Redfish Session : Fix clientIp getting mapped to clientId
When the session is created using /login, the ClientOriginIPAddress
is mapped to the clientId parameter which displayed the clientIP
instead of the of clientId.
The similar problem is observed with auth methods other than sessions
created using the SessionService resource
This commit swaps the clientId and clientIp parameters passed to
generateUserSession API, so that the optional clientId is
passed as the last parameter
Tested by :
1. Create session using Redfish command
POST https://${bmc}/login -d '{"username": <>,"password": <>}'
POST https://${bmc}/redfish/v1/SessionService/Sessions
-d '{"username": <>,"password": <>}'
2. Open the GUI session to check the clientId is not displaying the
ClientOriginIPAddress
Signed-off-by: Sunitha Harish <sunithaharish04@gmail.com>
Change-Id: I6cee3de963c489e690d2ad0bb09ba78dca39e4f9
diff --git a/http/http_connection.hpp b/http/http_connection.hpp
index d7b74ad..4482f8d 100644
--- a/http/http_connection.hpp
+++ b/http/http_connection.hpp
@@ -239,12 +239,12 @@
return true;
}
sslUser.resize(lastChar);
-
- session =
- persistent_data::SessionStore::getInstance()
- .generateUserSession(
- sslUser, persistent_data::PersistenceType::TIMEOUT,
- false, req->ipAddress.to_string());
+ std::string unsupportedClientId = "";
+ session = persistent_data::SessionStore::getInstance()
+ .generateUserSession(
+ sslUser, req->ipAddress.to_string(),
+ unsupportedClientId,
+ persistent_data::PersistenceType::TIMEOUT);
if (auto sp = session.lock())
{
BMCWEB_LOG_DEBUG << this