Fix: Only return error info in invalid URI case
Collection schemas return some valuable parameter information values
on get query, even when the URI is invalid and 404/400 error code
is returned.
Fix for the same is provided by packing the json response at proper
places and returning only the required error info, for security reasons.
Tested:
Verified by redfish GET query for invalid uri cases.
Only error msg and info is returned.
Signed-off-by: Ayushi Smriti <smriti.ayushi@linux.intel.com>
Change-Id: Iae45da86c2d2adbc39d78f7c267d551d4e6525f2
diff --git a/redfish-core/lib/account_service.hpp b/redfish-core/lib/account_service.hpp
index 16c8731..f1a83a9 100644
--- a/redfish-core/lib/account_service.hpp
+++ b/redfish-core/lib/account_service.hpp
@@ -1173,14 +1173,6 @@
void doGet(crow::Response& res, const crow::Request& req,
const std::vector<std::string>& params) override
{
- res.jsonValue = {
- {"@odata.context",
- "/redfish/v1/$metadata#ManagerAccount.ManagerAccount"},
- {"@odata.type", "#ManagerAccount.v1_0_3.ManagerAccount"},
- {"Name", "User Account"},
- {"Description", "User Account"},
- {"Password", nullptr},
- {"RoleId", "Administrator"}};
auto asyncResp = std::make_shared<AsyncResp>(res);
@@ -1214,6 +1206,15 @@
accountName);
return;
}
+
+ asyncResp->res.jsonValue = {
+ {"@odata.context",
+ "/redfish/v1/$metadata#ManagerAccount.ManagerAccount"},
+ {"@odata.type", "#ManagerAccount.v1_0_3.ManagerAccount"},
+ {"Name", "User Account"},
+ {"Description", "User Account"},
+ {"Password", nullptr}};
+
for (const auto& interface : userIt->second)
{
if (interface.first ==