Use auth token when not communicating with bmcweb
Redfish backends other than OpenBMC bmcweb expect clients to
authenticate using X-Auth-Token HTTP header as that's the only standard
authentication method for Redfish sessions.
This code falls back to using the token in case Session creation didn't
result in obtaining an XSRF cookie (as should normally happen with
bmcweb).
Limitations: all WebSocket-based functionality can not work (JS-based
NBD Virtual Media, IP KVM, SOL), page reload drops the session and
requires to log in again.
Tested: logging in, observing Overview and successfully logging out of
an AMI MegaRAC BMC. Logging in and navigating around a bmcweb-running
system which doesn't have the code to provide cookies for Session POST
request (everything works as usual sans WS-based features).
Change-Id: I81dc881193440d8d252dcd283b99915bd08c0c5e
Signed-off-by: Paul Fertser <fercerpav@gmail.com>
diff --git a/src/store/api.js b/src/store/api.js
index 32d5427..664e2b7 100644
--- a/src/store/api.js
+++ b/src/store/api.js
@@ -72,6 +72,9 @@
spread(callback) {
return Axios.spread(callback);
},
+ set_auth_token(token) {
+ axiosInstance.defaults.headers.common['X-Auth-Token'] = token;
+ },
};
export const getResponseCount = (responses) => {
diff --git a/src/store/modules/Authentication/AuthenticanStore.js b/src/store/modules/Authentication/AuthenticanStore.js
index b64def0..3122ab2 100644
--- a/src/store/modules/Authentication/AuthenticanStore.js
+++ b/src/store/modules/Authentication/AuthenticanStore.js
@@ -11,6 +11,7 @@
xsrfCookie: Cookies.get('XSRF-TOKEN'),
isAuthenticatedCookie: Cookies.get('IsAuthenticated'),
sessionURI: localStorage.getItem('sessionURI'),
+ xAuthToken: null,
},
getters: {
consoleWindow: (state) => state.consoleWindow,
@@ -19,19 +20,29 @@
// We might have gotten XSRF-TOKEN (and HttpOnly SESSION cookie) by Mutual TLS authentication,
// without going through explicit Session creation
return (
- state.xsrfCookie !== undefined || state.isAuthenticatedCookie == 'true'
+ state.xsrfCookie !== undefined ||
+ state.isAuthenticatedCookie == 'true' ||
+ state.xAuthToken !== null
);
},
// Used to authenticate WebSocket connections via subprotocol value
token: (state) => state.xsrfCookie,
},
mutations: {
- authSuccess(state, { session }) {
+ authSuccess(state, { session, token }) {
state.authError = false;
state.xsrfCookie = Cookies.get('XSRF-TOKEN');
// Preserve session data across page reloads and browser restarts
localStorage.setItem('sessionURI', session);
state.sessionURI = session;
+ // If we didn't get the XSRF cookie it means we are talking to a
+ // Redfish implementation that is not bmcweb. In this case get the token
+ // from headers and send it with the future requests, do not permanently
+ // save anywhere.
+ if (state.xsrfCookie === undefined) {
+ api.set_auth_token(token);
+ state.xAuthToken = token;
+ }
},
authError(state, authError = true) {
state.authError = authError;
@@ -39,11 +50,13 @@
logout(state) {
Cookies.remove('XSRF-TOKEN');
Cookies.remove('IsAuthenticated');
+ api.set_auth_token(undefined);
localStorage.removeItem('storedUsername');
state.xsrfCookie = undefined;
state.isAuthenticatedCookie = undefined;
localStorage.removeItem('sessionURI');
state.sessionURI = null;
+ state.xAuthToken = null;
state.consoleWindow = false;
},
},
@@ -58,6 +71,7 @@
.then((response) => {
commit('authSuccess', {
session: response.headers['location'],
+ token: response.headers['x-auth-token'],
});
return isPasswordExpired(response);
})