MFA Bypass: Change the error returned (#1144)

When any user tries to bypass MFA for self, before setting up the secret key, currently "Operation Not Allowed" error is thrown. But the right error here should be "GenerateSecretKeyRequired". All other operaions was also returning the latter. Tested By: ''' PATCH -d '{"MFABypass":{"BypassTypes":["GoogleAuthenticator"]}}' https://${bmc}/redfish/v1/AccountService/Accounts/<username> -H "Content-Type: application/json" ''' Signed-off-by: Asmitha Karunanithi <[email protected]>
ibm-openbmc · Feb 11, 2025 · 5f88ee7 · 5f88ee7
1 parent 7d56dde
commit 5f88ee7
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/redfish-core/lib/account_service.hpp b/redfish-core/lib/account_service.hpp
@@ -1353,7 +1353,9 @@ inline void processAccountUpdate(
     if (mfaBypass && userSession && userSession->isConfigureSelfOnly)
     {
         BMCWEB_LOG_ERROR("Bypassing MFA for self is not allowed");
-        messages::operationNotAllowed(asyncResp->res);
+        boost::urls::url accountUri = boost::urls::format(
+            "/redfish/v1/AccountService/Accounts/{}", username);
+        messages::generateSecretKeyRequired(asyncResp->res, accountUri);
         return;
     }