/usr/include/Wt/Auth/AbstractUserDatabase is in libwt-dev 3.3.6+dfsg-1.1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 | // This may look like C code, but it's really -*- C++ -*-
/*
* Copyright (C) 2011 Emweb bvba, Kessel-Lo, Belgium.
*
* See the LICENSE file for terms of use.
*/
#ifndef WT_AUTH_ABSTRACT_USER_DATABASE_H_
#define WT_AUTH_ABSTRACT_USER_DATABASE_H_
#include <Wt/Auth/User>
#ifndef WT_CX11
#if defined(__GXX_EXPERIMENTAL_CXX0X__) || __cplusplus >= 201103L
#define WT_CXX11
#endif
#ifdef WT_CXX11
#define WT_CXX11ONLY(x) x
#else
#define WT_CXX11ONLY(x)
#endif
#endif
namespace Wt {
namespace Auth {
/*! \class AbstractUserDatabase Wt/Auth/AbstractUserDatabase
* \brief Abstract interface for an authentication user database
*
* This class defines the interface for managing user data related to
* authentication. You need to implement this interface to allow the
* authentication service classes (AuthService, PasswordService, and OAuthService)
* to locate and update user credentials. Except for functions which
* do work on a single user, it is more convenient to use the User
* API. Obviously, you may have more data associated with a user,
* including roles for access control, other personal information,
* address information. This information cannot be accessed through
* the Auth::User class, but you should make it available through your
* own User class, which is then als the basis of this user database
* implementation.
*
* The only assumption made by the authentication system is that an id
* uniquely defines the user. This is usually an internal identifier,
* for example an auto-incrementing primary key.
*
* With a user, one or more other identities may be associated. These
* could be a login name (for password-based authentication), or id's
* used by third party providers (such as OAuth or LDAP).
*
* The database implements a simple data store and does not contain
* any logic. The database can store data for different aspects of
* authentication, but most data fields are only relevant for optional
* functionality, and thus themeselves optional. The default
* implementation of these methods will log errors.
*
* The authentication views and model classes assume a private
* instance of the database for each different session, and will try
* to wrap database access within a transaction. Transaction support
* can thus be optionally provided by a database implementation.
*
* \sa User
*
* \ingroup auth
*/
class WT_API AbstractUserDatabase
{
public:
/*! \brief An abstract transaction.
*
* An abstract transaction interface.
*
* \sa startTransaction()
*/
class WT_API Transaction
{
public:
/*! \brief Destructor.
*
* If the transaction is not yet finished (committed or rolled back),
* it will be rolled back.
*
* \sa rollback()
*/
virtual ~Transaction() WT_CXX11ONLY(noexcept(false));
/*! \brief Commits the transaction.
*
* \sa rollback()
*/
virtual void commit() = 0;
/*! \brief Rolls back the transaction.
*
* \sa commit()
*/
virtual void rollback() = 0;
};
/*! \brief Destructor.
*/
virtual ~AbstractUserDatabase();
/*! \brief Creates a new database transaction.
*
* If the underlying database does not support transactions, you can
* return \c 0.
*
* Ownership of the transaction is transferred, and the transaction must
* be deleted after it has been committed or rolled back.
*
* The default implementation returns \c 0 (no transaction support).
*/
virtual Transaction *startTransaction();
/*! \brief Finds a user with a given id.
*
* The id uniquely identifies a user.
*
* This should find the user with the given \p id, or return
* an invalid user if no user with that id exists.
*/
virtual User findWithId(const std::string& id) const = 0;
/*! \brief Finds a user with a given identity.
*
* The \p identity uniquely identifies the user by the \p provider.
*
* This should find the user with the given \p identity, or return
* an invalid user if no user with that identity exists.
*/
virtual User findWithIdentity(const std::string& provider,
const WT_USTRING& identity) const = 0;
/*! \brief Adds an identify for the user.
*
* This adds an identity to the user.
*
* You are free to support only one identity per user, e.g. if you
* only use password-based authentication. But you may also want to
* support more than one if you allow the user to login using
* multiple methods (e.g. name/password, OAuth from one or more
* providers, LDAP, ...).
*/
virtual void addIdentity(const User& user, const std::string& provider,
const WT_USTRING& id) = 0;
/*! \brief Changes an identity for a user.
*
* The base implementation calls removeIdentity() followed by addIdentity().
*/
virtual void setIdentity(const User& user, const std::string& provider,
const WT_USTRING& id);
/*! \brief Returns a user identity.
*
* Returns a user identity for the given provider, or an empty string
* if the user has no identitfy set for this provider.
*
* \sa addIdentity()
*/
virtual WT_USTRING identity(const User& user, const std::string& provider)
const = 0;
/*! \brief Removes a user identity.
*
* This removes all identities of a \p provider from the \p user.
*
* \sa addIdentity()
*/
virtual void removeIdentity(const User& user, const std::string& provider)
= 0;
//@}
/*! \brief Registers a new user.
*
* This adds a new user.
*
* This method is only used by view classes involved with
* registration (RegistrationWidget).
*/
virtual User registerNew();
/*! \brief Delete a user.
*
* This deletes a user from the database.
*/
virtual void deleteUser(const User& user);
/*! \brief Returns the status for a user.
*
* If there is support for suspending accounts, then this method may
* be implemented to return whether a user account is disabled.
*
* The default implementation always returns User::Normal.
*
* \sa Login::loginState()
*/
virtual User::Status status(const User& user) const;
/*! \brief Sets the user status.
*
* This sets the status for a user (if supported).
*/
virtual void setStatus(const User& user, User::Status status);
/** @name Password authentication
*/
//@{
/*! \brief Sets a new user password.
*
* This updates the password for a user.
*
* This is used only by PasswordService.
*/
virtual void setPassword(const User& user,
const PasswordHash& password);
/*! \brief Returns a user password.
*
* This returns the stored password for a user, or a default
* constructed password hash if the user does not yet have password
* credentials.
*
* This is used only by PasswordService.
*/
virtual PasswordHash password(const User& user) const;
//@}
/** @name Email addresses (for verification and lost passwords)
*/
//@{
/*! \brief Sets a user's email address.
*
* This is used only when email verification is enabled, or as a
* result of a 3rd party Identity Provider based registration
* process, if the provider also provides email address information
* with the identiy.
*
* Returns whether the user's email address could be set. This may
* fail when there is already a user registered that email address.
*
* \sa findWithEmail()
*/
virtual bool setEmail(const User& user, const std::string& address);
/*! \brief Returns a user's email address.
*
* This may be an unverified or verified email address, depending on
* whether email address verification is enabled in the model
* classes.
*
* This is an optional method, and currently not used by any of the
* included models or views.
*/
virtual std::string email(const User& user) const;
/*! \brief Sets a user's unverified email address.
*
* This is only used when email verification is enabled. It holds
* the currently unverified email address, while a mail is being sent
* for the user to confirm this email address.
*/
virtual void setUnverifiedEmail(const User& user,
const std::string& address);
/*! \brief Returns a user's unverified email address.
*
* This is an optional method, and currently not used by any of the
* included models or views.
*/
virtual std::string unverifiedEmail(const User& user) const;
/*! \brief Finds a user with a given email address.
*
* This is used to verify that a email addresses are unique, and to
* implement lost password functionality.
*/
virtual User findWithEmail(const std::string& address) const;
/*! \brief Sets a new email token for a user.
*
* This is only used when email verification is enabled or for lost
* password functionality.
*/
virtual void setEmailToken(const User& user, const Token& token,
User::EmailTokenRole role);
/*! \brief Returns an email token.
*
* This is only used when email verification is enabled and for lost
* password functionality. It should return the email token previously
* set with setEmailToken()
*/
virtual Token emailToken(const User& user) const;
/*! \brief Returns the role of the current email token.
*
* This is only used when email verification is enabled or for lost
* password functionality. It should return the role previously set
* with setEailToken().
*/
virtual User::EmailTokenRole emailTokenRole(const User& user) const;
/*! \brief Finds a user with a given email token.
*
* This is only used when email verification is enabled or for lost
* password functionality.
*/
virtual User findWithEmailToken(const std::string& hash) const;
//@}
/** @name Auth tokens (remember-me support)
*/
//@{
/*! \brief Adds an authentication token to a user.
*
* Unless you want a user to only have remember-me support from a
* single computer at a time, you should support multiple
* authentication tokens per user.
*/
virtual void addAuthToken(const User& user, const Token& token);
/*! \brief Deletes an authentication token.
*
* Deletes an authentication token previously added with addAuthToken()
*/
virtual void removeAuthToken(const User& user, const std::string& hash);
/*! \brief Finds a user with an authentication token.
*
* Returns a user with an authentication token.
*
* This should find the user associated with a particular token
* hash, or return an invalid user if no user with that token hash
* exists.
*/
virtual User findWithAuthToken(const std::string& hash) const;
/*! \brief Updates the authentication token with a new hash.
*
* If successful, returns the validity of the updated token in seconds.
*
* Returns 0 if the token could not be updated because it wasn't found
* or is expired.
*
* Returns -1 if not implemented.
*/
virtual int updateAuthToken(const User& user, const std::string& oldhash,
const std::string& newhash);
//@}
/** @name Authenticaton attempt throttling
*/
//@{
/*! \brief Sets the number of consecutive authentication failures.
*
* This sets the number of consecutive authentication failures since the
* last valid login.
*
* This is used by the throttling logic to determine how much time a
* user needs to wait before he can do a new login attempt.
*/
virtual void setFailedLoginAttempts(const User& user, int count);
/*! \brief Returns the number of consecutive authentication failures.
*
* \a setFailedLoginAttempts()
*/
virtual int failedLoginAttempts(const User& user) const;
/*! \brief Sets the time of the last login attempt.
*
* This sets the time at which the user attempted to login.
*/
virtual void setLastLoginAttempt(const User& user, const WDateTime& t);
/*! \brief Returns the time of the last login.
*
* \sa setLastLoginAttempt()
*/
virtual WDateTime lastLoginAttempt(const User& user) const;
//@}
protected:
AbstractUserDatabase();
private:
AbstractUserDatabase(const AbstractUserDatabase&);
};
}
}
#endif // WT_AUTH_ABSTRACT_USER_DATABASE
|