140e9b92eSEd Tanous // SPDX-License-Identifier: Apache-2.0 240e9b92eSEd Tanous // SPDX-FileCopyrightText: Copyright OpenBMC Authors 340e9b92eSEd Tanous // SPDX-FileCopyrightText: Copyright 2018 Intel Corporation 42b7981f6SKowalski, Kamil #pragma once 543a095abSBorawski.Lukasz 6ce22f609SPaul Fertser #include "account_service.hpp" 73ccb3adbSEd Tanous #include "app.hpp" 8d7857201SEd Tanous #include "async_resp.hpp" 929aab242SPaul Fertser #include "cookies.hpp" 10d7857201SEd Tanous #include "dbus_privileges.hpp" 11f4c4dcf4SKowalski, Kamil #include "error_messages.hpp" 12d7857201SEd Tanous #include "http_request.hpp" 13d7857201SEd Tanous #include "http_response.hpp" 14d7857201SEd Tanous #include "pam_authenticate.hpp" 15d7857201SEd Tanous #include "privileges.hpp" 163ccb3adbSEd Tanous #include "query.hpp" 173ccb3adbSEd Tanous #include "registries/privilege_registry.hpp" 18d7857201SEd Tanous #include "sessions.hpp" 193ccb3adbSEd Tanous #include "utils/json_utils.hpp" 207e860f15SJohn Edward Broadbent 21d7857201SEd Tanous #include <security/_pam_types.h> 22d7857201SEd Tanous 23d7857201SEd Tanous #include <boost/beast/http/field.hpp> 24d7857201SEd Tanous #include <boost/beast/http/status.hpp> 25d7857201SEd Tanous #include <boost/beast/http/verb.hpp> 26ef4c65b7SEd Tanous #include <boost/url/format.hpp> 27ef4c65b7SEd Tanous 28d7857201SEd Tanous #include <chrono> 29d7857201SEd Tanous #include <cstdint> 30d7857201SEd Tanous #include <functional> 31d7857201SEd Tanous #include <memory> 32d7857201SEd Tanous #include <optional> 3389cda63dSEd Tanous #include <string> 34d7857201SEd Tanous #include <utility> 3589cda63dSEd Tanous #include <vector> 3689cda63dSEd Tanous 371abe55efSEd Tanous namespace redfish 381abe55efSEd Tanous { 392b7981f6SKowalski, Kamil 404f48d5f6SEd Tanous inline void fillSessionObject(crow::Response& res, 41faa34ccfSEd Tanous const persistent_data::UserSession& session) 421abe55efSEd Tanous { 43faa34ccfSEd Tanous res.jsonValue["Id"] = session.uniqueId; 44faa34ccfSEd Tanous res.jsonValue["UserName"] = session.username; 45ce22f609SPaul Fertser nlohmann::json::array_t roles; 46ce22f609SPaul Fertser roles.emplace_back(redfish::getRoleIdFromPrivilege(session.userRole)); 47ce22f609SPaul Fertser res.jsonValue["Roles"] = std::move(roles); 48ef4c65b7SEd Tanous res.jsonValue["@odata.id"] = boost::urls::format( 49ef4c65b7SEd Tanous "/redfish/v1/SessionService/Sessions/{}", session.uniqueId); 50ce22f609SPaul Fertser res.jsonValue["@odata.type"] = "#Session.v1_7_0.Session"; 51faa34ccfSEd Tanous res.jsonValue["Name"] = "User Session"; 52faa34ccfSEd Tanous res.jsonValue["Description"] = "Manager User Session"; 53faa34ccfSEd Tanous res.jsonValue["ClientOriginIPAddress"] = session.clientIp; 54bb759e3aSEd Tanous if (session.clientId) 55bb759e3aSEd Tanous { 56bb759e3aSEd Tanous res.jsonValue["Context"] = *session.clientId; 57bb759e3aSEd Tanous } 582b7981f6SKowalski, Kamil } 592b7981f6SKowalski, Kamil 60504af5a0SPatrick Williams inline void handleSessionHead( 61504af5a0SPatrick Williams crow::App& app, const crow::Request& req, 62faa34ccfSEd Tanous const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, 63a1e0871dSEd Tanous const std::string& /*sessionId*/) 64724340d7SEd Tanous { 