From 09732b4d5dfdb3a9e326e99c2e86d7492bc06e55 Mon Sep 17 00:00:00 2001 From: diva Date: Sat, 21 Mar 2009 20:16:35 +0000 Subject: Initial support for authentication/authorization keys in UserManagerBase, and use of it in HGStandaloneLoginService (producer of initial key for user, and of subsequent keys) and HGStandaloneInventoryService (consumer of a key). Keys are of the form http:/// and they are sent over http header "authorization". --- .../Framework/Communications/IAuthentication.cs | 13 ++++ .../Framework/Communications/UserManagerBase.cs | 83 +++++++++++++++++++++- 2 files changed, 95 insertions(+), 1 deletion(-) create mode 100644 OpenSim/Framework/Communications/IAuthentication.cs (limited to 'OpenSim/Framework/Communications') diff --git a/OpenSim/Framework/Communications/IAuthentication.cs b/OpenSim/Framework/Communications/IAuthentication.cs new file mode 100644 index 0000000..5d6d5f2 --- /dev/null +++ b/OpenSim/Framework/Communications/IAuthentication.cs @@ -0,0 +1,13 @@ +using System; + +using OpenMetaverse; + + +namespace OpenSim.Framework.Communications +{ + public interface IAuthentication + { + string GetNewKey(string url, UUID userID, UUID authToken); + bool VerifyKey(UUID userID, string key); + } +} diff --git a/OpenSim/Framework/Communications/UserManagerBase.cs b/OpenSim/Framework/Communications/UserManagerBase.cs index 62c3f89..c177d4f 100644 --- a/OpenSim/Framework/Communications/UserManagerBase.cs +++ b/OpenSim/Framework/Communications/UserManagerBase.cs @@ -42,7 +42,7 @@ namespace OpenSim.Framework.Communications /// /// Base class for user management (create, read, etc) /// - public abstract class UserManagerBase : IUserService, IUserAdminService, IAvatarService, IMessagingService + public abstract class UserManagerBase : IUserService, IUserAdminService, IAvatarService, IMessagingService, IAuthentication { private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType); @@ -750,5 +750,86 @@ namespace OpenSim.Framework.Communications } } } + + #region IAuthentication + + protected Dictionary> m_userKeys = new Dictionary>(); + + /// + /// This generates authorization keys in the form + /// http://userserver/uuid + /// after verifying that the caller is, indeed, authorized to request a key + /// + /// URL of the user server + /// The user ID requesting the new key + /// The original authorization token for that user, obtained during login + /// + public string GetNewKey(string url, UUID userID, UUID authToken) + { + UserProfileData profile = GetUserProfile(userID); + string newKey = string.Empty; + if (!url.EndsWith("/")) + url = url + "/"; + + if (profile != null) + { + // I'm overloading webloginkey for this, so that no changes are needed in the DB + // The uses of webloginkey are fairly mutually exclusive + if (profile.WebLoginKey.Equals(authToken)) + { + newKey = UUID.Random().ToString(); + List keys; + lock (m_userKeys) + { + if (m_userKeys.ContainsKey(userID)) + { + keys = m_userKeys[userID]; + } + else + { + keys = new List(); + m_userKeys.Add(userID, keys); + } + keys.Add(newKey); + } + m_log.InfoFormat("[USERAUTH]: Successfully generated new auth key for user {0}", userID); + } + else + m_log.Info("[USERAUTH]: Unauthorized key generation request. Denying new key."); + } + else + m_log.Info("[USERAUTH]: User not found."); + + return url + newKey; + } + + /// + /// This verifies the uuid portion of the key given out by GenerateKey + /// + /// + /// + /// + public bool VerifyKey(UUID userID, string key) + { + lock (m_userKeys) + { + if (m_userKeys.ContainsKey(userID)) + { + List keys = m_userKeys[userID]; + if (keys.Contains(key)) + { + // Keys are one-time only, so remove it + keys.Remove(key); + return true; + } + return false; + } + else + return false; + } + } + + #endregion + } } -- cgit v1.1