| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
| |
Related to patchset here. This patchset implements the bmc side of
redirecting the users URL after login correctly.
https://gerrit.openbmc-project.xyz/#/c/openbmc/phosphor-webui/+/15925
Change-Id: Idf42f4cecd29fb0c6088721eb5e10fb39e1168e7
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Because we should always be posting the correct mime type on all of our
pages, add a "nosniff" flag, to improve our protection against injection
attacks.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
Change-Id: I4a311948e5e157b4071effddff577c73b65d7af1
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
| |
|
|
|
|
|
|
| |
When in cross site scripting mode, delete should be allowed, along with
PATCH, PUT, and POST, to delete values.
Change-Id: If59594b6a01794c843c0290249bd397b9e305a3e
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add support for the DELETE verb. This verb will cause the
Delete method on the xyz.openbmc_project.Object.Delete interface
to be called on the specified object path. An error will be
returned if that interface/method doesn't exist on that path.
The code is similar to the method handling code, except it
doesn't need to parse any argument JSON, and it is looking only
at a specific interface. It does share the code path that
introspects the object to find a method and call it.
Tested: Used it to delete error logs.
Change-Id: Ica90b0d80049e6bc59fe2b8456948696054f4a8b
Signed-off-by: Matt Spinler <spinler@us.ibm.com>
|
| |
|
|
|
|
|
|
| |
This handler is used for setting a D-Bus property.
Return failures as a JSON response.
Change-Id: Ie18abbc78d77d23d3194d76b60d42e877ac54bec
Signed-off-by: Matt Spinler <spinler@us.ibm.com>
|
| |
|
|
|
|
|
|
|
| |
Add the full JSON error response for the case when
the URL looks like it should correspond to a D-Bus
operation, but doesn't.
Change-Id: I63a2c05fd8ab3adcdd81d407f9359ebb0279cdc3
Signed-off-by: Matt Spinler <spinler@us.ibm.com>
|
| |
|
|
|
|
|
|
| |
This route calls D-Bus methods. Return any errors
encountered in JSON.
Change-Id: I84c6f4abb7092d86ecbc157c95d6343a0b27b7d0
Signed-off-by: Matt Spinler <spinler@us.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
The only way list can fail is if the GetSubTreePaths call fails,
and that will only happen if the path isn't a valid D-Bus object.
In that case, return the standard REST error JSON response for
org.freedesktop.DBus.Error.FileNotFound.
Change-Id: I538d3132552590e51f9ede80762aee00c59cb3e9
Signed-off-by: Matt Spinler <spinler@us.ibm.com>
|
| |
|
|
|
|
|
|
| |
For the failure cases, return the error messages
in JSON, the same as the python REST server does.
Change-Id: I150fec3ade738d1bd5425a3ea7cceb6c5539f9f6
Signed-off-by: Matt Spinler <spinler@us.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
The only way enumerate can fail is if the GetSubTree call fails,
and that will only happen if the path isn't a valid D-Bus object.
In that case, return the standard REST error JSON response for
org.freedesktop.DBus.Error.FileNotFound.
Change-Id: Ie68761c3ee67aa337761567b8a76bd9c9ebddc19
Signed-off-by: Matt Spinler <spinler@us.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If there are no ObjectManager instances covering a
path that came back from the GetSubTree call, the only
other way to get that path's properties is by directly
reading them.
So, after all of the GetManagedObjects calls are done,
on any of the paths that were in the GetSubTree results
but not in the enumerate results, make a GetAll call to
get the properties and add them to the output.
The code knows when all of the asynchronous GetManagedObjects
calls are done because it is called from the destructor of the
InProgressEnumerateData struct which is passed to all of the
other asio ops via a shared pointer.
Tested: Run on paths that weren't in object managers, such as
the physical LED objects.
Change-Id: I5a62b9a0ee27a68127e6f216625ce93c9ac58d08
Signed-off-by: Matt Spinler <spinler@us.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Make a call to GetObject for the target path to get its
connection names and interfaces to add to the GetSubTree
results data before looking for object managers in the
GetSubTree data. This is the only way that the code can
find an object manager interface on the target path.
Tested: /enumerate works better
Change-Id: I341b2f46ee7a20793b5f2db15bf4b57b0cbc6d01
Signed-off-by: Matt Spinler <spinler@us.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Inline strings make this patchset easier to read, and idenfity where
we're adding headers. Also, in the cases where we're using common keys,
passing it by boost::beast::http::field helps us avoid some dict
lookups. These performance improvements are largely hypothetical, as it
would be unlikely we'd ever measure a real difference.
