140e9b92eSEd Tanous // SPDX-License-Identifier: Apache-2.0 240e9b92eSEd Tanous // SPDX-FileCopyrightText: Copyright OpenBMC Authors 340e9b92eSEd Tanous // SPDX-FileCopyrightText: Copyright 2018 Intel Corporation 42b7981f6SKowalski, Kamil #pragma once 543a095abSBorawski.Lukasz 6ce22f609SPaul Fertser #include "account_service.hpp" 73ccb3adbSEd Tanous #include "app.hpp" 8*d7857201SEd Tanous #include "async_resp.hpp" 929aab242SPaul Fertser #include "cookies.hpp" 10*d7857201SEd Tanous #include "dbus_privileges.hpp" 11f4c4dcf4SKowalski, Kamil #include "error_messages.hpp" 12*d7857201SEd Tanous #include "http_request.hpp" 13*d7857201SEd Tanous #include "http_response.hpp" 14*d7857201SEd Tanous #include "pam_authenticate.hpp" 15*d7857201SEd Tanous #include "privileges.hpp" 163ccb3adbSEd Tanous #include "query.hpp" 173ccb3adbSEd Tanous #include "registries/privilege_registry.hpp" 18*d7857201SEd Tanous #include "sessions.hpp" 193ccb3adbSEd Tanous #include "utils/json_utils.hpp" 207e860f15SJohn Edward Broadbent 21*d7857201SEd Tanous #include <security/_pam_types.h> 22*d7857201SEd Tanous 23*d7857201SEd Tanous #include <boost/beast/http/field.hpp> 24*d7857201SEd Tanous #include <boost/beast/http/status.hpp> 25*d7857201SEd Tanous #include <boost/beast/http/verb.hpp> 26ef4c65b7SEd Tanous #include <boost/url/format.hpp> 27ef4c65b7SEd Tanous 28*d7857201SEd Tanous #include <chrono> 29*d7857201SEd Tanous #include <cstdint> 30*d7857201SEd Tanous #include <functional> 31*d7857201SEd Tanous #include <memory> 32*d7857201SEd Tanous #include <optional> 3389cda63dSEd Tanous #include <string> 34*d7857201SEd Tanous #include <utility> 3589cda63dSEd Tanous #include <vector> 3689cda63dSEd Tanous 371abe55efSEd Tanous namespace redfish 381abe55efSEd Tanous { 392b7981f6SKowalski, Kamil 404f48d5f6SEd Tanous inline void fillSessionObject(crow::Response& res, 41faa34ccfSEd Tanous const persistent_data::UserSession& session) 421abe55efSEd Tanous { 43faa34ccfSEd Tanous res.jsonValue["Id"] = session.uniqueId; 44faa34ccfSEd Tanous res.jsonValue["UserName"] = session.username; 45ce22f609SPaul Fertser nlohmann::json::array_t roles; 46ce22f609SPaul Fertser roles.emplace_back(redfish::getRoleIdFromPrivilege(session.userRole)); 47ce22f609SPaul Fertser res.jsonValue["Roles"] = std::move(roles); 48ef4c65b7SEd Tanous res.jsonValue["@odata.id"] = boost::urls::format( 49ef4c65b7SEd Tanous "/redfish/v1/SessionService/Sessions/{}", session.uniqueId); 50ce22f609SPaul Fertser res.jsonValue["@odata.type"] = "#Session.v1_7_0.Session"; 51faa34ccfSEd Tanous res.jsonValue["Name"] = "User Session"; 52faa34ccfSEd Tanous res.jsonValue["Description"] = "Manager User Session"; 53faa34ccfSEd Tanous res.jsonValue["ClientOriginIPAddress"] = session.clientIp; 54bb759e3aSEd Tanous if (session.clientId) 55bb759e3aSEd Tanous { 56bb759e3aSEd Tanous res.jsonValue["Context"] = *session.clientId; 57bb759e3aSEd Tanous } 582b7981f6SKowalski, Kamil } 592b7981f6SKowalski, Kamil 60724340d7SEd Tanous inline void 61a1e0871dSEd Tanous handleSessionHead(crow::App& app, const crow::Request& req, 62faa34ccfSEd Tanous const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, 63a1e0871dSEd Tanous const std::string& /*sessionId*/) 64724340d7SEd Tanous { 653ba00073SCarson Labrado if (!redfish::setUpRedfishRoute(app, req, asyncResp)) 