Browse Source

Merge pull request #10801 from Chocobo1/timeout

Add WebAPI session timeout settings
adaptive-webui-19844
Mike Tzou 6 years ago committed by GitHub
parent
commit
206bb018dd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 10
      src/base/preferences.cpp
  2. 2
      src/base/preferences.h
  3. 3
      src/gui/optionsdialog.cpp
  4. 81
      src/gui/optionsdialog.ui
  5. 3
      src/webui/api/appcontroller.cpp
  6. 30
      src/webui/webapplication.cpp
  7. 13
      src/webui/webapplication.h
  8. 8
      src/webui/www/private/preferences_content.html

10
src/base/preferences.cpp

@ -598,6 +598,16 @@ void Preferences::setWebUIPassword(const QByteArray &password) @@ -598,6 +598,16 @@ void Preferences::setWebUIPassword(const QByteArray &password)
setValue("Preferences/WebUI/Password_PBKDF2", password);
}
int Preferences::getWebUISessionTimeout() const
{
return value("Preferences/WebUI/SessionTimeout", 3600).toInt();
}
void Preferences::setWebUISessionTimeout(const int timeout)
{
setValue("Preferences/WebUI/SessionTimeout", timeout);
}
bool Preferences::isWebUiClickjackingProtectionEnabled() const
{
return value("Preferences/WebUI/ClickjackingProtection", true).toBool();

2
src/base/preferences.h

@ -190,6 +190,8 @@ public: @@ -190,6 +190,8 @@ public:
void setWebUiUsername(const QString &username);
QByteArray getWebUIPassword() const;
void setWebUIPassword(const QByteArray &password);
int getWebUISessionTimeout() const;
void setWebUISessionTimeout(int timeout);
// WebUI security
bool isWebUiClickjackingProtectionEnabled() const;

3
src/gui/optionsdialog.cpp

@ -403,6 +403,7 @@ OptionsDialog::OptionsDialog(QWidget *parent) @@ -403,6 +403,7 @@ OptionsDialog::OptionsDialog(QWidget *parent)
connect(m_ui->checkBypassLocalAuth, &QAbstractButton::toggled, this, &ThisType::enableApplyButton);
connect(m_ui->checkBypassAuthSubnetWhitelist, &QAbstractButton::toggled, this, &ThisType::enableApplyButton);
connect(m_ui->checkBypassAuthSubnetWhitelist, &QAbstractButton::toggled, m_ui->IPSubnetWhitelistButton, &QPushButton::setEnabled);
connect(m_ui->spinSessionTimeout, qSpinBoxValueChanged, this, &ThisType::enableApplyButton);
connect(m_ui->checkClickjacking, &QCheckBox::toggled, this, &ThisType::enableApplyButton);
connect(m_ui->checkCSRFProtection, &QCheckBox::toggled, this, &ThisType::enableApplyButton);
connect(m_ui->groupHostHeaderValidation, &QGroupBox::toggled, this, &ThisType::enableApplyButton);
@ -724,6 +725,7 @@ void OptionsDialog::saveOptions() @@ -724,6 +725,7 @@ void OptionsDialog::saveOptions()
pref->setWebUiHttpsEnabled(m_ui->checkWebUiHttps->isChecked());
pref->setWebUIHttpsCertificatePath(m_ui->textWebUIHttpsCert->selectedPath());
pref->setWebUIHttpsKeyPath(m_ui->textWebUIHttpsKey->selectedPath());
pref->setWebUISessionTimeout(m_ui->spinSessionTimeout->value());
// Authentication
pref->setWebUiUsername(webUiUsername());
if (!webUiPassword().isEmpty())
@ -1092,6 +1094,7 @@ void OptionsDialog::loadOptions() @@ -1092,6 +1094,7 @@ void OptionsDialog::loadOptions()
m_ui->checkBypassLocalAuth->setChecked(!pref->isWebUiLocalAuthEnabled());
m_ui->checkBypassAuthSubnetWhitelist->setChecked(pref->isWebUiAuthSubnetWhitelistEnabled());
m_ui->IPSubnetWhitelistButton->setEnabled(m_ui->checkBypassAuthSubnetWhitelist->isChecked());
m_ui->spinSessionTimeout->setValue(pref->getWebUISessionTimeout());
// Security
m_ui->checkClickjacking->setChecked(pref->isWebUiClickjackingProtectionEnabled());

