diff options
author | Simon Rettberg | 2023-02-24 16:37:36 +0100 |
---|---|---|
committer | Simon Rettberg | 2023-02-24 16:37:36 +0100 |
commit | 677ef4ddbe7e4727303d799a415543cb65426a76 (patch) | |
tree | 3eae0b9422a91d58d6d084eb8ced4a3e252e40be | |
parent | Fix comment (diff) | |
download | masterserver-677ef4ddbe7e4727303d799a415543cb65426a76.tar.gz masterserver-677ef4ddbe7e4727303d799a415543cb65426a76.tar.xz masterserver-677ef4ddbe7e4727303d799a415543cb65426a76.zip |
Allow connecting a new session to a one-time access code
(Add support for browser-based login flow)
5 files changed, 114 insertions, 6 deletions
diff --git a/src/main/java/org/openslx/imagemaster/localrpc/JsonUser.java b/src/main/java/org/openslx/imagemaster/localrpc/JsonUser.java index 9c86ea7..3dff32f 100644 --- a/src/main/java/org/openslx/imagemaster/localrpc/JsonUser.java +++ b/src/main/java/org/openslx/imagemaster/localrpc/JsonUser.java @@ -2,7 +2,9 @@ package org.openslx.imagemaster.localrpc; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; +import org.openslx.bwlp.thrift.iface.AuthorizationError; import org.openslx.bwlp.thrift.iface.Role; +import org.openslx.bwlp.thrift.iface.TAuthorizationException; import org.openslx.bwlp.thrift.iface.UserInfo; import org.openslx.imagemaster.util.Util; @@ -17,9 +19,15 @@ public class JsonUser private String lastName = null; private String mail = null; private String role = null; + private String status; + private String error; + + private String accessCode; public UserInfo toUser() { + if ( !"ok".equals( status ) ) + return null; Role role; try { role = Role.valueOf( this.role ); @@ -35,4 +43,16 @@ public class JsonUser return ui; } + public TAuthorizationException toException() + { + if ( "ok".equals( status ) ) + return null; + return new TAuthorizationException( AuthorizationError.GENERIC_ERROR, this.error ); + } + + public String accessCode() + { + return this.accessCode; + } + } diff --git a/src/main/java/org/openslx/imagemaster/localrpc/NetworkHandler.java b/src/main/java/org/openslx/imagemaster/localrpc/NetworkHandler.java index 228d793..4416647 100644 --- a/src/main/java/org/openslx/imagemaster/localrpc/NetworkHandler.java +++ b/src/main/java/org/openslx/imagemaster/localrpc/NetworkHandler.java @@ -13,6 +13,7 @@ import java.util.concurrent.LinkedBlockingQueue; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; import org.openslx.bwlp.thrift.iface.ClientSessionData; +import org.openslx.bwlp.thrift.iface.TAuthorizationException; import org.openslx.bwlp.thrift.iface.UserInfo; import org.openslx.imagemaster.session.Session; import org.openslx.imagemaster.session.SessionManager; @@ -125,13 +126,19 @@ public class NetworkHandler implements Runnable { try { JsonUser ju = gson.fromJson( payload, JsonUser.class ); - UserInfo u = ju.toUser(); - if ( u == null ) { - log.warn( "Invalid or inomplete RPC data (" + payload + ")" ); - return "Invalid or incomplete RPC data"; + TAuthorizationException ex = ju.toException(); + if ( ex != null ) { + SessionManager.addAuthError( ex, ju.accessCode() ); + return "Auth error"; + } else { + UserInfo u = ju.toUser(); + if ( u == null ) { + log.warn( "Invalid or inomplete RPC data (" + payload + ")" ); + return "Invalid or incomplete RPC data"; + } + ClientSessionData sd = SessionManager.addSession( new Session( u ), ju.accessCode() ); + return "TOKEN:" + sd.authToken + " SESSIONID:" + sd.sessionId; } - ClientSessionData sd = SessionManager.addSession( new Session( u ) ); - return "TOKEN:" + sd.authToken + " SESSIONID:" + sd.sessionId; } catch ( Throwable t ) { log.error( "Exception on json decode", t ); } diff --git a/src/main/java/org/openslx/imagemaster/session/AccessCode.java b/src/main/java/org/openslx/imagemaster/session/AccessCode.java new file mode 100644 index 0000000..4407329 --- /dev/null +++ b/src/main/java/org/openslx/imagemaster/session/AccessCode.java @@ -0,0 +1,26 @@ +package org.openslx.imagemaster.session; + +import org.openslx.bwlp.thrift.iface.ClientSessionData; +import org.openslx.bwlp.thrift.iface.TAuthorizationException; + +public class AccessCode +{ + + public final long timeout = System.currentTimeMillis() + 600_000; + + public final ClientSessionData clientSession; + + public final TAuthorizationException