUtilities/SOAPMessenger.h"
8 #pragma GCC diagnostic push
9 #pragma GCC diagnostic ignored "-Wunknown-pragmas"
10 #include <xgi/Method.h> //for cgicc::Cgicc
11 #pragma GCC diagnostic pop
12 
13 #include <iostream>
14 #include <mutex>
15 #include <string>
16 #include <unordered_map>
17 #include <vector>
18 #include "otsdaq/NetworkUtilities/TransceiverSocket.h" // for UDP remote login verify
19 
20 #define WEB_LOGIN_DB_PATH std::string(__ENV__("SERVICE_DATA_PATH")) + "/LoginData/"
21 #define WEB_LOGIN_CERTDATA_PATH std::string(__ENV__("CERT_DATA_PATH"))
22 #define HASHES_DB_PATH "HashesData/"
23 #define USERS_DB_PATH "UsersData/"
24 #define USERS_LOGIN_HISTORY_PATH USERS_DB_PATH + "UserLoginHistoryData/"
25 #define USERS_PREFERENCES_PATH USERS_DB_PATH + "UserPreferencesData/"
26 #define TOOLTIP_DB_PATH USERS_DB_PATH + "/TooltipData/"
27 
28 // clang-format off
29 
30 namespace ots
31 {
32 class HttpXmlDocument;
33 
37 class WebUsers
38 {
39  public:
40  WebUsers();
41 
42  enum
43  {
44  SESSION_ID_LENGTH = 512,
45  COOKIE_CODE_LENGTH = 512,
46  NOT_FOUND_IN_DATABASE = uint64_t(-1),
47  ACCOUNT_INACTIVE = uint64_t(-2),
48  ACCOUNT_BLACKLISTED = uint64_t(-3),
49  ACCOUNT_ERROR_THRESHOLD = uint64_t(-5),
50  USERNAME_LENGTH = 3,
51  DISPLAY_NAME_LENGTH = 4,
52  };
53 
54  enum
55  {
56  MOD_TYPE_UPDATE,
57  MOD_TYPE_ADD,
58  MOD_TYPE_DELETE
59  };
60 
61  using permissionLevel_t = uint8_t;
62  enum
63  {
64  PERMISSION_LEVEL_ADMIN = WebUsers::permissionLevel_t(-1),
65  PERMISSION_LEVEL_EXPERT = 100,
66  PERMISSION_LEVEL_USER = 10,
67  PERMISSION_LEVEL_NOVICE = 1,
68  PERMISSION_LEVEL_INACTIVE = 0,
69  };
70 
71  static const std::string OTS_OWNER;
72 
73  static const std::string DEFAULT_ADMIN_USERNAME;
74  static const std::string DEFAULT_ADMIN_DISPLAY_NAME;
75  static const std::string DEFAULT_ADMIN_EMAIL;
76  static const std::string DEFAULT_ITERATOR_USERNAME;
77  static const std::string DEFAULT_STATECHANGER_USERNAME;
78  static const std::string DEFAULT_USER_GROUP;
79 
80  static const std::string REQ_NO_LOGIN_RESPONSE;
81  static const std::string REQ_NO_PERMISSION_RESPONSE;
82  static const std::string REQ_USER_LOCKOUT_RESPONSE;
83  static const std::string REQ_LOCK_REQUIRED_RESPONSE;
84  static const std::string REQ_ALLOW_NO_USER;
85 
86  static const std::string SECURITY_TYPE_NONE;
87  static const std::string SECURITY_TYPE_DIGEST_ACCESS;
88  static const std::string SECURITY_TYPE_DEFAULT;
89 
90  struct User
91  {
92  //"Users" database associations ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
93  //
94  // Maintain list of existing Usernames and associate the following:
95  // - permissions map of group name to permission level (e.g. users, experts, masters) 0 to 255
96  // note: all users are at least in group WebUsers::DEFAULT_USER_GROUP
97  // 0 := account inactive, not allowed to login (e.g. could be due to too many failed login attempts)
98  // 1 := normal user
99  // 255 := admin for things in group
100  // permission level is determined by finding the highest permission level number (0 to
101  // 255) for an allowed group.. then that permission level is compared to the threshold.
