ce7db82c | 05-Jul-2024 |
Paul Fertser <fercerpav@gmail.com> |
Retrieve role information the Redfish standard way
Currently webui-vue has a hardcoded list of pages and sidebar menu items restricted to a specific Redfish role (from a predefined default set). To
Retrieve role information the Redfish standard way
Currently webui-vue has a hardcoded list of pages and sidebar menu items restricted to a specific Redfish role (from a predefined default set). To disallow navigating to restricted pages and to hide disallowed menu items the application needs to know the roles assigned to the session.
bmcweb only implements a single role identity per session so the Roles array returned within a Session object always has just one element.
This patch changes the mechanism used to retrieve the current role from buggy direct query to AccountService (which can only return information about BMC local users) to extracting it from standard Redfish Session object.
In case the role is not available (e.g. when backend implementation predates #Session.v1_7_0.Session) the application assumes Administrator role which is meant as a best effort to continue working given the circumstances. This doesn't pose a security risk because all validation is always performed by the backend itself, so the worst that can happen is end user getting error messages trying to access something without enough privileges.
Tested: logging in and out of accounts with different roles without reloading the page, observing the list of queries made, the role variable assignments and presence of the menu items depending on account, navigating to different pages. Also tested reloading the page and confirmed the correct role was retrieved without going through login again. Also tested deleting and mangling localStorage variable sessionURI prior to doing page reload, in those cases redirect to login page was observed.
Change-Id: I8b6c84060a987489cc1d35c46c1b00618a88b607 Signed-off-by: Paul Fertser <fercerpav@gmail.com>
show more ...
|
825059ac | 04-Oct-2024 |
Surya Venkatesan <suryav@ami.com> |
i18n fix after vue3 merge to master
Fix i18n issue in the Power restore policy, Inventory LEDs, and User management page.
After merge the vue3 code to master the i18n Power restore policy, Inventor
i18n fix after vue3 merge to master
Fix i18n issue in the Power restore policy, Inventory LEDs, and User management page.
After merge the vue3 code to master the i18n Power restore policy, Inventory LEDs, and User management page got conflicts and old code retrieved in master. So unable to render the Power restore policy, Inventory LEDs and unable to disable the user in user management page
change the i18n.t method to i18n.global.t for the vue3 support.
Change-Id: I46f3f56632308ceaee321dd896e16e922d964b60 Signed-off-by: Surya Venkatesan <suryav@ami.com>
show more ...
|
1a814b9f | 23-Sep-2024 |
Surya Venkatesan <suryav@ami.com> |
LDAP and server power operation page fix
In LDAP loading declare outside the form, form validation condition change, server power operation page validation added and i18n method changed in the event
LDAP and server power operation page fix
In LDAP loading declare outside the form, form validation condition change, server power operation page validation added and i18n method changed in the event log store.
Change-Id: I903b4dec7da1a5a2cc8441c65693c57201405d70 Signed-off-by: Surya Venkatesan <suryav@ami.com>
show more ...
|
4626aec4 | 19-Sep-2024 |
Surya Venkatesan <suryav@ami.com> |
Network page validation and i18n issue fix
In network page invalid if condition changed, added validations and i18n function changed based on the vue 3 support.
Change-Id: If5b9c00f6da722984f1c568c
Network page validation and i18n issue fix
In network page invalid if condition changed, added validations and i18n function changed based on the vue 3 support.
Change-Id: If5b9c00f6da722984f1c568cfbcb6b34537c3df1 Signed-off-by: Surya Venkatesan <suryav@ami.com>
show more ...
|
de23ea23 | 11-Jul-2024 |
Surya V <suryav@ami.com> |
Vuelidate, I18n, and filter are upgraded to vue3
While navigating to the pages i18n, vuelidate, and filters errors occurred. i18n, and vuelidate code changes in each page adapted to vue3. Filter glo
Vuelidate, I18n, and filter are upgraded to vue3
While navigating to the pages i18n, vuelidate, and filters errors occurred. i18n, and vuelidate code changes in each page adapted to vue3. Filter global function for date and time format implemented in the main.js file and those files which as called the filter functions.
