clang-format: update latest spec and reformat

Copy the latest format file from the docs repository and apply.

Change-Id: I2f0b9d0fb6e01ed36a2f34c750ba52de3b6d15d1
Signed-off-by: Patrick Williams <p

clang-format: update latest spec and reformat

Copy the latest format file from the docs repository and apply.

Change-Id: I2f0b9d0fb6e01ed36a2f34c750ba52de3b6d15d1
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>

show more ...

Fix includes

Clang-tidy misc-include-cleaner appears to now be enforcing
significantly more headers than previously. That is overall a good
thing, but forces us to fix some issues. This commit is

Fix includes

Clang-tidy misc-include-cleaner appears to now be enforcing
significantly more headers than previously. That is overall a good
thing, but forces us to fix some issues. This commit is largely just
taking the clang-recommended fixes and checking them in. Subsequent
patches will fix the more unique issues.

Note, that a number of new ignores are added into the .clang-tidy file.
These can be cleaned up over time as they're understood. The majority
are places where boost includes a impl/x.hpp and x.hpp, but expects you
to use the later. include-cleaner opts for the impl, but it isn't clear
why.

Change-Id: Id3fdd7ee6df6c33b2fd35626898523048dd51bfb
Signed-off-by: Ed Tanous <etanous@nvidia.com>
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>

show more ...

Use SPDX identifiers

SPDX identifiers are simpler, and reduce the amount of cruft we have in
code files. They are recommended by linux foundation, and therefore we
should do as they allow.

This pa

Use SPDX identifiers

SPDX identifiers are simpler, and reduce the amount of cruft we have in
code files. They are recommended by linux foundation, and therefore we
should do as they allow.

This patchset does not intend to modify any intent on any existing
copyrights or licenses, only to standardize their inclusion.

[1] https://www.linuxfoundation.org/blog/blog/copyright-notices-in-open-source-software-projects

Change-Id: I935c7c0156caa78fc368c929cebd0f068031e830
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

Extract reusable logic into separate function

Moved post session creation logic to new function called
processAfterSessionCreation.
This refactor improves code reuse for MFA changes in commit
https:

Extract reusable logic into separate function

Moved post session creation logic to new function called
processAfterSessionCreation.
This refactor improves code reuse for MFA changes in commit
https://gerrit.openbmc.org/c/openbmc/bmcweb/+/74938

Tested by:
Created session with expired password.
Verified password change is forced.

Created session with valid password.

Change-Id: Id91c53661c2c875c229cee9b5a6575560031ad75
Signed-off-by: Jishnu CM <jishnunambiarcm@duck.com>

show more ...

Format readjson

clang-format may potentially reformat the readJson calls if they may
have more keys or key names are longer. This makes formatting in a way
that's readable by forcing to break a line

Format readjson

clang-format may potentially reformat the readJson calls if they may
have more keys or key names are longer. This makes formatting in a way
that's readable by forcing to break a line for each key using an
empty-comment (`//`) each line.

It also allows trivially alphabetizing the list such that new additions
are less likely to have merge conflicts.

Tested:
- Check whitespace only.
- Code compiles.
- Redfish Service Validator with the same results before this

Change-Id: I3824a8c4faa9fa7c820d5d2fab6b565404926e2c
Signed-off-by: Ed Tanous <etanous@nvidia.com>
Signed-off-by: Myung Bae <myungbae@us.ibm.com>

show more ...

Do not remove wrong cookies on Session DELETE

When a web interface sends a DELETE request for a session other than
it's using itself the reply shouldn't ask the web browser to delete the
cookies and

Do not remove wrong cookies on Session DELETE

When a web interface sends a DELETE request for a session other than
it's using itself the reply shouldn't ask the web browser to delete the
cookies and to clear the site data.

Tested: logging in to BMC, observing the session identifier returned by
POST to Sessions, then opening another private window and logging in on
the same BMC, getting another session ID. Then navigating to "Security
and access -> Sessions" and pressing "Disconnect" button for the session
opened in the first window just deletes the session normally and the web
interface of the second private window that performed the operation
continued to work. Pressing "Log out" deletes the current session and
the web browser gets expected cookie and site data clearing headers.
Before the patch the same test made the second private window lose its
cookies essentially terminating both sessions instead of just the other
one.

