commit 895e46d807d0afe6753753eb9ad8911897425b90
author JunLin Chen <Jun-Lin.Chen@quantatw.com> Thu Dec 16 13:58:45 2021 +0800
committer Ed Tanous <ed@tanous.net> Tue Dec 21 00:29:39 2021 +0000
tree cbe9f3d8d55ca46bff20a2a20980864fd83151a2
parent af4edf686e684d728fccbb69a8f550fd2adab46a

Skip contentLength check in insecure-disable-auth

If we update image via POST /redfish/v1/UpdateService.
Because there is no need to establish session in insecure-disable-auth,
This restricts unauthenticated users upload sizes cause POST image fail.
(image always greater than limit).

According to https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/30994
it should not be checked this when disable-auth condition is enabled.

Test:
curl -k -X POST -T <image_path>
 "https://<bmcip>/redfish/v1/UpdateService"
Return
{
  "@odata.id": "/redfish/v1/TaskService/Tasks/1",
  "@odata.type": "#Task.v1_4_3.Task",
  "Id": "1",
  "TaskState": "Running",
  "TaskStatus": "OK"
}

Signed-off-by: JunLin Chen <Jun-Lin.Chen@quantatw.com>
Change-Id: Iecb1cdc0213958e7d6191801043010b0ae10433d

http/http_connection.hpp

diff --git a/http/http_connection.hpp b/http/http_connection.hpp
index 06bb63a..9ba1601 100644
--- a/http/http_connection.hpp
+++ b/http/http_connection.hpp
@@ -569,7 +569,6 @@
                 boost::beast::http::verb method = parser->get().method();
                 userSession = crow::authorization::authenticate(
                     ip, res, method, parser->get().base(), userSession);
-#endif // BMCWEB_INSECURE_DISABLE_AUTHENTICATION
 
                 bool loggedIn = userSession != nullptr;
                 if (!loggedIn)
@@ -587,6 +586,7 @@
 
                     BMCWEB_LOG_DEBUG << "Starting quick deadline";
                 }
+#endif // BMCWEB_INSECURE_DISABLE_AUTHENTICATION
 
                 doRead();
             });