Remove brace initialization of json objects

Brace initialization of json objects, while quite interesting from an
academic sense, are very difficult for people to grok, and lead to
inconsistencies.

Remove brace initialization of json objects

Brace initialization of json objects, while quite interesting from an
academic sense, are very difficult for people to grok, and lead to
inconsistencies. This patchset aims to remove a majority of them in
lieu of operator[]. Interestingly, this saves about 1% of the binary
size of bmcweb.

This also has an added benefit that as a design pattern, we're never
constructing a new object, then moving it into place, we're always
adding to the existing object, which in the future _could_ make things
like OEM schemas or properties easier, as there's no case where we're
completely replacing the response object.

Tested:
Ran redfish service validator. No new failures.

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Iae409b0a40ddd3ae6112cb2d52c6f6ab388595fe

show more ...

registry: Add PropertyValueExternalConflict registry

- Added the PropertyValueExternalConflict message registry that
might used to send when the request is failed due to some other
resource stat

registry: Add PropertyValueExternalConflict registry

- Added the PropertyValueExternalConflict message registry that
might used to send when the request is failed due to some other
resource state or configuration.

Signed-off-by: Ramesh Iyyar <rameshi1@in.ibm.com>
Change-Id: Ibdb8c21e285079dbaea54b99f207f45892b24ea9

show more ...

registry: Add PropertyValueResourceConflict registry

- Added the PropertyValueResourceConflict message registry that
might used to send when the request is failed due to some other
resource stat

registry: Add PropertyValueResourceConflict registry

- Added the PropertyValueResourceConflict message registry that
might used to send when the request is failed due to some other
resource state or configuration.

Signed-off-by: Ramesh Iyyar <rameshi1@in.ibm.com>
Change-Id: I2c03aee88442f6abe55f2a9f574211b8214aa30c

show more ...

Make code compile on clang again

There are a couple places we missed inline/static on our headers, and a
couple unused message entry callbacks for which their parameters were
incorrect (which clang

Make code compile on clang again

There are a couple places we missed inline/static on our headers, and a
couple unused message entry callbacks for which their parameters were
incorrect (which clang caught). Fix all of them.

Tested: Code compiles on clang. No-op changes.

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I12c9c04d3b773c4991c6cd92d0cfd42b348762d6

show more ...

Drop message severity

In the way we store the message registry, we store both Severity and
MessageSeverity. Severity as a field is deprecated, and in every case
in every registry both fields have t

Drop message severity

In the way we store the message registry, we store both Severity and
MessageSeverity. Severity as a field is deprecated, and in every case
in every registry both fields have the same value. We shouldn't
duplicate data in that way. This commit changes the parse_registries.py
script to stop producing the Severity field into the struct. The few
uses we have left are moved over to use MessageRegistry.

Tested:

Redfish service validator shows no errors on the
/redfish/v1/Registries tree. Other errors present that were there
previously and are unchanged.

This saves a trivial amount: about 1kB on our compressed binary size.

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ibbaf533dc59eb08365d6ed309aba16b54bc40ca1

show more ...

Change message_registries namespace to registries

The message_registries namespace is overly wordy, and results in very
long defines. Doing this one minor change reduces the code by 50 lines.
This

Change message_registries namespace to registries

The message_registries namespace is overly wordy, and results in very
long defines. Doing this one minor change reduces the code by 50 lines.
This seems worthwhile.

Tested: Unit tests pass. Namespace change only.

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ib1401580b3fa47596eb56cdc86e60eeeb1c2f952

show more ...

Move error messages to string_view

using std::string_view on these lets us call them in more contexts, and
allows us to inline some previously more complex code. In general, for
APIs like this, std

Move error messages to string_view

using std::string_view on these lets us call them in more contexts, and
allows us to inline some previously more complex code. In general, for
APIs like this, std::string_view should be preferred as it gives more
flexibility in calling conventions.

Tested:
curl --insecure "https://localhost:18080/redfish/v1/AccountService/Roles/foobar" ✔
{
"error": {
"@Message.ExtendedInfo": [
{
"@odata.type": "#Message.v1_1_1.Message",
"Message": "The requested resource of type Role named 'foobar' was not found.",
"MessageArgs": [
"Role",
"foobar"
],
"MessageId": "Base.1.11.0.ResourceNotFound",
"MessageSeverity": "Critical",
"Resolution": "Provide a valid resource identifier and resubmit the request."
}
],
"code": "Base.1.11.0.ResourceNotFound",
"message": "The requested resource of type Role named 'foobar' was not found."
}
}

This is the same response as previously.