653ba00073SCarson Labrado if (!redfish::setUpRedfishRoute(app, req, asyncResp)) 6645ca1b86SEd Tanous { 6745ca1b86SEd Tanous return; 6845ca1b86SEd Tanous } 69a1e0871dSEd Tanous asyncResp->res.addHeader( 70a1e0871dSEd Tanous boost::beast::http::field::link, 71a1e0871dSEd Tanous "</redfish/v1/JsonSchemas/Session/Session.json>; rel=describedby"); 72a1e0871dSEd Tanous } 73a1e0871dSEd Tanous 74504af5a0SPatrick Williams inline void handleSessionGet( 75504af5a0SPatrick Williams crow::App& app, const crow::Request& req, 76a1e0871dSEd Tanous const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, 77a1e0871dSEd Tanous const std::string& sessionId) 78a1e0871dSEd Tanous { 7965ffbcb3SEd Tanous if (!redfish::setUpRedfishRoute(app, req, asyncResp)) 8065ffbcb3SEd Tanous { 8165ffbcb3SEd Tanous return; 8265ffbcb3SEd Tanous } 8365ffbcb3SEd Tanous asyncResp->res.addHeader( 8465ffbcb3SEd Tanous boost::beast::http::field::link, 8565ffbcb3SEd Tanous "</redfish/v1/JsonSchemas/Session/Session.json>; rel=describedby"); 86a1e0871dSEd Tanous 87faa34ccfSEd Tanous // Note that control also reaches here via doPost and doDelete. 88724340d7SEd Tanous auto session = 89724340d7SEd Tanous persistent_data::SessionStore::getInstance().getSessionByUid(sessionId); 902b7981f6SKowalski, Kamil 911abe55efSEd Tanous if (session == nullptr) 921abe55efSEd Tanous { 93724340d7SEd Tanous messages::resourceNotFound(asyncResp->res, "Session", sessionId); 94faa34ccfSEd Tanous return; 95faa34ccfSEd Tanous } 96faa34ccfSEd Tanous 97faa34ccfSEd Tanous fillSessionObject(asyncResp->res, *session); 98724340d7SEd Tanous } 99faa34ccfSEd Tanous 100504af5a0SPatrick Williams inline void handleSessionDelete( 101504af5a0SPatrick Williams crow::App& app, const crow::Request& req, 102faa34ccfSEd Tanous const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, 103724340d7SEd Tanous const std::string& sessionId) 104724340d7SEd Tanous { 1053ba00073SCarson Labrado if (!redfish::setUpRedfishRoute(app, req, asyncResp)) 10645ca1b86SEd Tanous { 10745ca1b86SEd Tanous return; 10845ca1b86SEd Tanous } 109724340d7SEd Tanous auto session = 110724340d7SEd Tanous persistent_data::SessionStore::getInstance().getSessionByUid(sessionId); 111faa34ccfSEd Tanous 112faa34ccfSEd Tanous if (session == nullptr) 113faa34ccfSEd Tanous { 114724340d7SEd Tanous messages::resourceNotFound(asyncResp->res, "Session", sessionId); 1152b7981f6SKowalski, Kamil return; 1162b7981f6SKowalski, Kamil } 1172b7981f6SKowalski, Kamil 118900f9497SJoseph Reynolds // Perform a proper ConfigureSelf authority check. If a 119900f9497SJoseph Reynolds // session is being used to DELETE some other user's session, 120900f9497SJoseph Reynolds // then the ConfigureSelf privilege does not apply. In that 121900f9497SJoseph Reynolds // case, perform the authority check again without the user's 122900f9497SJoseph Reynolds // ConfigureSelf privilege. 