Change-Id: If1a2ee22d47750faef1c35ef2c263299067d9a20 Signed-off-by: Surya Venkatesan <suryav@ami.com>
show more ...
|
41303975 | 30-Sep-2024 |
Nikhil Ashoka <a.nikhil@ibm.com> |
Updated Power restore policy URI
- Previously, we used to get the values for power restore policy page from“JsonSchemas/ComputerSystem/ComputerSystem.json”. Now we have removed the hardcoded API
Updated Power restore policy URI
- Previously, we used to get the values for power restore policy page from“JsonSchemas/ComputerSystem/ComputerSystem.json”. Now we have removed the hardcoded API call and are fetching the values from the JsonSchemas/ComputerSystem’s URI because we would have versioned ComputerSystem.json in the redfish response.
Change-Id: I1a25cbbb3dfc536485a6f71a359ae32c6eadf5f7 Signed-off-by: Nikhil Ashoka <a.nikhil@ibm.com>
show more ...
|
51feb353 | 27-Sep-2024 |
Sean Zhang <xiazhang@nvidia.com> |
Fix event entry download
Event entry should be downloaded with specific http header of "Accept: application/octet-stream" or "*/*", but the default http header is set to "Accept: application/json",
Fix event entry download
Event entry should be downloaded with specific http header of "Accept: application/octet-stream" or "*/*", but the default http header is set to "Accept: application/json", so need to specify the header for event downloading.
Refer: https://gerrit.openbmc.org/c/openbmc/bmcweb/+/40136
Tested: Event entry data can be downloaded with the fix.
Change-Id: Ia45123340da79a54fc4229470e6822206b8df808 Signed-off-by: Sean Zhang <xiazhang@nvidia.com>
show more ...
|
ccf5c5c8 | 12-Sep-2024 |
jason westover <jwestover@nvidia.com> |
Add default Target to MultipartHttpPush
When no targets are provided, webui will now default to the BMC: i.e. "/redfish/v1/Managers/bmc"
The current version of bmcweb requires the Targets parameter
Add default Target to MultipartHttpPush
When no targets are provided, webui will now default to the BMC: i.e. "/redfish/v1/Managers/bmc"
The current version of bmcweb requires the Targets parameter. bmcweb will be updated for multipart to match the behavior of simpleupdate: if Targets is empty or missing, default to the BMC.
Also, the fwupdate page will be updated soon to allow the selection of Targets from the FirmwareInventory list.
This should be a temp webui fix until we are comfortable with the upcoming changes to bmcweb.
Change-Id: I630dcb40068b98aad8e1d276d17fe9af4793e788 Signed-off-by: jason westover <jwestover@nvidia.com>
show more ...
|
e2c716a9 | 28-Jul-2024 |
Leo Xu <yongquanx@nvidia.com> |
Add support for MultipartHttpPushUri in fw push
According to the Redfish Firmware Update Whitepaper [1] due to the vendor-specific details of this operation, HttpPushUri has been deprecated in f
Add support for MultipartHttpPushUri in fw push
According to the Redfish Firmware Update Whitepaper [1] due to the vendor-specific details of this operation, HttpPushUri has been deprecated in favor of multipartHTTP push updates.
Availability of update methods is determined from the UpdateService response.
If MultipartHttpPushUri is found it will be preferred over HttpPushUri
Tested: -Firmware update by performed via MultipartHttpPushUri
[1]: https://www.dmtf.org/sites/default/files/standards/documents/DSP2062_1.0.1.pdf
Change-Id: I184a889514d5f9f9598f35b2281404335bc0bc82 Signed-off-by: Leo Xu <yongquanx@nvidia.com>
show more ...
|
09a3b9e0 | 03-Jul-2024 |
Paul Fertser <fercerpav@gmail.com> |
Use auth token when not communicating with bmcweb
Redfish backends other than OpenBMC bmcweb expect clients to authenticate using X-Auth-Token HTTP header as that's the only standard authentication
Use auth token when not communicating with bmcweb
Redfish backends other than OpenBMC bmcweb expect clients to authenticate using X-Auth-Token HTTP header as that's the only standard authentication method for Redfish sessions.
This code falls back to using the token in case Session creation didn't result in obtaining an XSRF cookie (as should normally happen with bmcweb).
Limitations: all WebSocket-based functionality can not work (JS-based NBD Virtual Media, IP KVM, SOL), page reload drops the session and requires to log in again.
Tested: logging in, observing Overview and successfully logging out of an AMI MegaRAC BMC. Logging in and navigating around a bmcweb-running system which doesn't have the code to provide cookies for Session POST request (everything works as usual sans WS-based features).
