- Generated on Mon Feb 17 2025 17:02:30 for tdaq-develop-2025-02-12 by
1.9.1
|
tdaq-develop-2025-02-12
|
#include <otsdaq/WebUsersUtilities/WebUsers.h>
Classes | |
| struct | ActiveSession |
| struct | Hash |
| struct | LoginSession |
| struct | RequestUserInfo |
| struct | SystemMessage |
| struct | User |
Public Types | |
| enum | { SESSION_ID_LENGTH = 512 , COOKIE_CODE_LENGTH = 512 , NOT_FOUND_IN_DATABASE = uint64_t(-1) , ACCOUNT_INACTIVE = uint64_t(-2) , ACCOUNT_BLACKLISTED = uint64_t(-3) , ACCOUNT_ERROR_THRESHOLD = uint64_t(-5) , USERNAME_LENGTH = 3 , DISPLAY_NAME_LENGTH = 4 } |
| enum | { MOD_TYPE_UPDATE , MOD_TYPE_ADD , MOD_TYPE_DELETE } |
| enum | { PERMISSION_LEVEL_ADMIN = WebUsers::permissionLevel_t(-1) , PERMISSION_LEVEL_EXPERT = 100 , PERMISSION_LEVEL_USER = 10 , PERMISSION_LEVEL_NOVICE = 1 , PERMISSION_LEVEL_INACTIVE = 0 } |
| enum | { SYS_CLEANUP_WILDCARD_TIME = 300 } |
| using | permissionLevel_t = uint8_t |
Public Member Functions | |
| void | addSystemMessage (const std::string &targetUsersCSV, const std::string &message) |
| void | addSystemMessage (const std::string &targetUsersCSV, const std::string &subject, const std::string &message, bool doEmail) |
| void | addSystemMessage (const std::vector< std::string > &targetUsers, const std::string &subject, const std::string &message, bool doEmail) |
| std::string | getSystemMessage (const std::string &targetUser) |
| std::pair< std::string, time_t > | getLastSystemMessage (void) |
| std::string | getAllSystemMessages (void) |
| bool | xmlRequestOnGateway (cgicc::Cgicc &cgi, std::ostringstream *out, HttpXmlDocument *xmldoc, WebUsers::RequestUserInfo &userInfo) |
| void | createNewAccount (const std::string &username, const std::string &displayName, const std::string &email) |
| void | cleanupExpiredEntries (std::vector< std::string > *loggedOutUsernames=0) |
| void | cleanupExpiredRemoteEntries (void) |
| std::string | createNewLoginSession (const std::string &uuid, const std::string &ip) |
| uint64_t | attemptActiveSession (const std::string &uuid, std::string &jumbledUser, const std::string &jumbledPw, std::string &newAccountCode, const std::string &ip) |
| uint64_t | attemptActiveSessionWithCert (const std::string &uuid, std::string &jumbledEmail, std::string &cookieCode, std::string &username, const std::string &ip) |
| uint64_t | isCookieCodeActiveForLogin (const std::string &uuid, std::string &cookieCode, std::string &username) |
| bool | cookieCodeIsActiveForRequest (std::string &cookieCode, std::map< std::string, WebUsers::permissionLevel_t > *userPermissions=0, uint64_t *uid=0, const std::string &ip="0", bool refresh=true, bool doNotGoRemote=false, std::string *userWithLock=0, uint64_t *userSessionIndex=0) |
| uint64_t | cookieCodeLogout (const std::string &cookieCode, bool logoutOtherUserSessions, uint64_t *uid=0, const std::string &ip="0") |
| bool | checkIpAccess (const std::string &ip) |
| std::string | getUsersDisplayName (uint64_t uid) |
| from Gateway, use public version which considers remote users More... | |
| std::string | getUsersUsername (uint64_t uid) |
| from Gateway, use public version which considers remote users More... | |
| std::map< std::string, WebUsers::permissionLevel_t > | getPermissionsForUser (uint64_t uid) |
| from Gateway, use public version which considers remote users More... | |
| uint64_t | getActiveSessionCountForUser (uint64_t uid) |
| void | insertSettingsForUser (uint64_t uid, HttpXmlDocument *xmldoc, bool includeAccounts=false) |
| std::string | getGenericPreference (uint64_t uid, const std::string &preferenceName, HttpXmlDocument *xmldoc=0) const |
| void | changeSettingsForUser (uint64_t uid, const std::string &bgcolor, const std::string &dbcolor, const std::string &wincolor, const std::string &layout, const std::string &syslayout) |