Fixes: 29aab242f2d3 ("Send cookies to webui-vue from Sessions POST")
Change-Id: If3f81764cb825253b9d6e1c7589340e6dc018a81
Signed-off-by: Paul Fertser <fercerpav@gmail.com>

show more ...

Remove duplicated block comments

Static analysis flags that these two comments are redundant[1], which
seem to be duplicated a lot in copyright headers. Although there is a
larger discussion that c

Remove duplicated block comments

Static analysis flags that these two comments are redundant[1], which
seem to be duplicated a lot in copyright headers. Although there is a
larger discussion that can likely be had.

[1] https://sonarcloud.io/project/issues?issueStatuses=OPEN%2CCONFIRMED&id=edtanous_bmcweb&open=AY9_HYjgKXKyw1ZFwgVP

Tested: Comment change only. Code compiles.

Change-Id: Ia960317761f558a87842347ca0b5f3da63f8e730
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

Redfish Session: Implement MFA "Token" property

This commit implements multi-factor authentication "Token" property to
create redfish sessions when multi-factor token authentication enabled.

Tested

Redfish Session: Implement MFA "Token" property

This commit implements multi-factor authentication "Token" property to
create redfish sessions when multi-factor token authentication enabled.

Tested by:

Verified redfish session and login redfish commands with or without
TOTP token for MFA enabled/disabled users.

User authentication with MFA token:
POST https://${bmc}/redfish/v1/SessionService/Sessions -d '{"UserName"
:"root", "Password": "0penBmc","Token":"510760"}'

User authentication without MFA token:
POST https://${bmc}/login -d '{"username" : "newuser", "password"
:"0penBmc"}'

POST https://${bmc}/redfish/v1/SessionService/Sessions -d '{"UserName"
:"newuser", "Password": "0penBmc"}'

In case of invalid MFA token or password then authentication fails and
returns "ResourceAtUriUnauthorized" error message.

Change-Id: I639163dd3d49ff8ed886f72c99ad264317d59c34
Signed-off-by: Ravi Teja <raviteja28031990@gmail.com>

show more ...

Store Request Fields that are needed later

Because of recent changes to how dbus authentication is done, Requests
might be moved out before they can be used. This commit is an attempt
to mitigate t

Store Request Fields that are needed later

Because of recent changes to how dbus authentication is done, Requests
might be moved out before they can be used. This commit is an attempt
to mitigate the problem without needing to revert that patch.

This commit does two relatively distinct things.

First, it moves basic auth types to a model where they're timed out
instead of removed on destruction. This removes the need for a Request
object to track that state, and arguably gives better behavior, as
basic auth sessions will survive through the timeout.
To prevent lots of basic auth sessions getting created, a basic auth
session is reused if it was:
1. Created by basic auth previously.
2. Created by the same user.
3. Created from the same source IP address.

Second, both connection classes now store the accept, and origin headers
from the request in the connection class itself, removing the need for
them.

Tested: HTML page now loads when pointing at a redfish URL with a
browser.

Change-Id: I623b43cbcbb43d9e65b408853660be09a5edb2b3
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...

Send cookies to webui-vue from Sessions POST

Using Redfish-standard X-Auth-Token authentication is less secure
(against injected JS code) compared to an HttpOnly (not available to the
JS VM) SESSION

Send cookies to webui-vue from Sessions POST

Using Redfish-standard X-Auth-Token authentication is less secure
(against injected JS code) compared to an HttpOnly (not available to the
JS VM) SESSION cookie. Currently webui-vue authenticates connections to
WebSocket URIs not only by a JS-accessible token (passed as subprotocol
when upgrading to WS) but also via a SESSION cookie (even though it is
not subject to CORS policy).

To allow WebSocket-based functionality (IP KVM, SOL, VM) after creating
a Session object send a set of cookies instead of the X-Auth-Token
header if the request was made by webui-vue (detected by presence of
"X-Requested-With" header).

Factor out cookie setting and clearing functions and use explicit Path=/
attribute as the cookies are valid for the whole server, not just the
path of the endpoint they were created by.

