joelthomastrenser/Training-VehicleService-May26
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 3 Wiki Activity
Files
ac552d669adacdedf38b8dbac78b98c64e8dc853
Training-VehicleService-May26/Trenser.VehicleServiceSystem/Trenser.VehicleServiceSystem/services/AuthenticationManagementService.cpp
T
joelthomastrenser 82164e42c3 Stop disabled users from performing operations after account deactivation 
Changes:
- Added authorization state tracking to authenticated sessions.
- Revoked authorization immediately when an account-disabled event is received.
- Added authorization validation before protected service operations.
- Cleared authorization state on logout.

Fixes #2078
2026-06-17 16:47:15 +05:30

154 lines
4.5 KiB
C++
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
/*
File: AuthenticationManagementService.cpp
Description: Implementation file containing the method definitions of the
AuthenticationManagementService class, including logout and
password change logic.
Author: Trenser
Date:19-May-2026
*/
#include <stdexcept>
#include "AuthenticationManagementService.h"
#include "User.h"
#include "Utility.h"
#include "DataStoreLockGuard.h"
User* AuthenticationManagementService::m_authenticatedUser = nullptr;
bool AuthenticationManagementService::m_isAuthorized = false;
EventManager AuthenticationManagementService::m_eventManager;
HANDLE AuthenticationManagementService::m_accountDisabledEvent = NULL;
HANDLE AuthenticationManagementService::m_notificationsAvailableEvent = NULL;
/*
Function: ensureAuthorization
Description: Verifies that a user is currently authenticated before allowing
access to a protected operation. Throws an exception if no
authorized user session exists.
Parameter: None
Return type: void
Throws: std::runtime_error - if the user is not authorized
*/
void AuthenticationManagementService::ensureAuthorization()
{
if (!m_authenticatedUser || !m_isAuthorized)
{
throw std::runtime_error("You are not authorized to do this operation!");
}
}
/*
Function: login
Description: Authenticates a user by checking the provided username and password
against the stored users in the DataStore. If successful, sets the
authenticated user.
Parameter: const std::string& username - users username
const std::string& password - users password
Return type: bool - true if login successful, false otherwise
*/
bool AuthenticationManagementService::login(const std::string& username, const std::string& password)
{
DataStoreLockGuard lock(m_dataStore);
auto& trackedUserMap = m_dataStore.getUsers();
int trackedUserMapSize = trackedUserMap.getSize();
for (int index = 0; index < trackedUserMapSize; index++)
{
User* user = trackedUserMap.getValueAt(index).data;
if (username == user->getUserName())
{
if (password == user->getPassword())
{
m_authenticatedUser = user;
m_isAuthorized = true;
m_eventManager.initialize(
user->getId(),
[]()
{
if (m_accountDisabledEvent)
{
AuthenticationManagementService::m_isAuthorized = false;
SetEvent(m_accountDisabledEvent);
}
},
[]()
{
if (m_notificationsAvailableEvent)
{
SetEvent(m_notificationsAvailableEvent);
}
});
return true;
}
return false;
}
}
return false;
}
/*
Function: getAuthenticatedUser
Description: Retrieves the currently authenticated user.
Parameter: None
Return type: User* - pointer to the authenticated user
*/
User* AuthenticationManagementService::getAuthenticatedUser()
{
return m_authenticatedUser;
}
/*
Function: logout
Description: Logs out the currently authenticated user by clearing the
static authenticated user pointer.
Parameter: None
Return type: void
*/
void AuthenticationManagementService::logout()
{
m_eventManager.shutdown();
m_authenticatedUser = nullptr;
m_isAuthorized = false;
m_accountDisabledEvent = NULL;
m_notificationsAvailableEvent = NULL;
}
/*
Function: changePassword
Description: Changes the password of the currently authenticated user.
Throws an exception if no user is logged in.
Parameter: const std::string& newPassword - new password to set
Return type: void
*/
void AuthenticationManagementService::changePassword(const std::string& newPassword)
{
AuthenticationManagementService::ensureAuthorization();
DataStoreLockGuard lock(m_dataStore);
auto& trackedUsersMap = m_dataStore.getUsers();
if (m_authenticatedUser == nullptr)
{
throw std::runtime_error("There is no user currently logged in!");
}
int index = trackedUsersMap.find(m_authenticatedUser->getId());
if (index == -1)
{
throw std::runtime_error("User does not exist!\n");
}
m_authenticatedUser->setPassword(newPassword);
trackedUsersMap.getValueAt(index).state = RecordState::MODIFIED;
m_dataStore.saveUsers();
}
/*
Function: registerEvents
Description: Registers menu event handles used to notify the active
menu of account disable and notification events.
Parameter: HANDLE accountDisabledEvent - account disabled event handle
HANDLE notificationAvailableEvent - notification event handle
Return type: void
*/
void AuthenticationManagementService::registerEvents(HANDLE accountDisabledEvent, HANDLE notificationAvailableEvent)
{
m_accountDisabledEvent = accountDisabledEvent;
m_notificationsAvailableEvent = notificationAvailableEvent;
}
Reference in New Issue View Git Blame Copy Permalink