History log of /openbmc/bmcweb/include/login_routes.hpp (Results 1 – 25 of 36)
Revision Date Author Comments
# 40e9b92e 10-Sep-2024 Ed Tanous <etanous@nvidia.com>

Use SPDX identifiers

SPDX identifiers are simpler, and reduce the amount of cruft we have in
code files. They are recommended by linux foundation, and therefore we
should do as they allow.

This pa

Use SPDX identifiers

SPDX identifiers are simpler, and reduce the amount of cruft we have in
code files. They are recommended by linux foundation, and therefore we
should do as they allow.

This patchset does not intend to modify any intent on any existing
copyrights or licenses, only to standardize their inclusion.

[1] https://www.linuxfoundation.org/blog/blog/copyright-notices-in-open-source-software-projects

Change-Id: I935c7c0156caa78fc368c929cebd0f068031e830
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...


# 2ccce1f3 10-Aug-2024 Ravi Teja <raviteja28031990@gmail.com>

Redfish Session: Implement MFA "Token" property

This commit implements multi-factor authentication "Token" property to
create redfish sessions when multi-factor token authentication enabled.

Tested

Redfish Session: Implement MFA "Token" property

This commit implements multi-factor authentication "Token" property to
create redfish sessions when multi-factor token authentication enabled.

Tested by:

Verified redfish session and login redfish commands with or without
TOTP token for MFA enabled/disabled users.

User authentication with MFA token:
POST https://${bmc}/redfish/v1/SessionService/Sessions -d '{"UserName"
:"root", "Password": "0penBmc","Token":"510760"}'

User authentication without MFA token:
POST https://${bmc}/login -d '{"username" : "newuser", "password"
:"0penBmc"}'

POST https://${bmc}/redfish/v1/SessionService/Sessions -d '{"UserName"
:"newuser", "Password": "0penBmc"}'

In case of invalid MFA token or password then authentication fails and
returns "ResourceAtUriUnauthorized" error message.

Change-Id: I639163dd3d49ff8ed886f72c99ad264317d59c34
Signed-off-by: Ravi Teja <raviteja28031990@gmail.com>

show more ...


# bd79bce8 16-Aug-2024 Patrick Williams <patrick@stwcx.xyz>

clang-format: re-format for clang-18

clang-format-18 isn't compatible with the clang-format-17 output, so we
need to reformat the code with the latest version. The way clang-18
handles lambda forma

clang-format: re-format for clang-18

clang-format-18 isn't compatible with the clang-format-17 output, so we
need to reformat the code with the latest version. The way clang-18
handles lambda formatting also changed, so we have made changes to the
organization default style format to better handle lambda formatting.

See I5e08687e696dd240402a2780158664b7113def0e for updated style.
See Iea0776aaa7edd483fa395e23de25ebf5a6288f71 for clang-18 enablement.

Change-Id: Iceec1dc95b6c908ec6c21fb40093de9dd18bf11a
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>

show more ...


# 89cda63d 16-Apr-2024 Ed Tanous <ed@tanous.net>

Store Request Fields that are needed later

Because of recent changes to how dbus authentication is done, Requests
might be moved out before they can be used. This commit is an attempt
to mitigate t

Store Request Fields that are needed later

Because of recent changes to how dbus authentication is done, Requests
might be moved out before they can be used. This commit is an attempt
to mitigate the problem without needing to revert that patch.

This commit does two relatively distinct things.

First, it moves basic auth types to a model where they're timed out
instead of removed on destruction. This removes the need for a Request
object to track that state, and arguably gives better behavior, as
basic auth sessions will survive through the timeout.
To prevent lots of basic auth sessions getting created, a basic auth
session is reused if it was:
1. Created by basic auth previously.
2. Created by the same user.
3. Created from the same source IP address.

Second, both connection classes now store the accept, and origin headers
from the request in the connection class itself, removing the need for
them.

Tested: HTML page now loads when pointing at a redfish URL with a
browser.

