Fix lesser used options
25b54dba775b31021a3a4677eb79e9771bcb97f7 missed several cases where we
had ifndef instead of ifdef. because these weren't the defaults, these
don't show up as failures when testing.
Tested: Redfish service validator passes. Inspection primarily.
Mechanical change.
Change-Id: I3f6915a97eb44d071795aed76476c6bee7e8ed27
Signed-off-by: Ed Tanous <ed@tanous.net>
diff --git a/http/http2_connection.hpp b/http/http2_connection.hpp
index efe66b6..446c38f 100644
--- a/http/http2_connection.hpp
+++ b/http/http2_connection.hpp
@@ -262,31 +262,30 @@
});
auto asyncResp =
std::make_shared<bmcweb::AsyncResp>(std::move(it->second.res));
-#ifndef BMCWEB_INSECURE_DISABLE_AUTHX
- thisReq.session = crow::authentication::authenticate(
- {}, asyncResp->res, thisReq.method(), thisReq.req, nullptr);
- if (!crow::authentication::isOnAllowlist(thisReq.url().path(),
- thisReq.method()) &&
- thisReq.session == nullptr)
+ if constexpr (!BMCWEB_INSECURE_DISABLE_AUTH)
{
- BMCWEB_LOG_WARNING("Authentication failed");
- forward_unauthorized::sendUnauthorized(
- thisReq.url().encoded_path(),
- thisReq.getHeaderValue("X-Requested-With"),
- thisReq.getHeaderValue("Accept"), asyncResp->res);
- }
- else
-#endif // BMCWEB_INSECURE_DISABLE_AUTHX
- {
- std::string_view expected = thisReq.getHeaderValue(
- boost::beast::http::field::if_none_match);
- BMCWEB_LOG_DEBUG("Setting expected hash {}", expected);
- if (!expected.empty())
+ thisReq.session = crow::authentication::authenticate(
+ {}, asyncResp->res, thisReq.method(), thisReq.req, nullptr);
+ if (!crow::authentication::isOnAllowlist(thisReq.url().path(),
+ thisReq.method()) &&
+ thisReq.session == nullptr)
{
- asyncResp->res.setExpectedHash(expected);
+ BMCWEB_LOG_WARNING("Authentication failed");
+ forward_unauthorized::sendUnauthorized(
+ thisReq.url().encoded_path(),
+ thisReq.getHeaderValue("X-Requested-With"),
+ thisReq.getHeaderValue("Accept"), asyncResp->res);
+ return 0;
}
- handler->handle(it->second.req, asyncResp);
}
+ std::string_view expected =
+ thisReq.getHeaderValue(boost::beast::http::field::if_none_match);
+ BMCWEB_LOG_DEBUG("Setting expected hash {}", expected);
+ if (!expected.empty())
+ {
+ asyncResp->res.setExpectedHash(expected);
+ }
+ handler->handle(it->second.req, asyncResp);
return 0;
}
diff --git a/http/http_connection.hpp b/http/http_connection.hpp
index 29e876d..4d9c980 100644
--- a/http/http_connection.hpp
+++ b/http/http_connection.hpp
@@ -273,20 +273,21 @@
keepAlive = req->keepAlive();
if constexpr (!std::is_same_v<Adaptor, boost::beast::test::stream>)
{
-#ifndef BMCWEB_INSECURE_DISABLE_AUTHX
- if (!crow::authentication::isOnAllowlist(req->url().path(),
- req->method()) &&
- req->session == nullptr)
+ if constexpr (!BMCWEB_INSECURE_DISABLE_AUTH)
{
- BMCWEB_LOG_WARNING("Authentication failed");
- forward_unauthorized::sendUnauthorized(
- req->url().encoded_path(),
- req->getHeaderValue("X-Requested-With"),
- req->getHeaderValue("Accept"), res);
- completeRequest(res);
- return;
+ if (!crow::authentication::isOnAllowlist(req->url().path(),
+ req->method()) &&
+ req->session == nullptr)
+ {
+ BMCWEB_LOG_WARNING("Authentication failed");