| WebUsers::changeSettingsForUser. | |
| void | setGenericPreference (uint64_t uid, const std::string &preferenceName, const std::string &preferenceValue) |
| void | modifyAccountSettings (uint64_t actingUid, uint8_t cmd_type, const std::string &username, const std::string &displayname, const std::string &email, const std::string &permissions) |
| WebUsers::modifyAccountSettings. | |
| bool | setUserWithLock (uint64_t actingUid, bool lock, const std::string &username) |
| std::string | getUserWithLock (void) |
| size_t | getActiveUserCount (void) |
| std::string | getActiveUsersString (void) |
| bool | isUsernameActive (const std::string &username) const |
| bool | isUserIdActive (uint64_t uid) const |
| uint64_t | getAdminUserID (void) |
| const std::string & | getSecurity (void) |
| WebUsers::getSecurity. | |
| void | saveActiveSessions (void) |
| void | loadActiveSessions (void) |
Static Public Member Functions | |
| static void | initializeRequestUserInfo (cgicc::Cgicc &cgi, WebUsers::RequestUserInfo &userInfo) |
| used by gateway and other supervisors to verify requests consistently More... | |
| static bool | checkRequestAccess (cgicc::Cgicc &cgi, std::ostringstream *out, HttpXmlDocument *xmldoc, WebUsers::RequestUserInfo &userInfo, bool isWizardMode=false, const std::string &wizardModeSequence="") |
| static void | tooltipCheckForUsername (const std::string &username, HttpXmlDocument *xmldoc, const std::string &srcFile, const std::string &srcFunc, const std::string &srcId) |
| static void | tooltipSetNeverShowForUsername (const std::string &username, HttpXmlDocument *xmldoc, const std::string &srcFile, const std::string &srcFunc, const std::string &srcId, bool doNeverShow, bool temporarySilence) |
| static void | deleteUserData (void) |
| static void | resetAllUserTooltips (const std::string &userNeedle="*") |
| WebUsers::resetAllUserTooltips. | |
| static void | silenceAllUserTooltips (const std::string &username) |
| static void | NACDisplayThread (const std::string &nac, const std::string &user) |
Public Attributes | |
| std::atomic< time_t > | remoteLoginVerificationEnabledBlackoutTime_ = 0 |
| std::string | remoteLoginVerificationIP_ |
| std::string | remoteGatewaySelfName_ |
| IP of remote Gateway to be used for login verification. | |
| int | remoteLoginVerificationPort_ |
| Port of remote Gateway to be used for login verification. | |
Static Public Attributes | |
| static const std::string | OTS_OWNER = getenv("OTS_OWNER")?getenv("OTS_OWNER"):"" |
| defined by environment variable, e.g. experiment name | |
| static const std::string | DEFAULT_ADMIN_USERNAME = "admin" |
| static const std::string | DEFAULT_ADMIN_DISPLAY_NAME = "Administrator" |
| static const std::string | DEFAULT_ADMIN_EMAIL = "root@otsdaq.fnal.gov" |
| static const std::string | DEFAULT_ITERATOR_USERNAME = "iterator" |
| static const std::string | DEFAULT_STATECHANGER_USERNAME = "statechanger" |
| static const std::string | DEFAULT_USER_GROUP = "allUsers" |
| static const std::string | REQ_NO_LOGIN_RESPONSE = "NoLogin" |
| static const std::string | REQ_NO_PERMISSION_RESPONSE = "NoPermission" |
| static const std::string | REQ_USER_LOCKOUT_RESPONSE = "UserLockout" |
| static const std::string | REQ_LOCK_REQUIRED_RESPONSE = "LockRequired" |
| static const std::string | REQ_ALLOW_NO_USER = "AllowNoUser" |
| static const std::string | SECURITY_TYPE_NONE = "NoSecurity" |
| static const std::string | SECURITY_TYPE_DIGEST_ACCESS = "DigestAccessAuthentication" |
| static const std::string | SECURITY_TYPE_DEFAULT = WebUsers::SECURITY_TYPE_NONE |
| static std::atomic< bool > | remoteLoginVerificationEnabled_ = false |
| true if this supervisor is under control of a remote supervisor | |
WebUsers This class provides the functionality for managing all otsdaq user account preferences and permissions.
