xref: /openbmc/webui-vue/src/store/modules/Authentication/AuthenticanStore.js (revision 6de03414859a6a37d0d21bb493bd444e4a308f3b) 
1import api, { isPasswordExpired } from '@/store/api';
2import Cookies from 'js-cookie';
3import router from '@/router';
4import { roles } from '@/router/routes';
5
6const AuthenticationStore = {
7  namespaced: true,
8  state: {
9    consoleWindow: null,
10    authError: false,
11    xsrfCookie: Cookies.get('XSRF-TOKEN'),
12    isAuthenticatedCookie: Cookies.get('IsAuthenticated'),
13    sessionURI: localStorage.getItem('sessionURI'),
14  },
15  getters: {
16    consoleWindow: (state) => state.consoleWindow,
17    authError: (state) => state.authError,
18    isLoggedIn: (state) => {
19      // We might have gotten XSRF-TOKEN (and HttpOnly SESSION cookie) by Mutual TLS authentication,
20      // without going through explicit Session creation
21      return (
22        state.xsrfCookie !== undefined || state.isAuthenticatedCookie == 'true'
23      );
24    },
25    // Used to authenticate WebSocket connections via subprotocol value
26    token: (state) => state.xsrfCookie,
27  },
28  mutations: {
29    authSuccess(state, { session }) {
30      state.authError = false;
31      state.xsrfCookie = Cookies.get('XSRF-TOKEN');
32      // Preserve session data across page reloads and browser restarts
33      localStorage.setItem('sessionURI', session);
34      state.sessionURI = session;
35    },
36    authError(state, authError = true) {
37      state.authError = authError;
38    },
39    logout(state) {
40      Cookies.remove('XSRF-TOKEN');
41      Cookies.remove('IsAuthenticated');
42      localStorage.removeItem('storedUsername');
43      state.xsrfCookie = undefined;
44      state.isAuthenticatedCookie = undefined;
45      localStorage.removeItem('sessionURI');
46      state.sessionURI = null;
47      state.consoleWindow = false;
48    },
49  },
50  actions: {
51    login({ commit }, { username, password }) {
52      commit('authError', false);
53      return api
54        .post('/redfish/v1/SessionService/Sessions', {
55          UserName: username,
56          Password: password,
57        })
58        .then((response) => {
59          commit('authSuccess', {
60            session: response.headers['location'],
61          });
62          return isPasswordExpired(response);
63        })
64        .catch((error) => {
65          commit('authError');
66          throw new Error(error);
67        });
68    },
69    logout({ commit, state }) {
70      api
71        .delete(state.sessionURI)
72        .then(() => commit('logout'))
73        .then(() => router.push('/login'))
74        .catch((error) => console.log(error));
75    },
76    getUserInfo({ commit }, username) {
77      return api
78        .get(`/redfish/v1/AccountService/Accounts/${username}`)
79        .then(({ data }) => {
80          commit('global/setPrivilege', data.RoleId, { root: true });
81          return data;
82        })
83        .catch((error) => {
84          if (error.response?.status === 404) {
85            // We have valid credentials but user isn't known, assume remote
86            // authentication (e.g. LDAP) and do not restrict the routing
87            commit('global/setPrivilege', roles.administrator, { root: true });
88            return {};
89          } else {
90            console.log(error);
91          }
92        });
93    },
94    resetStoreState({ state }) {
95      state.authError = false;
96      state.xsrfCookie = Cookies.get('XSRF-TOKEN');
97      state.isAuthenticatedCookie = Cookies.get('IsAuthenticated');
98    },
99  },
100};
101
102export default AuthenticationStore;
103