Add toast to Network Settings page

Displays error message if any settings fail to save and success
if all succeed on the Network Settings page.

Change-Id: Ifddf1822ba59753a217d1ec257b8d0ca870cceed

Add toast to Network Settings page

Displays error message if any settings fail to save and success
if all succeed on the Network Settings page.

Change-Id: Ifddf1822ba59753a217d1ec257b8d0ca870cceed
Signed-off-by: beccabroek <beccabroek@gmail.com>

show more ...

Add toast to Date Time page

Change-Id: I0c0912f9d18fbb170ccf4863366b5973eb25050a
Signed-off-by: beccabroek <beccabroek@gmail.com>

Add toast to LED page

Toast error notification alerts user if LED light switch was
not successful.

Change-Id: I4f7af80276b6fefa93c8d0f0f50f8b28a06bced3
Signed-off-by: beccabroek <beccabroek@gmail.c

Add toast to LED page

Toast error notification alerts user if LED light switch was
not successful.

Change-Id: I4f7af80276b6fefa93c8d0f0f50f8b28a06bced3
Signed-off-by: beccabroek <beccabroek@gmail.com>

show more ...

Add toast to Power Operations page

Replaces error messages with tast notifications on
the Power Operations page.

Change-Id: If92bcb18fc96e9dbd74807faf27feb9c82b6fc59
Signed-off-by: beccabroek <becc

Add toast to Power Operations page

Replaces error messages with tast notifications on
the Power Operations page.

Change-Id: If92bcb18fc96e9dbd74807faf27feb9c82b6fc59
Signed-off-by: beccabroek <beccabroek@gmail.com>

show more ...

Add toast to Power Usage page

Replaces success and error messages with tast notifications on
the Power Usage page.

Change-Id: Id7c3f8d63f932671a72644a740c5f1da1d2f9777
Signed-off-by: beccabroek <be

Add toast to Power Usage page

Replaces success and error messages with tast notifications on
the Power Usage page.

Change-Id: Id7c3f8d63f932671a72644a740c5f1da1d2f9777
Signed-off-by: beccabroek <beccabroek@gmail.com>

show more ...

Add toast notifications to SNMP page

Design team proposed that our error and success messages be
delivered as 'toast' messages on the right side of the screen.
This brings in ngToast and implements

Add toast notifications to SNMP page

Design team proposed that our error and success messages be
delivered as 'toast' messages on the right side of the screen.
This brings in ngToast and implements notifications on SNMP page.
Notifications will fade after 10 seconds or can be dismissed.

https://github.com/tameraydin/ngToast

Change-Id: I1053534cd1ab189ae5c2ac07e2a922acea231c70
Signed-off-by: beccabroek <beccabroek@gmail.com>

show more ...

Run "npm update"

Ran "npm outdated" and noticed we had a lot of outdated packages.
Ran "npm update" and then tested.

Tested: Launched the dev server and pointed at a Witherspoon.
Built the

Run "npm update"

Ran "npm outdated" and noticed we had a lot of outdated packages.
Ran "npm update" and then tested.

Tested: Launched the dev server and pointed at a Witherspoon.
Built the webui and loaded it on a Witherspoon. Did not
obverse any regressions.
Change-Id: If36efef006f54988a27b897778abd8b45372eb21
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>

show more ...

Address webpack-dev-server security vulnerability

Although we only use webpack-dev-server for development and
this isn't a security vulnerability for us, still going to fix.

From GitHub:

"We found

Address webpack-dev-server security vulnerability

Although we only use webpack-dev-server for development and
this isn't a security vulnerability for us, still going to fix.

From GitHub:

"We found a potential security vulnerability in one of your
dependencies.

Remediation
Upgrade webpack-dev-server to version 3.1.11 or later."

"An issue was discovered in lib/Server.js in webpack-dev-server
before 3.1.11. Attackers are able to steal developer's code because
the origin of requests is not checked by the WebSocket server,
which is used for HMR (Hot Module Replacement). Anyone can receive
the HMR message sent by the WebSocket server via a
ws://127.0.0.1:8080/ connection from any origin."

More information can be found at:
https://nvd.nist.gov/vuln/detail/CVE-2018-14732

Edited webpack-dev-server in package.json to be 3.1.11 then
did a npm install to create the package-lock.json.

Tested: Launched the dev server and pointed it at a Witherspoon.
Change-Id: Id6615ce387db8c6e1d2b64ff1e059db9167e11d0
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>

show more ...

Removed unused changePassword()

changePassword in api-utils.js is no longer used.
https://github.com/openbmc/phosphor-webui/commit/28711a6ad2cff8277bfa537c3b140caf690ab575
removed the use of it.

28

Removed unused changePassword()

changePassword in api-utils.js is no longer used.
https://github.com/openbmc/phosphor-webui/commit/28711a6ad2cff8277bfa537c3b140caf690ab575
removed the use of it.

28711a6 moved us over to multiple user account management and has
its own function to set the user's password (setUserPassword).

Change-Id: I4ac4175a33b10f2ae4f89b5e83d6c3ffa2b09912
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>

show more ...

Fix RequestedBMCTransition capitalization

The property name is capitalized as RequestedBMCTransition.
BMCweb is case sensitive.

https://github.com/openbmc/phosphor-dbus-interfaces/blob/f019ea0979ce

Fix RequestedBMCTransition capitalization

The property name is capitalized as RequestedBMCTransition.
BMCweb is case sensitive.

https://github.com/openbmc/phosphor-dbus-interfaces/blob/f019ea0979ce9d29654e0ce7bfbeb57783c59bd9/xyz/openbmc_project/State/BMC.interface.yaml#L8

Tested: Rebooted a Witherspoon system via GUI.
Change-Id: Ie1379125d32d4c8e17aadcac7e0d65c89d49d2bd
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>

show more ...

WebUI: Dynamically get accountService roles

Get the AccountService roles dynamically
by calling redfish/rest API's and use them
in user management webui.

Test:
Loaded web page and checked user mana

WebUI: Dynamically get accountService roles

Get the AccountService roles dynamically
by calling redfish/rest API's and use them
in user management webui.

Test:
Loaded web page and checked user management
page for appropriate roles fetched from dbus.

Change-Id: I4f51cb0a622a1be8b0bfec2b2fe3ecdee2538c6a
Signed-off-by: AppaRao Puli <apparao.puli@linux.intel.com>

show more ...

WebUI: User management full implementation.

Added webui user accounts management. This support
both redfish and rest based backend API calls
depending on redfishSupportEnabled flag.
It does followin

WebUI: User management full implementation.

Added webui user accounts management. This support
both redfish and rest based backend API calls
depending on redfishSupportEnabled flag.
It does following actions:
- View all user list and there properties like
name, privilege, enabled state, Locked etc..
- Create new user account.
- Delete existing user account.
- Update the existing user properties like
password, privilege, enabled state.

Unit Test:
- Viewed all user information is proper or not.
- Created new user and validated.
- Deleted specific user and checked.
- Modified user info and validated the change.
All tests are done by enabling and disabling
redfishSupportEnabled flag using conifg.json.

Change-Id: Ifecf63844dc42c44771509958bf75947a92997ac
Signed-off-by: AppaRao Puli <apparao.puli@linux.intel.com>

show more ...

Enable strict content security policy

Webpack allows us to define a content security policy that utilizes
hashes to define what is, and isn't allowed to execute in the page
context. Because we're a

Enable strict content security policy

Webpack allows us to define a content security policy that utilizes
hashes to define what is, and isn't allowed to execute in the page
context. Because we're a single page application, this means that we
can effectively defend the whole page with a few extra lines of setup.

This does not utilitize _any_ of the unsafe-* calls that content
security policy has, which should meet security standards for all uses.

Tested By:
Launched GUI, observed no functional changes, and watched console for
CSP errors. Saw none.

Change-Id: I892df1f1b004384943be0ae6e51046054991fd45
Signed-off-by: Ed Tanous <ed.tanous@intel.com>

show more ...

Enable ngSanitize

Previously, we had been pulling in ngSanitize, but were not enabling it.

This commit enables ngSanitize to improve our injection prevention.

Change-Id: I8a8666efac37da1759b53e596

Enable ngSanitize

Previously, we had been pulling in ngSanitize, but were not enabling it.

This commit enables ngSanitize to improve our injection prevention.

Change-Id: I8a8666efac37da1759b53e5961dad4b63101d3cd
Signed-off-by: Ed Tanous <ed.tanous@intel.com>

show more ...

webui: enable ngCSP

ngCSP allows angular to avoid using inline style and unsafe eval
mechanisms. Enabling this will allow us to update to a more stringent
content-security policy.

for more details

webui: enable ngCSP

ngCSP allows angular to avoid using inline style and unsafe eval
mechanisms. Enabling this will allow us to update to a more stringent
content-security policy.

for more details, see documentation here:
https://docs.angularjs.org/api/ng/directive/ngCsp

Tested by:
Launching the GUI, and saw no ill effects.

Change-Id: I4db732e997c2901d1fe57eee99607007b5e3afec
Signed-off-by: Ed Tanous <ed.tanous@intel.com>

show more ...

Enabling redfish support under configuration.

This commit contains:
1) Enabling redfish support under configuration.
While loading header, get the redfish root node
and sets the redfishSupp

Enabling redfish support under configuration.

This commit contains:
1) Enabling redfish support under configuration.
While loading header, get the redfish root node
and sets the redfishSupport configuration param.
2) Depending on redfish support flag, it decide to
use redfish URI or REST uri for user password
change.

Tested:
- Tested both redfish enable and dsiable scenarios.

Change-Id: I98ecc7f419ddcfdbfac9c212ad2834479e9986b5
Signed-off-by: AppaRao Puli <apparao.puli@linux.intel.com>

show more ...

webui: Fix redfish to use proper styles

Redfish was using inline style tags, which is conflicting with our
desire to disable inline styles. This moves the redfish styles to an
appropriate SCSS file

webui: Fix redfish to use proper styles

Redfish was using inline style tags, which is conflicting with our
desire to disable inline styles. This moves the redfish styles to an
appropriate SCSS file.

