From cf64eab6a65c661ca819de455a2ce6b4847d2a80 Mon Sep 17 00:00:00 2001
From: Chelsea Shaw <82459713+hashishaw@users.noreply.github.com>
Date: Thu, 28 Jul 2022 12:05:08 -0500
Subject: [PATCH] Backport UI: Fix JWT Auth login into 1.10.6 (#16477)

* Add acceptance test for JWT login flow

* Apply change & changelog
---
 changelog/16466.txt                         |  3 +
 ui/app/components/auth-form.js              |  7 +-
 ui/tests/acceptance/jwt-auth-method-test.js | 92 +++++++++++++++++++++
 3 files changed, 98 insertions(+), 4 deletions(-)
 create mode 100644 changelog/16466.txt
 create mode 100644 ui/tests/acceptance/jwt-auth-method-test.js

diff --git a/changelog/16466.txt b/changelog/16466.txt
new file mode 100644
index 0000000000000..1b5fb3c7970e9
--- /dev/null
+++ b/changelog/16466.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+ui: Fix issue logging in with JWT auth method
+```
diff --git a/ui/app/components/auth-form.js b/ui/app/components/auth-form.js
index f39c43cf9743e..995a3459ee09d 100644
--- a/ui/app/components/auth-form.js
+++ b/ui/app/components/auth-form.js
@@ -259,10 +259,9 @@ export default Component.extend(DEFAULTS, {
       this.setProperties({
         error: null,
       });
-      // if callback from oidc or jwt we have a token at this point
-      let backend = ['oidc', 'jwt'].includes(this.providerName)
-        ? this.getAuthBackend('token')
-        : this.selectedAuthBackend || {};
+      // if callback from oidc we have a token at this point
+      let backend =
+        this.providerName === 'oidc' ? this.getAuthBackend('token') : this.selectedAuthBackend || {};
       let backendMeta = BACKENDS.find(
         (b) => (b.type || '').toLowerCase() === (backend.type || '').toLowerCase()
       );
diff --git a/ui/tests/acceptance/jwt-auth-method-test.js b/ui/tests/acceptance/jwt-auth-method-test.js
new file mode 100644
index 0000000000000..6e5d4d0321715
--- /dev/null
+++ b/ui/tests/acceptance/jwt-auth-method-test.js
@@ -0,0 +1,92 @@
+import { module, test } from 'qunit';
+import { setupApplicationTest } from 'ember-qunit';
+import { click, visit, fillIn } from '@ember/test-helpers';
+import { setupMirage } from 'ember-cli-mirage/test-support';
+import sinon from 'sinon';
+import { Response } from 'miragejs';
+import { ERROR_JWT_LOGIN } from 'vault/components/auth-jwt';
+
+module('Acceptance | jwt auth method', function (hooks) {
+  setupApplicationTest(hooks);
+  setupMirage(hooks);
+
+  hooks.beforeEach(function () {
+    this.stub = sinon.stub();
+    this.server.post(
+      '/auth/:path/oidc/auth_url',
+      () =>
+        new Response(
+          400,
+          { 'Content-Type': 'application/json' },
+          JSON.stringify({ errors: [ERROR_JWT_LOGIN] })
+        )
+    );
+    this.server.get('/auth/foo/oidc/callback', () => ({
+      auth: { client_token: 'root' },
+    }));
+  });
+
+  test('it works correctly with default name and no role', async function (assert) {
+    assert.expect(6);
+    this.server.post('/auth/jwt/login', (schema, req) => {
+      const { jwt, role } = JSON.parse(req.requestBody);
+      assert.ok(true, 'request made to auth/jwt/login after submit');
+      assert.equal(jwt, 'my-test-jwt-token', 'JWT token is sent in body');
+      assert.equal(role, undefined, 'role is not sent in body when not filled in');
+      req.passthrough();
+    });
+    await visit('/vault/auth');
+    await fillIn('[data-test-select="auth-method"]', 'jwt');
+    assert.dom('[data-test-role]').exists({ count: 1 }, 'Role input exists');
+    assert.dom('[data-test-jwt]').exists({ count: 1 }, 'JWT input exists');
+    await fillIn('[data-test-jwt]', 'my-test-jwt-token');
+    await click('[data-test-auth-submit]');
+    assert.dom('[data-test-error]').exists('Failed login');
+  });
+
+  test('it works correctly with default name and a role', async function (assert) {
+    assert.expect(7);
+    this.server.post('/auth/jwt/login', (schema, req) => {
+      const { jwt, role } = JSON.parse(req.requestBody);
+      assert.ok(true, 'request made to auth/jwt/login after login');
+      assert.equal(jwt, 'my-test-jwt-token', 'JWT token is sent in body');
+      assert.equal(role, 'some-role', 'role is sent in the body when filled in');
+      req.passthrough();
+    });
+    await visit('/vault/auth');
+    await fillIn('[data-test-select="auth-method"]', 'jwt');
+    assert.dom('[data-test-role]').exists({ count: 1 }, 'Role input exists');
+    assert.dom('[data-test-jwt]').exists({ count: 1 }, 'JWT input exists');
+    await fillIn('[data-test-role]', 'some-role');
+    await fillIn('[data-test-jwt]', 'my-test-jwt-token');
+    assert.dom('[data-test-jwt]').exists({ count: 1 }, 'JWT input exists');
+    await click('[data-test-auth-submit]');
+    assert.dom('[data-test-error]').exists('Failed login');
+  });
+
+  test('it works correctly with custom endpoint and a role', async function (assert) {
+    assert.expect(6);
+    this.server.get('/sys/internal/ui/mounts', () => ({
+      data: {
+        auth: {
+          'test-jwt/': { description: '', options: {}, type: 'jwt' },
+        },
+      },
+    }));
+    this.server.post('/auth/test-jwt/login', (schema, req) => {
+      const { jwt, role } = JSON.parse(req.requestBody);
+      assert.ok(true, 'request made to auth/custom-jwt-login after login');
+      assert.equal(jwt, 'my-test-jwt-token', 'JWT token is sent in body');
+      assert.equal(role, 'some-role', 'role is sent in body when filled in');
+      req.passthrough();
+    });
+    await visit('/vault/auth');
+    await click('[data-test-auth-method-link="jwt"]');
+    assert.dom('[data-test-role]').exists({ count: 1 }, 'Role input exists');
+    assert.dom('[data-test-jwt]').exists({ count: 1 }, 'JWT input exists');
+    await fillIn('[data-test-role]', 'some-role');
+    await fillIn('[data-test-jwt]', 'my-test-jwt-token');
+    await click('[data-test-auth-submit]');
+    assert.dom('[data-test-error]').exists('Failed login');
+  });
+});