+ forward_unauthorized::sendUnauthorized(
+ req->url().encoded_path(),
+ req->getHeaderValue("X-Requested-With"),
+ req->getHeaderValue("Accept"), res);
+ completeRequest(res);
+ return;
+ }
}
-#endif // BMCWEB_INSECURE_DISABLE_AUTHX
}
auto asyncResp = std::make_shared<bmcweb::AsyncResp>();
BMCWEB_LOG_DEBUG("Setting completion handler");
@@ -406,12 +407,13 @@
private:
uint64_t getContentLengthLimit()
{
-#ifndef BMCWEB_INSECURE_DISABLE_AUTHX
- if (userSession == nullptr)
+ if constexpr (!BMCWEB_INSECURE_DISABLE_AUTH)
{
- return loggedOutPostBodyLimit;
+ if (userSession == nullptr)
+ {
+ return loggedOutPostBodyLimit;
+ }
}
-#endif
return httpReqBodyLimit;
}
@@ -515,6 +517,16 @@
return;
}
+ if constexpr (!std::is_same_v<Adaptor, boost::beast::test::stream>)
+ {
+ if constexpr (!BMCWEB_INSECURE_DISABLE_AUTH)
+ {
+ boost::beast::http::verb method = parser->get().method();
+ userSession = crow::authentication::authenticate(
+ ip, res, method, parser->get().base(), mtlsSession);
+ }
+ }
+
std::string_view expect =
parser->get()[boost::beast::http::field::expect];
if (bmcweb::asciiIEquals(expect, "100-continue"))
@@ -524,15 +536,6 @@
return;
}
- if constexpr (!std::is_same_v<Adaptor, boost::beast::test::stream>)
- {
-#ifndef BMCWEB_INSECURE_DISABLE_AUTHX
- boost::beast::http::verb method = parser->get().method();
- userSession = crow::authentication::authenticate(
- ip, res, method, parser->get().base(), mtlsSession);
-#endif // BMCWEB_INSECURE_DISABLE_AUTHX
- }
-
if (!handleContentLengthError())
{
return;
diff --git a/http/parsing.hpp b/http/parsing.hpp
index cf81353..d596211 100644
--- a/http/parsing.hpp
+++ b/http/parsing.hpp
@@ -32,9 +32,10 @@
req.getHeaderValue(boost::beast::http::field::content_type)))
{
BMCWEB_LOG_WARNING("Failed to parse content type on request");
-#ifndef BMCWEB_INSECURE_IGNORE_CONTENT_TYPE
- return JsonParseResult::BadContentType;
-#endif
+ if constexpr (!BMCWEB_INSECURE_IGNORE_CONTENT_TYPE)
+ {
+ return JsonParseResult::BadContentType;
+ }
}
jsonOut = nlohmann::json::parse(req.body(), nullptr, false);
if (jsonOut.is_discarded())
diff --git a/http/websocket.hpp b/http/websocket.hpp
index e669ffa..e8d7b12 100644
--- a/http/websocket.hpp
+++ b/http/websocket.hpp
@@ -93,21 +93,21 @@
ws.set_option(boost::beast::websocket::stream_base::decorator(
[session{session},
protocolHeader](boost::beast::websocket::response_type& m) {
-
-#ifndef BMCWEB_INSECURE_DISABLE_CSRF_PREVENTION
- if (session != nullptr)
+ if constexpr (!BMCWEB_INSECURE_DISABLE_CSRF)
{
- // use protocol for csrf checking
- if (session->cookieAuth &&
- !crow::utility::constantTimeStringCompare(
- protocolHeader, session->csrfToken))
+ if (session != nullptr)
{
- BMCWEB_LOG_ERROR("Websocket CSRF error");
- m.result(boost::beast::http::status::unauthorized);
- return;
+ // use protocol for csrf checking
+ if (session->cookieAuth &&
+ !crow::utility::constantTimeStringCompare(
+ protocolHeader, session->csrfToken))
+ {
+ BMCWEB_LOG_ERROR("Websocket CSRF error");
+ m.result(boost::beast::http::status::unauthorized);
+ return;
+ }
}
}
-#endif
if (!protocolHeader.empty())
{
m.insert(bf::sec_websocket_protocol, protocolHeader);