Change-Id: Ic931c4454a5f40c0d206bb4df09058f8f61fc0e2
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
| |
|
|
|
|
|
|
| |
Now that sdbusplus variant supports std::get_if, we can remove our
custom, mapbox namespaced implementation that does the same thing.
Change-Id: I854c473003e28e41dd45dba08ca683433f1c1774
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
| |
|
|
|
|
|
|
|
| |
This reverts commit 99ad5995089bace233dac20de28ef021591d89c1.
Reason for revert:
This causes a major regression on the web console. Login page fails to load in chrome, with a content-security-policy error. Reverting to regain stability, then we can reopen with a new patchset.
Change-Id: If75b6614ad4cd9732725893040a85589e0d1bb9a
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
In a lot of cases, the header include patterns were really bad. For
example, pulling in all of boost asio via boost/asio.hpp, rather than
pulling in the lesser equivalents. This should reduce the build times,
although I have no data on that at the moment.
Tested By:
Code still compiles
Change-Id: I0f4656d35cf6d7722d1b515baaccbfc27cf98961
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This changes the HTTP response header X-Content-Security-Policy
to Content-Security-Policy and changes its value to allow WebSocket
upgrades.
The X-Content-Security-Policy header is deprecated per
https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP and
https://www.owasp.org/index.php/Content_Security_Policy_Cheat_Sheet.
The problem with using the default-src (or connect-src) directive with
the 'self' value when upgrading from https: to wss: is that is blocks
the upgrade. The problem is described here:
https://github.com/w3c/webappsec-csp/issues/7
A similar problem happens with the KVM video (with media-src).
I was unable to find an authoritative fix for this problem.
Tested: pending
Change-Id: Ia8df1e8c3900d81242a5e043ee0601e259bbc9d2
Signed-off-by: Joseph Reynolds <jrey@us.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Per the documentation here:
https://github.com/openbmc/docs/blob/master/rest-api.md
It states:
"When a path has a trailing-slash, the response will list the sub
objects of the URL. For example, using the same object path as above,
but adding a slash"
This subtlety was missed by the original author of this stuff, and as
such, didn't work the way the old APIs were expecting.
Tested By:
HTTP GET /xyz/openbmc_project/
Before this patchset, returns an empty object
{
"data": [],
"message": "200 OK",
"status": "ok"
}
After this patchset, returns:
{
"data": [
"/xyz/openbmc_project/EntityManager",
"/xyz/openbmc_project/FruDevice",
"/xyz/openbmc_project/bios",
"/xyz/openbmc_project/control",
"/xyz/openbmc_project/dump",
"/xyz/openbmc_project/events",
"/xyz/openbmc_project/inventory",
"/xyz/openbmc_project/logging",
"/xyz/openbmc_project/network",
"/xyz/openbmc_project/object_mapper",
"/xyz/openbmc_project/software",
"/xyz/openbmc_project/user"
],
"message": "200 OK",
"status": "ok"
}
Note, to get the exact same responses (which don't include the root
object) this patchset is required:
https://gerrit.openbmc-project.xyz/#/c/openbmc/phosphor-objmgr/+/15545/
Change-Id: I79b192bc26879cdfa25977f403940d3608eb3e22
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
| |
|
|
|
|
|
|
|
| |
When the objectManager entry was not on the root, there were certain
cases that would return more entries than a user asked for. This
patchset resolves the issue, and filters the responses accordingly.
Change-Id: I1c208433c6e8d161b60ea220587fcd0df6f6a6cb
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
| |
|
|
|
|
|
|
| |
This removes all dependencies on the mapbox specific variant api. The
code is now compatible with the drop in std::variant api.
Change-Id: Ie64be86ecae341def54f564eb282fb3b5356cc18
Signed-off-by: William A. Kennington III <wak@google.com>
|
| |
|
|
|
|
|
|
|
| |
Add doGet to managers for PID configuration data.
Make sure passes schema validation.
Change-Id: Ieeb97bf76a3d8a3c06f59f79cc0887aec746675e
Signed-off-by: James Feist <james.feist@linux.intel.com>
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
| |
|
|
|
|
|
| |
It was pointed out that a code comment mixed up the difference between
ascending and descending. This resolves that issue.
Change-Id: Ie71862b03bc23d9c20ac29ca78c076e05e47476a
|
| |
|
|
|
|
|
|
|
| |
Auto does not work the way you want it to in this case, and gives you
copies, when you really wanted const references. This commit moves the
loops to const references.
Change-Id: I7aceedc03528b4d41c56b100e0c956a64b001ad9
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
| |
|
|
|
|
|
|
| |
This patchset implements the AccountService PATCH method, using PAM and
dbus in combination.
