Handle expired passwords Redfish standard way

A password can expire at any moment during session lifetime and bmcweb
starts returning 403 Forbidden errors to the requests made after that.
The respon

Handle expired passwords Redfish standard way

A password can expire at any moment during session lifetime and bmcweb
starts returning 403 Forbidden errors to the requests made after that.
The response contains clear indication of the condition in the standard
`@Message.ExtendedInfo` attribute which is an array of Message objects.

Previously the code was trying to detect this condition by querying
AccountService after logging in but this approach doesn't work when
password expires mid-session. Also it was limited to BMC-managed
accounts and used hardcoded account URIs in violation of Redfish spec.

This patch adds to the interceptor of 403 error so that the user is
automatically redirected to the password change page as soon as the
condition is detected.

The same message is also present in the session creation POST response
201 if the password expired before the log in attempt, in this case the
session is created as usual but the user is automatically redirected to
password change page before any further requests are made.

Tested: logging in, navigating, logging out with non-expired password.
Logging in, navigating, then running `passwd -e <accountname>` via ssh
leads to functional password change page on the next request and then
navigating proceeds normally, and logging out too. If password is
expired before logging in the user gets redirected to the password
change page automatically after logging in.

Fixes: https://github.com/openbmc/webui-vue/issues/118
Change-Id: I03f5ee2526a4bb1d35d3bbea1142fea077d6bfed
Signed-off-by: Paul Fertser <fercerpav@gmail.com>

show more ...

Fix single event entry download

For event entry download, the href not work since the event entry
download only work with header of "Accept: application/octet-stream" or
the default "*/*", change to

Fix single event entry download

For event entry download, the href not work since the event entry
download only work with header of "Accept: application/octet-stream" or
the default "*/*", change to click function to make it work.

Refer: https://gerrit.openbmc.org/c/openbmc/bmcweb/+/40136

Change-Id: I11051e913bfd71ef081bed93ffcbeeb1edd8c730
Signed-off-by: Sean Zhang <xiazhang@nvidia.com>

show more ...

Switch to standard Redfish auth endpoint

To be able to talk to a Redfish-compliant implementation webui should
switch from old non-standard login and logout endpoints to creating a
Session via an ap

Switch to standard Redfish auth endpoint

To be able to talk to a Redfish-compliant implementation webui should
switch from old non-standard login and logout endpoints to creating a
Session via an appropriate POST request and to DELETE it on logout. This
also gives us standard Session object with all the relevant parameters
which allows the frontend to know what session it's using, what
permissions it has etc.

This works against bmcweb which checks for the presence of
webui-vue-specific "X-Requested-With" header in the request and provides
cookies in addition to the Redfish authentication token in the header.

Tested: logging in, logging out, navigating the pages, reloading the
page doesn't require logging in (if the session isn't expired),
WebSocket connections work.

Change-Id: I9d6159850b109a658b8f980637653e7e4576058b
Signed-off-by: Paul Fertser <fercerpav@gmail.com>

show more ...

Removed TFTP code update option

- Removed TFTP server firmware update ability in the UI.

Signed-off-by: Nikhil Ashoka <a.nikhil@ibm.com>
Change-Id: Icbeddc7a3faa262f12e85268206ae70850f37905

Wrong store function used in Dump.vue

In Dump.vue the "store" function getBmcDumpEntries is used but this
should be getAllDumps. This because Dump.vue wants to get all the dump
entries and not just

Wrong store function used in Dump.vue

In Dump.vue the "store" function getBmcDumpEntries is used but this
should be getAllDumps. This because Dump.vue wants to get all the dump
entries and not just the BCM entries.

Also the output format of getBmcDumpEntries is not what Dump.vue expects
causing that WebUI does not display any dump entry even when BCM dump
entries exists.

Note: The "dumps" path does not exist in the default
src/router/routes.js but (currently) only in src/env/router.ibm.js

Change-Id: I0c211126e1f1d0394455ea7e7ff627814674e1fa
Signed-off-by: Kees Trommel <kees.trommel@aimvalley.com>

show more ...

Fix word-break for group name in edit role group

Apply 'word-break: break-all' style for the group name field in the
Edit role group modal to ensure long group names wrap properly within
their conta

Fix word-break for group name in edit role group

Apply 'word-break: break-all' style for the group name field in the
Edit role group modal to ensure long group names wrap properly within
their container.

