Merging upstream commits and fixing vulnerabilities

CHANGELOG.md

@@ -1,6 +1,19 @@
-# 2.3.0 (Unreleased)
-- Allow naming tokens generated from roles
-- Add backend mount description field - https://github.com/djenriquez/vault-ui/pull/105
+# 2.4.0 (unreleased)
+# Features
+- Add KV compatibility #198 
+- Upgrade dependencies #200 
+
+# Bug fixes
+- Fix desktop client icons #199 - #157 
+- Fix issue with favicon #188 
+
+# 2.3.0
+## Features:
+- Refactor PolicyPicker to ItemPicker for general use - #175 
+- Refactor item listing to use a centralized class /w filtering, pagination and sorting by default - #175 + #187 
+- Add backend mount description field - #105
+- Allow self-signed CA certifications - #140
+- Support Okta Authentication Backend - #156 
 
 # 2.2.0
 ## Features

Dockerfile

@@ -1,11 +1,19 @@
-FROM node:7-alpine
+FROM node:8.8-alpine
 
-MAINTAINER Vault-UI Contributors
+LABEL maintainer="Vault-UI Contributors"
 
-ADD . /app
 WORKDIR /app
-RUN yarn install --pure-lockfile --silent && yarn run build-web && npm prune --silent --production && yarn cache clean && rm -f /root/.electron/* 
+COPY . .
+
+RUN yarn install --pure-lockfile --silent && \
+    yarn run build-web && \
+    yarn install --silent --production && \
+    yarn check --verify-tree --production && \
+    yarn global add nodemon && \
+    yarn cache clean && \
+    rm -f /root/.electron/*
 
 EXPOSE 8000
 
-CMD ["yarn", "run", "serve"]
+ENTRYPOINT ["./bin/entrypoint.sh"]
+CMD ["start_app"]

LICENSE

@@ -1,7 +1,7 @@
 BSD 2-Clause License
 
 All contributions by Vault-UI Admins:
-Copyright (c) 2016, Robert Lippens, DJ Enriquez, Alex Unwin
+Copyright (c) 2016, DJ Enriquez, Matteo Sessa, Christopher Pauley, Robert Lippens, Alex Unwin
 All rights reserved.
 
 All other contributions:
@@ -27,4 +27,4 @@ DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
 SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
 CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
 OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

README.md

@@ -3,8 +3,9 @@
          title="Vault-UI" width="64px" align="right" />
 </a>
 
-[![](https://images.microbadger.com/badges/image/djenriquez/vault-ui.svg)](https://microbadger.com/images/djenriquez/vault-ui)
 [![Run Status](https://api.shippable.com/projects/581e7826fbc68c0f00deb0ca/badge?branch=master)](https://app.shippable.com/projects/581e7826fbc68c0f00deb0ca)
+[![](https://images.microbadger.com/badges/image/djenriquez/vault-ui.svg)](https://microbadger.com/images/djenriquez/vault-ui)
+[![Join the chat at https://gitter.im/vault-ui/Lobby](https://badges.gitter.im/vault-ui/Lobby.svg)](https://gitter.im/vault-ui/Lobby)
 
