diff options
author | Paul Fertser <fercerpav@gmail.com> | 2024-07-03 17:11:03 +0300 |
---|---|---|
committer | Surya Venkatesan <suryav@ami.com> | 2024-09-04 11:34:14 +0300 |
commit | bfe7ad811bea38f414103363e8c9054e45a8cd89 (patch) | |
tree | e25d20e660940c8c66b88debaaf744f7fa993c15 | |
parent | fb83cd50ae5baca0bc55654f52425b52b1b9d98e (diff) | |
download | webui-vue-bfe7ad811bea38f414103363e8c9054e45a8cd89.tar.xz |
Use auth token when not communicating with bmcweb
Redfish backends other than OpenBMC bmcweb expect clients to
authenticate using X-Auth-Token HTTP header as that's the only standard
authentication method for Redfish sessions.
This code falls back to using the token in case Session creation didn't
result in obtaining an XSRF cookie (as should normally happen with
bmcweb).
Limitations: all WebSocket-based functionality can not work (JS-based
NBD Virtual Media, IP KVM, SOL), page reload drops the session and
requires to log in again.
Tested: logging in, observing Overview and successfully logging out of
an AMI MegaRAC BMC. Logging in and navigating around a bmcweb-running
system which doesn't have the code to provide cookies for Session POST
request (everything works as usual sans WS-based features).
Change-Id: I81dc881193440d8d252dcd283b99915bd08c0c5e
Signed-off-by: Paul Fertser <fercerpav@gmail.com>
-rw-r--r-- | src/store/api.js | 3 | ||||
-rw-r--r-- | src/store/modules/Authentication/AuthenticanStore.js | 18 |
2 files changed, 19 insertions, 2 deletions
diff --git a/src/store/api.js b/src/store/api.js index 7d727562..babed4c8 100644 --- a/src/store/api.js +++ b/src/store/api.js @@ -72,6 +72,9 @@ export default { spread(callback) { return Axios.spread(callback); }, + set_auth_token(token) { + axiosInstance.defaults.headers.common['X-Auth-Token'] = token; + }, }; export const getResponseCount = (responses) => { diff --git a/src/store/modules/Authentication/AuthenticanStore.js b/src/store/modules/Authentication/AuthenticanStore.js index b64def06..3122ab2f 100644 --- a/src/store/modules/Authentication/AuthenticanStore.js +++ b/src/store/modules/Authentication/AuthenticanStore.js @@ -11,6 +11,7 @@ const AuthenticationStore = { xsrfCookie: Cookies.get('XSRF-TOKEN'), isAuthenticatedCookie: Cookies.get('IsAuthenticated'), sessionURI: localStorage.getItem('sessionURI'), + xAuthToken: null, }, getters: { consoleWindow: (state) => state.consoleWindow, @@ -19,19 +20,29 @@ const AuthenticationStore = { // We might have gotten XSRF-TOKEN (and HttpOnly SESSION cookie) by Mutual TLS authentication, // without going through explicit Session creation return ( - state.xsrfCookie !== undefined || state.isAuthenticatedCookie == 'true' + state.xsrfCookie !== undefined || + state.isAuthenticatedCookie == 'true' || + state.xAuthToken !== null ); }, // Used to authenticate WebSocket connections via subprotocol value token: (state) => state.xsrfCookie, }, mutations: { - authSuccess(state, { session }) { + authSuccess(state, { session, token }) { state.authError = false; state.xsrfCookie = Cookies.get('XSRF-TOKEN'); // Preserve session data across page reloads and browser restarts localStorage.setItem('sessionURI', session); state.sessionURI = session; + // If we didn't get the XSRF cookie it means we are talking to a + // Redfish implementation that is not bmcweb. In this case get the token + // from headers and send it with the future requests, do not permanently + // save anywhere. + if (state.xsrfCookie === undefined) { + api.set_auth_token(token); + state.xAuthToken = token; + } }, authError(state, authError = true) { state.authError = authError; @@ -39,11 +50,13 @@ const AuthenticationStore = { logout(state) { Cookies.remove('XSRF-TOKEN'); Cookies.remove('IsAuthenticated'); + api.set_auth_token(undefined); localStorage.removeItem('storedUsername'); state.xsrfCookie = undefined; state.isAuthenticatedCookie = undefined; localStorage.removeItem('sessionURI'); state.sessionURI = null; + state.xAuthToken = null; state.consoleWindow = false; }, }, @@ -58,6 +71,7 @@ const AuthenticationStore = { .then((response) => { commit('authSuccess', { session: response.headers['location'], + token: response.headers['x-auth-token'], }); return isPasswordExpired(response); }) |