6645ca1b86SEd Tanous { 6745ca1b86SEd Tanous return; 6845ca1b86SEd Tanous } 69a1e0871dSEd Tanous asyncResp->res.addHeader( 70a1e0871dSEd Tanous boost::beast::http::field::link, 71a1e0871dSEd Tanous "</redfish/v1/JsonSchemas/Session/Session.json>; rel=describedby"); 72a1e0871dSEd Tanous } 73a1e0871dSEd Tanous 74a1e0871dSEd Tanous inline void 75a1e0871dSEd Tanous handleSessionGet(crow::App& app, const crow::Request& req, 76a1e0871dSEd Tanous const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, 77a1e0871dSEd Tanous const std::string& sessionId) 78a1e0871dSEd Tanous { 7965ffbcb3SEd Tanous if (!redfish::setUpRedfishRoute(app, req, asyncResp)) 8065ffbcb3SEd Tanous { 8165ffbcb3SEd Tanous return; 8265ffbcb3SEd Tanous } 8365ffbcb3SEd Tanous asyncResp->res.addHeader( 8465ffbcb3SEd Tanous boost::beast::http::field::link, 8565ffbcb3SEd Tanous "</redfish/v1/JsonSchemas/Session/Session.json>; rel=describedby"); 86a1e0871dSEd Tanous 87faa34ccfSEd Tanous // Note that control also reaches here via doPost and doDelete. 88724340d7SEd Tanous auto session = 89724340d7SEd Tanous persistent_data::SessionStore::getInstance().getSessionByUid(sessionId); 902b7981f6SKowalski, Kamil 911abe55efSEd Tanous if (session == nullptr) 921abe55efSEd Tanous { 93724340d7SEd Tanous messages::resourceNotFound(asyncResp->res, "Session", sessionId); 94faa34ccfSEd Tanous return; 95faa34ccfSEd Tanous } 96faa34ccfSEd Tanous 97faa34ccfSEd Tanous fillSessionObject(asyncResp->res, *session); 98724340d7SEd Tanous } 99faa34ccfSEd Tanous 100724340d7SEd Tanous inline void 10145ca1b86SEd Tanous handleSessionDelete(crow::App& app, const crow::Request& req, 102faa34ccfSEd Tanous const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, 103724340d7SEd Tanous const std::string& sessionId) 104724340d7SEd Tanous { 1053ba00073SCarson Labrado if (!redfish::setUpRedfishRoute(app, req, asyncResp)) 10645ca1b86SEd Tanous { 10745ca1b86SEd Tanous return; 10845ca1b86SEd Tanous } 109724340d7SEd Tanous auto session = 110724340d7SEd Tanous persistent_data::SessionStore::getInstance().getSessionByUid(sessionId); 111faa34ccfSEd Tanous 112faa34ccfSEd Tanous if (session == nullptr) 113faa34ccfSEd Tanous { 114724340d7SEd Tanous messages::resourceNotFound(asyncResp->res, "Session", sessionId); 1152b7981f6SKowalski, Kamil return; 1162b7981f6SKowalski, Kamil } 1172b7981f6SKowalski, Kamil 118900f9497SJoseph Reynolds // Perform a proper ConfigureSelf authority check. If a 119900f9497SJoseph Reynolds // session is being used to DELETE some other user's session, 120900f9497SJoseph Reynolds // then the ConfigureSelf privilege does not apply. In that 121900f9497SJoseph Reynolds // case, perform the authority check again without the user's 122900f9497SJoseph Reynolds // ConfigureSelf privilege. 