The change improves the readability and layout consistency of the
group name display in the modal even if it contains long text.
Fixes #111

Change-Id: Ia424fadc1630bbf28726a7064ff9b14764877d2b
Signed-off-by: Farah Rasheed <Farah.Rasheed1@dell.com>

show more ...

Break long file name into multiple lines

In the FormFile component, break a long file name into
multiple lines using the word-break CSS property. This
ensures that long file names are properly displ

Break long file name into multiple lines

In the FormFile component, break a long file name into
multiple lines using the word-break CSS property. This
ensures that long file names are properly displayed
within their container without causing overflow issues.
Fixes #121

The word-break property will allow the text to wrap onto
the next line at any character, maintaining the layout
integrity and improving the user interface.

Change-Id: Id534dd4e8f7737a60483272f2fdd70deb7a8a002
Signed-off-by: Farah Rasheed <Farah.Rasheed1@dell.com>

show more ...

Update network hostname display style

Add 'word-break: break-all' CSS property to ensure long
hostnames wrap properly within their container. This
prevents overflow issues that occur with long hostn

Update network hostname display style

Add 'word-break: break-all' CSS property to ensure long
hostnames wrap properly within their container. This
prevents overflow issues that occur with long hostnames
without spaces. Fixes #111

The change improves the readability and layout
consistency of the network information display in the
NetworkGlobalSettings view.

Change-Id: I142d18b9507f6ae0a90778e5a338b015507c9d79
Signed-off-by: Farah Rasheed <Farah.Rasheed1@dell.com>

show more ...

Configure Git to handle binary files

Mark `.png` and `.woff` files as binary to prevent line ending
conversions.

Change-Id: Ic9c46d4d62d29aa529d45f3487dcd62f78554bc3
Signed-off-by: Farah Rasheed <F

Configure Git to handle binary files

Mark `.png` and `.woff` files as binary to prevent line ending
conversions.

Change-Id: Ic9c46d4d62d29aa529d45f3487dcd62f78554bc3
Signed-off-by: Farah Rasheed <Farah.Rasheed1@dell.com>

show more ...

fix reboot BMC error message

Remove getLastBmcRebootTime after post BMC reboot action since BMC
connection will be lost after reboot. The last BMC reboot time will be
got after reboot BMC page loadi

fix reboot BMC error message

Remove getLastBmcRebootTime after post BMC reboot action since BMC
connection will be lost after reboot. The last BMC reboot time will be
got after reboot BMC page loading, and after BMC reboot, user need
reload the WEB UI, so there is also no need to send Redfish request to
get the last BMC reboot time just after the post the BMC reboot action.

Change-Id: Ic5d0cbca23a61610cc387a4046b85e9c20c255ea
Signed-off-by: Sean Zhang <xiazhang@nvidia.com>

show more ...

Add support for IPv6 network setting

Add IPv6 setting in network setting page.
- Add IPv6 domain name, DNS servers, NTP servers enable/disable
- Add DHCPv6 enable/disable
- Add IPv6 default gateway

Add support for IPv6 network setting

Add IPv6 setting in network setting page.
- Add IPv6 domain name, DNS servers, NTP servers enable/disable
- Add DHCPv6 enable/disable
- Add IPv6 default gateway
- Add IPv6 addresses
- Add IPv6 static addresses
- Add IPv6 static addresses adding and deleting

Tested:
- IPv6 domain name, DNS servers, NTP servers enable/disable function
- DHCPv6 enable/disable function
- Verified the IPv6 default gateway
- IPv6 addresses adding and deleting
- Verified the IPv6 addresses in IPv6 table

Change-Id: I9eebf6ef5f7de748f79779d8168b8dcfcdda2495
Signed-off-by: Sean Zhang <xiazhang@nvidia.com>

show more ...

Replace fixed paths with response from API

Currently, the Redfish request used fixed URIs, modify the code to use
the BMC and System paths got from response of API calls.
For CertificateStore, since

Replace fixed paths with response from API

Currently, the Redfish request used fixed URIs, modify the code to use
the BMC and System paths got from response of API calls.
For CertificateStore, since it was using the URL for constant variable
assignment, changed the constant CERTIFICATE_TYPES to method call.

