commit ace85d606dca3e9b6c1dbe1c7ee9a685be169ed6
author Ed Tanous <edtanous@google.com> Tue Oct 26 12:45:59 2021 -0700
committer Ed Tanous <edtanous@google.com> Sun Feb 27 16:17:20 2022 -0800
tree 30890ae4279c77daffa7344cf44cd3ef2228444c
parent 30a3c431478584109d6d3a52f4d9541d5275902a

Add url type safety to message registry

There are a number of places where we use message registry messages
incorrectly.  This patchset attempts to fix them, and invoke some type
safety when they're used such that they're more obvious to use.

Namely, it changes a number of the message registry methods to accept a
boost::urls::url_view for its argument instead of a const std::string&.
This forces the calling code to correctly encode a URL to use the
method, which should make it obvious that it's not for an ID, a property
name, or anything else.  In the course of doing this, several places
were found to be using the first argument incorrectly.

Tested:
curl --insecure --user root:0penBmc https://192.168.7.2/redfish/v1/Chassis/foobar

Returns:
{
  "error": {
    "@Message.ExtendedInfo": [
      {
        "@odata.type": "#Message.v1_1_1.Message",
        "Message": "The requested resource of type #Chassis.v1_16_0.Chassis named foobar was not found.",
        "MessageArgs": [
          "#Chassis.v1_16_0.Chassis",
          "foobar"
        ],
        "MessageId": "Base.1.8.1.ResourceNotFound",
        "MessageSeverity": "Critical",
        "Resolution": "Provide a valid resource identifier and resubmit the request."
      }
    ],
    "code": "Base.1.8.1.ResourceNotFound",
    "message": "The requested resource of type #Chassis.v1_16_0.Chassis named foobar was not found."
}

Identically to previously.

Also tested with IDs that contained % encoded characters, like
foobar%10, which gave the same result.

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Icbb3bce5d190a260610087c9ef35e7becc5a50c7

redfish-core/lib/redfish_sessions.hpp

diff --git a/redfish-core/lib/redfish_sessions.hpp b/redfish-core/lib/redfish_sessions.hpp
index 1568c00..a66f460 100644
--- a/redfish-core/lib/redfish_sessions.hpp
+++ b/redfish-core/lib/redfish_sessions.hpp
@@ -19,6 +19,7 @@
 #include "persistent_data.hpp"
 
 #include <app.hpp>
+#include <http/utility.hpp>
 #include <registries/privilege_registry.hpp>
 
 namespace redfish
@@ -175,7 +176,7 @@
                 if ((pamrc != PAM_SUCCESS) && !isConfigureSelfOnly)
                 {
                     messages::resourceAtUriUnauthorized(
-                        asyncResp->res, std::string(req.url),
+                        asyncResp->res, req.urlView,
                         "Invalid username or password");
                     return;
                 }
@@ -212,8 +213,9 @@
                 if (session->isConfigureSelfOnly)
                 {
                     messages::passwordChangeRequired(
-                        asyncResp->res, "/redfish/v1/AccountService/Accounts/" +
-                                            session->username);
+                        asyncResp->res, crow::utility::urlFromPieces(
+                                            "redfish", "v1", "AccountService",
+                                            "Accounts", req.session->username));
                 }
 
                 fillSessionObject(asyncResp->res, *session);