ge-aerospace/pxe-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Monitor: drop AESFMA-connected from Phase 1 done; webapp: LAPS endpoint

Browse Source 
1. Phase 1 done gate was requiring 'AESFMA WLAN connected' in addition
   to the data-side signals (AAD + Intune + EmTask + baseline). If the
   bay never reached AESFMA (cert never landed, RADIUS unreachable),
   Phase 1 stayed IN PROGRESS forever even though Intune registration
   was actually complete. Reverting to the data-side-only definition.

2. New webapp endpoint POST /imaging/<serial>/laps stores a LAPS
   password in the session JSON so it survives the 5s dashboard
   auto-refresh. Empty body clears the field. Daily reset of the
   server (cron/restart) is the lifetime cap on stored passwords.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
cproudlock
2026-05-14 19:53:05 -04:00
parent 1b7e1bfee4
commit 894305e906
2 changed files with 25 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
webapp/app.py
View File

@@ -495,6 +495,29 @@ def imaging_delete_session(serial):
return redirect(url_for("imaging_dashboard"))
@app.route("/imaging/<serial>/laps", methods=["POST"])
def imaging_set_laps(serial):
"""Save (or clear with empty value) the LAPS password for a bay so it
survives the dashboard's 5s auto-refresh. JSON body: {"password": "..."}.
Empty string removes the field. Daily reset wipes natural risk."""
serial = secure_filename(serial)
body = request.get_json(silent=True) or {}
pw = body.get("password", "")
if not isinstance(pw, str):
return {"ok": False, "error": "password must be string"}, 400
if pw == "":
# Clear by direct read-modify-write since update_session skips empty values.
state = imaging_status.get_session(serial) or {}
if "laps_password" in state:
state.pop("laps_password", None)
# Re-feed everything (minus laps_password) through update_session.
state["serial"] = serial
imaging_status.update_session(state)
return {"ok": True, "cleared": True}
imaging_status.update_session({"serial": serial, "laps_password": pw})
return {"ok": True}
# ---------------------------------------------------------------------------
# Routes - Enrollment Packages
# ---------------------------------------------------------------------------