Change-Id: I330b7272083e3e6993aae5705aae170b8e9a4659
Signed-off-by: Sean Zhang <xiazhang@nvidia.com>

show more ...

remove setApplyTimeImmediate and its usage

BMCWeb is dropping the support for patch for ApplyOptions, hence remove
the setApplyTimeImmediate and its corresponding usage from webui. The
related patch

remove setApplyTimeImmediate and its usage

BMCWeb is dropping the support for patch for ApplyOptions, hence remove
the setApplyTimeImmediate and its corresponding usage from webui. The
related patch from bmcweb is as under -
https://gerrit.openbmc.org/c/openbmc/bmcweb/+/72150

Change-Id: I4ef64485103db843e1280bc5b8bd8be63813c368
Signed-off-by: Jagpal Singh Gill <paligill@gmail.com>

show more ...

Regenerate package-lock.json

rm package-lock.json. Then regenerate package-lock.json using the yocto
version of npm, nodejs_20.11.1. [1]

devtool modify -n webui-vue <local webui-vue repo>
Then did

Regenerate package-lock.json

rm package-lock.json. Then regenerate package-lock.json using the yocto
version of npm, nodejs_20.11.1. [1]

devtool modify -n webui-vue <local webui-vue repo>
Then did a build.

This adds the integrity / resolved. It is based on a connectrpc
issue[2].

Prefer this solution over 71971[3] due to this using standard NPM.

[1]: https://github.com/openbmc/openbmc/blob/master/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_20.11.1.bb

[2]: https://github.com/connectrpc/connect-es/issues/719#issuecomment-1635874082

[3]: https://gerrit.openbmc.org/c/openbmc/webui-vue/+/71971

Tested: A quick sanity test on the GUI works.

Change-Id: I13c098a7d07b2b8fdf3d82c2eaad3f35167757ae
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>

show more ...

Revert "Add keep-alive option in webpack devServer"

This reverts commit bf37b317496c80dc9a87f49356efdab8a3b50caa.

The current version of the stack doesn't prevent logging in and all
operations with

Revert "Add keep-alive option in webpack devServer"

This reverts commit bf37b317496c80dc9a87f49356efdab8a3b50caa.

The current version of the stack doesn't prevent logging in and all
operations without overriding "Connection:" header.

This overriding is making it impossible to test any WebSocket-based
functionality (IP KVM, SOL, Virtual Media).

Tested: logging in, navigating the interface, using IP KVM and SOL
console.

Fixes: https://github.com/openbmc/webui-vue/issues/94
Change-Id: I6174c75e35784ff370f6adf7841c98ae78a26ceb
Signed-off-by: Paul Fertser <fercerpav@gmail.com>

show more ...

Fixed filter error in dumps page

- We were calling a method that is not present in
@filtered. Fixed this by using the method that is
added for this purpose and not used.

Signed-off-by: Nikhil A

Fixed filter error in dumps page

- We were calling a method that is not present in
@filtered. Fixed this by using the method that is
added for this purpose and not used.

Signed-off-by: Nikhil Ashoka <a.nikhil@ibm.com>
Change-Id: I26b4b7d9be00c79c17dba382c0df6a0f02e1cd89

show more ...

Disable index hashing in development mode

When in Dev server mode, we the webpack dev server isn't capable of
understanding wildcards, and that index.html, and index.<hash>.html are
the same thing.

Disable index hashing in development mode

When in Dev server mode, we the webpack dev server isn't capable of
understanding wildcards, and that index.html, and index.<hash>.html are
the same thing.

Disable the index file hashing when in dev mode.

Tested:
Launched dev server without bmc present. Observed UI could be loaded
correctly.

Change-Id: Ie2d3bfe4af0117681cec8c92f93d7e278b2071f2
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...

CONTRIBUTING.md: Remove link to projects

At https://github.com/openbmc/webui-vue/projects/1 GitHub warns me:
"Projects (classic) will be sunset on August 23, 2024".

I don't see a benefit here GitHu

CONTRIBUTING.md: Remove link to projects

At https://github.com/openbmc/webui-vue/projects/1 GitHub warns me:
"Projects (classic) will be sunset on August 23, 2024".