1230fd29865Swukaihua-fii-na if (req.session != nullptr && !session->username.empty() && 1240fd29865Swukaihua-fii-na session->username != req.session->username) 125900f9497SJoseph Reynolds { 1266c51eab1SEd Tanous Privileges effectiveUserPrivileges = 1273e72c202SNinad Palsule redfish::getUserPrivileges(*req.session); 1286c51eab1SEd Tanous 129724340d7SEd Tanous if (!effectiveUserPrivileges.isSupersetOf({"ConfigureUsers"})) 130900f9497SJoseph Reynolds { 1318d1b46d7Szhanghch05 messages::insufficientPrivilege(asyncResp->res); 132900f9497SJoseph Reynolds return; 133900f9497SJoseph Reynolds } 134900f9497SJoseph Reynolds } 135900f9497SJoseph Reynolds 1368812e8beSPaul Fertser if (req.session != nullptr && req.session->uniqueId == sessionId && 1378812e8beSPaul Fertser session->cookieAuth) 13829aab242SPaul Fertser { 13929aab242SPaul Fertser bmcweb::clearSessionCookies(asyncResp->res); 14029aab242SPaul Fertser } 14129aab242SPaul Fertser 142724340d7SEd Tanous persistent_data::SessionStore::getInstance().removeSession(session); 1435cc148afSEd Tanous messages::success(asyncResp->res); 144724340d7SEd Tanous } 145f4c4dcf4SKowalski, Kamil 146724340d7SEd Tanous inline nlohmann::json getSessionCollectionMembers() 147724340d7SEd Tanous { 14889cda63dSEd Tanous std::vector<std::string> sessionIds = 14989cda63dSEd Tanous persistent_data::SessionStore::getInstance().getAllUniqueIds(); 150724340d7SEd Tanous nlohmann::json ret = nlohmann::json::array(); 15189cda63dSEd Tanous for (const std::string& uid : sessionIds) 1521abe55efSEd Tanous { 1531476687dSEd Tanous nlohmann::json::object_t session; 154ef4c65b7SEd Tanous session["@odata.id"] = 15589cda63dSEd Tanous boost::urls::format("/redfish/v1/SessionService/Sessions/{}", uid); 156b2ba3072SPatrick Williams ret.emplace_back(std::move(session)); 1572b7981f6SKowalski, Kamil } 158724340d7SEd Tanous return ret; 159724340d7SEd Tanous } 160724340d7SEd Tanous 161a1e0871dSEd Tanous inline void handleSessionCollectionHead( 16245ca1b86SEd Tanous crow::App& app, const crow::Request& req, 163724340d7SEd Tanous const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) 164724340d7SEd Tanous { 1653ba00073SCarson Labrado if (!redfish::setUpRedfishRoute(app, req, asyncResp)) 16645ca1b86SEd Tanous { 16745ca1b86SEd Tanous return; 16845ca1b86SEd Tanous } 169a1e0871dSEd Tanous asyncResp->res.addHeader( 170a1e0871dSEd Tanous boost::beast::http::field::link, 171a1e0871dSEd Tanous "</redfish/v1/JsonSchemas/SessionCollection.json>; rel=describedby"); 172a1e0871dSEd Tanous } 173a1e0871dSEd Tanous 174a1e0871dSEd Tanous inline void handleSessionCollectionGet( 175a1e0871dSEd Tanous crow::App& app, const crow::Request& req, 176a1e0871dSEd Tanous const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) 177a1e0871dSEd Tanous { 17801a89a1fSEd Tanous if (!redfish::setUpRedfishRoute(app, req, asyncResp)) 17901a89a1fSEd Tanous { 18001a89a1fSEd Tanous return; 18101a89a1fSEd Tanous } 18201a89a1fSEd Tanous asyncResp->res.addHeader( 18301a89a1fSEd Tanous boost::beast::http::field::link, 18401a89a1fSEd Tanous "</redfish/v1/JsonSchemas/SessionCollection.json>; rel=describedby"); 18501a89a1fSEd Tanous 186724340d7SEd Tanous asyncResp->res.jsonValue["Members"] = getSessionCollectionMembers(); 187faa34ccfSEd Tanous asyncResp->res.jsonValue["Members@odata.count"] = 188724340d7SEd Tanous asyncResp->res.jsonValue["Members"].size(); 1898d1b46d7Szhanghch05 asyncResp->res.jsonValue["@odata.type"] = 1908d1b46d7Szhanghch05 "#SessionCollection.SessionCollection"; 1918d1b46d7Szhanghch05 asyncResp->res.jsonValue["@odata.id"] = 1927a859ffeSGunnar Mills "/redfish/v1/SessionService/Sessions"; 1938d1b46d7Szhanghch05 asyncResp->res.jsonValue["Name"] = "Session Collection"; 1948d1b46d7Szhanghch05 asyncResp->res.jsonValue["Description"] = "Session