Not specifying Path was functional for /login endpoint because
https://www.rfc-editor.org/rfc/rfc6265#section-5.3 point 7 for this case
says "set the cookie's path to the default-path of the request-uri" and
https://www.rfc-editor.org/rfc/rfc6265#section-5.1.4 tells how to
compute the default path. Basically, it was a "happy coincidence" that
/login defaults to / for the Path, if it was /openbmc/login then the
cookies would have been set to Path=/openbmc and not work at all for
/redfish/v1 endpoints.

Tested: Redfish-Service-Validator doesn't see a difference. Runtime
testing logging in via Sessions endpoint, getting data, using websockets
and logging out against webui-vue with a corresponding change while
carefully observing Request and Response headers. Creating a session
with curl without the special header shows just X-Auth-Token and no
cookies in the response.

Change-Id: I0b1774e586671874bb79f115e9cddf194f9ea653
Signed-off-by: Paul Fertser <fercerpav@gmail.com>

show more ...

Fix returning Roles for Sessions POST

When the session is just getting created the normal privileges
validation workflow isn't executed and so the current role remains
unknown. Fix this by refactori

Fix returning Roles for Sessions POST

When the session is just getting created the normal privileges
validation workflow isn't executed and so the current role remains
unknown. Fix this by refactoring dbus_privileges.hpp to allow obtaining
the information from phosphor-user-manager late in the request
processing.

Tested: Redfish Service Validator passes.

Creating a session for local user:
```
$ curl -k -H "Content-Type: application/json" -X POST https://172.41.1.250:18080/redfish/v1/SessionService/Sessions -d '{"UserName":"root", "Password":"0penBmc"}'
{
"@odata.id": "/redfish/v1/SessionService/Sessions/lfFsCNjshV",
"@odata.type": "#Session.v1_7_0.Session",
"ClientOriginIPAddress": "172.40.1.4",
"Description": "Manager User Session",
"Id": "lfFsCNjshV",
"Name": "User Session",
"Roles": [
"Administrator"
],
"UserName": "root"
}
```
Creating a session for remote user mapped to Operator:
```
$ curl -k -H "Content-Type: application/json" -X POST https://172.41.1.250:18080/redfish/v1/SessionService/Sessions -d '{"UserName":ldap_sync", "Password":"ldap_password"}'
{
"@odata.id": "/redfish/v1/SessionService/Sessions/qVffc4ePJK",
"@odata.type": "#Session.v1_7_0.Session",
"ClientOriginIPAddress": "172.40.1.4",
"Description": "Manager User Session",
"Id": "qVffc4ePJK",
"Name": "User Session",
"Roles": [
"Operator"
],
"UserName": "ldap_sync"
}
```

Fixes: https://github.com/openbmc/bmcweb/issues/280
Fixes: ce22f6099e7e28ae26591348bf484ebedbc1ed42
Change-Id: If76c43563244e3819ee3fbc60d9df7f6a21c1fa3
Signed-off-by: Paul Fertser <fercerpav@gmail.com>

show more ...

Expose current Role in Session object

As discussed at https://gerrit.openbmc.org/c/openbmc/webui-vue/+/70758
having that information available to front end is desired for UX
purposes (hiding pages a

Expose current Role in Session object

As discussed at https://gerrit.openbmc.org/c/openbmc/webui-vue/+/70758
having that information available to front end is desired for UX
purposes (hiding pages and actions that are not permitted to the current
user anyway).

This field was added in #Session.v1_7_0.Session released on 2023.2.

Tested: current role correctly reported (e.g. "Administrator") as the
only array element, Redfish-Service-Validator passes.

Fixes: #275
Change-Id: Ic9d8f02ca5859cb4b9996fd85b0896ce76ea22aa
Signed-off-by: Paul Fertser <fercerpav@gmail.com>

show more ...

