Fix content-security-policy disable

If one sets the XSS policy disable, and tries to load the webui, they're
met with the following error message:

```
chunk-vendors.6cfb4b74.js:36 Refused to load t

Fix content-security-policy disable

If one sets the XSS policy disable, and tries to load the webui, they're
met with the following error message:

```
chunk-vendors.6cfb4b74.js:36 Refused to load the image
'data:image/svg+xml;charset=utf-8,%3Csvg
xmlns='http://www.w3.org/2000/svg' width='4' height='5'%3E%3Cpath
fill='%233f3f3f' d='M2 0L0 2h4zm0 5L0 3h4z'/%3E%3C/svg%3E' because it
violates the following Content Security Policy directive: "img-src *".
Note that '*' matches only URLs with network schemes ('http', 'https',
'ws', 'wss'), or URLs whose scheme matches `self`'s scheme. The scheme
'data:' must be added explicitly.
```

Do as it asks, and add data: to the content security policy.

Tested: Browser console no longer shows error when XSS is enabled.

Change-Id: I17f70d7c87a284b33ef6eb5a01a01c23a14898c9
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...

Revert "Refactor after login"

This reverts commit cd40b060ee2df5469077a70d15590f86158f2c60.

Cookie based login is no longer functional with this patch. It looks
like we got a merge conflict that I

Revert "Refactor after login"

This reverts commit cd40b060ee2df5469077a70d15590f86158f2c60.

Cookie based login is no longer functional with this patch. It looks
like we got a merge conflict that I resolved incorrectly.

Tested: Webui can now log in.
Change-Id: I60b8aeae173b1838d8745a2c499fbcb410813ef3

show more ...

Clean up management console rest to use readJson

Change-Id: Idc37e3e98296cf59aa6fab499a27d7ed899b71dd
Signed-off-by: Ed Tanous <ed@tanous.net>

Refactor after login

Break out this method into a smaller section.

Tested: Redfish service validator passes

Change-Id: I0ca4e9ea14c505a1ed00dae4cba1285e4ac1f36d
Signed-off-by: Ed Tanous <edtanous@

Refactor after login

Break out this method into a smaller section.

Tested: Redfish service validator passes

Change-Id: I0ca4e9ea14c505a1ed00dae4cba1285e4ac1f36d
Signed-off-by: Ed Tanous <edtanous@google.com>

show more ...

Fix coredump on async method during validatePrivilege

PATCH may cause bmcweb to coredump depending on timing
of `validatePrivilege` execution. It is because `req' is captured as
reference, and it m

Fix coredump on async method during validatePrivilege

PATCH may cause bmcweb to coredump depending on timing
of `validatePrivilege` execution. It is because `req' is captured as
reference, and it may be cleared-up before async-call method completes.
(This problem can be seen more frequently by enabling debug mode).

This commit is to keep `req` during to async-method execution.

Tested:

- Create a ReadOnly user - here, called as `readonly`

- Using `redfishtool`, run PATCH on `readonly` user role.

```
$ redfishtool -vvvvv raw -r ${bmc}:18080 -u ${user} -p ${password} -S Always PATCH /redfish/v1/AccountService/Accounts/readonly --data='{"RoleId":"Administrator"}'
...
This sometimes fails because bmcweb coredump
```

After:

```
$ redfishtool raw -r ${bmc}:18080 -u ${user} -p ${password} -S Always PATCH /redfish/v1/AccountService/Accounts/readonly --data='{"RoleId":"Administrator"}'
{
"@odata.id": "/redfish/v1/AccountService/Accounts/readonly",
"@odata.type": "#ManagerAccount.v1_7_0.ManagerAccount",
...
}
```

Change-Id: I2a28d1743cfc0fbd9239f69dec5584b34c7ebe43
Signed-off-by: Myung Bae <myungbae@us.ibm.com>

show more ...

Remove some boost includes

The less we rely on boost, and more on std algorithms, the less people
have to look up, and the more likely that our code will deduplicate.

Replace all uses of boost::alg

Remove some boost includes

The less we rely on boost, and more on std algorithms, the less people
have to look up, and the more likely that our code will deduplicate.

Replace all uses of boost::algorithms with std alternatives.

Tested: Redfish Service Validator passes.

Change-Id: I8a26f39b5709adc444b4178e92f5f3c7b988b05b
Signed-off-by: Ed Tanous <edtanous@google.com>

show more ...

DBus REST: Fix array and dict handling

The bmcweb DBus REST API cannot currently handle array or dictionary
data types correctly. This commit is meant to fix that.

Tested: get/set DBus attributes (

DBus REST: Fix array and dict handling

The bmcweb DBus REST API cannot currently handle array or dictionary
data types correctly. This commit is meant to fix that.

Tested: get/set DBus attributes (consisting of array and/or dictionary)
via bmcweb DBus REST API.

Change-Id: I9694cb888375c90d7a8fb1a10e53bdb5c0bce3bb
Signed-off-by: Mikhail Zhvakin <striker_1993@mail.ru>

show more ...

Fix spelling mistakes

These were found with:
codespell -w $(git ls-files | grep "\.[hc]\(pp\)\?$")

At some point in the future, we might want to get this enabled in CI.

Change-Id: Iccb57b2adfd06a2

Fix spelling mistakes

These were found with:
codespell -w $(git ls-files | grep "\.[hc]\(pp\)\?$")

At some point in the future, we might want to get this enabled in CI.

Change-Id: Iccb57b2adfd06a2e177e99db2923fe4e8e329118
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...

Unit test Connection

Boost asio provides a test stream object that we can use to begin unit
testing the connection object. This patchset uses it to re-enable
some simple http1.1 tests. There's som

Unit test Connection

Boost asio provides a test stream object that we can use to begin unit
testing the connection object. This patchset uses it to re-enable
some simple http1.1 tests. There's some features that have snuck into
the connection class that aren't compatible with a stream (like ip
address getting), so unfortunately we do need the connection class to
be aware if it's in test mode, but that tradeoff seems worthwhile.

Tested: Unit test pass.

Change-Id: Id8b1f8866582b58502dbafe6139f841bf64b8ef3
Signed-off-by: Ed Tanous <edtanous@google.com>

show more ...

Move to file_body in boost

As is, it reads the whole file into memory before sending it. While
fairly fast for the user, this wastes ram, and makes bmcweb less useful
on less capable systems.

This

Move to file_body in boost

As is, it reads the whole file into memory before sending it. While
fairly fast for the user, this wastes ram, and makes bmcweb less useful
on less capable systems.

This patch enables using the boost::beast::http::file_body type, which
has more efficient serialization semantics than using a std::string. To
do this, it adds a openFile() handler to http::Response, which can be
used to properly open a file. Once the file is opened, the existing
string body is ignored, and the file payload is sent instead.
openFile() also returns success or failure, to allow users to properly
handle 404s and other errors.

To prove that it works, I moved over every instance of direct use of the
body() method over to using this, including the webasset handler. The
webasset handler specifically should help with system load when doing an
initial page load of the webui.

Tested:
Redfish service validator passes.

Change-Id: Ic7ea9ffefdbc81eb985de7edc0fac114822994ad
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...

Refactor populateUserInfo

- No need to set error code in asyncResp since caller already does that.
Then we can remove the asyncResp param altogether.
- Check if session is valid before unpacking p

Refactor populateUserInfo

- No need to set error code in asyncResp since caller already does that.
Then we can remove the asyncResp param altogether.
- Check if session is valid before unpacking properties to avoid
unnecessary work.
- Use std::optional instead of pointers for slighter cleaner code.
- Enforce required properties for local users based on D-Bus interface
documentation (UserGroups must be provided for local users).

Change-Id: I770d3556a0d62182b6abd72bfa3f8d62e2a105d1
Signed-off-by: Jonathan Doman <jonathan.doman@intel.com>

show more ...

multipart-parser: eliminate temporary to emplace_back

Fix the following clang-tidy warning:

```
../include/multipart_parser.hpp:108:50: error: unnecessary temporary object created while calling emp

multipart-parser: eliminate temporary to emplace_back

Fix the following clang-tidy warning:

```
../include/multipart_parser.hpp:108:50: error: unnecessary temporary object created while calling emplace_back [modernize-use-emplace,-warnings-as-errors]
108 | mime_fields.emplace_back(FormPart{});
| ^~~~~~~~~~
```

Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I362b4ad7f90f80a7746b79d643e3a7c5ff1db78c

show more ...

clang-format: copy latest and re-format

clang-format-17 has some backwards incompatible changes that require
additional settings for best compatibility and re-running the formatter.
Copy the latest

clang-format: copy latest and re-format

clang-format-17 has some backwards incompatible changes that require
additional settings for best compatibility and re-running the formatter.
Copy the latest .clang-format from the docs repository and reformat the
repository.

