Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / bmcweb / 478c5a57ac1143d689f3d3670092c2eb75e0f0c4^! / . / redfish-core / lib / redfish_sessions.hpp
commit478c5a57ac1143d689f3d3670092c2eb75e0f0c4[log] [tgz]
authorPaul Fertser <fercerpav@gmail.com>Wed Jun 26 22:27:59 2024 +0000
committerEd Tanous <ed@tanous.net>Mon Jul 01 16:06:31 2024 +0000
tree113757afc7ef099e5cf120af26683ab8107bed2a
parent1cf823137844d1f3ef28c3b7129d8a7eb7f2662a [diff] [blame]
Fix returning Roles for Sessions POST

When the session is just getting created the normal privileges
validation workflow isn't executed and so the current role remains
unknown. Fix this by refactoring dbus_privileges.hpp to allow obtaining
the information from phosphor-user-manager late in the request
processing.

Tested: Redfish Service Validator passes.

Creating a session for local user:
```
$ curl -k -H "Content-Type: application/json" -X POST https://172.41.1.250:18080/redfish/v1/SessionService/Sessions -d '{"UserName":"root", "Password":"0penBmc"}'
{
  "@odata.id": "/redfish/v1/SessionService/Sessions/lfFsCNjshV",
  "@odata.type": "#Session.v1_7_0.Session",
  "ClientOriginIPAddress": "172.40.1.4",
  "Description": "Manager User Session",
  "Id": "lfFsCNjshV",
  "Name": "User Session",
  "Roles": [
    "Administrator"
  ],
  "UserName": "root"
}
```
Creating a session for remote user mapped to Operator:
```
$ curl -k -H "Content-Type: application/json" -X POST https://172.41.1.250:18080/redfish/v1/SessionService/Sessions -d '{"UserName":ldap_sync", "Password":"ldap_password"}'
{
  "@odata.id": "/redfish/v1/SessionService/Sessions/qVffc4ePJK",
  "@odata.type": "#Session.v1_7_0.Session",
  "ClientOriginIPAddress": "172.40.1.4",
  "Description": "Manager User Session",
  "Id": "qVffc4ePJK",
  "Name": "User Session",
  "Roles": [
    "Operator"
  ],
  "UserName": "ldap_sync"
}
```

Fixes: https://github.com/openbmc/bmcweb/issues/280
Fixes: ce22f6099e7e28ae26591348bf484ebedbc1ed42
Change-Id: If76c43563244e3819ee3fbc60d9df7f6a21c1fa3
Signed-off-by: Paul Fertser <fercerpav@gmail.com>

diff --git a/redfish-core/lib/redfish_sessions.hpp b/redfish-core/lib/redfish_sessions.hpp
index b38f924..555e7f3 100644
--- a/redfish-core/lib/redfish_sessions.hpp
+++ b/redfish-core/lib/redfish_sessions.hpp

@@ -257,7 +257,9 @@
                                 session->username));
     }
 
-    fillSessionObject(asyncResp->res, *session);
+    crow::getUserInfo(asyncResp, username, session, [asyncResp, session]() {
+        fillSessionObject(asyncResp->res, *session);
+    });
 }
 inline void handleSessionServiceHead(
     crow::App& app, const crow::Request& req,