MythTV  master
Public Member Functions | Static Public Member Functions | Private Member Functions | Private Attributes | List of all members
MythSessionManager Class Reference

We use digest authentication because it protects the password over unprotected networks. More...

#include <mythsession.h>

Public Member Functions

 MythSessionManager ()
 
 ~MythSessionManager ()=default
 
bool IsValidUser (const QString &username)
 Check if the given user exists but not whether there is a valid session open for them! More...
 
bool IsValidSession (const QString &sessionToken)
 Check if the session token is valid. More...
 
MythUserSession GetSession (const QString &sessionToken)
 Load the session details and return. More...
 
QString GetPasswordDigest (const QString &username)
 Load the password digest for comparison in the HTTP Auth code. More...
 
MythUserSession LoginUser (const QString &username, const QByteArray &digest, const QString &client="")
 Login user by digest. More...
 
MythUserSession LoginUser (const QString &username, const QString &password, const QString &client="")
 Login user by password - convenient alternative to using the digest. More...
 
bool ManageDigestUser (DigestUserActions action, const QString &username, const QString &password, const QString &newPassword, const QString &adminPassword)
 Manage digest user entries. More...
 

Static Public Member Functions

static QByteArray CreateDigest (const QString &username, const QString &password)
 Generate a digest string. More...
 

Private Member Functions

void LoadSessions (void)
 Load the values from the sessions table on startup. More...
 
void UpdateSession (const QString &sessionToken)
 Update the session timestamps. More...
 
MythUserSession GetSession (const QString &username, const QString &client)
 Checks if an existing session for this user and client exists. More...
 
MythUserSession CreateUserSession (uint userId, const QString &username, const QString &client)
 Add new user session to the database and cache. More...
 
void DestroyUserSession (const QString &sessionToken)
 Removes user session from the database and cache. More...
 
bool AddDigestUser (const QString &username, const QString &password, const QString &adminPassword)
 
bool RemoveDigestUser (const QString &username, const QString &password)
 
bool ChangeDigestUserPassword (const QString &username, const QString &oldPassword, const QString &newPassword)
 

Private Attributes

QMap< QString, MythUserSessionm_sessionList
 

Detailed Description

We use digest authentication because it protects the password over unprotected networks.

Even if traffic between the client and server is captured, the digest and password cannot be determined and the attacker cannot gain system access in that way. It cannot protect against a full man-in-the-middle but if that really is a concern, users should setup TLS.

The digest isn't very strong if it leaked, but for that to happen the database would need to be breached, at which point the MythTV system is already heavily compromised.

Definition at line 98 of file mythsession.h.

Constructor & Destructor Documentation

◆ MythSessionManager()

MythSessionManager::MythSessionManager ( )

Definition at line 111 of file mythsession.cpp.

◆ ~MythSessionManager()

MythSessionManager::~MythSessionManager ( )
default

Member Function Documentation

◆ IsValidUser()

bool MythSessionManager::IsValidUser ( const QString &  username)

Check if the given user exists but not whether there is a valid session open for them!

Parameters
username

Definition at line 151 of file mythsession.cpp.

Referenced by AddDigestUser(), HTTPRequest::BasicAuthentication(), ChangeDigestUserPassword(), HTTPRequest::DigestAuthentication(), Myth::ManageUrlProtection(), and RemoveDigestUser().

◆ IsValidSession()

bool MythSessionManager::IsValidSession ( const QString &  sessionToken)

Check if the session token is valid.

Parameters
sessionToken

Definition at line 242 of file mythsession.cpp.

Referenced by GetSession().

◆ GetSession() [1/2]

MythUserSession MythSessionManager::GetSession ( const QString &  sessionToken)

Load the session details and return.

Parameters
sessionTokenIf no matching session exists an empty MythUserSession object is returned

Definition at line 175 of file mythsession.cpp.

Referenced by LoginUser(), and HTTPRequest::ParseRequest().

◆ GetPasswordDigest()

QString MythSessionManager::GetPasswordDigest ( const QString &  username)

Load the password digest for comparison in the HTTP Auth code.

Parameters
usernameThe username should be checked for validity first

Definition at line 224 of file mythsession.cpp.