102  //
103  // - Last Login attempt time, and last USERS_LOGIN_HISTORY_SIZE successful logins
104  // - Name to display
105  // - random salt, before first login salt is empty string ""
106  // - Keep count of login attempt failures. Limit failures per unit time (e.g. 5 per hour)
107  // - Preferences (e.g. color scheme, etc) Username appends to preferences file, and login history file
108  // - UsersLastModifierUsernameVector - is username of last admin user to modify something about account
109  // - UsersLastModifierTimeVector - is time of last modify by an admin user
110  User():lastLoginAttempt_(0),accountCreationTime_(0),loginFailureCount_(0),
111  lastModifierTime_(time(0)*100000 + (clock()%100000)) {}
112 
113  void setModifier(const std::string& modifierUsername)
114  {
115  lastModifierUsername_ = modifierUsername;
116  lastModifierTime_ = time(0)*100000 + (clock()%100000);
117  }
118 
119  void loadModifierUsername(const std::string& modifierUsername)
120  {
121  lastModifierUsername_ = modifierUsername;
122  }
123 
124  time_t& accessModifierTime() { return lastModifierTime_; }
125 
126  time_t getModifierTime(bool convertToRealTime = false) const { return (convertToRealTime?lastModifierTime_/100000:lastModifierTime_); }
127  const std::string& getModifierUsername() const { return lastModifierUsername_; }
128  std::string getNewAccountCode() const {
129 
130  if(salt_ != "")
131  return "";
132 
133  char charTimeStr[10];
134  sprintf(charTimeStr, "%5.5d", int(lastModifierTime_ & 0xffff));
135  return charTimeStr;
136  } //end getNewAccountCode()
137 
138  std::string username_, email_, displayName_, salt_;
139  std::map<std::string /*groupName*/, WebUsers::permissionLevel_t> permissions_;
140  uint64_t userId_;
141  time_t lastLoginAttempt_, accountCreationTime_;
142  uint8_t loginFailureCount_;
143 
144  private:
145  std::string lastModifierUsername_;
146  time_t lastModifierTime_;
147  }; //end User struct
148 
149  struct LoginSession
150  {
151  //"Login Session" database associations ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
152  // Generate random sessionId when receive a unique user ID (UUID)
153  // reject UUID that have been used recently (e.g. last 5 minutes)
154  // Maintain list of active sessionIds and associated UUID
155  // remove from list if been idle after some time or login attempts (e.g. 5 minutes or
156  // 3 login attempts) maybe track IP address, to block multiple failed login attempts
157  // from same IP. Use sessionId to un-jumble login attempts, lookup using UUID
158 
159  std::string id_, uuid_, ip_;
160  time_t startTime_;
161  uint8_t loginAttempts_;
162  }; //end LoginSession struct
163 
164  struct ActiveSession
165  {
166  //"Active Session" database associations ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
167  // Maintain list of valid cookieCodes and associated user - all requests
168  // must come with a valid cookieCode, else server fails request.
169  // On logout request, invalidate cookieCode.
170  // cookieCode expires after some idle time (e.g. 5 minutes) and
171  // is renewed and possibly changed each request.
172  // "single user - multiple locations" issue resolved using ActiveSessionIndex
173  // where each independent login starts a new thread of cookieCodes tagged with
174  // ActiveSessionIndex if cookieCode not refreshed, then return most recent cookie code
175 
176  std::string cookieCode_, ip_;
177  uint64_t userId_, sessionIndex_;
178  time_t startTime_;
179  }; //end ActiveSession struct
180 
181  struct Hash
182  {
183  //"Hashes" database associations ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
184  // Maintain list of acceptable encoded (SHA-512) salt+user+pw's
185 
186  std::string hash_;
187  time_t accessTime_;
188  }; //end Hash struct
189 
190  enum
191  {
192  SYS_CLEANUP_WILDCARD_TIME = 300,
193  };
194 
195  struct SystemMessage
196  {
197  // Members for system messages ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
198  // Set of vectors to delivers system messages to active users of the Web Gui
199  // When a message is generated, systemMessageLock is set,
200  // message is added and the vector set deliveredFlag = false,
201  // and systemMessageLock is unset.
202  // When a message is delivered deliveredFlag = true,
203  // During systemMessageCleanup(), systemMessageLock is set, delivered messages are removed,
204  // and systemMessageLock is unset.
205  //"SystemMessage" database associations ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
206  // Maintain list of user system messages:
207  // time, message, deliveredFlag
208 
209  SystemMessage(const std::string& message)
210  : message_ (message)
211  , creationTime_ (time(0))
212  , delivered_ (false)
213  , deliveredRemote_ (false)
214  {} //end constructor
215 
216  std::string message_;
217  time_t creationTime_;
218  bool delivered_;
219  bool deliveredRemote_;
220  }; //end SystemMessage struct
221 
222  void addSystemMessage (const std::string& targetUsersCSV, const std::string& message);
223  void addSystemMessage (const std::string& targetUsersCSV, const std::string& subject, const std::string& message, bool doEmail);
224  void addSystemMessage (const std::vector<std::string>& targetUsers, const std::string& subject, const std::string& message, bool doEmail);
225  std::string getSystemMessage (const std::string& targetUser);
226  std::pair<std::string, time_t> getLastSystemMessage(void);
227  std::string getAllSystemMessages (void);
228 
229  private:
230  void addSystemMessageToMap (const std::string& targetUser, const std::string& fullMessage);
231  void systemMessageCleanup (void);
232  std::mutex systemMessageLock_;
233  std::map<std::string /*toUserDisplayName*/,std::vector<SystemMessage>> systemMessages_;
234 
235 
236  public:
237 
238 
239  struct RequestUserInfo
240  {
241  // WebUsers is a "Friend" class of RequestUserInfo so has access to private
242  // members.
243  friend class WebUsers;
244 
245  RequestUserInfo(const std::string& requestType, const std::string& cookieCode)
246  : requestType_(requestType)
247  , cookieCode_(cookieCode)
248  , uid_(-1)
250  {
251  }
252 
253  //------- setters --------///<
254  //===========================================
255  // setGroupPermissionLevels
256  bool setGroupPermissionLevels(const std::string& groupPermissionLevelsString)
257  {
258  //__COUTV__(groupPermissionLevelsString);
259  permissionLevel_ = 0;
260 
261  StringMacros::getMapFromString(
262  groupPermissionLevelsString,
263  groupPermissionLevelMap_);
264  getGroupPermissionLevel();
265 
266  //__COUTV__((unsigned int)permissionLevel_);
267  return true;
268  }
269 
270  //------- getters --------///<
271  const std::map<std::string /*groupName*/, WebUsers::permissionLevel_t>&
272  getGroupPermissionLevels() const
273  {
274  return groupPermissionLevelMap_;
275  }
276  //===========================================
277  // getGroupPermissionLevel
278  // sets up permissionLevel based on already prepared RequestUserInfo members
279  const WebUsers::permissionLevel_t& getGroupPermissionLevel()
280  {
281  permissionLevel_ = 0;
282 
283  // check groups allowed
284  // i.e. if user is a member of one of the groups allowed
285  // then consider for highest permission level
286  bool matchedAcceptGroup = false;
287  for(const auto& userGroupPair : groupPermissionLevelMap_)
288  if(StringMacros::inWildCardSet(
289  userGroupPair.first,
290  groupsAllowed_) &&
291  userGroupPair.second >
292  permissionLevel_)
293  {
294  permissionLevel_ =
295  userGroupPair.second;
296  matchedAcceptGroup = true;
297  }
298 
299  // if no group match in groups allowed, then failed
300  if(!matchedAcceptGroup && groupsAllowed_.size())
301  {
302  __COUT_INFO__
303  << "User (@" << ip_
304  << ") has insufficient group permissions: user is in these groups... "
305  << StringMacros::mapToString(groupPermissionLevelMap_)
306  << " and the allowed groups are... "
307  << StringMacros::setToString(groupsAllowed_) << std::endl;
308  return permissionLevel_;
309  }
310 
311  // if no access groups specified, then check groups disallowed
312  if(!groupsAllowed_.size())
313  {
314  for(const auto& userGroupPair : groupPermissionLevelMap_)
315  if(StringMacros::inWildCardSet(userGroupPair.first,
316  groupsDisallowed_))
317  {
318  __COUT_INFO__
319  << "User (@" << ip_
320  << ") is in a disallowed group: user is in these groups... "
321  << StringMacros::mapToString(groupPermissionLevelMap_)
322  << " and the disallowed groups are... "
323  << StringMacros::setToString(groupsDisallowed_) << std::endl;
324  return permissionLevel_;
325  }
326  }
327 
328  // if no groups have been explicitly allowed nor disallowed
329  // then permission level should come from WebUsers::DEFAULT_USER_GROUP
330  auto findIt = groupPermissionLevelMap_.find(WebUsers::DEFAULT_USER_GROUP);
331  if(findIt != groupPermissionLevelMap_.end())
332  {
333  // found default group, take permission level
334  permissionLevel_ = findIt->second;
335  }
336 
337  return permissionLevel_;
338  } // end getGroupPermissionLevel()
339 
340  inline bool isInactive() const
341  {
342  return permissionLevel_ == WebUsers::PERMISSION_LEVEL_INACTIVE;
343  }
344  inline bool isAdmin() const
345  {
346  return permissionLevel_ == WebUsers::PERMISSION_LEVEL_ADMIN;
347  }
348 
349  // members extracted from supervisor properties on a per request type basis
350  const std::string& requestType_;
351  std::string cookieCode_;
352 
353  bool automatedCommand_, NonXMLRequestType_, NoXmlWhiteSpace_;
354  bool checkLock_, requireLock_, allowNoUser_, requireSecurity_;
355 
356  std::set<std::string> groupsAllowed_, groupsDisallowed_;
357 
358  WebUsers::permissionLevel_t permissionLevel_, permissionsThreshold_;
359  std::string ip_;
360  uint64_t uid_ /*only WebUser owner has access to uid, RemoteWebUsers do not*/;
361  std::string username_, displayName_, usernameWithLock_;
362  uint64_t userSessionIndex_;
363 
364  private:
365  std::map<std::string /*groupName*/, WebUsers::permissionLevel_t>
366  groupPermissionLevelMap_;
367  }; //end RequestUserInfo struct
368 
372  bool xmlRequestOnGateway(cgicc::Cgicc& cgi,
373  std::ostringstream* out,
374  HttpXmlDocument* xmldoc,
375  WebUsers::RequestUserInfo& userInfo);
376 
377  public:
378 
380  static void initializeRequestUserInfo(cgicc::Cgicc& cgi,
381  WebUsers::RequestUserInfo& userInfo);
382  static bool checkRequestAccess(cgicc::Cgicc& cgi,
383  std::ostringstream* out,
384  HttpXmlDocument* xmldoc,
385  WebUsers::RequestUserInfo& userInfo,
386  bool isWizardMode = false,
387  const std::string& wizardModeSequence = "");
388 
389  void createNewAccount(const std::string& username,
390  const std::string& displayName,
391  const std::string& email);
392  void cleanupExpiredEntries(std::vector<std::string>* loggedOutUsernames = 0);
393  void cleanupExpiredRemoteEntries(void);
394  std::string createNewLoginSession(const std::string& uuid, const std::string& ip);
395 
396  uint64_t attemptActiveSession(const std::string& uuid,
397  std::string& jumbledUser,
398  const std::string& jumbledPw,
399  std::string& newAccountCode,
400  const std::string& ip);
401  uint64_t attemptActiveSessionWithCert(const std::string& uuid,
402  std::string& jumbledEmail,
403  std::string& cookieCode,
404  std::string& username,
405  const std::string& ip);
406  uint64_t isCookieCodeActiveForLogin(const std::string& uuid,
407  std::string& cookieCode,
408  std::string& username);
409  bool cookieCodeIsActiveForRequest(
410  std::string& cookieCode,
411  std::map<std::string /*groupName*/, WebUsers::permissionLevel_t>*
412  userPermissions = 0,
413  uint64_t* uid = 0,
414  const std::string& ip = "0",
415  bool refresh = true,
416  bool doNotGoRemote = false,
417  std::string* userWithLock = 0,
418  uint64_t* userSessionIndex = 0);
419  uint64_t cookieCodeLogout(const std::string& cookieCode,
420  bool logoutOtherUserSessions,
421  uint64_t* uid = 0,
422  const std::string& ip = "0");
423  bool checkIpAccess(const std::string& ip);
424 
425  std::string getUsersDisplayName(uint64_t uid);
426  std::string getUsersUsername(uint64_t uid);
427  std::map<std::string /*groupName*/, WebUsers::permissionLevel_t>
428  getPermissionsForUser(uint64_t uid);
429 
430  uint64_t getActiveSessionCountForUser(uint64_t uid);
431  void insertSettingsForUser(uint64_t uid,
432  HttpXmlDocument* xmldoc,
433  bool includeAccounts = false);
434  std::string getGenericPreference(uint64_t uid,
435  const std::string& preferenceName,
436  HttpXmlDocument* xmldoc = 0) const;
437 
438  void changeSettingsForUser(uint64_t uid,
439  const std::string& bgcolor,
440  const std::string& dbcolor,
441  const std::string& wincolor,
442  const std::string& layout,
443  const std::string& syslayout);
444  void setGenericPreference(uint64_t uid,
445  const std::string& preferenceName,
446  const std::string& preferenceValue);
447  static void tooltipCheckForUsername(const std::string& username,
448  HttpXmlDocument* xmldoc,
449  const std::string& srcFile,
450  const std::string& srcFunc,
451  const std::string& srcId);
452  static void tooltipSetNeverShowForUsername(const std::string& username,
453  HttpXmlDocument* xmldoc,
454  const std::string& srcFile,
455  const std::string& srcFunc,
456  const std::string& srcId,
457  bool doNeverShow,
458  bool temporarySilence);
459 
460  void modifyAccountSettings(uint64_t actingUid,
461  uint8_t cmd_type,
462  const std::string& username,
463  const std::string& displayname,
464  const std::string& email,
465  const std::string& permissions);
466  bool setUserWithLock(uint64_t actingUid, bool lock, const std::string& username);
467  std::string getUserWithLock(void) { return usersUsernameWithLock_; }
468 
469  size_t getActiveUserCount(void);
470  std::string getActiveUsersString(void);
471 
472  bool isUsernameActive(const std::string& username) const;
473  bool isUserIdActive(uint64_t uid) const;
474  uint64_t getAdminUserID(void);
475  const std::string& getSecurity(void);
476 
477  static void deleteUserData(void);
478 
479  static void resetAllUserTooltips(const std::string& userNeedle = "*");
480  static void silenceAllUserTooltips(const std::string& username);
481 
482  static void NACDisplayThread(const std::string& nac, const std::string& user);
483 
484  void saveActiveSessions(void);
485  void loadActiveSessions(void);
486 
487  private:
488  inline WebUsers::permissionLevel_t getPermissionLevelForGroup(
489  const std::map<std::string /*groupName*/, WebUsers::permissionLevel_t>& permissionMap,
490  const std::string& groupName = WebUsers::DEFAULT_USER_GROUP);
491  inline bool isInactiveForGroup(
492  const std::map<std::string /*groupName*/, WebUsers::permissionLevel_t>& permissionMap,
493  const std::string& groupName = WebUsers::DEFAULT_USER_GROUP);
494  inline bool isAdminForGroup(
495  const std::map<std::string /*groupName*/, WebUsers::permissionLevel_t>& permissionMap,
496  const std::string& groupName = WebUsers::DEFAULT_USER_GROUP);
497 
498  void loadSecuritySelection(void);
499  void loadIPAddressSecurity(void);
500  void loadUserWithLock(void);
501  unsigned int hexByteStrToInt(const char* h);
502  void intToHexStr(uint8_t i, char* h);
503  std::string sha512(const std::string& user,
504  const std::string& password,
505  std::string& salt);
506  std::string dejumble(const std::string& jumbledUser, const std::string& sessionId);
507  std::string createNewActiveSession(uint64_t uid,
508  const std::string& ip = "0",
509  uint64_t asIndex = 0);
510  bool addToHashesDatabase(const std::string& hash);
511  std::string genCookieCode(void);
512  std::string refreshCookieCode(unsigned int i, bool enableRefresh = true);
513  bool deleteAccount(const std::string& username, const std::string& displayName);
514  void incrementIpBlacklistCount(const std::string& ip);
515 
516  void saveToDatabase(FILE* fp,
517  const std::string& field,
518  const std::string& value,
519  uint8_t type = DB_SAVE_OPEN_AND_CLOSE,
520  bool addNewLine = true);
521  bool saveDatabaseToFile(uint8_t db);
522  bool loadDatabases(void);
523 
524  uint64_t searchUsersDatabaseForUsername (const std::string& username) const;
525  uint64_t searchUsersDatabaseForDisplayName (const std::string& displayName) const;
526  uint64_t searchUsersDatabaseForUserEmail (const std::string& useremail) const;
527  uint64_t searchUsersDatabaseForUserId (uint64_t uid) const;
528  uint64_t searchLoginSessionDatabaseForUUID (const std::string& uuid) const;
529  uint64_t searchHashesDatabaseForHash (const std::string& hash);
530  uint64_t searchActiveSessionDatabaseForCookie (const std::string& cookieCode) const;
531  uint64_t searchRemoteSessionDatabaseForCookie (const std::string& cookieCode) const;
532  uint64_t checkRemoteLoginVerification (std::string& cookieCode, bool refresh, bool doNotGoRemote, const std::string& ip);
533 
534  static std::string getTooltipFilename(const std::string& username,
535  const std::string& srcFile,
536  const std::string& srcFunc,
537  const std::string& srcId);
538  std::string getUserEmailFromFingerprint(const std::string& fingerprint);
539 
540  enum
541  {
542  DB_USERS,
543  DB_HASHES
544  };
545 
546  enum
547  {
548  DB_SAVE_OPEN_AND_CLOSE,
549  DB_SAVE_OPEN,
550  DB_SAVE_CLOSE
551  };
552 
553  std::unordered_map<std::string, std::string> certFingerprints_;
554 
555  static const std::vector<std::string> UsersDatabaseEntryFields_, HashesDatabaseEntryFields_;
556  static volatile bool CareAboutCookieCodes_;
557  std::string securityType_;
558  std::set<std::string /* ip */> ipAccessAccept_;
559  std::set<std::string /* ip */> ipAccessReject_;
560  std::set<std::string /* ip */> ipAccessBlacklist_;
561 
563  std::vector<LoginSession> LoginSessions_;
570  enum
571  {
572  LOGIN_SESSION_EXPIRATION_TIME = 5 * 60,
573  LOGIN_SESSION_ATTEMPTS_MAX = 5,
574  };
575 
577  std::vector<ActiveSession> ActiveSessions_;
578  std::map<std::string /* cookieCode */, ActiveSession > RemoteSessions_;
588  enum
589  {
590  ACTIVE_SESSION_EXPIRATION_TIME = 120 * 60,
593  ACTIVE_SESSION_COOKIE_OVERLAP_TIME =
594  10 * 60,
595  ACTIVE_SESSION_STALE_COOKIE_LIMIT =
596  10,
597  };
598 
600  std::vector<User> Users_;
619  uint64_t usersNextUserId_;
620  enum
621  {
622  USERS_LOGIN_HISTORY_SIZE = 20,
623  USERS_GLOBAL_HISTORY_SIZE = 1000,
624  USERS_MAX_LOGIN_FAILURES = 20,
625  };
626  std::string usersUsernameWithLock_;
627 
628  std::vector<std::string> UsersLoggedOutUsernames_;
629 
631  std::vector<Hash> Hashes_;
634  enum
635  {
636  IP_BLACKLIST_COUNT_THRESHOLD = 200,
637  };
638  std::map<std::string /*ip*/, uint32_t /*errorCount*/> ipBlacklistCounts_;
639 
640  std::mutex webUserMutex_;
641 
642  std::unique_ptr<TransceiverSocket> remoteLoginVerificationSocket_;
643  std::unique_ptr<Socket> remoteLoginVerificationSocketTarget_;
644 
645  time_t ipSecurityLastLoadTime_ = time(0);
646 
647  public:
648  std::atomic<time_t> remoteLoginVerificationEnabledBlackoutTime_ = 0;
649  static std::atomic<bool> remoteLoginVerificationEnabled_;
650  std::string remoteLoginVerificationIP_, remoteGatewaySelfName_;
651  int remoteLoginVerificationPort_;
652 };
653 } // namespace ots
654 
655 // clang-format on
656 
657 #endif
ots::WebUsers::addSystemMessage
void addSystemMessage(const std::string &targetUsersCSV, const std::string &message)
Definition: WebUsers.cc:3495
ots::WebUsers::getSecurity
const std::string & getSecurity(void)
WebUsers::getSecurity.
Definition: WebUsers.cc:3900
ots::WebUsers::getGenericPreference
std::string getGenericPreference(uint64_t uid, const std::string &preferenceName, HttpXmlDocument *xmldoc=0) const
Definition: WebUsers.cc:3063
ots::WebUsers::setUserWithLock
bool setUserWithLock(uint64_t actingUid, bool lock, const std::string &username)
Definition: WebUsers.cc:3168
ots::WebUsers::checkRequestAccess
static bool checkRequestAccess(cgicc::Cgicc &cgi, std::ostringstream *out, HttpXmlDocument *xmldoc, WebUsers::RequestUserInfo &userInfo, bool isWizardMode=false, const std::string &wizardModeSequence="")
Definition: WebUsers.cc:255
ots::WebUsers::silenceAllUserTooltips
static void silenceAllUserTooltips(const std::string &username)
Definition: WebUsers.cc:2867
ots::WebUsers::getActiveUserCount
size_t getActiveUserCount(void)
Definition: WebUsers.cc:3396
ots::WebUsers::getPermissionsForUser
std::map< std::string, WebUsers::permissionLevel_t > getPermissionsForUser(uint64_t uid)
from Gateway, use public version which considers remote users
Definition: WebUsers.cc:2568
ots::WebUsers::attemptActiveSession
uint64_t attemptActiveSession(const std::string &uuid, std::string &jumbledUser, const std::string &jumbledPw, std::string &newAccountCode, const std::string &ip)
Definition: WebUsers.cc:1106
ots::WebUsers::setGenericPreference
void setGenericPreference(uint64_t uid, const std::string &preferenceName, const std::string &preferenceValue)
Definition: WebUsers.cc:3022
ots::WebUsers::getAllSystemMessages
std::string getAllSystemMessages(void)
Definition: WebUsers.cc:3754
ots::WebUsers::cleanupExpiredEntries
void cleanupExpiredEntries(std::vector< std::string > *loggedOutUsernames=0)
Definition: WebUsers.cc:2308
ots::WebUsers::changeSettingsForUser
void changeSettingsForUser(uint64_t uid, const std::string &bgcolor, const std::string &dbcolor, const std::string &wincolor, const std::string &layout, const std::string &syslayout)
WebUsers::changeSettingsForUser.
