commit cd40b060ee2df5469077a70d15590f86158f2c60
author Ed Tanous <edtanous@google.com> Thu Jul 20 16:24:25 2023 -0700
committer Ed Tanous <ed@tanous.net> Sat Mar 16 20:35:20 2024 +0000
tree 8065b29a7d1795e5f81882f87d61477d76ae081d
parent 619b860927e24b3bc22f8b891d28ee6ed979ee42

Refactor after login

Break out this method into a smaller section.

Tested: Redfish service validator passes

Change-Id: I0ca4e9ea14c505a1ed00dae4cba1285e4ac1f36d
Signed-off-by: Ed Tanous <edtanous@google.com>

include/login_routes.hpp

diff --git a/include/login_routes.hpp b/include/login_routes.hpp
index ae99757..1030e6d 100644
--- a/include/login_routes.hpp
+++ b/include/login_routes.hpp
@@ -17,6 +17,25 @@
 
 namespace login_routes
 {
+inline void
+    afterAuthenticateUser(const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
+                          std::string_view username,
+                          const boost::asio::ip::address& ipAddress,
+                          int32_t pamrc)
+{
+    bool isConfigureSelfOnly = pamrc == PAM_NEW_AUTHTOK_REQD;
+    if ((pamrc != PAM_SUCCESS) && !isConfigureSelfOnly)
+    {
+        asyncResp->res.result(boost::beast::http::status::unauthorized);
+        return;
+    }
+    auto session =
+        persistent_data::SessionStore::getInstance().generateUserSession(
+            username, ipAddress, std::nullopt,
+            persistent_data::PersistenceType::TIMEOUT, isConfigureSelfOnly);
+    // if content type is json, assume json token
+    asyncResp->res.jsonValue["token"] = session->sessionToken;
+}
 
 inline void handleLogin(const crow::Request& req,
                         const std::shared_ptr<bmcweb::AsyncResp>& asyncResp)
@@ -151,38 +170,14 @@
         password = req.getHeaderValue("password");
     }
 
-    if (!username.empty() && !password.empty())
-    {
-        int pamrc = pamAuthenticateUser(username, password);
-        bool isConfigureSelfOnly = pamrc == PAM_NEW_AUTHTOK_REQD;
-        if ((pamrc != PAM_SUCCESS) && !isConfigureSelfOnly)
-        {
-            asyncResp->res.result(boost::beast::http::status::unauthorized);
-        }
-        else
-        {
-            auto session = persistent_data::SessionStore::getInstance()
-                               .generateUserSession(
-                                   username, req.ipAddress, std::nullopt,
-                                   persistent_data::PersistenceType::TIMEOUT,
-                                   isConfigureSelfOnly);
-
-            asyncResp->res.addHeader(boost::beast::http::field::set_cookie,
-                                     "XSRF-TOKEN=" + session->csrfToken +
-                                         "; SameSite=Strict; Secure");
-            asyncResp->res.addHeader(boost::beast::http::field::set_cookie,
-                                     "SESSION=" + session->sessionToken +
-                                         "; SameSite=Strict; Secure; HttpOnly");
-
-            // if content type is json, assume json token
-            asyncResp->res.jsonValue["token"] = session->sessionToken;
-        }
-    }
-    else
+    if (username.empty() || password.empty())
     {
         BMCWEB_LOG_DEBUG("Couldn't interpret password");
         asyncResp->res.result(boost::beast::http::status::bad_request);
+        return;
     }
+    int pamrc = pamAuthenticateUser(username, password);
+    afterAuthenticateUser(asyncResp, username, req.ipAddress, pamrc);
 }
 
 inline void handleLogout(const crow::Request& req,