Change-Id: I81dc881193440d8d252dcd283b99915bd08c0c5e Signed-off-by: Paul Fertser <fercerpav@gmail.com>
show more ...
|
6de03414 | 05-Jul-2024 |
Paul Fertser <fercerpav@gmail.com> |
Handle expired passwords Redfish standard way
A password can expire at any moment during session lifetime and bmcweb starts returning 403 Forbidden errors to the requests made after that. The respon
Handle expired passwords Redfish standard way
A password can expire at any moment during session lifetime and bmcweb starts returning 403 Forbidden errors to the requests made after that. The response contains clear indication of the condition in the standard `@Message.ExtendedInfo` attribute which is an array of Message objects.
Previously the code was trying to detect this condition by querying AccountService after logging in but this approach doesn't work when password expires mid-session. Also it was limited to BMC-managed accounts and used hardcoded account URIs in violation of Redfish spec.
This patch adds to the interceptor of 403 error so that the user is automatically redirected to the password change page as soon as the condition is detected.
The same message is also present in the session creation POST response 201 if the password expired before the log in attempt, in this case the session is created as usual but the user is automatically redirected to password change page before any further requests are made.
Tested: logging in, navigating, logging out with non-expired password. Logging in, navigating, then running `passwd -e <accountname>` via ssh leads to functional password change page on the next request and then navigating proceeds normally, and logging out too. If password is expired before logging in the user gets redirected to the password change page automatically after logging in.
Fixes: https://github.com/openbmc/webui-vue/issues/118 Change-Id: I03f5ee2526a4bb1d35d3bbea1142fea077d6bfed Signed-off-by: Paul Fertser <fercerpav@gmail.com>
show more ...
|
582e954e | 05-Jul-2024 |
Sean Zhang <xiazhang@nvidia.com> |
Fix single event entry download
For event entry download, the href not work since the event entry download only work with header of "Accept: application/octet-stream" or the default "*/*", change to
Fix single event entry download
For event entry download, the href not work since the event entry download only work with header of "Accept: application/octet-stream" or the default "*/*", change to click function to make it work.
Refer: https://gerrit.openbmc.org/c/openbmc/bmcweb/+/40136
Change-Id: I11051e913bfd71ef081bed93ffcbeeb1edd8c730 Signed-off-by: Sean Zhang <xiazhang@nvidia.com>
show more ...
|
1ff8e89f | 10-Jun-2024 |
Paul Fertser <fercerpav@gmail.com> |
Switch to standard Redfish auth endpoint
To be able to talk to a Redfish-compliant implementation webui should switch from old non-standard login and logout endpoints to creating a Session via an ap
Switch to standard Redfish auth endpoint
To be able to talk to a Redfish-compliant implementation webui should switch from old non-standard login and logout endpoints to creating a Session via an appropriate POST request and to DELETE it on logout. This also gives us standard Session object with all the relevant parameters which allows the frontend to know what session it's using, what permissions it has etc.
This works against bmcweb which checks for the presence of webui-vue-specific "X-Requested-With" header in the request and provides cookies in addition to the Redfish authentication token in the header.
Tested: logging in, logging out, navigating the pages, reloading the page doesn't require logging in (if the session isn't expired), WebSocket connections work.
Change-Id: I9d6159850b109a658b8f980637653e7e4576058b Signed-off-by: Paul Fertser <fercerpav@gmail.com>
show more ...
|
bc49e091 | 11-Jun-2024 |
Nikhil Ashoka <a.nikhil@ibm.com> |
Removed TFTP code update option
- Removed TFTP server firmware update ability in the UI.
Signed-off-by: Nikhil Ashoka <a.nikhil@ibm.com> Change-Id: Icbeddc7a3faa262f12e85268206ae70850f37905 |
08039ab7 | 26-Jun-2024 |
Sean Zhang <xiazhang@nvidia.com> |
fix reboot BMC error message
Remove getLastBmcRebootTime after post BMC reboot action since BMC connection will be lost after reboot. The last BMC reboot time will be got after reboot BMC page loadi
fix reboot BMC error message
Remove getLastBmcRebootTime after post BMC reboot action since BMC connection will be lost after reboot. The last BMC reboot time will be got after reboot BMC page loading, and after BMC reboot, user need reload the WEB UI, so there is also no need to send Redfish request to get the last BMC reboot time just after the post the BMC reboot action.
