Use auth token when not communicating with bmcweb

Redfish backends other than OpenBMC bmcweb expect clients to
authenticate using X-Auth-Token HTTP header as that's the only standard
authentication method for Redfish sessions.

This code falls back to using the token in case Session creation didn't
result in obtaining an XSRF cookie (as should normally happen with
bmcweb).

Limitations: all WebSocket-based functionality can not work (JS-based
NBD Virtual Media, IP KVM, SOL), page reload drops the session and
requires to log in again.

Tested: logging in, observing Overview and successfully logging out of
an AMI MegaRAC BMC. Logging in and navigating around a bmcweb-running
system which doesn't have the code to provide cookies for Session POST
request (everything works as usual sans WS-based features).

Change-Id: I81dc881193440d8d252dcd283b99915bd08c0c5e
Signed-off-by: Paul Fertser <[email protected]>

Author: paulfertser

src/store/api.js

@@ -72,6 +72,9 @@ export default {
   spread(callback) {
     return Axios.spread(callback);
   },
+  set_auth_token(token) {
+    axiosInstance.defaults.headers.common['X-Auth-Token'] = token;
+  },
 };
 
 export const getResponseCount = (responses) => {

src/store/modules/Authentication/AuthenticanStore.js

@@ -11,6 +11,7 @@ const AuthenticationStore = {
     xsrfCookie: Cookies.get('XSRF-TOKEN'),
     isAuthenticatedCookie: Cookies.get('IsAuthenticated'),
     sessionURI: localStorage.getItem('sessionURI'),
+    xAuthToken: null,
   },
   getters: {
     consoleWindow: (state) => state.consoleWindow,
@@ -19,31 +20,43 @@ const AuthenticationStore = {
       // We might have gotten XSRF-TOKEN (and HttpOnly SESSION cookie) by Mutual TLS authentication,
       // without going through explicit Session creation
       return (
-        state.xsrfCookie !== undefined || state.isAuthenticatedCookie == 'true'
+        state.xsrfCookie !== undefined ||
+        state.isAuthenticatedCookie == 'true' ||
+        state.xAuthToken !== null
       );
     },
     // Used to authenticate WebSocket connections via subprotocol value
     token: (state) => state.xsrfCookie,
   },
   mutations: {
-    authSuccess(state, { session }) {
+    authSuccess(state, { session, token }) {
       state.authError = false;
       state.xsrfCookie = Cookies.get('XSRF-TOKEN');
       // Preserve session data across page reloads and browser restarts
       localStorage.setItem('sessionURI', session);
       state.sessionURI = session;
+      // If we didn't get the XSRF cookie it means we are talking to a
+      // Redfish implementation that is not bmcweb. In this case get the token
+      // from headers and send it with the future requests, do not permanently
+      // save anywhere.
+      if (state.xsrfCookie === undefined) {
+        api.set_auth_token(token);
+        state.xAuthToken = token;
+      }
     },
     authError(state, authError = true) {
       state.authError = authError;
     },
     logout(state) {
       Cookies.remove('XSRF-TOKEN');
       Cookies.remove('IsAuthenticated');
+      api.set_auth_token(undefined);
       localStorage.removeItem('storedUsername');
       state.xsrfCookie = undefined;
       state.isAuthenticatedCookie = undefined;
       localStorage.removeItem('sessionURI');
       state.sessionURI = null;
+      state.xAuthToken = null;
       state.consoleWindow = false;
     },
   },
@@ -58,6 +71,7 @@ const AuthenticationStore = {
         .then((response) => {
           commit('authSuccess', {
             session: response.headers['location'],
+            token: response.headers['x-auth-token'],
           });
           return isPasswordExpired(response);
         })