Sessions: Drop end / from odata.id

Fix warnings around odata.id not matching. Was looking at old defects,
and closed https://github.com/openbmc/bmcweb/issues/166 (closed since no
longer see these wa

Sessions: Drop end / from odata.id

Fix warnings around odata.id not matching. Was looking at old defects,
and closed https://github.com/openbmc/bmcweb/issues/166 (closed since no
longer see these warnings) but saw we have these warnings for sessions:

```
*** /redfish/v1/SessionService
Attempt 1 of /redfish/v1/SessionService
Response Time for GET to /redfish/v1/SessionService: 0.046112860552966595 seconds.
/redfish/v1/SessionService @odata.id: Expected @odata.id to match URI link /redfish/v1/SessionService/
Type (SessionService.v1_0_2.SessionService), GET SUCCESS (time: 0:00:00.046476)
Attempt 1 of /redfish/v1/SessionService/Sessions
Response Time for GET to /redfish/v1/SessionService/Sessions: 0.005822769366204739 seconds.
PASS

*** /redfish/v1/SessionService/Sessions
/redfish/v1/SessionService/Sessions @odata.id: Expected @odata.id to match URI link /redfish/v1/SessionService/Sessions/
Type (SessionCollection.SessionCollection), GET SUCCESS (time: 0:00:00.006165)
```

It looks like all other odata.ids don't end in a /
https://github.com/search?q=repo%3Aopenbmc%2Fbmcweb%20odata.id&type=code

Tested: NONE. Visual inspection only.
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
Change-Id: Ie1cde192a5774a86c96e6993c71e8b124c79739a

show more ...

Fix spelling mistakes

These were found with:
codespell -w $(git ls-files | grep "\.[hc]\(pp\)\?$")

At some point in the future, we might want to get this enabled in CI.

Change-Id: Iccb57b2adfd06a2

Fix spelling mistakes

These were found with:
codespell -w $(git ls-files | grep "\.[hc]\(pp\)\?$")

At some point in the future, we might want to get this enabled in CI.

Change-Id: Iccb57b2adfd06a2e177e99db2923fe4e8e329118
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...

Fix regression in @odata failure paths

5b224921d765a93c5f93a6012109a9a748ef7cd4
and
a1e0871d2425b3f42d0e5893d548593e5ed576b

Added code to handle links looked correct in review, but the
deduplicatio

Fix regression in @odata failure paths

5b224921d765a93c5f93a6012109a9a748ef7cd4
and
a1e0871d2425b3f42d0e5893d548593e5ed576b

Added code to handle links looked correct in review, but the
deduplication of the HEAD methods now causes the return code of
setUpRedfishRoute to be ignored. This means that query parameter
or other header failures don't stop the request, which is bad.

Tested:

GET /redfish/v1 (ie ServiceRoot) returns the correct header.

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Iec01051221550747a7b99da5eb7713e18394d530

show more ...

Make propertyValueNotInList typesafe

The error codes for this function accept a string_view, which has caused
a number of cases of users of this function to call dump() to_string()
and all manner of

Make propertyValueNotInList typesafe

The error codes for this function accept a string_view, which has caused
a number of cases of users of this function to call dump() to_string()
and all manner of other conversions. Considering that dump() is
something that's difficult to call correctly, and overly wordy, it would
be ideal if the message code just handled that for us.

Therefore, this commit changes the prototype to include a nlohmann::json
object as an argument instead of string_view, then audits the codebase
for all uses, and moves them to a more normalized usage, which allows
the calling code to call "dump" for them.

Tested: PATCH /redfish/v1/SessionService {"SessionTimeout": 1}

Returns the PropertyValueNotInList error as it did before.

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: If62909072db1f067ad1f8aa590bb716c84181219

show more ...

Added new pre-defined usergroup called hostconsole

The new pre-defined usergroup named "hostconsole" is added to
differentiate access between host console and manager console.
The only users allowed

Added new pre-defined usergroup called hostconsole

The new pre-defined usergroup named "hostconsole" is added to
differentiate access between host console and manager console.
The only users allowed to interact with host console are part of the
"hostconsole" group and they are in an administrator role.

Note: The changes are spread across multiple repositories listed under
"Related commits:"

The bmcweb changes to incorporate new group are as follows:
- The new user is added in the hostconsole group only if it has an
administrative role.
- The ssh usergroup is only translated to ManagerConsole redfish group
and hostconsole usergroup is translated to HostConsole redfish group.
- The following changes are made to check the privileges for host console
access
- The new OEM privilege "OpenBMCHostConsole" added for host console
access. This privilege is not shared externally hence it is not
documented.
- Updated obmc_console BMCWEB_ROUTE to use the new privilege.
- Router functions now save user role and user groups in the session
- getUserPrivileges() function now takes session reference instead
of user role. This function now also checks for the user group
"hostconsole" and add the new privilege if user is member of this
group.
- Updated all callers of the getUserPrivileges to pass session
reference.
- Added test to validate that new privilege is set correctly.

Tested:
Loaded code on the system and validated that;
- New user gets added in hostconsole group. NOTE: Prior to this commit
all groups are assigned to new user. This drop does not change that
behavior.
- Access from the web gui is only available for users in hostconsole
group. Used IBM internal simulator called simics to test this. This
simulator allows accessing openbmc from GUI.
- Checked the role collection and there is no change.
$ curl -k -H "X-Auth-Token: $TOKEN" -X GET \
https://${bmc}/redfish/v1/AccountService/Roles
$ curl -k -H "X-Auth-Token: $TOKEN" -X GET \
https://${bmc}/redfish/v1/AccountService/Roles/Administrator
$ curl -k -H "X-Auth-Token: $TOKEN" -X GET \
https://${bmc}/redfish/v1/AccountService/Roles/ReadOnly
$ curl -k -H "X-Auth-Token: $TOKEN" -X GET \
https://${bmc}/redfish/v1/AccountService/Roles/Operator

- HostConsole is in AccountType when hostconsole group is present in
UserGroups D-Bus property

$ id user99
uid=1006(user99) gid=100(users) groups=1000(priv-admin),1005(web),\
1006(redfish),1013(hostconsole),100(users)

$ curl -k https://${bmc}/redfish/v1/AccountService/Accounts/user99
{
"@odata.id": "/redfish/v1/AccountService/Accounts/user99",
"@odata.type": "#ManagerAccount.v1_4_0.ManagerAccount",
"AccountTypes": [
"HostConsole",
"Redfish",
"WebUI",
"ManagerConsole"
],
"Description": "User Account",
"Enabled": true,
"Id": "user99",
"Links": {
"Role": {
"@odata.id": "/redfish/v1/AccountService/Roles/Administrator"
}
},
"Locked": false,
"Locked@Redfish.AllowableValues": [
"false"
],
"Name": "User Account",
"Password": null,
"PasswordChangeRequired": false,
"RoleId": "Administrator",
"UserName": "user99"

- The hostconsole group is not present for readonly or operator users
and also made sure that console access is not provided. This testing
is done one the system and console access was tried by modifying the
https://github.com/openbmc/bmcweb/blob/master/scripts/websocket_test.py

+ curl -k https://${bmc}/redfish/v1/AccountService/Accounts/user99
{
"@odata.id": "/redfish/v1/AccountService/Accounts/user99",
"@odata.type": "#ManagerAccount.v1_4_0.ManagerAccount",
"AccountTypes": [
"IPMI",
"Redfish",
"WebUI",
"ManagerConsole"
],
"Description": "User Account",
"Enabled": true,
"Id": "user99",
"Links": {
"Role": {
"@odata.id": "/redfish/v1/AccountService/Roles/ReadOnly"
}
},
"Locked": false,
"Locked@Redfish.AllowableValues": [
"false"
],
"Name": "User Account",
"Password": null,
"PasswordChangeRequired": false,
"RoleId": "ReadOnly",
"UserName": "user99"

[INFO "http_connection.hpp":209] Request: 0x150ac38 HTTP/1.1 GET /console0 ::ffff:x.x.xx.xxx
[DEBUG "routing.hpp":1265] Matched rule (upgrade) '/console0' 1 / 2
[DEBUG "routing.hpp":1084] userName = user99 userRole = priv-user
[DEBUG "routing.hpp":1123] IsUserPrivileged: group=ipmi
[DEBUG "routing.hpp":1123] IsUserPrivileged: group=redfish
[DEBUG "routing.hpp":1123] IsUserPrivileged: group=ssh
[DEBUG "routing.hpp":1123] IsUserPrivileged: group=web
[DEBUG "routing.hpp":93] checkPrivileges: BASE USER: Login
[DEBUG "routing.hpp":93] checkPrivileges: BASE USER: ConfigureSelf
[DEBUG "routing.hpp":113] checkPrivileges: OEM REQUIRED: OpenBMCHostConsole
[ERROR "routing.hpp":1192] Insufficient Privilege

