Allow to log in when using remote authentication

For accounts authenticated remotely (e.g. with LDAP or RADIUS) the API
endpoint (handled by bmcweb) can not provide any information about
RoleId curr

Allow to log in when using remote authentication

For accounts authenticated remotely (e.g. with LDAP or RADIUS) the API
endpoint (handled by bmcweb) can not provide any information about
RoleId currently, reporting 404 instead. This confuses the frontend and
it doesn't allow to navigate at all.

Fix this by lifting all frontend-side restrictions by assuming
'Administrator' role in this case. Since the backend verifies validity
of each and every request anyway this doesn't affect security anyhow.

Tested: logging in, out and incorrectly using local BMC and remote LDAP
users, reloading the page with an active session. In all cases frontend
behaved as expected, storing assumed RoleId after getting 404 not found
reply and using it for unrestricted routing decisions.

Change-Id: If17d06bf0b8a372acd1980f6777227e25d9c78d8
Signed-off-by: Paul Fertser <fercerpav@gmail.com>

show more ...

Deduplicate and simplify RoleId handling

To improve UX for users of accounts with restricted permissions the
frontend determines the current RoleId. Knowing that it can hide menus
and inhibit transi

Deduplicate and simplify RoleId handling

To improve UX for users of accounts with restricted permissions the
frontend determines the current RoleId. Knowing that it can hide menus
and inhibit transitions that are not allowed by the backend in any case.

This patch unifies the handling by moving processing of the API reply
containing RoleId in the single place, right where
`authentication/getUserInfo` store gets it. This makes the program flow
easier to understand and change if needed without worrying of where
another copy of the code might be and how it would need to be amended.

No functional change.

Tested: logging in and out, navigating the pages, getting an error
message when wrong credentials are used, reloading the page with an
established session. All while observing Network and Console tabs in Web
Developer tools, no unexpected API requests are made and no unexpected
errors reported. Confirmed in debugger that the retrieved role gets
stored and used for routing restrictions.

Change-Id: Ia8782f44cb6bf813954d30b8bf3a620a626ad455
Signed-off-by: Paul Fertser <fercerpav@gmail.com>

show more ...

Remove phosphor-rest style login

As part of [1] There are deprecated login flows that webui-vue seems to
have copied from phosphor-rest. These were originally added because
phosphor-rest didn't loo

Remove phosphor-rest style login

As part of [1] There are deprecated login flows that webui-vue seems to
have copied from phosphor-rest. These were originally added because
phosphor-rest didn't look at response codes, but webui-vue does, so we
can use the normal version, which allows us to reduce the code in
bmcweb.

This needs to go the same time as [1].

Tested: Gunnar tested with 65810 and this works.

[1] https://gerrit.openbmc.org/c/openbmc/bmcweb/+/65810

Change-Id: I1e55f08cf1d7d44b6757ac4173a26546eaca72e5
Signed-off-by: Ed Tanous <edtanous@google.com>
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>

show more ...

Fix logout button not work on Safari

After logged on via Safari web browser, click <user> -> Log out button
does not take effect until clicking on other tab. The current page still
works normally. F

Fix logout button not work on Safari

After logged on via Safari web browser, click <user> -> Log out button
does not take effect until clicking on other tab. The current page still
works normally. For example, in Virtual Media page, after clicking on
the Log out button, nothing happens and we can still mount ISO file.
The issue does not happen on Chrome or Firefox.

Fix the issue by changing router.go() to router.push().

Reference:
https://github.com/vuejs/vue-router/issues/2554
https://codewithandrea.com/articles/flutter-navigation-gorouter-go-vs-push/

Tested:
1. Check if the issue does not happen on Safari anymore.
2. Check if no issue with Google Chrome and Mozilla Firefox.

Change-Id: I2ae35dad2dec6b19c3cb9d7f8d577b6077ac8d9c
Signed-off-by: Thang Q. Nguyen <thang@os.amperecomputing.com>
Signed-off-by: HuyLe <hule@amperecomputing.com>

show more ...

Added route restrictions based on user privilege

This commit allows us to add 'exclusiveToRoles' field to
route config files, with the list of roles that can access
this resource, if needed. In this

Added route restrictions based on user privilege

This commit allows us to add 'exclusiveToRoles' field to
route config files, with the list of roles that can access
this resource, if needed. In this case, only Administrator
can access Virtual-Media page and SOL console, and it is blocked for other
users.

Signed-off-by: Sivaprabu Ganesan <sivaprabug@ami.com>
Change-Id: Ibcee18bd92d97c34414ecaf2caf6af28070c5538

show more ...

Closed KVM new window after WEBUI logged out

Description:

When KVM is opened in new window, after WEB UI is logged out,
opened KVM window is not getting closed. It remains opened and
accessible.

R

Closed KVM new window after WEBUI logged out

Description:

When KVM is opened in new window, after WEB UI is logged out,
opened KVM window is not getting closed. It remains opened and
accessible.

Root Cause:

There is not handle to close the KVM new window after the WEB UI
logged out.

Fix:

Added the KVM window opened information in store, and checked that
information to close the window.

Tested:

Step 1: Login to WEB UI
Step 2: Navigate to Operations -> KVM
Step 3: Open KVM in new window
Step 4: Click Logout in WEB UI

Result:

After successful log out, KVM new window is closed as expected.

Change-Id: Iab8e54d3088a08fb0ae9b581b2647fc0ab5460bd
Signed-off-by: Kirankumar Ballapalli <kirankumarb@ami.com>

show more ...

[POC] login: Fix waiting in login page after login

When the user enter the correct username/password and click the "Log in"
button, sometimes the page stays at the login page. The user will have
to

[POC] login: Fix waiting in login page after login

When the user enter the correct username/password and click the "Log in"
button, sometimes the page stays at the login page. The user will have
to reload the page, enter the username/password, and click the "Log in"
button again to actually login the WebUI.

From the browser's debug control, we could see it's waiting for the
response of
https://$bmc/redfish/v1/AccountService/Accounts/root
and it does not get any response.

From the BMC side, we could see the first login is successful.

Somehow if we remove the async keyword of function
checkPasswordChangeRequired(), the issue is not reproduced anymore.

So this is a POC patch to fix the issue, but the root cause is unknown.

Tested: Clear the browser's cookie, successful login multiple times.

Signed-off-by: Lei YU <yulei.sh@bytedance.com>
Change-Id: I01e3ab5ca63baed18045915500fa8ca2e6b247ea

show more ...

Update linting packages to use latest

- 99% of changes were small syntax changes that were changed by the
lint command. There were a couple of small manual changes to meet the
property order pattern

Update linting packages to use latest

- 99% of changes were small syntax changes that were changed by the
lint command. There were a couple of small manual changes to meet the
property order patterns established as part of the vue:recommended
guidelines.

There are rules that were set from errors to warnings and new stories
are being opened to address those issues.

Testing:
- Successfully ran npm run serve
- Successfully ran npm run lint
- Verified functionality works as expected, e.g. success and failure use cases
- Resolved any JavaScript errors thrown to the console

Signed-off-by: Derick Montague <derick.montague@ibm.com>
Change-Id: Ie082f31c73ccbe8a60afa8f88a9ef6dbf33d9fd2

show more ...

Add support for mutual TLS

Adding check for 'IsAuthenticated' cookie in AuthenticationStore
and adding a check in created hook for AppHeader component because
it is visible on all authenticated page

Add support for mutual TLS

Adding check for 'IsAuthenticated' cookie in AuthenticationStore
and adding a check in created hook for AppHeader component because
it is visible on all authenticated pages.

Signed-off-by: Yoshie Muranaka <yoshiemuranaka@gmail.com>
Change-Id: Ic558c9c45fd3f5874c8c516cb6bc005cba4946e2

show more ...

Update relative path imports to use '@' alias

- Add '@/' instead of '../../../'

Signed-off-by: Suren Neware <sneware9@in.ibm.com>
Change-Id: Ida1dc26f2bd62f38914a74b729ee8fd143c360ac

Add check if password change required at Login

After successfully authenticating on the Login page, check
/redfish/v1/AccountService/Accounts/${username} endpoint for
the PasswordChangeRequired prop

Add check if password change required at Login

After successfully authenticating on the Login page, check
/redfish/v1/AccountService/Accounts/${username} endpoint for
the PasswordChangeRequired property to see whether or not the
password is expired. If the password is expired, then navigate
to the Change password page, if the password isn't expired
navigate to the Overview page.
After successfully changing an expired password, navigate to the
Overview page.

Signed-off-by: Yoshie Muranaka <yoshiemuranaka@gmail.com>
Change-Id: I32de5f71bcfcbe4099c2953a31c05ba0ebe670bc

show more ...

Profile settings page

-To set the profile by setting password.
-This commit adds a profile page which allows the user to change their
password.
In the future, the profile page will also contain user

Profile settings page

-To set the profile by setting password.
-This commit adds a profile page which allows the user to change their
password.
In the future, the profile page will also contain user settings like
language and timezone.

The API called to change the user's
password is '/redfish/v1/AccountService/Accounts/<userName>'

Signed-off-by: Sukanya Pandey <sukapan1@in.ibm.com>
Change-Id: Ie54a54beff8c85bc9ac5af21c35edc481b34cf44

show more ...

Add XSRF token to websocket connection

Resolves HTTP authentication failure when attempting to make
a websocket connection.

Signed-off-by: Yoshie Muranaka <yoshiemuranaka@gmail.com>
Change-Id: Ie83

Add XSRF token to websocket connection

Resolves HTTP authentication failure when attempting to make
a websocket connection.

Signed-off-by: Yoshie Muranaka <yoshiemuranaka@gmail.com>
Change-Id: Ie833f1cd281dd3b7124ac798eb5318b24df0ed8f

show more ...

