open-vault/ui/tests/integration/components/auth-form-test.js

import { moduleForComponent, test } from 'ember-qunit';
import { supportedAuthBackends } from 'vault/helpers/supported-auth-backends';
import Ember from 'ember';
import wait from 'ember-test-helpers/wait';
import hbs from 'htmlbars-inline-precompile';
import sinon from 'sinon';
import Pretender from 'pretender';
import { create } from 'ember-cli-page-object';
import authForm from '../../pages/components/auth-form';

const component = create(authForm);
const BACKENDS = supportedAuthBackends();

const authService = Ember.Service.extend({
  authenticate() {
    return Ember.$.getJSON('http://localhost:2000');
  },
});

const workingAuthService = Ember.Service.extend({
  authenticate() {
    return Ember.RSVP.resolve({});
  },
  setLastFetch() {},
});

const routerService = Ember.Service.extend({
  transitionTo() {
    return Ember.RSVP.resolve();
  },
  replaceWith() {
    return Ember.RSVP.resolve();
  },
});
moduleForComponent('auth-form', 'Integration | Component | auth form', {
  integration: true,
  beforeEach() {
    Ember.getOwner(this).lookup('service:csp-event').attach();
    component.setContext(this);
    this.register('service:router', routerService);
    this.inject.service('router');
  },

  afterEach() {
    Ember.getOwner(this).lookup('service:csp-event').remove();
    component.removeContext();
  },
});

const CSP_ERR_TEXT = `Error This is a standby Vault node but can't communicate with the active node via request forwarding. Sign in at the active node to use the Vault UI.`;
test('it renders error on CSP violation', function(assert) {
  this.register('service:auth', authService);
  this.inject.service('auth');
  this.set('cluster', Ember.Object.create({ standby: true }));
  this.set('selectedAuth', 'token');
  this.render(hbs`{{auth-form cluster=cluster selectedAuth=selectedAuth}}`);
  assert.equal(component.errorText, '');
  component.login();
  // because this is an ember-concurrency backed service,
  // we have to manually force settling the run queue
  Ember.run.later(() => Ember.run.cancelTimers(), 50);
  return wait().then(() => {
    assert.equal(component.errorText, CSP_ERR_TEXT);
  });
});

test('it renders with vault style errors', function(assert) {
  let server = new Pretender(function() {
    this.get('/v1/auth/**', () => {
      return [
        400,
        { 'Content-Type': 'application/json' },
        JSON.stringify({
          errors: ['Not allowed'],
        }),
      ];
    });
  });

  this.set('cluster', Ember.Object.create({}));
  this.set('selectedAuth', 'token');
  this.render(hbs`{{auth-form cluster=cluster selectedAuth=selectedAuth}}`);
  return component.login().then(() => {
    assert.equal(component.errorText, 'Error Authentication failed: Not allowed');
    server.shutdown();
  });
});

test('it renders AdapterError style errors', function(assert) {
  let server = new Pretender(function() {
    this.get('/v1/auth/**', () => {
      return [400, { 'Content-Type': 'application/json' }];
    });
  });

  this.set('cluster', Ember.Object.create({}));
  this.set('selectedAuth', 'token');
  this.render(hbs`{{auth-form cluster=cluster selectedAuth=selectedAuth}}`);
  return component.login().then(() => {
    assert.equal(component.errorText, 'Error Authentication failed: Bad Request');
    server.shutdown();
  });
});

test('it renders all the supported tabs when no methods are passed', function(assert) {
  this.render(hbs`{{auth-form cluster=cluster}}`);
  assert.equal(component.tabs.length, BACKENDS.length, 'renders a tab for every backend');
});

test('it renders all the supported methods and Other tab when methods are present', function(assert) {
  let methods = [
    {
      type: 'userpass',
      id: 'foo',
      path: 'foo/',
    },
    {
      type: 'approle',
      id: 'approle',
      path: 'approle/',
    },
  ];
  this.set('methods', methods);

  this.render(hbs`{{auth-form cluster=cluster methods=methods}}`);
  assert.equal(component.tabs.length, 2, 'renders a tab for userpass and Other');
  assert.equal(component.tabs.objectAt(0).name, 'foo', 'uses the path in the label');
  assert.equal(component.tabs.objectAt(1).name, 'Other', 'second tab is the Other tab');
});

