New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support Redfish PasswordChangeRequired #103
Comments
The initial commit for this is ready to review. This commit is intended to be used by the web application to know when when an expired password was presented during login, so the web app can present the password change dialog. This commit does not have all the changes needed to actually change the expired password, and I am working on a follow commit. See the gerrit review commit message for more details: https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/25146 This was unit tested on a QEMU Romulus system with the following script:
The server failed to allow the user to change their own expired password. The next commit will allow this. |
Working on the updated design proposal to allow users to use
Bash helper functions to help unit test
Unit test script
==> Interesting test result: When an Admin user DELETEs a session which is subject to PasswordChangeRequired handling, the HTTP response message contains the resource it successfully deleted, namely the Session including the PasswordChangeRequired extended message. In this case, it is ambiguous if the PasswordChangeRequired message refers to the session which was deleted or to the DELETE request itself. |
Per the code review comments, removed the special case code to handle PATCH the Password property in |
The Password change REST API |
PasswordChangeRequired merged with https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/29136 |
This issue is to track efforts to implement the Redfish PasswordChangeRequired handling in BMCWeb.
The PasswordChangeRequired handling is new in the Redfish Spec DSP0266 with version 1.7.0 dated 2019-05-16, in section 13.2.6.1 ("Password change required handling")
Background:
So the main idea is to enhance BMCWeb to recognize when the user's password is correct but expired, and create a Redfish session which has only the Redfish ConfigureSelf privilege.
The text was updated successfully, but these errors were encountered: