PasswordChangeRequired: Fix error message
The PasswordChangeRequired error was incorrectly formatted. Per the
spec, it should be an error response and 403 on all requests except for
session creation, which is just a `@Message.ExtendedInfo` annotation.
See [1].
This is a follow-up to 1c651ee12ad55ab6626c2baf3754aecda305ba43 which
accidentally only broke out the password change logic for session
creation. This change adjusts the non-session-creation error response
for PasswordChangeRequired to return a proper error.
Tested:
- Built a romulus image
- Ran `passwd --expire root`
- curl to Managers and session creation
```
╰─○ curl -kv --user "$BMC_USER:$BMC_PASS" https: //localhost:2443/redfish/v1/Managers
< HTTP/2 403
{
"error": {
"@Message.ExtendedInfo": [
{
"@odata.type": "#Message.v1_1_1.Message",
"Message": "The password provided for this account must be changed before access is granted. PATCH the Password property for this account located at the target URI '/redfish/v1/AccountService/Accounts/root' to complete this process.",
"MessageArgs": [
"/redfish/v1/AccountService/Accounts/root"
],
"MessageId": "Base.1.19.PasswordChangeRequired",
"MessageSeverity": "Critical",
"Resolution": "Change the password for this account using a PATCH to the Password property at the URI provided."
}
],
"code": "Base.1.19.PasswordChangeRequired",
"message": "The password provided for this account must be changed before access is granted. PATCH the Password property for this account located at the target URI '/redfish/v1/AccountService/Accounts/root' to complete this process."
}
}
╰─○ curl -kv -X POST -H 'Content-Type: application/json' -d '{"UserName": "root", "Password": "..."}' https://localhost:2443/redfish/v1/SessionService/Sessions
< HTTP/2 201
{
"@Message.ExtendedInfo": [
{
"@odata.type": "#Message.v1_1_1.Message",
"Message": "The password provided for this account must be changed before access is granted. PATCH the Password property for this account located at the target URI '/redfish/v1/AccountService/Accounts/root' to complete this process.",
"MessageArgs": [
"/redfish/v1/AccountService/Accounts/root"
],
"MessageId": "Base.1.19.PasswordChangeRequired",
"MessageSeverity": "Critical",
"Resolution": "Change the password for this account using a PATCH to the Password property at the URI provided."
}
],
"@odata.id": "/redfish/v1/SessionService/Sessions/klDQdHSMME",
"@odata.type": "#Session.v1_7_0.Session",
"ClientOriginIPAddress": "0.0.0.0",
"Description": "Manager User Session",
"Id": "klDQdHSMME",
"Name": "User Session",
"Roles": [
"Administrator"
],
"UserName": "root"
}
```
[1]: https://www.dmtf.org/sites/default/files/standards/documents/DSP0266_1.22.1.html#password-change-required-handling
Change-Id: I0ab50b4e2298d13ae00f84bc7891c2a14610e1b2
Signed-off-by: Joey Berkovitz <joey@berkovitz.us>
diff --git a/redfish-core/src/error_messages.cpp b/redfish-core/src/error_messages.cpp
index 040bd40..729cbd0 100644
--- a/redfish-core/src/error_messages.cpp
+++ b/redfish-core/src/error_messages.cpp
@@ -1620,7 +1620,7 @@
void passwordChangeRequired(crow::Response& res,
const boost::urls::url_view_base& arg1)
{
- addMessageToJsonRoot(res.jsonValue, passwordChangeRequired(arg1));
+ addMessageToErrorJson(res.jsonValue, passwordChangeRequired(arg1));
}
/**
diff --git a/scripts/parse_registries.py b/scripts/parse_registries.py
index 3c38764..6f97bc1 100755
--- a/scripts/parse_registries.py
+++ b/scripts/parse_registries.py
@@ -415,7 +415,6 @@
"AccountRemoved",
"Created",
"Success",
- "PasswordChangeRequired",
]
if entry_id in addMessageToJson: