login_routes.hpp (d9e89dfd49538c54d280dce3750f4af264cfd5fc) | login_routes.hpp (29aab242f2d35891bd808e057e33b328989836d3) |
---|---|
1#pragma once 2 3#include "app.hpp" | 1#pragma once 2 3#include "app.hpp" |
4#include "cookies.hpp" |
|
4#include "http_request.hpp" 5#include "http_response.hpp" 6#include "multipart_parser.hpp" 7#include "pam_authenticate.hpp" 8#include "webassets.hpp" 9 10#include <boost/container/flat_set.hpp> 11 --- 149 unchanged lines hidden (view full) --- 161 else 162 { 163 auto session = persistent_data::SessionStore::getInstance() 164 .generateUserSession( 165 username, req.ipAddress, std::nullopt, 166 persistent_data::PersistenceType::TIMEOUT, 167 isConfigureSelfOnly); 168 | 5#include "http_request.hpp" 6#include "http_response.hpp" 7#include "multipart_parser.hpp" 8#include "pam_authenticate.hpp" 9#include "webassets.hpp" 10 11#include <boost/container/flat_set.hpp> 12 --- 149 unchanged lines hidden (view full) --- 162 else 163 { 164 auto session = persistent_data::SessionStore::getInstance() 165 .generateUserSession( 166 username, req.ipAddress, std::nullopt, 167 persistent_data::PersistenceType::TIMEOUT, 168 isConfigureSelfOnly); 169 |
169 asyncResp->res.addHeader(boost::beast::http::field::set_cookie, 170 "XSRF-TOKEN=" + session->csrfToken + 171 "; SameSite=Strict; Secure"); 172 asyncResp->res.addHeader(boost::beast::http::field::set_cookie, 173 "SESSION=" + session->sessionToken + 174 "; SameSite=Strict; Secure; HttpOnly"); | 170 bmcweb::setSessionCookies(asyncResp->res, *session); |
175 176 // if content type is json, assume json token 177 asyncResp->res.jsonValue["token"] = session->sessionToken; 178 } 179 } 180 else 181 { 182 BMCWEB_LOG_DEBUG("Couldn't interpret password"); --- 7 unchanged lines hidden (view full) --- 190 const auto& session = req.session; 191 if (session != nullptr) 192 { 193 asyncResp->res.jsonValue["data"] = "User '" + session->username + 194 "' logged out"; 195 asyncResp->res.jsonValue["message"] = "200 OK"; 196 asyncResp->res.jsonValue["status"] = "ok"; 197 | 171 172 // if content type is json, assume json token 173 asyncResp->res.jsonValue["token"] = session->sessionToken; 174 } 175 } 176 else 177 { 178 BMCWEB_LOG_DEBUG("Couldn't interpret password"); --- 7 unchanged lines hidden (view full) --- 186 const auto& session = req.session; 187 if (session != nullptr) 188 { 189 asyncResp->res.jsonValue["data"] = "User '" + session->username + 190 "' logged out"; 191 asyncResp->res.jsonValue["message"] = "200 OK"; 192 asyncResp->res.jsonValue["status"] = "ok"; 193 |
198 asyncResp->res.addHeader("Set-Cookie", 199 "SESSION=" 200 "; SameSite=Strict; Secure; HttpOnly; " 201 "expires=Thu, 01 Jan 1970 00:00:00 GMT"); 202 asyncResp->res.addHeader("Clear-Site-Data", 203 R"("cache","cookies","storage")"); | 194 bmcweb::clearSessionCookies(asyncResp->res); |
204 persistent_data::SessionStore::getInstance().removeSession(session); 205 } 206} 207 208inline void requestRoutes(App& app) 209{ 210 BMCWEB_ROUTE(app, "/login") 211 .methods(boost::beast::http::verb::post)(handleLogin); 212 213 BMCWEB_ROUTE(app, "/logout") 214 .methods(boost::beast::http::verb::post)(handleLogout); 215} 216} // namespace login_routes 217} // namespace crow | 195 persistent_data::SessionStore::getInstance().removeSession(session); 196 } 197} 198 199inline void requestRoutes(App& app) 200{ 201 BMCWEB_ROUTE(app, "/login") 202 .methods(boost::beast::http::verb::post)(handleLogin); 203 204 BMCWEB_ROUTE(app, "/logout") 205 .methods(boost::beast::http::verb::post)(handleLogout); 206} 207} // namespace login_routes 208} // namespace crow |