Collection"; 195724340d7SEd Tanous } 1962b7981f6SKowalski, Kamil 197724340d7SEd Tanous inline void handleSessionCollectionMembersGet( 19845ca1b86SEd Tanous crow::App& app, const crow::Request& req, 199724340d7SEd Tanous const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) 200724340d7SEd Tanous { 2013ba00073SCarson Labrado if (!redfish::setUpRedfishRoute(app, req, asyncResp)) 20245ca1b86SEd Tanous { 20345ca1b86SEd Tanous return; 20445ca1b86SEd Tanous } 205724340d7SEd Tanous asyncResp->res.jsonValue = getSessionCollectionMembers(); 206724340d7SEd Tanous } 207724340d7SEd Tanous 208be2f124cSJishnu CM inline void processAfterSessionCreation( 209be2f124cSJishnu CM const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, 210be2f124cSJishnu CM const crow::Request& req, const std::string& username, 211be2f124cSJishnu CM std::shared_ptr<persistent_data::UserSession>& session) 212be2f124cSJishnu CM { 213be2f124cSJishnu CM // When session is created by webui-vue give it session cookies as a 214be2f124cSJishnu CM // non-standard Redfish extension. This is needed for authentication for 215be2f124cSJishnu CM // WebSockets-based functionality. 216be2f124cSJishnu CM if (!req.getHeaderValue("X-Requested-With").empty()) 217be2f124cSJishnu CM { 218be2f124cSJishnu CM bmcweb::setSessionCookies(asyncResp->res, *session); 219be2f124cSJishnu CM } 220be2f124cSJishnu CM else 221be2f124cSJishnu CM { 222be2f124cSJishnu CM asyncResp->res.addHeader("X-Auth-Token", session->sessionToken); 223be2f124cSJishnu CM } 224be2f124cSJishnu CM 225be2f124cSJishnu CM asyncResp->res.addHeader( 226be2f124cSJishnu CM "Location", "/redfish/v1/SessionService/Sessions/" + session->uniqueId); 227be2f124cSJishnu CM asyncResp->res.result(boost::beast::http::status::created); 228be2f124cSJishnu CM if (session->isConfigureSelfOnly) 229be2f124cSJishnu CM { 230be2f124cSJishnu CM messages::passwordChangeRequired( 231be2f124cSJishnu CM asyncResp->res, 232be2f124cSJishnu CM boost::urls::format("/redfish/v1/AccountService/Accounts/{}", 233be2f124cSJishnu CM session->username)); 234be2f124cSJishnu CM } 235be2f124cSJishnu CM 236be2f124cSJishnu CM crow::getUserInfo(asyncResp, username, session, [asyncResp, session]() { 237be2f124cSJishnu CM fillSessionObject(asyncResp->res, *session); 238be2f124cSJishnu CM }); 239be2f124cSJishnu CM } 240be2f124cSJishnu CM 2414ee8e211SEd Tanous inline void handleSessionCollectionPost( 24245ca1b86SEd Tanous crow::App& app, const crow::Request& req, 243724340d7SEd Tanous const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) 244724340d7SEd Tanous { 2453ba00073SCarson Labrado if (!redfish::setUpRedfishRoute(app, req, asyncResp)) 24645ca1b86SEd Tanous { 24745ca1b86SEd Tanous return; 24845ca1b86SEd Tanous } 2499712f8acSEd Tanous std::string username; 2509712f8acSEd Tanous std::string password; 251bb759e3aSEd Tanous std::optional<std::string> clientId; 2522ccce1f3SRavi Teja std::optional<std::string> token; 253afc474aeSMyung Bae if (!json_util::readJsonPatch( // 254afc474aeSMyung Bae req, asyncResp->res, // 255afc474aeSMyung Bae "Context", clientId, // 256afc474aeSMyung Bae "Password", password, // 257afc474aeSMyung Bae "Token", token, // 258afc474aeSMyung Bae "UserName", username // 259afc474aeSMyung Bae )) 2601abe55efSEd Tanous { 