User management: Remove disable redfish support
Removed redfishSupportEnabled = false for the user management page.
The default is redfishSupportEnabled = true and no meta layers
have redfishSupportEnabled = false so unused upstream.
When redfishSupportEnabled = false, the
/xyz/openbmc_project/user/<user>/action/SetPassword API is called.
Neither bmcweb or phosphor-rest-server have a SetPassword API
and so the user management page did not work when
redfishSupportEnabled = false.
The SetPassword API was removed when the new backend user
management code was added, it was removed for security concerns.
See https://github.com/openbmc/openbmc/issues/3454 for more info.
Tested: On a Witherspoon, added users, updated roles and passwords,
and deleted users.
Change-Id: I3d9e30c0fc655fb23dee38fa5eeb52239c9faa64
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
diff --git a/app/common/services/api-utils.js b/app/common/services/api-utils.js
index 9711ba6..211f6d7 100644
--- a/app/common/services/api-utils.js
+++ b/app/common/services/api-utils.js
@@ -546,143 +546,60 @@
getAccountServiceRoles: function() {
var roles = [];
- if (DataService.configJson.redfishSupportEnabled == true) {
- return $http({
- method: 'GET',
- url: DataService.getHost() +
- '/redfish/v1/AccountService/Roles',
- withCredentials: true
- })
- .then(
- function(response) {
- var members = response.data['Members'];
- angular.forEach(members, function(member) {
- roles.push(member['@odata.id'].split('/').pop());
- });
- return roles;
- },
- function(error) {
- console.log(error);
+ return $http({
+ method: 'GET',
+ url: DataService.getHost() +
+ '/redfish/v1/AccountService/Roles',
+ withCredentials: true
+ })
+ .then(
+ function(response) {
+ var members = response.data['Members'];
+ angular.forEach(members, function(member) {
+ roles.push(member['@odata.id'].split('/').pop());
});
- } else {
- return $http({
- method: 'GET',
- url: DataService.getHost() + '/xyz/openbmc_project/user',
- withCredentials: true
- })
- .then(
- function(response) {
- var json = JSON.stringify(response.data);
- var content = JSON.parse(json);
- var privList = content.data['AllPrivileges'];
-
- function convertPrivToRoleId(priv) {
- if (priv == 'priv-admin') {
- return 'Administrator';
- } else if (priv == 'priv-user') {
- return 'User';
- } else if (priv == 'priv-operator') {
- return 'Operator';
- } else if (priv == 'priv-callback') {
- return 'Callback';
- }
- return '';
- }
- for (var i = 0; i < privList.length; i++) {
- roles.push(convertPrivToRoleId(privList[i]));
- }
- return roles;
- },
- function(error) {
- console.log(error);
- });
- }
+ return roles;
+ },
+ function(error) {
+ console.log(error);
+ });
},
getAllUserAccounts: function() {
var deferred = $q.defer();
var promises = [];
var users = [];
- if (DataService.configJson.redfishSupportEnabled == true) {
- $http({
- method: 'GET',
- url:
- DataService.getHost() + '/redfish/v1/AccountService/Accounts',
- withCredentials: true
- })
- .then(
- function(response) {
- var members = response.data['Members'];
- angular.forEach(members, function(member) {
- promises.push(
- $http({
- method: 'GET',
- url: DataService.getHost() + member['@odata.id'],
- withCredentials: true
- }).then(function(res) {
- return res.data;
- }));
- });
-
- $q.all(promises).then(
- function(results) {
- deferred.resolve(results);
- },
- function(errors) {
- deferred.reject(errors);
- });
- },
- function(error) {
- console.log(error);
- deferred.reject(error);
- });
- } else {
- $http({
- method: 'GET',
- url:
- DataService.getHost() + '/xyz/openbmc_project/user/enumerate',
- withCredentials: true
- })
- .then(
- function(response) {
- var json = JSON.stringify(response.data);
- var content = JSON.parse(json);
-
- function convertPrivToRoleId(priv) {
- if (priv == 'priv-admin') {
- return 'Administrator';
- } else if (priv == 'priv-user') {
- return 'User';
- } else if (priv == 'priv-operator') {
- return 'Operator';
- } else if (priv == 'priv-callback') {
- return 'Callback';
- }
- return '';
- }
-
- for (var key in content.data) {
- var username = key.split('/').pop();
- if (content.data.hasOwnProperty(key) &&
- content.data[key].hasOwnProperty('UserPrivilege')) {
- var val = content.data[key];
- users.push(Object.assign({
- Id: username,
- UserName: username,
- Locked: val['UserLockedForFailedAttempt'],
- RoleId: convertPrivToRoleId(val['UserPrivilege']),
- Enabled: val['UserEnabled'],
- Password: null
+ $http({
+ method: 'GET',
+ url: DataService.getHost() + '/redfish/v1/AccountService/Accounts',
+ withCredentials: true
+ })
+ .then(
+ function(response) {
+ var members = response.data['Members'];
+ angular.forEach(members, function(member) {
+ promises.push(
+ $http({
+ method: 'GET',
+ url: DataService.getHost() + member['@odata.id'],
+ withCredentials: true
+ }).then(function(res) {
+ return res.data;
}));
- }
- }
- deferred.resolve(users);
- },
- function(error) {
- console.log(error);
- deferred.reject(error);
});
- }
+
+ $q.all(promises).then(
+ function(results) {
+ deferred.resolve(results);
+ },
+ function(errors) {
+ deferred.reject(errors);
+ });
+ },
+ function(error) {
+ console.log(error);
+ deferred.reject(error);
+ });
return deferred.promise;
},
@@ -719,183 +636,48 @@
},
createUser: function(user, passwd, role, enabled) {
- if (DataService.configJson.redfishSupportEnabled == true) {
- var data = {};
- data['UserName'] = user;
- data['Password'] = passwd;
- data['RoleId'] = role;
- data['Enabled'] = enabled;
+ var data = {};
+ data['UserName'] = user;
+ data['Password'] = passwd;
+ data['RoleId'] = role;
+ data['Enabled'] = enabled;
- return $http({
- method: 'POST',
- url:
- DataService.getHost() + '/redfish/v1/AccountService/Accounts',
- withCredentials: true,
- data: data
- });
- } else {
- function convertRoleIdToPriv(roleId) {
- if (roleId == 'Administrator') {
- return 'priv-admin';
- } else if (roleId == 'User') {
- return 'priv-user';
- } else if (roleId == 'Operator') {
- return 'priv-operator';
- } else if (roleId == 'Callback') {
- return 'priv-callback';
- }
- return '';
- }
- function setUserPassword(user, passwd) {
- return $http({
- method: 'POST',
- url: DataService.getHost() +
- '/xyz/openbmc_project/user/' + user +
- '/action/SetPassword',
- withCredentials: true,
- data: JSON.stringify({'data': [passwd]}),
- responseType: 'arraybuffer'
- })
- .then(function(response) {
- return response.data;
- });
- }
- var priv = convertRoleIdToPriv(role);
- return $http({
- method: 'POST',
- url: DataService.getHost() +
- '/xyz/openbmc_project/user/action/CreateUser',
- withCredentials: true,
- data: JSON.stringify({
- 'data':
- [user, ['web', 'redfish', 'ssh'], priv, enabled]
- }),
- responseType: 'arraybuffer'
- })
- .then(function(response) {
- return setUserPassword(user, passwd);
- });
- }
+ return $http({
+ method: 'POST',
+ url: DataService.getHost() + '/redfish/v1/AccountService/Accounts',
+ withCredentials: true,
+ data: data
+ });
},
updateUser: function(user, newUser, passwd, role, enabled) {
- if (DataService.configJson.redfishSupportEnabled == true) {
- var data = {};
- if ((newUser !== undefined) && (newUser != null)) {
- data['UserName'] = newUser;
- }
- if ((role !== undefined) && (role != null)) {
- data['RoleId'] = role;
- }
- if ((enabled !== undefined) && (enabled != null)) {
- data['Enabled'] = enabled;
- }
- if ((passwd !== undefined) && (passwd != null)) {
- data['Password'] = passwd;
- }
- return $http({
- method: 'PATCH',
- url: DataService.getHost() +
- '/redfish/v1/AccountService/Accounts/' + user,
- withCredentials: true,
- data: data
- });
- } else {
- var deferred = $q.defer();
- var promises = [];
- function convertRoleIdToPriv(roleId) {
- if (roleId == 'Administrator') {
- return 'priv-admin';
- } else if (roleId == 'User') {
- return 'priv-user';
- } else if (roleId == 'Operator') {
- return 'priv-operator';
- } else if (roleId == 'Callback') {
- return 'priv-callback';
- }
- return '';
- }
- function setUserProperty(user, propKey, propVal) {
- return $http({
- method: 'PUT',
- url: DataService.getHost() +
- '/xyz/openbmc_project/user/' + user + '/attr/' +
- propKey,
- withCredentials: true,
- data: JSON.stringify({'data': propVal})
- })
- .then(function(response) {
- return response.data;
- });
- }
- function setUserPassword(user, passwd) {
- return $http({
- method: 'POST',
- url: DataService.getHost() +
- '/xyz/openbmc_project/user/' + user +
- '/action/SetPassword',
- withCredentials: true,
- data: JSON.stringify({'data': [passwd]}),
- responseType: 'arraybuffer'
- })
- .then(function(response) {
- return response.data;
- });
- }
- function renameUser(user, newUser) {
- return $http({
- method: 'POST',
- url: DataService.getHost() +
- '/xyz/openbmc_project/user/action/RenameUser',
- withCredentials: true,
- data: JSON.stringify({'data': [user, newUser]})
- })
- .then(function(response) {
- return response.data;
- });
- }
- if ((role !== undefined) && (role != null)) {
- var priv = convertRoleIdToPriv(role);
- promises.push(setUserProperty(user, 'UserPrivilege', priv));
- }
- if ((enabled !== undefined) && (enabled != null)) {
- promises.push(setUserProperty(user, 'UserEnabled', enabled));
- }
- if ((passwd !== undefined) && (passwd != null)) {
- promises.push(setUserPassword(user, passwd));
- }
- if ((newUser !== undefined) && (newUser != null)) {
- promises.push(renameUser(user, newUser));
- }
- $q.all(promises).then(
- function(results) {
- deferred.resolve(results);
- },
- function(errors) {
- deferred.reject(errors);
- });
- return deferred.promise;
+ var data = {};
+ if ((newUser !== undefined) && (newUser != null)) {
+ data['UserName'] = newUser;
}
+ if ((role !== undefined) && (role != null)) {
+ data['RoleId'] = role;
+ }
+ if ((enabled !== undefined) && (enabled != null)) {
+ data['Enabled'] = enabled;
+ }
+ if ((passwd !== undefined) && (passwd != null)) {
+ data['Password'] = passwd;
+ }
+ return $http({
+ method: 'PATCH',
+ url: DataService.getHost() +
+ '/redfish/v1/AccountService/Accounts/' + user,
+ withCredentials: true,
+ data: data
+ });
},
deleteUser: function(user) {
- if (DataService.configJson.redfishSupportEnabled == true) {
- return $http({
- method: 'DELETE',
- url: DataService.getHost() +
- '/redfish/v1/AccountService/Accounts/' + user,
- withCredentials: true,
- });
- } else {
- return $http({
- method: 'POST',
- url: DataService.getHost() + '/xyz/openbmc_project/user/' +
- user + '/action/Delete',
- withCredentials: true,
- data: JSON.stringify({'data': []})
- })
- .then(function(response) {
- return response.data;
- });
- }
+ return $http({
+ method: 'DELETE',
+ url: DataService.getHost() +
+ '/redfish/v1/AccountService/Accounts/' + user,
+ withCredentials: true,
+ });
},
chassisPowerOff: function() {
var deferred = $q.defer();