Definition at line 37 of file WebUsers.h.
| anonymous enum |
| Enumerator | |
|---|---|
| PERMISSION_LEVEL_ADMIN | max permission level! |
Definition at line 62 of file WebUsers.h.
| anonymous enum |
| Enumerator | |
|---|---|
| SYS_CLEANUP_WILDCARD_TIME | 300 seconds |
Definition at line 190 of file WebUsers.h.
| void WebUsers::addSystemMessage | ( | const std::string & | targetUsersCSV, |
| const std::string & | message | ||
| ) |
addSystemMessage targetUser can be "*" for all users
Definition at line 3495 of file WebUsers.cc.
| void WebUsers::addSystemMessage | ( | const std::string & | targetUsersCSV, |
| const std::string & | subject, | ||
| const std::string & | message, | ||
| bool | doEmail | ||
| ) |
addSystemMessage targetUser can be "*" for all users
Definition at line 3504 of file WebUsers.cc.
| void WebUsers::addSystemMessage | ( | const std::vector< std::string > & | targetUsers, |
| const std::string & | subject, | ||
| const std::string & | message, | ||
| bool | doEmail | ||
| ) |
addSystemMessage targetUser can be "*" for all users Note: do not printout message, because if it was a Console trigger, it will fire repeatedly
Definition at line 3518 of file WebUsers.cc.
| uint64_t WebUsers::attemptActiveSession | ( | const std::string & | uuid, |
| std::string & | jumbledUser, | ||
| const std::string & | jumbledPw, | ||
| std::string & | newAccountCode, | ||
| const std::string & | ip | ||
| ) |
WebUsers::attemptActiveSession — Attempts login.
If new login, then new account code must match account creation time and account is made with pw
if old login, password is checked returns User Id, cookieCode in newAccountCode, and displayName in jumbledUser on success else returns -1 and cookieCode "0"
Definition at line 1106 of file WebUsers.cc.
| uint64_t WebUsers::attemptActiveSessionWithCert | ( | const std::string & | uuid, |
| std::string & | email, | ||
| std::string & | cookieCode, | ||
| std::string & | user, | ||
| const std::string & | ip | ||
| ) |
WebUsers::attemptActiveSessionWithCert — Attempts login using certificate.
returns User Id, cookieCode, and displayName in jumbledEmail on success else returns -1 and cookieCode "0"
Definition at line 1298 of file WebUsers.cc.
| bool WebUsers::checkIpAccess | ( | const std::string & | ip | ) |
WebUsers::checkIpAccess — checks user defined accept cache, then checks reject IP cache then checks blacklist cache return true if ip is accepted, and false if rejected
Definition at line 1950 of file WebUsers.cc.
|
static |
checkRequestAccess – static function Check user permission parameters based on cookie code, user permission level (extracted previous from group membership) Note: assumes userInfo.groupPermissionLevelMap_ and userInfo.permissionLevel_ are properly setup by either calling userInfo.setGroupPermissionLevels() or userInfo.getGroupPermissionLevel()
Definition at line 255 of file WebUsers.cc.
| void WebUsers::cleanupExpiredEntries | ( | std::vector< std::string > * | loggedOutUsernames = 0 | ) |
WebUsers::cleanupExpiredEntries — cleanup expired entries from Login Session and Active Session databases check if usersUsernameWithLock_ is still active return the vector of logged out user names if a parameter if not a parameter, store logged out user names for next time called with parameter
Definition at line 2308 of file WebUsers.cc.
| void WebUsers::cleanupExpiredRemoteEntries | ( | void | ) |
WebUsers::cleanupExpiredRemoteEntries — cleanup expired entries from Remote Active Session databases Give less time than ACTIVE_SESSION_EXPIRATION_TIME (e.g. /4, and assume safe to keep session open and cached locally to avoid hitting remote server with back-to-back requests)
Definition at line 2406 of file WebUsers.cc.
