blob: e3259895d2c5f3bf93f21ac3c1249c53b4e10f72 [file] [log] [blame]
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +01001/*
2// Copyright (c) 2018 Intel Corporation
3//
4// Licensed under the Apache License, Version 2.0 (the "License");
5// you may not use this file except in compliance with the License.
6// You may obtain a copy of the License at
7//
8// http://www.apache.org/licenses/LICENSE-2.0
9//
10// Unless required by applicable law or agreed to in writing, software
11// distributed under the License is distributed on an "AS IS" BASIS,
12// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13// See the License for the specific language governing permissions and
14// limitations under the License.
15*/
16#pragma once
Borawski.Lukasz43a095a2018-02-19 15:39:01 +010017
Kowalski, Kamilf4c4dcf2018-01-29 14:55:35 +010018#include "error_messages.hpp"
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +010019#include "node.hpp"
Ed Tanous52cc1122020-07-18 13:51:21 -070020#include "persistent_data.hpp"
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +010021
Ed Tanous1abe55e2018-09-05 08:30:59 -070022namespace redfish
23{
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +010024
25class SessionCollection;
26
Ed Tanous1abe55e2018-09-05 08:30:59 -070027class Sessions : public Node
28{
29 public:
Ed Tanous52cc1122020-07-18 13:51:21 -070030 Sessions(App& app) :
Ed Tanous1abe55e2018-09-05 08:30:59 -070031 Node(app, "/redfish/v1/SessionService/Sessions/<str>/", std::string())
32 {
Ed Tanous1abe55e2018-09-05 08:30:59 -070033 entityPrivileges = {
34 {boost::beast::http::verb::get, {{"Login"}}},
35 {boost::beast::http::verb::head, {{"Login"}}},
36 {boost::beast::http::verb::patch, {{"ConfigureManager"}}},
37 {boost::beast::http::verb::put, {{"ConfigureManager"}}},
Joseph Reynolds900f9492019-11-25 15:37:29 -060038 {boost::beast::http::verb::delete_,
39 {{"ConfigureManager"}, {"ConfigureSelf"}}},
Ed Tanous1abe55e2018-09-05 08:30:59 -070040 {boost::beast::http::verb::post, {{"ConfigureManager"}}}};
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +010041 }
42
Ed Tanous1abe55e2018-09-05 08:30:59 -070043 private:
Ed Tanouscb13a392020-07-25 19:02:03 +000044 void doGet(crow::Response& res, const crow::Request&,
Ed Tanous1abe55e2018-09-05 08:30:59 -070045 const std::vector<std::string>& params) override
46 {
Joseph Reynolds900f9492019-11-25 15:37:29 -060047 // Note that control also reaches here via doPost and doDelete.
Ed Tanous1abe55e2018-09-05 08:30:59 -070048 auto session =
Ed Tanous52cc1122020-07-18 13:51:21 -070049 persistent_data::SessionStore::getInstance().getSessionByUid(
Ed Tanous1abe55e2018-09-05 08:30:59 -070050 params[0]);
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +010051
Ed Tanous1abe55e2018-09-05 08:30:59 -070052 if (session == nullptr)
53 {
Jason M. Billsf12894f2018-10-09 12:45:45 -070054 messages::resourceNotFound(res, "Session", params[0]);
Ed Tanous1abe55e2018-09-05 08:30:59 -070055 res.end();
56 return;
57 }
Kowalski, Kamilf4c4dcf2018-01-29 14:55:35 +010058
Ed Tanous0f74e642018-11-12 15:17:05 -080059 res.jsonValue["Id"] = session->uniqueId;
60 res.jsonValue["UserName"] = session->username;
