diff options
author | Ed Tanous <edtanous@google.com> | 2021-03-11 00:29:30 +0300 |
---|---|---|
committer | Ed Tanous <ed@tanous.net> | 2021-04-26 22:11:36 +0300 |
commit | d4b6c66034de374cf0b14e05b0d20e87a8cefaf3 (patch) | |
tree | 4c00cad1d77272925af143531b19d898ac2f84d5 /include/webassets.hpp | |
parent | 1a6258dc985cde406d9098130e4a2d683e82beb2 (diff) | |
download | bmcweb-d4b6c66034de374cf0b14e05b0d20e87a8cefaf3.tar.xz |
Fix infinite redirect when webui isn't installed
In the begining, bmcweb had its own webui checked in as source. Largely
conceived of clay, and built by someone that doesn't understand UI
development (me), it was eventually superceeded by phosphor-webui. When
we did that, we created a bug where bmcweb was expecting a UI to always
be installed, and when it wasn't resolved into an infinite recursive
redirect as it tried to find the login page.
This patchset fixes that, by adding a connection between the
authorization class, and the webassets class, for bmcweb to detect at
runtime whether or not the UI is installed, and change behavior in that
case.
Along the way, we got a circular #include, so some includes needed to be
rearranged slightly.
This patchset will change no behavior when the UI is installed. Login
failures will continue to redirect to /, to hit the login page.
If the UI is not installed, and there is no / route, BMCWEB will return
the plaintext UNAUTHORIZED if you attempt to open the webui from the
browser without having a webui installed and without having credentials.
Tested:
Launched in a build without webui-vue, and observed "UNAUTHORIZED" when
I connected through chrome.
Also launched in a build with webui-vue installed with:
IMAGE_INSTALL_append = "webui-vue"
And loaded the webui in chrome, and logged in successfully.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Iac9b83ba9e80d434479685b082d547847cdfe309
Diffstat (limited to 'include/webassets.hpp')
-rw-r--r-- | include/webassets.hpp | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/include/webassets.hpp b/include/webassets.hpp index 070442e79b..f92214fcde 100644 --- a/include/webassets.hpp +++ b/include/webassets.hpp @@ -142,6 +142,11 @@ inline void requestRoutes(App& app) << extension; } + if (webpath == "/") + { + forward_unauthorized::hasWebuiRoute = true; + } + app.routeDynamic(webpath)( [absolutePath, contentType, contentEncoding]( const crow::Request&, |