summaryrefslogtreecommitdiff
path: root/redfish-core/lib/account_service.hpp
diff options
context:
space:
mode:
Diffstat (limited to 'redfish-core/lib/account_service.hpp')
-rw-r--r--redfish-core/lib/account_service.hpp109
1 files changed, 101 insertions, 8 deletions
diff --git a/redfish-core/lib/account_service.hpp b/redfish-core/lib/account_service.hpp
index 59e2d1cd67..bc8ce771d6 100644
--- a/redfish-core/lib/account_service.hpp
+++ b/redfish-core/lib/account_service.hpp
@@ -553,7 +553,8 @@ inline void getLDAPConfigData(const std::string& ldapType,
class AccountService : public Node
{
public:
- AccountService(CrowApp& app) : Node(app, "/redfish/v1/AccountService/")
+ AccountService(CrowApp& app) :
+ Node(app, "/redfish/v1/AccountService/"), app(app)
{
entityPrivileges = {
{boost::beast::http::verb::get,
@@ -887,6 +888,65 @@ class AccountService : public Node
ldapEnableInterface, "Enabled", std::variant<bool>(serviceEnabled));
}
+ void handleAuthMethodsPatch(nlohmann::json& input,
+ const std::shared_ptr<AsyncResp>& asyncResp)
+ {
+ std::optional<bool> basicAuth;
+ std::optional<bool> cookie;
+ std::optional<bool> sessionToken;
+ std::optional<bool> xToken;
+
+ if (!json_util::readJson(input, asyncResp->res, "BasicAuth", basicAuth,
+ "Cookie", cookie, "SessionToken", sessionToken,
+ "XToken", xToken))
+ {
+ BMCWEB_LOG_ERROR << "Cannot read values from AuthMethod tag";
+ return;
+ }
+
+ // Make a copy of methods configuration
+ crow::persistent_data::AuthConfigMethods authMethodsConfig =
+ crow::persistent_data::SessionStore::getInstance()
+ .getAuthMethodsConfig();
+
+ if (basicAuth)
+ {
+ authMethodsConfig.basic = *basicAuth;
+ }
+
+ if (cookie)
+ {
+ authMethodsConfig.cookie = *cookie;
+ }
+
+ if (sessionToken)
+ {
+ authMethodsConfig.sessionToken = *sessionToken;
+ }
+
+ if (xToken)
+ {
+ authMethodsConfig.xtoken = *xToken;
+ }
+
+ if (!authMethodsConfig.basic && !authMethodsConfig.cookie &&
+ !authMethodsConfig.sessionToken && !authMethodsConfig.xtoken)
+ {
+ // Do not allow user to disable everything
+ messages::actionNotSupported(asyncResp->res,
+ "of disabling all available methods");
+ return;
+ }
+
+ crow::persistent_data::SessionStore::getInstance()
+ .updateAuthMethodsConfig(authMethodsConfig);
+ // Save configuration immediately
+ app.template getMiddleware<crow::persistent_data::Middleware>()
+ .writeData();
+
+ messages::success(asyncResp->res);
+ }
+
/**
* @brief Get the required values from the given JSON, validates the
* value and create the LDAP config object.
@@ -1063,6 +1123,10 @@ class AccountService : public Node
void doGet(crow::Response& res, const crow::Request& req,
const std::vector<std::string>& params) override
{
+ const crow::persistent_data::AuthConfigMethods& authMethodsConfig =
+ crow::persistent_data::SessionStore::getInstance()
+ .getAuthMethodsConfig();
+
auto asyncResp = std::make_shared<AsyncResp>(res);
res.jsonValue = {
{"@odata.context", "/redfish/v1/"
@@ -1078,6 +1142,16 @@ class AccountService : public Node
{"Accounts",
{{"@odata.id", "/redfish/v1/AccountService/Accounts"}}},
{"Roles", {{"@odata.id", "/redfish/v1/AccountService/Roles"}}},
+ {"Oem",
+ {{"OpenBMC",
+ {{"@odata.type", "#OemAccountService.v1_0_0.AccountService"},
+ {"AuthMethods",
+ {
+ {"BasicAuth", authMethodsConfig.basic},
+ {"SessionToken", authMethodsConfig.sessionToken},
+ {"XToken", authMethodsConfig.xtoken},
+ {"Cookie", authMethodsConfig.cookie},
+ }}}}}},
{"LDAP",
{{"Certificates",
{{"@odata.id",
@@ -1155,13 +1229,14 @@ class AccountService : public Node
std::optional<uint16_t> maxPasswordLength;
std::optional<nlohmann::json> ldapObject;
std::optional<nlohmann::json> activeDirectoryObject;
-
- if (!json_util::readJson(req, res, "AccountLockoutDuration",
- unlockTimeout, "AccountLockoutThreshold",
- lockoutThreshold, "MaxPasswordLength",
- maxPasswordLength, "MinPasswordLength",
- minPasswordLength, "LDAP", ldapObject,
- "ActiveDirectory", activeDirectoryObject))
+ std::optional<nlohmann::json> oemObject;
+
+ if (!json_util::readJson(
+ req, res, "AccountLockoutDuration", unlockTimeout,
+ "AccountLockoutThreshold", lockoutThreshold,
+ "MaxPasswordLength", maxPasswordLength, "MinPasswordLength",
+ minPasswordLength, "LDAP", ldapObject, "ActiveDirectory",
+ activeDirectoryObject, "Oem", oemObject))
{
return;
}
@@ -1181,6 +1256,22 @@ class AccountService : public Node
handleLDAPPatch(*ldapObject, asyncResp, req, params, "LDAP");
}
+ if (std::optional<nlohmann::json> oemOpenBMCObject;
+ oemObject &&
+ json_util::readJson(*oemObject, res, "OpenBMC", oemOpenBMCObject))
+ {
+ if (std::optional<nlohmann::json> authMethodsObject;
+ oemOpenBMCObject &&
+ json_util::readJson(*oemOpenBMCObject, res, "AuthMethods",
+ authMethodsObject))
+ {
+ if (authMethodsObject)
+ {
+ handleAuthMethodsPatch(*authMethodsObject, asyncResp);
+ }
+ }
+ }
+
if (activeDirectoryObject)
{
handleLDAPPatch(*activeDirectoryObject, asyncResp, req, params,
@@ -1221,6 +1312,8 @@ class AccountService : public Node
std::variant<uint16_t>(*lockoutThreshold));
}
}
+
+ CrowApp& app;
};
class AccountsCollection : public Node
generated by cgit v1.2.3 (git 2.39.0) at 2024-08-31 22:00:03 +0300