test('it calls authorize with the correct path', function(assert) {
  this.register('service:auth', workingAuthService);
  this.inject.service('auth');
  let authSpy = sinon.spy(this.get('auth'), 'authenticate');
  let methods = [
    {
      type: 'userpass',
      id: 'foo',
      path: 'foo/',
    },
  ];
  this.set('methods', methods);
  this.set('selectedAuth', 'foo/');

  this.render(hbs`{{auth-form cluster=cluster methods=methods selectedAuth=selectedAuth}}`);
  component.login();

  return wait().then(() => {
    assert.ok(authSpy.calledOnce, 'a call to authenticate was made');
    let { data } = authSpy.getCall(0).args[0];
    assert.equal(data.path, methods[0].id, 'uses the id for the path');
    authSpy.restore();
  });
});

test('it renders all the supported methods when no supported methods are present in passed methods', function(
  assert
) {
  let methods = [
    {
      type: 'approle',
      id: 'approle',
      path: 'approle/',
    },
  ];
  this.set('methods', methods);
  this.render(hbs`{{auth-form cluster=cluster methods=methods}}`);
  assert.equal(component.tabs.length, BACKENDS.length, 'renders a tab for every backend');
});

test('it makes a request to unwrap if passed a wrappedToken and logs in', function(assert) {
  this.register('service:auth', workingAuthService);
  this.inject.service('auth');
  let authSpy = sinon.spy(this.get('auth'), 'authenticate');
  let server = new Pretender(function() {
    this.post('/v1/sys/wrapping/unwrap', () => {
      return [
        200,
        { 'Content-Type': 'application/json' },
        JSON.stringify({
          auth: {
            client_token: '12345',
          },
        }),
      ];
    });
  });

  let wrappedToken = '54321';
  this.set('wrappedToken', wrappedToken);
  this.render(hbs`{{auth-form cluster=cluster wrappedToken=wrappedToken}}`);
  Ember.run.later(() => Ember.run.cancelTimers(), 50);
  return wait().then(() => {
    assert.equal(server.handledRequests[0].url, '/v1/sys/wrapping/unwrap', 'makes call to unwrap the token');
    assert.equal(
      server.handledRequests[0].requestHeaders['X-Vault-Token'],
      wrappedToken,
      'uses passed wrapped token for the unwrap'
    );
    assert.ok(authSpy.calledOnce, 'a call to authenticate was made');
    server.shutdown();
    authSpy.restore();
  });
});

test('it shows an error if unwrap errors', function(assert) {
  let server = new Pretender(function() {
    this.post('/v1/sys/wrapping/unwrap', () => {
      return [
        400,
        { 'Content-Type': 'application/json' },
        JSON.stringify({
          errors: ['There was an error unwrapping!'],
        }),
      ];
    });
  });

  this.set('wrappedToken', '54321');
  this.render(hbs`{{auth-form cluster=cluster wrappedToken=wrappedToken}}`);
  Ember.run.later(() => Ember.run.cancelTimers(), 50);