Change-Id: I623b43cbcbb43d9e65b408853660be09a5edb2b3
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...


# 29aab242 12-Jun-2024 Paul Fertser <fercerpav@gmail.com>

Send cookies to webui-vue from Sessions POST

Using Redfish-standard X-Auth-Token authentication is less secure
(against injected JS code) compared to an HttpOnly (not available to the
JS VM) SESSION

Send cookies to webui-vue from Sessions POST

Using Redfish-standard X-Auth-Token authentication is less secure
(against injected JS code) compared to an HttpOnly (not available to the
JS VM) SESSION cookie. Currently webui-vue authenticates connections to
WebSocket URIs not only by a JS-accessible token (passed as subprotocol
when upgrading to WS) but also via a SESSION cookie (even though it is
not subject to CORS policy).

To allow WebSocket-based functionality (IP KVM, SOL, VM) after creating
a Session object send a set of cookies instead of the X-Auth-Token
header if the request was made by webui-vue (detected by presence of
"X-Requested-With" header).

Factor out cookie setting and clearing functions and use explicit Path=/
attribute as the cookies are valid for the whole server, not just the
path of the endpoint they were created by.

Not specifying Path was functional for /login endpoint because
https://www.rfc-editor.org/rfc/rfc6265#section-5.3 point 7 for this case
says "set the cookie's path to the default-path of the request-uri" and
https://www.rfc-editor.org/rfc/rfc6265#section-5.1.4 tells how to
compute the default path. Basically, it was a "happy coincidence" that
/login defaults to / for the Path, if it was /openbmc/login then the
cookies would have been set to Path=/openbmc and not work at all for
/redfish/v1 endpoints.

Tested: Redfish-Service-Validator doesn't see a difference. Runtime
testing logging in via Sessions endpoint, getting data, using websockets
and logging out against webui-vue with a corresponding change while
carefully observing Request and Response headers. Creating a session
with curl without the special header shows just X-Auth-Token and no
cookies in the response.

Change-Id: I0b1774e586671874bb79f115e9cddf194f9ea653
Signed-off-by: Paul Fertser <fercerpav@gmail.com>

show more ...


# d9e89dfd 27-Mar-2024 Ed Tanous <ed@tanous.net>

Simplify router

Now that we only support string types in the router we no longer need to
build a "Tag" to be used for constructing argument types. Now, we can
just track the number of arguments, wh

Simplify router

Now that we only support string types in the router we no longer need to
build a "Tag" to be used for constructing argument types. Now, we can
just track the number of arguments, which simplifies the code
significantly, and removes the need to convert to and from the tag to
parameter counts.

This in turn deletes a lot of code in the router, removing the need for
tracking tag types.

Tested: Redfish service validator passes. Unit tests pass.

Change-Id: Ide1d665dc1984552681e8c05952b38073d5e32dd
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...


# e10f0176 21-Mar-2024 Ed Tanous <ed@tanous.net>

Revert "Refactor after login"

This reverts commit cd40b060ee2df5469077a70d15590f86158f2c60.

Cookie based login is no longer functional with this patch. It looks
like we got a merge conflict that I

Revert "Refactor after login"

This reverts commit cd40b060ee2df5469077a70d15590f86158f2c60.

Cookie based login is no longer functional with this patch. It looks
like we got a merge conflict that I resolved incorrectly.

Tested: Webui can now log in.
Change-Id: I60b8aeae173b1838d8745a2c499fbcb410813ef3

show more ...


# cd40b060 20-Jul-2023 Ed Tanous <edtanous@google.com>

Refactor after login

Break out this method into a smaller section.

Tested: Redfish service validator passes

Change-Id: I0ca4e9ea14c505a1ed00dae4cba1285e4ac1f36d
Signed-off-by: Ed Tanous <edtanous@

Refactor after login

Break out this method into a smaller section.

Tested: Redfish service validator passes

Change-Id: I0ca4e9ea14c505a1ed00dae4cba1285e4ac1f36d
Signed-off-by: Ed Tanous <edtanous@google.com>

show more ...


# 0a4776cf 07-Aug-2023 Ed Tanous <edtanous@google.com>

Remove phosphor-rest workarounds

Phosphor-rest is no longer supported by the project, and phosphor-webui,
which required some of these workarounds has been archived a year ago.
There's no reason to

Remove phosphor-rest workarounds

Phosphor-rest is no longer supported by the project, and phosphor-webui,
which required some of these workarounds has been archived a year ago.
There's no reason to keep this login type, given that it was
undocumented.

NOTE: Upon inspection, it looks like webui-vue used the same hack.
[1] https://github.com/openbmc/webui-vue/blob/43e3bd26133b06ed117a3a3f10b2bc09e2c2aafc/src/store/modules/Authentication/AuthenticanStore.js#L41

Tested:
Combined with https://gerrit.openbmc.org/c/openbmc/webui-vue/+/65811
Webui Login succceeds.

Change-Id: Ie42380029e799e44b3a7404d4ec6d285b371402b
Signed-off-by: Ed Tanous <edtanous@google.com>

show more ...


# 46228e0e 20-Jul-2023 Ed Tanous <edtanous@google.com>

Refactor login/logout

Similar to what we've done elsewhere, move login and logout into their
own methods. This reduces the amount of scopes that need to be read at
any given time.

Tested: At last

Refactor login/logout

Similar to what we've done elsewhere, move login and logout into their
own methods. This reduces the amount of scopes that need to be read at
any given time.

Tested: At last commit in series.

Change-Id: Ia2aa8b3fcbed18d7a481876fe4ffd55f31120064
Signed-off-by: Ed Tanous <edtanous@google.com>

show more ...


# 62598e31 17-Jul-2023 Ed Tanous <ed@tanous.net>

Replace logging with std::format

std::format is a much more modern logging solution, and gives us a lot
more flexibility, and better compile times when doing logging.

Unfortunately, given its level

Replace logging with std::format

std::format is a much more modern logging solution, and gives us a lot
more flexibility, and better compile times when doing logging.

Unfortunately, given its level of compile time checks, it needs to be a
method, instead of the stream style logging we had before. This
requires a pretty substantial change. Fortunately, this change can be
largely automated, via the script included in this commit under
scripts/replace_logs.py. This is to aid people in moving their
patchsets over to the new form in the short period where old patches
will be based on the old logging. The intention is that this script
eventually goes away.

The old style logging (stream based) looked like.

BMCWEB_LOG_DEBUG << "Foo " << foo;

The new equivalent of the above would be:
BMCWEB_LOG_DEBUG("Foo {}", foo);

In the course of doing this, this also cleans up several ignored linter
errors, including macro usage, and array to pointer deconstruction.

Note, This patchset does remove the timestamp from the log message. In
practice, this was duplicated between journald and bmcweb, and there's
no need for both to exist.

One design decision of note is the addition of logPtr. Because the
compiler can't disambiguate between const char* and const MyThing*, it's
necessary to add an explicit cast to void*. This is identical to how
fmt handled it.

Tested: compiled with logging meson_option enabled, and launched bmcweb

Saw the usual logging, similar to what was present before:
```
[Error include/webassets.hpp:60] Unable to find or open /usr/share/www/ static file hosting disabled
[Debug include/persistent_data.hpp:133] Restored Session Timeout: 1800
[Debug redfish-core/include/event_service_manager.hpp:671] Old eventService config not exist
[Info src/webserver_main.cpp:59] Starting webserver on port 18080
[Error redfish-core/include/event_service_manager.hpp:1301] inotify_add_watch failed for redfish log file.
[Info src/webserver_main.cpp:137] Start Hostname Monitor Service...
```
Signed-off-by: Ed Tanous <ed@tanous.net>

Change-Id: I86a46aa2454be7fe80df608cb7e5573ca4029ec8

show more ...


# d8139c68 14-Jun-2023 Ed Tanous <edtanous@google.com>

Update to owasp headers

Change the Cache-Control header to what owasp recommends.
Remove the X-XSS-Protection. This has been removed from Chrome, and is
unimplemented in other browsers[1].