81
src/gui/optionsdialog.ui

@ -2922,21 +2922,27 @@ Specify an IPv4 or IPv6 address. You can specify "0.0.0.0" for any IPv @@ -2922,21 +2922,27 @@ Specify an IPv4 or IPv6 address. You can specify "0.0.0.0" for any IPv
<property name="title">
<string>Authentication</string>
</property>
<layout class="QGridLayout" name="gridLayout_10">
<item row="5" column="1">
<widget class="QPushButton" name="IPSubnetWhitelistButton">
<property name="sizePolicy">
<sizepolicy hsizetype="Fixed" vsizetype="Fixed">
<horstretch>0</horstretch>
<verstretch>0</verstretch>
</sizepolicy>
<layout class="QVBoxLayout" name="verticalLayout_35">
<item>
<layout class="QGridLayout" name="gridLayout_8">
<item row="0" column="0">
<widget class="QLabel" name="lblWebUiUsername">
<property name="text">
<string>Username:</string>
</property>
</widget>
</item>
<item row="0" column="1">
<widget class="QLineEdit" name="textWebUiUsername"/>
</item>
<item row="1" column="0">
<widget class="QLabel" name="lblWebUiPassword">
<property name="text">
<string>IP subnet whitelist...</string>
<string>Password:</string>
</property>
</widget>
</item>
<item row="2" column="1">
<item row="1" column="1">
<widget class="QLineEdit" name="textWebUiPassword">
<property name="echoMode">
<enum>QLineEdit::Password</enum>
@ -2946,36 +2952,71 @@ Specify an IPv4 or IPv6 address. You can specify &quot;0.0.0.0&quot; for any IPv @@ -2946,36 +2952,71 @@ Specify an IPv4 or IPv6 address. You can specify &quot;0.0.0.0&quot; for any IPv
</property>
</widget>
</item>
<item row="3" column="0" colspan="2">
</layout>
</item>
<item>
<widget class="QCheckBox" name="checkBypassLocalAuth">
<property name="text">
<string>Bypass authentication for clients on localhost</string>
</property>
</widget>
</item>
<item row="4" column="0" colspan="2">
<item>
<widget class="QCheckBox" name="checkBypassAuthSubnetWhitelist">
<property name="text">
<string>Bypass authentication for clients in whitelisted IP subnets</string>
</property>
</widget>
</item>
<item row="0" column="0" rowspan="2">
<widget class="QLabel" name="lblWebUiUsername">
<item>
<widget class="QPushButton" name="IPSubnetWhitelistButton">
<property name="sizePolicy">
<sizepolicy hsizetype="Fixed" vsizetype="Fixed">
<horstretch>0</horstretch>
<verstretch>0</verstretch>
</sizepolicy>
</property>
<property name="text">
<string>Username:</string>
<string>IP subnet whitelist...</string>
</property>
</widget>
</item>
<item row="2" column="0">
<widget class="QLabel" name="lblWebUiPassword">
<item>
<layout class="QHBoxLayout" name="horizontalLayout_13">
<item>
<widget class="QLabel" name="lblSessionTimeout">
<property name="text">
<string>Password:</string>
<string>Session timeout:</string>
</property>
</widget>
</item>
<item row="0" column="1" rowspan="2">
<widget class="QLineEdit" name="textWebUiUsername"/>
<item>
<widget class="QSpinBox" name="spinSessionTimeout">
<property name="specialValueText">
<string>Disabled</string>
</property>
<property name="suffix">
<string> sec</string>
</property>
<property name="maximum">
<number>2147483647</number>
</property>
</widget>
</item>
<item>
<spacer name="horizontalSpacer_11">
<property name="orientation">
<enum>Qt::Horizontal</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>40</width>
<height>20</height>
</size>
</property>
</spacer>
</item>
</layout>
</item>
</layout>
</widget>

