Age | Commit message (Collapse) | Author | Files | Lines |
|
This reverts commit 99ad5995089bace233dac20de28ef021591d89c1.
Reason for revert:
This causes a major regression on the web console. Login page fails to load in chrome, with a content-security-policy error. Reverting to regain stability, then we can reopen with a new patchset.
Change-Id: If75b6614ad4cd9732725893040a85589e0d1bb9a
|
|
In a lot of cases, the header include patterns were really bad. For
example, pulling in all of boost asio via boost/asio.hpp, rather than
pulling in the lesser equivalents. This should reduce the build times,
although I have no data on that at the moment.
Tested By:
Code still compiles
Change-Id: I0f4656d35cf6d7722d1b515baaccbfc27cf98961
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
This changes the HTTP response header X-Content-Security-Policy
to Content-Security-Policy and changes its value to allow WebSocket
upgrades.
The X-Content-Security-Policy header is deprecated per
https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP and
https://www.owasp.org/index.php/Content_Security_Policy_Cheat_Sheet.
The problem with using the default-src (or connect-src) directive with
the 'self' value when upgrading from https: to wss: is that is blocks
the upgrade. The problem is described here:
https://github.com/w3c/webappsec-csp/issues/7
A similar problem happens with the KVM video (with media-src).
I was unable to find an authoritative fix for this problem.
Tested: pending
Change-Id: Ia8df1e8c3900d81242a5e043ee0601e259bbc9d2
Signed-off-by: Joseph Reynolds <jrey@us.ibm.com>
|
|
Per the documentation here:
https://github.com/openbmc/docs/blob/master/rest-api.md
It states:
"When a path has a trailing-slash, the response will list the sub
objects of the URL. For example, using the same object path as above,
but adding a slash"
This subtlety was missed by the original author of this stuff, and as
such, didn't work the way the old APIs were expecting.
Tested By:
HTTP GET /xyz/openbmc_project/
Before this patchset, returns an empty object
{
"data": [],
"message": "200 OK",
"status": "ok"
}
After this patchset, returns:
{
"data": [
"/xyz/openbmc_project/EntityManager",
"/xyz/openbmc_project/FruDevice",
"/xyz/openbmc_project/bios",
"/xyz/openbmc_project/control",
"/xyz/openbmc_project/dump",
"/xyz/openbmc_project/events",
"/xyz/openbmc_project/inventory",
"/xyz/openbmc_project/logging",
"/xyz/openbmc_project/network",
"/xyz/openbmc_project/object_mapper",
"/xyz/openbmc_project/software",
"/xyz/openbmc_project/user"
],
"message": "200 OK",
"status": "ok"
}
Note, to get the exact same responses (which don't include the root
object) this patchset is required:
https://gerrit.openbmc-project.xyz/#/c/openbmc/phosphor-objmgr/+/15545/
Change-Id: I79b192bc26879cdfa25977f403940d3608eb3e22
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
When the objectManager entry was not on the root, there were certain
cases that would return more entries than a user asked for. This
patchset resolves the issue, and filters the responses accordingly.
Change-Id: I1c208433c6e8d161b60ea220587fcd0df6f6a6cb
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
This removes all dependencies on the mapbox specific variant api. The
code is now compatible with the drop in std::variant api.
Change-Id: Ie64be86ecae341def54f564eb282fb3b5356cc18
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
Add doGet to managers for PID configuration data.
Make sure passes schema validation.
Change-Id: Ieeb97bf76a3d8a3c06f59f79cc0887aec746675e
Signed-off-by: James Feist <james.feist@linux.intel.com>
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
It was pointed out that a code comment mixed up the difference between
ascending and descending. This resolves that issue.
Change-Id: Ie71862b03bc23d9c20ac29ca78c076e05e47476a
|
|
Auto does not work the way you want it to in this case, and gives you
copies, when you really wanted const references. This commit moves the
loops to const references.
Change-Id: I7aceedc03528b4d41c56b100e0c956a64b001ad9
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
This patchset implements the AccountService PATCH method, using PAM and
dbus in combination.
Change-Id: I754590f787fc84a21a9453e7e10726c56da5c3f7
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
AccountService was the last service hanging on to the old way of doing
things. This moves it up to our current standard using the Node class.