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I8ee17120c42d2a13677648c3395aa4f9ec2bd51a

show more ...

Simplify message registry to save binary size

Internally to bmcweb, we actually store two copies of every string in
the base privilege registry. As history played out, the
error_messages.cpp was cr

Simplify message registry to save binary size

Internally to bmcweb, we actually store two copies of every string in
the base privilege registry. As history played out, the
error_messages.cpp was created first, then when logging was added, we
needed more fine grained programatic lookups into the message
registries, so we invented the constexpr array. Previously, it was
thought that xz basically deduplicated the duplicated strings. While
this is true to some extent, it using the actual processing code seems
to be a win on binary size.

This is also a -500 line diff, so it's reducing the amount of code we
have at the same time.

Note, the "InvalidUpload" message is incorrect per the standard, which
this patchset sort of teases out, as it's the only one that can't be
updated. This patchset leaves it as-written.

Tested:
xz compressed bmcweb went from 1174632 bytes, down to 1157040 bytes, or
a 1.4% (17592 bytes) reduction in compressed binary size.

curl --insecure --user root:0penBmc https://192.168.7.2/redfish/v1/Chassis/foobar
{
"error": {
"@Message.ExtendedInfo": [
{
"@odata.type": "#Message.v1_1_1.Message",
"Message": "The requested resource of type #Chassis.v1_16_0.Chassis named 'foobar' was not found.",
"MessageArgs": [
"#Chassis.v1_16_0.Chassis",
"foobar"
],
"MessageId": "Base.1.11.0.ResourceNotFound",
"MessageSeverity": "Critical",
"Resolution": "Provide a valid resource identifier and resubmit the request."
}
],
"code": "Base.1.11.0.ResourceNotFound",
"message": "The requested resource of type #Chassis.v1_16_0.Chassis named 'foobar' was not found."
}
}

Note, the MessageId property has changed its version from Base.1.8 to
Base.1.11. This is correct and matches the version of the registry we
use. Also, the second argument is now quoted, as the ResourceNotFound
schema requires.

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ifd0bd71a26eebeba8ba89704a1eca425f0776aa8

show more ...

Add url type safety to message registry

There are a number of places where we use message registry messages
incorrectly. This patchset attempts to fix them, and invoke some type
safety when they're

Add url type safety to message registry

There are a number of places where we use message registry messages
incorrectly. This patchset attempts to fix them, and invoke some type
safety when they're used such that they're more obvious to use.

Namely, it changes a number of the message registry methods to accept a
boost::urls::url_view for its argument instead of a const std::string&.
This forces the calling code to correctly encode a URL to use the
method, which should make it obvious that it's not for an ID, a property
name, or anything else. In the course of doing this, several places
were found to be using the first argument incorrectly.

Tested:
curl --insecure --user root:0penBmc https://192.168.7.2/redfish/v1/Chassis/foobar

Returns:
{
"error": {
"@Message.ExtendedInfo": [
{
"@odata.type": "#Message.v1_1_1.Message",
"Message": "The requested resource of type #Chassis.v1_16_0.Chassis named foobar was not found.",
"MessageArgs": [
"#Chassis.v1_16_0.Chassis",
"foobar"
],
"MessageId": "Base.1.8.1.ResourceNotFound",
"MessageSeverity": "Critical",
"Resolution": "Provide a valid resource identifier and resubmit the request."
}
],
"code": "Base.1.8.1.ResourceNotFound",
"message": "The requested resource of type #Chassis.v1_16_0.Chassis named foobar was not found."
}

Identically to previously.

Also tested with IDs that contained % encoded characters, like
foobar%10, which gave the same result.

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Icbb3bce5d190a260610087c9ef35e7becc5a50c7

show more ...

Remove invalid base log message

The redfish base registry does not include a definition of this
message, which generating type-safe models has teased out. Replace the
MutuallyExclusiveProperties me

Remove invalid base log message

The redfish base registry does not include a definition of this
message, which generating type-safe models has teased out. Replace the
MutuallyExclusiveProperties message with two "PropertyValueConflict"
messages. This seems like the closest thing, but in lieu of the things
not being in the standard, this seems like the best compromise.

