2023-03-15 16:00:52 +00:00
|
|
|
/**
|
|
|
|
* Copyright (c) HashiCorp, Inc.
|
|
|
|
* SPDX-License-Identifier: MPL-2.0
|
|
|
|
*/
|
|
|
|
|
2022-07-27 20:22:38 +00:00
|
|
|
import { module, test } from 'qunit';
|
|
|
|
import { setupApplicationTest } from 'ember-qunit';
|
|
|
|
import { click, visit, fillIn } from '@ember/test-helpers';
|
|
|
|
import { setupMirage } from 'ember-cli-mirage/test-support';
|
|
|
|
import sinon from 'sinon';
|
|
|
|
import { Response } from 'miragejs';
|
|
|
|
import { ERROR_JWT_LOGIN } from 'vault/components/auth-jwt';
|
|
|
|
|
|
|
|
module('Acceptance | jwt auth method', function (hooks) {
|
|
|
|
setupApplicationTest(hooks);
|
|
|
|
setupMirage(hooks);
|
|
|
|
|
|
|
|
hooks.beforeEach(function () {
|
2022-10-18 15:46:02 +00:00
|
|
|
localStorage.clear(); // ensure that a token isn't stored otherwise visit('/vault/auth') will redirect to secrets
|
2022-07-27 20:22:38 +00:00
|
|
|
this.stub = sinon.stub();
|
|
|
|
this.server.post(
|
|
|
|
'/auth/:path/oidc/auth_url',
|
|
|
|
() =>
|
|
|
|
new Response(
|
|
|
|
400,
|
|
|
|
{ 'Content-Type': 'application/json' },
|
|
|
|
JSON.stringify({ errors: [ERROR_JWT_LOGIN] })
|
|
|
|
)
|
|
|
|
);
|
|
|
|
this.server.get('/auth/foo/oidc/callback', () => ({
|
|
|
|
auth: { client_token: 'root' },
|
|
|
|
}));
|
|
|
|
});
|
|
|
|
|
|
|
|
test('it works correctly with default name and no role', async function (assert) {
|
|
|
|
assert.expect(6);
|
|
|
|
this.server.post('/auth/jwt/login', (schema, req) => {
|
|
|
|
const { jwt, role } = JSON.parse(req.requestBody);
|
|
|
|
assert.ok(true, 'request made to auth/jwt/login after submit');
|
2022-10-18 15:46:02 +00:00
|
|
|
assert.strictEqual(jwt, 'my-test-jwt-token', 'JWT token is sent in body');
|
|
|
|
assert.strictEqual(role, undefined, 'role is not sent in body when not filled in');
|
2022-07-27 20:22:38 +00:00
|
|
|
req.passthrough();
|
|
|
|
});
|
|
|
|
await visit('/vault/auth');
|
|
|
|
await fillIn('[data-test-select="auth-method"]', 'jwt');
|
|
|
|
assert.dom('[data-test-role]').exists({ count: 1 }, 'Role input exists');
|
|
|
|
assert.dom('[data-test-jwt]').exists({ count: 1 }, 'JWT input exists');
|
|
|
|
await fillIn('[data-test-jwt]', 'my-test-jwt-token');
|
|
|
|
await click('[data-test-auth-submit]');
|
|
|
|
assert.dom('[data-test-error]').exists('Failed login');
|
|
|
|
});
|
|
|
|
|
|
|
|
test('it works correctly with default name and a role', async function (assert) {
|
|
|
|
assert.expect(7);
|
|
|
|
this.server.post('/auth/jwt/login', (schema, req) => {
|
|
|
|
const { jwt, role } = JSON.parse(req.requestBody);
|
|
|
|
assert.ok(true, 'request made to auth/jwt/login after login');
|
2022-10-18 15:46:02 +00:00
|
|
|
assert.strictEqual(jwt, 'my-test-jwt-token', 'JWT token is sent in body');
|
|
|
|
assert.strictEqual(role, 'some-role', 'role is sent in the body when filled in');
|
2022-07-27 20:22:38 +00:00
|
|
|
req.passthrough();
|
|
|
|
});
|
|
|
|
await visit('/vault/auth');
|
|
|
|
await fillIn('[data-test-select="auth-method"]', 'jwt');
|
|
|
|
assert.dom('[data-test-role]').exists({ count: 1 }, 'Role input exists');
|
|
|
|
assert.dom('[data-test-jwt]').exists({ count: 1 }, 'JWT input exists');
|
|
|
|
await fillIn('[data-test-role]', 'some-role');
|
|
|
|
await fillIn('[data-test-jwt]', 'my-test-jwt-token');
|
|
|
|
assert.dom('[data-test-jwt]').exists({ count: 1 }, 'JWT input exists');
|
|
|
|
await click('[data-test-auth-submit]');
|
|
|
|
assert.dom('[data-test-error]').exists('Failed login');
|
|
|
|
});
|
|
|
|
|
|
|
|
test('it works correctly with custom endpoint and a role', async function (assert) {
|
|
|
|
assert.expect(6);
|
|
|
|
this.server.get('/sys/internal/ui/mounts', () => ({
|
|
|
|
data: {
|
|
|
|
auth: {
|
|
|
|
'test-jwt/': { description: '', options: {}, type: 'jwt' },
|
|
|
|
},
|
|
|
|
},
|
|
|
|
}));
|
|
|
|
this.server.post('/auth/test-jwt/login', (schema, req) => {
|
|
|
|
const { jwt, role } = JSON.parse(req.requestBody);
|
|
|
|
assert.ok(true, 'request made to auth/custom-jwt-login after login');
|
2022-10-18 15:46:02 +00:00
|
|
|
assert.strictEqual(jwt, 'my-test-jwt-token', 'JWT token is sent in body');
|
|
|
|
assert.strictEqual(role, 'some-role', 'role is sent in body when filled in');
|
2022-07-27 20:22:38 +00:00
|
|
|
req.passthrough();
|
|
|
|
});
|
|
|
|
await visit('/vault/auth');
|
|
|
|
await click('[data-test-auth-method-link="jwt"]');
|
|
|
|
assert.dom('[data-test-role]').exists({ count: 1 }, 'Role input exists');
|
|
|
|
assert.dom('[data-test-jwt]').exists({ count: 1 }, 'JWT input exists');
|
|
|
|
await fillIn('[data-test-role]', 'some-role');
|
|
|
|
await fillIn('[data-test-jwt]', 'my-test-jwt-token');
|
|
|
|
await click('[data-test-auth-submit]');
|
|
|
|
assert.dom('[data-test-error]').exists('Failed login');
|
|
|
|
});
|
|
|
|
});
|