| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Despite these objects being called "view" they are still relatively
large, as clang-tidy correctly flags, and we ignore.
Change all function uses to capture by:
const boost::urls::url_view_base&
Which is the base class of all boost URL types, and any class (url,
url_view, etc) is convertible to that base.
Change-Id: I8ee2ea3f4cfba38331303a7e4eb520a2b6f8ba92
Signed-off-by: Ed Tanous <ed@tanous.net>
|
|
This commit will migrate all the setProperty calls initiated by a
redfish"Action" to "setDbusProperty" method in Redfish namespace that
handles all DBuserrors in a consistent manner.
This method will determine if a setProperty is called during redfish
"Action" or just setting of a dbus property and internally call
appropriate methods that handles different set of errors.
All the Redfish action specific errors are defined in error_messages.hpp
file.
This specific change moves setProperty call in hypervisor_system.hpp and
covers errors in the mentioned file only.
Tested-By:
<Yet to test this usecase>
Change-Id: I3da48fbeabcdcf088c4481021232f08a44797c86
Signed-off-by: Asmitha Karunanithi <asmitk01@in.ibm.com>
Signed-off-by: Ed Tanous <ed@tanous.net>
|
|
Changed the code to pass the parameters according to their types.
Tested: Code Compiles properly and tested.
Change-Id: Ie0e13d39cd892afda36dfabec871f0fe8d8498e4
Signed-off-by: Ginu George <ginugeorge@ami.com>
|
|
These were found with:
codespell -w $(git ls-files | grep "\.[hc]\(pp\)\?$")
At some point in the future, we might want to get this enabled in CI.
Change-Id: Iccb57b2adfd06a2e177e99db2923fe4e8e329118
Signed-off-by: Ed Tanous <ed@tanous.net>
|
|
clang-16 now supports std::source_location so remove the indirection
that uses experimental::source_location in some cases.
Tested: Compiled with `CXX=clang++`.
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: Id55bdf01855206c6892684e1e56cc5ff56e2b5a2
|
|
The previous patches modified these fields one at a time, for the cases
where we had code calling these in odd ways. This commit goes and
effects the same change on the rest of the message handlers where it
makes sense.
Any input to a message function that mentions a "value" replaces the
value with a nlohmann::json object, to make calling this code easier.
The one exception is StringValueTooLong, which by definition, requires
the input value to be a string, so that is left as string_view
intentionally.
Tested: Dead unused code. Code compiles.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I00b9804b2aadf5584032be91a0ee53b9a94a7430
|
|
Similar to the previous patches, make propertyValueIncorrect accept a
nlohmann::json object as input. This removes the need for the dump()
call, which oddly enough, in our one usage, was actually incorrect, and
could cause bmcweb to throw an exception in parsing in theory.
Tested: Only used in one error condition. Code compiles.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ie35d61101c2db88b16d42d71e66bceef540e8429
|
|
Similar to other patches, make propertyValueFormatError accept a
nlohmann::json object, which removes a lot of the unsafe dump code that
we have littered about.
Tested: No easy to replicate error. Code is identical to previous
patchsets. Inspection and code compilation only.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ic9d0f196b6e198073189f744b738db7ffa2f1b74
|
|
Similar to the prior patchset in this series, propertyValueTypeError can
be moved to safer constructs. This ensures that we are minimizing how
many places we are calling dump() from, and allows us to reduce the
amount of code written for error handling.
Tested:
PATCH /redfish/v1/SessionService {"SessionTimeout": "foo"}
Returns PropertyValueTypeError in the same behavior as prior to this
patch.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Iddff4b787f35c49bf923663d61bba156687f358c
|
|
The error codes for this function accept a string_view, which has caused
a number of cases of users of this function to call dump() to_string()
and all manner of other conversions. Considering that dump() is
something that's difficult to call correctly, and overly wordy, it would
be ideal if the message code just handled that for us.
Therefore, this commit changes the prototype to include a nlohmann::json
object as an argument instead of string_view, then audits the codebase
for all uses, and moves them to a more normalized usage, which allows
the calling code to call "dump" for them.
