diff options
author | Ed Tanous <edtanous@google.com> | 2022-06-23 01:49:37 +0300 |
---|---|---|
committer | Ed Tanous <ed@tanous.net> | 2022-06-27 20:54:25 +0300 |
commit | 347d1a195e1f0a9765bc8ae7be39f6eb6577d487 (patch) | |
tree | 38132ab836431414f6d51ea71d23514eb1d991ab /include/forward_unauthorized.hpp | |
parent | 22daffd71eb246fb42f7f356025e92659b713151 (diff) | |
download | bmcweb-347d1a195e1f0a9765bc8ae7be39f6eb6577d487.tar.xz |
Rearrange forward_unauthorized
This file is kind of hard to read. Try to improve it.
This readability problem caused me to miss one of the cases and invert
it, and because there's 6 possible clients/flows that need tested through
these, my testing didn't catch it originally.
Tested:
Redfish protocol validator now passes one more test for
www-authenticate. 18 failing test cases down to 12.
'''
curl -vvvv --insecure -H "Accepts: application/json" https://192.168.7.2/redfish/v1/SessionService/Sessions
'''
Now returns WWW-Authenticate when basic auth is enabled.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Idaed4c1fe3f58667b5478006d3091d820ca26d58
Diffstat (limited to 'include/forward_unauthorized.hpp')
-rw-r--r-- | include/forward_unauthorized.hpp | 43 |
1 files changed, 21 insertions, 22 deletions
diff --git a/include/forward_unauthorized.hpp b/include/forward_unauthorized.hpp index 5b437b1695..ddf3e3b13d 100644 --- a/include/forward_unauthorized.hpp +++ b/include/forward_unauthorized.hpp @@ -22,31 +22,30 @@ inline void sendUnauthorized(std::string_view url, res.result(boost::beast::http::status::temporary_redirect); res.addHeader("Location", "/#/login?next=" + http_helpers::urlEncode(url)); + return; } - else - { - // If we don't have a webui installed, just return a lame - // unauthorized body - res.result(boost::beast::http::status::unauthorized); - res.body() = "Unauthorized"; - } - } - else - { + // If we don't have a webui installed, just return an unauthorized + // body res.result(boost::beast::http::status::unauthorized); + res.body() = "Unauthorized"; + return; + } - // XHR requests from a browser will set the X-Requested-With header when - // doing their requests, even though they might not be requesting html. - if (!xRequestedWith.empty()) - { - // Only propose basic auth as an option if it's enabled. - if (persistent_data::SessionStore::getInstance() - .getAuthMethodsConfig() - .basic) - { - res.addHeader("WWW-Authenticate", "Basic"); - } - } + res.result(boost::beast::http::status::unauthorized); + + // XHR requests from a browser will set the X-Requested-With header when + // doing their requests, even though they might not be requesting html. + if (!xRequestedWith.empty()) + { + return; + } + // if basic auth is disabled, don't propose it. + if (!persistent_data::SessionStore::getInstance() + .getAuthMethodsConfig() + .basic) + { + return; } + res.addHeader("WWW-Authenticate", "Basic"); } } // namespace forward_unauthorized |