From 719734cbbcb54de8b8db9ebe7935d22aad23adb5 Mon Sep 17 00:00:00 2001 From: hc-github-team-secure-vault-core <82990506+hc-github-team-secure-vault-core@users.noreply.github.com> Date: Thu, 28 Jul 2022 15:08:10 -0400 Subject: [PATCH] Backport of UI: Fix JWT Auth Failure to 1.11.2 (#16476) Co-authored-by: Chelsea Shaw <82459713+hashishaw@users.noreply.github.com> --- changelog/16466.txt | 3 + ui/app/components/auth-form.js | 7 +- ui/tests/acceptance/jwt-auth-method-test.js | 92 +++++++++++++++++++++ 3 files changed, 98 insertions(+), 4 deletions(-) create mode 100644 changelog/16466.txt create mode 100644 ui/tests/acceptance/jwt-auth-method-test.js diff --git a/changelog/16466.txt b/changelog/16466.txt new file mode 100644 index 000000000000..1b5fb3c7970e --- /dev/null +++ b/changelog/16466.txt @@ -0,0 +1,3 @@ +```release-note:bug +ui: Fix issue logging in with JWT auth method +``` diff --git a/ui/app/components/auth-form.js b/ui/app/components/auth-form.js index 8497d76ff206..6d4208ce28c6 100644 --- a/ui/app/components/auth-form.js +++ b/ui/app/components/auth-form.js @@ -260,10 +260,9 @@ export default Component.extend(DEFAULTS, { this.setProperties({ error: null, }); - // if callback from oidc or jwt we have a token at this point - let backend = ['oidc', 'jwt'].includes(this.providerName) - ? this.getAuthBackend('token') - : this.selectedAuthBackend || {}; + // if callback from oidc we have a token at this point + let backend = + this.providerName === 'oidc' ? this.getAuthBackend('token') : this.selectedAuthBackend || {}; let backendMeta = BACKENDS.find( (b) => (b.type || '').toLowerCase() === (backend.type || '').toLowerCase() ); diff --git a/ui/tests/acceptance/jwt-auth-method-test.js b/ui/tests/acceptance/jwt-auth-method-test.js new file mode 100644 index 000000000000..6e5d4d032171 --- /dev/null +++ b/ui/tests/acceptance/jwt-auth-method-test.js @@ -0,0 +1,92 @@ +import { module, test } from 'qunit'; +import { setupApplicationTest } from 'ember-qunit'; +import { click, visit, fillIn } from '@ember/test-helpers'; +import { setupMirage } from 'ember-cli-mirage/test-support'; +import sinon from 'sinon'; +import { Response } from 'miragejs'; +import { ERROR_JWT_LOGIN } from 'vault/components/auth-jwt'; + +module('Acceptance | jwt auth method', function (hooks) { + setupApplicationTest(hooks); + setupMirage(hooks); + + hooks.beforeEach(function () { + this.stub = sinon.stub(); + this.server.post( + '/auth/:path/oidc/auth_url', + () => + new Response( + 400, + { 'Content-Type': 'application/json' }, + JSON.stringify({ errors: [ERROR_JWT_LOGIN] }) + ) + ); + this.server.get('/auth/foo/oidc/callback', () => ({ + auth: { client_token: 'root' }, + })); + }); + + test('it works correctly with default name and no role', async function (assert) { + assert.expect(6); + this.server.post('/auth/jwt/login', (schema, req) => { + const { jwt, role } = JSON.parse(req.requestBody); + assert.ok(true, 'request made to auth/jwt/login after submit'); + assert.equal(jwt, 'my-test-jwt-token', 'JWT token is sent in body'); + assert.equal(role, undefined, 'role is not sent in body when not filled in'); + req.passthrough(); + }); + await visit('/vault/auth'); + await fillIn('[data-test-select="auth-method"]', 'jwt'); + assert.dom('[data-test-role]').exists({ count: 1 }, 'Role input exists'); + assert.dom('[data-test-jwt]').exists({ count: 1 }, 'JWT input exists'); + await fillIn('[data-test-jwt]', 'my-test-jwt-token'); + await click('[data-test-auth-submit]'); + assert.dom('[data-test-error]').exists('Failed login'); + }); + + test('it works correctly with default name and a role', async function (assert) { + assert.expect(7); + this.server.post('/auth/jwt/login', (schema, req) => { + const { jwt, role } = JSON.parse(req.requestBody); + assert.ok(true, 'request made to auth/jwt/login after login'); + assert.equal(jwt, 'my-test-jwt-token', 'JWT token is sent in body'); + assert.equal(role, 'some-role', 'role is sent in the body when filled in'); + req.passthrough(); + }); + await visit('/vault/auth'); + await fillIn('[data-test-select="auth-method"]', 'jwt'); + assert.dom('[data-test-role]').exists({ count: 1 }, 'Role input exists'); + assert.dom('[data-test-jwt]').exists({ count: 1 }, 'JWT input exists'); + await fillIn('[data-test-role]', 'some-role'); + await fillIn('[data-test-jwt]', 'my-test-jwt-token'); + assert.dom('[data-test-jwt]').exists({ count: 1 }, 'JWT input exists'); + await click('[data-test-auth-submit]'); + assert.dom('[data-test-error]').exists('Failed login'); + }); + + test('it works correctly with custom endpoint and a role', async function (assert) { + assert.expect(6); + this.server.get('/sys/internal/ui/mounts', () => ({ + data: { + auth: { + 'test-jwt/': { description: '', options: {}, type: 'jwt' }, + }, + }, + })); + this.server.post('/auth/test-jwt/login', (schema, req) => { + const { jwt, role } = JSON.parse(req.requestBody); + assert.ok(true, 'request made to auth/custom-jwt-login after login'); + assert.equal(jwt, 'my-test-jwt-token', 'JWT token is sent in body'); + assert.equal(role, 'some-role', 'role is sent in body when filled in'); + req.passthrough(); + }); + await visit('/vault/auth'); + await click('[data-test-auth-method-link="jwt"]'); + assert.dom('[data-test-role]').exists({ count: 1 }, 'Role input exists'); + assert.dom('[data-test-jwt]').exists({ count: 1 }, 'JWT input exists'); + await fillIn('[data-test-role]', 'some-role'); + await fillIn('[data-test-jwt]', 'my-test-jwt-token'); + await click('[data-test-auth-submit]'); + assert.dom('[data-test-error]').exists('Failed login'); + }); +});