Tested:
curl --insecure -X POST --user root:0penBmc
https://192.168.7.2/redfish/v1/EventService/Subscriptions -d
'{"MessageIds":[""],"RegistryPrefixes":[""],"Destination":"","Protocol":""}'

Returns:
{
"error": {
"@Message.ExtendedInfo": [
{
"@odata.type": "#Message.v1_1_1.Message",
"Message": "The property 'MessageIds' could not be written because its value would conflict with the value of the 'RegistryPrefixes' property.",
"MessageArgs": [
"MessageIds",
"RegistryPrefixes"
],
"MessageId": "Base.1.8.1.PropertyValueConflict",
"MessageSeverity": "Warning",
"Resolution": "No resolution is required."
}
],
"code": "Base.1.8.1.PropertyValueConflict",
"message": "The property 'MessageIds' could not be written because its value would conflict with the value of the 'RegistryPrefixes' property."
}
}

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I1eaf4d06b6f5b85909392c48970e3f353af3a41e

show more ...

Capture int by value in stringValueTooLong

Per the coding standard, we should be capturing this by int, not const
int&.

Tested: There are no uses of stringValueTooLong(), so noop change to
binary.

Capture int by value in stringValueTooLong

Per the coding standard, we should be capturing this by int, not const
int&.

Tested: There are no uses of stringValueTooLong(), so noop change to
binary.

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Idfcb05c962e0a0d489db263a6f845bb1789b5842

show more ...

Include what you use

Do a partial update from the include what you use tool.

While ideally we'd be able to do this as part of CI, there's still quite
a bit of noise in the output that requires manu

Include what you use

Do a partial update from the include what you use tool.

While ideally we'd be able to do this as part of CI, there's still quite
a bit of noise in the output that requires manual intervention.

Tested:
Code compiles

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Iaaeb7a9199f64b5d6913c3abab4779b252768ed8

show more ...

error_messages: Use int64_t in invalidIndex

Using int64_t instead of int, to permit 64-bit indices.

This is to support ExternalStorer, a new project I am working on,
which uses a 64-bit sequence nu

error_messages: Use int64_t in invalidIndex

Using int64_t instead of int, to permit 64-bit indices.

This is to support ExternalStorer, a new project I am working on,
which uses a 64-bit sequence number for long-term robustness.

Change-Id: I00121933067030fd722f6b02c2d2dbd1854dff1c
Signed-off-by: Josh Lehan <krellan@google.com>

show more ...

Add logging to internal error

Internal error call sites are propagated through the code, and might be
triggered multiple times in the course of a request, which makes them
difficult to track the sou

Add logging to internal error

Internal error call sites are propagated through the code, and might be
triggered multiple times in the course of a request, which makes them
difficult to track the source of.

This commit changes the internalError() method to include a print of
which invocation within bmcweb triggered the error, using c++20s
std::source_location mechanism.

Note:
clang-13 still doesn't implement std::source_location, so this commit
pulls source_location.hpp from lg2 to be able to support all compilers.

Tested:
Loaded in qemu, and added an internalError() call into systems.hpp for
the /redfish/v1/Systems handler. Observed that
[CRITICAL "error_messages.cpp":234] Internal Error
../../../../../../workspace/sources/bmcweb/redfish-core/include/../lib/systems.hpp(2820:40)
`redfish::requestRoutesSystemsCollection(App&)::<lambda(const
crow::Request&, const std::shared_ptr<bmcweb::AsyncResp>&)>`:

Got printed to the bmcweb logs.

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ic1b4240422445357bc87404de814ad14f86b9edf

show more ...

Update error messages file w.r.t Base.1.11.0

Tested By:
Code compiles

The error message is as follows:
{
"error": {
"@Message.ExtendedInfo": [
{
"@odata.type": "#Message.v1_1_1.

Update error messages file w.r.t Base.1.11.0

Tested By:
Code compiles

The error message is as follows:
{
"error": {
"@Message.ExtendedInfo": [
{
"@odata.type": "#Message.v1_1_1.Message",
"Message": "The operation failed because the service at /redfish/v1/Systems/system/LogServices/Dump/ is disabled and cannot accept requests.",
"MessageArgs": [
"/redfish/v1/Systems/system/LogServices/Dump/"
],
"MessageId": "Base.1.11.0.ServiceDisabled",
"MessageSeverity": "Warning",
"Resolution": "Enable the service and resubmit the request if the operation failed."
}
],
"code": "Base.1.11.0.ServiceDisabled",
"message": "he operation failed because the service at /redfish/v1/Systems/system/LogServices/Dump/ is disabled and cannot accept requests."
}
}

Signed-off-by: Asmitha Karunanithi <asmitk01@in.ibm.com>
Change-Id: I923892ecd785e3b6c071fa663fee14a2754d5ef1

show more ...

Change the word TS to Time Stamp & add time unit

- The Message argument in the BIOSPOSTCode Message Entry
uses short form wording for TS (Time Stamp) & without any time unit.

- As the Message

Change the word TS to Time Stamp & add time unit

- The Message argument in the BIOSPOSTCode Message Entry
uses short form wording for TS (Time Stamp) & without any time unit.

- As the Message argument is directly displayed on OpenBMC GUI
as it is, word "TS" would create customer confusion due to it
not being a well known acronym. Also a field like this that
captures a physical quantity(time) should have units.

- Redfish clients should not be parsing the message argument, so
changing this wording should not break them.

- Also, this commit changes ":" to ";" in the Message argument to
makes things look consistent.

- As we changed the content of Message in the Message Entry, we had to
bump up the minor version of the Message registry.

Tested By:

1. Redfish Validator Passed.

Signed-off-by: Manojkiran Eda <manojkiran.eda@gmail.com>
Change-Id: I17924c2dfdcf34563f8f8cd325011e13cb70e476

show more ...

Add OData-version header

From the redfish specification:
Redfish Services shall process the OData-Version header in the
following table as defined by the HTTP 1.1 specification.

<Table omitted, but

Add OData-version header

From the redfish specification:
Redfish Services shall process the OData-Version header in the
following table as defined by the HTTP 1.1 specification.

<Table omitted, but shows "yes" for service requirements>

Services shall reject requests that specify an unsupported OData
version.

This code implements compliance with those two statements.

Tested:
curl -vvvv --insecure --user root:0penBmc -H "OData-Version: 4.1" https://<ip>/redfish/v1
Returns 412 Precondition Failed

curl -vvvv --insecure --user root:0penBmc -H "OData-Version: 4.0" https://<ip>/redfish/v1
returns 200

curl -vvvv --insecure --user root:0penBmc https://<ip>/redfish/v1
returns 200

The equivalent Redfish-Protocol-Validator tests now pass

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I50350b913f17ae35588e2f0606c56164f00dc2a9

show more ...

Pointing to the latest Message schema in JSON error response

The odata.type of the message, included in the error response JSON
is changed to point to the latest one (Message.v1_1_1) as there was
co

Pointing to the latest Message schema in JSON error response

The odata.type of the message, included in the error response JSON
is changed to point to the latest one (Message.v1_1_1) as there was
conflict in the code, where it points to v1_0_0 schema and a property
- MessageSeverity has been used (introduced in v1_1_0)

Tested By:

{
"error": {
"@Message.ExtendedInfo": [
{
"@odata.type": "#Message.v1_1_1.Message",
"Message": "The request failed due to an internal service error. The service is still operational.",
.
.
.
}
],
"code": "Base.1.4.0.InternalError",
"message": "The request failed due to an internal service error. The service is still operational."
}
}

Signed-off-by: Asmitha Karunanithi <asmitk01@in.ibm.com>
Change-Id: I57546adaffc2370c0314a2c2184799c387ec7272

show more ...

fix include names

cppcheck isn't smart enough to recognize these are c++ headers, not c
headers. Considering we're already inconsistent about our naming, it's
easier to just be consistent, and move

fix include names

cppcheck isn't smart enough to recognize these are c++ headers, not c
headers. Considering we're already inconsistent about our naming, it's
easier to just be consistent, and move the last few files to use .hpp
instead of .h.

Tested:
Code builds, no changes.

Signed-off-by: Ed Tanous <ed@tanous.net>
Change-Id: Ic348d695f8527fa4a0ded53f433e1558c319db40

show more ...

Correct return code for too many subscriptions.

https://github.com/openbmc/bmcweb/issues/150

Return code should be 503 Service Unavailable, not 403, unauthorized.
The user is authorized, but resour

Correct return code for too many subscriptions.

https://github.com/openbmc/bmcweb/issues/150

Return code should be 503 Service Unavailable, not 403, unauthorized.
The user is authorized, but resources aren't available.

