Go to the documentation of this file.
9 #include <QCryptographicHash>
63 QByteArray randBytes = QUuid::createUuid().toByteArray();
65 QCryptographicHash::Sha1).toHex();
76 query.
prepare(
"REPLACE INTO user_sessions SET "
77 "sessionToken = :SESSION_TOKEN, "
80 "created = :CREATED, "
81 "lastactive = :LASTACTIVE, "
82 "expires = :EXPIRES");
125 query.
prepare(
"SELECT s.sessiontoken, s.created, s.lastactive, s.expires, "
126 " s.client, u.userid, u.username "
127 "FROM user_sessions s, users u");
153 if (username.isEmpty())
163 query.
prepare(
"SELECT userid FROM users WHERE username = :USERNAME");
193 const QString &client)
201 QMap<QString, MythUserSession>::iterator it;
204 if (((*it).m_name == username) &&
205 ((*it).m_sessionClient == client))
227 query.
prepare(
"SELECT password_digest FROM users WHERE username = :USERNAME");
234 return query.
value(0).toString();
283 const QByteArray &digest,
284 const QString &client)
286 if (username.isEmpty() || digest.isEmpty() || digest.length() < 32 ||
287 digest.length() > 32)
297 query.
prepare(
"SELECT userid, username FROM users WHERE "
298 "username = :USERNAME AND password_digest = :PWDIGEST");
301 query.
bindValue(
":PWDIGEST", QString(digest));
306 if (query.
size() > 1)
308 LOG(VB_GENERAL, LOG_CRIT,
"LoginUser: Warning, multiple matching user records found.");
325 QString userName = query.
value(1).toString();
330 LOG(VB_GENERAL, LOG_WARNING, QString(
"LoginUser: Failed login attempt for "
331 "user %1").arg(username));
340 const QString &password,
341 const QString &client)
345 return LoginUser(username, digest, client);
352 const QString &userName,
353 const QString &client)
358 session.
m_name = userName;
360 QString clientIdentifier = client;
361 if (clientIdentifier.isEmpty())
363 QString
type =
"Master";
390 if (sessionToken.isEmpty())
394 query.
prepare(
"DELETE FROM user_sessions WHERE "
395 "sessionToken = :SESSION_TOKEN");
396 query.
bindValue(
":SESSION_TOKEN", sessionToken);
411 const QString& password,
412 const QString& adminPassword)
414 if (adminPassword.isEmpty())
416 LOG(VB_GENERAL, LOG_ERR, QString(
"Admin password is missing."));
422 LOG(VB_GENERAL, LOG_ERR, QString(
"Tried to add an existing user: %1.")
429 LOG(VB_GENERAL, LOG_ERR, QString(
"Incorrect password for user: %1.")
435 insert.
prepare(
"INSERT INTO users SET "
436 "username = :USER_NAME, "
437 "password_digest = :PASSWORD_DIGEST");
438 insert.
bindValue(
":USER_NAME", username);
441 bool bResult = insert.
exec();
452 const QString& password)
456 LOG(VB_GENERAL, LOG_ERR, QString(
"Tried to remove a non-existing "
457 "user: %1.").arg(username));
461 if (username ==
"admin")
463 LOG(VB_GENERAL, LOG_ERR, QString(
"Tried to remove user: %1 (not "
464 "permitted.)").arg(
"admin"));
470 LOG(VB_GENERAL, LOG_ERR, QString(
"Incorrect password for user: %1.")