Fix accessibility violations and use b-form-group

- Update authError to be set to false in order to hide the error
message when the user logs in. This is needed if the user name
or password are inco

Fix accessibility violations and use b-form-group

- Update authError to be set to false in order to hide the error
message when the user logs in. This is needed if the user name
or password are incorrect multiple times. If it is not hidden
between login attempts, the user will only be notified on the
first attempt.
- Use the b-form-group component for consistency.
- Add id attributes to the required field error messages so that
the error can be added to the input field's aria-describedby attribute

Signed-off-by: Derick Montague <derick.montague@ibm.com>
Change-Id: I86902cc2c85b3bbf156c2920ec2031ee4dccd2ef

show more ...

Clear application state on logout

Remove the authError state property from the logout mutation
since the the authError would not be in the true state after
a successful login.

Signed-off-by: Derick

Clear application state on logout

Remove the authError state property from the logout mutation
since the the authError would not be in the true state after
a successful login.

Signed-off-by: Derick Montague <derick.montague@ibm.com>
Change-Id: Ibfe8b07c4e9e37dfab4435596c12e9a36556a714

show more ...

Update local user layout and styles

Resubmitting after reverted–original commit here
https://gerrit.openbmc-project.xyz/c/openbmc/webui-vue/+/28790

- Add BVConfig plugin to modify boostrap componen

Update local user layout and styles

Resubmitting after reverted–original commit here
https://gerrit.openbmc-project.xyz/c/openbmc/webui-vue/+/28790

- Add BVConfig plugin to modify boostrap component
defaults
- Add vuelidate
- Add package and basic validations to user form
- Add all user form validations
- Add checks for edit user
- Create VuelidateMixin for shared methods
- Update Login to use Vuelidate

Signed-off-by: Yoshie Muranaka <yoshiemuranaka@gmail.com>
Signed-off-by: Derick Montague <derick.montague@ibm.com>
Change-Id: Ib50ee4d1fb5f14637c9460e77f0682869a86ac8a

show more ...

Add login form validation

- Sending incorrect credentials returns a 401 and we don't want the page
to redirect if we are trying to login. Wrapped the redirect in an if
block.
- Returning a promise u

Add login form validation

- Sending incorrect credentials returns a 401 and we don't want the page
to redirect if we are trying to login. Wrapped the redirect in an if
block.
- Returning a promise used by the logout action, which is needed
when not redirecting the page. Didn't add to the if block since
other errors that use the router to redirect will need the Promise
returned also, e.g. 403.

Signed-off-by: Derick Montague <derick.montague@ibm.com>
Change-Id: I6db706ef7c71ed13baed95dc4264e6ae11d13ad3

show more ...

Add singlequote override and fix files

Based on phosphor-webui and JavaScript common practices we are setting
ESLint to required single quote for JS files and double quote for
SCSS files. This commi

Add singlequote override and fix files

Based on phosphor-webui and JavaScript common practices we are setting
ESLint to required single quote for JS files and double quote for
SCSS files. This commit adds the ESLint override to the prettier rules
and runs the npm lint script that fixes the files that violate the
rule.

Signed-off-by: Derick Montague <derick.montague@ibm.com>
Change-Id: I50cba77b2d0797595ce94258029608efa8665005

show more ...

Add cookie based login authentication

- Changed POST request data structure to match
backend requirements for set-cookie in response
header
- Added withCredentials property to default
axios co

Add cookie based login authentication

- Changed POST request data structure to match
backend requirements for set-cookie in response
header
- Added withCredentials property to default
axios config
- Modifying proxied response to remove 'Secure' flag
so browser can create Cookie while running locally
- Add logout api request
- Add js-cookie package to manage browser cookies
- Update the babel preset config to include useBuiltIns,
which resolves MIME type errors when overlaying
- Disable vue-router history mode to use routher hash mode
to resolves 404 errors when refreshing certain pages. This
is expected behavior with history mode enabled. Server
configuration changes are required to support HTML5
history mode: https://router.vuejs.org/guide/essentials/history-mode.html#example-server-configurations

Signed-off-by: Yoshie Muranaka <yoshiemuranaka@gmail.com>
Signed-off-by: Derick Montague <derick.montague@ibm.com>
Change-Id: I5d43f36ef546962474b6cc8fff89564f29048fde

show more ...

Add login and logout functionality

- Add AuthenticationStore
- Add ability to login and logout
- Add route navigation guard
- Add login styles
- Add temporary authentication for api call
- Add Login

Add login and logout functionality

- Add AuthenticationStore
- Add ability to login and logout
- Add route navigation guard
- Add login styles
- Add temporary authentication for api call
- Add Login directory
- Add index.js

In order to login a .env.development.local file that contains
BASE_URL="https://<ip address> or <FQDN>"

Signed-off-by: Derick Montague <derick.montague@ibm.com>
Change-Id: I88b93e287e66f4bae82a1ec2934cdef12d78264e

show more ...