Change-Id: Ic5d0cbca23a61610cc387a4046b85e9c20c255ea Signed-off-by: Sean Zhang <xiazhang@nvidia.com>
show more ...
|
db47b7e1 | 12-Jun-2024 |
Sean Zhang <xiazhang@nvidia.com> |
Add support for IPv6 network setting
Add IPv6 setting in network setting page. - Add IPv6 domain name, DNS servers, NTP servers enable/disable - Add DHCPv6 enable/disable - Add IPv6 default gateway
Add support for IPv6 network setting
Add IPv6 setting in network setting page. - Add IPv6 domain name, DNS servers, NTP servers enable/disable - Add DHCPv6 enable/disable - Add IPv6 default gateway - Add IPv6 addresses - Add IPv6 static addresses - Add IPv6 static addresses adding and deleting
Tested: - IPv6 domain name, DNS servers, NTP servers enable/disable function - DHCPv6 enable/disable function - Verified the IPv6 default gateway - IPv6 addresses adding and deleting - Verified the IPv6 addresses in IPv6 table
Change-Id: I9eebf6ef5f7de748f79779d8168b8dcfcdda2495 Signed-off-by: Sean Zhang <xiazhang@nvidia.com>
show more ...
|
8841b7d4 | 15-Jun-2024 |
Sean Zhang <xiazhang@nvidia.com> |
Replace fixed paths with response from API
Currently, the Redfish request used fixed URIs, modify the code to use the BMC and System paths got from response of API calls. For CertificateStore, since
Replace fixed paths with response from API
Currently, the Redfish request used fixed URIs, modify the code to use the BMC and System paths got from response of API calls. For CertificateStore, since it was using the URL for constant variable assignment, changed the constant CERTIFICATE_TYPES to method call.
Change-Id: I330b7272083e3e6993aae5705aae170b8e9a4659 Signed-off-by: Sean Zhang <xiazhang@nvidia.com>
show more ...
|
ccb71f0b | 18-Jun-2024 |
Jagpal Singh Gill <paligill@gmail.com> |
remove setApplyTimeImmediate and its usage
BMCWeb is dropping the support for patch for ApplyOptions, hence remove the setApplyTimeImmediate and its corresponding usage from webui. The related patch
remove setApplyTimeImmediate and its usage
BMCWeb is dropping the support for patch for ApplyOptions, hence remove the setApplyTimeImmediate and its corresponding usage from webui. The related patch from bmcweb is as under - https://gerrit.openbmc.org/c/openbmc/bmcweb/+/72150
Change-Id: I4ef64485103db843e1280bc5b8bd8be63813c368 Signed-off-by: Jagpal Singh Gill <paligill@gmail.com>
show more ...
|
f11a1901 | 09-May-2024 |
Nikhil Ashoka <a.nikhil@ibm.com> |
Added toast notification for identify LEDs
- Added success toast notification messages for identify LEDs present at Inventory and LEDs page and Overview.
- Import of Toast was not present in Over
Added toast notification for identify LEDs
- Added success toast notification messages for identify LEDs present at Inventory and LEDs page and Overview.
- Import of Toast was not present in Overview's Inventory card and DIMM slot table, fixed it.
Signed-off-by: Nikhil Ashoka <a.nikhil@ibm.com> Change-Id: If9ad84e66f6f15616cb8af51b1e84d8d06b1afd0
show more ...
|
dfba4e54 | 23-Apr-2024 |
Vedangi Mittal <vedangimittal@vedangis-mbp.in.ibm.com> |
Removed Challenge password option from Generate CSR panel
- Unable to generate Certificate Signing Request (CSR) when filling optional field-Challenge password values on Certificate page. - Hence,
Removed Challenge password option from Generate CSR panel
- Unable to generate Certificate Signing Request (CSR) when filling optional field-Challenge password values on Certificate page. - Hence, removed the Challenge password option from the Generate CSR panel.
Change-Id: I862f024de84f34738be5e5cd22701b63c2309152 Signed-off-by: Vedangi Mittal <vedangimittal3004@gmail.com>
show more ...
|
2b33526c | 11-Apr-2024 |
Paul Fertser <fercerpav@gmail.com> |
Allow to log in when using remote authentication
For accounts authenticated remotely (e.g. with LDAP or RADIUS) the API endpoint (handled by bmcweb) can not provide any information about RoleId curr
Allow to log in when using remote authentication
For accounts authenticated remotely (e.g. with LDAP or RADIUS) the API endpoint (handled by bmcweb) can not provide any information about RoleId currently, reporting 404 instead. This confuses the frontend and it doesn't allow to navigate at all.
