Revert "Fix authorization for LDAP users"
This reverts commit 5e931ae994307babe6c3520cbaca6a7139acc81d.
Reason for revert: Causing build failures
/bmcweb/redfish-core/include/node.hpp: In member function ‘bool redfish::Node::isAllowedWithoutConfigureSelf(const crow::Request&)’:
/bmcweb/redfish-core/include/node.hpp:182:36: error: ‘crow::persistent_data::UserRoleMap’ has not been declared
crow::persistent_data::UserRoleMap::getInstance().getUserRole(
When 900f949773795141266271107219ea019f2839cd was merged first
this patch was not successfully rebased.
Change-Id: I947d96362c7dadea5572888468a11fac5ee361d4
Signed-off-by: James Feist <james.feist@linux.intel.com>
diff --git a/http/routing.h b/http/routing.h
index 0929286..7846924 100644
--- a/http/routing.h
+++ b/http/routing.h
@@ -1250,59 +1250,48 @@
<< static_cast<uint32_t>(req.method()) << " / "
<< rules[ruleIndex]->getMethods();
- if (req.session == nullptr)
+ redfish::Privileges userPrivileges;
+ if (req.session != nullptr)
{
- rules[ruleIndex]->handle(req, res, found.second);
+ // Get the user role from the session.
+ const std::string& userRole =
+ persistent_data::UserRoleMap::getInstance().getUserRole(
+ req.session->username);
+
+ BMCWEB_LOG_DEBUG << "USER ROLE=" << userRole;
+
+ // Get the user privileges from the role
+ userPrivileges = redfish::getUserPrivileges(userRole);
+ }
+
+ if (!rules[ruleIndex]->checkPrivileges(userPrivileges))
+ {
+ res.result(boost::beast::http::status::forbidden);
+ res.end();
return;
}
- crow::connections::systemBus->async_method_call(
- [&req, &res, &rules, ruleIndex, found](
- const boost::system::error_code ec,
- std::map<std::string, std::variant<bool, std::string,
- std::vector<std::string>>>
- userInfo) {
- if (ec)
- {
- BMCWEB_LOG_ERROR << "GetUserInfo failed...";
- res.result(
- boost::beast::http::status::internal_server_error);
- res.end();
- return;
- }
-
- const std::string* userRolePtr = nullptr;
- auto userInfoIter = userInfo.find("UserPrivilege");
- if (userInfoIter != userInfo.end())
- {
- userRolePtr =
- std::get_if<std::string>(&userInfoIter->second);
- }
-
- std::string userRole{};
- if (userRolePtr != nullptr)
- {
- userRole = *userRolePtr;
- BMCWEB_LOG_DEBUG << "userName = " << req.session->username
- << " userRole = " << *userRolePtr;
- }
-
- // Get the user privileges from the role
- redfish::Privileges userPrivileges =
- redfish::getUserPrivileges(userRole);
-
- if (!rules[ruleIndex]->checkPrivileges(userPrivileges))
- {
- res.result(boost::beast::http::status::forbidden);
- res.end();
- return;
- }
-
- rules[ruleIndex]->handle(req, res, found.second);
- },
- "xyz.openbmc_project.User.Manager", "/xyz/openbmc_project/user",
- "xyz.openbmc_project.User.Manager", "GetUserInfo",
- req.session->username);
+ // any uncaught exceptions become 500s
+ try
+ {
+ rules[ruleIndex]->handle(req, res, found.second);
+ }
+ catch (std::exception& e)
+ {
+ BMCWEB_LOG_ERROR << "An uncaught exception occurred: " << e.what();
+ res.result(boost::beast::http::status::internal_server_error);
+ res.end();
+ return;
+ }
+ catch (...)
+ {
+ BMCWEB_LOG_ERROR
+ << "An uncaught exception occurred. The type was unknown "
+ "so no information was available.";
+ res.result(boost::beast::http::status::internal_server_error);
+ res.end();
+ return;
+ }
}
void debugPrint()