Tested:
Looking for help here.

Signed-off-by: Ed Tanous <ed@tanous.net>
Change-Id: I839df925d1d27411986cb01ffbd19a3ee8ffb1b2

show more ...

Update error_messages to Base 1.8.1

The Base message registry has updated to 1.8.1. This updates our
error_messages files to match.

This changes from the deprecated 'Severity' to the new
'MessageS

Update error_messages to Base 1.8.1

The Base message registry has updated to 1.8.1. This updates our
error_messages files to match.

This changes from the deprecated 'Severity' to the new
'MessageSeverity' property.

It also adds a script to compare our error_messages.cpp messages
against the Base message registry and flag any differences.

Tested:
Ran the Redfish Validator and confirmed that this change does
not introduce any new failures.

Change-Id: I2e5101a5b4d0c0963569493451f99521e42b0f4d
Signed-off-by: Jason M. Bills <jason.m.bills@linux.intel.com>

show more ...

Add MutualExclusiveProperties registry

Add MutualExclusiveProperties message registry entry
and error message.
As per redfish specification, "RegistryPrefixes" and
"MessageIds" are mutually exclusiv

Add MutualExclusiveProperties registry

Add MutualExclusiveProperties message registry entry
and error message.
As per redfish specification, "RegistryPrefixes" and
"MessageIds" are mutually exclusive. So add check for
same in EventService and return MutualExclusiveProperties
error message.

Tested:
- Create subscription failed with error(bad request)
when the request body contain both "RegistryPrefixes"
and "MessageIds".

Change-Id: I4c14f946977bce2ced8a7f96eb85855117fde9a8
Signed-off-by: AppaRao Puli <apparao.puli@linux.intel.com>

show more ...

Update Service: Change error message based on error logs

THis adds support for better error responses based on
the logs generated by phosphor-software-manager.

Tested: Got 400 error with different

Update Service: Change error message based on error logs

THis adds support for better error responses based on
the logs generated by phosphor-software-manager.

Tested: Got 400 error with different messages based
on failure type

{
"error": {
"@Message.ExtendedInfo": [
{
"@odata.type": "/redfish/v1/$metadata#Message.v1_0_0.Message",
"Message": "Invalid file uploaded to /redfish/v1/UpdateService: Invalid archive.",
"MessageArgs": [
"/redfish/v1/UpdateService",
"invalid archive"
],
"MessageId": "OpenBMC.0.1.0.InvalidUpload",
"Resolution": "None.",
"Severity": "Warning"
}
],
"code": "OpenBMC.0.1.0.InvalidUpload",
"message": "Invalid file uploaded to /redfish/v1/UpdateService: Invalid archive."
}
}

{
"error": {
"@Message.ExtendedInfo": [
{
"@odata.type": "/redfish/v1/$metadata#Message.v1_0_0.Message",
"Message": "Invalid file uploaded to /redfish/v1/UpdateService: Invalid image format.",
"MessageArgs": [
"/redfish/v1/UpdateService",
"invalid image format"
],
"MessageId": "OpenBMC.0.1.0.InvalidUpload",
"Resolution": "None.",
"Severity": "Warning"
}
],
"code": "OpenBMC.0.1.0.InvalidUpload",
"message": "Invalid file uploaded to /redfish/v1/UpdateService: Invalid image format."
}
}

{
"error": {
"@Message.ExtendedInfo": [
{
"@odata.type": "#Message.v1_0_0.Message",
"Message": "The resource /redfish/v1/UpdateService was unable to satisfy the request due to unavailability of resources.",
"MessageArgs": [
"/redfish/v1/UpdateService"
],
"MessageId": "Base.1.4.0.ResourceExhaustion",
"Resolution": "Ensure that the resources are available and resubmit the request.",
"Severity": "Critical"
}
],
"code": "Base.1.4.0.ResourceExhaustion",
"message": "The resource /redfish/v1/UpdateService was unable to satisfy the request due to unavailability of resources."
}
}

Change-Id: Ida9a23c10aedbf9a48c96f4050a04e06bddff284
Signed-off-by: James Feist <james.feist@linux.intel.com>

show more ...

