Redfish Protocol Validator report FAIL #57
Comments
|
My guess is the implementation you're testing against doesn't show POST in the Allow response header, but it's hard to tell without any reports or log information. Can you please provide these? |
|
The bmcweb code Allows POST method https://github.com/openbmc/bmcweb/blob/6f8273e49cffdd347c223b9538558edfb05e818a/redfish-core/lib/account_service.hpp#L2137 Its redfish validator test case expecting 405 Please find the console logs below for redfish_validator. DEBUG:root:Account usernames: {'root'} |
|
@chandramohan83 please provide the full debug log. The tool performs inspections of this and other resources to determine what tests is will run and what responses to expect. |
|
There's a bit of a shortcut I see going on for this test. When it creates a temporary user account, it's expecting the transaction to either succeed or fail due to POST not being allowed. The error is very misleading, but it is highlighting a real issue with the service; it's rejecting a valid (at least everything about it looks valid to me) request to create a new user account. Do you know why it's rejecting this payload in the first place?
|
|
It's not rejecting this payload, it is just verifying whether password follows password policy, if not then return passwd_format_error (400) is returning, in our case password must be (minimumlength = 13 characters, minUppecase=1, minLowerCase=1, minSpecialChar=1) |
|
It's not rejecting this payload, it is just verifying whether password follows password policy, if not then return passwd_format_error (400) is returning, in our case password must be (minimulength = 13 characters, minUppecase=1, minSmallCase=1, minSpecialChar=1) |
|
Well, that's still a rejection (responding with a 400 Bad Request is a form of rejecting the request), but that is a reasonable thing to do here... We may need to think about this beyond just this 405 test since not being able to create a new user account is going to impact other tests. |
Describe the bug
Redfish Protocol Validator report FAIL in POST /redfish/v1/AccountService/Accounts
Environment
Enabled TLS
Redfish Protocol Validator Version: 1.1.6
https://github.com/DMTF/Redfish-Protocol-Validator
To Reproduce
Run Redfish Protocol Validator
python3 rf_protocol_validator.py --user root --password 0penBmc
--rhost https://BMC_IP --no-cert-check --avoid-http-redirect --log-level DEBUG
The tool will report
Method POST
Status code 400
URI /redfish/v1/AccountService/Accounts
Message POST request to URI /redfish/v1/AccountService/Accounts failed with 400; expected 405; extended error
Below test case is identified to be returning 400 but expected 405.
POST /redfish/v1/AccountService/Accounts HTTP/1.1\r\nHost: 127.0.0.1:2443\r\nUser-Agent: python-requests/2.28.1\r\nAccept-Encoding: identity\r\nAccept: /\r\nConnection: keep-alive\r\nX-Auth-Token: wcyxd8KgOI0Rd3uERDy3\r\nOData-Version: 4.0\r\nContent-Length: 72\r\nContent-Type: application/json\r\n\r\n'
'{"UserName": "rfpv397e", "Password": "7gCdKlziqi", "RoleId": "ReadOnly"}'
Please provide reason why this test case is expected to be returning 405 not 400 since POST method is allowed by bmcweb for resource provided in this request for account service.
The text was updated successfully, but these errors were encountered: