diff options
author | Ed Tanous <edtanous@google.com> | 2023-07-21 02:24:25 +0300 |
---|---|---|
committer | Ed Tanous <ed@tanous.net> | 2024-03-16 23:35:20 +0300 |
commit | cd40b060ee2df5469077a70d15590f86158f2c60 (patch) | |
tree | 8065b29a7d1795e5f81882f87d61477d76ae081d /include | |
parent | 619b860927e24b3bc22f8b891d28ee6ed979ee42 (diff) | |
download | bmcweb-cd40b060ee2df5469077a70d15590f86158f2c60.tar.xz |
Refactor after login
Break out this method into a smaller section.
Tested: Redfish service validator passes
Change-Id: I0ca4e9ea14c505a1ed00dae4cba1285e4ac1f36d
Signed-off-by: Ed Tanous <edtanous@google.com>
Diffstat (limited to 'include')
-rw-r--r-- | include/login_routes.hpp | 51 |
1 files changed, 23 insertions, 28 deletions
diff --git a/include/login_routes.hpp b/include/login_routes.hpp index ae99757ef8..1030e6db85 100644 --- a/include/login_routes.hpp +++ b/include/login_routes.hpp @@ -17,6 +17,25 @@ namespace crow namespace login_routes { +inline void + afterAuthenticateUser(const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, + std::string_view username, + const boost::asio::ip::address& ipAddress, + int32_t pamrc) +{ + bool isConfigureSelfOnly = pamrc == PAM_NEW_AUTHTOK_REQD; + if ((pamrc != PAM_SUCCESS) && !isConfigureSelfOnly) + { + asyncResp->res.result(boost::beast::http::status::unauthorized); + return; + } + auto session = + persistent_data::SessionStore::getInstance().generateUserSession( + username, ipAddress, std::nullopt, + persistent_data::PersistenceType::TIMEOUT, isConfigureSelfOnly); + // if content type is json, assume json token + asyncResp->res.jsonValue["token"] = session->sessionToken; +} inline void handleLogin(const crow::Request& req, const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) @@ -151,38 +170,14 @@ inline void handleLogin(const crow::Request& req, password = req.getHeaderValue("password"); } - if (!username.empty() && !password.empty()) - { - int pamrc = pamAuthenticateUser(username, password); - bool isConfigureSelfOnly = pamrc == PAM_NEW_AUTHTOK_REQD; - if ((pamrc != PAM_SUCCESS) && !isConfigureSelfOnly) - { - asyncResp->res.result(boost::beast::http::status::unauthorized); - } - else - { - auto session = persistent_data::SessionStore::getInstance() - .generateUserSession( - username, req.ipAddress, std::nullopt, - persistent_data::PersistenceType::TIMEOUT, - isConfigureSelfOnly); - - asyncResp->res.addHeader(boost::beast::http::field::set_cookie, - "XSRF-TOKEN=" + session->csrfToken + - "; SameSite=Strict; Secure"); - asyncResp->res.addHeader(boost::beast::http::field::set_cookie, - "SESSION=" + session->sessionToken + - "; SameSite=Strict; Secure; HttpOnly"); - - // if content type is json, assume json token - asyncResp->res.jsonValue["token"] = session->sessionToken; - } - } - else + if (username.empty() || password.empty()) { BMCWEB_LOG_DEBUG("Couldn't interpret password"); asyncResp->res.result(boost::beast::http::status::bad_request); + return; } + int pamrc = pamAuthenticateUser(username, password); + afterAuthenticateUser(asyncResp, username, req.ipAddress, pamrc); } inline void handleLogout(const crow::Request& req, |