From fdf43a3fc87728ca0455c1ee2931be821f83b51d Mon Sep 17 00:00:00 2001 From: Ed Tanous Date: Wed, 31 Jul 2019 16:52:24 -0700 Subject: Ignore charset for /login attempts bmcweb fails when attempting to login with a Content header of application/json; charset=utf8. This is because of an exact string compare. This commit changes the check to only check the begining of the string, and adds some logging to make it more clear when we hit this in the future. Signed-off-by: Ed Tanous Change-Id: I972a80c174a18295205340271b781c9d6693ee17 --- include/token_authorization_middleware.hpp | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/include/token_authorization_middleware.hpp b/include/token_authorization_middleware.hpp index ee34d00508..2ff3879bec 100644 --- a/include/token_authorization_middleware.hpp +++ b/include/token_authorization_middleware.hpp @@ -283,12 +283,13 @@ template void requestRoutes(Crow& app) // within it are not destroyed before we can use them nlohmann::json loginCredentials; // Check if auth was provided by a payload - if (contentType == "application/json") + if (boost::starts_with(contentType, "application/json")) { loginCredentials = nlohmann::json::parse(req.body, nullptr, false); if (loginCredentials.is_discarded()) { + BMCWEB_LOG_DEBUG << "Bad json in request"; res.result(boost::beast::http::status::bad_request); res.end(); return; @@ -424,6 +425,7 @@ template void requestRoutes(Crow& app) } else { + BMCWEB_LOG_DEBUG << "Couldn't interpret password"; res.result(boost::beast::http::status::bad_request); } res.end(); -- cgit v1.2.3