login_routes.hpp (d9e89dfd49538c54d280dce3750f4af264cfd5fc) login_routes.hpp (29aab242f2d35891bd808e057e33b328989836d3)
1#pragma once
2
3#include "app.hpp"
1#pragma once
2
3#include "app.hpp"
4#include "cookies.hpp"
4#include "http_request.hpp"
5#include "http_response.hpp"
6#include "multipart_parser.hpp"
7#include "pam_authenticate.hpp"
8#include "webassets.hpp"
9
10#include <boost/container/flat_set.hpp>
11

--- 149 unchanged lines hidden (view full) ---

161 else
162 {
163 auto session = persistent_data::SessionStore::getInstance()
164 .generateUserSession(
165 username, req.ipAddress, std::nullopt,
166 persistent_data::PersistenceType::TIMEOUT,
167 isConfigureSelfOnly);
168
5#include "http_request.hpp"
6#include "http_response.hpp"
7#include "multipart_parser.hpp"
8#include "pam_authenticate.hpp"
9#include "webassets.hpp"
10
11#include <boost/container/flat_set.hpp>
12

--- 149 unchanged lines hidden (view full) ---

162 else
163 {
164 auto session = persistent_data::SessionStore::getInstance()
165 .generateUserSession(
166 username, req.ipAddress, std::nullopt,
167 persistent_data::PersistenceType::TIMEOUT,
168 isConfigureSelfOnly);
169
169 asyncResp->res.addHeader(boost::beast::http::field::set_cookie,
170 "XSRF-TOKEN=" + session->csrfToken +
171 "; SameSite=Strict; Secure");
172 asyncResp->res.addHeader(boost::beast::http::field::set_cookie,
173 "SESSION=" + session->sessionToken +
174 "; SameSite=Strict; Secure; HttpOnly");
170 bmcweb::setSessionCookies(asyncResp->res, *session);
175
176 // if content type is json, assume json token
177 asyncResp->res.jsonValue["token"] = session->sessionToken;
178 }
179 }
180 else
181 {
182 BMCWEB_LOG_DEBUG("Couldn't interpret password");

--- 7 unchanged lines hidden (view full) ---

190 const auto& session = req.session;
191 if (session != nullptr)
192 {
193 asyncResp->res.jsonValue["data"] = "User '" + session->username +
194 "' logged out";
195 asyncResp->res.jsonValue["message"] = "200 OK";
196 asyncResp->res.jsonValue["status"] = "ok";
197
171
172 // if content type is json, assume json token
173 asyncResp->res.jsonValue["token"] = session->sessionToken;
174 }
175 }
176 else
177 {
178 BMCWEB_LOG_DEBUG("Couldn't interpret password");

--- 7 unchanged lines hidden (view full) ---

186 const auto& session = req.session;
187 if (session != nullptr)
188 {
189 asyncResp->res.jsonValue["data"] = "User '" + session->username +
190 "' logged out";
191 asyncResp->res.jsonValue["message"] = "200 OK";
192 asyncResp->res.jsonValue["status"] = "ok";
193
198 asyncResp->res.addHeader("Set-Cookie",
199 "SESSION="
200 "; SameSite=Strict; Secure; HttpOnly; "
201 "expires=Thu, 01 Jan 1970 00:00:00 GMT");
202 asyncResp->res.addHeader("Clear-Site-Data",
203 R"("cache","cookies","storage")");
194 bmcweb::clearSessionCookies(asyncResp->res);
204 persistent_data::SessionStore::getInstance().removeSession(session);
205 }
206}
207
208inline void requestRoutes(App& app)
209{
210 BMCWEB_ROUTE(app, "/login")
211 .methods(boost::beast::http::verb::post)(handleLogin);
212
213 BMCWEB_ROUTE(app, "/logout")
214 .methods(boost::beast::http::verb::post)(handleLogout);
215}
216} // namespace login_routes
217} // namespace crow
195 persistent_data::SessionStore::getInstance().removeSession(session);
196 }
197}
198
199inline void requestRoutes(App& app)
200{
201 BMCWEB_ROUTE(app, "/login")
202 .methods(boost::beast::http::verb::post)(handleLogin);
203
204 BMCWEB_ROUTE(app, "/logout")
205 .methods(boost::beast::http::verb::post)(handleLogout);
206}
207} // namespace login_routes
208} // namespace crow