1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
|
/****************************************************************************
**
** Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
** All rights reserved.
** Contact: Nokia Corporation (qt-info@nokia.com)
**
** This file is part of the QtAddOn.JsonStream module of the Qt Toolkit.
**
** $QT_BEGIN_LICENSE:LGPL$
** GNU Lesser General Public License Usage
** This file may be used under the terms of the GNU Lesser General Public
** License version 2.1 as published by the Free Software Foundation and
** appearing in the file LICENSE.LGPL included in the packaging of this
** file. Please review the following information to ensure the GNU Lesser
** General Public License version 2.1 requirements will be met:
** http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html.
**
** In addition, as a special exception, Nokia gives you certain additional
** rights. These rights are described in the Nokia Qt LGPL Exception
** version 1.1, included in the file LGPL_EXCEPTION.txt in this package.
**
** GNU General Public License Usage
** Alternatively, this file may be used under the terms of the GNU General
** Public License version 3.0 as published by the Free Software Foundation
** and appearing in the file LICENSE.GPL included in the packaging of this
** file. Please review the following information to ensure the GNU General
** Public License version 3.0 requirements will be met:
** http://www.gnu.org/copyleft/gpl.html.
**
** Other Usage
** Alternatively, this file may be used in accordance with the terms and
** conditions contained in a signed written agreement between you and Nokia.
**
**
**
**
**
** $QT_END_LICENSE$
**
****************************************************************************/
#include <QUuid>
#include <QDebug>
#include "qjsontokenauthority.h"
QT_BEGIN_NAMESPACE_JSONSTREAM
/*!
\class QJsonTokenAuthority
\inmodule QtJsonStream
\brief The QJsonTokenAuthority class implements a token-based authentication scheme for QJsonServer.
The QJsonTokenAuthority class authorizes QJson client connections based on tokens received from the first
message sent by the client to the server. The expectation is that the first message sent by the client
to the authority will be of the form:
\code
{ "token": AUTHORIZATION_TOKEN }
\endcode
*/
/*!
Construct a \c QJsonTokenAuthority with the given \a parent.
*/
QJsonTokenAuthority::QJsonTokenAuthority(QObject *parent)
: QJsonAuthority(parent)
{
}
/*!
Add a \a token, \a identifier pair to the valid hash table.
Return false if the token was already in the table.
*/
bool QJsonTokenAuthority::authorize(const QByteArray &token, const QString &identifier)
{
if (identifier.isEmpty() || token.isEmpty())
return false;
if (m_identifierForToken.contains(token))
return false;
m_identifierForToken.insert(token, identifier);
return true;
}
/*!
Remove a \a token from the valid hash table. Calling this function does
\b{not} disconnect any existing clients. Return true if the token was in the table, false if it was not.
*/
bool QJsonTokenAuthority::deauthorize(const QByteArray &token)
{
return m_identifierForToken.remove(token);
}
/*!
Wait for the first received message on \a stream.
*/
AuthorizationRecord QJsonTokenAuthority::clientConnected(QJsonStream *stream)
{
Q_UNUSED(stream);
return AuthorizationRecord( QJsonAuthority::StatePending );
}
/*!
The first \a message received from \a stream must contain a "token" field which contains an
authorized identifier. If it does not, the connection is not authorized.
\sa authorize()
*/
AuthorizationRecord QJsonTokenAuthority::messageReceived(QJsonStream *stream,
const QJsonObject &message)
{
Q_UNUSED(stream);
const QByteArray token = message.value(QLatin1String("token")).toString().toLatin1();
QString identifier = m_identifierForToken.value(token);
if (!identifier.isEmpty())
return AuthorizationRecord( QJsonAuthority::StateAuthorized, identifier );
return AuthorizationRecord( QJsonAuthority::StateNotAuthorized );
}
#include "moc_qjsontokenauthority.cpp"
QT_END_NAMESPACE_JSONSTREAM
|