Tested: PATCH /redfish/v1/SessionService {"SessionTimeout": 1}
Returns the PropertyValueNotInList error as it did before.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: If62909072db1f067ad1f8aa590bb716c84181219
|
|
This prototype got added twice, once with int as a value, and once with
size_t. This builds fine in 64 bit, but in 32 bit, fails.
Tested: Code compiles
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ie3de779330d768cdd84d5647d242d5fe447d2a85
|
|
User input must be validated to avoid the out-of-memory issue. This
commit adds the size check on input parameters such as Context,
Destination and Header field while create or update the
EventDestination.
Added a generic error message "PropertySizeExceeded" in message registry
which is used as response when size limit is exceeded.
Tested
- Validated using POST on Event Subscription.
- When Context, Destination and Headers were too long,
received a error message denoting the same.
Change-Id: Ibab847ce0c99f445a76e6d3aee8074428bb7d30f
Signed-off-by: AppaRao Puli <apparao.puli@intel.com>
Signed-off-by: Ayushi Smriti <smriti.ayushi@intel.com>
Signed-off-by: P Dheeraj Srujan Kumar <p.dheeraj.srujan.kumar@intel.com>
Signed-off-by: Ed Tanous <edtanous@google.com>
|
|
Any of our things taking URLs should be taking url_view by value,
similar to how we take string_view.
From the beast documentation:
"...it acts like a string_view in terms of ownership." [1]
Therefore, we should treat it like we treat string_view, and take by value, not reference.
[1] https://www.boost.org/doc/libs/master/libs/url/doc/html/url/ref/boost__urls__url_view.html
Tested:
Stacked these patches. Redfish service validator passes.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I696b495f4aa04984225853f653cc175c0eaad79d
|
|
This commit adds support for the ActionParameterNotInList Redfish DMTF
error message.
Change-Id: I7fd9b7c952e7ffa4c7c4c585ae28315b40556a21
Signed-off-by: Alex Schendel <alex.schendel@intel.com>
|
|
Error message to be thrown when StrictAccountTypes is true and the
specified value(s) for AccountTypes or OEMAccountTypes was not accepted.
Testing:
strictAccountTypes() error message was tested while testing redfish
PATCH API for patching AccountTypes.
Signed-off-by: Shantappa Teekappanavar <shantappa.teekappanavar@ibm.com>
Change-Id: I13abcd142ddfb04a2a187c9373fa996ecfe987a1
|
|
The existing code doesn't propogate errors of subqueries correctly.
This commit corrects the behavior, so that the final response gets all
error message of subqueries and the "highest priority" HTTP code.
DMTF doesn't specify how expand queries handle error codes, since using
subqueries is an implementation choice that we made in this project.
What we did here follows existing behavior of this project, and follows
the error message section of the Redfish spec;
[1] https://redfish.dmtf.org/schemas/DSP0266_1.15.1.html#error-responses
As for now, this commit uses the worst HTTP code among all the error
code. See query_param.hpp, function |propogateErrorCode| for detailed
order of the errror codes.
Tested:
1. this is difficult to test, but I hijacked the code so it returns
errors in TaskServices, then I verified that "/redfish/v1?$expand=."
correctly returns 500 and the gets the error message set.
2. unit test so that when there are multiple errors, the final response
gets a generate error message.
Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: I0c1ebdd9015f389801db9150d687027485f1203c
|
|
Redfish has specific error messages for OperationNotSupported in the
Base registry. This commit allows bmcweb to return both the correct
return code (405) and the correct error message, while not effecting the
rest of the tree.
We didn't have the equivalent call in error_messages, so this adds the
required call.
Tested:
GET /redfish/v1 returns ServiceRoot
GET /redfish/v1/foo Returns 404
PATCH /redfish/v1 returns 405 OperationNotSupported
POST /redfish/v1/Chassis returns 405 OperationNotSupported
DELETE /redfish/v1/Chassis returns 405 ResourceCannotBeDeleted
POST /redfish/v1/foo/bar Returns 404
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I6f980af7307af602344b65a12a2b7589cc9ec959
Signed-off-by: Carson Labrado <clabrado@google.com>
|
|
I found that error_messages.cpp missed headers when adding
insufficientResource errors. This commit is like the other incremental
iwyu effort. Now error message library is fixed.
Tetsted: compiles.
Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: Ia5f4716d21a98cad56ec2ae0b842a40ed825cb17
|
|
In the spec, when a response is too large, we need a error messsage to
represent such error. The corresponding error is 507 Insufficient
Storage, which is already in the base registry.
This commit adds that utility to error messages library.
Reference: redfish spec Section 7.3.2
```
If a service cannot return the payload due to its size, it shall return
the HTTP 507 Insufficient Storage status code.
```
Tested: code compies.
Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: I1fe840f015b3d67fa2092d1d3a1f8c3fcbc2c438
|
|
boost/urls/urls.hpp pulls in all of boost url, when in this context, we
only want url_view.hpp. Per the coding standard (specifically in
regards to boost) pull in the more specific header
Tested: Code compiles.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I85bc45bdfcc7bc1d8e87be23fe4884b6ec8c4227
|
|
The PropertyValueOutOfRange error indicates that a property was given
the correct value type but the value of that property is outside the
supported range.
Tested:
Build pass.
Change-Id: I78d5e3142b41d6739e6b0ff4699e1c731c5981d7
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@intel.com>
|
|
- Added the PropertyValueExternalConflict message registry that
might used to send when the request is failed due to some other
resource state or configuration.
Signed-off-by: Ramesh Iyyar <rameshi1@in.ibm.com>
Change-Id: Ibdb8c21e285079dbaea54b99f207f45892b24ea9
|
|
- Added the PropertyValueResourceConflict message registry that
might used to send when the request is failed due to some other
resource state or configuration.
Signed-off-by: Ramesh Iyyar <rameshi1@in.ibm.com>
Change-Id: I2c03aee88442f6abe55f2a9f574211b8214aa30c
|
|
There are a couple places we missed inline/static on our headers, and a
couple unused message entry callbacks for which their parameters were
incorrect (which clang caught). Fix all of them.
Tested: Code compiles on clang. No-op changes.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I12c9c04d3b773c4991c6cd92d0cfd42b348762d6
|
|
using std::string_view on these lets us call them in more contexts, and
allows us to inline some previously more complex code. In general, for
APIs like this, std::string_view should be preferred as it gives more
flexibility in calling conventions.
Tested:
curl --insecure "https://localhost:18080/redfish/v1/AccountService/Roles/foobar" ✔
{
"error": {
"@Message.ExtendedInfo": [
{
"@odata.type": "#Message.v1_1_1.Message",
"Message": "The requested resource of type Role named 'foobar' was not found.",
"MessageArgs": [
"Role",
"foobar"
],
"MessageId": "Base.1.11.0.ResourceNotFound",
"MessageSeverity": "Critical",
"Resolution": "Provide a valid resource identifier and resubmit the request."
}
],
"code": "Base.1.11.0.ResourceNotFound",
"message": "The requested resource of type Role named 'foobar' was not found."
}
}
This is the same response as previously.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I8ee17120c42d2a13677648c3395aa4f9ec2bd51a
|
|
There are a number of places where we use message registry messages
incorrectly. This patchset attempts to fix them, and invoke some type
safety when they're used such that they're more obvious to use.
Namely, it changes a number of the message registry methods to accept a
boost::urls::url_view for its argument instead of a const std::string&.
This forces the calling code to correctly encode a URL to use the
method, which should make it obvious that it's not for an ID, a property
name, or anything else. In the course of doing this, several places
were found to be using the first argument incorrectly.
Tested:
curl --insecure --user root:0penBmc https://192.168.7.2/redfish/v1/Chassis/foobar
Returns:
{
"error": {
"@Message.ExtendedInfo": [
{
"@odata.type": "#Message.v1_1_1.Message",
"Message": "The requested resource of type #Chassis.v1_16_0.Chassis named foobar was not found.",
"MessageArgs": [
"#Chassis.v1_16_0.Chassis",
"foobar"
],
"MessageId": "Base.1.8.1.ResourceNotFound",
"MessageSeverity": "Critical",
"Resolution": "Provide a valid resource identifier and resubmit the request."
}
],
"code": "Base.1.8.1.ResourceNotFound",
"message": "The requested resource of type #Chassis.v1_16_0.Chassis named foobar was not found."
}
Identically to previously.
Also tested with IDs that contained % encoded characters, like
foobar%10, which gave the same result.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Icbb3bce5d190a260610087c9ef35e7becc5a50c7
|
|
The redfish base registry does not include a definition of this
message, which generating type-safe models has teased out. Replace the
MutuallyExclusiveProperties message with two "PropertyValueConflict"
messages. This seems like the closest thing, but in lieu of the things
not being in the standard, this seems like the best compromise.
Tested:
curl --insecure -X POST --user root:0penBmc
https://192.168.7.2/redfish/v1/EventService/Subscriptions -d
'{"MessageIds":[""],"RegistryPrefixes":[""],"Destination":"","Protocol":""}'
Returns:
{
"error": {
"@Message.ExtendedInfo": [
{
"@odata.type": "#Message.v1_1_1.Message",
"Message": "The property 'MessageIds' could not be written because its value would conflict with the value of the 'RegistryPrefixes' property.",
"MessageArgs": [
"MessageIds",
"RegistryPrefixes"
],
"MessageId": "Base.1.8.1.PropertyValueConflict",
"MessageSeverity": "Warning",
"Resolution": "No resolution is required."
}
],
"code": "Base.1.8.1.PropertyValueConflict",
"message": "The property 'MessageIds' could not be written because its value would conflict with the value of the 'RegistryPrefixes' property."
}
}
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I1eaf4d06b6f5b85909392c48970e3f353af3a41e
|
|
This check involves explicitly declaring variables const when they're
declared auto, which helps in readability, and makes it more clear that
the variables are const.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I71198ea03850384a389a56ad26f2c4a48c75b148
|
|
Per the coding standard, we should be capturing this by int, not const
int&.
Tested: There are no uses of stringValueTooLong(), so noop change to
binary.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Idfcb05c962e0a0d489db263a6f845bb1789b5842
|
|
Do a partial update from the include what you use tool.
While ideally we'd be able to do this as part of CI, there's still quite
a bit of noise in the output that requires manual intervention.
Tested:
Code compiles
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Iaaeb7a9199f64b5d6913c3abab4779b252768ed8
|
|
Using int64_t instead of int, to permit 64-bit indices.
This is to support ExternalStorer, a new project I am working on,
which uses a 64-bit sequence number for long-term robustness.
Change-Id: I00121933067030fd722f6b02c2d2dbd1854dff1c
Signed-off-by: Josh Lehan <krellan@google.com>
|
|
Internal error call sites are propagated through the code, and might be
triggered multiple times in the course of a request, which makes them
difficult to track the source of.
This commit changes the internalError() method to include a print of
which invocation within bmcweb triggered the error, using c++20s
std::source_location mechanism.
Note:
clang-13 still doesn't implement std::source_location, so this commit
pulls source_location.hpp from lg2 to be able to support all compilers.
Tested:
Loaded in qemu, and added an internalError() call into systems.hpp for
the /redfish/v1/Systems handler. Observed that
[CRITICAL "error_messages.cpp":234] Internal Error
../../../../../../workspace/sources/bmcweb/redfish-core/include/../lib/systems.hpp(2820:40)
`redfish::requestRoutesSystemsCollection(App&)::<lambda(const
crow::Request&, const std::shared_ptr<bmcweb::AsyncResp>&)>`:
Got printed to the bmcweb logs.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ic1b4240422445357bc87404de814ad14f86b9edf
|
|
Tested By:
Code compiles
The error message is as follows:
{
"error": {
"@Message.ExtendedInfo": [
{
"@odata.type": "#Message.v1_1_1.Message",
"Message": "The operation failed because the service at /redfish/v1/Systems/system/LogServices/Dump/ is disabled and cannot accept requests.",
"MessageArgs": [
"/redfish/v1/Systems/system/LogServices/Dump/"
],
"MessageId": "Base.1.11.0.ServiceDisabled",
"MessageSeverity": "Warning",
"Resolution": "Enable the service and resubmit the request if the operation failed."
}
],
"code": "Base.1.11.0.ServiceDisabled",
"message": "he operation failed because the service at /redfish/v1/Systems/system/LogServices/Dump/ is disabled and cannot accept requests."
}
}
Signed-off-by: Asmitha Karunanithi <asmitk01@in.ibm.com>
Change-Id: I923892ecd785e3b6c071fa663fee14a2754d5ef1
|
|
cppcheck isn't smart enough to recognize these are c++ headers, not c
headers. Considering we're already inconsistent about our naming, it's
easier to just be consistent, and move the last few files to use .hpp
instead of .h.
Tested:
Code builds, no changes.
Signed-off-by: Ed Tanous <ed@tanous.net>
Change-Id: Ic348d695f8527fa4a0ded53f433e1558c319db40
|
|
It's not neeeded.
Tested:
Code compiles. No functional changes.
Signed-off-by: Ed Tanous <ed@tanous.net>
Change-Id: I21588b8ca2bab4ddb65d9c6d910ba26db83c323b
|
|
The Base message registry has updated to 1.8.1. This updates our
error_messages files to match.
This changes from the deprecated 'Severity' to the new
'MessageSeverity' property.
It also adds a script to compare our error_messages.cpp messages
against the Base message registry and flag any differences.
Tested:
Ran the Redfish Validator and confirmed that this change does
not introduce any new failures.
Change-Id: I2e5101a5b4d0c0963569493451f99521e42b0f4d
Signed-off-by: Jason M. Bills <jason.m.bills@linux.intel.com>
|
|
Add MutualExclusiveProperties message registry entry
and error message.
As per redfish specification, "RegistryPrefixes" and
"MessageIds" are mutually exclusive. So add check for
same in EventService and return MutualExclusiveProperties
error message.
Tested:
- Create subscription failed with error(bad request)
when the request body contain both "RegistryPrefixes"
and "MessageIds".
Change-Id: I4c14f946977bce2ced8a7f96eb85855117fde9a8
Signed-off-by: AppaRao Puli <apparao.puli@linux.intel.com>
|
|
THis adds support for better error responses based on
the logs generated by phosphor-software-manager.
Tested: Got 400 error with different messages based
on failure type
{
"error": {
"@Message.ExtendedInfo": [
{
"@odata.type": "/redfish/v1/$metadata#Message.v1_0_0.Message",
"Message": "Invalid file uploaded to /redfish/v1/UpdateService: Invalid archive.",
"MessageArgs": [
"/redfish/v1/UpdateService",
"invalid archive"
],
"MessageId": "OpenBMC.0.1.0.InvalidUpload",
"Resolution": "None.",
"Severity": "Warning"
}
],
"code": "OpenBMC.0.1.0.InvalidUpload",
"message": "Invalid file uploaded to /redfish/v1/UpdateService: Invalid archive."
}
}
{
"error": {
"@Message.ExtendedInfo": [
{
"@odata.type": "/redfish/v1/$metadata#Message.v1_0_0.Message",
"Message": "Invalid file uploaded to /redfish/v1/UpdateService: Invalid image format.",
"MessageArgs": [
"/redfish/v1/UpdateService",
"invalid image format"
],
"MessageId": "OpenBMC.0.1.0.InvalidUpload",
"Resolution": "None.",
"Severity": "Warning"
}
],
"code": "OpenBMC.0.1.0.InvalidUpload",
"message": "Invalid file uploaded to /redfish/v1/UpdateService: Invalid image format."
}
}
{
"error": {
"@Message.ExtendedInfo": [
{
"@odata.type": "#Message.v1_0_0.Message",
"Message": "The resource /redfish/v1/UpdateService was unable to satisfy the request due to unavailability of resources.",
"MessageArgs": [
"/redfish/v1/UpdateService"
],
"MessageId": "Base.1.4.0.ResourceExhaustion",
"Resolution": "Ensure that the resources are available and resubmit the request.",
"Severity": "Critical"
}
],
"code": "Base.1.4.0.ResourceExhaustion",
"message": "The resource /redfish/v1/UpdateService was unable to satisfy the request due to unavailability of resources."
}
}
Change-Id: Ida9a23c10aedbf9a48c96f4050a04e06bddff284
Signed-off-by: James Feist <james.feist@linux.intel.com>
|
|
This is from openbmc/docs/style/cpp/.clang-format
Other OpenBMC repos are doing the same.
Tested: Built and validator passed.
Change-Id: Ief26c755c9ce012823e16a506342b0547a53517a
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
|
This implements the Redfish PasswordChangeRequired handling. See
section 13.3.7.1 "Password change required handling" in the 1.9.1 spec:
https://www.dmtf.org/sites/default/files/standards/documents/DSP0266_1.9.1.pdf
These portions of the spec are implemented:
- Authenticatation with a correct but expired password creates a
session:
- The session is restricted to the ConfigureSelf privilege which
allows a user to change their own password (via GET and PATCH
Password for their own account). Support for the ConfigureSelf
privilege is already in BMCWeb.
- The session object has the PasswordChangeRequired message.
- All other operations respond with http status code 403 Forbidden
and include the PasswordChangeRequired message.
- The ManagerAccount (URI /redfish/v1/AccountService/Accounts/USER)
PasswordChangeRequired property is implemented for local accounts
but not present for remote accounts.
This has the following additional behavior:
The PasswordChangeRequired property is updated at the start of each new
REST operation, even within an existing session. This behavior
implements a "dynamic" PasswordChangeRequired handling that responds to
changes to the underlying "password expired" status. Specifically:
- Sessions restricted by the PasswordChangeRequired handling lose that
restriction when the underlying account password is changed.
- Sessions become subject to the PasswordChangeRequired handling
restrictions whenever the underlying account password expires.
- The mechanism is to check if the password is expired at the start of
every new REST API operation, effectively updating the ManagerAccount
PasswordChangeRequired property each time. This makes BMCWeb
responsive to changes in the underlying account due to other activity
on the BMC.
Notes:
1. Note that when an account password status is changed (for example,
the password becomes expired or is changed) and that account has
active sessions, those sessions remain. They are not deleted. Any
current operations are allowed to complete. Subsequent operations
with that session pick up the new password status.
2. This does not implement OWASP recommendations which call for sessions
to be dropped when there is a significant change to the underlying
account. For example, when the password is changed, the password
becomes expired, or when the account's Role changes. OWASP's
recommendation is due to the session fixation vulnerability. See the
OWASP Session Management Cheat Sheet section "Renew the Session ID
After Any Privilege Level Change":
https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#renew-the-session-id-after-any-privilege-level-change
BMCWeb protects against session fixation vulnerabilities because it
always regenerates new session IDs when successful authentication
creates a new session.
3. Users authenticating via mTLS are not subject to the
PasswordChangeRequired behavior because mTLS takes precedence over
password-based authentication.
Tested:
0. Setup:
- The `passwd --expire USERNAME` command was used to expire
passwords. The `chage USER` command was also used.
- The following were used to change the password: Redfish API,
passwd command, and the SSH password change dialog.
- Tested the following via Basic Auth, /login, and Redfish login
(except where Basic Auth does not create a persistent session).
- Only local user account were tested.
- Did not test authentication via mTLS or with LDAP users.
1. When the password is not expired, authentication behaves as usual
for both correct and incorrect passwords.
2. When the password is incorrect and expired, authentication fails as
usual.
3. When the password is correct but expired:
A. A session is created and has the PasswordChangeRequired message.
B. That session cannot access resources that require Login privilege
and the 403 message contains the PasswordChangeRequired message.
C. That session can be used to GET the user's account, PATCH the
Password, and DELETE the session object.