2612b7981f6SKowalski, Kamil return; 2622b7981f6SKowalski, Kamil } 263820ce598SEd Tanous if (password.empty() || username.empty() || 2648d1b46d7Szhanghch05 asyncResp->res.result() != boost::beast::http::status::ok) 2651abe55efSEd Tanous { 2661abe55efSEd Tanous if (username.empty()) 2671abe55efSEd Tanous { 2688d1b46d7Szhanghch05 messages::propertyMissing(asyncResp->res, "UserName"); 269f4c4dcf4SKowalski, Kamil } 270f4c4dcf4SKowalski, Kamil 2711abe55efSEd Tanous if (password.empty()) 2721abe55efSEd Tanous { 2738d1b46d7Szhanghch05 messages::propertyMissing(asyncResp->res, "Password"); 274820ce598SEd Tanous } 275820ce598SEd Tanous 276820ce598SEd Tanous return; 277f4c4dcf4SKowalski, Kamil } 2782b7981f6SKowalski, Kamil 2792ccce1f3SRavi Teja int pamrc = pamAuthenticateUser(username, password, token); 2803bf4e632SJoseph Reynolds bool isConfigureSelfOnly = pamrc == PAM_NEW_AUTHTOK_REQD; 2813bf4e632SJoseph Reynolds if ((pamrc != PAM_SUCCESS) && !isConfigureSelfOnly) 2821abe55efSEd Tanous { 28339662a3bSEd Tanous messages::resourceAtUriUnauthorized(asyncResp->res, req.url(), 284f12894f8SJason M. Bills "Invalid username or password"); 285820ce598SEd Tanous return; 2862b7981f6SKowalski, Kamil } 2876f115bbbSManojkiran Eda 288820ce598SEd Tanous // User is authenticated - create session 28952cc112dSEd Tanous std::shared_ptr<persistent_data::UserSession> session = 290724340d7SEd Tanous persistent_data::SessionStore::getInstance().generateUserSession( 29141d61c82SJiaqing Zhao username, req.ipAddress, clientId, 29289cda63dSEd Tanous persistent_data::SessionType::Session, isConfigureSelfOnly); 29302e53aefSBrad Bishop if (session == nullptr) 29402e53aefSBrad Bishop { 29502e53aefSBrad Bishop messages::internalError(asyncResp->res); 29602e53aefSBrad Bishop return; 29702e53aefSBrad Bishop } 298be2f124cSJishnu CM processAfterSessionCreation(asyncResp, req, username, session); 29929aab242SPaul Fertser } 30029aab242SPaul Fertser 301a1e0871dSEd Tanous inline void handleSessionServiceHead( 302a1e0871dSEd Tanous crow::App& app, const crow::Request& req, 303a1e0871dSEd Tanous const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) 304a1e0871dSEd Tanous { 305a1e0871dSEd Tanous if (!redfish::setUpRedfishRoute(app, req, asyncResp)) 306a1e0871dSEd Tanous { 307a1e0871dSEd Tanous return; 308a1e0871dSEd Tanous } 309a1e0871dSEd Tanous asyncResp->res.addHeader( 310a1e0871dSEd Tanous boost::beast::http::field::link, 311a1e0871dSEd Tanous "</redfish/v1/JsonSchemas/SessionService/SessionService.json>; rel=describedby"); 312a1e0871dSEd Tanous } 313724340d7SEd Tanous inline void 31445ca1b86SEd Tanous handleSessionServiceGet(crow::App& app, const crow::Request& req, 315724340d7SEd Tanous const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) 3162b7981f6SKowalski, Kamil 317724340d7SEd Tanous { 31878e3900fSGunnar Mills if (!redfish::setUpRedfishRoute(app, req, asyncResp)) 31978e3900fSGunnar Mills { 32078e3900fSGunnar Mills return; 32178e3900fSGunnar Mills } 32278e3900fSGunnar Mills asyncResp->res.addHeader( 32378e3900fSGunnar Mills boost::beast::http::field::link, 32478e3900fSGunnar Mills "</redfish/v1/JsonSchemas/SessionService/SessionService.json>; rel=describedby"); 32578e3900fSGunnar Mills 3268d1b46d7Szhanghch05 asyncResp->res.jsonValue["@odata.type"] = 