PasswordChangeRequired: Fix error message
The PasswordChangeRequired error was incorrectly formatted. Per the
spec, it should be an error response and 403 on all requests except
for session creation, which is just a `@Message.ExtendedInfo`
annotation. See [1].
Tested:
- Built a romulus image
- Ran `passwd --expire root`
- curl to Managers and session creation
```
╰─○ curl -kv --user "$BMC_USER:$BMC_PASS" https: //localhost:2443/redfish/v1/Managers
< HTTP/2 403
{
"error": {
"@Message.ExtendedInfo": [
{
"@odata.type": "#Message.v1_1_1.Message",
"Message": "The password provided for this account must be changed before access is granted. PATCH the Password property for this account located at the target URI '/redfish/v1/AccountService/Accounts/root' to complete this process.",
"MessageArgs": [
"/redfish/v1/AccountService/Accounts/root"
],
"MessageId": "Base.1.19.PasswordChangeRequired",
"MessageSeverity": "Critical",
"Resolution": "Change the password for this account using a PATCH to the Password property at the URI provided."
}
],
"code": "Base.1.19.PasswordChangeRequired",
"message": "The password provided for this account must be changed before access is granted. PATCH the Password property for this account located at the target URI '/redfish/v1/AccountService/Accounts/root' to complete this process."
}
}
╰─○ curl -kv -X POST -H 'Content-Type: application/json' -d '{"UserName": "root", "Password": "..."}' https://localhost:2443/redfish/v1/SessionService/Sessions
< HTTP/2 201
{
"@Message.ExtendedInfo": [
{
"@odata.type": "#Message.v1_1_1.Message",
"Message": "The password provided for this account must be changed before access is granted. PATCH the Password property for this account located at the target URI '/redfish/v1/AccountService/Accounts/root' to complete this process.",
"MessageArgs": [
"/redfish/v1/AccountService/Accounts/root"
],
"MessageId": "Base.1.19.PasswordChangeRequired",
"MessageSeverity": "Critical",
"Resolution": "Change the password for this account using a PATCH to the Password property at the URI provided."
}
],
"@odata.id": "/redfish/v1/SessionService/Sessions/klDQdHSMME",
"@odata.type": "#Session.v1_7_0.Session",
"ClientOriginIPAddress": "0.0.0.0",
"Description": "Manager User Session",
"Id": "klDQdHSMME",
"Name": "User Session",
"Roles": [
"Administrator"
],
"UserName": "root"
}
```
[1]: https://www.dmtf.org/sites/default/files/standards/documents/DSP0266_1.22.1.html#password-change-required-handling
Change-Id: I959607d75b97133b950f43a7563e510ba885e032
Signed-off-by: Joey Berkovitz <joey@berkovitz.us>
diff --git a/redfish-core/lib/redfish_sessions.hpp b/redfish-core/lib/redfish_sessions.hpp
index be56cc9..b89c71f 100644
--- a/redfish-core/lib/redfish_sessions.hpp
+++ b/redfish-core/lib/redfish_sessions.hpp
@@ -216,10 +216,10 @@
asyncResp->res.result(boost::beast::http::status::created);
if (session->isConfigureSelfOnly)
{
- messages::passwordChangeRequired(
- asyncResp->res,
- boost::urls::format("/redfish/v1/AccountService/Accounts/{}",
- session->username));
+ boost::urls::url url = boost::urls::format(
+ "/redfish/v1/AccountService/Accounts/{}", session->username);
+ messages::addMessageToJsonRoot(asyncResp->res.jsonValue,
+ messages::passwordChangeRequired(url));
}
crow::getUserInfo(asyncResp, username, session, [asyncResp, session]() {