diff options
| author | Paul Fertser <fercerpav@gmail.com> | 2024-04-11 13:51:41 +0300 |
|---|---|---|
| committer | Paul Fertser <fercerpav@gmail.com> | 2024-05-02 16:32:56 +0300 |
| commit | 2b33526c41c23217365e8eb0523d182bcdee622a (patch) | |
| tree | 41cd050f735ccbc7503b1a8660b98d15f4ac8456 | |
| parent | 01492c3dcbdba6b463ecef63f4c769520432d829 (diff) | |
| download | webui-vue-2b33526c41c23217365e8eb0523d182bcdee622a.tar.xz | |
Allow to log in when using remote authentication
For accounts authenticated remotely (e.g. with LDAP or RADIUS) the API
endpoint (handled by bmcweb) can not provide any information about
RoleId currently, reporting 404 instead. This confuses the frontend and
it doesn't allow to navigate at all.
Fix this by lifting all frontend-side restrictions by assuming
'Administrator' role in this case. Since the backend verifies validity
of each and every request anyway this doesn't affect security anyhow.
Tested: logging in, out and incorrectly using local BMC and remote LDAP
users, reloading the page with an active session. In all cases frontend
behaved as expected, storing assumed RoleId after getting 404 not found
reply and using it for unrestricted routing decisions.
Change-Id: If17d06bf0b8a372acd1980f6777227e25d9c78d8
Signed-off-by: Paul Fertser <fercerpav@gmail.com>
| -rw-r--r-- | src/router/routes.js | 2 | ||||
| -rw-r--r-- | src/store/modules/Authentication/AuthenticanStore.js | 12 |
2 files changed, 12 insertions, 2 deletions
diff --git a/src/router/routes.js b/src/router/routes.js index eb376aad..5424cab8 100644 --- a/src/router/routes.js +++ b/src/router/routes.js @@ -301,4 +301,4 @@ const routes = [ }, ]; -export default routes; +export { routes as default, roles }; diff --git a/src/store/modules/Authentication/AuthenticanStore.js b/src/store/modules/Authentication/AuthenticanStore.js index 57270159..2006661b 100644 --- a/src/store/modules/Authentication/AuthenticanStore.js +++ b/src/store/modules/Authentication/AuthenticanStore.js @@ -1,6 +1,7 @@ import api from '@/store/api'; import Cookies from 'js-cookie'; import router from '@/router'; +import { roles } from '@/router/routes'; const AuthenticationStore = { namespaced: true, @@ -68,7 +69,16 @@ const AuthenticationStore = { commit('global/setPrivilege', data.RoleId, { root: true }); return data; }) - .catch((error) => console.log(error)); + .catch((error) => { + if (error.response?.status === 404) { + // We have valid credentials but user isn't known, assume remote + // authentication (e.g. LDAP) and do not restrict the routing + commit('global/setPrivilege', roles.administrator, { root: true }); + return {}; + } else { + console.log(error); + } + }); }, resetStoreState({ state }) { state.authError = false; |