476 deleteQuery.
prepare(
"DELETE FROM users WHERE " "username = :USER_NAME ");
477 deleteQuery.
bindValue(
":USER_NAME", username);
479 bool bResult = deleteQuery.
exec();
491 const QString& oldPassword,
492 const QString& newPassword)
494 if (newPassword.isEmpty())
496 LOG(VB_GENERAL, LOG_ERR, QString(
"New password is missing."));
502 LOG(VB_GENERAL, LOG_ERR, QString(
"Attempted to update non-existing"
503 " user: %1.").arg(username));
507 QByteArray oldPasswordDigest =
CreateDigest(username, oldPassword);
511 LOG(VB_GENERAL, LOG_ERR, QString(
"Incorrect old password for "
512 "user: %1.").arg(username));
517 update.
prepare(
"UPDATE users SET "
518 "password_digest = :NEW_PASSWORD_DIGEST WHERE "
519 "username = :USER_NAME AND "
520 "password_digest = :OLD_PASSWORD_DIGEST");
523 update.
bindValue(
":USER_NAME", username);
524 update.
bindValue(
":OLD_PASSWORD_DIGEST", oldPasswordDigest);
526 bool bResult = update.
exec();
537 const QString &password)
541 QString plainText = QString(
"%1:MythTV:%2").arg(username, password);
542 QByteArray digest = QCryptographicHash::hash(plainText.toLatin1(),
543 QCryptographicHash::Md5).toHex();
551 const QString& username,
552 const QString& password,
553 const QString& newPassword,
554 const QString& adminPassword)
556 bool returnCode =
false;
558 if (username.isEmpty() || password.isEmpty())
559 LOG(VB_GENERAL, LOG_ERR, QString(
"Username and password required."));
561 returnCode =
AddDigestUser(username, password, adminPassword);
567 LOG(VB_GENERAL, LOG_ERR, QString(
"Unknown action."));
bool next(void)
Wrap QSqlQuery::next() so we can display the query results.
static bool IsValidUser(const QString &username)
Check if the given user exists but not whether there is a valid session open for them!
QSqlQuery wrapper that fetches a DB connection from the connection pool.
void LoadSessions(void)
Load the values from the sessions table on startup.
static QString GetPasswordDigest(const QString &username)
Load the password digest for comparison in the HTTP Auth code.
void UpdateSession(const QString &sessionToken)
Update the session timestamps.
QMap< QString, MythUserSession > m_sessionList
QVariant value(int i) const
bool Update(void)
Update session expiry and access times.
void DestroyUserSession(const QString &sessionToken)
Removes user session from the database and cache.
bool exec(void)
Wrap QSqlQuery::exec() so we can display SQL.
#define LOG(_MASK_, _LEVEL_, _QSTRING_)
static QByteArray CreateDigest(const QString &username, const QString &password)
Generate a digest string.
QDateTime current(bool stripped)
Returns current Date and Time in UTC.
QDateTime m_sessionLastActive
MythUserSession GetSession(const QString &sessionToken)
Load the session details and return.
bool IsMasterBackend(void)
is this the actual MBE process
static bool ManageDigestUser(DigestUserActions action, const QString &username, const QString &password, const QString &newPassword, const QString &adminPassword)
Manage digest user entries.
bool IsValid(void) const
Check if this session object appears properly constructed, it DOES NOT validate whether it is a valid...
static MSqlQueryInfo InitCon(ConnectionReuse _reuse=kNormalConnection)
Only use this in combination with MSqlQuery constructor.
QDateTime m_sessionExpires
static void DBError(const QString &where, const MSqlQuery &query)
bool Save(void)
Save the session to the database.
bool CheckPermission(const QString &context, uint permission)
Check if the user has the given permission in a context.
MythCoreContext * gCoreContext
This global variable contains the MythCoreContext instance for the app.
MythUserSession LoginUser(const QString &username, const QByteArray &digest, const QString &client="")
Login user by digest.
static bool RemoveDigestUser(const QString &username, const QString &password)
static bool AddDigestUser(const QString &username, const QString &password, const QString &adminPassword)
static bool ChangeDigestUserPassword(const QString &username, const QString &oldPassword, const QString &newPassword)
QDateTime m_sessionCreated
bool IsValidSession(const QString &sessionToken)
Check if the session token is valid.
void bindValue(const QString &placeholder, const QVariant &val)
Add a single binding.
MythUserSession CreateUserSession(uint userId, const QString &username, const QString &client)
Add new user session to the database and cache.
QString GetHostName(void)
bool prepare(const QString &query)
QSqlQuery::prepare() is not thread safe in Qt <= 3.3.2.