Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / bmcweb / 8aae75ad51881046f2fab9ca64c7addfb004e06b / . / redfish-core / lib / redfish_sessions.hpp
blob: d4085af9a7b319753ac3f6e54d921b2fdc5c59f5 [file] [log] [blame]
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]1/*
2// Copyright (c) 2018 Intel Corporation
3//
4// Licensed under the Apache License, Version 2.0 (the "License");
5// you may not use this file except in compliance with the License.
6// You may obtain a copy of the License at
7//
8// http://www.apache.org/licenses/LICENSE-2.0
9//
10// Unless required by applicable law or agreed to in writing, software
11// distributed under the License is distributed on an "AS IS" BASIS,
12// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13// See the License for the specific language governing permissions and
14// limitations under the License.
15*/
16#pragma once
Borawski.Lukasz43a095a2018-02-19 15:39:01 +0100[diff] [blame]17
Kowalski, Kamilf4c4dcf2018-01-29 14:55:35 +0100[diff] [blame]18#include "error_messages.hpp"
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]19#include "node.hpp"
Borawski.Lukasz4b1b8682018-04-04 12:50:16 +0200[diff] [blame]20#include "persistent_data_middleware.hpp"
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]21
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]22namespace redfish
23{
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]24
25class SessionCollection;
26
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]27class Sessions : public Node
28{
29 public:
30 Sessions(CrowApp& app) :
31 Node(app, "/redfish/v1/SessionService/Sessions/<str>/", std::string())
32 {
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]33 entityPrivileges = {
34 {boost::beast::http::verb::get, {{"Login"}}},
35 {boost::beast::http::verb::head, {{"Login"}}},
36 {boost::beast::http::verb::patch, {{"ConfigureManager"}}},
37 {boost::beast::http::verb::put, {{"ConfigureManager"}}},
38 {boost::beast::http::verb::delete_, {{"ConfigureManager"}}},
39 {boost::beast::http::verb::post, {{"ConfigureManager"}}}};
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]40 }
41
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]42 private:
43 void doGet(crow::Response& res, const crow::Request& req,
44 const std::vector<std::string>& params) override
45 {
46 auto session =
47 crow::persistent_data::SessionStore::getInstance().getSessionByUid(
48 params[0]);
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]49
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]50 if (session == nullptr)
51 {
Jason M. Billsf12894f2018-10-09 12:45:45 -0700[diff] [blame]52 messages::resourceNotFound(res, "Session", params[0]);
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]53 res.end();
54 return;
55 }
Kowalski, Kamilf4c4dcf2018-01-29 14:55:35 +0100[diff] [blame]56
Ed Tanous0f74e642018-11-12 15:17:05 -0800[diff] [blame]57 res.jsonValue["Id"] = session->uniqueId;
58 res.jsonValue["UserName"] = session->username;
59 res.jsonValue["@odata.id"] =
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]60 "/redfish/v1/SessionService/Sessions/" + session->uniqueId;
Ed Tanous0f74e642018-11-12 15:17:05 -0800[diff] [blame]61 res.jsonValue["@odata.type"] = "#Session.v1_0_2.Session";
62 res.jsonValue["@odata.context"] =
63 "/redfish/v1/$metadata#Session.Session";
64 res.jsonValue["Name"] = "User Session";
65 res.jsonValue["Description"] = "Manager User Session";
Ed Tanouse0d918b2018-03-27 17:41:04 -0700[diff] [blame]66
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]67 res.end();
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]68 }
69
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]70 void doDelete(crow::Response& res, const crow::Request& req,
71 const std::vector<std::string>& params) override
72 {
73 // Need only 1 param which should be id of session to be deleted
74 if (params.size() != 1)
75 {
76 // This should be handled by crow and never happen
77 BMCWEB_LOG_ERROR << "Session DELETE has been called with invalid "
78 "number of params";
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]79