Add:
X-

Update to owasp headers

Change the Cache-Control header to what owasp recommends.
Remove the X-XSS-Protection. This has been removed from Chrome, and is
unimplemented in other browsers[1].

Add:
X-Permitted-Cross-Domain-Policies
Clear-Site-Data
Cross-Origin-Embedder-Policy
Cross-Origin-Opener-Policy
Cross-Origin-Resource-Policy

And set them to the OWASP recommended values.

Tested: The OWASP Venom test suite now passes more tests.

[1] https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection

Change-Id: I2860041c1037f47bb85a6444cec66960d0aa55f9
Signed-off-by: Ed Tanous <edtanous@google.com>

show more ...


# 994fd86a 06-Jun-2023 Ed Tanous <edtanous@google.com>

Fix hack on Set-Cookie

This is one that I couldn't figure out for a while. Turns out that
fields has both a set() and an insert() method. Whereas set() replaces,
insert() appends, which is what we

Fix hack on Set-Cookie

This is one that I couldn't figure out for a while. Turns out that
fields has both a set() and an insert() method. Whereas set() replaces,
insert() appends, which is what we want in this case.

This allows us to call the actual methods several times, instead of
essentially string injecting our own code, which should make it clearer.

At the same time, there was one unit test that was structured such that
it was using addHeader to clear a header, so this commit adds an
explicit "clearHeader()" method, so we can be explicit.

Tested:
Logging into the webui in chrome (which uses POST /login) shows:
401 with no cookie header if the incorrect password is used
200 with 2 Set-Cookie headers set:
Set-Cookie:
SESSION=<session tag>; SameSite=Strict; Secure; HttpOnly
Set-Cookie:
XSRF-TOKEN=<token tag>; SameSite=Strict; Secure

Change-Id: I9b87a48ea6ba892fc08e66940563dea86edb9a65
Signed-off-by: Ed Tanous <edtanous@google.com>

show more ...


# 89492a15 10-May-2023 Patrick Williams <patrick@stwcx.xyz>

clang-format: copy latest and re-format

clang-format-16 has some backwards incompatible changes that require
additional settings for best compatibility and re-running the formatter.
Copy the latest

clang-format: copy latest and re-format

clang-format-16 has some backwards incompatible changes that require
additional settings for best compatibility and re-running the formatter.
Copy the latest .clang-format from the docs repository and reformat the
repository.

Change-Id: I75f89d2959b0f1338c20d72ad669fbdc1d720835
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>

show more ...


# 33c6b580 14-Feb-2023 Ed Tanous <edtanous@google.com>

Remove body member from Request

Per cpp core guidelines, these should be methods.

Tested: on last patchset of the series.

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ib16479db9d2b68d

Remove body member from Request

Per cpp core guidelines, these should be methods.

Tested: on last patchset of the series.

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ib16479db9d2b68da68e7ad6e825c7e205c64f1de

show more ...


# 3ccb3adb 13-Jan-2023 Ed Tanous <edtanous@google.com>

Fix a boatload of #includes

Most of these missing includes were found by running clang-tidy on all
files, including headers. The existing scripts just run clang-tidy on
source files, which doesn't

Fix a boatload of #includes

Most of these missing includes were found by running clang-tidy on all
files, including headers. The existing scripts just run clang-tidy on
source files, which doesn't catch most of these.

Tested: Code compiles

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ic741fbb2cc9e5e92955fd5a1b778a482830e80e8

show more ...


# bb759e3a 02-Aug-2022 Ed Tanous <edtanous@google.com>

Move ClientID parameter out of OEM

In 2022.2, Redfish added support for the Context parameter on the
Session Resource. This parameter has the same function that the
OemSession.ClientId field served

Move ClientID parameter out of OEM

In 2022.2, Redfish added support for the Context parameter on the
Session Resource. This parameter has the same function that the
OemSession.ClientId field served. This commit moves all the existing
ClientId code to produce Context as well.