3278d1b46d7Szhanghch05 "#SessionService.v1_0_2.SessionService"; 3287a859ffeSGunnar Mills asyncResp->res.jsonValue["@odata.id"] = "/redfish/v1/SessionService"; 3298d1b46d7Szhanghch05 asyncResp->res.jsonValue["Name"] = "Session Service"; 3308d1b46d7Szhanghch05 asyncResp->res.jsonValue["Id"] = "SessionService"; 3318d1b46d7Szhanghch05 asyncResp->res.jsonValue["Description"] = "Session Service"; 3328d1b46d7Szhanghch05 asyncResp->res.jsonValue["SessionTimeout"] = 333724340d7SEd Tanous persistent_data::SessionStore::getInstance().getTimeoutInSeconds(); 3348d1b46d7Szhanghch05 asyncResp->res.jsonValue["ServiceEnabled"] = true; 3350f74e643SEd Tanous 3361476687dSEd Tanous asyncResp->res.jsonValue["Sessions"]["@odata.id"] = 3371476687dSEd Tanous "/redfish/v1/SessionService/Sessions"; 338724340d7SEd Tanous } 339f2a4a606SManojkiran Eda 340724340d7SEd Tanous inline void handleSessionServicePatch( 34145ca1b86SEd Tanous crow::App& app, const crow::Request& req, 342724340d7SEd Tanous const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) 343724340d7SEd Tanous { 3443ba00073SCarson Labrado if (!redfish::setUpRedfishRoute(app, req, asyncResp)) 34545ca1b86SEd Tanous { 34645ca1b86SEd Tanous return; 34745ca1b86SEd Tanous } 348f2a4a606SManojkiran Eda std::optional<int64_t> sessionTimeout; 349afc474aeSMyung Bae if (!json_util::readJsonPatch( // 350afc474aeSMyung Bae req, asyncResp->res, // 351afc474aeSMyung Bae "SessionTimeout", sessionTimeout // 352afc474aeSMyung Bae )) 353f2a4a606SManojkiran Eda { 354f2a4a606SManojkiran Eda return; 355f2a4a606SManojkiran Eda } 356f2a4a606SManojkiran Eda 357f2a4a606SManojkiran Eda if (sessionTimeout) 358f2a4a606SManojkiran Eda { 3598ece0e45SEd Tanous // The minimum & maximum allowed values for session timeout 360faa34ccfSEd Tanous // are 30 seconds and 86400 seconds respectively as per the 361faa34ccfSEd Tanous // session service schema mentioned at 362f2a4a606SManojkiran Eda // https://redfish.dmtf.org/schemas/v1/SessionService.v1_1_7.json 363f2a4a606SManojkiran Eda 364f2a4a606SManojkiran Eda if (*sessionTimeout <= 86400 && *sessionTimeout >= 30) 365f2a4a606SManojkiran Eda { 366724340d7SEd Tanous std::chrono::seconds sessionTimeoutInseconds(*sessionTimeout); 367724340d7SEd Tanous persistent_data::SessionStore::getInstance().updateSessionTimeout( 368724340d7SEd Tanous sessionTimeoutInseconds); 369724340d7SEd Tanous messages::propertyValueModified(asyncResp->res, "SessionTimeOut", 370f2a4a606SManojkiran Eda std::to_string(*sessionTimeout)); 371f2a4a606SManojkiran Eda } 372f2a4a606SManojkiran Eda else 373f2a4a606SManojkiran Eda { 374e2616cc5SEd Tanous messages::propertyValueNotInList(asyncResp->res, *sessionTimeout, 3758d1b46d7Szhanghch05 "SessionTimeOut"); 376f2a4a606SManojkiran Eda } 377f2a4a606SManojkiran Eda } 378724340d7SEd Tanous } 379724340d7SEd Tanous 380724340d7SEd Tanous inline void requestRoutesSession(App& app) 381724340d7SEd Tanous { 382724340d7SEd Tanous BMCWEB_ROUTE(app, "/redfish/v1/SessionService/Sessions/<str>/") 383a1e0871dSEd Tanous .privileges(redfish::privileges::headSession) 384a1e0871dSEd Tanous .methods(boost::beast::http::verb::head)( 385a1e0871dSEd Tanous std::bind_front(handleSessionHead, std::ref(app))); 386a1e0871dSEd Tanous 387a1e0871dSEd Tanous BMCWEB_ROUTE(app, "/redfish/v1/SessionService/Sessions/<str>/") 