D. The account PasswordChangeRequired reports true.
4. While a session is established, try expiring and changing
(unexpiring) the password using various mechanisms. Ensure both the
session object and the ManagerAccount PasswordChangeRequired property
report the correct condition, and ensure PasswordChangeRequired
handling (restricting operations to ConfigureSelf when
PasswordChangeRequired is true) is applied correctly.
Signed-off-by: Joseph Reynolds <joseph-reynolds@charter.net>
Change-Id: Iedc61dea8f949e4b182e14dc189de02d1f74d3e8
|
|
Right now all error messages requires a response object,
so they cannot be used directly in the json body. This
pulls the messages out into their own function so that
they can be used at any place in the response body.
Tested: It compiles and runs, verified return codes look
ok
Change-Id: I500b2164b2366086d610f0fdc8fa22985183e438
Signed-off-by: James Feist <james.feist@linux.intel.com>
|
|
Recently, a number of people in the community have made the (admittedly
easy) mistake that we use a significant portion of crow.
Today, we use crow for the router, and the "app" structure, and even
those have been significantly modified to meet the bmc needs. All other
components have been replaced with Boost beast. This commit removes the
crow mentions from the Readme, and moves the crow folder to "http" to
camouflage it a little. No code content has changed.
Tested:
Code compiles. No functional change made to any executable code.
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Change-Id: Iceb57b26306cc8bdcfc77f3874246338864fd118
|
|
The error message code used a json_pointer object which must
begin with a '/' character and had to be sent as an extra
parameter. This change simplifies the interface by using a
string so there doesn't have to be a '/'. This allowed the
same property argument passed for the message to be used
for the property field path.
Tested: Sent an error with a property and verified that it is
correctly displayed.
Change-Id: I0571e2eee627cedf29d751588a4f1bceee66f084
Signed-off-by: Jason M. Bills <jason.m.bills@linux.intel.com>
|
|
Update the Redfish error_messages from Base.1.2.0 to Base.1.4.0
from the Redfish standard registries.
Change-Id: I771b119372fd995bd1dc4065830485b6a848f086
Signed-off-by: Jason M. Bills <jason.m.bills@linux.intel.com>
|
|
clang-format doesn't automatically merge multi-line string
literals, so this change updates the formatting to merge some
multi-line strings into fewer lines.
This change also corrects the <argx> numbering in the error message
descriptions to match the function parameter numbers.
Change-Id: Ibedcaf5793a607acacdb3bc83081599ba508c989
Signed-off-by: Jason M. Bills <jason.m.bills@linux.intel.com>
|
|
Makes the Redfish error reporting interface automatically handle
setting the http status and JSON content in the response object.
When using an AsyncResp object, this allows for simply calling
the Redfish error and returning.
Change-Id: Icfdce2de763225f070e8dd61e591f296703f46bb
Signed-off-by: Jason M. Bills <jason.m.bills@linux.intel.com>
|
|
This commit moves the codebase to the lastest clang-format file from
upstream, as well as clang-format-6.0.
Change-Id: Ice8313468097c0c42317fbb9e10ddf036e8cff4c
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
This patchset moves bmcweb over to the upstream style naming
conventions for variables, classes, and functions, as well as imposes
the latest clang-format file.
This changeset was mostly built automatically by the included
.clang-tidy file, which has the ability to autoformat and auto rename
variables. At some point in the future I would like to see this in
greater use, but for now, we will impose it on bmcweb, and see how it
goes.
Tested: Code still compiles, and appears to run, although other issues
are possible and likely.
Change-Id: If422a2e36df924e897736b3feffa89f411d9dac1
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
Added a python script that should be use to generate error_messages.cpp na .hpp
files. These files as are not subject to change in a dynamic manner, should be
regenerated only when MessageRegistry changes.
Tested on x86 Ubuntu VM and Wolfpass platform:
a) No regression in BMCWeb interface
- Went through WebUI observed no changes in functionality
b) No regression in Redfish functionality
- Went through nodes and observed no changes in functionality
- Sessions now return error messages in addition to HTTP codes
Change-Id: I4aba9ee247b6cd2c46a9c158d14bdc7546e9b11b
Signed-off-by: Kowalski, Kamil <kamil.kowalski@intel.com>
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