1230fd29865Swukaihua-fii-na if (req.session != nullptr && !session->username.empty() && 1240fd29865Swukaihua-fii-na session->username != req.session->username) 125900f9497SJoseph Reynolds { 1266c51eab1SEd Tanous Privileges effectiveUserPrivileges = 1273e72c202SNinad Palsule redfish::getUserPrivileges(*req.session); 1286c51eab1SEd Tanous 129724340d7SEd Tanous if (!effectiveUserPrivileges.isSupersetOf({"ConfigureUsers"})) 130900f9497SJoseph Reynolds { 1318d1b46d7Szhanghch05 messages::insufficientPrivilege(asyncResp->res); 132900f9497SJoseph Reynolds return; 133900f9497SJoseph Reynolds } 134900f9497SJoseph Reynolds } 135900f9497SJoseph Reynolds 1368812e8beSPaul Fertser if (req.session != nullptr && req.session->uniqueId == sessionId && 1378812e8beSPaul Fertser session->cookieAuth) 13829aab242SPaul Fertser { 13929aab242SPaul Fertser bmcweb::clearSessionCookies(asyncResp->res); 14029aab242SPaul Fertser } 14129aab242SPaul Fertser 142724340d7SEd Tanous persistent_data::SessionStore::getInstance().removeSession(session); 1435cc148afSEd Tanous messages::success(asyncResp->res); 144724340d7SEd Tanous } 145f4c4dcf4SKowalski, Kamil 146724340d7SEd Tanous inline nlohmann::json getSessionCollectionMembers() 147724340d7SEd Tanous { 14889cda63dSEd Tanous std::vector<std::string> sessionIds = 14989cda63dSEd Tanous persistent_data::SessionStore::getInstance().getAllUniqueIds(); 150724340d7SEd Tanous nlohmann::json ret = nlohmann::json::array(); 15189cda63dSEd Tanous for (const std::string& uid : sessionIds) 1521abe55efSEd Tanous { 1531476687dSEd Tanous nlohmann::json::object_t session; 154ef4c65b7SEd Tanous session["@odata.id"] = 15589cda63dSEd Tanous boost::urls::format("/redfish/v1/SessionService/Sessions/{}", uid); 156b2ba3072SPatrick Williams ret.emplace_back(std::move(session)); 1572b7981f6SKowalski, Kamil } 158724340d7SEd Tanous return ret; 159724340d7SEd Tanous } 160724340d7SEd Tanous 161a1e0871dSEd Tanous inline void handleSessionCollectionHead( 16245ca1b86SEd Tanous crow::App& app, const crow::Request& req, 163724340d7SEd Tanous const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) 164724340d7SEd Tanous { 1653ba00073SCarson Labrado if (!redfish::setUpRedfishRoute(app, req, asyncResp)) 16645ca1b86SEd Tanous { 16745ca1b86SEd Tanous return; 16845ca1b86SEd Tanous } 169a1e0871dSEd Tanous asyncResp->res.addHeader( 170a1e0871dSEd Tanous boost::beast::http::field::link, 171a1e0871dSEd Tanous "</redfish/v1/JsonSchemas/SessionCollection.json>; rel=describedby"); 172a1e0871dSEd Tanous } 173a1e0871dSEd Tanous 174a1e0871dSEd Tanous inline void handleSessionCollectionGet( 175a1e0871dSEd Tanous crow::App& app, const crow::Request& req, 176a1e0871dSEd Tanous const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) 177a1e0871dSEd Tanous { 17801a89a1fSEd Tanous if (!redfish::setUpRedfishRoute(app, req, asyncResp)) 17901a89a1fSEd Tanous { 18001a89a1fSEd Tanous return; 18101a89a1fSEd Tanous } 18201a89a1fSEd Tanous asyncResp->res.addHeader( 18301a89a1fSEd Tanous boost::beast::http::field::link, 18401a89a1fSEd Tanous "</redfish/v1/JsonSchemas/SessionCollection.json>; rel=describedby"); 18501a89a1fSEd Tanous 186724340d7SEd Tanous asyncResp->res.jsonValue["Members"] = getSessionCollectionMembers(); 187faa34ccfSEd Tanous asyncResp->res.jsonValue["Members@odata.count"] = 188724340d7SEd Tanous asyncResp->res.jsonValue["Members"].size(); 1898d1b46d7Szhanghch05 asyncResp->res.jsonValue["@odata.type"] = 1908d1b46d7Szhanghch05 "#SessionCollection.SessionCollection"; 1918d1b46d7Szhanghch05 asyncResp->res.jsonValue["@odata.id"] = 1927a859ffeSGunnar Mills "/redfish/v1/SessionService/Sessions"; 1938d1b46d7Szhanghch05 asyncResp->res.jsonValue["Name"] = "Session Collection"; 1948d1b46d7Szhanghch05 asyncResp->res.jsonValue["Description"] = "Session Collection"; 195724340d7SEd Tanous } 1962b7981f6SKowalski, Kamil 197be2f124cSJishnu CM inline void processAfterSessionCreation( 198be2f124cSJishnu CM const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, 199be2f124cSJishnu CM const crow::Request& req, const std::string& username, 200be2f124cSJishnu CM std::shared_ptr<persistent_data::UserSession>& session) 201be2f124cSJishnu CM { 202be2f124cSJishnu CM // When session is created by webui-vue give it session cookies as a 203be2f124cSJishnu CM // non-standard Redfish extension. This is needed for authentication for 204be2f124cSJishnu CM // WebSockets-based functionality. 205be2f124cSJishnu CM if (!req.getHeaderValue("X-Requested-With").empty()) 206be2f124cSJishnu CM { 207be2f124cSJishnu CM bmcweb::setSessionCookies(asyncResp->res, *session); 208be2f124cSJishnu CM } 209be2f124cSJishnu CM else 210be2f124cSJishnu CM { 211be2f124cSJishnu CM asyncResp->res.addHeader("X-Auth-Token", session->sessionToken); 212be2f124cSJishnu CM } 213be2f124cSJishnu CM 214be2f124cSJishnu CM asyncResp->res.addHeader( 215be2f124cSJishnu CM "Location", "/redfish/v1/SessionService/Sessions/" + session->uniqueId); 216be2f124cSJishnu CM asyncResp->res.result(boost::beast::http::status::created); 217be2f124cSJishnu CM if (session->isConfigureSelfOnly) 218be2f124cSJishnu CM { 219*1c651ee1SJoey Berkovitz boost::urls::url url = boost::urls::format( 220*1c651ee1SJoey Berkovitz "/redfish/v1/AccountService/Accounts/{}", session->username); 221*1c651ee1SJoey Berkovitz messages::addMessageToJsonRoot(asyncResp->res.jsonValue, 222*1c651ee1SJoey Berkovitz messages::passwordChangeRequired(url)); 223be2f124cSJishnu CM } 224be2f124cSJishnu CM 225be2f124cSJishnu CM crow::getUserInfo(asyncResp, username, session, [asyncResp, session]() { 226be2f124cSJishnu CM fillSessionObject(asyncResp->res, *session); 227be2f124cSJishnu CM }); 228be2f124cSJishnu CM } 229be2f124cSJishnu CM 2304ee8e211SEd Tanous inline void handleSessionCollectionPost( 23145ca1b86SEd Tanous crow::App& app, const crow::Request& req, 232724340d7SEd Tanous const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) 233724340d7SEd Tanous { 2343ba00073SCarson Labrado if (!redfish::setUpRedfishRoute(app, req, asyncResp)) 23545ca1b86SEd Tanous { 23645ca1b86SEd Tanous return; 23745ca1b86SEd Tanous } 2389712f8acSEd Tanous std::string username; 2399712f8acSEd Tanous std::string password; 240bb759e3aSEd Tanous std::optional<std::string> clientId; 2412ccce1f3SRavi Teja std::optional<std::string> token; 242afc474aeSMyung Bae if (!json_util::readJsonPatch( // 243afc474aeSMyung Bae req, asyncResp->res, // 244afc474aeSMyung Bae "Context", clientId, // 245afc474aeSMyung Bae "Password", password, // 246afc474aeSMyung Bae "Token", token, // 247afc474aeSMyung Bae "UserName", username // 248afc474aeSMyung Bae )) 2491abe55efSEd Tanous { 2502b7981f6SKowalski, Kamil return; 2512b7981f6SKowalski, Kamil } 252820ce598SEd Tanous if (password.empty() || username.empty() || 2538d1b46d7Szhanghch05 asyncResp->res.result() != boost::beast::http::status::ok) 