Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / bmcweb / 92f682233ff0b8b20692e337632326cbd5a03676 / . / redfish-core / lib / redfish_sessions.hpp
blob: 1ec2303abe4b47ce03b86d2e7a2aa6e6314bf14b [file] [log] [blame]
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]1/*
2// Copyright (c) 2018 Intel Corporation
3//
4// Licensed under the Apache License, Version 2.0 (the "License");
5// you may not use this file except in compliance with the License.
6// You may obtain a copy of the License at
7//
8// http://www.apache.org/licenses/LICENSE-2.0
9//
10// Unless required by applicable law or agreed to in writing, software
11// distributed under the License is distributed on an "AS IS" BASIS,
12// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13// See the License for the specific language governing permissions and
14// limitations under the License.
15*/
16#pragma once
Borawski.Lukasz43a095a2018-02-19 15:39:01 +0100[diff] [blame]17
Kowalski, Kamilf4c4dcf2018-01-29 14:55:35 +0100[diff] [blame]18#include "error_messages.hpp"
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]19#include "node.hpp"
Borawski.Lukasz4b1b8682018-04-04 12:50:16 +0200[diff] [blame]20#include "persistent_data_middleware.hpp"
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]21
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]22namespace redfish
23{
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]24
25class SessionCollection;
26
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]27class Sessions : public Node
28{
29 public:
30 Sessions(CrowApp& app) :
31 Node(app, "/redfish/v1/SessionService/Sessions/<str>/", std::string())
32 {
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]33 entityPrivileges = {
34 {boost::beast::http::verb::get, {{"Login"}}},
35 {boost::beast::http::verb::head, {{"Login"}}},
36 {boost::beast::http::verb::patch, {{"ConfigureManager"}}},
37 {boost::beast::http::verb::put, {{"ConfigureManager"}}},
Joseph Reynolds900f9492019-11-25 15:37:29 -0600[diff] [blame]38 {boost::beast::http::verb::delete_,
39 {{"ConfigureManager"}, {"ConfigureSelf"}}},
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]40 {boost::beast::http::verb::post, {{"ConfigureManager"}}}};
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]41 }
42
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]43 private:
44 void doGet(crow::Response& res, const crow::Request& req,
45 const std::vector<std::string>& params) override
46 {
Joseph Reynolds900f9492019-11-25 15:37:29 -0600[diff] [blame]47 // Note that control also reaches here via doPost and doDelete.
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]48 auto session =
49 crow::persistent_data::SessionStore::getInstance().getSessionByUid(
50 params[0]);
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]51
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]52 if (session == nullptr)
53 {
Jason M. Billsf12894f2018-10-09 12:45:45 -0700[diff] [blame]54 messages::resourceNotFound(res, "Session", params[0]);
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]55 res.end();
56 return;
57 }
Kowalski, Kamilf4c4dcf2018-01-29 14:55:35 +0100[diff] [blame]58
Ed Tanous0f74e642018-11-12 15:17:05 -0800[diff] [blame]59 res.jsonValue["Id"] = session->uniqueId;
60 res.jsonValue["UserName"] = session->username;
61 res.jsonValue["@odata.id"] =
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]62 "/redfish/v1/SessionService/Sessions/" + session->uniqueId;
Ed Tanous0f74e642018-11-12 15:17:05 -0800[diff] [blame]63 res.jsonValue["@odata.type"] = "#Session.v1_0_2.Session";
Ed Tanous0f74e642018-11-12 15:17:05 -0800[diff] [blame]64 res.jsonValue["Name"] = "User Session";
65 res.jsonValue["Description"] = "Manager User Session";
Sunitha Harish08bdcc72020-05-12 05:17:57 -0500[diff] [blame]66 res.jsonValue["Oem"]["OpenBMC"]["@odata.type"] =
67 "#OemSession.v1_0_0.Session";
Sunitha Harish92f68222020-05-28 05:09:09 -0500[diff] [blame^]68#ifdef BMCWEB_ENABLE_IBM_MANAGEMENT_CONSOLE
Sunitha Harish08bdcc72020-05-12 05:17:57 -0500[diff] [blame]69 res.jsonValue["Oem"]["OpenBMC"]["ClientID"] = session->clientId;
70#endif
Sunitha Harish92f68222020-05-28 05:09:09 -0500[diff] [blame^]71 res.jsonValue["Oem"]["OpenBMC"]["ClientOriginIP"] = session->clientIp;
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]72 res.end();
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]73 }
74
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]75 void doDelete(crow::Response& res, const crow::Request& req,
76 const std::vector<std::string>& params) override
77 {
78 // Need only 1 param which should be id of session to be deleted
79 if (params.size() != 1)
80 {
81 // This should be handled by crow and never happen
82 BMCWEB_LOG_ERROR << "Session DELETE has been called with invalid "
83 "number of params";
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]84
Jason M. Billsf12894f2018-10-09 12:45:45 -0700[diff] [blame]85 messages::generalError(res);
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]86 res.end();
87 return;
88 }
89
90 auto session =
91 crow::persistent_data::SessionStore::getInstance().getSessionByUid(
92 params[0]);
93
94 if (session == nullptr)
95 {
Jason M. Billsf12894f2018-10-09 12:45:45 -0700[diff] [blame]96 messages::resourceNotFound(res, "Session", params[0]);
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]97 res.end();
98 return;
99 }
100
Joseph Reynolds900f9492019-11-25 15:37:29 -0600[diff] [blame]101 // Perform a proper ConfigureSelf authority check. If a
102 // session is being used to DELETE some other user's session,
103 // then the ConfigureSelf privilege does not apply. In that
104 // case, perform the authority check again without the user's
105 // ConfigureSelf privilege.
106 if (session->username != req.session->username)
107 {
108 if (!isAllowedWithoutConfigureSelf(req))
109 {
110 BMCWEB_LOG_WARNING << "DELETE Session denied access";
111 messages::insufficientPrivilege(res);
112 res.end();
113 return;
114 }
115 }
116
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]117 // DELETE should return representation of object that will be removed
118 doGet(res, req, params);
119
120 crow::persistent_data::SessionStore::getInstance().removeSession(
121 session);
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]122 }
123
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]124 /**
125 * This allows SessionCollection to reuse this class' doGet method, to
126 * maintain consistency of returned data, as Collection's doPost should
Sunitha Harish92f68222020-05-28 05:09:09 -0500[diff] [blame^]127 * return data for created member which should match member's doGet
128 * result in 100%
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]129 */
130 friend SessionCollection;
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]131};
132
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]133class SessionCollection : public Node
134{
135 public:
136 SessionCollection(CrowApp& app) :
137 Node(app, "/redfish/v1/SessionService/Sessions/"), memberSession(app)
138 {
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]139 entityPrivileges = {
140 {boost::beast::http::verb::get, {{"Login"}}},
141 {boost::beast::http::verb::head, {{"Login"}}},
142 {boost::beast::http::verb::patch, {{"ConfigureManager"}}},
143 {boost::beast::http::verb::put, {{"ConfigureManager"}}},
144 {boost::beast::http::verb::delete_, {{"ConfigureManager"}}},
145 {boost::beast::http::verb::post, {}}};
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]146 }
147
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]148 private:
149 void doGet(crow::Response& res, const crow::Request& req,
150 const std::vector<std::string>& params) override
151 {
152 std::vector<const std::string*> sessionIds =
153 crow::persistent_data::SessionStore::getInstance().getUniqueIds(
154 false, crow::persistent_data::PersistenceType::TIMEOUT);
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]155
Ed Tanous0f74e642018-11-12 15:17:05 -0800[diff] [blame]156 res.jsonValue["Members@odata.count"] = sessionIds.size();
157 res.jsonValue["Members"] = nlohmann::json::array();
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]158 for (const std::string* uid : sessionIds)
159 {
Ed Tanous0f74e642018-11-12 15:17:05 -0800[diff] [blame]160 res.jsonValue["Members"].push_back(
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]161 {{"@odata.id", "/redfish/v1/SessionService/Sessions/" + *uid}});
162 }
Tanousf00032d2018-11-05 01:18:10 -0300[diff] [blame]163 res.jsonValue["Members@odata.count"] = sessionIds.size();
Ed Tanous0f74e642018-11-12 15:17:05 -0800[diff] [blame]164 res.jsonValue["@odata.type"] = "#SessionCollection.SessionCollection";
165 res.jsonValue["@odata.id"] = "/redfish/v1/SessionService/Sessions/";
Ed Tanous0f74e642018-11-12 15:17:05 -0800[diff] [blame]166 res.jsonValue["Name"] = "Session Collection";
167 res.jsonValue["Description"] = "Session Collection";
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]168 res.end();
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]169 }
170
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]171 void doPost(crow::Response& res, const crow::Request& req,
172 const std::vector<std::string>& params) override
173 {
Ed Tanous9712f8a2018-09-21 13:38:49 -0700[diff] [blame]174 std::string username;
175 std::string password;
Sunitha Harish08bdcc72020-05-12 05:17:57 -0500[diff] [blame]176 std::optional<nlohmann::json> oemObject;
177 std::string clientId;
Sunitha Harish92f68222020-05-28 05:09:09 -0500[diff] [blame^]178 std::string clientIp;
Ed Tanous9712f8a2018-09-21 13:38:49 -0700[diff] [blame]179 if (!json_util::readJson(req, res, "UserName", username, "Password",
Sunitha Harish08bdcc72020-05-12 05:17:57 -0500[diff] [blame]180 password, "Oem", oemObject))
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]181 {
182 res.end();
183 return;
184 }
Ed Tanousb9845d92018-07-24 14:38:06 -0700[diff] [blame]185
Ed Tanous820ce592018-10-04 15:54:21 -0700[diff] [blame]186 if (password.empty() || username.empty() ||
187 res.result() != boost::beast::http::status::ok)
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]188 {
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]189 if (username.empty())
190 {
Jason M. Billsa08b46c2018-11-06 15:01:08 -0800[diff] [blame]191 messages::propertyMissing(res, "UserName");
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]192 }
193
194 if (password.empty())
195 {
Jason M. Billsa08b46c2018-11-06 15:01:08 -0800[diff] [blame]196 messages::propertyMissing(res, "Password");
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]197 }
Ed Tanous820ce592018-10-04 15:54:21 -0700[diff] [blame]198 res.end();
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]199
Ed Tanous820ce592018-10-04 15:54:21 -0700[diff] [blame]200 return;
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]201 }
202
Joseph Reynolds3bf4e632020-02-06 14:44:32 -0600[diff] [blame]203 int pamrc = pamAuthenticateUser(username, password);
204 bool isConfigureSelfOnly = pamrc == PAM_NEW_AUTHTOK_REQD;
205 if ((pamrc != PAM_SUCCESS) && !isConfigureSelfOnly)
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]206 {
Jason M. Billsf12894f2018-10-09 12:45:45 -0700[diff] [blame]207 messages::resourceAtUriUnauthorized(res, std::string(req.url),
208 "Invalid username or password");
Ed Tanous820ce592018-10-04 15:54:21 -0700[diff] [blame]209 res.end();
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]210
Ed Tanous820ce592018-10-04 15:54:21 -0700[diff] [blame]211 return;
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]212 }
Sunitha Harish08bdcc72020-05-12 05:17:57 -0500[diff] [blame]213#ifdef BMCWEB_ENABLE_IBM_MANAGEMENT_CONSOLE
214 if (oemObject)
215 {
216 std::optional<nlohmann::json> bmcOem;
217 if (!json_util::readJson(*oemObject, res, "OpenBMC", bmcOem))
218 {
219 res.end();
220 return;
221 }
222 if (!json_util::readJson(*bmcOem, res, "ClientID", clientId))
223 {
224 BMCWEB_LOG_ERROR << "Could not read ClientId";
225 res.end();
226 return;
227 }
228 }
229#endif
Sunitha Harish92f68222020-05-28 05:09:09 -0500[diff] [blame^]230 clientIp =
231 req.socket().next_layer().remote_endpoint().address().to_string();
232
Ed Tanous820ce592018-10-04 15:54:21 -0700[diff] [blame]233 // User is authenticated - create session
234 std::shared_ptr<crow::persistent_data::UserSession> session =
235 crow::persistent_data::SessionStore::getInstance()
Joseph Reynolds3bf4e632020-02-06 14:44:32 -0600[diff] [blame]236 .generateUserSession(
237 username, crow::persistent_data::PersistenceType::TIMEOUT,
Sunitha Harish92f68222020-05-28 05:09:09 -0500[diff] [blame^]238 isConfigureSelfOnly, clientId, clientIp);
Ed Tanous820ce592018-10-04 15:54:21 -0700[diff] [blame]239 res.addHeader("X-Auth-Token", session->sessionToken);
240 res.addHeader("Location", "/redfish/v1/SessionService/Sessions/" +
241 session->uniqueId);
242 res.result(boost::beast::http::status::created);
Joseph Reynolds3bf4e632020-02-06 14:44:32 -0600[diff] [blame]243 if (session->isConfigureSelfOnly)
244 {
245 messages::passwordChangeRequired(
246 res,
247 "/redfish/v1/AccountService/Accounts/" + session->username);
248 }
Ed Tanous820ce592018-10-04 15:54:21 -0700[diff] [blame]249 memberSession.doGet(res, req, {session->uniqueId});
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]250 }
251
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]252 /**
253 * Member session to ensure consistency between collection's doPost and
254 * member's doGet, as they should return 100% matching data
255 */
256 Sessions memberSession;
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100[diff] [blame]257};
258
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]259class SessionService : public Node
260{
261 public:
262 SessionService(CrowApp& app) : Node(app, "/redfish/v1/SessionService/")
263 {
Ed Tanous3ebd75f2018-03-05 18:20:01 -0800[diff] [blame]264
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]265 entityPrivileges = {
266 {boost::beast::http::verb::get, {{"Login"}}},
267 {boost::beast::http::verb::head, {{"Login"}}},
268 {boost::beast::http::verb::patch, {{"ConfigureManager"}}},
269 {boost::beast::http::verb::put, {{"ConfigureManager"}}},
270 {boost::beast::http::verb::delete_, {{"ConfigureManager"}}},
271 {boost::beast::http::verb::post, {{"ConfigureManager"}}}};
272 }
Borawski.Lukasz5d27b852018-02-08 13:24:24 +0100[diff] [blame]273
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]274 private:
275 void doGet(crow::Response& res, const crow::Request& req,
276 const std::vector<std::string>& params) override
277 {
Ed Tanous0f74e642018-11-12 15:17:05 -0800[diff] [blame]278 res.jsonValue["@odata.type"] = "#SessionService.v1_0_2.SessionService";
279 res.jsonValue["@odata.id"] = "/redfish/v1/SessionService/";
Ed Tanous0f74e642018-11-12 15:17:05 -0800[diff] [blame]280 res.jsonValue["Name"] = "Session Service";
281 res.jsonValue["Id"] = "SessionService";
282 res.jsonValue["Description"] = "Session Service";
283 res.jsonValue["SessionTimeout"] =
284 crow::persistent_data::SessionStore::getInstance()
285 .getTimeoutInSeconds();
286 res.jsonValue["ServiceEnabled"] = true;
287
Ed Tanous0f261532019-02-08 11:13:29 -0800[diff] [blame]288 res.jsonValue["Sessions"] = {
289 {"@odata.id", "/redfish/v1/SessionService/Sessions"}};
290
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]291 res.end();
292 }
Borawski.Lukasz5d27b852018-02-08 13:24:24 +0100[diff] [blame]293};
294
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]295} // namespace redfish