| authentication.hpp (576db69522b81fd7702c90040e92b24368b1d3a7) | authentication.hpp (38221509e6cc06a6897e8b9b2aa049a70c033840) |
|---|---|
| 1#pragma once 2 3#include "forward_unauthorized.hpp" 4#include "http_request.hpp" 5#include "http_response.hpp" 6#include "http_utility.hpp" 7#include "pam_authenticate.hpp" 8#include "webroutes.hpp" --- 202 unchanged lines hidden (view full) --- 211 return sp; 212 } 213 return nullptr; 214} 215 216// checks if request can be forwarded without authentication 217inline bool isOnAllowlist(std::string_view url, boost::beast::http::verb method) 218{ | 1#pragma once 2 3#include "forward_unauthorized.hpp" 4#include "http_request.hpp" 5#include "http_response.hpp" 6#include "http_utility.hpp" 7#include "pam_authenticate.hpp" 8#include "webroutes.hpp" --- 202 unchanged lines hidden (view full) --- 211 return sp; 212 } 213 return nullptr; 214} 215 216// checks if request can be forwarded without authentication 217inline bool isOnAllowlist(std::string_view url, boost::beast::http::verb method) 218{ |
| 219 // Handle the case where the router registers routes as both ending with / 220 // and not. 221 if (url.ends_with('/')) 222 { 223 url.remove_suffix(1); 224 } |
|
| 219 if (boost::beast::http::verb::get == method) 220 { | 225 if (boost::beast::http::verb::get == method) 226 { |
| 221 if (url == "/redfish/v1" || url == "/redfish/v1/" || 222 url == "/redfish" || url == "/redfish/" || 223 url == "/redfish/v1/odata" || url == "/redfish/v1/odata/") | 227 if ((url == "/redfish") || // 228 (url == "/redfish/v1") || // 229 (url == "/redfish/v1/odata") || // 230 (url == "/redfish/v1/$metadata")) |
| 224 { 225 return true; 226 } 227 if (crow::webroutes::routes.find(std::string(url)) != 228 crow::webroutes::routes.end()) 229 { 230 return true; 231 } 232 } 233 234 // it's allowed to POST on session collection & login without 235 // authentication 236 if (boost::beast::http::verb::post == method) 237 { 238 if ((url == "/redfish/v1/SessionService/Sessions") || | 231 { 232 return true; 233 } 234 if (crow::webroutes::routes.find(std::string(url)) != 235 crow::webroutes::routes.end()) 236 { 237 return true; 238 } 239 } 240 241 // it's allowed to POST on session collection & login without 242 // authentication 243 if (boost::beast::http::verb::post == method) 244 { 245 if ((url == "/redfish/v1/SessionService/Sessions") || |
| 239 (url == "/redfish/v1/SessionService/Sessions/") || | |
| 240 (url == "/redfish/v1/SessionService/Sessions/Members") || | 246 (url == "/redfish/v1/SessionService/Sessions/Members") || |
| 241 (url == "/redfish/v1/SessionService/Sessions/Members/") || | |
| 242 (url == "/login")) 243 { 244 return true; 245 } 246 } 247 248 return false; 249} --- 60 unchanged lines hidden --- | 247 (url == "/login")) 248 { 249 return true; 250 } 251 } 252 253 return false; 254} --- 60 unchanged lines hidden --- |