| authentication.hpp (994fd86a3f6649a820f66313765e85e762ad105a) | authentication.hpp (c3b3ad033400cc455cdce6601a982fa94405e84a) |
|---|---|
| 1#pragma once 2 3#include "common.hpp" 4#include "forward_unauthorized.hpp" 5#include "http_request.hpp" 6#include "http_response.hpp" 7#include "http_utility.hpp" 8#include "pam_authenticate.hpp" --- 142 unchanged lines hidden (view full) --- 151 152 std::shared_ptr<persistent_data::UserSession> sessionOut = 153 persistent_data::SessionStore::getInstance().loginSessionByToken( 154 authKey); 155 if (sessionOut == nullptr) 156 { 157 return nullptr; 158 } | 1#pragma once 2 3#include "common.hpp" 4#include "forward_unauthorized.hpp" 5#include "http_request.hpp" 6#include "http_response.hpp" 7#include "http_utility.hpp" 8#include "pam_authenticate.hpp" --- 142 unchanged lines hidden (view full) --- 151 152 std::shared_ptr<persistent_data::UserSession> sessionOut = 153 persistent_data::SessionStore::getInstance().loginSessionByToken( 154 authKey); 155 if (sessionOut == nullptr) 156 { 157 return nullptr; 158 } |
| 159 sessionOut->cookieAuth = true; |
|
| 159#ifndef BMCWEB_INSECURE_DISABLE_CSRF_PREVENTION 160 // RFC7231 defines methods that need csrf protection 161 if (method != boost::beast::http::verb::get) 162 { 163 std::string_view csrf = reqHeader["X-XSRF-TOKEN"]; 164 // Make sure both tokens are filled 165 if (csrf.empty() || sessionOut->csrfToken.empty()) 166 { --- 143 unchanged lines hidden --- | 160#ifndef BMCWEB_INSECURE_DISABLE_CSRF_PREVENTION 161 // RFC7231 defines methods that need csrf protection 162 if (method != boost::beast::http::verb::get) 163 { 164 std::string_view csrf = reqHeader["X-XSRF-TOKEN"]; 165 // Make sure both tokens are filled 166 if (csrf.empty() || sessionOut->csrfToken.empty()) 167 { --- 143 unchanged lines hidden --- |