+ curl -k https://${bmc}/redfish/v1/AccountService/Accounts/user99
{
"@odata.id": "/redfish/v1/AccountService/Accounts/user99",
"@odata.type": "#ManagerAccount.v1_4_0.ManagerAccount",
"AccountTypes": [
"IPMI",
"Redfish",
"WebUI",
"ManagerConsole"
],
"Description": "User Account",
"Enabled": true,
"Id": "user99",
"Links": {
"Role": {
"@odata.id": "/redfish/v1/AccountService/Roles/Operator"
}
},
"Locked": false,
"Locked@Redfish.AllowableValues": [
"false"
],
"Name": "User Account",
"Password": null,
"PasswordChangeRequired": false,
"RoleId": "Operator",
"UserName": "user99"

[INFO "http_connection.hpp":209] Request: 0x21c7c38 HTTP/1.1 GET /console0 ::ffff:x.x.xx.xxx
[DEBUG "routing.hpp":1265] Matched rule (upgrade) '/console0' 1 / 2
[DEBUG "routing.hpp":1084] userName = user99 userRole = priv-operator
[DEBUG "routing.hpp":1123] IsUserPrivileged: group=ipmi
[DEBUG "routing.hpp":1123] IsUserPrivileged: group=redfish
[DEBUG "routing.hpp":1123] IsUserPrivileged: group=ssh
[DEBUG "routing.hpp":1123] IsUserPrivileged: group=web
[DEBUG "routing.hpp":93] checkPrivileges: BASE USER: Login
[DEBUG "routing.hpp":93] checkPrivileges: BASE USER: ConfigureComponents
[DEBUG "routing.hpp":93] checkPrivileges: BASE USER: ConfigureSelf
[DEBUG "routing.hpp":113] checkPrivileges: OEM REQUIRED: OpenBMCHostConsole
[ERROR "routing.hpp":1192] Insufficient Privilege

Related commits:
NOTE: docs, openbmc, obmc-console changes are already merged. bmcweb
and phosphor-user-manager will be merged together.
docs: https://gerrit.openbmc.org/c/openbmc/docs/+/60968
phosphor-user-manager: https://gerrit.openbmc.org/c/openbmc/phosphor-user-manager/+/61583
openbmc: https://gerrit.openbmc.org/c/openbmc/openbmc/+/61582
obmc-console: https://gerrit.openbmc.org/c/openbmc/obmc-console/+/61581
bmcweb: https://gerrit.openbmc.org/c/openbmc/bmcweb/+/61580

Change-Id: Ia5a33dafc9a76444e6a8e74e752f0f90cb0a31c8
Signed-off-by: Ninad Palsule <ninadpalsule@us.ibm.com>

show more ...

SessionService: Break out setupRedfishRoute

Previously, we had a pattern where we would call the HEAD handler for a
route in the GET handler. Unfortunately, this leads to the error from
setupRedfis

SessionService: Break out setupRedfishRoute

Previously, we had a pattern where we would call the HEAD handler for a
route in the GET handler. Unfortunately, this leads to the error from
setupRedfishRoute to not be handled, which means that for these routes,
400 isn't processed properly.

This is same fix as https://gerrit.openbmc.org/c/openbmc/bmcweb/+/63526/

Tested: TODO will test the top commit.

Change-Id: I1ab51e397072cb0d60bddffcfbe8df71b56a4f42
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>

show more ...

Break out setupRedfishRoute

Previously, we had a pattern where we would call the HEAD handler for a
route in the GET handler. Unfortunately, this leads to the error from
setupRedfishRoute to not be

Break out setupRedfishRoute

Previously, we had a pattern where we would call the HEAD handler for a
route in the GET handler. Unfortunately, this leads to the error from
setupRedfishRoute to not be handled, which means that for these routes,
400 isn't processed properly.

Fix the code.

Tested: Redfish service validator passes.

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I324cc9582f2368a08265e1defee5b6c56ded3267

show more ...

Boost::urls::format

Boost 1.82 dropped a lovely new toy, boost::urls::format, which is a lot
like our urlFromPieces method, but better in that it makes the resulting
uris more readable, and allows d

Boost::urls::format

Boost 1.82 dropped a lovely new toy, boost::urls::format, which is a lot
like our urlFromPieces method, but better in that it makes the resulting
uris more readable, and allows doing things like fragments in a single
line instead of multiple. We should prefer it in some cases.

