Don't check for credentials on the login API The web server should not be checking for credentials on the login API. This allows the GUI to check the old password on a password change. Resolves openbmc/openbmc#3190 Tested: Verfied login still works and tested changing the user password from the GUI. Change-Id: I7c3570d50c011a0327a34f09b447dec5ca42cb9f Signed-off-by: Gunnar Mills <gmills@us.ibm.com>

commit: 57068618982edec6ad3a4be9117766aec525629f [log] [tgz]
author: Gunnar Mills <gmills@us.ibm.com> Thu May 17 12:59:49 2018 -0500
committer: Brad Bishop <bradleyb@fuzziesquirrel.com> Wed May 23 18:43:10 2018 +0000
tree: c615984628ad633822b18c510a6f6edfa9857bf7
parent: 5c518f63d7a169326b572cfa5886b15a6876f4f1 [diff]
diff --git a/module/obmc/wsgi/apps/rest_dbus.py b/module/obmc/wsgi/apps/rest_dbus.py
index 3eac4f4..2d98817 100644
--- a/module/obmc/wsgi/apps/rest_dbus.py
+++ b/module/obmc/wsgi/apps/rest_dbus.py

@@ -687,10 +687,6 @@
         return self.no_user_str
 
     def do_login(self, **kw):
-        session = self.get_session_from_cookie()
-        if session is not None:
-            return self.login_str % (session['user'], 'in')
-
         if len(request.parameter_list) != 2:
             abort(400, self.bad_json_str % (request.json))
commit	57068618982edec6ad3a4be9117766aec525629f	[log] [tgz]
author	Gunnar Mills <gmills@us.ibm.com>	Thu May 17 12:59:49 2018 -0500
committer	Brad Bishop <bradleyb@fuzziesquirrel.com>	Wed May 23 18:43:10 2018 +0000
tree	c615984628ad633822b18c510a6f6edfa9857bf7
parent	5c518f63d7a169326b572cfa5886b15a6876f4f1 [diff]