Use auth token when not communicating with bmcweb

Redfish backends other than OpenBMC bmcweb expect clients to authenticate using X-Auth-Token HTTP header as that's the only standard authentication method for Redfish sessions. This code falls back to using the token in case Session creation didn't result in obtaining an XSRF cookie (as should normally happen with bmcweb). Limitations: all WebSocket-based functionality can not work (JS-based NBD Virtual Media, IP KVM, SOL), page reload drops the session and requires to log in again. Tested: logging in, observing Overview and successfully logging out of an AMI MegaRAC BMC. Logging in and navigating around a bmcweb-running system which doesn't have the code to provide cookies for Session POST request (everything works as usual sans WS-based features). Change-Id: I81dc881193440d8d252dcd283b99915bd08c0c5e Signed-off-by: Paul Fertser <[email protected]>
openbmc · Aug 27, 2024 · 09a3b9e · 09a3b9e
1 parent b2acbca
commit 09a3b9e
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 2 deletions.
diff --git a/src/store/api.js b/src/store/api.js
@@ -72,6 +72,9 @@ export default {
   spread(callback) {
     return Axios.spread(callback);
   },
+  set_auth_token(token) {
+    axiosInstance.defaults.headers.common['X-Auth-Token'] = token;
+  },
 };
 
 export const getResponseCount = (responses) => {

diff --git a/src/store/modules/Authentication/AuthenticanStore.js b/src/store/modules/Authentication/AuthenticanStore.js
@@ -11,6 +11,7 @@ const AuthenticationStore = {
     xsrfCookie: Cookies.get('XSRF-TOKEN'),
     isAuthenticatedCookie: Cookies.get('IsAuthenticated'),
     sessionURI: localStorage.getItem('sessionURI'),
+    xAuthToken: null,
   },
   getters: {
     consoleWindow: (state) => state.consoleWindow,
@@ -19,31 +20,43 @@ const AuthenticationStore = {
       // We might have gotten XSRF-TOKEN (and HttpOnly SESSION cookie) by Mutual TLS authentication,
       // without going through explicit Session creation
       return (
-        state.xsrfCookie !== undefined || state.isAuthenticatedCookie == 'true'
+        state.xsrfCookie !== undefined ||
+        state.isAuthenticatedCookie == 'true' ||
+        state.xAuthToken !== null
       );
     },
     // Used to authenticate WebSocket connections via subprotocol value
     token: (state) => state.xsrfCookie,
   },
   mutations: {
-    authSuccess(state, { session }) {
+    authSuccess(state, { session, token }) {
       state.authError = false;
       state.xsrfCookie = Cookies.get('XSRF-TOKEN');
       // Preserve session data across page reloads and browser restarts
       localStorage.setItem('sessionURI', session);
       state.sessionURI = session;
+      // If we didn't get the XSRF cookie it means we are talking to a
+      // Redfish implementation that is not bmcweb. In this case get the token
+      // from headers and send it with the future requests, do not permanently
+      // save anywhere.
+      if (state.xsrfCookie === undefined) {
+        api.set_auth_token(token);
+        state.xAuthToken = token;
+      }
     },
     authError(state, authError = true) {
       state.authError = authError;
     },
     logout(state) {
       Cookies.remove('XSRF-TOKEN');
       Cookies.remove('IsAuthenticated');
+      api.set_auth_token(undefined);
       localStorage.removeItem('storedUsername');
       state.xsrfCookie = undefined;
       state.isAuthenticatedCookie = undefined;
       localStorage.removeItem('sessionURI');
       state.sessionURI = null;
+      state.xAuthToken = null;
       state.consoleWindow = false;
     },
   },
@@ -58,6 +71,7 @@ const AuthenticationStore = {
         .then((response) => {
           commit('authSuccess', {
             session: response.headers['location'],
+            token: response.headers['x-auth-token'],
           });
           return isPasswordExpired(response);
         })