diff options
| -rw-r--r-- | include/persistent_data.hpp | 24 | ||||
| -rw-r--r-- | include/sessions.hpp | 17 |
2 files changed, 27 insertions, 14 deletions
diff --git a/include/persistent_data.hpp b/include/persistent_data.hpp index 9c86f6545e..038fcc612d 100644 --- a/include/persistent_data.hpp +++ b/include/persistent_data.hpp @@ -169,16 +169,18 @@ class ConfigFile std::filesystem::perms::group_read; std::filesystem::permissions(filename, permission); const auto& c = SessionStore::getInstance().getAuthMethodsConfig(); - nlohmann::json data{{"auth_config", - {{"XToken", c.xtoken}, - {"Cookie", c.cookie}, - {"SessionToken", c.sessionToken}, - {"BasicAuth", c.basic}, - {"TLS", c.tls}} - - }, - {"system_uuid", systemUuid}, - {"revision", jsonRevision}}; + nlohmann::json data{ + {"auth_config", + {{"XToken", c.xtoken}, + {"Cookie", c.cookie}, + {"SessionToken", c.sessionToken}, + {"BasicAuth", c.basic}, + {"TLS", c.tls}} + + }, + {"system_uuid", systemUuid}, + {"revision", jsonRevision}, + {"timeout", SessionStore::getInstance().getTimeoutInSeconds()}}; nlohmann::json& sessions = data["sessions"]; sessions = nlohmann::json::array(); @@ -192,8 +194,6 @@ class ConfigFile {"session_token", p.second->sessionToken}, {"username", p.second->username}, {"csrf_token", p.second->csrfToken}, - {"timeout", - SessionStore::getInstance().getTimeoutInSeconds()}, #ifdef BMCWEB_ENABLE_IBM_MANAGEMENT_CONSOLE {"client_id", p.second->clientId}, #endif diff --git a/include/sessions.hpp b/include/sessions.hpp index 88fd487024..dc6ac1f4fe 100644 --- a/include/sessions.hpp +++ b/include/sessions.hpp @@ -79,7 +79,7 @@ struct UserSession { BMCWEB_LOG_ERROR << "Error reading persistent store. Property " << element.key() << " was not of type string"; - return nullptr; + continue; } if (element.key() == "unique_id") { @@ -97,10 +97,12 @@ struct UserSession { userSession->username = *thisValue; } +#ifdef BMCWEB_ENABLE_IBM_MANAGEMENT_CONSOLE else if (element.key() == "client_id") { userSession->clientId = *thisValue; } +#endif else if (element.key() == "client_ip") { userSession->clientIp = *thisValue; @@ -111,9 +113,20 @@ struct UserSession BMCWEB_LOG_ERROR << "Got unexpected property reading persistent file: " << element.key(); - return nullptr; + continue; } } + // If any of these fields are missing, we can't restore the session, as + // we don't have enough information. These 4 fields have been present + // in every version of this file in bmcwebs history, so any file, even + // on upgrade, should have these present + if (userSession->uniqueId.empty() || userSession->username.empty() || + userSession->sessionToken.empty() || userSession->csrfToken.empty()) + { + BMCWEB_LOG_DEBUG << "Session missing required security " + "information, refusing to restore"; + return nullptr; + } // For now, sessions that were persisted through a reboot get their idle // timer reset. This could probably be overcome with a better |