luxolus
/
open-nomad
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity

Merge pull request #4628 from hashicorp/f-ui-use-ls-not-ss-for-tokens 

UI: Use localStorage instead of sessionStorage to store ACL tokens
This commit is contained in:
Michael Lange 2018-08-28 15:27:09 -07:00 committed by GitHub
parent 6a1db58593 0142f97069
commit f641a22e9c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 9 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ui/app/services/token.js
View File

@ -9,13 +9,13 @@ export default Service.extend({
secret: computed({
get() {
return window.sessionStorage.nomadTokenSecret;
return window.localStorage.nomadTokenSecret;
},
set(key, value) {
if (value == null) {
window.sessionStorage.removeItem('nomadTokenSecret');
window.localStorage.removeItem('nomadTokenSecret');
} else {
window.sessionStorage.nomadTokenSecret = value;
window.localStorage.nomadTokenSecret = value;
}
return value;

2
ui/app/templates/settings/tokens.hbs
View File

@ -8,7 +8,7 @@
<div class="columns">
<div class="column">
<h3 class="title is-4">Token Storage</h3>
<p>To protect Secret IDs, tokens are stored client-side in <a href="https://developer.mozilla.org/en-US/docs/Web/API/Window/sessionStorage">session storage</a>. Your ACL token is automatically cleared from storage upon closing your browser window. You can also manually clear your token instead.</p>
<p>Tokens are stored client-side in <a href="https://developer.mozilla.org/en-US/docs/Web/API/Window/localStorage">local storage</a>. This will persist your token across sessions. You can manually clear your token here.</p>
</div>
<div class="column is-centered is-minimum">
<button class="button is-info" {{action "clearTokenProperties"}}>Clear Token</button>

8
ui/tests/acceptance/token-test.js
View File

@ -21,18 +21,18 @@ moduleForAcceptance('Acceptance | tokens', {
},
});
test('the token form sets the token in session storage', function(assert) {
test('the token form sets the token in local storage', function(assert) {
const { secretId } = managementToken;
Tokens.visit();
andThen(() => {
assert.ok(window.sessionStorage.nomadTokenSecret == null, 'No token secret set');
assert.ok(window.localStorage.nomadTokenSecret == null, 'No token secret set');
Tokens.secret(secretId).submit();
andThen(() => {
assert.equal(window.sessionStorage.nomadTokenSecret, secretId, 'Token secret was set');
assert.equal(window.localStorage.nomadTokenSecret, secretId, 'Token secret was set');
});
});
});
@ -91,7 +91,7 @@ test('an error message is shown when authenticating a token fails', function(ass
andThen(() => {
assert.ok(
window.sessionStorage.nomadTokenSecret == null,
window.localStorage.nomadTokenSecret == null,
'Token secret is discarded on failure'
);
assert.ok(Tokens.errorMessage, 'Token error message is shown');

5
ui/tests/helpers/module-for-acceptance.js
View File

@ -6,10 +6,7 @@ import destroyApp from '../helpers/destroy-app';
export default function(name, options = {}) {
module(name, {
beforeEach() {
// Clear session storage (a side effect of token storage)
window.sessionStorage.clear();
// Also clear local storage (a side effect of namespaces and regions)
// Also clear local storage (a side effect of namespaces, regions, and tokens)
window.localStorage.clear();
this.application = startApp();