Switch to standard Redfish auth endpoint

To be able to talk to a Redfish-compliant implementation webui should switch from old non-standard login and logout endpoints to creating a Session via an appropriate POST request and to DELETE it on logout. This also gives us standard Session object with all the relevant parameters which allows the frontend to know what session it's using, what permissions it has etc. This works against bmcweb which checks for the presence of webui-vue-specific "X-Requested-With" header in the request and provides cookies in addition to the Redfish authentication token in the header. Tested: logging in, logging out, navigating the pages, reloading the page doesn't require logging in (if the session isn't expired), WebSocket connections work. Change-Id: I9d6159850b109a658b8f980637653e7e4576058b Signed-off-by: Paul Fertser <fercerpav@gmail.com>
openbmc · Jul 19, 2024 · 1ff8e89 · 1ff8e89
1 parent bc49e09
commit 1ff8e89
Showing 1 changed file with 22 additions and 12 deletions.
diff --git a/src/store/modules/Authentication/AuthenticanStore.js b/src/store/modules/Authentication/AuthenticanStore.js
@@ -10,21 +10,28 @@ const AuthenticationStore = {
     authError: false,
     xsrfCookie: Cookies.get('XSRF-TOKEN'),
     isAuthenticatedCookie: Cookies.get('IsAuthenticated'),
+    sessionURI: localStorage.getItem('sessionURI'),
   },
   getters: {
     consoleWindow: (state) => state.consoleWindow,
     authError: (state) => state.authError,
     isLoggedIn: (state) => {
+      // We might have gotten XSRF-TOKEN (and HttpOnly SESSION cookie) by Mutual TLS authentication,
+      // without going through explicit Session creation
       return (
         state.xsrfCookie !== undefined || state.isAuthenticatedCookie == 'true'
       );
     },
+    // Used to authenticate WebSocket connections via subprotocol value
     token: (state) => state.xsrfCookie,
   },
   mutations: {
-    authSuccess(state) {
+    authSuccess(state, { session }) {
       state.authError = false;
       state.xsrfCookie = Cookies.get('XSRF-TOKEN');
+      // Preserve session data across page reloads and browser restarts
+      localStorage.setItem('sessionURI', session);
+      state.sessionURI = session;
     },
     authError(state, authError = true) {
       state.authError = authError;
@@ -35,30 +42,33 @@ const AuthenticationStore = {
       localStorage.removeItem('storedUsername');
       state.xsrfCookie = undefined;
       state.isAuthenticatedCookie = undefined;
+      localStorage.removeItem('sessionURI');
+      state.sessionURI = null;
+      state.consoleWindow = false;
     },
-    setConsoleWindow: (state, window) => (state.consoleWindow = window),
   },
   actions: {
     login({ commit }, { username, password }) {
       commit('authError', false);
       return api
-        .post('/login', {
-          username: username,
-          password: password,
+        .post('/redfish/v1/SessionService/Sessions', {
+          UserName: username,
+          Password: password,
+        })
+        .then((response) => {
+          commit('authSuccess', {
+            session: response.headers['location'],
+          });
         })
-        .then(() => commit('authSuccess'))
         .catch((error) => {
           commit('authError');
           throw new Error(error);
         });
     },
-    logout({ commit }) {
+    logout({ commit, state }) {
       api
-        .post('/logout', { data: [] })
-        .then(() => {
-          commit('setConsoleWindow', false);
-          commit('logout');
-        })
+        .delete(state.sessionURI)
+        .then(() => commit('logout'))
         .then(() => router.push('/login'))
         .catch((error) => console.log(error));
     },