diff options
Diffstat (limited to 'include/authentication.hpp')
-rw-r--r-- | include/authentication.hpp | 123 |
1 files changed, 58 insertions, 65 deletions
diff --git a/include/authentication.hpp b/include/authentication.hpp index ad9759bf49..6483365bef 100644 --- a/include/authentication.hpp +++ b/include/authentication.hpp @@ -32,8 +32,7 @@ inline void cleanupTempSession(const Request& req) } } -#ifdef BMCWEB_ENABLE_BASIC_AUTHENTICATION -static std::shared_ptr<persistent_data::UserSession> +inline std::shared_ptr<persistent_data::UserSession> performBasicAuth(const boost::asio::ip::address& clientIp, std::string_view authHeader) { @@ -86,10 +85,8 @@ static std::shared_ptr<persistent_data::UserSession> user, clientIp, std::nullopt, persistent_data::PersistenceType::SINGLE_REQUEST, isConfigureSelfOnly); } -#endif -#ifdef BMCWEB_ENABLE_SESSION_AUTHENTICATION -static std::shared_ptr<persistent_data::UserSession> +inline std::shared_ptr<persistent_data::UserSession> performTokenAuth(std::string_view authHeader) { BMCWEB_LOG_DEBUG("[AuthMiddleware] Token authentication"); @@ -102,10 +99,8 @@ static std::shared_ptr<persistent_data::UserSession> persistent_data::SessionStore::getInstance().loginSessionByToken(token); return sessionOut; } -#endif -#ifdef BMCWEB_ENABLE_XTOKEN_AUTHENTICATION -static std::shared_ptr<persistent_data::UserSession> +inline std::shared_ptr<persistent_data::UserSession> performXtokenAuth(const boost::beast::http::header<true>& reqHeader) { BMCWEB_LOG_DEBUG("[AuthMiddleware] X-Auth-Token authentication"); @@ -119,10 +114,8 @@ static std::shared_ptr<persistent_data::UserSession> persistent_data::SessionStore::getInstance().loginSessionByToken(token); return sessionOut; } -#endif -#ifdef BMCWEB_ENABLE_COOKIE_AUTHENTICATION -static std::shared_ptr<persistent_data::UserSession> +inline std::shared_ptr<persistent_data::UserSession> performCookieAuth(boost::beast::http::verb method [[maybe_unused]], const boost::beast::http::header<true>& reqHeader) { @@ -159,37 +152,36 @@ static std::shared_ptr<persistent_data::UserSession> return nullptr; } sessionOut->cookieAuth = true; -#ifndef BMCWEB_INSECURE_DISABLE_CSRF_PREVENTION - // RFC7231 defines methods that need csrf protection - if (method != boost::beast::http::verb::get) + + if constexpr (BMCWEB_INSECURE_DISABLE_CSRF) { - std::string_view csrf = reqHeader["X-XSRF-TOKEN"]; - // Make sure both tokens are filled - if (csrf.empty() || sessionOut->csrfToken.empty()) + // RFC7231 defines methods that need csrf protection + if (method != boost::beast::http::verb::get) { - return nullptr; - } + std::string_view csrf = reqHeader["X-XSRF-TOKEN"]; + // Make sure both tokens are filled + if (csrf.empty() || sessionOut->csrfToken.empty()) + { + return nullptr; + } - if (csrf.size() != persistent_data::sessionTokenSize) - { - return nullptr; - } - // Reject if csrf token not available - if (!crow::utility::constantTimeStringCompare( - csrf, sessionOut->csrfToken)) - { - return nullptr; + if (csrf.size() != persistent_data::sessionTokenSize) + { + return nullptr; + } + // Reject if csrf token not available + if (!crow::utility::constantTimeStringCompare( + csrf, sessionOut->csrfToken)) + { + return nullptr; + } } } -#endif - return sessionOut; } return nullptr; } -#endif -#ifdef BMCWEB_ENABLE_MUTUAL_TLS_AUTHENTICATION -static