open-vault/ui/mirage/handlers/mfa-config.js

172 lines
5.5 KiB
JavaScript
Raw Normal View History

MFA Config (#15200) * adds mirage factories for mfa methods and login enforcement * adds mirage handler for mfa config endpoints * adds mirage identity manager for uuids * updates mfa test to use renamed mfaLogin mirage handler * updates mfa login workflow for push methods (#15214) * MFA Login Enforcement Model (#15244) * adds mfa login enforcement model, adapter and serializer * updates mfa methods to hasMany realtionship and transforms property names * updates login enforcement adapter to use urlForQuery over buildURL * Model for mfa method (#15218) * Model for mfa method * Added adapter and serializer for mfa method - Updated mfa method model - Basic route to handle list view - Added MFA to access nav * Show landing page if methods are not configured * Updated adapter,serializer - Backend is adding new endpoint to list all the mfa methods * Updated landing page - Added MFA diagram - Created helper to resolve full path for assets like images * Remove ember assign * Fixed failing test * MFA method and enforcement list view (#15353) * MFA method and enforcement list view - Added new route for list views - List mfa methods along with id, type and icon - Added client side pagination to list views * Throw error if method id is not present * MFA Login Enforcement Form (#15410) * adds mfa login enforcement form and header components and radio card component * skips login enforcement form tests for now * adds jsdoc annotations for mfa-login-enforcement-header component * adds error handling when fetching identity targets in login enforcement form component * updates radio-card label elements * MFA Login Enforcement Create and Edit routes (#15422) * adds mfa login enforcement form and header components and radio card component * skips login enforcement form tests for now * updates to login enforcement form to fix issues hydrating methods and targets from model when editing * updates to mfa-config mirage handler and login enforcement handler * fixes issue with login enforcement serializer normalizeItems method throwing error on save * updates to mfa route structure * adds login enforcement create and edit routes * MFA Login Enforcement Read Views (#15462) * adds login enforcement read views * skip mfa-method-list-item test for now * MFA method form (#15432) * MFA method form - Updated model for form attributes - Form for editing, creating mfa methods * Added comments * Update model for mfa method * Refactor buildURL in mfa method adapter * Update adapter to handle mfa create * Fixed adapter to handle create mfa response * Sidebranch: MFA end user setup (#15273) * initial setup of components and route * fix navbar * replace parent component with controller * use auth service to return entity id * adapter and some error handling: * clean up adapter and handle warning * wip * use library for qrCode generation * clear warning and QR code display fix * flow for restart setup * add documentation * clean up * fix warning issue * handle root user * remove comment * update copy * fix margin * address comment * MFA Guided Setup Route (#15479) * adds mfa method create route with type selection workflow * updates mfa method create route links to use DocLink component * MFA Guided Setup Config View (#15486) * adds mfa guided setup config view * resets type query param on mfa method create route exit * hide next button if type is not selected in mfa method create route * updates to sure correct state when changing mfa method type in guided setup * Enforcement view at MFA method level (#15485) - List enforcements for each mfa method - Delete MFA method if no enforcements are present - Moved method, enforcement list item component to mfa folder * MFA Login Enforcement Validations (#15498) * adds model and form validations for mfa login enforcements * updates mfa login enforcement validation messages * updates validation message for mfa login enforcement targets * adds transition action to configure mfa button on landing page * unset enforcement on preference change in mfa guided setup workflow * Added validations for mfa method model (#15506) * UI/mfa breadcrumbs and small fixes (#15499) * add active class when on index * breadcrumbs * remove box-shadow to match designs * fix refresh load mfa-method * breadcrumb create * add an empty state the enforcements list view * change to beforeModel * UI/mfa small bugs (#15522) * remove pagintion and fix on methods list view * fix enforcements * Fix label for value on radio-card (#15542) * MFA Login Enforcement Component Tests (#15539) * adds tests for mfa-login-enforcement-header component * adds tests for mfa-login-enforcement-form component * Remove default values from mfa method model (#15540) - use passcode had a default value, as a result it was being sent with all the mfa method types during save and edit flows.. * UI/mfa small cleanup (#15549) * data-test-mleh -> data-test-mfa * Only one label per radio card * Remove unnecessary async * Simplify boolean logic * Make mutation clear * Revert "data-test-mleh -> data-test-mfa" This reverts commit 31430df7bb42580a976d082667cb6ed1f09c3944. * updates mfa login enforcement form to only display auth method types for current mounts as targets (#15547) * remove token type (#15548) * remove token type * conditional param * removes type from mfa method payload and fixes bug transitioning to method route on save success * removes punctuation from mfa form error message string match * updates qr-code component invocation to angle bracket * Re-trigger CI jobs with empty commit Co-authored-by: Arnav Palnitkar <arnav@hashicorp.com> Co-authored-by: Angel Garbarino <Monkeychip@users.noreply.github.com> Co-authored-by: Chelsea Shaw <82459713+hashishaw@users.noreply.github.com> Co-authored-by: Michele Degges <mdeggies@gmail.com>
2022-05-21 00:40:16 +00:00
import { Response } from 'miragejs';
export default function (server) {
const methods = ['totp', 'duo', 'okta', 'pingid'];
const required = {
totp: ['issuer'],
duo: ['secret_key', 'integration_key', 'api_hostname'],
okta: ['org_name', 'api_token'],
pingid: ['settings_file_base64'],
};
const validate = (type, data, cb) => {
if (!methods.includes(type)) {
return new Response(400, {}, { errors: [`Method ${type} not found`] });
}
if (data) {
const missing = required[type].reduce((params, key) => {
if (!data[key]) {
params.push(key);
}
return params;
}, []);
if (missing.length) {
return new Response(400, {}, { errors: [`Missing required parameters: [${missing.join(', ')}]`] });
}
}
return cb();
};
const dbKeyFromType = (type) => `mfa${type.charAt(0).toUpperCase()}${type.slice(1)}Methods`;
const generateListResponse = (schema, isMethod) => {
let records = [];
if (isMethod) {
methods.forEach((method) => {
records.addObjects(schema.db[dbKeyFromType(method)].where({}));
});
} else {
records = schema.db.mfaLoginEnforcements.where({});
}
// seed the db with a few records if none exist
if (!records.length) {
if (isMethod) {
methods.forEach((type) => {
records.push(server.create(`mfa-${type}-method`));
});
} else {
records = server.createList('mfa-login-enforcement', 4).toArray();
}
}
const dataKey = isMethod ? 'id' : 'name';
const data = records.reduce(
(resp, record) => {
resp.key_info[record[dataKey]] = record;
resp.keys.push(record[dataKey]);
return resp;
},
{
key_info: {},
keys: [],
}
);
return { data };
};
// list methods
server.get('/identity/mfa/method/', (schema) => {
return generateListResponse(schema, true);
});
// fetch method by id
server.get('/identity/mfa/method/:id', (schema, { params: { id } }) => {
let record;
for (const method of methods) {
record = schema.db[dbKeyFromType(method)].find(id);
if (record) {
break;
}
}
// inconvenient when testing edit route to return a 404 on refresh since mirage memory is cleared
// flip this variable to test 404 state if needed
const shouldError = false;
// create a new record so data is always returned
if (!record && !shouldError) {
return { data: server.create('mfa-totp-method') };
}
return !record ? new Response(404, {}, { errors: [] }) : { data: record };
});
// create method
server.post('/identity/mfa/method/:type', (schema, { params: { type }, requestBody }) => {
const data = JSON.parse(requestBody);
return validate(type, data, () => {
const record = server.create(`mfa-${type}-method`, data);
return { data: { method_id: record.id } };
});
});
// update method
server.put('/identity/mfa/method/:type/:id', (schema, { params: { type, id }, requestBody }) => {
const data = JSON.parse(requestBody);
return validate(type, data, () => {
schema.db[dbKeyFromType(type)].update(id, data);
return {};
});
});
// delete method
server.delete('/identity/mfa/method/:type/:id', (schema, { params: { type, id } }) => {
return validate(type, null, () => {
schema.db[dbKeyFromType(type)].remove(id);
return {};
});
});
// list enforcements
server.get('/identity/mfa/login-enforcement', (schema) => {
return generateListResponse(schema);
});
// fetch enforcement by name
server.get('/identity/mfa/login-enforcement/:name', (schema, { params: { name } }) => {
const record = schema.db.mfaLoginEnforcements.findBy({ name });
// inconvenient when testing edit route to return a 404 on refresh since mirage memory is cleared
// flip this variable to test 404 state if needed
const shouldError = false;
// create a new record so data is always returned
if (!record && !shouldError) {
return { data: server.create('mfa-login-enforcement', { name }) };
}
return !record ? new Response(404, {}, { errors: [] }) : { data: record };
});
// create/update enforcement
server.post('/identity/mfa/login-enforcement/:name', (schema, { params: { name }, requestBody }) => {
const data = JSON.parse(requestBody);
// at least one method id is required
if (!data.mfa_method_ids?.length) {
return new Response(400, {}, { errors: ['missing method ids'] });
}
// at least one of the following targets is required
const required = [
'auth_method_accessors',
'auth_method_types',
'identity_group_ids',
'identity_entity_ids',
];
let hasRequired = false;
for (let key of required) {
if (data[key]?.length) {
hasRequired = true;
break;
}
}
if (!hasRequired) {
return new Response(
400,
{},
{
errors: [
'One of auth_method_accessors, auth_method_types, identity_group_ids, identity_entity_ids must be specified',
],
}
);
}
if (schema.db.mfaLoginEnforcements.findBy({ name })) {
schema.db.mfaLoginEnforcements.update({ name }, data);
} else {
schema.db.mfaLoginEnforcements.insert(data);
}
return { ...data, id: data.name };
});
// delete enforcement
server.delete('/identity/mfa/login-enforcement/:name', (schema, { params: { name } }) => {
schema.db.mfaLoginEnforcements.remove({ name });
return {};
});
}