From 82164e42c35196d2cf239d9b1c0f44e02598d4e2 Mon Sep 17 00:00:00 2001 From: Joel Thomas Date: Wed, 17 Jun 2026 16:47:15 +0530 Subject: [PATCH] Stop disabled users from performing operations after account deactivation Changes: - Added authorization state tracking to authenticated sessions. - Revoked authorization immediately when an account-disabled event is received. - Added authorization validation before protected service operations. - Cleared authorization state on logout. Fixes #2078 --- .../AuthenticationManagementService.cpp | 23 +++++++++++++++++++ .../AuthenticationManagementService.h | 2 ++ .../services/InventoryManagementService.cpp | 6 +++++ .../services/PaymentManagementService.cpp | 7 +++++- .../services/ServiceManagementService.cpp | 14 +++++++++++ .../services/UserManagementService.cpp | 5 ++++ 6 files changed, 56 insertions(+), 1 deletion(-) diff --git a/Trenser.VehicleServiceSystem/Trenser.VehicleServiceSystem/services/AuthenticationManagementService.cpp b/Trenser.VehicleServiceSystem/Trenser.VehicleServiceSystem/services/AuthenticationManagementService.cpp index 56137e5..dd80cd9 100644 --- a/Trenser.VehicleServiceSystem/Trenser.VehicleServiceSystem/services/AuthenticationManagementService.cpp +++ b/Trenser.VehicleServiceSystem/Trenser.VehicleServiceSystem/services/AuthenticationManagementService.cpp @@ -14,10 +14,29 @@ Date:19-May-2026 #include "DataStoreLockGuard.h" User* AuthenticationManagementService::m_authenticatedUser = nullptr; +bool AuthenticationManagementService::m_isAuthorized = false; EventManager AuthenticationManagementService::m_eventManager; HANDLE AuthenticationManagementService::m_accountDisabledEvent = NULL; HANDLE AuthenticationManagementService::m_notificationsAvailableEvent = NULL; + +/* +Function: ensureAuthorization +Description: Verifies that a user is currently authenticated before allowing + access to a protected operation. Throws an exception if no + authorized user session exists. +Parameter: None +Return type: void +Throws: std::runtime_error - if the user is not authorized +*/ +void AuthenticationManagementService::ensureAuthorization() +{ + if (!m_authenticatedUser || !m_isAuthorized) + { + throw std::runtime_error("You are not authorized to do this operation!"); + } +} + /* Function: login Description: Authenticates a user by checking the provided username and password @@ -40,12 +59,14 @@ bool AuthenticationManagementService::login(const std::string& username, const s if (password == user->getPassword()) { m_authenticatedUser = user; + m_isAuthorized = true; m_eventManager.initialize( user->getId(), []() { if (m_accountDisabledEvent) { + AuthenticationManagementService::m_isAuthorized = false; SetEvent(m_accountDisabledEvent); } }, @@ -86,6 +107,7 @@ void AuthenticationManagementService::logout() { m_eventManager.shutdown(); m_authenticatedUser = nullptr; + m_isAuthorized = false; m_accountDisabledEvent = NULL; m_notificationsAvailableEvent = NULL; } @@ -99,6 +121,7 @@ Return type: void */ void AuthenticationManagementService::changePassword(const std::string& newPassword) { + AuthenticationManagementService::ensureAuthorization(); DataStoreLockGuard lock(m_dataStore); auto& trackedUsersMap = m_dataStore.getUsers(); if (m_authenticatedUser == nullptr) diff --git a/Trenser.VehicleServiceSystem/Trenser.VehicleServiceSystem/services/AuthenticationManagementService.h b/Trenser.VehicleServiceSystem/Trenser.VehicleServiceSystem/services/AuthenticationManagementService.h index d512892..e927187 100644 --- a/Trenser.VehicleServiceSystem/Trenser.VehicleServiceSystem/services/AuthenticationManagementService.h +++ b/Trenser.VehicleServiceSystem/Trenser.VehicleServiceSystem/services/AuthenticationManagementService.h @@ -19,12 +19,14 @@ class AuthenticationManagementService { private: static User* m_authenticatedUser; + static bool m_isAuthorized; static EventManager m_eventManager; static HANDLE m_accountDisabledEvent; static HANDLE m_notificationsAvailableEvent; DataStore& m_dataStore; public: AuthenticationManagementService() : m_dataStore(DataStore::getInstance()) {} + static void ensureAuthorization(); bool login(const std::string& username, const std::string& password); void logout(); void changePassword(const std::string& newPassword); diff --git a/Trenser.VehicleServiceSystem/Trenser.VehicleServiceSystem/services/InventoryManagementService.cpp b/Trenser.VehicleServiceSystem/Trenser.VehicleServiceSystem/services/InventoryManagementService.cpp index f906431..6152fd3 100644 --- a/Trenser.VehicleServiceSystem/Trenser.VehicleServiceSystem/services/InventoryManagementService.cpp +++ b/Trenser.VehicleServiceSystem/Trenser.VehicleServiceSystem/services/InventoryManagementService.cpp @@ -14,6 +14,7 @@ Date: 22-May-2026 #include "Factory.h" #include "InventoryItem.h" #include "InventoryManagementService.h" +#include "AuthenticationManagementService.h" #include "Timestamp.h" #include "User.h" #include "Utility.h" @@ -102,6 +103,7 @@ Return type: void */ void InventoryManagementService::addInventoryItem(const std::string& partName, int quantity, double price) { + AuthenticationManagementService::ensureAuthorization(); DataStoreLockGuard lock(m_dataStore); auto& trackedInventoryItemMap = m_dataStore.getInventoryItems(); InventoryItem* newItem = Factory::getObject(partName, quantity, price); @@ -118,6 +120,7 @@ Return type: void */ void InventoryManagementService::addInventoryItemStock(const std::string& selectedItemId, int quantity) { + AuthenticationManagementService::ensureAuthorization(); DataStoreLockGuard lock(m_dataStore); auto& trackedInventoryItemMap = m_dataStore.getInventoryItems(); int index = trackedInventoryItemMap.find(selectedItemId); @@ -144,6 +147,7 @@ Return type: util::Map */ util::Map InventoryManagementService::getInventoryItems() { + AuthenticationManagementService::ensureAuthorization(); DataStoreLockGuard lock(m_dataStore); auto& trackedInventoryItemMap = m_dataStore.getInventoryItems(); auto inventoryMap = util::getObjects(trackedInventoryItemMap); @@ -158,6 +162,7 @@ Return type: void */ void InventoryManagementService::removeInventoryItem(const std::string& inventoryItemID) { + AuthenticationManagementService::ensureAuthorization(); DataStoreLockGuard lock(m_dataStore); auto& trackedInventoryItemMap = m_dataStore.getInventoryItems(); int index = trackedInventoryItemMap.find(inventoryItemID); @@ -183,6 +188,7 @@ Return type: InventoryItem* */ InventoryItem* InventoryManagementService::getInventoryItem(const std::string& inventoryItemID) { + AuthenticationManagementService::ensureAuthorization(); DataStoreLockGuard lock(m_dataStore); auto& trackedInventoryItemMap = m_dataStore.getInventoryItems(); int index = trackedInventoryItemMap.find(inventoryItemID); diff --git a/Trenser.VehicleServiceSystem/Trenser.VehicleServiceSystem/services/PaymentManagementService.cpp b/Trenser.VehicleServiceSystem/Trenser.VehicleServiceSystem/services/PaymentManagementService.cpp index dad4421..b09b9bf 100644 --- a/Trenser.VehicleServiceSystem/Trenser.VehicleServiceSystem/services/PaymentManagementService.cpp +++ b/Trenser.VehicleServiceSystem/Trenser.VehicleServiceSystem/services/PaymentManagementService.cpp @@ -15,6 +15,7 @@ Date: 20-May-2026 #include "Invoice.h" #include "JobCard.h" #include "PaymentManagementService.h" +#include "AuthenticationManagementService.h" #include "DataStoreLockGuard.h" #include "Service.h" #include "ServiceBooking.h" @@ -233,6 +234,7 @@ Returns: */ util::Map PaymentManagementService::getInvoices(const std::string& customerID) { + AuthenticationManagementService::ensureAuthorization(); DataStoreLockGuard lock(m_dataStore); auto& currentTrackedInvoices = m_dataStore.getInvoices(); util::Map currentUserInvoices; @@ -261,6 +263,7 @@ Throws: */ void PaymentManagementService::completePayment(const std::string& invoiceID, util::PaymentMode paymentMode) { + AuthenticationManagementService::ensureAuthorization(); DataStoreLockGuard lock(m_dataStore); auto& currentTrackedInvoices = m_dataStore.getInvoices(); int invoiceIndex = currentTrackedInvoices.find(invoiceID); @@ -289,7 +292,7 @@ void PaymentManagementService::completePayment(const std::string& invoiceID, uti } /* -Function: getAllInvoice +Function: getAllInvoices Description: Provides access to all invoices stored in the data store. Parameters: - none @@ -298,6 +301,7 @@ Returns: */ util::Map PaymentManagementService::getAllInvoices() { + AuthenticationManagementService::ensureAuthorization(); DataStoreLockGuard lock(m_dataStore); util::Map invoices; invoices = util::getObjects(m_dataStore.getInvoices()); @@ -317,6 +321,7 @@ Throws: */ void PaymentManagementService::confirmPayment(const std::string& invoiceID) { + AuthenticationManagementService::ensureAuthorization(); DataStoreLockGuard lock(m_dataStore); auto& currentTrackedInvoices = m_dataStore.getInvoices(); int invoiceIndex = currentTrackedInvoices.find(invoiceID); diff --git a/Trenser.VehicleServiceSystem/Trenser.VehicleServiceSystem/services/ServiceManagementService.cpp b/Trenser.VehicleServiceSystem/Trenser.VehicleServiceSystem/services/ServiceManagementService.cpp index e703453..da5eef6 100644 --- a/Trenser.VehicleServiceSystem/Trenser.VehicleServiceSystem/services/ServiceManagementService.cpp +++ b/Trenser.VehicleServiceSystem/Trenser.VehicleServiceSystem/services/ServiceManagementService.cpp @@ -42,6 +42,7 @@ Return type: void */ void ServiceManagementService::purchaseService(const util::Vector& serviceIDs, const std::string& vehicleNumber, const std::string& vehicleBrand, const std::string& vehicleModel) { + AuthenticationManagementService::ensureAuthorization(); AuthenticationManagementService m_authenticationManagementService; auto authenticatedUser = m_authenticationManagementService.getAuthenticatedUser(); if (authenticatedUser == nullptr) @@ -87,6 +88,7 @@ Return type: void */ void ServiceManagementService::purchaseComboPackage(const std::string& comboPackageID, const std::string& vehicleNumber, const std::string& vehicleBrand, const std::string& vehicleModel) { + AuthenticationManagementService::ensureAuthorization(); AuthenticationManagementService m_authenticationManagementService; auto authenticatedUser = m_authenticationManagementService.getAuthenticatedUser(); if (authenticatedUser == nullptr) @@ -433,6 +435,7 @@ Return type: void */ void ServiceManagementService::createComboPackage(const std::string& packageName, const util::Vector& serviceIDsInNewCombo, double discountPercentage) { + AuthenticationManagementService::ensureAuthorization(); DataStoreLockGuard lock(m_dataStore); if (packageName.empty()) { @@ -502,6 +505,7 @@ Return type: util::Map */ util::Map ServiceManagementService::getComboPackages() { + AuthenticationManagementService::ensureAuthorization(); DataStoreLockGuard lock(m_dataStore); util::Map comboPackages; comboPackages = util::getObjects(m_dataStore.getComboPackages()); @@ -516,6 +520,7 @@ Return type: void */ void ServiceManagementService::removeComboPackage(const std::string& comboPackageID) { + AuthenticationManagementService::ensureAuthorization(); DataStoreLockGuard lock(m_dataStore); bool removed = false; auto& trackedComboPackages = m_dataStore.getComboPackages(); @@ -548,6 +553,7 @@ Returns: */ util::Map ServiceManagementService::getServiceBookings() { + AuthenticationManagementService::ensureAuthorization(); DataStoreLockGuard lock(m_dataStore); util::Map serviceBookings; serviceBookings = util::getObjects(m_dataStore.getServiceBookings()); @@ -564,6 +570,7 @@ Returns: */ ServiceBooking* ServiceManagementService::getServiceBooking(const std::string& serviceID) { + AuthenticationManagementService::ensureAuthorization(); auto currentServiceBookings = getServiceBookings(); for (int iterator = 0; iterator < currentServiceBookings.getSize(); iterator++) { @@ -590,6 +597,7 @@ Throws: */ void ServiceManagementService::createJobCard(const std::string& bookingID, const std::string& technicianID, const std::string& serviceID) { + AuthenticationManagementService::ensureAuthorization(); DataStoreLockGuard