Implement If-Match header in Http layer
If-Match is a header in the HTTP specification[1] designed for handling
atomic operations within a given HTTP tree. It allows a mechanism for
an implementation to explicitly declare "only take this action if the
resource has not been changed". While most things within the Redfish
tree don't require this level of interlocking, it continues to round out
our redfish support for the specific use cases that might require it.
Redfish specification 6.5 states:
If a service supports the return of the ETag header on a resource, the
service may respond with HTTP 428 status code if the If-Match or
If-None-Match header is missing from the PUT or PATCH request for the
same resource, as specified in RFC6585
This commit implements that behavior for all handlers to follow the
following flow.
If If-Match is present
Repeat the same request as a GET
Compare the ETag produced by the GET, to the one provided by If-Match
If they don't match, return 428
if they do match, re-run the query.
[1] https://www.rfc-editor.org/rfc/rfc2616#section-14.24
As a consequence, this requires declaring copy and move constructors
onto the Request object, so the request object can have its lifetime
extended through a request, which is very uncommon.
Tested:
Tests run on /redfish/v1/AccountService/Accounts/root
PATCH with correct If-Match returns 200 success
PATCH with an incorrect If-Match returns 419 precondition required
GET returns the resource as expected
Redfish service validator passes
Redfish protocol validator passes! ! ! ! !
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I530ab255259c32fe4402eb8e5104bd091925c77b
diff --git a/redfish-core/include/query.hpp b/redfish-core/include/query.hpp
index 007b262..f9386da 100644
--- a/redfish-core/include/query.hpp
+++ b/redfish-core/include/query.hpp
@@ -31,6 +31,75 @@
namespace redfish
{
+inline void
+ afterIfMatchRequest(crow::App& app,
+ const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
+ crow::Request& req, const std::string& ifMatchHeader,
+ const crow::Response& resIn)
+{
+ std::string computedEtag = resIn.computeEtag();
+ BMCWEB_LOG_DEBUG << "User provided if-match etag " << ifMatchHeader
+ << " computed etag " << computedEtag;
+ if (computedEtag != ifMatchHeader)
+ {
+ messages::preconditionFailed(asyncResp->res);
+ return;
+ }
+ // Restart the request without if-match
+ req.req.erase(boost::beast::http::field::if_match);
+ BMCWEB_LOG_DEBUG << "Restarting request";
+ app.handle(req, asyncResp);
+}
+
+inline bool handleIfMatch(crow::App& app, const crow::Request& req,
+ const std::shared_ptr<bmcweb::AsyncResp>& asyncResp)
+{
+ if (req.session == nullptr)
+ {
+ // If the user isn't authenticated, don't even attempt to parse match
+ // parameters
+ return true;
+ }
+
+ std::string ifMatch{
+ req.getHeaderValue(boost::beast::http::field::if_match)};
+ if (ifMatch.empty())
+ {
+ // No If-Match header. Nothing to do
+ return true;
+ }
+ if (req.req.method() != boost::beast::http::verb::patch &&
+ req.req.method() != boost::beast::http::verb::post &&
+ req.req.method() != boost::beast::http::verb::delete_)
+ {
+ messages::preconditionFailed(asyncResp->res);
+ return false;
+ }
+ boost::system::error_code ec;
+
+ // Try to GET the same resource
+ crow::Request newReq({boost::beast::http::verb::get, req.url, 11}, ec);
+
+ if (ec)
+ {
+ messages::internalError(asyncResp->res);
+ return false;
+ }
+
+ // New request has the same credentials as the old request
+ newReq.session = req.session;
+
+ // Construct a new response object to fill in, and check the hash of before
+ // we modify the Resource.
+ std::shared_ptr<bmcweb::AsyncResp> getReqAsyncResp =
+ std::make_shared<bmcweb::AsyncResp>();
+
+ getReqAsyncResp->res.setCompleteRequestHandler(std::bind_front(
+ afterIfMatchRequest, std::ref(app), asyncResp, req, ifMatch));
+
+ app.handle(newReq, getReqAsyncResp);
+ return false;
+}
// Sets up the Redfish Route and delegates some of the query parameter
// processing. |queryCapabilities| stores which query parameters will be
@@ -64,6 +133,11 @@
return false;
}
+ if (!handleIfMatch(app, req, asyncResp))
+ {
+ return false;
+ }
+
bool needToCallHandlers = true;
#ifdef BMCWEB_ENABLE_REDFISH_AGGREGATION