Functionally, this has one important difference, in that Context in
Redfish is optionally provided by the user, which means we need to omit
it if not given by the user. The old implementation left it set to
empty string ("").

Because of this, a few minor interfaces need to change to use
std::optional. Existing uses of clientId are moved to using
value_or("") to keep the same behavior as before.

Tested:
curl --insecure -X POST -d "{\"UserName\": \"root\", \"Password\":
\"0penBmc\"}" https://192.168.7.2/redfish/v1/SessionService/Sessions

Returns a Session object with no Context key present

curl --insecure -X POST -d "{\"UserName\": \"root\", \"Password\":
\"0penBmc\", \"Context\": \"Foobar\"}"
https://192.168.7.2/redfish/v1/SessionService/Sessions

Returns a Session object with:
"Context": "Foobar"

Subsequent Gets of /redfish/v1/SessionService/Sessions/<sid>
return the same session objects, both with and without Context.

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I4df358623f93f3e6cb659e99970ad909cefebc62

show more ...


# 60719639 29-Aug-2022 Krzysztof Grobelny <krzysztof.grobelny@intel.com>

Fixes invalid memory access

std::string_view causes invalid memory access in multipart branch when
assigned local variable goes out of scope and string_view is passed to
ramAuthenticateUser. Moved M

Fixes invalid memory access

std::string_view causes invalid memory access in multipart branch when
assigned local variable goes out of scope and string_view is passed to
ramAuthenticateUser. Moved MultipartParser to higher scope, to ensure
it is not deleted before std::string_view.

Tested:
- Executed post on /login, got response:
{
"data": "User 'root' logged in",
"message": "200 OK",
"status": "ok"
}

Change-Id: I0b02dddcb1a887d442525ffedb7a08a00087f2f2
Signed-off-by: Krzysztof Grobelny <krzysztof.grobelny@intel.com>

show more ...


# 11ba3979 11-Jul-2022 Ed Tanous <edtanous@google.com>

Remove usages of boost::starts/ends_with

Per the coding standard, now that C++ supports std::string::starts_with
and std::string::ends_with, we should be using them over the boost
alternatives. Thi

Remove usages of boost::starts/ends_with

Per the coding standard, now that C++ supports std::string::starts_with
and std::string::ends_with, we should be using them over the boost
alternatives. This commit goes through and updates all usages.

Arguably some of these are incorrect, and instances of common error 13,
but because this is mostly a mechanical it intentionally doesn't try to
handle it.

Tested: Unit tests pass.

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ic4c6e5d0da90f7442693199dc691a47d2240fa4f

show more ...


# 7b7f0410 06-Jun-2022 Gunnar Mills <gmills@us.ibm.com>

On logout set Session cookie with expired date

The Session cookie is an HttpOnly cookie.
HttpOnly means the cookie cannot be accessed through client side script
because of this the GUI can not delet

On logout set Session cookie with expired date

The Session cookie is an HttpOnly cookie.
HttpOnly means the cookie cannot be accessed through client side script
because of this the GUI can not delete this cookie on log out.
Recommendation online was setting this cookie to an expired date.

From https://tools.ietf.org/search/rfc6265
"Finally, to remove a cookie, the server returns a Set-Cookie header
with an expiration date in the past. The server will be successful in
removing the cookie only if the Path and the Domain attribute in the
Set-Cookie header match the values used when the cookie was created."

For more information see
https://stackoverflow.com/questions/5285940/correct-way-to-delete-cookies-server-side

Modern browsers delete expired cookies although based on reading it
might not be right away but on the next request from that domain or
when the browser is cleaning up cookies.

When I tested the cookie is deleted right away.

Also set the SESSION to an empty string.

