From 57068618982edec6ad3a4be9117766aec525629f Mon Sep 17 00:00:00 2001
From: Gunnar Mills <gmills@us.ibm.com>
Date: Thu, 17 May 2018 12:59:49 -0500
Subject: Don't check for credentials on the login API

The web server should not be checking for credentials on the login
API. This allows the GUI to check the old password on a password
change.

Resolves openbmc/openbmc#3190

Tested: Verfied login still works and tested changing the user
password from the GUI.
Change-Id: I7c3570d50c011a0327a34f09b447dec5ca42cb9f
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
---
 module/obmc/wsgi/apps/rest_dbus.py | 4 ----
 1 file changed, 4 deletions(-)

(limited to 'module')

diff --git a/module/obmc/wsgi/apps/rest_dbus.py b/module/obmc/wsgi/apps/rest_dbus.py
index 3eac4f4..2d98817 100644
--- a/module/obmc/wsgi/apps/rest_dbus.py
+++ b/module/obmc/wsgi/apps/rest_dbus.py
@@ -687,10 +687,6 @@ class SessionHandler(MethodHandler):
         return self.no_user_str
 
     def do_login(self, **kw):
-        session = self.get_session_from_cookie()
-        if session is not None:
-            return self.login_str % (session['user'], 'in')
-
         if len(request.parameter_list) != 2:
             abort(400, self.bad_json_str % (request.json))
 
-- 
cgit v1.2.1