Change-Id: I754590f787fc84a21a9453e7e10726c56da5c3f7
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
| |
|
|
|
|
|
|
|
|
| |
AccountService was the last service hanging on to the old way of doing
things. This moves it up to our current standard using the Node class.
Tested by: Ran service validator. Saw no errors.
Change-Id: I84d0097f48803cb06d2ec95171f18bff04661666
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
| |
|
|
|
|
|
|
|
| |
This is the first round of making the rest-dbus interface use the
modern practices, like shared_ptr responses, and no-throw XML parsing.
While it makes the implementation better, it does not fix everything.
Change-Id: I985d45b03f1992e334f8a650f7f9392cc5fff30c
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
| |
|
|
|
|
|
|
|
|
| |
This patchset implements JsonSchema support, and automates our update
of the XML metadata, and Json schema files in the future by way of a
python script.
Change-Id: Iec6f580d10736678149db18d87be2f140b535be9
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Signed-off-by: James Feist <james.feist@linux.intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit ipmlements the serial console websocket in a way that is
compatible with phosphor-rest. This allows the webui serial console to
function. Latency doesn't appear improved, but I suspect that the
obmc-console server has issues.
Tested By:
Booted phosphor-webui serial console. Serial console works as
expected. Also implemented a serial console in python using python
websocket, and it appears to send and receive data correctly.
Change-Id: I0e571beb70a51923d6d7d148779a1154432c45c9
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
| |
|
|
|
|
|
|
| |
This commit moves the codebase to the lastest clang-format file from
upstream, as well as clang-format-6.0.
Change-Id: Ice8313468097c0c42317fbb9e10ddf036e8cff4c
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Resolves: https://github.com/openbmc/bmcweb/issues/5
In certain contexts when using nginx, there are cheats required to add
duplicated files into the filesystem, making nginx beleive it has both
compressed and uncompressed resources. This messes with bmcweb, as it
previously treated this as a fatal error, given that it doesn't have a
filesystem limitation.
This patchset changes the behavior so that bmcweb now treats this as an
ok situation, and only creates the route for the gzipped version, under
the assumption that they are the same.
Change-Id: I5744d651e9764242c5e52eeafb8c4df72b8a81a2
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patchset makes the dbus monitor compatible with the upstream dbus
monitor, which should help adoption.
Performance seems greatly improved compared to the python
implementation. The example given in the documentation of watching for
sensors and state changes is checked in as a test script
websocket_test.py, and seems to consume less of the CPU than the actual
sensors that get produced (about 4% CPU on my ast2500) when producing 30
sensor updates per second. This can likely be improved in the future by
batching change events, but it seems to be performant enough for the
moment.
Tested: Used test script checked in, and verified webui can register
state change events properly.
Change-Id: I7d4c61d0259b7773eb46df0f59f8fea1c7796450
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Recently the odata endpoint has been implemented as a static file.
This adds the appropriate content type to the map, so that we can
return the appropriate header.
Fixes the error:
Cannot determine content-type for
"/usr/share/www/redfish/v1/odata/index.json" with extension .json
Change-Id: Ia6d55c9644c344a2d1957b878bfc25a994e8678b
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
To replicate the dbus-rest interfaces exactly, bmcweb explicitly
converted bool values on dbus into their int equivalent (0 or 1) to
faithfully replicate the "bug" in dbus-rest. With the review posted
here
https://gerrit.openbmc-project.xyz/#/c/openbmc/phosphor-rest-server/+/11267/
there is discussion around correcting this behavior in dbus-rest. This
patchset is to maintain compatibility with the dbus rest interfaces,
and to implement a TODO that's existed in bmcweb for a while.
Change-Id: I4b832d7f1b46e09c35c587511af0ecaeb2df12fd
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
| |
|
|
|
|
|
|
|
| |
As part of the redfish spec, both /redfish and /redfish/v1/odata need
to be allowed without credentials. This adds them to the whitelist,
and improves our compliance with the specification.
Change-Id: I89d7c20ed497b77cdea83560087c9085747872bf
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
| |
|
|
|
|
|
|
| |
A few patches were in flight when we did the great variable renaming.
This catches all the patches that have been merged since
Change-Id: Ie9642a4812b2a679ffa01ce540f5c4515a4c710b
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
| |
|
|
|
|
|
|
|
| |
A few minor housekeeping things to dbus-rest. Avoids a few extra
string copies, and moves the dbus type behavior to a range based loop
rather than a for index loop
Change-Id: Ic9e1284905d480763e57058a0cb4798c15c2bd58
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are a number of situations that come up in developement, where it
is very useful to launch phosphor-webui from a remote host. Currently
this is disallowed based on the bmcweb security posture.
This commit makes the BMCWEB_INSECURE_DISABLE_XSS_PREVENTION much more
useful, by actually applying the headers that would allow one to launch
the webui from a remote system successfully.