Definition: WebUsers.cc:3119
ots::WebUsers::isCookieCodeActiveForLogin
uint64_t isCookieCodeActiveForLogin(const std::string &uuid, std::string &cookieCode, std::string &username)
Definition: WebUsers.cc:1858
ots::WebUsers::createNewLoginSession
std::string createNewLoginSession(const std::string &uuid, const std::string &ip)
Definition: WebUsers.cc:2429
ots::WebUsers::getActiveUsersString
std::string getActiveUsersString(void)
Definition: WebUsers.cc:3408
ots::WebUsers::createNewAccount
void createNewAccount(const std::string &username, const std::string &displayName, const std::string &email)
Definition: WebUsers.cc:1003
ots::WebUsers::modifyAccountSettings
void modifyAccountSettings(uint64_t actingUid, uint8_t cmd_type, const std::string &username, const std::string &displayname, const std::string &email, const std::string &permissions)
WebUsers::modifyAccountSettings.
Definition: WebUsers.cc:3236
ots::WebUsers::remoteLoginVerificationPort_
int remoteLoginVerificationPort_
Port of remote Gateway to be used for login verification.
Definition: WebUsers.h:651
ots::WebUsers::isUsernameActive
bool isUsernameActive(const std::string &username) const
Definition: WebUsers.cc:1614
ots::WebUsers::isUserIdActive
bool isUserIdActive(uint64_t uid) const
Definition: WebUsers.cc:1625
ots::WebUsers::saveActiveSessions
void saveActiveSessions(void)
Definition: WebUsers.cc:402
ots::WebUsers::remoteLoginVerificationEnabled_
static std::atomic< bool > remoteLoginVerificationEnabled_
true if this supervisor is under control of a remote supervisor
Definition: WebUsers.h:649
ots::WebUsers::getAdminUserID
uint64_t getAdminUserID(void)
Definition: WebUsers.cc:3441
ots::WebUsers::SYS_CLEANUP_WILDCARD_TIME
@ SYS_CLEANUP_WILDCARD_TIME
300 seconds
Definition: WebUsers.h:192
ots::WebUsers::getUsersUsername
std::string getUsersUsername(uint64_t uid)
from Gateway, use public version which considers remote users
Definition: WebUsers.cc:2038
ots::WebUsers::initializeRequestUserInfo
static void initializeRequestUserInfo(cgicc::Cgicc &cgi, WebUsers::RequestUserInfo &userInfo)
used by gateway and other supervisors to verify requests consistently
Definition: WebUsers.cc:234
ots::WebUsers::checkIpAccess
bool checkIpAccess(const std::string &ip)
Definition: WebUsers.cc:1950
ots::WebUsers::xmlRequestOnGateway
bool xmlRequestOnGateway(cgicc::Cgicc &cgi, std::ostringstream *out, HttpXmlDocument *xmldoc, WebUsers::RequestUserInfo &userInfo)
Definition: WebUsers.cc:175
ots::WebUsers::cookieCodeLogout
uint64_t cookieCodeLogout(const std::string &cookieCode, bool logoutOtherUserSessions, uint64_t *uid=0, const std::string &ip="0")
Definition: WebUsers.cc:2057
ots::WebUsers::getSystemMessage
std::string getSystemMessage(const std::string &targetUser)
Definition: WebUsers.cc:3786
ots::WebUsers::getActiveSessionCountForUser
uint64_t getActiveSessionCountForUser(uint64_t uid)
Definition: WebUsers.cc:1915
ots::WebUsers::resetAllUserTooltips
static void resetAllUserTooltips(const std::string &userNeedle="*")
WebUsers::resetAllUserTooltips.
Definition: WebUsers.cc:2856
ots::WebUsers::tooltipSetNeverShowForUsername
static void tooltipSetNeverShowForUsername(const std::string &username, HttpXmlDocument *xmldoc, const std::string &srcFile, const std::string &srcFunc, const std::string &srcId, bool doNeverShow, bool temporarySilence)
Definition: WebUsers.cc:2733
ots::WebUsers::cleanupExpiredRemoteEntries
void cleanupExpiredRemoteEntries(void)
Definition: WebUsers.cc:2406
ots::WebUsers::getUsersDisplayName
std::string getUsersDisplayName(uint64_t uid)
from Gateway, use public version which considers remote users
Definition: WebUsers.cc:2028
ots::WebUsers::loadActiveSessions
void loadActiveSessions(void)
Definition: WebUsers.cc:442
ots::WebUsers::getLastSystemMessage
std::pair< std::string, time_t > getLastSystemMessage(void)
Definition: WebUsers.cc:3733
ots::WebUsers::attemptActiveSessionWithCert
uint64_t attemptActiveSessionWithCert(const std::string &uuid, std::string &jumbledEmail, std::string &cookieCode, std::string &username, const std::string &ip)
Definition: WebUsers.cc:1298
ots::WebUsers::OTS_OWNER
static const std::string OTS_OWNER
defined by environment variable, e.g. experiment name
Definition: WebUsers.h:71
ots::WebUsers::tooltipCheckForUsername
static void tooltipCheckForUsername(const std::string &username, HttpXmlDocument *xmldoc, const std::string &srcFile, const std::string &srcFunc, const std::string &srcId)
Definition: WebUsers.cc:2791
ots::WebUsers::remoteGatewaySelfName_
std::string remoteGatewaySelfName_
IP of remote Gateway to be used for login verification.
Definition: WebUsers.h:650
ots::WebUsers::cookieCodeIsActiveForRequest
bool cookieCodeIsActiveForRequest(std::string &cookieCode, std::map< std::string, WebUsers::permissionLevel_t > *userPermissions=0, uint64_t *uid=0, const std::string &ip="0", bool refresh=true, bool doNotGoRemote=false, std::string *userWithLock=0, uint64_t *userSessionIndex=0)
Definition: WebUsers.cc:2130
ots::WebUsers::insertSettingsForUser
void insertSettingsForUser(uint64_t uid, HttpXmlDocument *xmldoc, bool includeAccounts=false)
Definition: WebUsers.cc:2902
ots::WebUsers::PERMISSION_LEVEL_ADMIN
@ PERMISSION_LEVEL_ADMIN
max permission level!
Definition: WebUsers.h:64
ots::StringMacros::setToString
static std::string setToString(const std::set< T > &setToReturn, const std::string &delimeter=", ")
setToString ~
ots::StringMacros::inWildCardSet
static bool inWildCardSet(const std::string &needle, const std::set< std::string > &haystack)
Definition: StringMacros.cc:94
ots::StringMacros::mapToString
static std::string mapToString(const std::map< std::string, T > &mapToReturn, const std::string &primaryDelimeter=", ", const std::string &secondaryDelimeter=": ")
ots::StringMacros::getMapFromString
static void getMapFromString(const std::string &inputString, std::map< S, T > &mapToReturn, const std::set< char > &pairPairDelimiter={',', '|', '&'}, const std::set< char > &nameValueDelimiter={'=', ':'}, const std::set< char > &whitespace={' ', '\t', '\n', '\r'})
getMapFromString ~
ots::WebUsers::Hash::accessTime_
time_t accessTime_
last login month resolution, blurred by 1/2 month
Definition: WebUsers.h:187
ots::WebUsers::RequestUserInfo::userSessionIndex_
uint64_t userSessionIndex_
can use session index to track a user's session on multiple devices/browsers
Definition: WebUsers.h:362
ots::WebUsers::RequestUserInfo::getGroupPermissionLevel
const WebUsers::permissionLevel_t & getGroupPermissionLevel()
Definition: WebUsers.h:279
ots::WebUsers::RequestUserInfo::RequestUserInfo
RequestUserInfo(const std::string &requestType, const std::string &cookieCode)
Definition: WebUsers.h:245
ots::WebUsers::RequestUserInfo::setGroupPermissionLevels
bool setGroupPermissionLevels(const std::string &groupPermissionLevelsString)
end setGroupPermissionLevels()
Definition: WebUsers.h:256
ots::WebUsers::User::getNewAccountCode
std::string getNewAccountCode() const
Definition: WebUsers.h:128
ots::WebUsers::User::setModifier
void setModifier(const std::string &modifierUsername)
Definition: WebUsers.h:113