Discussed in discord here:
https://discord.com/channels/775381525260664832/855566794994221117/982351098998321163

Webui-vue and phosphor-webui both use this /logout route:
https://github.com/openbmc/webui-vue/blob/a5fefd0ad25753e5f7da03d77dfe7fe10255ebb6/src/store/modules/Authentication/AuthenticanStore.js#L50
https://github.com/openbmc/phosphor-webui/blob/339db9a4c8610c5ecb92993c0bbc2219933bc858/app/common/services/userModel.js#L46
It seemed unnecessary to add it to the SessionCollection Post.

Tested: No longer have the cookie after log out on webui-vue.
Tested on Firefox and Chrome.

Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
Change-Id: Ic12b6f628293a80c93ffbbe1bf06c9b2d6a53af7

show more ...


# 002d39b4 31-May-2022 Ed Tanous <edtanous@google.com>

Try to fix the lambda formatting issue

clang-tidy has a setting, LambdaBodyIndentation, which it says:
"For callback-heavy code, it may improve readability to have the
signature indented two levels

Try to fix the lambda formatting issue

clang-tidy has a setting, LambdaBodyIndentation, which it says:
"For callback-heavy code, it may improve readability to have the
signature indented two levels and to use OuterScope."

bmcweb is very callback heavy code. Try to enable it and see if that
improves things. There are many cases where the length of a lambda call
will change, and reindent the entire lambda function. This is really
bad for code reviews, as it's difficult to see the lines changed. This
commit should resolve it. This does have the downside of reindenting a
lot of functions, which is unfortunate, but probably worth it in the
long run.

All changes except for the .clang-format file were made by the robot.

Tested: Code compiles, whitespace changes only.

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ib4aa2f1391fada981febd25b67dcdb9143827f43

show more ...


# 1476687d 15-Mar-2022 Ed Tanous <edtanous@google.com>

Remove brace initialization of json objects

Brace initialization of json objects, while quite interesting from an
academic sense, are very difficult for people to grok, and lead to
inconsistencies.

Remove brace initialization of json objects

Brace initialization of json objects, while quite interesting from an
academic sense, are very difficult for people to grok, and lead to
inconsistencies. This patchset aims to remove a majority of them in
lieu of operator[]. Interestingly, this saves about 1% of the binary
size of bmcweb.

This also has an added benefit that as a design pattern, we're never
constructing a new object, then moving it into place, we're always
adding to the existing object, which in the future _could_ make things
like OEM schemas or properties easier, as there's no case where we're
completely replacing the response object.

Tested:
Ran redfish service validator. No new failures.

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Iae409b0a40ddd3ae6112cb2d52c6f6ab388595fe

show more ...


# 55f79e6f 25-Jan-2022 Ed Tanous <edtanous@google.com>

Enable readability checks

clang-tidy readability checks are overall a good thing, and help us to
write consistent and readable code, even if it doesn't change the
result.

All changes done by the ro

Enable readability checks

clang-tidy readability checks are overall a good thing, and help us to
write consistent and readable code, even if it doesn't change the
result.

All changes done by the robot.

Tested: Code compiles, inspection only (changes made by robot)

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Iee4a0c74a11eef9f158f0044eae675ebc518b549

show more ...


# e05aec50 25-Jan-2022 Ed Tanous <edtanous@google.com>

Add readability-redundant-* checks

There's a number of redundancies in our code that clang can sanitize
out. Fix the existing problems, and enable the checks.

Signed-off-by: Ed Tanous <edtanous@go

Add readability-redundant-* checks

There's a number of redundancies in our code that clang can sanitize
out. Fix the existing problems, and enable the checks.

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ie63d7b7f0777b702fbf1b23a24e1bed7b4f5183b

show more ...


# dcf2ebc0 25-Jan-2022 Ed Tanous <edtanous@google.com>

Enable readability-redundant-control-flow checks

These checks are a nice addition to our static analysis, as they
simplify code quite a bit, as can be seen by this diff being negative
lines.

Signed

Enable readability-redundant-control-flow checks

These checks are a nice addition to our static analysis, as they
simplify code quite a bit, as can be seen by this diff being negative
lines.

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I60ede4ad23d7e5337e811d70ddcab24bf8986891

show more ...


12