Timeout is not per-session

fix regression on 5fb91ba400e0482813cf5e1a86fdca17468d0a6a. Timeout is a global setting, not a per-session setting. This caused problems with regenerating it, as session restoration doesn't follow the "best effort" policy we've done before. This commit: 1. Makes Session::fromJson more robust against extra keys. 2. Disallowed reading in client_id if IBM_Management_console isn't enabled. 3. Moves timeout to the proper place in the persistent config file. Resolves https://github.com/openbmc/bmcweb/issues/158 Tested: Downloaded to bmc, cleared bmcweb_persistent_data.json, then logged in using webui-vue. Rebooted BMC. Reloaded /redfish/v1/SessionService/Sessions/<sessionid> and observed that all data restored properly. Unclear why, but ClientOriginIPAddress seems broken, but that seems true prior to this patch. Data that got returned is included for completeness. { "@odata.id": "/redfish/v1/SessionService/Sessions/BKqK5dNfNS", "@odata.type": "#Session.v1_3_0.Session", "ClientOriginIPAddress": "", "Description": "Manager User Session", "Id": "BKqK5dNfNS", "Name": "User Session", "UserName": "root" } Signed-off-by: Ed Tanous <ed@tanous.net> Change-Id: I716431fd4775af63715d07973f723caa8cb34259
author: Ed Tanous <ed@tanous.net> 2020-10-21 22:33:42 +0300
committer: Sunitha Harish <sunharis@in.ibm.com> 2020-10-23 14:23:01 +0300
commit: dc511aa73001a593a16dbcdaa5d53f320e4c7818 (patch)
tree: b57239d7550273bcd571ffba721345814288feb5
parent: c7d3422c108c6a88bbeffcea3edbb3f59e3992e3 (diff)
download: bmcweb-dc511aa73001a593a16dbcdaa5d53f320e4c7818.tar.xz
2 files changed, 27 insertions, 14 deletions
diff --git a/include/persistent_data.hpp b/include/persistent_data.hpp
index 9c86f6545e..038fcc612d 100644
--- a/include/persistent_data.hpp
+++ b/include/persistent_data.hpp
@@ -169,16 +169,18 @@ class ConfigFile
             std::filesystem::perms::group_read;
         std::filesystem::permissions(filename, permission);
         const auto& c = SessionStore::getInstance().getAuthMethodsConfig();
-        nlohmann::json data{{"auth_config",
-                             {{"XToken", c.xtoken},
-                              {"Cookie", c.cookie},
-                              {"SessionToken", c.sessionToken},
-                              {"BasicAuth", c.basic},
-                              {"TLS", c.tls}}
-
-                            },
-                            {"system_uuid", systemUuid},
-                            {"revision", jsonRevision}};
+        nlohmann::json data{
+            {"auth_config",
+             {{"XToken", c.xtoken},
+              {"Cookie", c.cookie},
+              {"SessionToken", c.sessionToken},
+              {"BasicAuth", c.basic},
+              {"TLS", c.tls}}
+
+            },
+            {"system_uuid", systemUuid},
+            {"revision", jsonRevision},
+            {"timeout", SessionStore::getInstance().getTimeoutInSeconds()}};
 
         nlohmann::json& sessions = data["sessions"];
         sessions = nlohmann::json::array();
@@ -192,8 +194,6 @@ class ConfigFile
                     {"session_token", p.second->sessionToken},
                     {"username", p.second->username},
                     {"csrf_token", p.second->csrfToken},
-                    {"timeout",
-                     SessionStore::getInstance().getTimeoutInSeconds()},
 #ifdef BMCWEB_ENABLE_IBM_MANAGEMENT_CONSOLE
                     {"client_id", p.second->clientId},
 #endif
diff --git a/include/sessions.hpp b/include/sessions.hpp
index 88fd487024..dc6ac1f4fe 100644
--- a/include/sessions.hpp
+++ b/include/sessions.hpp
@@ -79,7 +79,7 @@ struct UserSession
             {
                 BMCWEB_LOG_ERROR << "Error reading persistent store.  Property "
                                  << element.key() << " was not of type string";
-                return nullptr;
+                continue;
             }
             if (element.key() == "unique_id")
             {
@@ -97,10 +97,12 @@ struct UserSession
             {
                 userSession->username = *thisValue;
             }
+#ifdef BMCWEB_ENABLE_IBM_MANAGEMENT_CONSOLE
             else if (element.key() == "client_id")
             {
                 userSession->clientId = *thisValue;
             }
+#endif
             else if (element.key() == "client_ip")
             {
                 userSession->clientIp = *thisValue;
@@ -111,9 +113,20 @@ struct UserSession
                 BMCWEB_LOG_ERROR
                     << "Got unexpected property reading persistent file: "
                     << element.key();
-                return nullptr;
+                continue;
             }
         }
+        // If any of these fields are missing, we can't restore the session, as
+        // we don't have enough information.  These 4 fields have been present
+        // in every version of this file in bmcwebs history, so any file, even
+        // on upgrade, should have these present
+        if (userSession->uniqueId.empty() || userSession->username.empty() ||
+            userSession->sessionToken.empty() || userSession->csrfToken.empty())
+        {
+            BMCWEB_LOG_DEBUG << "Session missing required security "
+                                "information, refusing to restore";
+            return nullptr;
+        }
 
         // For now, sessions that were persisted through a reboot get their idle
         // timer reset.  This could probably be overcome with a better
author	Ed Tanous <ed@tanous.net>	2020-10-21 22:33:42 +0300
committer	Sunitha Harish <sunharis@in.ibm.com>	2020-10-23 14:23:01 +0300
commit	dc511aa73001a593a16dbcdaa5d53f320e4c7818 (patch)
tree	b57239d7550273bcd571ffba721345814288feb5
parent	c7d3422c108c6a88bbeffcea3edbb3f59e3992e3 (diff)
download	bmcweb-dc511aa73001a593a16dbcdaa5d53f320e4c7818.tar.xz