diff options
author | Gunnar Mills <gmills@us.ibm.com> | 2019-03-27 15:49:40 -0500 |
---|---|---|
committer | Gunnar Mills <gmills@us.ibm.com> | 2019-03-30 13:54:05 +0000 |
commit | 4693ddb24bb89dc724c1061c01a9b74455f0e9e7 (patch) | |
tree | f1a74751ffcb3a59e8c16a44edd184692dfc90b0 | |
parent | f41ca4e67bdacc5af174c67c8ff047894ea777be (diff) | |
download | phosphor-webui-4693ddb24bb89dc724c1061c01a9b74455f0e9e7.tar.gz phosphor-webui-4693ddb24bb89dc724c1061c01a9b74455f0e9e7.zip |
User management: Remove disable redfish support
Removed redfishSupportEnabled = false for the user management page.
The default is redfishSupportEnabled = true and no meta layers
have redfishSupportEnabled = false so unused upstream.
When redfishSupportEnabled = false, the
/xyz/openbmc_project/user/<user>/action/SetPassword API is called.
Neither bmcweb or phosphor-rest-server have a SetPassword API
and so the user management page did not work when
redfishSupportEnabled = false.
The SetPassword API was removed when the new backend user
management code was added, it was removed for security concerns.
See https://github.com/openbmc/openbmc/issues/3454 for more info.
Tested: On a Witherspoon, added users, updated roles and passwords,
and deleted users.
Change-Id: I3d9e30c0fc655fb23dee38fa5eeb52239c9faa64
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
-rw-r--r-- | app/common/services/api-utils.js | 380 |
1 files changed, 81 insertions, 299 deletions
diff --git a/app/common/services/api-utils.js b/app/common/services/api-utils.js index 9711ba6..211f6d7 100644 --- a/app/common/services/api-utils.js +++ b/app/common/services/api-utils.js @@ -546,143 +546,60 @@ window.angular && (function(angular) { getAccountServiceRoles: function() { var roles = []; - if (DataService.configJson.redfishSupportEnabled == true) { - return $http({ - method: 'GET', - url: DataService.getHost() + - '/redfish/v1/AccountService/Roles', - withCredentials: true - }) - .then( - function(response) { - var members = response.data['Members']; - angular.forEach(members, function(member) { - roles.push(member['@odata.id'].split('/').pop()); - }); - return roles; - }, - function(error) { - console.log(error); - }); - } else { - return $http({ - method: 'GET', - url: DataService.getHost() + '/xyz/openbmc_project/user', - withCredentials: true - }) - .then( - function(response) { - var json = JSON.stringify(response.data); - var content = JSON.parse(json); - var privList = content.data['AllPrivileges']; - - function convertPrivToRoleId(priv) { - if (priv == 'priv-admin') { - return 'Administrator'; - } else if (priv == 'priv-user') { - return 'User'; - } else if (priv == 'priv-operator') { - return 'Operator'; - } else if (priv == 'priv-callback') { - return 'Callback'; - } - return ''; - } - for (var i = 0; i < privList.length; i++) { - roles.push(convertPrivToRoleId(privList[i])); - } - return roles; - }, - function(error) { - console.log(error); + return $http({ + method: 'GET', + url: DataService.getHost() + + '/redfish/v1/AccountService/Roles', + withCredentials: true + }) + .then( + function(response) { + var members = response.data['Members']; + angular.forEach(members, function(member) { + roles.push(member['@odata.id'].split('/').pop()); }); - } + return roles; + }, + function(error) { + console.log(error); + }); }, getAllUserAccounts: function() { var deferred = $q.defer(); var promises = []; var users = []; - if (DataService.configJson.redfishSupportEnabled == true) { - $http({ - method: 'GET', - url: - DataService.getHost() + '/redfish/v1/AccountService/Accounts', - withCredentials: true - }) - .then( - function(response) { - var members = response.data['Members']; - angular.forEach(members, function(member) { - promises.push( - $http({ - method: 'GET', - url: DataService.getHost() + member['@odata.id'], - withCredentials: true - }).then(function(res) { - return res.data; - })); - }); - - $q.all(promises).then( - function(results) { - deferred.resolve(results); - }, - function(errors) { - deferred.reject(errors); - }); - }, - function(error) { - console.log(error); - deferred.reject(error); - }); - } else { - $http({ - method: 'GET', - url: - DataService.getHost() + '/xyz/openbmc_project/user/enumerate', - withCredentials: true - }) - .then( - function(response) { - var json = JSON.stringify(response.data); - var content = JSON.parse(json); - - function convertPrivToRoleId(priv) { - if (priv == 'priv-admin') { - return 'Administrator'; - } else if (priv == 'priv-user') { - return 'User'; - } else if (priv == 'priv-operator') { - return 'Operator'; - } else if (priv == 'priv-callback') { - return 'Callback'; - } - return ''; - } - - for (var key in content.data) { - var username = key.split('/').pop(); - if (content.data.hasOwnProperty(key) && - content.data[key].hasOwnProperty('UserPrivilege')) { - var val = content.data[key]; - users.push(Object.assign({ - Id: username, - UserName: username, - Locked: val['UserLockedForFailedAttempt'], - RoleId: convertPrivToRoleId(val['UserPrivilege']), - Enabled: val['UserEnabled'], - Password: null + $http({ + method: 'GET', + url: DataService.getHost() + '/redfish/v1/AccountService/Accounts', + withCredentials: true + }) + .then( + function(response) { + var members = response.data['Members']; + angular.forEach(members, function(member) { + promises.push( + $http({ + method: 'GET', + url: DataService.getHost() + member['@odata.id'], + withCredentials: true + }).then(function(res) { + return res.data; })); - } - } - deferred.resolve(users); - }, - function(error) { - console.log(error); - deferred.reject(error); }); - } + + $q.all(promises).then( + function(results) { + deferred.resolve(results); + }, + function(errors) { + deferred.reject(errors); + }); + }, + function(error) { + console.log(error); + deferred.reject(error); + }); return deferred.promise; }, @@ -719,183 +636,48 @@ window.angular && (function(angular) { }, createUser: function(user, passwd, role, enabled) { - if (DataService.configJson.redfishSupportEnabled == true) { - var data = {}; - data['UserName'] = user; - data['Password'] = passwd; - data['RoleId'] = role; - data['Enabled'] = enabled; + var data = {}; + data['UserName'] = user; + data['Password'] = passwd; + data['RoleId'] = role; + data['Enabled'] = enabled; - return $http({ - method: 'POST', - url: - DataService.getHost() + '/redfish/v1/AccountService/Accounts', - withCredentials: true, - data: data - }); - } else { - function convertRoleIdToPriv(roleId) { - if (roleId == 'Administrator') { - return 'priv-admin'; - } else if (roleId == 'User') { - return 'priv-user'; - } else if (roleId == 'Operator') { - return 'priv-operator'; - } else if (roleId == 'Callback') { - return 'priv-callback'; - } - return ''; - } - function setUserPassword(user, passwd) { - return $http({ - method: 'POST', - url: DataService.getHost() + - '/xyz/openbmc_project/user/' + user + - '/action/SetPassword', - withCredentials: true, - data: JSON.stringify({'data': [passwd]}), - responseType: 'arraybuffer' - }) - .then(function(response) { - return response.data; - }); - } - var priv = convertRoleIdToPriv(role); - return $http({ - method: 'POST', - url: DataService.getHost() + - '/xyz/openbmc_project/user/action/CreateUser', - withCredentials: true, - data: JSON.stringify({ - 'data': - [user, ['web', 'redfish', 'ssh'], priv, enabled] - }), - responseType: 'arraybuffer' - }) - .then(function(response) { - return setUserPassword(user, passwd); - }); - } + return $http({ + method: 'POST', + url: DataService.getHost() + '/redfish/v1/AccountService/Accounts', + withCredentials: true, + data: data + }); }, updateUser: function(user, newUser, passwd, role, enabled) { - if (DataService.configJson.redfishSupportEnabled == true) { - var data = {}; - if ((newUser !