61 res.jsonValue["@odata.id"] =
Ed Tanous1abe55e2018-09-05 08:30:59 -070062 "/redfish/v1/SessionService/Sessions/" + session->uniqueId;
Ed Tanous0f74e642018-11-12 15:17:05 -080063 res.jsonValue["@odata.type"] = "#Session.v1_0_2.Session";
Ed Tanous0f74e642018-11-12 15:17:05 -080064 res.jsonValue["Name"] = "User Session";
65 res.jsonValue["Description"] = "Manager User Session";
Sunitha Harish08bdcc72020-05-12 05:17:57 -050066 res.jsonValue["Oem"]["OpenBMC"]["@odata.type"] =
67 "#OemSession.v1_0_0.Session";
Sunitha Harish92f68222020-05-28 05:09:09 -050068#ifdef BMCWEB_ENABLE_IBM_MANAGEMENT_CONSOLE
Sunitha Harish08bdcc72020-05-12 05:17:57 -050069 res.jsonValue["Oem"]["OpenBMC"]["ClientID"] = session->clientId;
70#endif
Sunitha Harish92f68222020-05-28 05:09:09 -050071 res.jsonValue["Oem"]["OpenBMC"]["ClientOriginIP"] = session->clientIp;
Ed Tanous1abe55e2018-09-05 08:30:59 -070072 res.end();
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +010073 }
74
Ed Tanous1abe55e2018-09-05 08:30:59 -070075 void doDelete(crow::Response& res, const crow::Request& req,
76 const std::vector<std::string>& params) override
77 {
78 // Need only 1 param which should be id of session to be deleted
79 if (params.size() != 1)
80 {
81 // This should be handled by crow and never happen
82 BMCWEB_LOG_ERROR << "Session DELETE has been called with invalid "
83 "number of params";
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +010084
Jason M. Billsf12894f2018-10-09 12:45:45 -070085 messages::generalError(res);
Ed Tanous1abe55e2018-09-05 08:30:59 -070086 res.end();
87 return;
88 }
89
90 auto session =
Ed Tanous52cc1122020-07-18 13:51:21 -070091 persistent_data::SessionStore::getInstance().getSessionByUid(
Ed Tanous1abe55e2018-09-05 08:30:59 -070092 params[0]);
93
94 if (session == nullptr)
95 {
Jason M. Billsf12894f2018-10-09 12:45:45 -070096 messages::resourceNotFound(res, "Session", params[0]);
Ed Tanous1abe55e2018-09-05 08:30:59 -070097 res.end();
98 return;
99 }
100
Joseph Reynolds900f9492019-11-25 15:37:29 -0600101 // Perform a proper ConfigureSelf authority check. If a
102 // session is being used to DELETE some other user's session,
103 // then the ConfigureSelf privilege does not apply. In that
104 // case, perform the authority check again without the user's
105 // ConfigureSelf privilege.
106 if (session->username != req.session->username)
107 {
108 if (!isAllowedWithoutConfigureSelf(req))
109 {
110 BMCWEB_LOG_WARNING << "DELETE Session denied access";
111 messages::insufficientPrivilege(res);
112 res.end();
113 return;
114 }
115 }
116
Ed Tanous1abe55e2018-09-05 08:30:59 -0700117 // DELETE should return representation of object that will be removed
118 doGet(res, req, params);
119
Ed Tanous52cc1122020-07-18 13:51:21 -0700120 persistent_data::SessionStore::getInstance().removeSession(session);
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100121 }
122
Ed Tanous1abe55e2018-09-05 08:30:59 -0700123 /**
124 * This allows SessionCollection to reuse this class' doGet method, to
125 * maintain consistency of returned data, as Collection's doPost should
Sunitha Harish92f68222020-05-28 05:09:09 -0500126 * return data for created member which should match member's doGet
127 * result in 100%
Ed Tanous1abe55e2018-09-05 08:30:59 -0700128 */
129 friend SessionCollection;
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100130};
131
Ed Tanous1abe55e2018-09-05 08:30:59 -0700132class SessionCollection : public Node
133{
134 public:
Ed Tanous52cc1122020-07-18 13:51:21 -0700135 SessionCollection(App& app) :
Ed Tanous1abe55e2018-09-05 08:30:59 -0700136 Node(app, "/redfish/v1/SessionService/Sessions/"), memberSession(app)
137 {
Ed Tanous1abe55e2018-09-05 08:30:59 -0700138 entityPrivileges = {
139 {boost::beast::http::verb::get, {{"Login"}}},
140 {boost::beast::http::verb::head, {{"Login"}}},
141 {boost::beast::http::verb::patch, {{"ConfigureManager"}}},
142 {boost::beast::http::verb::put, {{"ConfigureManager"}}},
143 {boost::beast::http::verb::delete_, {{"ConfigureManager"}}},
144 {boost::beast::http::verb::post, {}}};
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100145 }
146
Ed Tanous1abe55e2018-09-05 08:30:59 -0700147 private:
Ed Tanouscb13a392020-07-25 19:02:03 +0000148 void doGet(crow::Response& res, const crow::Request&,
149 const std::vector<std::string>&) override
Ed Tanous1abe55e2018-09-05 08:30:59 -0700150 {
151 std::vector<const std::string*> sessionIds =
Ed Tanous52cc1122020-07-18 13:51:21 -0700152 persistent_data::SessionStore::getInstance().getUniqueIds(
153 false, persistent_data::PersistenceType::TIMEOUT);
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100154
Ed Tanous0f74e642018-11-12 15:17:05 -0800155 res.jsonValue["Members@odata.count"] = sessionIds.size();
156 res.jsonValue["Members"] = nlohmann::json::array();
Ed Tanous1abe55e2018-09-05 08:30:59 -0700157 for (const std::string* uid : sessionIds)
158 {
Ed Tanous0f74e642018-11-12 15:17:05 -0800159 res.jsonValue["Members"].push_back(
Ed Tanous1abe55e2018-09-05 08:30:59 -0700160 {{"@odata.id", "/redfish/v1/SessionService/Sessions/" + *uid}});
161 }
Tanousf00032d2018-11-05 01:18:10 -0300162 res.jsonValue["Members@odata.count"] = sessionIds.size();
Ed Tanous0f74e642018-11-12 15:17:05 -0800163 res.jsonValue["@odata.type"] = "#SessionCollection.SessionCollection";
164 res.jsonValue["@odata.id"] = "/redfish/v1/SessionService/Sessions/";
Ed Tanous0f74e642018-11-12 15:17:05 -0800165 res.jsonValue["Name"] = "Session Collection";
166 res.jsonValue["Description"] = "Session Collection";
Ed Tanous1abe55e2018-09-05 08:30:59 -0700167 res.end();
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100168 }
169
Ed Tanous1abe55e2018-09-05 08:30:59 -0700170 void doPost(crow::Response& res, const crow::Request& req,
Ed Tanouscb13a392020-07-25 19:02:03 +0000171 const std::vector<std::string>&) override
Ed Tanous1abe55e2018-09-05 08:30:59 -0700172 {
Ed Tanous9712f8a2018-09-21 13:38:49 -0700173 std::string username;
174 std::string password;
Sunitha Harish08bdcc72020-05-12 05:17:57 -0500175 std::optional<nlohmann::json> oemObject;
176 std::string clientId;
Sunitha Harish92f68222020-05-28 05:09:09 -0500177 std::string clientIp;
Ed Tanous9712f8a2018-09-21 13:38:49 -0700178 if (!json_util::readJson(req, res, "UserName", username, "Password",
Sunitha Harish08bdcc72020-05-12 05:17:57 -0500179 password, "Oem", oemObject))