Jason M. Billsf12894f2018-10-09 12:45:45 -0700[diff] [blame]80 messages::generalError(res);
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]81 res.end();
82 return;
83 }
84
85 auto session =
86 crow::persistent_data::SessionStore::getInstance().getSessionByUid(
87 params[0]);
88
89 if (session == nullptr)
90 {
Jason M. Billsf12894f2018-10-09 12:45:45 -0700[diff] [blame]91 messages::resourceNotFound(res, "Session", params[0]);
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]92 res.end();
93 return;
94 }
95
96 // DELETE should return representation of object that will be removed
97 doGet(res, req, params);
98
99 crow::persistent_data::SessionStore::getInstance().removeSession(
100 session);
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]101 }
102
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]103 /**
104 * This allows SessionCollection to reuse this class' doGet method, to
105 * maintain consistency of returned data, as Collection's doPost should
106 * return data for created member which should match member's doGet result
107 * in 100%
108 */
109 friend SessionCollection;
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]110};
111
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]112class SessionCollection : public Node
113{
114 public:
115 SessionCollection(CrowApp& app) :
116 Node(app, "/redfish/v1/SessionService/Sessions/"), memberSession(app)
117 {
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]118 entityPrivileges = {
119 {boost::beast::http::verb::get, {{"Login"}}},
120 {boost::beast::http::verb::head, {{"Login"}}},
121 {boost::beast::http::verb::patch, {{"ConfigureManager"}}},
122 {boost::beast::http::verb::put, {{"ConfigureManager"}}},
123 {boost::beast::http::verb::delete_, {{"ConfigureManager"}}},
124 {boost::beast::http::verb::post, {}}};
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]125 }
126
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]127 private:
128 void doGet(crow::Response& res, const crow::Request& req,
129 const std::vector<std::string>& params) override
130 {
131 std::vector<const std::string*> sessionIds =
132 crow::persistent_data::SessionStore::getInstance().getUniqueIds(
133 false, crow::persistent_data::PersistenceType::TIMEOUT);
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]134
Ed Tanous0f74e642018-11-12 15:17:05 -0800[diff] [blame]135 res.jsonValue["Members@odata.count"] = sessionIds.size();
136 res.jsonValue["Members"] = nlohmann::json::array();
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]137 for (const std::string* uid : sessionIds)
138 {
Ed Tanous0f74e642018-11-12 15:17:05 -0800[diff] [blame]139 res.jsonValue["Members"].push_back(
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]140 {{"@odata.id", "/redfish/v1/SessionService/Sessions/" + *uid}});
141 }
Tanousf00032d2018-11-05 01:18:10 -0300[diff] [blame]142 res.jsonValue["Members@odata.count"] = sessionIds.size();
Ed Tanous0f74e642018-11-12 15:17:05 -0800[diff] [blame]143 res.jsonValue["@odata.type"] = "#SessionCollection.SessionCollection";
144 res.jsonValue["@odata.id"] = "/redfish/v1/SessionService/Sessions/";
145 res.jsonValue["@odata.context"] =
146 "/redfish/v1/$metadata#SessionCollection.SessionCollection";
147 res.jsonValue["Name"] = "Session Collection";
148 res.jsonValue["Description"] = "Session Collection";
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]149 res.end();
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]150 }
151
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]152 void doPost(crow::Response& res, const crow::Request& req,
153 const std::vector<std::string>& params) override
154 {
Ed Tanous9712f8a2018-09-21 13:38:49 -0700[diff] [blame]155 std::string username;
156 std::string password;
157 if (!json_util::readJson(req, res, "UserName", username, "Password",
158 password))
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]159 {
160 res.end();
161 return;
162 }
Ed Tanousb9845d92018-07-24 14:38:06 -0700[diff] [blame]163
Ed Tanous820ce592018-10-04 15:54:21 -0700[diff] [blame]164 if (password.empty() || username.empty() ||
165 res.result() != boost::beast::http::status::ok)
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]166 {
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]167 if (username.empty())
168 {
Jason M. Billsa08b46c2018-11-06 15:01:08 -0800[diff] [blame]169 messages::propertyMissing(res, "UserName");
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]170 }
171
172 if (password.empty())
173 {
Jason M. Billsa08b46c2018-11-06 15:01:08 -0800[diff] [blame]174 messages::propertyMissing(res, "Password");
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]175 }
Ed Tanous820ce592018-10-04 15:54:21 -0700[diff] [blame]176 res.end();
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]177
Ed Tanous820ce592018-10-04 15:54:21 -0700[diff] [blame]178 return;
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]179 }
180
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]181 if (!pamAuthenticateUser(username, password))
182 {
Jason M. Billsf12894f2018-10-09 12:45:45 -0700[diff] [blame]183 messages::resourceAtUriUnauthorized(res, std::string(req.url),
184 "Invalid username or password");
Ed Tanous820ce592018-10-04 15:54:21 -0700[diff] [blame]185 res.end();
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]186
Ed Tanous820ce592018-10-04 15:54:21 -0700[diff] [blame]187 return;
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]188 }
189
Ed Tanous820ce592018-10-04 15:54:21 -0700[diff] [blame]190 // User is authenticated - create session
191 std::shared_ptr<crow::persistent_data::UserSession> session =
192 crow::persistent_data::SessionStore::getInstance()
193 .generateUserSession(username);
194 res.addHeader("X-Auth-Token", session->sessionToken);
195 res.addHeader("Location", "/redfish/v1/SessionService/Sessions/" +
196 session->uniqueId);
197 res.result(boost::beast::http::status::created);
198 memberSession.doGet(res, req, {session->uniqueId});
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]199 }
200
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]201 /**
202 * Member session to ensure consistency between collection's doPost and
203 * member's doGet, as they should return 100% matching data
204 */
205 Sessions memberSession;
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]206};
207
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]208class SessionService : public Node
209{
210 public:
211 SessionService(CrowApp& app) : Node(app, "/redfish/v1/SessionService/")
212 {
Ed Tanous3ebd75f2018-03-05 18:20:01 -0800[diff] [blame]213
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]214 entityPrivileges = {
215 {boost::beast::http::verb::get, {{"Login"}}},
216 {boost::beast::http::verb::head, {{"Login"}}},
217 {boost::beast::http::verb::patch, {{"ConfigureManager"}}},
218 {boost::beast::http::verb::put, {{"ConfigureManager"}}},
219 {boost::beast::http::verb::delete_, {{"ConfigureManager"}}},
220 {boost::beast::http::verb::post, {{"ConfigureManager"}}}};
221 }
Borawski.Lukasz5d27b852018-02-08 13:24:24 +0100[diff] [blame]222
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]223 private:
224 void doGet(crow::Response& res, const crow::Request& req,
225 const std::vector<std::string>& params) override
226 {
Ed Tanous0f74e642018-11-12 15:17:05 -0800[diff] [blame]227 res.jsonValue["@odata.type"] = "#SessionService.v1_0_2.SessionService";
228 res.jsonValue["@odata.id"] = "/redfish/v1/SessionService/";
229 res.jsonValue["@odata.context"] =
230 "/redfish/v1/$metadata#SessionService.SessionService";
231 res.jsonValue["Name"] = "Session Service";
232 res.jsonValue["Id"] = "SessionService";
233 res.jsonValue["Description"] = "Session Service";
234 res.jsonValue["SessionTimeout"] =
235 crow::persistent_data::SessionStore::getInstance()
236 .getTimeoutInSeconds();
237 res.jsonValue["ServiceEnabled"] = true;
238
Ed Tanous0f261532019-02-08 11:13:29 -0800[diff] [blame]239 res.jsonValue["Sessions"] = {
240 {"@odata.id", "/redfish/v1/SessionService/Sessions"}};
241
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]242 res.end();
243 }
Borawski.Lukasz5d27b852018-02-08 13:24:24 +0100[diff] [blame]244};
245
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]246} // namespace redfish