This file is indexed.

/usr/include/Wt/Auth/AbstractUserDatabase is in libwt-dev 3.3.6+dfsg-1.1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
// This may look like C code, but it's really -*- C++ -*-
/*
 * Copyright (C) 2011 Emweb bvba, Kessel-Lo, Belgium.
 *
 * See the LICENSE file for terms of use.
 */
#ifndef WT_AUTH_ABSTRACT_USER_DATABASE_H_
#define WT_AUTH_ABSTRACT_USER_DATABASE_H_

#include <Wt/Auth/User>

#ifndef WT_CX11

#if defined(__GXX_EXPERIMENTAL_CXX0X__) || __cplusplus >= 201103L
#define WT_CXX11
#endif

#ifdef WT_CXX11
#define WT_CXX11ONLY(x) x
#else
#define WT_CXX11ONLY(x)
#endif

#endif

namespace Wt {
  namespace Auth {

/*! \class AbstractUserDatabase Wt/Auth/AbstractUserDatabase
 *  \brief Abstract interface for an authentication user database
 *
 * This class defines the interface for managing user data related to
 * authentication. You need to implement this interface to allow the
 * authentication service classes (AuthService, PasswordService, and OAuthService)
 * to locate and update user credentials. Except for functions which
 * do work on a single user, it is more convenient to use the User
 * API. Obviously, you may have more data associated with a user,
 * including roles for access control, other personal information,
 * address information. This information cannot be accessed through
 * the Auth::User class, but you should make it available through your
 * own User class, which is then als the basis of this user database
 * implementation.
 *
 * The only assumption made by the authentication system is that an id
 * uniquely defines the user. This is usually an internal identifier,
 * for example an auto-incrementing primary key.
 *
 * With a user, one or more other identities may be associated. These
 * could be a login name (for password-based authentication), or id's
 * used by third party providers (such as OAuth or LDAP).
 *
 * The database implements a simple data store and does not contain
 * any logic. The database can store data for different aspects of
 * authentication, but most data fields are only relevant for optional
 * functionality, and thus themeselves optional. The default
 * implementation of these methods will log errors.
 *
 * The authentication views and model classes assume a private
 * instance of the database for each different session, and will try
 * to wrap database access within a transaction. Transaction support
 * can thus be optionally provided by a database implementation.
 *
 * \sa User
 *
 * \ingroup auth
 */
class WT_API AbstractUserDatabase
{
public:
  /*! \brief An abstract transaction.
   *
   * An abstract transaction interface.
   *
   * \sa startTransaction()
   */
  class WT_API Transaction
  {
  public:
    /*! \brief Destructor.
     *
     * If the transaction is not yet finished (committed or rolled back), 
     * it will be rolled back.
     *
     * \sa rollback()
     */
    virtual ~Transaction() WT_CXX11ONLY(noexcept(false));

    /*! \brief Commits the transaction.
     *
     * \sa rollback()
     */
    virtual void commit() = 0;

    /*! \brief Rolls back the transaction.
     *
     * \sa commit()
     */
    virtual void rollback() = 0;
  };

  /*! \brief Destructor.
   */
  virtual ~AbstractUserDatabase();

  /*! \brief Creates a new database transaction.
   *
   * If the underlying database does not support transactions, you can
   * return \c 0.
   *
   * Ownership of the transaction is transferred, and the transaction must
   * be deleted after it has been committed or rolled back.
   *
   * The default implementation returns \c 0 (no transaction support).
   */
  virtual Transaction *startTransaction();

  /*! \brief Finds a user with a given id.
   *
   * The id uniquely identifies a user.
   *
   * This should find the user with the given \p id, or return
   * an invalid user if no user with that id exists.
   */
  virtual User findWithId(const std::string& id) const = 0;

  /*! \brief Finds a user with a given identity.
   *
   * The \p identity uniquely identifies the user by the \p provider.
   *
   * This should find the user with the given \p identity, or return
   * an invalid user if no user with that identity exists.
   */
  virtual User findWithIdentity(const std::string& provider,
				const WT_USTRING& identity) const = 0;

  /*! \brief Adds an identify for the user.
   *
   * This adds an identity to the user.
   *
   * You are free to support only one identity per user, e.g. if you
   * only use password-based authentication. But you may also want to
   * support more than one if you allow the user to login using
   * multiple methods (e.g. name/password, OAuth from one or more
   * providers, LDAP, ...).
   */
  virtual void addIdentity(const User& user, const std::string& provider,
			   const WT_USTRING& id) = 0;

  /*! \brief Changes an identity for a user.
   *
   * The base implementation calls removeIdentity() followed by addIdentity().
   */
  virtual void setIdentity(const User& user, const std::string& provider,
			   const WT_USTRING& id);

  /*! \brief Returns a user identity.
   *
   * Returns a user identity for the given provider, or an empty string
   * if the user has no identitfy set for this provider.
   *
   * \sa addIdentity()
   */
  virtual WT_USTRING identity(const User& user, const std::string& provider)
    const = 0;

  /*! \brief Removes a user identity.
   *
   * This removes all identities of a \p provider from the \p user.
   *
   * \sa addIdentity()
   */
  virtual void removeIdentity(const User& user, const std::string& provider)
    = 0;
  //@}

  /*! \brief Registers a new user.
   *
   * This adds a new user.
   *
   * This method is only used by view classes involved with
   * registration (RegistrationWidget).
   */
  virtual User registerNew(); 

  /*! \brief Delete a user.
   *
   * This deletes a user from the database.
   */
  virtual void deleteUser(const User& user);

  /*! \brief Returns the status for a user.
   *
   * If there is support for suspending accounts, then this method may
   * be implemented to return whether a user account is disabled.
   *
   * The default implementation always returns User::Normal.
   *
   * \sa Login::loginState()
   */
  virtual User::Status status(const User& user) const;

  /*! \brief Sets the user status.
   *
   * This sets the status for a user (if supported).
   */
  virtual void setStatus(const User& user, User::Status status);

  /** @name Password authentication
   */
  //@{
  /*! \brief Sets a new user password.
   *
   * This updates the password for a user.
   *
   * This is used only by PasswordService.
   */
  virtual void setPassword(const User& user,
			   const PasswordHash& password);

  /*! \brief Returns a user password.
   *
   * This returns the stored password for a user, or a default
   * constructed password hash if the user does not yet have password
   * credentials.
   *
   * This is used only by PasswordService.
   */
  virtual PasswordHash password(const User& user) const;
  //@}
  
  /** @name Email addresses (for verification and lost passwords)
   */
  //@{
  /*! \brief Sets a user's email address.
   *
   * This is used only when email verification is enabled, or as a
   * result of a 3rd party Identity Provider based registration
   * process, if the provider also provides email address information
   * with the identiy.
   *
   * Returns whether the user's email address could be set. This may
   * fail when there is already a user registered that email address.
   *
   * \sa findWithEmail()
   */
  virtual bool setEmail(const User& user, const std::string& address);

  /*! \brief Returns a user's email address.
   *
   * This may be an unverified or verified email address, depending on
   * whether email address verification is enabled in the model
   * classes.
   *
   * This is an optional method, and currently not used by any of the
   * included models or views.
   */
  virtual std::string email(const User& user) const;

  /*! \brief Sets a user's unverified email address.
   *
   * This is only used when email verification is enabled. It holds
   * the currently unverified email address, while a mail is being sent
   * for the user to confirm this email address.
   */
  virtual void setUnverifiedEmail(const User& user,
				  const std::string& address);

  /*! \brief Returns a user's unverified email address.
   *
   * This is an optional method, and currently not used by any of the
   * included models or views.
   */
  virtual std::string unverifiedEmail(const User& user) const;

  /*! \brief Finds a user with a given email address.
   *
   * This is used to verify that a email addresses are unique, and to
   * implement lost password functionality.
   */
  virtual User findWithEmail(const std::string& address) const;

  /*! \brief Sets a new email token for a user.
   *
   * This is only used when email verification is enabled or for lost
   * password functionality.
   */
  virtual void setEmailToken(const User& user, const Token& token,
			     User::EmailTokenRole role);

  /*! \brief Returns an email token.
   *
   * This is only used when email verification is enabled and for lost
   * password functionality. It should return the email token previously
   * set with setEmailToken()
   */
  virtual Token emailToken(const User& user) const;

  /*! \brief Returns the role of the current email token.
   *
   * This is only used when email verification is enabled or for lost
   * password functionality. It should return the role previously set
   * with setEailToken().
   */
  virtual User::EmailTokenRole emailTokenRole(const User& user) const;

  /*! \brief Finds a user with a given email token.
   *
   * This is only used when email verification is enabled or for lost
   * password functionality.
   */
  virtual User findWithEmailToken(const std::string& hash) const;
    //@}

  /** @name Auth tokens (remember-me support)
   */
  //@{
  /*! \brief Adds an authentication token to a user.
   *
   * Unless you want a user to only have remember-me support from a
   * single computer at a time, you should support multiple
   * authentication tokens per user.
   */
  virtual void addAuthToken(const User& user, const Token& token);

  /*! \brief Deletes an authentication token.
   *
   * Deletes an authentication token previously added with addAuthToken()
   */
  virtual void removeAuthToken(const User& user, const std::string& hash);

  /*! \brief Finds a user with an authentication token.
   *
   * Returns a user with an authentication token.
   *
   * This should find the user associated with a particular token
   * hash, or return an invalid user if no user with that token hash
   * exists.
   */
  virtual User findWithAuthToken(const std::string& hash) const;

  /*! \brief Updates the authentication token with a new hash.
   *
   * If successful, returns the validity of the updated token in seconds.
   *
   * Returns 0 if the token could not be updated because it wasn't found
   * or is expired.
   *
   * Returns -1 if not implemented.
   */
  virtual int updateAuthToken(const User& user, const std::string& oldhash,
			      const std::string& newhash);
  //@}

  /** @name Authenticaton attempt throttling
   */
  //@{
  /*! \brief Sets the number of consecutive authentication failures.
   *
   * This sets the number of consecutive authentication failures since the
   * last valid login.
   *
   * This is used by the throttling logic to determine how much time a
   * user needs to wait before he can do a new login attempt.
   */
  virtual void setFailedLoginAttempts(const User& user, int count);

  /*! \brief Returns the number of consecutive authentication failures.
   *
   * \a setFailedLoginAttempts()
   */
  virtual int failedLoginAttempts(const User& user) const;

  /*! \brief Sets the time of the last login attempt.
   *
   * This sets the time at which the user attempted to login.
   */
  virtual void setLastLoginAttempt(const User& user, const WDateTime& t);

  /*! \brief Returns the time of the last login.
   *
   * \sa setLastLoginAttempt()
   */
  virtual WDateTime lastLoginAttempt(const User& user) const;
  //@}

protected:
  AbstractUserDatabase();

private:
  AbstractUserDatabase(const AbstractUserDatabase&);
};

  }
}

#endif // WT_AUTH_ABSTRACT_USER_DATABASE