388724340d7SEd Tanous .privileges(redfish::privileges::getSession) 38945ca1b86SEd Tanous .methods(boost::beast::http::verb::get)( 39045ca1b86SEd Tanous std::bind_front(handleSessionGet, std::ref(app))); 391724340d7SEd Tanous 392724340d7SEd Tanous BMCWEB_ROUTE(app, "/redfish/v1/SessionService/Sessions/<str>/") 393724340d7SEd Tanous .privileges(redfish::privileges::deleteSession) 39445ca1b86SEd Tanous .methods(boost::beast::http::verb::delete_)( 39545ca1b86SEd Tanous std::bind_front(handleSessionDelete, std::ref(app))); 396724340d7SEd Tanous 397724340d7SEd Tanous BMCWEB_ROUTE(app, "/redfish/v1/SessionService/Sessions/") 398a1e0871dSEd Tanous .privileges(redfish::privileges::headSessionCollection) 399a1e0871dSEd Tanous .methods(boost::beast::http::verb::head)( 400a1e0871dSEd Tanous std::bind_front(handleSessionCollectionHead, std::ref(app))); 401a1e0871dSEd Tanous 402a1e0871dSEd Tanous BMCWEB_ROUTE(app, "/redfish/v1/SessionService/Sessions/") 403724340d7SEd Tanous .privileges(redfish::privileges::getSessionCollection) 40445ca1b86SEd Tanous .methods(boost::beast::http::verb::get)( 40545ca1b86SEd Tanous std::bind_front(handleSessionCollectionGet, std::ref(app))); 406724340d7SEd Tanous 407e76cd868SEd Tanous // Note, the next two routes technically don't match the privilege 408724340d7SEd Tanous // registry given the way login mechanisms work. The base privilege 409724340d7SEd Tanous // registry lists this endpoint as requiring login privilege, but because 410724340d7SEd Tanous // this is the endpoint responsible for giving the login privilege, and it 411724340d7SEd Tanous // is itself its own route, it needs to not require Login 412724340d7SEd Tanous BMCWEB_ROUTE(app, "/redfish/v1/SessionService/Sessions/") 413724340d7SEd Tanous .privileges({}) 41445ca1b86SEd Tanous .methods(boost::beast::http::verb::post)( 41545ca1b86SEd Tanous std::bind_front(handleSessionCollectionPost, std::ref(app))); 416724340d7SEd Tanous 417e76cd868SEd Tanous BMCWEB_ROUTE(app, "/redfish/v1/SessionService/Sessions/Members/") 418e76cd868SEd Tanous .privileges({}) 41945ca1b86SEd Tanous .methods(boost::beast::http::verb::post)( 42045ca1b86SEd Tanous std::bind_front(handleSessionCollectionPost, std::ref(app))); 421e76cd868SEd Tanous 422724340d7SEd Tanous BMCWEB_ROUTE(app, "/redfish/v1/SessionService/") 423a1e0871dSEd Tanous .privileges(redfish::privileges::headSessionService) 424a1e0871dSEd Tanous .methods(boost::beast::http::verb::head)( 425a1e0871dSEd Tanous std::bind_front(handleSessionServiceHead, std::ref(app))); 426a1e0871dSEd Tanous 427a1e0871dSEd Tanous BMCWEB_ROUTE(app, "/redfish/v1/SessionService/") 428724340d7SEd Tanous .privileges(redfish::privileges::getSessionService) 42945ca1b86SEd Tanous .methods(boost::beast::http::verb::get)( 43045ca1b86SEd Tanous std::bind_front(handleSessionServiceGet, std::ref(app))); 431724340d7SEd Tanous 432724340d7SEd Tanous BMCWEB_ROUTE(app, "/redfish/v1/SessionService/") 433724340d7SEd Tanous .privileges(redfish::privileges::patchSessionService) 43445ca1b86SEd Tanous .methods(boost::beast::http::verb::patch)( 43545ca1b86SEd Tanous std::bind_front(handleSessionServicePatch, std::ref(app))); 436f2a4a606SManojkiran Eda } 4375d27b854SBorawski.Lukasz 4382b7981f6SKowalski, Kamil } // namespace redfish 439