== undefined) && (newUser != null)) { - data['UserName'] = newUser; - } - if ((role !== undefined) && (role != null)) { - data['RoleId'] = role; - } - if ((enabled !== undefined) && (enabled != null)) { - data['Enabled'] = enabled; - } - if ((passwd !== undefined) && (passwd != null)) { - data['Password'] = passwd; - } - return $http({ - method: 'PATCH', - url: DataService.getHost() + - '/redfish/v1/AccountService/Accounts/' + user, - withCredentials: true, - data: data - }); - } else { - var deferred = $q.defer(); - var promises = []; - function convertRoleIdToPriv(roleId) { - if (roleId == 'Administrator') { - return 'priv-admin'; - } else if (roleId == 'User') { - return 'priv-user'; - } else if (roleId == 'Operator') { - return 'priv-operator'; - } else if (roleId == 'Callback') { - return 'priv-callback'; - } - return ''; - } - function setUserProperty(user, propKey, propVal) { - return $http({ - method: 'PUT', - url: DataService.getHost() + - '/xyz/openbmc_project/user/' + user + '/attr/' + - propKey, - withCredentials: true, - data: JSON.stringify({'data': propVal}) - }) - .then(function(response) { - return response.data; - }); - } - function setUserPassword(user, passwd) { - return $http({ - method: 'POST', - url: DataService.getHost() + - '/xyz/openbmc_project/user/' + user + - '/action/SetPassword', - withCredentials: true, - data: JSON.stringify({'data': [passwd]}), - responseType: 'arraybuffer' - }) - .then(function(response) { - return response.data; - }); - } - function renameUser(user, newUser) { - return $http({ - method: 'POST', - url: DataService.getHost() + - '/xyz/openbmc_project/user/action/RenameUser', - withCredentials: true, - data: JSON.stringify({'data': [user, newUser]}) - }) - .then(function(response) { - return response.data; - }); - } - if ((role !== undefined) && (role != null)) { - var priv = convertRoleIdToPriv(role); - promises.push(setUserProperty(user, 'UserPrivilege', priv)); - } - if ((enabled !== undefined) && (enabled != null)) { - promises.push(setUserProperty(user, 'UserEnabled', enabled)); - } - if ((passwd !== undefined) && (passwd != null)) { - promises.push(setUserPassword(user, passwd)); - } - if ((newUser !== undefined) && (newUser != null)) { - promises.push(renameUser(user, newUser)); - } - $q.all(promises).then( - function(results) { - deferred.resolve(results); - }, - function(errors) { - deferred.reject(errors); - }); - return deferred.promise; + var data = {}; + if ((newUser !== undefined) && (newUser != null)) { + data['UserName'] = newUser; + } + if ((role !== undefined) && (role != null)) { + data['RoleId'] = role; + } + if ((enabled !== undefined) && (enabled != null)) { + data['Enabled'] = enabled; } + if ((passwd !== undefined) && (passwd != null)) { + data['Password'] = passwd; + } + return $http({ + method: 'PATCH', + url: DataService.getHost() + + '/redfish/v1/AccountService/Accounts/' + user, + withCredentials: true, + data: data + }); }, deleteUser: function(user) { - if (DataService.configJson.redfishSupportEnabled == true) { - return $http({ - method: 'DELETE', - url: DataService.getHost() + - '/redfish/v1/AccountService/Accounts/' + user, - withCredentials: true, - }); - } else { - return $http({ - method: 'POST', - url: DataService.getHost() + '/xyz/openbmc_project/user/' + - user + '/action/Delete', - withCredentials: true, - data: JSON.stringify({'data': []}) - }) - .then(function(response) { - return response.data; - }); - } + return $http({ + method: 'DELETE', + url: DataService.getHost() + + '/redfish/v1/AccountService/Accounts/' + user, + withCredentials: true, + }); }, chassisPowerOff: function() { var deferred = $q.defer(); |