diff options
Diffstat (limited to 'include')
-rw-r--r-- | include/login_routes.hpp | 51 |
1 files changed, 23 insertions, 28 deletions
diff --git a/include/login_routes.hpp b/include/login_routes.hpp index ae99757ef8..1030e6db85 100644 --- a/include/login_routes.hpp +++ b/include/login_routes.hpp @@ -17,6 +17,25 @@ namespace crow namespace login_routes { +inline void + afterAuthenticateUser(const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, + std::string_view username, + const boost::asio::ip::address& ipAddress, + int32_t pamrc) +{ + bool isConfigureSelfOnly = pamrc == PAM_NEW_AUTHTOK_REQD; + if ((pamrc != PAM_SUCCESS) && !isConfigureSelfOnly) + { + asyncResp->res.result(boost::beast::http::status::unauthorized); + return; + } + auto session = + persistent_data::SessionStore::getInstance().generateUserSession( + username, ipAddress, std::nullopt, + persistent_data::PersistenceType::TIMEOUT, isConfigureSelfOnly); + // if content type is json, assume json token + asyncResp->res.jsonValue["token"] = session->sessionToken; +} inline void handleLogin(const crow::Request& req, const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) @@ -151,38 +170,14 @@ inline void handleLogin(const crow::Request& req, password = req.getHeaderValue("password"); } - if (!username.empty() && !password.empty()) - { - int pamrc = pamAuthenticateUser(username, password); - bool isConfigureSelfOnly = pamrc == PAM_NEW_AUTHTOK_REQD; - if ((pamrc != PAM_SUCCESS) && !isConfigureSelfOnly) - { - asyncResp->res.result(boost::beast::http::status::unauthorized); - } - else - { - auto session = persistent_data::SessionStore::getInstance() - .generateUserSession( - username, req.ipAddress, std::nullopt, - persistent_data::PersistenceType::TIMEOUT, - isConfigureSelfOnly); - - asyncResp->res.addHeader(boost::beast::http::field::set_cookie, - "XSRF-TOKEN=" + session->csrfToken + - "; SameSite=Strict; Secure"); - asyncResp->res.addHeader(boost::beast::http::field::set_cookie, - "SESSION=" + session->sessionToken + - "; SameSite=Strict; Secure; HttpOnly"); - - // if content type is json, assume json token - asyncResp->res.jsonValue["token"] = session->sessionToken; - } - } - else + if (username.empty() || password.empty()) { BMCWEB_LOG_DEBUG("Couldn't interpret password"); asyncResp->res.result(boost::beast::http::status::bad_request); + return; } + int pamrc = pamAuthenticateUser(username, password); + afterAuthenticateUser(asyncResp, username, req.ipAddress, pamrc); } inline void handleLogout(const crow::Request& req, |