Switch to standard Redfish auth endpoint

To be able to talk to a Redfish-compliant implementation webui should
switch from old non-standard login and logout endpoints to creating a
Session via an appropriate POST request and to DELETE it on logout. This
also gives us standard Session object with all the relevant parameters
which allows the frontend to know what session it's using, what
permissions it has etc.

This works against bmcweb which checks for the presence of
webui-vue-specific "X-Requested-With" header in the request and provides
cookies in addition to the Redfish authentication token in the header.

Tested: logging in, logging out, navigating the pages, reloading the
page doesn't require logging in (if the session isn't expired),
WebSocket connections work.

Change-Id: I9d6159850b109a658b8f980637653e7e4576058b
Signed-off-by: Paul Fertser <fercerpav@gmail.com>

1 files changed, 22 insertions, 12 deletions

diff --git a/src/store/modules/Authentication/AuthenticanStore.js b/src/store/modules/Authentication/AuthenticanStore.js
index 2006661b..3ad41c6b 100644
--- a/src/store/modules/Authentication/AuthenticanStore.js
+++ b/src/store/modules/Authentication/AuthenticanStore.js
@@ -10,21 +10,28 @@ const AuthenticationStore = {
     authError: false,
     xsrfCookie: Cookies.get('XSRF-TOKEN'),
     isAuthenticatedCookie: Cookies.get('IsAuthenticated'),
+    sessionURI: localStorage.getItem('sessionURI'),
   },
   getters: {
     consoleWindow: (state) => state.consoleWindow,
     authError: (state) => state.authError,
     isLoggedIn: (state) => {
+      // We might have gotten XSRF-TOKEN (and HttpOnly SESSION cookie) by Mutual TLS authentication,
+      // without going through explicit Session creation
       return (
         state.xsrfCookie !== undefined || state.isAuthenticatedCookie == 'true'
       );
     },
+    // Used to authenticate WebSocket connections via subprotocol value
     token: (state) => state.xsrfCookie,
   },
   mutations: {
-    authSuccess(state) {
+    authSuccess(state, { session }) {
       state.authError = false;
       state.xsrfCookie = Cookies.get('XSRF-TOKEN');
+      // Preserve session data across page reloads and browser restarts
+      localStorage.setItem('sessionURI', session);
+      state.sessionURI = session;
     },
     authError(state, authError = true) {
       state.authError = authError;
@@ -35,30 +42,33 @@ const AuthenticationStore = {
       localStorage.removeItem('storedUsername');
       state.xsrfCookie = undefined;
       state.isAuthenticatedCookie = undefined;
+      localStorage.removeItem('sessionURI');
+      state.sessionURI = null;
+      state.consoleWindow = false;
     },
-    setConsoleWindow: (state, window) => (state.consoleWindow = window),
   },
   actions: {
     login({ commit }, { username, password }) {
       commit('authError', false);
       return api
-        .post('/login', {
-          username: username,
-          password: password,
+        .post('/redfish/v1/SessionService/Sessions', {
+          UserName: username,
+          Password: password,
+        })
+        .then((response) => {
+          commit('authSuccess', {
+            session: response.headers['location'],
+          });
         })
-        .then(() => commit('authSuccess'))
         .catch((error) => {
           commit('authError');
           throw new Error(error);
         });
     },
-    logout({ commit }) {
+    logout({ commit, state }) {
       api
-        .post('/logout', { data: [] })
-        .then(() => {
-          commit('setConsoleWindow', false);
-          commit('logout');
-        })
+        .delete(state.sessionURI)
+        .then(() => commit('logout'))
         .then(() => router.push('/login'))
         .catch((error) => console.log(error));
     },