diff options
Diffstat (limited to 'redfish-core/lib/account_service.hpp')
-rw-r--r-- | redfish-core/lib/account_service.hpp | 109 |
1 files changed, 101 insertions, 8 deletions
diff --git a/redfish-core/lib/account_service.hpp b/redfish-core/lib/account_service.hpp index 59e2d1cd67..bc8ce771d6 100644 --- a/redfish-core/lib/account_service.hpp +++ b/redfish-core/lib/account_service.hpp @@ -553,7 +553,8 @@ inline void getLDAPConfigData(const std::string& ldapType, class AccountService : public Node { public: - AccountService(CrowApp& app) : Node(app, "/redfish/v1/AccountService/") + AccountService(CrowApp& app) : + Node(app, "/redfish/v1/AccountService/"), app(app) { entityPrivileges = { {boost::beast::http::verb::get, @@ -887,6 +888,65 @@ class AccountService : public Node ldapEnableInterface, "Enabled", std::variant<bool>(serviceEnabled)); } + void handleAuthMethodsPatch(nlohmann::json& input, + const std::shared_ptr<AsyncResp>& asyncResp) + { + std::optional<bool> basicAuth; + std::optional<bool> cookie; + std::optional<bool> sessionToken; + std::optional<bool> xToken; + + if (!json_util::readJson(input, asyncResp->res, "BasicAuth", basicAuth, + "Cookie", cookie, "SessionToken", sessionToken, + "XToken", xToken)) + { + BMCWEB_LOG_ERROR << "Cannot read values from AuthMethod tag"; + return; + } + + // Make a copy of methods configuration + crow::persistent_data::AuthConfigMethods authMethodsConfig = + crow::persistent_data::SessionStore::getInstance() + .getAuthMethodsConfig(); + + if (basicAuth) + { + authMethodsConfig.basic = *basicAuth; + } + + if (cookie) + { + authMethodsConfig.cookie = *cookie; + } + + if (sessionToken) + { + authMethodsConfig.sessionToken = *sessionToken; + } + + if (xToken) + { + authMethodsConfig.xtoken = *xToken; + } + + if (!authMethodsConfig.basic && !authMethodsConfig.cookie && + !authMethodsConfig.sessionToken && !authMethodsConfig.xtoken) + { + // Do not allow user to disable everything + messages::actionNotSupported(asyncResp->res, + "of disabling all available methods"); + return; + } + + crow::persistent_data::SessionStore::getInstance() + .updateAuthMethodsConfig(authMethodsConfig); + // Save configuration immediately + app.template getMiddleware<crow::persistent_data::Middleware>() + .writeData(); + + messages::success(asyncResp->res); + } + /** * @brief Get the required values from the given JSON, validates the * value and create the LDAP config object. @@ -1063,6 +1123,10 @@ class AccountService : public Node void doGet(crow::Response& res, const crow::Request& req, const std::vector<std::string>& params) override { + const crow::persistent_data::AuthConfigMethods& authMethodsConfig = + crow::persistent_data::SessionStore::getInstance() + .getAuthMethodsConfig(); + auto asyncResp = std::make_shared<AsyncResp>(res); res.jsonValue = { {"@odata.context", "/redfish/v1/" @@ -1078,6 +1142,16 @@ class AccountService : public Node {"Accounts", {{"@odata.id", "/redfish/v1/AccountService/Accounts"}}}, {"Roles", {{"@odata.id", "/redfish/v1/AccountService/Roles"}}}, + {"Oem", + {{"OpenBMC", + {{"@odata.type", "#OemAccountService.v1_0_0.AccountService"}, + {"AuthMethods", + { + {"BasicAuth", authMethodsConfig.basic}, + {"SessionToken", authMethodsConfig.sessionToken}, + {"XToken", authMethodsConfig.xtoken}, + {"Cookie", authMethodsConfig.cookie}, + }}}}}}, {"LDAP", {{"Certificates", {{"@odata.id", @@ -1155,13 +1229,14 @@ class AccountService : public Node std::optional<uint16_t> maxPasswordLength; std::optional<nlohmann::json> ldapObject; std::optional<nlohmann::json> activeDirectoryObject; - - if (!json_util::readJson(req, res, "AccountLockoutDuration", - unlockTimeout, "AccountLockoutThreshold", - lockoutThreshold, "MaxPasswordLength", - maxPasswordLength, "MinPasswordLength", - minPasswordLength, "LDAP", ldapObject, - "ActiveDirectory", activeDirectoryObject)) + std::optional<nlohmann::json> oemObject; + + if (!json_util::readJson( + req, res, "AccountLockoutDuration", unlockTimeout, + "AccountLockoutThreshold", lockoutThreshold, + "MaxPasswordLength", maxPasswordLength, "MinPasswordLength", + minPasswordLength, "LDAP", ldapObject, "ActiveDirectory", + activeDirectoryObject, "Oem", oemObject)) { return; } @@ -1181,6 +1256,22 @@ class AccountService : public Node handleLDAPPatch(*ldapObject, asyncResp, req, params, "LDAP"); } + if (std::optional<nlohmann::json> oemOpenBMCObject; + oemObject && + json_util::readJson(*oemObject, res, "OpenBMC", oemOpenBMCObject)) + { + if (std::optional<nlohmann::json> authMethodsObject; + oemOpenBMCObject && + json_util::readJson(*oemOpenBMCObject, res, "AuthMethods", + authMethodsObject)) + { + if (authMethodsObject) + { + handleAuthMethodsPatch(*authMethodsObject, asyncResp); + } + } + } + if (activeDirectoryObject) { handleLDAPPatch(*activeDirectoryObject, asyncResp, req, params, @@ -1221,6 +1312,8 @@ class AccountService : public Node std::variant<uint16_t>(*lockoutThreshold)); } } + + CrowApp& app; }; class AccountsCollection : public Node |