Tested by:
Adding BMCWEB_INSECURE_DISABLE_XSS_PREVENTION=ON to the cmake options
in the bitbake file, then launching phosphor-webui using
npm run-script server
WebUI logged in without issue
Change-Id: I2b7fe53aab611536b4b27b2704e20d098507a5e7
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It looks like some of the code reviews in progress contain clang-format
fixes as well.
This squashes all of the clang-format fixes into a single commit, that
hopefully can go through the process a little faster, as it should only
be whitespace changes.
In the past, clang-formatting the naughty strings file proved
to return inconsistent results, and even formatted files would still be
detected as unformatted. Aparently the solution was to run
clang-format-5.0 approximately 20 times in a loop, until it decided on
a code layout that it was ok with iteration to iteration.
This is a bit of a corner case, so I don't think we need to get CI
running multiple runs in the future, and can just handle this on a case
by case basis. I'd be surprised if anyone else had this issue.
Change-Id: I57e2a03676bce20dc376fd9cea724732b2dc7010
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
| |
|
|
|
|
|
|
|
| |
Got a couple patches that collided in air, and now builds are broken.
This resolves the collision by moving the new patches forward to the
latest #defines
Change-Id: I1fe35d17a68c61ad90752ae73000e2579131bf5d
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Boost beast is already in much better use, and gives more confidence in
the security model. This change keeps the existing crow interfaces,
and simply replaces the backend with beast. Calling code remains
largely unchanged, with the exception of having to explicitly cast to
string (to obtain a string view) when sending messages.
Change-Id: I90edad505faf2d4465b4888f1f2c4b12cc9e77d0
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patchset moves bmcweb over to the upstream style naming
conventions for variables, classes, and functions, as well as imposes
the latest clang-format file.
This changeset was mostly built automatically by the included
.clang-tidy file, which has the ability to autoformat and auto rename
variables. At some point in the future I would like to see this in
greater use, but for now, we will impose it on bmcweb, and see how it
goes.
Tested: Code still compiles, and appears to run, although other issues
are possible and likely.
Change-Id: If422a2e36df924e897736b3feffa89f411d9dac1
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
| |
|
|
|
|
|
| |
It was only used for kvm debug.
Change-Id: I833970c4c2d54a7405130798221fd13e8334747f
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
| |
|
|
|
|
|
|
|
|
| |
Session storage had a few bugs, and a number of old practices. This
moves the session storage closer to the best practices. It enforces
the use of a factory function for generating new sessions, as well as
using get_ptr when reading the sessions out.
Change-Id: Ia252076f21e47b99f8057190349355838fdd787d
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- SessionStore class now has a proper singleton structure
- session_storage_singleton.hpp is removed
- from_json(..) function for SessionStore is changed to a specialized
template
- minor cosmetic fixes added
- Move the template class usages of Crow App over to a non-template
parameter
Change-Id: Ic9effd5b7bac089a84c80a0caa97bd46d4984416
Signed-off-by: Borawski.Lukasz <lukasz.borawski@intel.com>
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
| |
|
|
|
| |
Signed-off-by: Jennifer Lee <jennifer1.lee@intel.com>
Change-Id: I18850e82e116683b1c56e3a0eb23511b09aeed51
|
| |
|
|
|
|
|
|
|
|
|
| |
This commit implements the actions interface, and cleans up some
compatibility issues between phosphor rest and bmcweb.
This should be considered WIP, as it requires patches to some of the
dependent libraries to build (mostly sdbuspplus).
Change-Id: Ida91461b0a0aff5d2d962e9e4053f056f4732af6
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
| |
|
|
|
|
|
|
| |
This should allow keeping closer to the upstream yocto recipes, and
avoid excess code in the repo
Change-Id: Ib66f7cf69b68bb23f9789580beadf8344cb68cfa
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
| |
|
|
|
|
|
|
|
| |
This patchsets implements feature selection in BMCWEB using compile
time macros. This allows certain features, security implementations,
and other things to be selected at compile time.
Change-Id: Ic14343d36d82830e6cf51311ca886a90749ae6a7
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Problems were found in compatibility with older versions of curl and
wget. At some point, this option needs to be made runtime configurable.
Tested by:
Using curl to log into rest API.
Logging into webui.
Change-Id: I29620cbae73735e846efc1cc22df6899dbe595df
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
| |
|
|
|
|
|
|
| |
This change moves the image upload logic out of the intel oem
namespace, and makes it 1:1 compatible with phosphor rest dbus. This
is to allow a seamless transition in the future.
Change-Id: I243237357a672934c05bf072e7ff1a5955af0f5e
|