Tested by: Ran service validator. Saw no errors.
Change-Id: I84d0097f48803cb06d2ec95171f18bff04661666
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
This is the first round of making the rest-dbus interface use the
modern practices, like shared_ptr responses, and no-throw XML parsing.
While it makes the implementation better, it does not fix everything.
Change-Id: I985d45b03f1992e334f8a650f7f9392cc5fff30c
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
This patchset implements JsonSchema support, and automates our update
of the XML metadata, and Json schema files in the future by way of a
python script.
Change-Id: Iec6f580d10736678149db18d87be2f140b535be9
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Signed-off-by: James Feist <james.feist@linux.intel.com>
|
|
This commit ipmlements the serial console websocket in a way that is
compatible with phosphor-rest. This allows the webui serial console to
function. Latency doesn't appear improved, but I suspect that the
obmc-console server has issues.
Tested By:
Booted phosphor-webui serial console. Serial console works as
expected. Also implemented a serial console in python using python
websocket, and it appears to send and receive data correctly.
Change-Id: I0e571beb70a51923d6d7d148779a1154432c45c9
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
This commit moves the codebase to the lastest clang-format file from
upstream, as well as clang-format-6.0.
Change-Id: Ice8313468097c0c42317fbb9e10ddf036e8cff4c
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
Resolves: https://github.com/openbmc/bmcweb/issues/5
In certain contexts when using nginx, there are cheats required to add
duplicated files into the filesystem, making nginx beleive it has both
compressed and uncompressed resources. This messes with bmcweb, as it
previously treated this as a fatal error, given that it doesn't have a
filesystem limitation.
This patchset changes the behavior so that bmcweb now treats this as an
ok situation, and only creates the route for the gzipped version, under
the assumption that they are the same.
Change-Id: I5744d651e9764242c5e52eeafb8c4df72b8a81a2
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
This patchset makes the dbus monitor compatible with the upstream dbus
monitor, which should help adoption.
Performance seems greatly improved compared to the python
implementation. The example given in the documentation of watching for
sensors and state changes is checked in as a test script
websocket_test.py, and seems to consume less of the CPU than the actual
sensors that get produced (about 4% CPU on my ast2500) when producing 30
sensor updates per second. This can likely be improved in the future by
batching change events, but it seems to be performant enough for the
moment.
Tested: Used test script checked in, and verified webui can register
state change events properly.
Change-Id: I7d4c61d0259b7773eb46df0f59f8fea1c7796450
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
Recently the odata endpoint has been implemented as a static file.
This adds the appropriate content type to the map, so that we can
return the appropriate header.
Fixes the error:
Cannot determine content-type for
"/usr/share/www/redfish/v1/odata/index.json" with extension .json
Change-Id: Ia6d55c9644c344a2d1957b878bfc25a994e8678b
|
|
To replicate the dbus-rest interfaces exactly, bmcweb explicitly
converted bool values on dbus into their int equivalent (0 or 1) to
faithfully replicate the "bug" in dbus-rest. With the review posted
here
https://gerrit.openbmc-project.xyz/#/c/openbmc/phosphor-rest-server/+/11267/
there is discussion around correcting this behavior in dbus-rest. This
patchset is to maintain compatibility with the dbus rest interfaces,
and to implement a TODO that's existed in bmcweb for a while.
Change-Id: I4b832d7f1b46e09c35c587511af0ecaeb2df12fd
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
As part of the redfish spec, both /redfish and /redfish/v1/odata need
to be allowed without credentials. This adds them to the whitelist,
and improves our compliance with the specification.
Change-Id: I89d7c20ed497b77cdea83560087c9085747872bf
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
A few patches were in flight when we did the great variable renaming.
This catches all the patches that have been merged since
Change-Id: Ie9642a4812b2a679ffa01ce540f5c4515a4c710b
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
A few minor housekeeping things to dbus-rest. Avoids a few extra
string copies, and moves the dbus type behavior to a range based loop
rather than a for index loop
Change-Id: Ic9e1284905d480763e57058a0cb4798c15c2bd58
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
There are a number of situations that come up in developement, where it
is very useful to launch phosphor-webui from a remote host. Currently
this is disallowed based on the bmcweb security posture.
This commit makes the BMCWEB_INSECURE_DISABLE_XSS_PREVENTION much more
useful, by actually applying the headers that would allow one to launch
the webui from a remote system successfully.
Tested by:
Adding BMCWEB_INSECURE_DISABLE_XSS_PREVENTION=ON to the cmake options
in the bitbake file, then launching phosphor-webui using
npm run-script server
WebUI logged in without issue
Change-Id: I2b7fe53aab611536b4b27b2704e20d098507a5e7
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
It looks like some of the code reviews in progress contain clang-format
fixes as well.
This squashes all of the clang-format fixes into a single commit, that
hopefully can go through the process a little faster, as it should only
be whitespace changes.
In the past, clang-formatting the naughty strings file proved
to return inconsistent results, and even formatted files would still be
detected as unformatted. Aparently the solution was to run
clang-format-5.0 approximately 20 times in a loop, until it decided on
a code layout that it was ok with iteration to iteration.
This is a bit of a corner case, so I don't think we need to get CI
running multiple runs in the future, and can just handle this on a case
by case basis. I'd be surprised if anyone else had this issue.
Change-Id: I57e2a03676bce20dc376fd9cea724732b2dc7010
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
Got a couple patches that collided in air, and now builds are broken.
This resolves the collision by moving the new patches forward to the
latest #defines
Change-Id: I1fe35d17a68c61ad90752ae73000e2579131bf5d
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
Boost beast is already in much better use, and gives more confidence in
the security model. This change keeps the existing crow interfaces,
and simply replaces the backend with beast. Calling code remains
largely unchanged, with the exception of having to explicitly cast to
string (to obtain a string view) when sending messages.
Change-Id: I90edad505faf2d4465b4888f1f2c4b12cc9e77d0
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
This patchset moves bmcweb over to the upstream style naming
conventions for variables, classes, and functions, as well as imposes
the latest clang-format file.
This changeset was mostly built automatically by the included
.clang-tidy file, which has the ability to autoformat and auto rename
variables. At some point in the future I would like to see this in
greater use, but for now, we will impose it on bmcweb, and see how it
goes.
Tested: Code still compiles, and appears to run, although other issues
are possible and likely.
Change-Id: If422a2e36df924e897736b3feffa89f411d9dac1
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
It was only used for kvm debug.
Change-Id: I833970c4c2d54a7405130798221fd13e8334747f
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
Session storage had a few bugs, and a number of old practices. This
moves the session storage closer to the best practices. It enforces
the use of a factory function for generating new sessions, as well as
using get_ptr when reading the sessions out.
Change-Id: Ia252076f21e47b99f8057190349355838fdd787d
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
- SessionStore class now has a proper singleton structure
- session_storage_singleton.hpp is removed
- from_json(..) function for SessionStore is changed to a specialized
template
- minor cosmetic fixes added
- Move the template class usages of Crow App over to a non-template
parameter
Change-Id: Ic9effd5b7bac089a84c80a0caa97bd46d4984416
Signed-off-by: Borawski.Lukasz <lukasz.borawski@intel.com>
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
Signed-off-by: Jennifer Lee <jennifer1.lee@intel.com>
Change-Id: I18850e82e116683b1c56e3a0eb23511b09aeed51
|
|
This commit implements the actions interface, and cleans up some
compatibility issues between phosphor rest and bmcweb.
This should be considered WIP, as it requires patches to some of the
dependent libraries to build (mostly sdbuspplus).
Change-Id: Ida91461b0a0aff5d2d962e9e4053f056f4732af6
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
This should allow keeping closer to the upstream yocto recipes, and
avoid excess code in the repo
Change-Id: Ib66f7cf69b68bb23f9789580beadf8344cb68cfa
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
This patchsets implements feature selection in BMCWEB using compile
time macros. This allows certain features, security implementations,
and other things to be selected at compile time.
Change-Id: Ic14343d36d82830e6cf51311ca886a90749ae6a7
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
Problems were found in compatibility with older versions of curl and
wget. At some point, this option needs to be made runtime configurable.
Tested by:
Using curl to log into rest API.
Logging into webui.
Change-Id: I29620cbae73735e846efc1cc22df6899dbe595df
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
This change moves the image upload logic out of the intel oem
namespace, and makes it 1:1 compatible with phosphor rest dbus. This
is to allow a seamless transition in the future.