 # Vault-UI
 
@@ -62,11 +63,13 @@ djenriquez/vault-ui
 ```
 
 Supported environment variables:
-- `NODE_TLS_REJECT_UNAUTHORIZED` disable TLS server side validation (ex. vault deployed with self-signed certificate)
-- `VAULT_URL_DEFAULT` will set the default vault endpoint.
-- `VAULT_AUTH_DEFAULT` will set the default authentication method type. See below for supported authentication methods.
-- `VAULT_AUTH_BACKEND_PATH` will set the default backend path. Useful when multiple backends of the same type are mounted on the vault file system.
-- `VAULT_SUPPLIED_TOKEN_HEADER` will instruct Vault-UI to attempt authentication using a token provided by the client in the specified HTTP request header.
+- `PORT` Sets the port for Vault-UI to listen on. (Default 8000)
+- `CUSTOM_CA_CERT` Pass a self-signed certificate that the system should trust.
+- `NODE_TLS_REJECT_UNAUTHORIZED` Disable TLS server side validation. (ex. vault deployed with self-signed certificate). Set to `0` to disable.
+- `VAULT_URL_DEFAULT` Sets the default vault endpoint. Note: protocol part of the url is mandatory. Example: http://10.0.0.1:8200
+- `VAULT_AUTH_DEFAULT` Sets the default authentication method type. See below for supported authentication methods.
+- `VAULT_AUTH_BACKEND_PATH` Sets the default backend path. Useful when multiple backends of the same type are mounted on the vault file system.
+- `VAULT_SUPPLIED_TOKEN_HEADER` Instructs Vault-UI to attempt authentication using a token provided by the client in the specified HTTP request header.
 
 This defaults can be overridden if the user fills out the endpoint and auth method manually.
 
@@ -83,6 +86,7 @@ Current supported management of backend auth methods:
 - [AWS-EC2](https://www.vaultproject.io/docs/auth/aws-ec2.html)
 - [Username & Password](https://www.vaultproject.io/docs/auth/userpass.html)
 - [Token](https://www.vaultproject.io/docs/auth/token.html)
+- [AppRole](https://www.vaultproject.io/docs/auth/approle.html)
 
 In some cases, users might want to use middleware to authenticate into Vault-UI for purposes like SSO. In this case, the `VAULT_SUPPLIED_TOKEN_HEADER` may be populated with the name of the header that contains a token to be used for authentication.
 
@@ -161,7 +165,7 @@ Users have the ability to create and revoke tokens, manage token roles and list
   "path": {
      "auth/token/accessors": {
        "capabilities": [
-         "sudo", 
+         "sudo",
          "list"
        ]
     },
@@ -211,3 +215,6 @@ yarn start
 
 # Licensing
 Vault-UI is licensed under BSD 2-Clause. See [LICENSE](https://github.com/djenriquez/vault-ui/blob/master/LICENSE) for the full license text.
+
+# Donations
+Vault-UI maintainers are humbly accepting [donations](https://github.com/djenriquez/vault-ui/wiki/Donations) as a way of saying thank you!

app/App.jsx

@@ -19,6 +19,8 @@ import GithubAuthBackend from './components/Authentication/Github/Github.jsx';
 import RadiusAuthBackend from './components/Authentication/Radius/Radius.jsx';
 import UserPassAuthBackend from './components/Authentication/UserPass/UserPass.jsx';
 import SecretUnwrapper from './components/shared/Wrapping/Unwrapper';
+import OktaAuthBackend from './components/Authentication/Okta/Okta.jsx';
+import AppRoleAuthBackend from './components/Authentication/AppRole/AppRole.jsx'
 
 // Load here to signal webpack
 import 'flexboxgrid/dist/flexboxgrid.min.css';
@@ -77,13 +79,15 @@ ReactDOM.render((
             <Route path="/login" component={Login} onEnter={checkVaultUiServer} />
             <Route path="/unwrap" component={SecretUnwrapper} />
             <Route path="/" component={App} onEnter={checkAccessToken}>
-                <Route path="/secrets/generic/:namespace(/**)" component={SecretsGeneric} />
+                <Route path="/secrets/:namespace(/**)" component={SecretsGeneric} />
                 <Route path="/auth/token/:namespace" component={TokenAuthBackend} />
                 <Route path="/auth/aws/:namespace(/**)" component={AwsAuthBackend} />
                 <Route path="/auth/aws-ec2/:namespace(/**)" component={AwsEc2AuthBackend} />
                 <Route path="/auth/github/:namespace(/**)" component={GithubAuthBackend} />
                 <Route path="/auth/radius/:namespace(/**)" component={RadiusAuthBackend} />
+                <Route path="/auth/okta/:namespace(/**)" component={OktaAuthBackend} />
                 <Route path="/auth/userpass/:namespace(/**)" component={UserPassAuthBackend} />
+                <Route path="/auth/approle/:namespace(/**)" component={AppRoleAuthBackend} />
                 <Route path="/settings" component={Settings} />
                 <Route path="/responsewrapper" component={ResponseWrapper} />
                 <Route path="/sys/policies(/**)" component={PolicyManager} />

app/components/App/App.jsx

@@ -1,4 +1,5 @@
-import React, { PropTypes } from 'react';
+import React from 'react';
+import PropTypes from 'prop-types';
 import _ from 'lodash';
 import { Tabs, Tab } from 'material-ui/Tabs';
 import Menu from '../shared/Menu/Menu.jsx';
@@ -272,24 +273,26 @@ export default class App extends React.Component {
                 </Tabs>
             </div>
         );
-        return <div>
-            <Snackbar
-                className={styles.snackbar}
-                bodyStyle={this.state.snackbarStyle}
-                open={this.state.snackbarMessage != ''}
-                message={this.state.snackbarMessage}
-                autoHideDuration={3000}
-                onRequestClose={() => this.setState({ snackbarMessage: '' })}
-                onActionTouchTap={() => this.setState({ snackbarMessage: '' })}
-            />
-            {this.state.logoutOpen && this.renderSessionExpDialog()}
-            <Header tokenIdentity={this.state.identity} />
-            <Menu pathname={this.props.location.pathname} />
-            <div id={styles.content}>
-                <Paper zDepth={1}>
-                    {this.props.children || welcome}
-                </Paper>
+        return (
+            <div>
+                <Snackbar
+                    className={styles.snackbar}
+                    bodyStyle={this.state.snackbarStyle}
+                    open={this.state.snackbarMessage != ''}
+                    message={this.state.snackbarMessage}
+                    autoHideDuration={3000}
+                    onRequestClose={() => this.setState({ snackbarMessage: '' })}
+                    onActionTouchTap={() => this.setState({ snackbarMessage: '' })}
+                />
+                {this.state.logoutOpen && this.renderSessionExpDialog()}
+                <Header tokenIdentity={this.state.identity} />
+                <Menu pathname={this.props.location.pathname} />
+                <div id={styles.content}>
+                    <Paper zDepth={1} style={{ 'border-right-style': 'inset' }}>
+                        {this.props.children || welcome}
+                    </Paper>
+                </div>
             </div>
-        </div>
+        )
     }
 }

app/components/App/app.css

@@ -1,9 +1,11 @@
 #content {
     padding-left: 30px;
-    width: calc(100vw - 305px);
-    display: inline-block;
-    margin-left: 250px;
-    margin-top: 80px;
+    width: calc(100vw - 270px);
+    margin-left: 235px;
+    margin-top: 70px;
+    height: calc(100% - 70px);
+    overflow-y: scroll;
+    position: fixed;
 }
 
 .snackbar {