Implement Redfish PasswordChangeRequired

This implements the Redfish PasswordChangeRequired handling. See
section 13.3.7.1 "Password change required handling" in the 1.9.1 spec:
https://www.dmtf.or

Implement Redfish PasswordChangeRequired

This implements the Redfish PasswordChangeRequired handling. See
section 13.3.7.1 "Password change required handling" in the 1.9.1 spec:
https://www.dmtf.org/sites/default/files/standards/documents/DSP0266_1.9.1.pdf

These portions of the spec are implemented:
- Authenticatation with a correct but expired password creates a
session:
- The session is restricted to the ConfigureSelf privilege which
allows a user to change their own password (via GET and PATCH
Password for their own account). Support for the ConfigureSelf
privilege is already in BMCWeb.
- The session object has the PasswordChangeRequired message.
- All other operations respond with http status code 403 Forbidden
and include the PasswordChangeRequired message.
- The ManagerAccount (URI /redfish/v1/AccountService/Accounts/USER)
PasswordChangeRequired property is implemented for local accounts
but not present for remote accounts.

This has the following additional behavior:

The PasswordChangeRequired property is updated at the start of each new
REST operation, even within an existing session. This behavior
implements a "dynamic" PasswordChangeRequired handling that responds to
changes to the underlying "password expired" status. Specifically:
- Sessions restricted by the PasswordChangeRequired handling lose that
restriction when the underlying account password is changed.
- Sessions become subject to the PasswordChangeRequired handling
restrictions whenever the underlying account password expires.
- The mechanism is to check if the password is expired at the start of
every new REST API operation, effectively updating the ManagerAccount
PasswordChangeRequired property each time. This makes BMCWeb
responsive to changes in the underlying account due to other activity
on the BMC.

Notes:
1. Note that when an account password status is changed (for example,
the password becomes expired or is changed) and that account has
active sessions, those sessions remain. They are not deleted. Any
current operations are allowed to complete. Subsequent operations
with that session pick up the new password status.

2. This does not implement OWASP recommendations which call for sessions
to be dropped when there is a significant change to the underlying
account. For example, when the password is changed, the password
becomes expired, or when the account's Role changes. OWASP's
recommendation is due to the session fixation vulnerability. See the
OWASP Session Management Cheat Sheet section "Renew the Session ID
After Any Privilege Level Change":
https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#renew-the-session-id-after-any-privilege-level-change

BMCWeb protects against session fixation vulnerabilities because it
always regenerates new session IDs when successful authentication
creates a new session.

3. Users authenticating via mTLS are not subject to the
PasswordChangeRequired behavior because mTLS takes precedence over
password-based authentication.

Tested:
0. Setup:
- The `passwd --expire USERNAME` command was used to expire
passwords. The `chage USER` command was also used.
- The following were used to change the password: Redfish API,
passwd command, and the SSH password change dialog.
- Tested the following via Basic Auth, /login, and Redfish login
(except where Basic Auth does not create a persistent session).
- Only local user account were tested.
- Did not test authentication via mTLS or with LDAP users.
1. When the password is not expired, authentication behaves as usual
for both correct and incorrect passwords.
2. When the password is incorrect and expired, authentication fails as
usual.
3. When the password is correct but expired:
A. A session is created and has the PasswordChangeRequired message.
B. That session cannot access resources that require Login privilege
and the 403 message contains the PasswordChangeRequired message.
C. That session can be used to GET the user's account, PATCH the
Password, and DELETE the session object.
D. The account PasswordChangeRequired reports true.
4. While a session is established, try expiring and changing
(unexpiring) the password using various mechanisms. Ensure both the
session object and the ManagerAccount PasswordChangeRequired property
report the correct condition, and ensure PasswordChangeRequired
handling (restricting operations to ConfigureSelf when
PasswordChangeRequired is true) is applied correctly.

Signed-off-by: Joseph Reynolds <joseph-reynolds@charter.net>
Change-Id: Iedc61dea8f949e4b182e14dc189de02d1f74d3e8

show more ...

Fix Error Message @odata.type

The type shouldn't have the path in it.

Tested: Validator passed in Task schema

Change-Id: Ic57c0450ee36799b0427e21038922f8a44c85c6e
Signed-off-by: James Feist <james

Fix Error Message @odata.type

The type shouldn't have the path in it.

Tested: Validator passed in Task schema

Change-Id: Ic57c0450ee36799b0427e21038922f8a44c85c6e
Signed-off-by: James Feist <james.feist@linux.intel.com>

show more ...