Change-Id: I2f9540cf0d545a2da4d6289fc87b754f684bc9a7
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>

show more ...

multipart-parser: use emplace_back

clang-17 will have a stronger 'modernize-use-emplace' check and
fails with the following warning:

```
../include/multipart_parser.hpp:308:33: error: use emplace_b

multipart-parser: use emplace_back

clang-17 will have a stronger 'modernize-use-emplace' check and
fails with the following warning:

```
../include/multipart_parser.hpp:308:33: error: use emplace_back instead of push_back [modernize-use-emplace,-warnings-as-errors]
308 | mime_fields.push_back({});
| ^~~~~~~~~~~~
| emplace_back(
```

The vector::emplace_back needed an extra hint, as it would not directly
coerce an initializer-list into the vector's value_type, so we need to
use the value_type constructor.

Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I74417e0ff5a6e0991bfbe4936b4814f6ee4c1269

show more ...

Remove extra variables in websockets

These variables don't need propagated to handlers. Any usage of them is
incorrect.

This makes Websocket once again a pure virtual class, which is desired.

Sig

Remove extra variables in websockets

These variables don't need propagated to handlers. Any usage of them is
incorrect.

This makes Websocket once again a pure virtual class, which is desired.

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Id1ecc3911fc502d436a3e6aa29024628fc51aff4

show more ...

Update to boost 1.83.0

In boost 1.83.0, the boost::url maintainers deprecated the header only
usage of the library without warning. A discussion with the
maintainers[1] made it clear that they remo

Update to boost 1.83.0

In boost 1.83.0, the boost::url maintainers deprecated the header only
usage of the library without warning. A discussion with the
maintainers[1] made it clear that they removed the abiliy on purpose,
and they're not going to add it back or add a deprecation strategy (they
did say they would update the documentation to actually match the
intent), and that from here on in we should be using the cmake boost
project to pull in the non-header-only boost libraries we use (which at
this point is ONLY boost url).

This commit updates to remove the usage of boost::urls::result typedef,
which was deprecated in this release (which causes a compile error) and
moves it to boost::system::result.

In addition, it updates our meson files to pull in the boost project as
a cmake dependency.

[1] https://cpplang.slack.com/archives/C01JR6C9C4U/p1696441238739129

Tested: Not yet.

Change-Id: Ia7adfc0348588915440687c3ab83a1de3e6b845a
Signed-off-by: Ed Tanous <edtanous@google.com>

show more ...

Clean up vm CredentialPipe

This code is needlessly complicated for what it does. Even with the
intent, which is secure buffer cleanup, it's trivial to encase all this
into a single class that accep

Clean up vm CredentialPipe

This code is needlessly complicated for what it does. Even with the
intent, which is secure buffer cleanup, it's trivial to encase all this
into a single class that accepts the strings by rvalue reference, then
cleans them up afterward.

Doing this also cleans up a potential lifetime problem, where if the
unix socket returned immediately, it would've invalidated the buffers
that were being sent. It also moves to async_write, instead of
async_write_some. The former could in theory fail if the socket blocks
(unlikely in this scenario) but it's good to handle anyway.

Tested: Need some help here. There's no backend for this, so we might
just have to rely on inspection.

Change-Id: I9032d458f8eb7a0689bee575aae611641bacee26
Signed-off-by: Ed Tanous <edtanous@google.com>

show more ...

Fixes bmcweb crashed when mounting virtual media

After upgrading jsnbd to meson.build, the nbd-proxy path will change from
/usr/sbin to /usr/bin.
- https://gerrit.openbmc.org/c/openbmc/jsnbd/+/65434

Fixes bmcweb crashed when mounting virtual media

After upgrading jsnbd to meson.build, the nbd-proxy path will change from
/usr/sbin to /usr/bin.
- https://gerrit.openbmc.org/c/openbmc/jsnbd/+/65434
- https://gerrit.openbmc.org/c/openbmc/openbmc/+/65466

Error message:
```
bmcweb[220]: [DEBUG http_connection.hpp:561] 0x235bad0 Clearing response
bmcweb[220]: [DEBUG http_response.hpp:181] 0x235dd90 Clearing response
containers
bmcweb[220]: [DEBUG http_connection.hpp:403] 0x235bad0 doReadHeaders
bmcweb[220]: [DEBUG http_connection.hpp:71] 0x22c20c8 Connection open,
total 8
bmcweb[220]: [DEBUG http_connection.hpp:625] 0x23dc940 timer started
[FAILED] Failed to start Wait for Network to be Configured.
See 'systemctl status systemd-networkd-wait-online.service' for details.
[ OK ] Reached target Network is Online.
Starting System Logging Service...
[ OK ] Started System Logging Service.
systemd-journald[160]: Received SIGTERM from PID 220 (bmcweb).
systemd[1]: avahi-daemon.service: Deactivated successfully.
systemd[1]: bmcweb.service: Main process exited, code=exited,
status=255/EXCEPTION
systemd[1]: bmcweb.service: Failed with result 'exit-code'.
systemd[1]: bmcweb.service: Consumed 1.940s CPU time.
systemd[1]: obmc-dump-monitor.service: Deactivated successfully.
systemd[1]: phosphor-certificate-manager@authority.service: Deactivated
successfully.
```

After this fix:
