diff options
| author | Ed Tanous <ed.tanous@intel.com> | 2017-10-28 02:00:19 +0300 |
|---|---|---|
| committer | Ed Tanous <ed.tanous@intel.com> | 2017-10-28 02:27:42 +0300 |
| commit | c963aa422e35a954229c3fcf9646150dc0066369 (patch) | |
| tree | 64307317e4725d0eadc2d7a34d0cfe7a6ed45b6c /include/token_authorization_middleware.hpp | |
| parent | 2a866f8ecd3b66da787aac5831e8da905ff484fc (diff) | |
| download | bmcweb-c963aa422e35a954229c3fcf9646150dc0066369.tar.xz | |
Refactor session key storage
Refactor session key storage to actually have an interface that isn't
map, and provide reasonable lookup functions, as well as update the
consumers of those functions.
This also implements session timeouts.
Change-Id: Ica46716805782cfbb7c4ee5569bc7e468c260bc3
Diffstat (limited to 'include/token_authorization_middleware.hpp')
| -rw-r--r-- | include/token_authorization_middleware.hpp | 18 |
1 files changed, 10 insertions, 8 deletions
diff --git a/include/token_authorization_middleware.hpp b/include/token_authorization_middleware.hpp index 964228240b..67f1161cca 100644 --- a/include/token_authorization_middleware.hpp +++ b/include/token_authorization_middleware.hpp @@ -79,8 +79,9 @@ class Middleware { return; } auto& data_mw = allctx.template get<PersistentData::Middleware>(); - auto session_it = data_mw.auth_tokens->find(auth_key); - if (session_it == data_mw.auth_tokens->end()) { + const PersistentData::UserSession* session = + data_mw.sessions->login_session_by_token(auth_key); + if (session == nullptr) { return_unauthorized(); return; } @@ -90,12 +91,12 @@ class Middleware { if (req.method != "GET"_method) { const std::string& csrf = req.get_header_value("X-XSRF-TOKEN"); // Make sure both tokens are filled - if (csrf.empty() || session_it->second.csrf_token.empty()) { + if (csrf.empty() || session->csrf_token.empty()) { return_unauthorized(); return; } // Reject if csrf token not available - if (csrf != session_it->second.csrf_token) { + if (csrf != session->csrf_token) { return_unauthorized(); return; } @@ -103,7 +104,7 @@ class Middleware { } if (req.url == "/logout" && req.method == "POST"_method) { - data_mw.auth_tokens->erase(auth_key); + data_mw.sessions->remove_session(session); res.code = 200; res.end(); return; @@ -195,9 +196,10 @@ void request_routes(Crow<Middlewares...>& app) { if (!pam_authenticate_user(username, password)) { res.code = 401; } else { - auto& auth_middleware = - app.template get_middleware<PersistentData::Middleware>(); - auto session = auth_middleware.generate_user_session(username); + auto& context = + app.template get_context<PersistentData::Middleware>(req); + auto& session_store = context.sessions; + auto& session = session_store->generate_user_session(username); if (looks_like_ibm) { // IBM requires a very specific login structure, and doesn't |