3
src/webui/api/appcontroller.cpp

@ -229,6 +229,7 @@ void AppController::preferencesAction() @@ -229,6 +229,7 @@ void AppController::preferencesAction()
for (const Utils::Net::Subnet &subnet : asConst(pref->getWebUiAuthSubnetWhitelist()))
authSubnetWhitelistStringList << Utils::Net::subnetToString(subnet);
data["bypass_auth_subnet_whitelist"] = authSubnetWhitelistStringList.join("\n");
data["web_ui_session_timeout"] = pref->getWebUISessionTimeout();
// Use alternative Web UI
data["alternative_webui_enabled"] = pref->isAltWebUiEnabled();
data["alternative_webui_path"] = pref->getWebUiRootFolder();
@ -538,6 +539,8 @@ void AppController::setPreferencesAction() @@ -538,6 +539,8 @@ void AppController::setPreferencesAction()
// recognize new lines and commas as delimiters
pref->setWebUiAuthSubnetWhitelist(it.value().toString().split(QRegularExpression("\n|,"), QString::SkipEmptyParts));
}
if (hasKey("web_ui_session_timeout"))
pref->setWebUISessionTimeout(it.value().toInt());
// Use alternative Web UI
if (hasKey("alternative_webui_enabled"))
pref->setAltWebUiEnabled(it.value().toBool());

30
src/webui/webapplication.cpp

@ -332,6 +332,7 @@ void WebApplication::configure() @@ -332,6 +332,7 @@ void WebApplication::configure()
m_isLocalAuthEnabled = pref->isWebUiLocalAuthEnabled();
m_isAuthSubnetWhitelistEnabled = pref->isWebUiAuthSubnetWhitelistEnabled();
m_authSubnetWhitelist = pref->getWebUiAuthSubnetWhitelist();
m_sessionTimeout = pref->getWebUISessionTimeout();
m_domainList = pref->getServerDomains().split(';', QString::SkipEmptyParts);
std::for_each(m_domainList.begin(), m_domainList.end(), [](QString &entry) { entry = entry.trimmed(); });
@ -471,8 +472,7 @@ void WebApplication::sessionInitialize() @@ -471,8 +472,7 @@ void WebApplication::sessionInitialize()
if (!sessionId.isEmpty()) {
m_currentSession = m_sessions.value(sessionId);
if (m_currentSession) {
const qint64 now = QDateTime::currentMSecsSinceEpoch() / 1000;
if ((now - m_currentSession->m_timestamp) > INACTIVE_TIME) {
if (m_currentSession->hasExpired(m_sessionTimeout)) {
// session is outdated - removing it
delete m_sessions.take(sessionId);
m_currentSession = nullptr;
@ -523,14 +523,14 @@ void WebApplication::sessionStart() @@ -523,14 +523,14 @@ void WebApplication::sessionStart()
Q_ASSERT(!m_currentSession);
// remove outdated sessions
const qint64 now = QDateTime::currentMSecsSinceEpoch() / 1000;
Algorithm::removeIf(m_sessions, [now](const QString &, const WebSession *session)
Algorithm::removeIf(m_sessions, [this](const QString &, const WebSession *session)
{
if ((now - session->timestamp()) <= INACTIVE_TIME)
return false;
if (session->hasExpired(m_sessionTimeout)) {
delete session;
return true;
}
return false;
});
m_currentSession = new WebSession(generateSid());
@ -650,9 +650,16 @@ QString WebSession::id() const @@ -650,9 +650,16 @@ QString WebSession::id() const
return m_sid;
}
qint64 WebSession::timestamp() const
bool WebSession::hasExpired(const qint64 seconds) const
{
if (seconds <= 0)
return false;
return m_timer.hasExpired(seconds * 1000);
}
void WebSession::updateTimestamp()
{
return m_timestamp;
m_timer.start();
}
QVariant WebSession::getData(const QString &id) const
@ -664,8 +671,3 @@ void WebSession::setData(const QString &id, const QVariant &data) @@ -664,8 +671,3 @@ void WebSession::setData(const QString &id, const QVariant &data)
{
m_data[id] = data;
}
void WebSession::updateTimestamp()
{
m_timestamp = QDateTime::currentMSecsSinceEpoch() / 1000;
}