I don't see a benefit here GitHub issues can already be filtered.

Change-Id: I3debd3ff7e52bcd408ae0917f52a35539a74a9ef
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>

show more ...

Fix CONTRIBUTING.md to pass CI

A new version of prettier is flagging this. Fix the link.

Change-Id: Ibb376bed7472b697c59bcaee75e958a969a72e61
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>

Disabled the privilege dropdown for root user

By allowing root user privilege changes to Operator or Read Only,
after login with root user seeing privilege access issues in some
pages and not possi

Disabled the privilege dropdown for root user

By allowing root user privilege changes to Operator or Read Only,
after login with root user seeing privilege access issues in some
pages and not possible to change administrator again.

Allowed root user to change password alone and disabled
the privilege changes

Change-Id: I2be93060fb30e1f08dc2ea20a30fb998dc83ee0f
Signed-off-by: aravinths1 <aravinths@ami.com>

show more ...

Fixed Scroll top issue between page navigation

After scrolling down a page and navigating from that page to
other pages, the page still shows the bottom of the page and does not
display the top of t

Fixed Scroll top issue between page navigation

After scrolling down a page and navigating from that page to
other pages, the page still shows the bottom of the page and does not
display the top of the page.

Scroll behavior added in the router, So when navigating from one page
to another page the top of the page will always display.

Change-Id: I883e8a9f6ae3f98846996883cac0961b4c24c62b
Signed-off-by: aravinths1 <aravinths@ami.com>

show more ...

Make two webpack plugin modifications

First, remove the preload plugin installed by default. Given that the
login page requires the complete javascript package to be loaded before
the page can be r

Make two webpack plugin modifications

First, remove the preload plugin installed by default. Given that the
login page requires the complete javascript package to be loaded before
the page can be rendered, and doing the rendering inside of bmcweb
before javascript is loaded[1] doesn't seem to be desired by the
community, preloading it does us essentially no good. The DOM itself is
tiny.

This fixes a split second flash that's seen on refresh, where the DOM is
loaded, but the javascript has not, so there's no content to render.

Second, modify the html loader plugin to produce the hash of the file at
output, thus allowing the index file to be cached, and allowing the etag
machinery[2] to work.

[1] https://gerrit.openbmc.org/c/openbmc/bmcweb/+/35456
[2] https://gerrit.openbmc.org/c/openbmc/bmcweb/+/70644

Tested: After this patch, nearly all resources on refresh return 304,
not modified from bmcweb. This significantly reduces the requirements
for TLS encryption on the BMC.

Change-Id: I7189c6024cacba099705ff6d27e4567bf88f3df4
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...

Added toast notification for identify LEDs

- Added success toast notification messages for identify
LEDs present at Inventory and LEDs page and Overview.

- Import of Toast was not present in Over

Added toast notification for identify LEDs

- Added success toast notification messages for identify
LEDs present at Inventory and LEDs page and Overview.

- Import of Toast was not present in Overview's Inventory
card and DIMM slot table, fixed it.

Signed-off-by: Nikhil Ashoka <a.nikhil@ibm.com>
Change-Id: If9ad84e66f6f15616cb8af51b1e84d8d06b1afd0

show more ...

Fixed radio buttons arrangement issue

- The contents in the Power restore policies were not listed
in a new line for large or extra large screens, Fixed
this by using stacked prop.

Signed-off-b

Fixed radio buttons arrangement issue

- The contents in the Power restore policies were not listed
in a new line for large or extra large screens, Fixed
this by using stacked prop.

Signed-off-by: Nikhil Ashoka <a.nikhil@ibm.com>
Change-Id: I30ec1206a929137fc6635d602944cd80d2c2805f

show more ...

Removed Challenge password option from Generate CSR panel

- Unable to generate Certificate Signing Request (CSR) when filling
optional field-Challenge password values on Certificate page.
- Hence,

Removed Challenge password option from Generate CSR panel

- Unable to generate Certificate Signing Request (CSR) when filling
optional field-Challenge password values on Certificate page.
- Hence, removed the Challenge password option from the Generate
CSR panel.

Change-Id: I862f024de84f34738be5e5cd22701b63c2309152
Signed-off-by: Vedangi Mittal <vedangimittal3004@gmail.com>

show more ...