Referenced by AddDigestUser(), ChangeDigestUserPassword(), HTTPRequest::DigestAuthentication(), Myth::ManageUrlProtection(), and RemoveDigestUser().

◆ LoginUser() [1/2]

MythUserSession MythSessionManager::LoginUser ( const QString &  username,
const QByteArray &  digest,
const QString &  client = "" 
)

Login user by digest.

Parameters
username
digestPassword Digest (RFC 2617)
clientOptional string identifying this client uniquely, will be created automatically if absent
Returns
Unique session token

Definition at line 282 of file mythsession.cpp.

Referenced by HTTPRequest::BasicAuthentication(), HTTPRequest::DigestAuthentication(), and LoginUser().

◆ LoginUser() [2/2]

MythUserSession MythSessionManager::LoginUser ( const QString &  username,
const QString &  password,
const QString &  client = "" 
)

Login user by password - convenient alternative to using the digest.

Parameters
username
passwordClear text password string
clientOptional string identifying this client uniquely, will be created automatically if absent
Returns
Unique session token

Definition at line 339 of file mythsession.cpp.

◆ CreateDigest()

QByteArray MythSessionManager::CreateDigest ( const QString &  username,
const QString &  password 
)
static

Generate a digest string.

Parameters
username
password

Definition at line 545 of file mythsession.cpp.

Referenced by AddDigestUser(), ChangeDigestUserPassword(), LoginUser(), Myth::ManageUrlProtection(), and RemoveDigestUser().

◆ ManageDigestUser()

bool MythSessionManager::ManageDigestUser ( DigestUserActions  action,
const QString &  username,
const QString &  password,
const QString &  newPassword,
const QString &  adminPassword 
)

Manage digest user entries.

Parameters
actionrequires one from: DigestUserActions
usernamealways required
passwordalways required
newPasswordif action=DIGEST_USER_CHANGE_PW
adminPasswordif action=DIGEST_USER_ADD

Definition at line 559 of file mythsession.cpp.

Referenced by Myth::ManageDigestUser().

◆ LoadSessions()

void MythSessionManager::LoadSessions ( void  )
private

Load the values from the sessions table on startup.

Definition at line 120 of file mythsession.cpp.

Referenced by MythSessionManager().

◆ UpdateSession()

void MythSessionManager::UpdateSession ( const QString &  sessionToken)
private

Update the session timestamps.

Definition at line 269 of file mythsession.cpp.

Referenced by IsValidSession().

◆ GetSession() [2/2]

MythUserSession MythSessionManager::GetSession ( const QString &  username,
const QString &  client 
)
private

Checks if an existing session for this user and client exists.

Parameters
username
clientWe may want to reuse this session or destroy this session

Definition at line 192 of file mythsession.cpp.

◆ CreateUserSession()

MythUserSession MythSessionManager::CreateUserSession ( uint  userId,
const QString &  username,
const QString &  client 
)
private

Add new user session to the database and cache.

Definition at line 351 of file mythsession.cpp.

Referenced by LoginUser().

◆ DestroyUserSession()

void MythSessionManager::DestroyUserSession ( const QString &  sessionToken)
private

Removes user session from the database and cache.

Definition at line 388 of file mythsession.cpp.

Referenced by GetSession(), and IsValidSession().

◆ AddDigestUser()

bool MythSessionManager::AddDigestUser ( const QString &  username,
const QString &  password,
const QString &  adminPassword 
)
private

Definition at line 410 of file mythsession.cpp.

Referenced by ManageDigestUser().

◆ RemoveDigestUser()

bool MythSessionManager::RemoveDigestUser ( const QString &  username,
const QString &  password 
)
private

Definition at line 454 of file mythsession.cpp.

Referenced by ManageDigestUser().

◆ ChangeDigestUserPassword()

bool MythSessionManager::ChangeDigestUserPassword ( const QString &  username,
const QString &  oldPassword,
const QString &  newPassword 
)
private

Definition at line 496 of file mythsession.cpp.

Referenced by ManageDigestUser().

Member Data Documentation

◆ m_sessionList

QMap<QString, MythUserSession> MythSessionManager::m_sessionList
private

The documentation for this class was generated from the following files: