1import api, { isPasswordExpired } from '@/store/api'; 2import Cookies from 'js-cookie'; 3import router from '@/router'; 4import { roles } from '@/router/routes'; 5 6const AuthenticationStore = { 7 namespaced: true, 8 state: { 9 consoleWindow: null, 10 authError: false, 11 xsrfCookie: Cookies.get('XSRF-TOKEN'), 12 isAuthenticatedCookie: Cookies.get('IsAuthenticated'), 13 sessionURI: localStorage.getItem('sessionURI'), 14 xAuthToken: null, 15 }, 16 getters: { 17 consoleWindow: (state) => state.consoleWindow, 18 authError: (state) => state.authError, 19 isLoggedIn: (state) => { 20 // We might have gotten XSRF-TOKEN (and HttpOnly SESSION cookie) by Mutual TLS authentication, 21 // without going through explicit Session creation 22 return ( 23 state.xsrfCookie !== undefined || 24 state.isAuthenticatedCookie == 'true' || 25 state.xAuthToken !== null 26 ); 27 }, 28 // Used to authenticate WebSocket connections via subprotocol value 29 token: (state) => state.xsrfCookie, 30 }, 31 mutations: { 32 authSuccess(state, { session, token }) { 33 state.authError = false; 34 state.xsrfCookie = Cookies.get('XSRF-TOKEN'); 35 // Preserve session data across page reloads and browser restarts 36 localStorage.setItem('sessionURI', session); 37 state.sessionURI = session; 38 // If we didn't get the XSRF cookie it means we are talking to a 39 // Redfish implementation that is not bmcweb. In this case get the token 40 // from headers and send it with the future requests, do not permanently 41 // save anywhere. 42 if (state.xsrfCookie === undefined) { 43 api.set_auth_token(token); 44 state.xAuthToken = token; 45 } 46 }, 47 authError(state, authError = true) { 48 state.authError = authError; 49 }, 50 logout(state) { 51 Cookies.remove('XSRF-TOKEN'); 52 Cookies.remove('IsAuthenticated'); 53 api.set_auth_token(undefined); 54 localStorage.removeItem('storedUsername'); 55 state.xsrfCookie = undefined; 56 state.isAuthenticatedCookie = undefined; 57 localStorage.removeItem('sessionURI'); 58 state.sessionURI = null; 59 state.xAuthToken = null; 60 state.consoleWindow = false; 61 }, 62 }, 63 actions: { 64 login({ commit }, { username, password }) { 65 commit('authError', false); 66 return api 67 .post('/redfish/v1/SessionService/Sessions', { 68 UserName: username, 69 Password: password, 70 }) 71 .then((response) => { 72 commit('authSuccess', { 73 session: response.headers['location'], 74 token: response.headers['x-auth-token'], 75 }); 76 return isPasswordExpired(response); 77 }) 78 .catch((error) => { 79 commit('authError'); 80 throw new Error(error); 81 }); 82 }, 83 logout({ commit, state }) { 84 api 85 .delete(state.sessionURI) 86 .then(() => commit('logout')) 87 .then(() => router.push('/login')) 88 .catch((error) => console.log(error)); 89 }, 90 getUserInfo({ commit }, username) { 91 return api 92 .get(`/redfish/v1/AccountService/Accounts/${username}`) 93 .then(({ data }) => { 94 commit('global/setPrivilege', data.RoleId, { root: true }); 95 return data; 96 }) 97 .catch((error) => { 98 if (error.response?.status === 404) { 99 // We have valid credentials but user isn't known, assume remote 100 // authentication (e.g. LDAP) and do not restrict the routing 101 commit('global/setPrivilege', roles.administrator, { root: true }); 102 return {}; 103 } else { 104 console.log(error); 105 } 106 }); 107 }, 108 resetStoreState({ state }) { 109 state.authError = false; 110 state.xsrfCookie = Cookies.get('XSRF-TOKEN'); 111 state.isAuthenticatedCookie = Cookies.get('IsAuthenticated'); 112 }, 113 }, 114}; 115 116export default AuthenticationStore; 117