Tested:
Redfish service validator passes.
Spot checks of URLs work as expected.
Unit tests pass.

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ia7b38f0a95771c862507e7d5b4aa68aa1c98403c

show more ...

fix more push vs emplace calls

It seems like clang-tidy doesn't catch every place that an emplace could
be used instead of a push. Use a few grep/sed pairs to find and fix up
some common patterns.

fix more push vs emplace calls

It seems like clang-tidy doesn't catch every place that an emplace could
be used instead of a push. Use a few grep/sed pairs to find and fix up
some common patterns.

Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I93eaec26b8e3be240599e92b66cf54947073dc4c

show more ...

clang-format: copy latest and re-format

clang-format-16 has some backwards incompatible changes that require
additional settings for best compatibility and re-running the formatter.
Copy the latest

clang-format: copy latest and re-format

clang-format-16 has some backwards incompatible changes that require
additional settings for best compatibility and re-running the formatter.
Copy the latest .clang-format from the docs repository and reformat the
repository.

Change-Id: I75f89d2959b0f1338c20d72ad669fbdc1d720835
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>

show more ...

Make url by value in Request

There's some tough-to-track-down safety problems in http Request. This
commit is an attempt to make things more safe, even if it isn't clear
how the old code was wrong.

Make url by value in Request

There's some tough-to-track-down safety problems in http Request. This
commit is an attempt to make things more safe, even if it isn't clear
how the old code was wrong.

Previously, the old code took a url_view from the target() string for a
given URI. This was effectively a pointer, and needed to be updated in
custom move/copy constructors that were error prone to write.

This commit moves to taking the URI by non-view, which involves a copy,
but allows us to use the default move and copy constructors, as well as
have no internal references within Request, which should improve the
safety and reviewability.

There's already so many string copies in bmcweb, that this is unlikely
to show up as any sort of performance regression, and simple code is
much better in this case.

Note, because of a bug in boost::url, we have to explicitly construct a
url_view in any case where we want to use segments() or query() on a
const Request. This has been reported to the boost maintainers, and is
being worked for a long term solution.

https://github.com/boostorg/url/pull/704

Tested: Redfish service validator passed on last commit in series.

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I49a7710e642dff624d578ec1dde088428f284627

show more ...

Session: Add v1 to urlFromPieces

Commit eddfc43 forgot the v1 in these URLs.
The bump is failing the validator:
```
138 err.Session.Session errors in /redfish/v1/SessionService/Sessions
138 failMand

Session: Add v1 to urlFromPieces

Commit eddfc43 forgot the v1 in these URLs.
The bump is failing the validator:
```
138 err.Session.Session errors in /redfish/v1/SessionService/Sessions
138 failMandatoryProp errors in /redfish/v1/SessionService/Sessions
1 failGet errors in /redfish/SessionService/Sessions/laEDBoxyVi
1 failGet errors in /redfish/SessionService/Sessions/NP9WrNsFwx
```
Note the missing v1 above

Tested: None.

Change-Id: I95c114f6e151b0a91080a47f3fcd7ae6d3a9668e
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>

show more ...

Update most resources to use urlFromPieces

Only id in event_service and account_service have not been updated due
to the risk of it breaking the username/id. It will require further
testing to verif

Update most resources to use urlFromPieces

Only id in event_service and account_service have not been updated due
to the risk of it breaking the username/id. It will require further
testing to verify.

Use urlFromPieces wherever that is needed to insert a variable in the
URI. Don't use urlFromPieces when it is hardcoded values. This allow us
to control all resource URIs that is dynamically added and to sync with
the current recommanded method for `@odata.id`. The goal is to have a
common place to manage the url created from dbus-paths in order to
manage/update it easily when needed.

Tested:
RedfishValidtor Passed for all resource including the sensors with the
fragments.

Change-Id: I95cdfaaee58fc7f21c95f5944e1e5c813b3215f2
Signed-off-by: Willy Tu <wltu@google.com>
Signed-off-by: Ed Tanous <edtanous@google.com>

show more ...