ex; + + public AccessCode( ClientSessionData clientSession, TAuthorizationException ex ) + { + this.clientSession = clientSession; + this.ex = ex; + } + + public boolean timedOut() + { + return System.currentTimeMillis() > this.timeout; + } + +} diff --git a/src/main/java/org/openslx/imagemaster/session/SessionManager.java b/src/main/java/org/openslx/imagemaster/session/SessionManager.java index 57973ac..a7c7cb9 100644 --- a/src/main/java/org/openslx/imagemaster/session/SessionManager.java +++ b/src/main/java/org/openslx/imagemaster/session/SessionManager.java @@ -6,12 +6,15 @@ import java.util.LinkedHashMap; import java.util.List; import java.util.Map; import java.util.UUID; +import java.util.concurrent.ConcurrentHashMap; import java.util.concurrent.TimeUnit; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; import org.openslx.bwlp.thrift.iface.ClientSessionData; import org.openslx.bwlp.thrift.iface.Satellite; +import org.openslx.bwlp.thrift.iface.TAuthorizationException; +import org.openslx.bwlp.thrift.iface.TNotFoundException; import org.openslx.bwlp.thrift.iface.UserInfo; import org.openslx.imagemaster.db.mappers.DbSatellite; import org.openslx.imagemaster.util.Hash; @@ -29,6 +32,9 @@ public class SessionManager // Map of currently known sessions private static final Map<String, Session> sessions = new LinkedHashMap<>(); + // Map of pending "access code -> session" lookups + private static final Map<String, AccessCode> accessCodes = new ConcurrentHashMap<>(); + public static ClientSessionData addSession( Session session ) { final String authToken = Hash.md5( UUID.randomUUID().toString() ); @@ -48,6 +54,20 @@ public class SessionManager return new ClientSessionData( sessionId, authToken, sats, ui ); } + public static ClientSessionData addSession( Session session, String accessToken ) + { + ClientSessionData s = addSession( session ); + if ( accessToken != null ) { + accessCodes.put( accessToken, new AccessCode( s, null ) ); + } + return s; + } + + public static void addAuthError( TAuthorizationException ex, String accessToken ) + { + accessCodes.put( accessToken, new AccessCode( null, ex ) ); + } + static { QuickTimer.scheduleAtFixedDelay( new Task() { @Override @@ -62,10 +82,20 @@ public class SessionManager } } } + Iterator<AccessCode> it = accessCodes.values().iterator(); + while ( it.hasNext() ) { + final AccessCode s = it.next(); + if ( s.timedOut() ) { + it.remove(); + } + } } }, 123, TimeUnit.MINUTES.toMillis( 13 ) ); } + /** + * Get from userToken, known to satellite servers. + */ public static Session getSessionFromToken( String token ) { if ( token == null || token.length() != 32 ) { @@ -82,6 +112,9 @@ public class SessionManager return session; } + /** + * Get from sessionId, only known by client/user and us. + */ public static Session getSessionFromSessionId( String sessionId ) { if ( sessionId == null || sessionId.length() != 64 ) { @@ -125,4 +158,20 @@ public class SessionManager } } + /** + * Get the according session data (satToken, masterToken) for given access code, which was + * supplied by the client earlier. This can only be done once; retrieving the session will remove + * the entry from the lookup table. + */ + public static ClientSessionData getSessionFromAccessCode( String accessCode ) + throws TNotFoundException, TAuthorizationException + { + AccessCode data = accessCodes.remove( accessCode ); + if ( data == null ) + throw new TNotFoundException(); + if ( data.ex != null ) + throw data.ex; + return data.clientSession; + } + } diff --git a/src/main/java/org/openslx/imagemaster/thrift/server/MasterServerHandler.java b/src/main/java/org/openslx/imagemaster/thrift/server/MasterServerHandler.java index 1a41e2d..d423c36 100644 --- a/src/main/java/org/openslx/imagemaster/thrift/server/MasterServerHandler.java +++ b/src/main/java/org/openslx/imagemaster/thrift/server/MasterServerHandler.java @@ -172,6 +172,12 @@ public class MasterServerHandler implements MasterServer.Iface SessionManager.invalidate( sessionId ); } + @Override + public ClientSessionData getSessionFromAccessCode( String accessCode ) throws TNotFoundException, TException + { + return SessionManager.getSessionFromAccessCode( accessCode ); + } + /** * Request information about user for given token * |