Tested by:
Launched redfish GUI, and observed no style differences

Change-Id: Ifb96730f0d6a34700f8c05666b6963a77d511911
Signed-off-by: Ed Tanous <ed.tanous@intel.com>

show more ...

Remove style tags from svg

The style tags in the svg inline images will trigger an issue when the
browser attempts to interpret them, and flags them as inline-styles
(which we want to disallow via p

Remove style tags from svg

The style tags in the svg inline images will trigger an issue when the
browser attempts to interpret them, and flags them as inline-styles
(which we want to disallow via policy). This commit removes them,
which, given that they shouldn't have been there in the first place,
should have no ill effects.

Tested By:
Launched GUI, observed button behavior did not change

Change-Id: I9b6443051fd30770853e589fcd2a7231f85fd082
Signed-off-by: Ed Tanous <ed.tanous@intel.com>

show more ...

Fix issue about menu not disappearing on firmware page

In firmware update page "More info” dialog did not disappear until
it is clicked again. With this push users can click anywhere outside
the me

Fix issue about menu not disappearing on firmware page

In firmware update page "More info” dialog did not disappear until
it is clicked again. With this push users can click anywhere outside
the menu and it disappears.

Resolves openbmc/phosphor-webui#32

Change-Id: I1519caf2428c702af03fb0e4dd8a08d0c0588abf
Signed-off-by: Ryan Arnell <iffy.ryan@ibm.com>

show more ...

Make actions visible in a disabled state

In event log page, main actions are made visible all the time in a disabled
state. Once select a log item is selected, the corresponding actions become
activ

Make actions visible in a disabled state

In event log page, main actions are made visible all the time in a disabled
state. Once select a log item is selected, the corresponding actions become
active.

Resolves openbmc/phosphor-webui#26

Change-Id: Idd7dced5984b7d103a706abc12c1e4889710d420
Signed-off-by: Iftekharul Islam <iffy.ryan@ibm.com>

show more ...

Fix Server power operations page style

On the Server power operations page, need a width: 100% for the
"Select a power operation" header.

Drop "Row" from power operations div to fix confirm modal b

Fix Server power operations page style

On the Server power operations page, need a width: 100% for the
"Select a power operation" header.

Drop "Row" from power operations div to fix confirm modal being
cut off.

These are needed because of the move to Bootstrap 4.
84e114a

Resolves openbmc/phosphor-webui#51

Change-Id: I7250daf2aed4ce5af7ed5acdf61a65cc38deac72
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>

show more ...

fix date/time representation in national locales

Added "localeDate" filter to present date and time in preferred format:
- the date will be displayed as: 'Dec 3, 2018'
- the time will be displayed

fix date/time representation in national locales

Added "localeDate" filter to present date and time in preferred format:
- the date will be displayed as: 'Dec 3, 2018'
- the time will be displayed in locale preferred format.
- the timezone will be displayed as abbrev or GMT+/-offset.

At the 'Date and Time setting' the time zone name will displayed in long
format if it is possible.

All text parts of date/time representation will be in English.

Resolves: openbmc/phosphor-webui#42

Change-Id: I2fdbb47c62dfc5000039b0c00a20f64a9a389fc6
Signed-off-by: Alexander Filippov <a.filippov@yadro.com>

show more ...

Remove AngularUtils

The AngularUtils library is no longer maintained. This brings
the pagination directive used on the log events page into the
project and removes it from package.json

Resolves ope

Remove AngularUtils

The AngularUtils library is no longer maintained. This brings
the pagination directive used on the log events page into the
project and removes it from package.json

Resolves openbmc/phosphor-webui#10

Change-Id: I8235ef6ff325c9b0d8440d203816a38ded5d3890
Signed-off-by: beccabroek <beccabroek@gmail.com>

show more ...

Remove bower.json

bower.json is an incomplete, outdated package list.
Remove it to not confuse people.
The current list could not be used to build the app.

Tested: npm install && npm run-script b

Remove bower.json

bower.json is an incomplete, outdated package list.
Remove it to not confuse people.
The current list could not be used to build the app.

Tested: npm install && npm run-script build
Change-Id: Iae1f9b255eec5027f5e2c1a7d98fd1850addae3f
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>

show more ...

Downgrade event-stream package to 3.3.4

From the phosphor-webui alert:
"The NPM package flatmap-stream is considered malicious.
A malicious actor added this package as a dependency to the NPM
event-

Downgrade event-stream package to 3.3.4

From the phosphor-webui alert:
"The NPM package flatmap-stream is considered malicious.
A malicious actor added this package as a dependency to the NPM
event-stream package in versions 3.3.6 and later. Users of
event-stream are encouraged to downgrade to the last non-malicious
version, 3.3.4."

More information can be found at:
https://github.com/dominictarr/event-stream/issues/116
https://arstechnica.com/information-technology/2018/11/hacker-backdoors-widely-used-open-source-software-to-steal-bitcoin/

Tested: Manually on a Witherspoon.
Change-Id: I2555ee04be69cc42f99cf3a5d18a99a4d5c26324
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>

show more ...