Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / bmcweb / 8fd315a55515124fc3cb0f5975fec415454595ec / . / redfish-core / lib / redfish_sessions.hpp
blob: c4b0a4fa47258dd47eabefb6a8250a48e4d031a2 [file] [log] [blame]
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]1/*
2// Copyright (c) 2018 Intel Corporation
3//
4// Licensed under the Apache License, Version 2.0 (the "License");
5// you may not use this file except in compliance with the License.
6// You may obtain a copy of the License at
7//
8// http://www.apache.org/licenses/LICENSE-2.0
9//
10// Unless required by applicable law or agreed to in writing, software
11// distributed under the License is distributed on an "AS IS" BASIS,
12// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13// See the License for the specific language governing permissions and
14// limitations under the License.
15*/
16#pragma once
Borawski.Lukasz43a095a2018-02-19 15:39:01 +0100[diff] [blame]17
Kowalski, Kamilf4c4dcf2018-01-29 14:55:35 +0100[diff] [blame]18#include "error_messages.hpp"
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]19#include "node.hpp"
Borawski.Lukasz4b1b8682018-04-04 12:50:16 +0200[diff] [blame]20#include "persistent_data_middleware.hpp"
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]21
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]22namespace redfish
23{
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]24
25class SessionCollection;
26
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]27class Sessions : public Node
28{
29 public:
30 Sessions(CrowApp& app) :
31 Node(app, "/redfish/v1/SessionService/Sessions/<str>/", std::string())
32 {
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]33 entityPrivileges = {
34 {boost::beast::http::verb::get, {{"Login"}}},
35 {boost::beast::http::verb::head, {{"Login"}}},
36 {boost::beast::http::verb::patch, {{"ConfigureManager"}}},
37 {boost::beast::http::verb::put, {{"ConfigureManager"}}},
Joseph Reynolds8fd315a2019-09-12 12:02:33 -0500[diff] [blame^]38 {boost::beast::http::verb::delete_,
39 {{"ConfigureManager"}, {"ConfigureSelf"}}},
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]40 {boost::beast::http::verb::post, {{"ConfigureManager"}}}};
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]41 }
42
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]43 private:
44 void doGet(crow::Response& res, const crow::Request& req,
45 const std::vector<std::string>& params) override
46 {
Joseph Reynolds8fd315a2019-09-12 12:02:33 -0500[diff] [blame^]47 // Note that control also reaches here via doPost and doDelete.
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]48 auto session =
49 crow::persistent_data::SessionStore::getInstance().getSessionByUid(
50 params[0]);
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]51
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]52 if (session == nullptr)
53 {
Jason M. Billsf12894f2018-10-09 12:45:45 -0700[diff] [blame]54 messages::resourceNotFound(res, "Session", params[0]);
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]55 res.end();
56 return;
57 }
Kowalski, Kamilf4c4dcf2018-01-29 14:55:35 +0100[diff] [blame]58
Ed Tanous0f74e642018-11-12 15:17:05 -0800[diff] [blame]59 res.jsonValue["Id"] = session->uniqueId;
60 res.jsonValue["UserName"] = session->username;
61 res.jsonValue["@odata.id"] =
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]62 "/redfish/v1/SessionService/Sessions/" + session->uniqueId;
Ed Tanous0f74e642018-11-12 15:17:05 -0800[diff] [blame]63 res.jsonValue["@odata.type"] = "#Session.v1_0_2.Session";
64 res.jsonValue["@odata.context"] =
65 "/redfish/v1/$metadata#Session.Session";
66 res.jsonValue["Name"] = "User Session";
67 res.jsonValue["Description"] = "Manager User Session";
Joseph Reynolds8fd315a2019-09-12 12:02:33 -0500[diff] [blame^]68 if (session->isConfigureSelfOnly)
69 {
70 messages::passwordChangeRequired(
71 res,
72 "/redfish/v1/AccountService/Accounts/" + session->username);
73 }
Ed Tanouse0d918b2018-03-27 17:41:04 -0700[diff] [blame]74
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]75 res.end();
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]76 }
77
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]78 void doDelete(crow::Response& res, const crow::Request& req,
79 const std::vector<std::string>& params) override
80 {
81 // Need only 1 param which should be id of session to be deleted
82 if (params.size() != 1)
83 {
84 // This should be handled by crow and never happen
85 BMCWEB_LOG_ERROR << "Session DELETE has been called with invalid "
86 "number of params";
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]87
Jason M. Billsf12894f2018-10-09 12:45:45 -0700[diff] [blame]88 messages::generalError(res);
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]89 res.end();
90 return;
91 }
92
93 auto session =
94 crow::persistent_data::SessionStore::getInstance().getSessionByUid(
95 params[0]);
96
97 if (session == nullptr)
98 {
Jason M. Billsf12894f2018-10-09 12:45:45 -0700[diff] [blame]99 messages::resourceNotFound(res, "Session", params[0]);
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]100 res.end();
101 return;
102 }
103
Joseph Reynolds8fd315a2019-09-12 12:02:33 -0500[diff] [blame^]104 // Perform a tighter authority check for how the ConfigureSelf
105 // privilege interacts with the Session resource URI override.
106 // (Meaning: the ConfigureSelf privilege only applies to that
107 // session's Session resource.) If a session is DELETEing
108 // some other session, then the ConfigureSelf privilege does
109 // not apply, so remove the user's ConfigureSelf privilege and
110 // perform the authority check again.
111 if (session->uniqueId != req.session->uniqueId)
112 {
113 if (!isAllowedWithoutConfigureSelf(req))
114 {
115 BMCWEB_LOG_WARNING << "DELETE Session denied access";
116 messages::accessDenied(res, std::string(req.url));
117 res.end();
118 return;
119 }
120 }
121
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]122 // DELETE should return representation of object that will be removed
123 doGet(res, req, params);
124
125 crow::persistent_data::SessionStore::getInstance().removeSession(
126 session);
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]127 }
128
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]129 /**
130 * This allows SessionCollection to reuse this class' doGet method, to
131 * maintain consistency of returned data, as Collection's doPost should
132 * return data for created member which should match member's doGet result
133 * in 100%
134 */
135 friend SessionCollection;
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]136};
137
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]138class SessionCollection : public Node
139{
140 public:
141 SessionCollection(CrowApp& app) :
142 Node(app, "/redfish/v1/SessionService/Sessions/"), memberSession(app)
143 {
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]144 entityPrivileges = {
145 {boost::beast::http::verb::get, {{"Login"}}},
146 {boost::beast::http::verb::head, {{"Login"}}},
147 {boost::beast::http::verb::patch, {{"ConfigureManager"}}},
148 {boost::beast::http::verb::put, {{"ConfigureManager"}}},
149 {boost::beast::http::verb::delete_, {{"ConfigureManager"}}},
150 {boost::beast::http::verb::post, {}}};
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]151 }
152
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]153 private:
154 void doGet(crow::Response& res, const crow::Request& req,
155 const std::vector<std::string>& params) override
156 {
157 std::vector<const std::string*> sessionIds =
158 crow::persistent_data::SessionStore::getInstance().getUniqueIds(
159 false, crow::persistent_data::PersistenceType::TIMEOUT);
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]160
Ed Tanous0f74e642018-11-12 15:17:05 -0800[diff] [blame]161 res.jsonValue["Members@odata.count"] = sessionIds.size();
162 res.jsonValue["Members"] = nlohmann::json::array();
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]163 for (const std::string* uid : sessionIds)
164 {
Ed Tanous0f74e642018-11-12 15:17:05 -0800[diff] [blame]165 res.jsonValue["Members"].push_back(
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]166 {{"@odata.id", "/redfish/v1/SessionService/Sessions/" + *uid}});
167 }
Tanousf00032d2018-11-05 01:18:10 -0300[diff] [blame]168 res.jsonValue["Members@odata.count"] = sessionIds.size();
Ed Tanous0f74e642018-11-12 15:17:05 -0800[diff] [blame]169 res.jsonValue["@odata.type"] = "#SessionCollection.SessionCollection";
170 res.jsonValue["@odata.id"] = "/redfish/v1/SessionService/Sessions/";
171 res.jsonValue["@odata.context"] =
172 "/redfish/v1/$metadata#SessionCollection.SessionCollection";
173 res.jsonValue["Name"] = "Session Collection";
174 res.jsonValue["Description"] = "Session Collection";
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]175 res.end();
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]176 }
177
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]178 void doPost(crow::Response& res, const crow::Request& req,
179 const std::vector<std::string>& params) override
180 {
Ed Tanous9712f8a2018-09-21 13:38:49 -0700[diff] [blame]181 std::string username;
182 std::string password;
183 if (!json_util::readJson(req, res, "UserName", username, "Password",
184 password))
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]185 {
186 res.end();
187 return;
188 }
Ed Tanousb9845d92018-07-24 14:38:06 -0700[diff] [blame]189
Ed Tanous820ce592018-10-04 15:54:21 -0700[diff] [blame]190 if (password.empty() || username.empty() ||
191 res.result() != boost::beast::http::status::ok)
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]192 {
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]193 if (username.empty())
194 {
Jason M. Billsa08b46c2018-11-06 15:01:08 -0800[diff] [blame]195 messages::propertyMissing(res, "UserName");
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]196 }
197
198 if (password.empty())
199 {
Jason M. Billsa08b46c2018-11-06 15:01:08 -0800[diff] [blame]200 messages::propertyMissing(res, "Password");
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]201 }
Ed Tanous820ce592018-10-04 15:54:21 -0700[diff] [blame]202 res.end();
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]203
Ed Tanous820ce592018-10-04 15:54:21 -0700[diff] [blame]204 return;
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]205 }
206
Joseph Reynolds8fd315a2019-09-12 12:02:33 -0500[diff] [blame^]207 bool passwordChangeRequired = false;
208 if (!pamAuthenticateUser(username, password, passwordChangeRequired))
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]209 {
Jason M. Billsf12894f2018-10-09 12:45:45 -0700[diff] [blame]210 messages::resourceAtUriUnauthorized(res, std::string(req.url),
211 "Invalid username or password");
Ed Tanous820ce592018-10-04 15:54:21 -0700[diff] [blame]212 res.end();
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]213
Ed Tanous820ce592018-10-04 15:54:21 -0700[diff] [blame]214 return;
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]215 }
216
Ed Tanous820ce592018-10-04 15:54:21 -0700[diff] [blame]217 // User is authenticated - create session
218 std::shared_ptr<crow::persistent_data::UserSession> session =
219 crow::persistent_data::SessionStore::getInstance()
Joseph Reynolds8fd315a2019-09-12 12:02:33 -0500[diff] [blame^]220 .generateUserSession(username, passwordChangeRequired);
Ed Tanous820ce592018-10-04 15:54:21 -0700[diff] [blame]221 res.addHeader("X-Auth-Token", session->sessionToken);
222 res.addHeader("Location", "/redfish/v1/SessionService/Sessions/" +
223 session->uniqueId);
224 res.result(boost::beast::http::status::created);
225 memberSession.doGet(res, req, {session->uniqueId});
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]226 }
227
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]228 /**
229 * Member session to ensure consistency between collection's doPost and
230 * member's doGet, as they should return 100% matching data
231 */
232 Sessions memberSession;
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]233};
234
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]235class SessionService : public Node
236{
237 public:
238 SessionService(CrowApp& app) : Node(app, "/redfish/v1/SessionService/")
239 {
Ed Tanous3ebd75f2018-03-05 18:20:01 -0800[diff] [blame]240
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]241 entityPrivileges = {
242 {boost::beast::http::verb::get, {{"Login"}}},
243 {boost::beast::http::verb::head, {{"Login"}}},
244 {boost::beast::http::verb::patch, {{"ConfigureManager"}}},
245 {boost::beast::http::verb::put, {{"ConfigureManager"}}},
246 {boost::beast::http::verb::delete_, {{"ConfigureManager"}}},
247 {boost::beast::http::verb::post, {{"ConfigureManager"}}}};
248 }
Borawski.Lukasz5d27b852018-02-08 13:24:24 +0100[diff] [blame]249
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]250 private:
251 void doGet(crow::Response& res, const crow::Request& req,
252 const std::vector<std::string>& params) override
253 {
Ed Tanous0f74e642018-11-12 15:17:05 -0800[diff] [blame]254 res.jsonValue["@odata.type"] = "#SessionService.v1_0_2.SessionService";
255 res.jsonValue["@odata.id"] = "/redfish/v1/SessionService/";
256 res.jsonValue["@odata.context"] =
257 "/redfish/v1/$metadata#SessionService.SessionService";
258 res.jsonValue["Name"] = "Session Service";
259 res.jsonValue["Id"] = "SessionService";
260 res.jsonValue["Description"] = "Session Service";
261 res.jsonValue["SessionTimeout"] =
262 crow::persistent_data::SessionStore::getInstance()
263 .getTimeoutInSeconds();
264 res.jsonValue["ServiceEnabled"] = true;
265
Ed Tanous0f261532019-02-08 11:13:29 -0800[diff] [blame]266 res.jsonValue["Sessions"] = {
267 {"@odata.id", "/redfish/v1/SessionService/Sessions"}};
268
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]269 res.end();
270 }
Borawski.Lukasz5d27b852018-02-08 13:24:24 +0100[diff] [blame]271};
272
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]273} // namespace redfish