lock(m_dataStore); UserManagementService m_userManagementService; ServiceBooking* currentBooking = getServiceBooking(bookingID); @@ -667,6 +675,7 @@ Throws: */ void ServiceManagementService::createService(const std::string& name, const util::Vector& inventoryItemIDs, double laborCost) { + AuthenticationManagementService::ensureAuthorization(); DataStoreLockGuard lock(m_dataStore); util::Map currentServiceInventoryItems; auto& trackedInventoryItems = m_dataStore.getInventoryItems(); @@ -713,6 +722,7 @@ Returns: */ util::Map ServiceManagementService::getServices() { + AuthenticationManagementService::ensureAuthorization(); DataStoreLockGuard lock(m_dataStore); util::Map services; services = util::getObjects(m_dataStore.getServices()); @@ -731,6 +741,7 @@ Throws: */ void ServiceManagementService::removeService(const std::string& serviceID) { + AuthenticationManagementService::ensureAuthorization(); DataStoreLockGuard lock(m_dataStore); auto& currentTrackedServices = m_dataStore.getServices(); auto& currentTrackedComboPackages = m_dataStore.getComboPackages(); @@ -778,6 +789,7 @@ Returns: */ util::Map ServiceManagementService::getServiceBookings(const std::string& customerID) { + AuthenticationManagementService::ensureAuthorization(); util::Map currentServiceBookings = getServiceBookings(); util::Map currentUserServiceBookings; if (currentServiceBookings.getSize() != 0) @@ -804,6 +816,7 @@ Returns: */ util::Map ServiceManagementService::getJobCards(const std::string& technicianID) { + AuthenticationManagementService::ensureAuthorization(); DataStoreLockGuard lock(m_dataStore); auto& trackedJobCards = m_dataStore.getJobCards(); util::Map technicianJobCards; @@ -858,6 +871,7 @@ Returns: */ void ServiceManagementService::updateJobStatus(const std::string& jobID) { + AuthenticationManagementService::ensureAuthorization(); DataStoreLockGuard lock(m_dataStore); AuthenticationManagementService authenticationManagementService; PaymentManagementService paymentManagementService; diff --git a/Trenser.VehicleServiceSystem/Trenser.VehicleServiceSystem/services/UserManagementService.cpp b/Trenser.VehicleServiceSystem/Trenser.VehicleServiceSystem/services/UserManagementService.cpp index ab85936..0c3991d 100644 --- a/Trenser.VehicleServiceSystem/Trenser.VehicleServiceSystem/services/UserManagementService.cpp +++ b/Trenser.VehicleServiceSystem/Trenser.VehicleServiceSystem/services/UserManagementService.cpp @@ -15,6 +15,7 @@ Date:19-May-2026 #include "Notification.h" #include "PaymentManagementService.h" #include "ServiceManagementService.h" +#include "AuthenticationManagementService.h" #include "User.h" #include "UserManagementService.h" #include "Vector.h" @@ -114,6 +115,7 @@ Return type: void */ void UserManagementService::updateUserDetails(const std::string& userID, const std::string& email, const std::string& phone) { + AuthenticationManagementService::ensureAuthorization(); DataStoreLockGuard lock(m_dataStore); auto& trackedUsersMap = m_dataStore.getUsers(); auto usersMap = util::getObjects(trackedUsersMap); @@ -161,6 +163,7 @@ Throws: */ util::Vector UserManagementService::getUserNotifications(const std::string& userID) { + AuthenticationManagementService::ensureAuthorization(); DataStoreLockGuard lock(m_dataStore); auto& trackedUsersMap = m_dataStore.getUsers(); if (trackedUsersMap.find(userID) == -1) @@ -204,6 +207,7 @@ Throws: */ void UserManagementService::deleteNotification(const std::string& notificationID, const std::string& userID) { + AuthenticationManagementService::ensureAuthorization(); DataStoreLockGuard lock(m_dataStore); auto& trackedUsersMap = m_dataStore.getUsers(); auto& trackedNotificationsMap = m_dataStore.getNotifications(); @@ -265,6 +269,7 @@ Return type: void */ void UserManagementService::removeUser(const std::string& userID) { + AuthenticationManagementService::ensureAuthorization(); InventoryManagementService inventoryManagementService; PaymentManagementService paymentManagementService; ServiceManagementService serviceManagementService;