Don't check for credentials on the login API

The web server should not be checking for credentials on the login API. This allows the GUI to check the old password on a password change. Resolves openbmc/openbmc#3190 Tested: Verfied login still works and tested changing the user password from the GUI. Change-Id: I7c3570d50c011a0327a34f09b447dec5ca42cb9f Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
author: Gunnar Mills <gmills@us.ibm.com> 2018-05-17 12:59:49 -0500
committer: Brad Bishop <bradleyb@fuzziesquirrel.com> 2018-05-23 18:43:10 +0000
commit: 57068618982edec6ad3a4be9117766aec525629f (patch)
tree: c615984628ad633822b18c510a6f6edfa9857bf7 /module/obmc
parent: 5c518f63d7a169326b572cfa5886b15a6876f4f1 (diff)
download: phosphor-rest-server-57068618982edec6ad3a4be9117766aec525629f.tar.gz
phosphor-rest-server-57068618982edec6ad3a4be9117766aec525629f.zip
1 files changed, 0 insertions, 4 deletions
diff --git a/module/obmc/wsgi/apps/rest_dbus.py b/module/obmc/wsgi/apps/rest_dbus.py
index 3eac4f4..2d98817 100644
--- a/module/obmc/wsgi/apps/rest_dbus.py
+++ b/module/obmc/wsgi/apps/rest_dbus.py
@@ -687,10 +687,6 @@ class SessionHandler(MethodHandler):
         return self.no_user_str
 
     def do_login(self, **kw):
-        session = self.get_session_from_cookie()
-        if session is not None:
-            return self.login_str % (session['user'], 'in')
-
         if len(request.parameter_list) != 2:
             abort(400, self.bad_json_str % (request.json))
author	Gunnar Mills <gmills@us.ibm.com>	2018-05-17 12:59:49 -0500
committer	Brad Bishop <bradleyb@fuzziesquirrel.com>	2018-05-23 18:43:10 +0000
commit	57068618982edec6ad3a4be9117766aec525629f (patch)
tree	c615984628ad633822b18c510a6f6edfa9857bf7 /module/obmc
parent	5c518f63d7a169326b572cfa5886b15a6876f4f1 (diff)
download	phosphor-rest-server-57068618982edec6ad3a4be9117766aec525629f.tar.gz phosphor-rest-server-57068618982edec6ad3a4be9117766aec525629f.zip