13
src/webui/webapplication.h

@ -29,6 +29,7 @@ @@ -29,6 +29,7 @@
#pragma once
#include <QDateTime>
#include <QElapsedTimer>
#include <QHash>
#include <QObject>
#include <QRegularExpression>
@ -48,26 +49,23 @@ class APIController; @@ -48,26 +49,23 @@ class APIController;
class WebApplication;
constexpr char C_SID[] = "SID"; // name of session id cookie
constexpr int INACTIVE_TIME = 900; // Session inactive time (in secs = 15 min.)
class WebSession : public ISession
{
friend class WebApplication;
public:
explicit WebSession(const QString &sid);
QString id() const override;
qint64 timestamp() const;
bool hasExpired(qint64 seconds) const;
void updateTimestamp();
QVariant getData(const QString &id) const override;
void setData(const QString &id, const QVariant &data) override;
private:
void updateTimestamp();
const QString m_sid;
qint64 m_timestamp;
QElapsedTimer m_timer; // timestamp
QVariantHash m_data;
};
@ -148,6 +146,7 @@ private: @@ -148,6 +146,7 @@ private:
bool m_isLocalAuthEnabled;
bool m_isAuthSubnetWhitelistEnabled;
QList<Utils::Net::Subnet> m_authSubnetWhitelist;
int m_sessionTimeout;
// security related
QStringList m_domainList;

8
src/webui/www/private/preferences_content.html

@ -731,6 +731,12 @@ @@ -731,6 +731,12 @@
<div class="formRow" style="padding-left: 30px; padding-top: 5px;">
<textarea id="bypass_auth_subnet_whitelist_textarea" rows="5" cols="48" placeholder="Example: 172.17.32.0/24, fdff:ffff:c8::/40"></textarea>
</div>
<table>
<tr>
<td><label for="webUISessionTimeoutInput">QBT_TR(Session timeout:)QBT_TR[CONTEXT=OptionsDialog]</label></td>
<td><input type="number" id="webUISessionTimeoutInput" style="width: 4em;" min="0" />&nbsp;&nbsp;QBT_TR(sec)QBT_TR[CONTEXT=OptionsDialog]</td>
</tr>
</table>
</fieldset>
<fieldset class="settings">
@ -1340,6 +1346,7 @@ @@ -1340,6 +1346,7 @@
$('bypass_auth_subnet_whitelist_checkbox').setProperty('checked', pref.bypass_auth_subnet_whitelist_enabled);
$('bypass_auth_subnet_whitelist_textarea').setProperty('value', pref.bypass_auth_subnet_whitelist);
updateBypasssAuthSettings();
$('webUISessionTimeoutInput').setProperty('value', pref.web_ui_session_timeout.toInt());
// Use alternative Web UI
$('use_alt_webui_checkbox').setProperty('checked', pref.alternative_webui_enabled);
@ -1667,6 +1674,7 @@ @@ -1667,6 +1674,7 @@
settings.set('bypass_local_auth', $('bypass_local_auth_checkbox').getProperty('checked'));
settings.set('bypass_auth_subnet_whitelist_enabled', $('bypass_auth_subnet_whitelist_checkbox').getProperty('checked'));
settings.set('bypass_auth_subnet_whitelist', $('bypass_auth_subnet_whitelist_textarea').getProperty('value'));
settings.set('web_ui_session_timeout', $('webUISessionTimeoutInput').getProperty('value'));
// Use alternative Web UI
var alternative_webui_enabled = $('use_alt_webui_checkbox').getProperty('checked');

Loading…
Cancel
Save