Start using sdbusplus::message::filename()
Lots of code gets checked in that does this path checking incorrectly.
So much so, that we have it documented in COMMON_ERRORS.md, yet, we
persist. This patchset starts using the new object_path::filename()
method that was added recently to sdbusplus. Overall, it deletes code,
and makes for a much better developer experience.
Tested:
Pulled down several endpoints and verified that filename() method works
properly, and the collections are returned as expected.
curl -vvvv --insecure --user root:0penBmc https://192.168.7.2/redfish/v1/AccountService/Accounts
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ief1e0584394fb139678d3453265f7011bc931f3c
diff --git a/redfish-core/lib/account_service.hpp b/redfish-core/lib/account_service.hpp
index 0cf24ea..3b6062a 100644
--- a/redfish-core/lib/account_service.hpp
+++ b/redfish-core/lib/account_service.hpp
@@ -1395,31 +1395,27 @@
asyncResp->res.jsonValue["Members"];
memberArray = nlohmann::json::array();
- for (auto& user : users)
+ for (auto& userpath : users)
{
- const std::string& path =
- static_cast<const std::string&>(user.first);
- std::size_t lastIndex = path.rfind('/');
- if (lastIndex == std::string::npos)
+ std::string user = userpath.first.filename();
+ if (user.empty())
{
- lastIndex = 0;
- }
- else
- {
- lastIndex += 1;
+ messages::internalError(asyncResp->res);
+ BMCWEB_LOG_ERROR << "Invalid firmware ID";
+
+ return;
}
// As clarified by Redfish here:
// https://redfishforum.com/thread/281/manageraccountcollection-change-allows-account-enumeration
// Users without ConfigureUsers, only see their own account.
// Users with ConfigureUsers, see all accounts.
- if (req.session->username == path.substr(lastIndex) ||
+ if (req.session->username == user ||
isAllowedWithoutConfigureSelf(req))
{
memberArray.push_back(
{{"@odata.id",
- "/redfish/v1/AccountService/Accounts/" +
- path.substr(lastIndex)}});
+ "/redfish/v1/AccountService/Accounts/" + user}});
}
}
asyncResp->res.jsonValue["Members@odata.count"] =