diff options
author | Ed Tanous <ed@tanous.net> | 2024-05-10 01:48:09 +0300 |
---|---|---|
committer | Ed Tanous <ed@tanous.net> | 2024-05-10 02:16:06 +0300 |
commit | 83328316857b42960edd46cadf06902d2d4ba00b (patch) | |
tree | 1329cd1fe0eb4084411f8d9459a52f8cf3f0ed14 /http | |
parent | 3eaecac33685ca3297d53e041ab5c5116bc18d25 (diff) | |
download | bmcweb-83328316857b42960edd46cadf06902d2d4ba00b.tar.xz |
Fix lesser used options
25b54dba775b31021a3a4677eb79e9771bcb97f7 missed several cases where we
had ifndef instead of ifdef. because these weren't the defaults, these
don't show up as failures when testing.
Tested: Redfish service validator passes. Inspection primarily.
Mechanical change.
Change-Id: I3f6915a97eb44d071795aed76476c6bee7e8ed27
Signed-off-by: Ed Tanous <ed@tanous.net>
Diffstat (limited to 'http')
-rw-r--r-- | http/http2_connection.hpp | 41 | ||||
-rw-r--r-- | http/http_connection.hpp | 53 | ||||
-rw-r--r-- | http/parsing.hpp | 7 | ||||
-rw-r--r-- | http/websocket.hpp | 22 |
4 files changed, 63 insertions, 60 deletions
diff --git a/http/http2_connection.hpp b/http/http2_connection.hpp index efe66b635f..446c38f302 100644 --- a/http/http2_connection.hpp +++ b/http/http2_connection.hpp @@ -262,31 +262,30 @@ class HTTP2Connection : }); auto asyncResp = std::make_shared<bmcweb::AsyncResp>(std::move(it->second.res)); -#ifndef BMCWEB_INSECURE_DISABLE_AUTHX - thisReq.session = crow::authentication::authenticate( - {}, asyncResp->res, thisReq.method(), thisReq.req, nullptr); - if (!crow::authentication::isOnAllowlist(thisReq.url().path(), - thisReq.method()) && - thisReq.session == nullptr) - { - BMCWEB_LOG_WARNING("Authentication failed"); - forward_unauthorized::sendUnauthorized( - thisReq.url().encoded_path(), - thisReq.getHeaderValue("X-Requested-With"), - thisReq.getHeaderValue("Accept"), asyncResp->res); - } - else -#endif // BMCWEB_INSECURE_DISABLE_AUTHX + if constexpr (!BMCWEB_INSECURE_DISABLE_AUTH) { - std::string_view expected = thisReq.getHeaderValue( - boost::beast::http::field::if_none_match); - BMCWEB_LOG_DEBUG("Setting expected hash {}", expected); - if (!expected.empty()) + thisReq.session = crow::authentication::authenticate( + {}, asyncResp->res, thisReq.method(), thisReq.req, nullptr); + if (!crow::authentication::isOnAllowlist(thisReq.url().path(), + thisReq.method()) && + thisReq.session == nullptr) { - asyncResp->res.setExpectedHash(expected); + BMCWEB_LOG_WARNING("Authentication failed"); + forward_unauthorized::sendUnauthorized( + thisReq.url().encoded_path(), + thisReq.getHeaderValue("X-Requested-With"), + thisReq.getHeaderValue("Accept"), asyncResp->res); + return 0; } - handler->handle(it->second.req, asyncResp); } + std::string_view expected = + thisReq.getHeaderValue(boost::beast::http::field::if_none_match); + BMCWEB_LOG_DEBUG("Setting expected hash {}", expected); + if (!expected.empty()) + { + asyncResp->res.setExpectedHash(expected); + } + handler->handle(it->second.req, asyncResp); return 0; } diff --git a/http/http_connection.hpp b/http/http_connection.hpp index 29e876d0a9..4d9c9806ef 100644 --- a/http/http_connection.hpp +++ b/http/http_connection.hpp @@ -273,20 +273,21 @@ class Connection : keepAlive = req->keepAlive(); if constexpr (!std::is_same_v<Adaptor, boost::beast::test::stream>) { -#ifndef BMCWEB_INSECURE_DISABLE_AUTHX - if (!crow::authentication::isOnAllowlist(req->url().path(), - req->method()) && - req->session == nullptr) + if constexpr (!BMCWEB_INSECURE_DISABLE_AUTH) { - BMCWEB_LOG_WARNING("Authentication failed"); - forward_unauthorized::sendUnauthorized( - req->url().encoded_path(), - req->getHeaderValue("X-Requested-With"), - req->getHeaderValue("Accept"), res); - completeRequest(res); - return; + if (!crow::authentication::isOnAllowlist(req->url().path(), + req->method()) && + req->session == nullptr) + { + BMCWEB_LOG_WARNING("Authentication failed"); + forward_unauthorized::sendUnauthorized( + req->url().encoded_path(), + req->getHeaderValue("X-Requested-With"), + req->getHeaderValue("Accept"), res); + completeRequest(res); + return; + } } -#endif // BMCWEB_INSECURE_DISABLE_AUTHX } auto asyncResp = std::make_shared<bmcweb::AsyncResp>(); BMCWEB_LOG_DEBUG("Setting completion handler"); @@ -406,12 +407,13 @@ class Connection : private: uint64_t getContentLengthLimit() { -#ifndef BMCWEB_INSECURE_DISABLE_AUTHX - if (userSession == nullptr) + if constexpr (!BMCWEB_INSECURE_DISABLE_AUTH) { - return loggedOutPostBodyLimit; + if (userSession == nullptr) + { + return loggedOutPostBodyLimit; + } } -#endif return httpReqBodyLimit; } @@ -515,6 +517,16 @@ class Connection : return; } + if constexpr (!std::is_same_v<Adaptor, boost::beast::test::stream>) + { + if constexpr (!BMCWEB_INSECURE_DISABLE_AUTH) + { + boost::beast::http::verb method = parser->get().method(); + userSession = crow::authentication::authenticate( + ip, res, method, parser->get().base(), mtlsSession); + } + } + std::string_view expect = parser->get()[boost::beast::http::field::expect]; if (bmcweb::asciiIEquals(expect, "100-continue")) @@ -524,15 +536,6 @@ class Connection : return; } - if constexpr (!std::is_same_v<Adaptor, boost::beast::test::stream>) - { -#ifndef BMCWEB_INSECURE_DISABLE_AUTHX - boost::beast::http::verb method = parser->get().method(); - userSession = crow::authentication::authenticate( - ip, res, method, parser->get().base(), mtlsSession); -#endif // BMCWEB_INSECURE_DISABLE_AUTHX - } - if (!handleContentLengthError()) { return; diff --git a/http/parsing.hpp b/http/parsing.hpp index cf813537ed..d59621104c 100644 --- a/http/parsing.hpp +++ b/http/parsing.hpp @@ -32,9 +32,10 @@ inline JsonParseResult parseRequestAsJson(const crow::Request& req, req.getHeaderValue(boost::beast::http::field::content_type))) { BMCWEB_LOG_WARNING("Failed to parse content type on request"); -#ifndef BMCWEB_INSECURE_IGNORE_CONTENT_TYPE - return JsonParseResult::BadContentType; -#endif + if constexpr (!BMCWEB_INSECURE_IGNORE_CONTENT_TYPE) + { + return JsonParseResult::BadContentType; + } } jsonOut = nlohmann::json::parse(req.body(), nullptr, false); if (jsonOut.is_discarded()) diff --git a/http/websocket.hpp b/http/websocket.hpp index e669ffa611..e8d7b1259e 100644 --- a/http/websocket.hpp +++ b/http/websocket.hpp @@ -93,21 +93,21 @@ class ConnectionImpl : public Connection ws.set_option(boost::beast::websocket::stream_base::decorator( [session{session}, protocolHeader](boost::beast::websocket::response_type& m) { - -#ifndef BMCWEB_INSECURE_DISABLE_CSRF_PREVENTION - if (session != nullptr) + if constexpr (!BMCWEB_INSECURE_DISABLE_CSRF) { - // use protocol for csrf checking - if (session->cookieAuth && - !crow::utility::constantTimeStringCompare( - protocolHeader, session->csrfToken)) + if (session != nullptr) { - BMCWEB_LOG_ERROR("Websocket CSRF error"); - m.result(boost::beast::http::status::unauthorized); - return; + // use protocol for csrf checking + if (session->cookieAuth && + !crow::utility::constantTimeStringCompare( + protocolHeader, session->csrfToken)) + { + BMCWEB_LOG_ERROR("Websocket CSRF error"); + m.result(boost::beast::http::status::unauthorized); + return; + } } } -#endif if (!protocolHeader.empty()) { m.insert(bf::sec_websocket_protocol, protocolHeader); |