Fix this by lifting all frontend-side restrictions by assuming 'Administrator' role in this case. Since the backend verifies validity of each and every request anyway this doesn't affect security anyhow.
Tested: logging in, out and incorrectly using local BMC and remote LDAP users, reloading the page with an active session. In all cases frontend behaved as expected, storing assumed RoleId after getting 404 not found reply and using it for unrestricted routing decisions.
Change-Id: If17d06bf0b8a372acd1980f6777227e25d9c78d8 Signed-off-by: Paul Fertser <fercerpav@gmail.com>
show more ...
|
bceaffac | 10-Apr-2024 |
Paul Fertser <fercerpav@gmail.com> |
Deduplicate and simplify RoleId handling
To improve UX for users of accounts with restricted permissions the frontend determines the current RoleId. Knowing that it can hide menus and inhibit transi
Deduplicate and simplify RoleId handling
To improve UX for users of accounts with restricted permissions the frontend determines the current RoleId. Knowing that it can hide menus and inhibit transitions that are not allowed by the backend in any case.
This patch unifies the handling by moving processing of the API reply containing RoleId in the single place, right where `authentication/getUserInfo` store gets it. This makes the program flow easier to understand and change if needed without worrying of where another copy of the code might be and how it would need to be amended.
No functional change.
Tested: logging in and out, navigating the pages, getting an error message when wrong credentials are used, reloading the page with an established session. All while observing Network and Console tabs in Web Developer tools, no unexpected API requests are made and no unexpected errors reported. Confirmed in debugger that the retrieved role gets stored and used for routing restrictions.
Change-Id: Ia8782f44cb6bf813954d30b8bf3a620a626ad455 Signed-off-by: Paul Fertser <fercerpav@gmail.com>
show more ...
|
59a732bc | 09-Oct-2023 |
HuyLe <hule@amperecomputing.com> |
Display Power Supply Inventory from PowerSubsystem
Switch Power Supply information to use information from the new PowerSubsystem since bmcweb enabled this by default, any other modern Redfish imple
Display Power Supply Inventory from PowerSubsystem
Switch Power Supply information to use information from the new PowerSubsystem since bmcweb enabled this by default, any other modern Redfish implementation should have this schema enabled.
Tested: On Ampere MtJade platform 1. Login to WebUI; Hardware Status; Inventory 2. Inventory information for power supplies is displayed.
Change-Id: Iad59d0145b47bcd5eb3cb4ff852e50da976a6005 Signed-off-by: HuyLe <hule@amperecomputing.com>
show more ...
|
5c2f61a5 | 07-Mar-2024 |
Konstantin Aladyshev <aladyshev22@gmail.com> |
Correct Actions/Manager.ResetToDefaults parameter name
According to the Redfish Data Model specification the correct parameter name for the '/Actions/Manager.ResetToDefaults' action is not 'ResetToD
Correct Actions/Manager.ResetToDefaults parameter name
According to the Redfish Data Model specification the correct parameter name for the '/Actions/Manager.ResetToDefaults' action is not 'ResetToDefaults' but 'ResetType'. Change parameter name to match with the specification.
Tested: Reset operation still works as expected.
Change-Id: I111001800bb812ccb32f51f78f2e02c5f4d10e7c Signed-off-by: Konstantin Aladyshev <aladyshev22@gmail.com>
show more ...
|
2e6c7cc4 | 05-Mar-2024 |
Gunnar Mills <gmills@us.ibm.com> |
Move to new ThermalSubsystem
Remove VUE_APP_FAN_DATA_FROM_THERMAL_SUBSYSTEM. Assume any Redfish implementation we are using has the new ThermalSubsystem. bmcweb, the only webserver, webui-vue suppor
Move to new ThermalSubsystem
Remove VUE_APP_FAN_DATA_FROM_THERMAL_SUBSYSTEM. Assume any Redfish implementation we are using has the new ThermalSubsystem. bmcweb, the only webserver, webui-vue supports today, enabled this by default at https://gerrit.openbmc.org/c/openbmc/bmcweb/+/69228
ThermalSubsystem, PowerSubsystem has been out since 2020.4, so it is reasonable to assume it is there in any modern Redfish implementation.
Tested: Nabil tested and verified this worked.
Signed-off-by: Gunnar Mills <gmills@us.ibm.com> Change-Id: I4952daf30f9b654234dd0e838adebc38cc8c380f
show more ...
|