Change-Id: I243237357a672934c05bf072e7ff1a5955af0f5e
|
|
Change-Id: I3fb40defd978e87aad8c7294d5aab1aa72561fa2
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
This fixes a bug where the webserver requests a resource that doesn't
exist, which triggers a www-authenticate, and causes the browser to
show the wrong thing.
Change-Id: I65643a50eb269b0a7c76dcb0c65c4e7db2165c88
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
This commit is the beginings of attempting to transition away from
crow, and toward boost::beast. Unit tests are passing, and
implementation appears to be slightly faster than crow.
Change-Id: Ic8d946dc7a04f514c67b1098f181eee1ced69171
|
|
With the change to entity manager, move the thermal componets to the
proper inventory manager interfaces
Change-Id: I520e65b1df53ca8d3fbc12253882ae69b708bbbf
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
This patchset moves bmcweb from using boost-dbus over entirely to
sdbusplus. This has some nice improvements in performance (about 30%
of CPU cycles saved in dbus transactions), as well as makes this
project manuver closer to the upstream way of thinking.
Changes to bmcweb are largely ceremonial, and fall into a few
categories:
1. Moves async_method_call instances to the new format, and deletes any
use of the "endpoint" object in leiu of the sdbusplus style interface
2. sdbus object_path object doesn't allow access to the string
directly, so code that uses it moves to explicit casts.
3. The mapbox variant, while attempting to recreate boost::variant,
misses a T* get<T*>() method implementation, which allows using variant
without exceptions. Currently, there is an overload for
mapbox::get_ptr implementation which replecates the functionality.
Tested by: Booting the bmcweb on a target, iterating through redfish
basic phosphor-webui usage, and websockets usage
Change-Id: I2d95882908d6eb6dba00b9219a221dd96449ca7b
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
directory includes need to manage both the routes, just just the one
ending in slash
Change-Id: I1ba0e9021b212e88861aa720bb5a9d7610b72a9c
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
This commit makes the authentication middleware attempt other auth
mechanisms if available from the user.
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Tested By: Phosphor webui launches and logs in. Redfish endpoints now
work with a cookie present.
Change-Id: I7c11d4b5eb3c32c8e2b9ba348b70a55bfb72bd4e
|
|
Basic authentication is very slow by virtue of the fact that it has to
call into pam. THis commit rearranges the flow to accomplish 2 things.
1. If a non-basic auth mechanism is provided, prefer that.
2. Check the whitelist first, before attempting to authenticate the
user.
Change-Id: Icfe5a218c00a2aeb53acd1ab00bb8cc568424d1d
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
Change-Id: Ibe3cdc2cd53470ccd437b1b6e21bc7dd29c4b85e
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
This commit makes the webui more compatible with the dbus backend, and
cleans up the backend to support multiple concurrent transactions, as
well as support for the "enumerate" keyword.
Change-Id: I66144904b5c9b2ce7d1b1147cc80dfd356beb0bc
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
1. Role members needs to be an array, not an object
2. Fix accounts schema to use the new user manager
3. Remove "status" field hardcodes
4. Hardcode chassisType to rackmount for now
5. Work around bug in get sub routes
6. Add ID to SessionService Schema
Change-Id: Ibb13d6ace747ac028e840638868c3a01d65dedfa
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
This commit:
* removes previous redfish_v1 Chassis implementation
* Adds Chassis and ChassisCollection implementation as Node way
* Adds Chassis Provider class for retrieving data from EntityManager
It was tested:
* Wolfpass run, to see if previous functionality was not broken
* Service Validator, which did not unveil any regression, and did
verified that implemented schemas are complient.
Change-Id: I75a9545a0abd8b85d6ce72329c523fc076affc28
Signed-off-by: Rapkiewicz, Pawel <pawel.rapkiewicz@intel.com>
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Signed-off-by: Rapkiewicz, Pawel <pawel.rapkiewicz@intel.com>
|
|
... and remove file spcific check for redfish $metadata. This allows
the $metadata to be pre-gzip compressed if we choose.
Change-Id: I697bd7f8a8f5dc1a7b448d699b2daf93a296c248
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
... and replace with the nothrow equivalent of get_ptr
Change-Id: I2d2b83f757d06e8b088e62c6474003ca5cd53de5
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|