From 189403c5b998ef7708a8efd255781c44a065e960 Mon Sep 17 00:00:00 2001
From: Michael Lange <dingoeatingfuzz@gmail.com>
Date: Wed, 18 Oct 2017 19:04:19 -0700
Subject: [PATCH] Add the acl token as a header to client requests

---
 ui/app/models/allocation.js       | 12 +++++++++---
 ui/tests/acceptance/token-test.js | 13 ++++++++++---
 2 files changed, 19 insertions(+), 6 deletions(-)

diff --git a/ui/app/models/allocation.js b/ui/app/models/allocation.js
index 35aca4e81..81d27a79b 100644
--- a/ui/app/models/allocation.js
+++ b/ui/app/models/allocation.js
@@ -3,12 +3,11 @@ import Model from 'ember-data/model';
 import attr from 'ember-data/attr';
 import { belongsTo } from 'ember-data/relationships';
 import { fragment, fragmentArray } from 'ember-data-model-fragments/attributes';
-import fetch from 'fetch';
 import PromiseObject from '../utils/classes/promise-object';
 import timeout from '../utils/timeout';
 import shortUUIDProperty from '../utils/properties/short-uuid';
 
-const { computed, RSVP } = Ember;
+const { computed, RSVP, inject } = Ember;
 
 const STATUS_ORDER = {
   pending: 1,
@@ -19,6 +18,8 @@ const STATUS_ORDER = {
 };
 
 export default Model.extend({
+  token: inject.service(),
+
   shortId: shortUUIDProperty('id'),
   job: belongsTo('job'),
   node: belongsTo('node'),
@@ -74,7 +75,12 @@ export default Model.extend({
 
     const url = `//${this.get('node.httpAddr')}/v1/client/allocation/${this.get('id')}/stats`;
     return PromiseObject.create({
-      promise: RSVP.Promise.race([fetch(url).then(res => res.json()), timeout(2000)]),
+      promise: RSVP.Promise.race([
+        this.get('token')
+          .authorizedRequest(url)
+          .then(res => res.json()),
+        timeout(2000),
+      ]),
     });
   }),
 
diff --git a/ui/tests/acceptance/token-test.js b/ui/tests/acceptance/token-test.js
index 5f0e35d60..b2347ce9a 100644
--- a/ui/tests/acceptance/token-test.js
+++ b/ui/tests/acceptance/token-test.js
@@ -48,7 +48,7 @@ test('the X-Nomad-Token header gets sent with requests once it is set', function
     assert.ok(server.pretender.handledRequests.length > 1, 'Requests have been made');
 
     server.pretender.handledRequests.forEach(req => {
-      assert.notOk(req.requestHeaders['X-Nomad-Token'], `No token for ${req.url}`);
+      assert.notOk(getHeader(req, 'X-Nomad-Token'), `No token for ${req.url}`);
     });
 
     requestPosition = server.pretender.handledRequests.length;
@@ -68,8 +68,8 @@ test('the X-Nomad-Token header gets sent with requests once it is set', function
     assert.ok(newRequests.length > 1, 'New requests have been made');
 
     // Cross-origin requests can't have a token
-    newRequests.filter(req => !req.url.startsWith('//')).forEach(req => {
-      assert.equal(req.requestHeaders['X-Nomad-Token'], secretId, `Token set for ${req.url}`);
+    newRequests.forEach(req => {
+      assert.equal(getHeader(req, 'X-Nomad-Token'), secretId, `Token set for ${req.url}`);
     });
   });
 });
@@ -199,3 +199,10 @@ test('setting a token clears the store', function(assert) {
   // If jobs are lingering in the store, they would show up
   assert.notOk(find('.job-row'), 'No jobs found');
 });
+
+function getHeader({ requestHeaders }, name) {
+  // Headers are case-insensitive, but object property look up is not
+  return (
+    requestHeaders[name] || requestHeaders[name.toLowerCase()] || requestHeaders[name.toUpperCase()]
+  );
+}