Commit graph

25 commits

Author SHA1 Message Date
Luiz Aoqui cacfb8e380
Revert "refact: conditional checks for token secret before fetch (#14134)" (#14381)
This reverts commit b9fec224bac4c0d6b3a2d699367913526fe1aa31.
2022-08-29 15:20:26 -04:00
Jai 08c15b8497
refact: conditional checks for token secret before fetch (#14134)
* refact: conditional checks for token secret before fetch

* refact: guard all authRawReq calls

* refact: safe-guard integration tests
2022-08-17 11:12:43 -04:00
Georges-Etienne Legendre 864be37c73
Fix Exec not working with reverse proxy X-Nomad-Token (#12925)
* Capture token secret on fetch

* Fix tests

* Fix lint errors
2022-05-10 13:42:12 -04:00
Jai Bhagat c4bc5ab352 ui: fix auto-fixable linting errors 2022-01-20 09:46:45 -05:00
Georges-Etienne Legendre d057025ce6
Capture ACL Token from self API call for Reverse Proxy use-case (#10563)
* Proposed fix for #10561

Signed-off-by: Georges-Etienne Legendre <legege@legege.com>

* Add acceptance tests for reverse proxy use-case

Signed-off-by: Georges-Etienne Legendre <legege@legege.com>

* Use reads instead of computed/get

Signed-off-by: Georges-Etienne Legendre <legege@legege.com>

* Move back the line closer to the task

Signed-off-by: Georges-Etienne Legendre <legege@legege.com>

* skip a11y-audit-called lint rule on reverse proxy tests

Co-authored-by: Luiz Aoqui <luiz@hashicorp.com>
2021-07-12 20:42:08 -04:00
Buck Doyle 6d67e90763
Add exchange of one-time token on UI load (#10066)
This adds UI support for receiving the one-time token passed via query parameter, as in #10134
and related PRs, and exchanging it for its corresponding secret ID. When this works, it’s mostly
invisible, with a brief flash of the OTT onscreen.

The authentication failure message now suggests the -authenticate flag.

When OTT exchange fails, it shows a whole-page error.

This includes a known UX shortcoming in that the OTT will not disappear from the URL when an
identifier is specified on the command line, like nomad ui -authenticate jobname. The goal is to
address that shortcoming in a forthcoming pull request.
2021-04-01 13:21:30 -05:00
Buck Doyle e9e52e0dfe
Update Ember/Ember CLI to 3.20 (#9641)
This doesn’t include Ember Data, as we are still back on 3.12.

Most changes are deprecation updates, linting fixes, and dependencies. It can
be read commit-by-commit, though many of them are mechanical and skimmable.
For the new linting exclusions, I’ve added them to the Tech Debt list.

The decrease in test count is because linting is no longer included in ember test.

There’s a new deprecation warning in the logs that can be fixed by updating Ember
Power Select but when I tried that it caused it to render incorrectly, so I decided to
ignore it for now and address it separately.
2021-02-17 15:01:44 -06:00
Michael Lange f487562955 Don't include the region param in authorizedRequest if it's already in the URL 2021-02-01 09:54:46 -08:00
Buck Doyle 6efc64818b Add fixes for ESLint getter-return
…I GUESS
2020-06-10 16:18:56 -05:00
Buck Doyle 89136cbf6a Add massaged results of class codemod
Manual interventions:
• decorators on the same line for service and controller
  injections and most computed property macros
• preserving import order when possible, both per-line
  and intra-line
• moving new imports to the bottom
• removal of classic decorator for trivial cases
• conversion of init to constructor when appropriate
2020-06-10 16:18:42 -05:00
Buck Doyle 1cca7abcab
Add Ember ESLint plugin (#8134)
This is extracted from #8094, where I have run into some snags. Since
these ESLint fixes aren’t actually connected to the Ember 3.16 update
but involve changes to many files, we might as well address them
separately. Where possible I fixed the problems but in cases where
a fix seemed too involved, I added per-line or -file exceptions.
2020-06-09 16:03:28 -05:00
Michael Lange 9ba563c48e Always pass credential in fetch requests, but also treat options reasonably
Now options can be provided without also having to remember to pass
credentials. This is convenient for abort controller signals.
2020-04-29 17:34:49 -07:00
Michael Lange 59897f9716 Handle the case where ACLs aren't enabled in abilities 2020-01-31 09:41:36 -08:00
Michael Lange 175f80da16 Fix token referencing from the token controller, as well as resetting 2020-01-31 09:41:35 -08:00
Buck Doyle 66ab14144a
ui: Change Run Job availability based on ACLs (#5944)
This builds on API changes in #6017 and #6021 to conditionally turn off the
“Run Job” button based on the current token’s capabilities, or the capabilities
of the anonymous policy if no token is present.

If you try to visit the job-run route directly, it redirects to the job list.
2020-01-20 14:57:01 -06:00
Michael Lange 4736803a24 ES5 getters codemod 2019-04-10 14:54:36 -07:00
Michael Lange 0eb5e61e36 Switch token storage to localStorage from sessionStorage 2018-08-28 10:05:15 -07:00
Michael Lange 3180e57138 Only deal with the region param (in the app and in api calls) when necessary 2018-08-09 18:22:39 -07:00
Michael Lange 0cfeba49d7 Add the region qp to all requests made through the token service 2018-08-09 18:22:38 -07:00
Michael Lange 1107798da6 Use the new ember modules imports
Generated with a codemode:
https://github.com/ember-cli/ember-modules-codemod
2018-01-17 09:02:04 -08:00
Michael Schurter 7a77fc69ce Include credentials in fetch requests
Fixes #3701

Relevant spec section:
https://fetch.spec.whatwg.org/#concept-request-credentials-mode
2018-01-08 12:18:03 -08:00
Michael Lange d7df5712f9 Prefer native fetch 2017-11-21 11:22:41 -08:00
Michael Lange 85f66ffa94 Use /acl/token/self instead of /acl/token/:accessor_id 2017-10-16 13:27:52 -07:00
Michael Lange 3bb0a9779c Make sure to qualify requests made outside of adapters 2017-10-11 13:45:03 -07:00
Alex Dadgar e5ec915ac3 sync 2017-09-19 10:08:23 -05:00