```
bmcweb[219]: [DEBUG http_connection.hpp:268] Setting completion handler
bmcweb[219]: [DEBUG http_response.hpp:238] 0xfb23e0 setting completion
handler
bmcweb[219]: [DEBUG http_response.hpp:238] 0xfb23e0 setting completion
handler
bmcweb[219]: [DEBUG routing.hpp:601] Matched rule (upgrade) '/vm/0/0' 1
/ 2
bmcweb[219]: [DEBUG dbus_privileges.hpp:51] userName = root userRole =
priv-admin
bmcweb[219]: [DEBUG websocketrule.hpp:50] Websocket handles upgrade
bmcweb[219]: [DEBUG websocket.hpp:78] Creating new connection 0xe641ec
bmcweb[219]: [DEBUG websocket.hpp:89] starting connection 0xe641ec
bmcweb[219]: [DEBUG http_response.hpp:223] 0xfb23e0 calling completion
handler
bmcweb[219]: [DEBUG http_response.hpp:226] 0xfb23e0 completion handler
was valid
bmcweb[219]: [DEBUG http_response.hpp:238] 0x108b008 setting completion
handler
bmcweb[219]: [DEBUG http_connection.hpp:81] 0x1088d48 Connection closed,
total 8
bmcweb[219]: [DEBUG websocket.hpp:226] Websocket accepted connection
bmcweb[219]: [DEBUG vm_websocket.hpp:172] Connection 0xe641ec opened
bmcweb[219]: [DEBUG vm_websocket.hpp:85] inputBuffer empty. Bailing out
bmcweb[219]: [DEBUG vm_websocket.hpp:94] Wrote 18bytes
bmcweb[219]: [DEBUG vm_websocket.hpp:85] inputBuffer empty. Bailing out
bmcweb[219]: [DEBUG vm_websocket.hpp:125] Read done. Read 26 bytes
```

Change-Id: Ic5dc3d0c32517add158d5354b712c166bc6bf204
Signed-off-by: Troy Lee <troy_lee@aspeedtech.com>
Signed-off-by: Vince Chang <vince.chang@vertiv.com>

show more ...

Remove phosphor-rest workarounds

Phosphor-rest is no longer supported by the project, and phosphor-webui,
which required some of these workarounds has been archived a year ago.
There's no reason to

Remove phosphor-rest workarounds

Phosphor-rest is no longer supported by the project, and phosphor-webui,
which required some of these workarounds has been archived a year ago.
There's no reason to keep this login type, given that it was
undocumented.

NOTE: Upon inspection, it looks like webui-vue used the same hack.
[1] https://github.com/openbmc/webui-vue/blob/43e3bd26133b06ed117a3a3f10b2bc09e2c2aafc/src/store/modules/Authentication/AuthenticanStore.js#L41

Tested:
Combined with https://gerrit.openbmc.org/c/openbmc/webui-vue/+/65811
Webui Login succceeds.

Change-Id: Ie42380029e799e44b3a7404d4ec6d285b371402b
Signed-off-by: Ed Tanous <edtanous@google.com>

show more ...

kvm_websocket: Fix crash on dangling reference

Kvm_websocket captures the this pointer in the handler lambda of the
socket. When the callback is called, if the object has been destructed,
there will

kvm_websocket: Fix crash on dangling reference

Kvm_websocket captures the this pointer in the handler lambda of the
socket. When the callback is called, if the object has been destructed,
there will be a crash problem. This is fixed by using weak_from_this in
the callback, if the object was destructed, the callback just returns
without doing anything.

Tested:
1. Open two kvm sessions in WebUI, and keep refreshing in one of the
pages, there is a small chance of coredump happening.
Debug infomation shows:
```
bmcweb[5331]: DEBUG: doRead. conn:0x28d19a0. this: 0x284d470
bmcweb[5331]: DEBUG: doRead. conn:0x28d19a0. this: 0x284d470
bmcweb[5331]: DEBUG: doRead. conn:0x28d19a0. this: 0x284d470
bmcweb[5331]: DEBUG: doRead. conn:0x28d19a0. this: 0x284d470
bmcweb[5331]: DEBUG: doRead. conn:0x28d19a0. this: 0x284d470
bmcweb[5331]: DEBUG: onclose. conn:0x28d19a0
bmcweb[5331]: DEBUG: doRead. conn:0x2876648. this: 0x284d470
systemd[1]: bmeweb.service: Main process exited, code=dumped, status=11/SEGV
systemd[1]: bmcweb.service: Failed with result 'core-dump
systemd[1]: Started Start bmweb server.
```
2. After this fix no coredump occurred.

Change-Id: I7bba9b67c470def90ddb1e471a0ac95edd6165e5
Signed-off-by: Xinnan Xie <xiexinnan@bytedance.com>

show more ...

Fix typo `DBusInteracesMap` -> `DBusInterfacesMap`

Change-Id: I9a851076eccee9d79ad7bb036e58b717e06ad5d1
Signed-off-by: Michael Shen <gpgpgp@google.com>

Move http client to URL

Type safety is a good thing. In:
https://gerrit.openbmc.org/c/openbmc/bmcweb/+/65606

It was found that splitting out the URI into encoded pieces in the early
phase removed

Move http client to URL

Type safety is a good thing. In:
https://gerrit.openbmc.org/c/openbmc/bmcweb/+/65606

It was found that splitting out the URI into encoded pieces in the early
phase removed some information we needed, namely whether or not a URI
was ipv6. This commit changes http client such that it passes all the
information through, with the correct type, rather than passing in
hostname, port, path, and ssl separately.

Opportunistically, because a number of log lines are changing, this uses
the opportunity to remove a number of calls to std::to_string, and rely
on std::format instead.

Now that we no longer use custom URI splitting code, the
ValidateAndSplitUrl() method can be removed, given that our validation
now happens in the URI class.

Tested: Aggregation works properly when satellite URIs are queried.

Change-Id: I9f605863179af54c5af2719bc5ce9d29cbfffab7
Signed-off-by: Ed Tanous <edtanous@google.com>

show more ...

Use ranges

C++20 brought us std::ranges for a lot of algorithms. Most of these
conversions were done using comby, similar to:

```
comby -verbose 'std::lower_bound(:[a].begin(),:[b].end(),:[c])' 's

Use ranges

C++20 brought us std::ranges for a lot of algorithms. Most of these
conversions were done using comby, similar to:

```
comby -verbose 'std::lower_bound(:[a].begin(),:[b].end(),:[c])' 'std::ranges::lower_bound(:[a], :[c])' $(git ls-files | grep "\.[hc]\(pp\)\?$") -in-place
```

Change-Id: I0c99c04e9368312555c08147d474ca93a5959e8d
Signed-off-by: Ed Tanous <edtanous@google.com>

show more ...

Fix duplicate entries in session userGroups

The user's groups were getting re-appended in the session object on
every request, resulting in a small memory leak (that does clear away
when the session

Fix duplicate entries in session userGroups

The user's groups were getting re-appended in the session object on
every request, resulting in a small memory leak (that does clear away
when the session is ended). Fix by just overwriting instead of
appending.

Tested: Added debug prints in ~UserSession to check contents of
userGroups, then ran multiple GETs to /redfish/v1 via token auth, then
destroyed session via WebUI and confirmed userGroups contained correct
set of groups.

Change-Id: I7c04a18437f69a97f138ff1f9aeee2731952ae8b
Signed-off-by: Jonathan Doman <jonathan.doman@intel.com>

show more ...

Change unauthorized message if no UI is installed

This "Unauthorized" message has been a constant source of confusion for
users that forget to install a UI. This commit updates the message to
be mo

Change unauthorized message if no UI is installed

This "Unauthorized" message has been a constant source of confusion for
users that forget to install a UI. This commit updates the message to
be more clear, and present users with some hints that they have
forgotten to install a webui if they expected the auth to succeed.

Tested: String change only. Code compiles.

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ic68e4622082caf5e32e496ec56f0c8b409b91990

show more ...