std::shared_ptr<persistent_data::UserSession> +inline std::shared_ptr<persistent_data::UserSession> performTLSAuth(Response& res, const boost::beast::http::header<true>& reqHeader, const std::weak_ptr<persistent_data::UserSession>& session) @@ -219,11 +211,9 @@ static std::shared_ptr<persistent_data::UserSession> } return nullptr; } -#endif // checks if request can be forwarded without authentication -[[maybe_unused]] static bool isOnAllowlist(std::string_view url, - boost::beast::http::verb method) +inline bool isOnAllowlist(std::string_view url, boost::beast::http::verb method) { if (boost::beast::http::verb::get == method) { @@ -257,51 +247,54 @@ static std::shared_ptr<persistent_data::UserSession> return false; } -[[maybe_unused]] static std::shared_ptr<persistent_data::UserSession> - authenticate( - const boost::asio::ip::address& ipAddress [[maybe_unused]], - Response& res [[maybe_unused]], - boost::beast::http::verb method [[maybe_unused]], - const boost::beast::http::header<true>& reqHeader, - [[maybe_unused]] const std::shared_ptr<persistent_data::UserSession>& - session) +inline std::shared_ptr<persistent_data::UserSession> authenticate( + const boost::asio::ip::address& ipAddress [[maybe_unused]], + Response& res [[maybe_unused]], + boost::beast::http::verb method [[maybe_unused]], + const boost::beast::http::header<true>& reqHeader, + [[maybe_unused]] const std::shared_ptr<persistent_data::UserSession>& + session) { const persistent_data::AuthConfigMethods& authMethodsConfig = persistent_data::SessionStore::getInstance().getAuthMethodsConfig(); std::shared_ptr<persistent_data::UserSession> sessionOut = nullptr; -#ifdef BMCWEB_ENABLE_MUTUAL_TLS_AUTHENTICATION - if (authMethodsConfig.tls) + if constexpr (BMCWEB_MUTUAL_TLS_AUTH) { - sessionOut = performTLSAuth(res, reqHeader, session); + if (authMethodsConfig.tls) + { + sessionOut = performTLSAuth(res, reqHeader, session); + } } -#endif -#ifdef BMCWEB_ENABLE_XTOKEN_AUTHENTICATION - if (sessionOut == nullptr && authMethodsConfig.xtoken) + if constexpr (BMCWEB_XTOKEN_AUTH) { - sessionOut = performXtokenAuth(reqHeader); + if (sessionOut == nullptr && authMethodsConfig.xtoken) + { + sessionOut = performXtokenAuth(reqHeader); + } } -#endif -#ifdef BMCWEB_ENABLE_COOKIE_AUTHENTICATION - if (sessionOut == nullptr && authMethodsConfig.cookie) + if constexpr (BMCWEB_COOKIE_AUTH) { - sessionOut = performCookieAuth(method, reqHeader); + if (sessionOut == nullptr && authMethodsConfig.cookie) + { + sessionOut = performCookieAuth(method, reqHeader); + } } -#endif std::string_view authHeader = reqHeader["Authorization"]; BMCWEB_LOG_DEBUG("authHeader={}", authHeader); - - if (sessionOut == nullptr && authMethodsConfig.sessionToken) + if constexpr (BMCWEB_SESSION_AUTH) { -#ifdef BMCWEB_ENABLE_SESSION_AUTHENTICATION - sessionOut = performTokenAuth(authHeader); -#endif + if (sessionOut == nullptr && authMethodsConfig.sessionToken) + { + sessionOut = performTokenAuth(authHeader); + } } - if (sessionOut == nullptr && authMethodsConfig.basic) + if constexpr (BMCWEB_BASIC_AUTH) { -#ifdef BMCWEB_ENABLE_BASIC_AUTHENTICATION - sessionOut = performBasicAuth(ipAddress, authHeader); -#endif + if (sessionOut == nullptr && authMethodsConfig.basic) + { + sessionOut = performBasicAuth(ipAddress, authHeader); + } } if (sessionOut != nullptr) { |