how to use authentication token from the header from login

[manjo-git]

As per the docs https://github.com/openbmc/docs/blob/master/REST-cheatsheet.md

curl returns the SID with the command below. But using the sid in followup commands does not work. May be the documentation is out of date? or what am I doing wrong here ?

$ curl -i -k -H "Content-Type: application/json" -X POST https://${bmc}/login -d "{\"data\": [ \"root\", \"0penBmc\" ] }" HTTP/1.1 200 OK Server: nginx Date: Wed, 13 Feb 2019 07:44:11 GMT Content-Type: application/json Content-Length: 80 Connection: keep-alive Keep-Alive: timeout=5 Set-Cookie: sid="!jO06vHb3/3tbu1H4A+hYXA==?gAJVA3NpZHEBVSAf3Q/UklNfDh4X1j8HOjeZQfuIhSsptVmjnWtHDquoIHEChnEDLg=="; httponly; secure

{ "data": "User 'root' logged in", "message": "200 OK", "status": "ok" }

$ tok='!jO06vHb3/3tbu1H4A+hYXA==?gAJVA3NpZHEBVSAf3Q/UklNfDh4X1j8HOjeZQfuIhSsptVmjnWtHDquoIHEChnEDLg=='

$ echo $tok !jO06vHb3/3tbu1H4A+hYXA==?gAJVA3NpZHEBVSAf3Q/UklNfDh4X1j8HOjeZQfuIhSsptVmjnWtHDquoIHEChnEDLg==

$ curl -H "X-Auth-Token: $tok" -X POST https://${bmc}/xyz/openbmc_project/enumerate curl: (60) SSL certificate problem: self signed certificate More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above.

[spinler]

If you're still using phosphor-rest-server, you don't need to do any token authentication at all. The openbmc master recently moved to using bmcweb as the REST server, and that is where you'll need it.

I attempted to explain that here: https://github.com/openbmc/docs/blob/master/REST-cheatsheet.md#notes-on-authentication, but by all means I won't be offended if you would like to submit a patch to reword it.

[manjo-git]

Sorry but I am a little confused with this BMC. This is on an IBM Witherspoon system. root@witherspoon:~# ps -ef | grep rest 1272 root 0:29 python /usr/sbin/phosphor-gevent rest_dbus --no-ssl 2106 root 0:00 grep rest root@witherspoon:~#

The version has a 2.6-prod in it .. not sure if that means its a 2.6 based?? root@witherspoon:~# cat /var/lib/phosphor-software-manager/pnor/ro/VERSION IBM-witherspoon-ibm-OP9-v2.0.11-2.6-prod op-build-v2.0.11-4-g362008d buildroot-2018.05.1-9-gc99f2ee skiboot-00c8ab5-pdfdccea hostboot-3bf7fcf-pfb5d59d occ-3a505ff linux-4.17.12-openpower1-p23ee713 petitboot-v1.7.3-pf71644b machine-xml-dce824c hostboot-binaries-hw112818a.op920 capp-ucode-p9-dd2-v4 sbe-7aa21f6 hcode-hw112818a.op920 root@witherspoon:~#

But many of the authentication mechanisms dont seem to be working for me.. unless I am using them the wrong way. But following the documentation.. here is what I see.

-- What works -- $ curl -c cjar -b cjar -k -H "Contnt-Type: application/json" -X POST https://${bmc}/login -d "{\"data\": [ \"root\", \"0penBmc\" ] }" { "data": "User 'root' logged in", "message": "200 OK", "status": "ok" }

$ curl -b cjar -k https://${bmc}/xz/openbmc_project/list { "data": [ "/xyz/openbmc_project/time/host", "/xyz/openbmc_project/logging/entry/180", ..... }

-- what does not work --

1. using url as :@host $ curl -k -X GET https://root:0penmc@${bmc}/xyz/openbmc_project/list { "data": { "description": "Login required" }, "message": "401 Unauthorized", "status": "error" }

2. Getting the token, using a JSON dictionary with 'username' and 'password' keys: $ curl -k -H "Content-Type: appliction/json" -X POST https://${bmc}/login -d '{"username" : "root", "password" : "0penBmc"}' { "data": { "description": "Expecting request format { 'data': <type 'list'> }, got '{u'username': u'root', u'password': u'0penBmc'}'" }, "message": "400 Bad Request", "status": "error" }

3. using the data username/password JSON dictionary posted output in my original issue report.

Could you please tell me what I might be doing wrong?

[spinler]

The only one that is valid for you, with a witherspoon with phosphor-rest, is the example you gave that works.