| bool WebUsers::cookieCodeIsActiveForRequest | ( | std::string & | cookieCode, |
| std::map< std::string, WebUsers::permissionLevel_t > * | userPermissions = 0, |
||
| uint64_t * | uid = 0, |
||
| const std::string & | ip = "0", |
||
| bool | refresh = true, |
||
| bool | doNotGoRemote = false, |
||
| std::string * | userWithLock = 0, |
||
| uint64_t * | userSessionIndex = 0 |
||
| ) |
WebUsers::isCookieCodeActiveForRequest — Used to verify cookie code for all general user requests cookieCode/ip must be active to pass
cookieCode is passed by reference. It is refreshed, if refresh=true on success and may be modified. on success, if userPermissions and/or uid are not null, the permissions and uid are returned on failure, cookieCode contains error message to return to client
If do NOT care about cookie code, then returns uid 0 (admin) and grants full permissions
Definition at line 2130 of file WebUsers.cc.
| uint64_t WebUsers::cookieCodeLogout | ( | const std::string & | cookieCode, |
| bool | logoutOtherUserSessions, | ||
| uint64_t * | userId = 0, |
||
| const std::string & | ip = "0" |
||
| ) |
WebUsers::cookieCodeLogout — Used to logout user based on cookieCode and ActiveSessionIndex logoutOtherUserSessions true logs out all of user's other sessions by uid Note: when true, user will remain logged in to current active session logoutOtherUserSessions false logs out only this cookieCode/ActiveSessionIndex Note: when false, user will remain logged in other locations based different ActiveSessionIndex
on failure, returns -1 on success returns number of active sessions that were removed
Definition at line 2057 of file WebUsers.cc.
| void WebUsers::createNewAccount | ( | const std::string & | username, |
| const std::string & | displayName, | ||
| const std::string & | |||
| ) |
createNewAccount adds a new valid user to database inputs: username and name to display initializes database entry with minimal permissions and salt starts as "" until password is set Special case if first user name!! max permissions given (super user made) //Note: username, userId, AND displayName must be unique!
Definition at line 1003 of file WebUsers.cc.
| std::string WebUsers::createNewLoginSession | ( | const std::string & | UUID, |
| const std::string & | ip | ||
| ) |
createNewLoginSession adds a new login session id to database inputs: UUID checks that UUID is unique initializes database entry and returns sessionId std::string return "" on failure
Definition at line 2429 of file WebUsers.cc.
| uint64_t WebUsers::getActiveSessionCountForUser | ( | uint64_t | uid | ) |
WebUsers::getActiveSessionCountForUser — Returns count of unique ActiveSessionIndex entries for user's uid
Definition at line 1915 of file WebUsers.cc.
| size_t WebUsers::getActiveUserCount | ( | void | ) |
WebUsers::getActiveUserCount return count of active Display Names
Definition at line 3396 of file WebUsers.cc.
| std::string WebUsers::getActiveUsersString | ( | void | ) |
WebUsers::getActiveUsersString return comma separated list of active Display Names
Definition at line 3408 of file WebUsers.cc.
| uint64_t WebUsers::getAdminUserID | ( | void | ) |
Definition at line 3441 of file WebUsers.cc.
| std::string WebUsers::getAllSystemMessages | ( | void | ) |
getAllSystemMessages Returns string all all system messages by user (for remote gateway monitoring) Format: targetUser | time | msg | targetUser | time | msg...etc
Definition at line 3754 of file WebUsers.cc.
| std::string WebUsers::getGenericPreference | ( | uint64_t | uid, |
| const std::string & | preferenceName, | ||
| HttpXmlDocument * | xmldoc = 0 |
||
| ) | const |
WebUsers::getGenericPreference each generic preference has its own directory, and each user has their own file default preference is empty string.
Definition at line 3063 of file WebUsers.cc.
| std::pair< std::string, time_t > WebUsers::getLastSystemMessage | ( | void | ) |
getAllSystemMessages Returns last */global system message for statusing
Definition at line 3733 of file WebUsers.cc.
| std::map< std::string, WebUsers::permissionLevel_t > WebUsers::getPermissionsForUser | ( | uint64_t | uid | ) |
from Gateway, use public version which considers remote users
WebUsers::getPermissionForUser return WebUsers::PERMISSION_LEVEL_INACTIVE if invalid index
Definition at line 2568 of file WebUsers.cc.
| std::string WebUsers::getSystemMessage | ( | const std::string & | targetUser | ) |
getSystemMessage Deliver | separated system messages (time | msg | time | msg...etc), if there is any in vector set for user or for wildcard * Empty std::string "" returned if no message for targetUser Note: | is an illegal character and will cause GUI craziness Note: targetUser is by display name
Definition at line 3786 of file WebUsers.cc.
| std::string WebUsers::getUsersDisplayName | ( | uint64_t | uid | ) |
from Gateway, use public version which considers remote users
WebUsers::getUsersDisplayName —.