Ed Tanous1abe55e2018-09-05 08:30:59 -0700180 {
181 res.end();
182 return;
183 }
Ed Tanousb9845d92018-07-24 14:38:06 -0700184
Ed Tanous820ce592018-10-04 15:54:21 -0700185 if (password.empty() || username.empty() ||
186 res.result() != boost::beast::http::status::ok)
Ed Tanous1abe55e2018-09-05 08:30:59 -0700187 {
Ed Tanous1abe55e2018-09-05 08:30:59 -0700188 if (username.empty())
189 {
Jason M. Billsa08b46c2018-11-06 15:01:08 -0800190 messages::propertyMissing(res, "UserName");
Ed Tanous1abe55e2018-09-05 08:30:59 -0700191 }
192
193 if (password.empty())
194 {
Jason M. Billsa08b46c2018-11-06 15:01:08 -0800195 messages::propertyMissing(res, "Password");
Ed Tanous1abe55e2018-09-05 08:30:59 -0700196 }
Ed Tanous820ce592018-10-04 15:54:21 -0700197 res.end();
Ed Tanous1abe55e2018-09-05 08:30:59 -0700198
Ed Tanous820ce592018-10-04 15:54:21 -0700199 return;
Ed Tanous1abe55e2018-09-05 08:30:59 -0700200 }
201
Joseph Reynolds3bf4e632020-02-06 14:44:32 -0600202 int pamrc = pamAuthenticateUser(username, password);
203 bool isConfigureSelfOnly = pamrc == PAM_NEW_AUTHTOK_REQD;
204 if ((pamrc != PAM_SUCCESS) && !isConfigureSelfOnly)
Ed Tanous1abe55e2018-09-05 08:30:59 -0700205 {
Jason M. Billsf12894f2018-10-09 12:45:45 -0700206 messages::resourceAtUriUnauthorized(res, std::string(req.url),
207 "Invalid username or password");
Ed Tanous820ce592018-10-04 15:54:21 -0700208 res.end();
Ed Tanous1abe55e2018-09-05 08:30:59 -0700209
Ed Tanous820ce592018-10-04 15:54:21 -0700210 return;
Ed Tanous1abe55e2018-09-05 08:30:59 -0700211 }
Sunitha Harish08bdcc72020-05-12 05:17:57 -0500212#ifdef BMCWEB_ENABLE_IBM_MANAGEMENT_CONSOLE
213 if (oemObject)
214 {
215 std::optional<nlohmann::json> bmcOem;
216 if (!json_util::readJson(*oemObject, res, "OpenBMC", bmcOem))
217 {
218 res.end();
219 return;
220 }
221 if (!json_util::readJson(*bmcOem, res, "ClientID", clientId))
222 {
223 BMCWEB_LOG_ERROR << "Could not read ClientId";
224 res.end();
225 return;
226 }
227 }
228#endif
Manojkiran Eda6f115bb2020-06-27 09:52:23 +0530229
Ed Tanous820ce592018-10-04 15:54:21 -0700230 // User is authenticated - create session
Ed Tanous52cc1122020-07-18 13:51:21 -0700231 std::shared_ptr<persistent_data::UserSession> session =
232 persistent_data::SessionStore::getInstance().generateUserSession(
233 username, persistent_data::PersistenceType::TIMEOUT,
234 isConfigureSelfOnly, clientId, clientIp);
Ed Tanous820ce592018-10-04 15:54:21 -0700235 res.addHeader("X-Auth-Token", session->sessionToken);
236 res.addHeader("Location", "/redfish/v1/SessionService/Sessions/" +
237 session->uniqueId);
238 res.result(boost::beast::http::status::created);
Joseph Reynolds3bf4e632020-02-06 14:44:32 -0600239 if (session->isConfigureSelfOnly)
240 {
241 messages::passwordChangeRequired(
242 res,
243 "/redfish/v1/AccountService/Accounts/" + session->username);
244 }
Ed Tanous820ce592018-10-04 15:54:21 -0700245 memberSession.doGet(res, req, {session->uniqueId});
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100246 }
247
Ed Tanous1abe55e2018-09-05 08:30:59 -0700248 /**
249 * Member session to ensure consistency between collection's doPost and
250 * member's doGet, as they should return 100% matching data
251 */
252 Sessions memberSession;
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100253};
254
Ed Tanous1abe55e2018-09-05 08:30:59 -0700255class SessionService : public Node
256{
257 public:
Ed Tanous52cc1122020-07-18 13:51:21 -0700258 SessionService(App& app) : Node(app, "/redfish/v1/SessionService/")
Ed Tanous1abe55e2018-09-05 08:30:59 -0700259 {
Ed Tanous3ebd75f2018-03-05 18:20:01 -0800260
Ed Tanous1abe55e2018-09-05 08:30:59 -0700261 entityPrivileges = {
262 {boost::beast::http::verb::get, {{"Login"}}},
263 {boost::beast::http::verb::head, {{"Login"}}},
264 {boost::beast::http::verb::patch, {{"ConfigureManager"}}},
265 {boost::beast::http::verb::put, {{"ConfigureManager"}}},
266 {boost::beast::http::verb::delete_, {{"ConfigureManager"}}},
267 {boost::beast::http::verb::post, {{"ConfigureManager"}}}};
268 }
Borawski.Lukasz5d27b852018-02-08 13:24:24 +0100269
Ed Tanous1abe55e2018-09-05 08:30:59 -0700270 private:
Ed Tanouscb13a392020-07-25 19:02:03 +0000271 void doGet(crow::Response& res, const crow::Request&,
272 const std::vector<std::string>&) override
Ed Tanous1abe55e2018-09-05 08:30:59 -0700273 {
Ed Tanous0f74e642018-11-12 15:17:05 -0800274 res.jsonValue["@odata.type"] = "#SessionService.v1_0_2.SessionService";
275 res.jsonValue["@odata.id"] = "/redfish/v1/SessionService/";
Ed Tanous0f74e642018-11-12 15:17:05 -0800276 res.jsonValue["Name"] = "Session Service";
277 res.jsonValue["Id"] = "SessionService";
278 res.jsonValue["Description"] = "Session Service";
279 res.jsonValue["SessionTimeout"] =
Ed Tanous52cc1122020-07-18 13:51:21 -0700280 persistent_data::SessionStore::getInstance().getTimeoutInSeconds();
Ed Tanous0f74e642018-11-12 15:17:05 -0800281 res.jsonValue["ServiceEnabled"] = true;
282
Ed Tanous0f261532019-02-08 11:13:29 -0800283 res.jsonValue["Sessions"] = {
284 {"@odata.id", "/redfish/v1/SessionService/Sessions"}};
285
Ed Tanous1abe55e2018-09-05 08:30:59 -0700286 res.end();
287 }
Manojkiran Edaf2a4a602020-08-27 16:04:26 +0530288
289 void doPatch(crow::Response& res, const crow::Request& req,
290 const std::vector<std::string>&) override
291 {
292 std::shared_ptr<AsyncResp> asyncResp = std::make_shared<AsyncResp>(res);
293 std::optional<int64_t> sessionTimeout;
294 if (!json_util::readJson(req, res, "SessionTimeout", sessionTimeout))
295 {
296 return;
297 }
298
299 if (sessionTimeout)
300 {
301 // The mininum & maximum allowed values for session timeout are 30
302 // seconds and 86400 seconds respectively as per the session service
303 // schema mentioned at
304 // https://redfish.dmtf.org/schemas/v1/SessionService.v1_1_7.json
305
306 if (*sessionTimeout <= 86400 && *sessionTimeout >= 30)
307 {
308 std::chrono::seconds sessionTimeoutInseconds(*sessionTimeout);
309 persistent_data::SessionStore::getInstance()
310 .updateSessionTimeout(sessionTimeoutInseconds);
311 messages::propertyValueModified(
312 asyncResp->res, "SessionTimeOut",
313 std::to_string(*sessionTimeout));
314 }
315 else
316 {
317 messages::propertyValueNotInList(
318 res, std::to_string(*sessionTimeout), "SessionTimeOut");
319 }
320 }
321 }
Borawski.Lukasz5d27b852018-02-08 13:24:24 +0100322};
323
Ed Tanous1abe55e2018-09-05 08:30:59 -0700324} // namespace redfish