2541abe55efSEd Tanous { 2551abe55efSEd Tanous if (username.empty()) 2561abe55efSEd Tanous { 2578d1b46d7Szhanghch05 messages::propertyMissing(asyncResp->res, "UserName"); 258f4c4dcf4SKowalski, Kamil } 259f4c4dcf4SKowalski, Kamil 2601abe55efSEd Tanous if (password.empty()) 2611abe55efSEd Tanous { 2628d1b46d7Szhanghch05 messages::propertyMissing(asyncResp->res, "Password"); 263820ce598SEd Tanous } 264820ce598SEd Tanous 265820ce598SEd Tanous return; 266f4c4dcf4SKowalski, Kamil } 2672b7981f6SKowalski, Kamil 2682ccce1f3SRavi Teja int pamrc = pamAuthenticateUser(username, password, token); 2693bf4e632SJoseph Reynolds bool isConfigureSelfOnly = pamrc == PAM_NEW_AUTHTOK_REQD; 2703bf4e632SJoseph Reynolds if ((pamrc != PAM_SUCCESS) && !isConfigureSelfOnly) 2711abe55efSEd Tanous { 27239662a3bSEd Tanous messages::resourceAtUriUnauthorized(asyncResp->res, req.url(), 273f12894f8SJason M. Bills "Invalid username or password"); 274820ce598SEd Tanous return; 2752b7981f6SKowalski, Kamil } 2766f115bbbSManojkiran Eda 277820ce598SEd Tanous // User is authenticated - create session 27852cc112dSEd Tanous std::shared_ptr<persistent_data::UserSession> session = 279724340d7SEd Tanous persistent_data::SessionStore::getInstance().generateUserSession( 28041d61c82SJiaqing Zhao username, req.ipAddress, clientId, 28189cda63dSEd Tanous persistent_data::SessionType::Session, isConfigureSelfOnly); 28202e53aefSBrad Bishop if (session == nullptr) 28302e53aefSBrad Bishop { 28402e53aefSBrad Bishop messages::internalError(asyncResp->res); 28502e53aefSBrad Bishop return; 28602e53aefSBrad Bishop } 287be2f124cSJishnu CM processAfterSessionCreation(asyncResp, req, username, session); 28829aab242SPaul Fertser } 28929aab242SPaul Fertser 290a1e0871dSEd Tanous inline void handleSessionServiceHead( 291a1e0871dSEd Tanous crow::App& app, const crow::Request& req, 292a1e0871dSEd Tanous const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) 293a1e0871dSEd Tanous { 294a1e0871dSEd Tanous if (!redfish::setUpRedfishRoute(app, req, asyncResp)) 295a1e0871dSEd Tanous { 296a1e0871dSEd Tanous return; 297a1e0871dSEd Tanous } 298a1e0871dSEd Tanous asyncResp->res.addHeader( 299a1e0871dSEd Tanous boost::beast::http::field::link, 300a1e0871dSEd Tanous "</redfish/v1/JsonSchemas/SessionService/SessionService.json>; rel=describedby"); 301a1e0871dSEd Tanous } 302504af5a0SPatrick Williams inline void handleSessionServiceGet( 303504af5a0SPatrick Williams crow::App& app, const crow::Request& req, 304724340d7SEd Tanous const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) 3052b7981f6SKowalski, Kamil 306724340d7SEd Tanous { 30778e3900fSGunnar Mills if (!redfish::setUpRedfishRoute(app, req, asyncResp)) 30878e3900fSGunnar Mills { 30978e3900fSGunnar Mills return; 31078e3900fSGunnar Mills } 31178e3900fSGunnar Mills asyncResp->res.addHeader( 31278e3900fSGunnar Mills boost::beast::http::field::link, 31378e3900fSGunnar Mills "</redfish/v1/JsonSchemas/SessionService/SessionService.json>; rel=describedby"); 31478e3900fSGunnar Mills 3158d1b46d7Szhanghch05 asyncResp->res.jsonValue["@odata.type"] = 3168d1b46d7Szhanghch05 "#SessionService.v1_0_2.SessionService"; 3177a859ffeSGunnar Mills asyncResp->res.jsonValue["@odata.id"] = "/redfish/v1/SessionService"; 3188d1b46d7Szhanghch05 asyncResp->res.jsonValue["Name"] = "Session Service"; 3198d1b46d7Szhanghch05 asyncResp->res.jsonValue["Id"] = "SessionService"; 3208d1b46d7Szhanghch05 asyncResp->res.jsonValue["Description"] = "Session Service"; 3218d1b46d7Szhanghch05 asyncResp->res.jsonValue["SessionTimeout"] = 322724340d7SEd Tanous persistent_data::SessionStore::getInstance().getTimeoutInSeconds(); 3238d1b46d7Szhanghch05 asyncResp->res.jsonValue["ServiceEnabled"] = true; 3240f74e643SEd Tanous 3251476687dSEd Tanous asyncResp->res.jsonValue["Sessions"]["@odata.id"] = 3261476687dSEd Tanous "/redfish/v1/SessionService/Sessions"; 327724340d7SEd Tanous } 328f2a4a606SManojkiran Eda 329724340d7SEd Tanous inline void handleSessionServicePatch( 33045ca1b86SEd Tanous crow::App& app, const crow::Request& req, 331724340d7SEd Tanous const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) 332724340d7SEd Tanous { 3333ba00073SCarson Labrado if (!redfish::setUpRedfishRoute(app, req, asyncResp)) 33445ca1b86SEd Tanous { 33545ca1b86SEd Tanous return; 33645ca1b86SEd Tanous } 337f2a4a606SManojkiran Eda std::optional<int64_t> sessionTimeout; 338afc474aeSMyung Bae if (!json_util::readJsonPatch( // 339afc474aeSMyung Bae req, asyncResp->res, // 340afc474aeSMyung Bae "SessionTimeout", sessionTimeout // 341afc474aeSMyung Bae )) 342f2a4a606SManojkiran Eda { 343f2a4a606SManojkiran Eda return; 344f2a4a606SManojkiran Eda } 345f2a4a606SManojkiran Eda 346f2a4a606SManojkiran Eda if (sessionTimeout) 347f2a4a606SManojkiran Eda { 3488ece0e45SEd Tanous // The minimum & maximum allowed values for session timeout 349faa34ccfSEd Tanous // are 30 seconds and 86400 seconds respectively as per the 350faa34ccfSEd Tanous // session service schema mentioned at 351f2a4a606SManojkiran Eda // https://redfish.dmtf.org/schemas/v1/SessionService.v1_1_7.json 352f2a4a606SManojkiran Eda 353f2a4a606SManojkiran Eda if (*sessionTimeout <= 86400 && *sessionTimeout >= 30) 354f2a4a606SManojkiran Eda { 355724340d7SEd Tanous std::chrono::seconds sessionTimeoutInseconds(*sessionTimeout); 356724340d7SEd Tanous persistent_data::SessionStore::getInstance().updateSessionTimeout( 357724340d7SEd Tanous sessionTimeoutInseconds); 358724340d7SEd Tanous messages::propertyValueModified(asyncResp->res, "SessionTimeOut", 359f2a4a606SManojkiran Eda std::to_string(*sessionTimeout)); 360f2a4a606SManojkiran Eda } 361f2a4a606SManojkiran Eda else 362f2a4a606SManojkiran Eda { 363e2616cc5SEd Tanous messages::propertyValueNotInList(asyncResp->res, *sessionTimeout, 3648d1b46d7Szhanghch05 "SessionTimeOut"); 365f2a4a606SManojkiran Eda } 366f2a4a606SManojkiran Eda } 367724340d7SEd Tanous } 368724340d7SEd Tanous 369724340d7SEd Tanous inline void requestRoutesSession(App& app) 370724340d7SEd Tanous { 371724340d7SEd Tanous BMCWEB_ROUTE(app, "/redfish/v1/SessionService/Sessions/<str>/") 372a1e0871dSEd Tanous .privileges(redfish::privileges::headSession) 373a1e0871dSEd Tanous .methods(boost::beast::http::verb::head)( 374a1e0871dSEd Tanous std::bind_front(handleSessionHead, std::ref(app))); 375a1e0871dSEd Tanous 376a1e0871dSEd Tanous BMCWEB_ROUTE(app, "/redfish/v1/SessionService/Sessions/<str>/") 377724340d7SEd Tanous .privileges(redfish::privileges::getSession) 37845ca1b86SEd Tanous .methods(boost::beast::http::verb::get)( 37945ca1b86SEd Tanous std::bind_front(handleSessionGet, std::ref(app))); 380724340d7SEd Tanous 381724340d7SEd Tanous BMCWEB_ROUTE(app, "/redfish/v1/SessionService/Sessions/<str>/") 382724340d7SEd Tanous .privileges(redfish::privileges::deleteSession) 38345ca1b86SEd Tanous .methods(boost::beast::http::verb::delete_)( 38445ca1b86SEd Tanous std::bind_front(handleSessionDelete, std::ref(app))); 385724340d7SEd Tanous 386724340d7SEd Tanous BMCWEB_ROUTE(app, "/redfish/v1/SessionService/Sessions/") 387a1e0871dSEd Tanous .privileges(redfish::privileges::headSessionCollection) 388a1e0871dSEd Tanous .methods(boost::beast::http::verb::head)( 389a1e0871dSEd Tanous std::bind_front(handleSessionCollectionHead, std::ref(app))); 390a1e0871dSEd Tanous 391a1e0871dSEd Tanous BMCWEB_ROUTE(app, "/redfish/v1/SessionService/Sessions/") 392724340d7SEd Tanous .privileges(redfish::privileges::getSessionCollection) 39345ca1b86SEd Tanous .methods(boost::beast::http::verb::get)( 39445ca1b86SEd Tanous std::bind_front(handleSessionCollectionGet, std::ref(app))); 395724340d7SEd Tanous 396e76cd868SEd Tanous // Note, the next two routes technically don't match the privilege 397724340d7SEd Tanous // registry given the way login mechanisms work. The base privilege 398724340d7SEd Tanous // registry lists this endpoint as requiring login privilege, but because 399724340d7SEd Tanous // this is the endpoint responsible for giving the login privilege, and it 400724340d7SEd Tanous // is itself its own route, it needs to not require Login 401724340d7SEd Tanous BMCWEB_ROUTE(app, "/redfish/v1/SessionService/Sessions/") 402724340d7SEd Tanous .privileges({}) 40345ca1b86SEd Tanous .methods(boost::beast::http::verb::post)( 40445ca1b86SEd Tanous std::bind_front(handleSessionCollectionPost, std::ref(app))); 405724340d7SEd Tanous 406e76cd868SEd Tanous BMCWEB_ROUTE(app, "/redfish/v1/SessionService/Sessions/Members/") 407e76cd868SEd Tanous .privileges({}) 40845ca1b86SEd Tanous .methods(boost::beast::http::verb::post)( 40945ca1b86SEd Tanous std::bind_front(handleSessionCollectionPost, std::ref(app))); 410e76cd868SEd Tanous 411724340d7SEd Tanous BMCWEB_ROUTE(app, "/redfish/v1/SessionService/") 412a1e0871dSEd Tanous .privileges(redfish::privileges::headSessionService) 413a1e0871dSEd Tanous .methods(boost::beast::http::verb::head)( 414a1e0871dSEd Tanous std::bind_front(handleSessionServiceHead, std::ref(app))); 415a1e0871dSEd Tanous 416a1e0871dSEd Tanous BMCWEB_ROUTE(app, "/redfish/v1/SessionService/") 417724340d7SEd Tanous .privileges(redfish::privileges::getSessionService) 41845ca1b86SEd Tanous .methods(boost::beast::http::verb::get)( 41945ca1b86SEd Tanous std::bind_front(handleSessionServiceGet, std::ref(app))); 420724340d7SEd Tanous 421724340d7SEd Tanous BMCWEB_ROUTE(app, "/redfish/v1/SessionService/") 422724340d7SEd Tanous .privileges(redfish::privileges::patchSessionService) 42345ca1b86SEd Tanous .methods(boost::beast::http::verb::patch)( 42445ca1b86SEd Tanous std::bind_front(handleSessionServicePatch, std::ref(app))); 425f2a4a606SManojkiran Eda } 4265d27b854SBorawski.Lukasz 4272b7981f6SKowalski, Kamil } // namespace redfish 428