Definition at line 2028 of file WebUsers.cc.
| std::string WebUsers::getUsersUsername | ( | uint64_t | uid | ) |
from Gateway, use public version which considers remote users
Definition at line 2038 of file WebUsers.cc.
|
static |
used by gateway and other supervisors to verify requests consistently
initializeRequestUserInfo initialize user info parameters to failed results
Definition at line 234 of file WebUsers.cc.
| void WebUsers::insertSettingsForUser | ( | uint64_t | uid, |
| HttpXmlDocument * | xmldoc, | ||
| bool | includeAccounts = false |
||
| ) |
WebUsers::insertGetSettingsResponse add settings to xml document all active users have permissions of at least 1 so have web preferences: -background color -dashboard color -window color -3 user defaults for window layouts(and current), can set current as one of defaults super users have account controls: -list of user accounts to edit permissions, display name, or delete account -add new account ...and super users have system default window layout -2 system defaults for window layouts
layout settings explanation 0 = no windows, never set, empty desktop example 2 layouts set, 2 not, [<win name>, <win subname>, <win url>, <x>, <y>, <w>, <h>]; [<win name>, <win subname>, <win url>, <x>, <y>, <w>, <h>]...];0;0
Definition at line 2902 of file WebUsers.cc.
| uint64_t WebUsers::isCookieCodeActiveForLogin | ( | const std::string & | uuid, |
| std::string & | cookieCode, | ||
| std::string & | username | ||
| ) |
WebUsers::IsCookieActive — returns User Id on success, returns by reference refreshed cookieCode and displayName if cookieCode/user combo is still active displayName is returned in username std::string else returns -1
Definition at line 1858 of file WebUsers.cc.
| bool WebUsers::isUserIdActive | ( | uint64_t | uid | ) | const |
WebUsers::isUserIdActive — returns true if found, else false
Definition at line 1625 of file WebUsers.cc.
| bool WebUsers::isUsernameActive | ( | const std::string & | username | ) | const |
WebUsers::isUsernameActive — returns true if found, else false
Definition at line 1614 of file WebUsers.cc.
| void WebUsers::loadActiveSessions | ( | void | ) |
loadActiveSessions load active sessions structure so that they can survive restart
Definition at line 442 of file WebUsers.cc.
| void WebUsers::saveActiveSessions | ( | void | ) |
saveActiveSessions save active sessions structure so that they can survive restart
Definition at line 402 of file WebUsers.cc.
| void WebUsers::setGenericPreference | ( | uint64_t | uid, |
| const std::string & | preferenceName, | ||
| const std::string & | preferenceValue | ||
| ) |
WebUsers::setGenericPreference each generic preference has its own directory, and each user has their own file
Definition at line 3022 of file WebUsers.cc.
| bool WebUsers::setUserWithLock | ( | uint64_t | actingUid, |
| bool | lock, | ||
| const std::string & | username | ||
| ) |
WebUsers::setUserWithLock if lock is true, set lock user specified if lock is false, attempt to unlock user specified return true on success
Definition at line 3168 of file WebUsers.cc.
|
static |
WebUsers::silenceAllUserTooltips creates a file
Definition at line 2867 of file WebUsers.cc.
|
static |
WebUsers::tooltipCheckForUsername read file for tooltip if not 1 then never show if 0 then "always show" if other then treat as temporary mute.. i.e. if time(0) > val show
Definition at line 2791 of file WebUsers.cc.
|
static |
WebUsers::tooltipSetNeverShowForUsername temporarySilence has priority over the neverShow setting
Definition at line 2733 of file WebUsers.cc.
| bool WebUsers::xmlRequestOnGateway | ( | cgicc::Cgicc & | cgi, |
| std::ostringstream * | out, | ||
| HttpXmlDocument * | xmldoc, | ||
| WebUsers::RequestUserInfo & | userInfo | ||
| ) |
for the gateway supervisor to check request access if false, gateway request handling code should just return.. out is handled on false; on true, out is untouched
xmlRequestOnGateway check the validity of an xml request at the server side, i.e. at the Gateway supervisor, which is the owner of the web users instance. if false, gateway request code should just return.. out is handled on false; on true, out is untouched
Definition at line 175 of file WebUsers.cc.
1.9.1