  return wait().then(() => {
    assert.equal(
      component.errorText,
      'Error Token unwrap failed: There was an error unwrapping!',
      'shows the error'
    );
    server.shutdown();
  });
});
Ui request forwarding error (#4275) * add ember-cli-content-security-policy * only enable client side CSP when not in production - the go side handles this otherwise * add service that handles and stores CSP violations via the securitypolicyviolation event * update auth form component to show a specialized message when there's a CSP error * move to computed prop for showing the CSP error message * fix typos 2018-04-05 21:36:33 +00:00			`import { moduleForComponent, test } from 'ember-qunit';`
UI - unauthed login methods (#4854) * fetch auth methods when going to the auth route and pass them to the auth form component * add boolean editType for form-fields * look in the data hash in the serializer * remove renderInPlace for info-tooltips as it does something goofy with widths * add new fields for auth methods * fix console refresh command on routes that use lazyPaginatedQuery * add wrapped_token param that logs you in via the token backend and show other backends if your list contains supported ones * handle casing when looking up supported backends * change listingVisibility to match the new API * move wrapped_token up to the vault route level so it works from the app root 2018-07-05 18:28:12 +00:00			`import { supportedAuthBackends } from 'vault/helpers/supported-auth-backends';`
Ui request forwarding error (#4275) * add ember-cli-content-security-policy * only enable client side CSP when not in production - the go side handles this otherwise * add service that handles and stores CSP violations via the securitypolicyviolation event * update auth form component to show a specialized message when there's a CSP error * move to computed prop for showing the CSP error message * fix typos 2018-04-05 21:36:33 +00:00			`import Ember from 'ember';`
			`import wait from 'ember-test-helpers/wait';`
			`import hbs from 'htmlbars-inline-precompile';`
UI - unauthed login methods (#4854) * fetch auth methods when going to the auth route and pass them to the auth form component * add boolean editType for form-fields * look in the data hash in the serializer * remove renderInPlace for info-tooltips as it does something goofy with widths * add new fields for auth methods * fix console refresh command on routes that use lazyPaginatedQuery * add wrapped_token param that logs you in via the token backend and show other backends if your list contains supported ones * handle casing when looking up supported backends * change listingVisibility to match the new API * move wrapped_token up to the vault route level so it works from the app root 2018-07-05 18:28:12 +00:00			`import sinon from 'sinon';`
Ui request forwarding error (#4275) * add ember-cli-content-security-policy * only enable client side CSP when not in production - the go side handles this otherwise * add service that handles and stores CSP violations via the securitypolicyviolation event * update auth form component to show a specialized message when there's a CSP error * move to computed prop for showing the CSP error message * fix typos 2018-04-05 21:36:33 +00:00			`import Pretender from 'pretender';`
			`import { create } from 'ember-cli-page-object';`
			`import authForm from '../../pages/components/auth-form';`

			`const component = create(authForm);`
UI - unauthed login methods (#4854) * fetch auth methods when going to the auth route and pass them to the auth form component * add boolean editType for form-fields * look in the data hash in the serializer * remove renderInPlace for info-tooltips as it does something goofy with widths * add new fields for auth methods * fix console refresh command on routes that use lazyPaginatedQuery * add wrapped_token param that logs you in via the token backend and show other backends if your list contains supported ones * handle casing when looking up supported backends * change listingVisibility to match the new API * move wrapped_token up to the vault route level so it works from the app root 2018-07-05 18:28:12 +00:00			`const BACKENDS = supportedAuthBackends();`
Ui request forwarding error (#4275) * add ember-cli-content-security-policy * only enable client side CSP when not in production - the go side handles this otherwise * add service that handles and stores CSP violations via the securitypolicyviolation event * update auth form component to show a specialized message when there's a CSP error * move to computed prop for showing the CSP error message * fix typos 2018-04-05 21:36:33 +00:00
			`const authService = Ember.Service.extend({`
			`authenticate() {`
			`return Ember.$.getJSON('http://localhost:2000');`
			`},`
			`});`

UI - unauthed login methods (#4854) * fetch auth methods when going to the auth route and pass them to the auth form component * add boolean editType for form-fields * look in the data hash in the serializer * remove renderInPlace for info-tooltips as it does something goofy with widths * add new fields for auth methods * fix console refresh command on routes that use lazyPaginatedQuery * add wrapped_token param that logs you in via the token backend and show other backends if your list contains supported ones * handle casing when looking up supported backends * change listingVisibility to match the new API * move wrapped_token up to the vault route level so it works from the app root 2018-07-05 18:28:12 +00:00			`const workingAuthService = Ember.Service.extend({`
			`authenticate() {`
			`return Ember.RSVP.resolve({});`
			`},`
			`setLastFetch() {},`
			`});`

			`const routerService = Ember.Service.extend({`
			`transitionTo() {`
			`return Ember.RSVP.resolve();`
			`},`
			`replaceWith() {`
			`return Ember.RSVP.resolve();`
			`},`
			`});`
Ui request forwarding error (#4275) * add ember-cli-content-security-policy * only enable client side CSP when not in production - the go side handles this otherwise * add service that handles and stores CSP violations via the securitypolicyviolation event * update auth form component to show a specialized message when there's a CSP error * move to computed prop for showing the CSP error message * fix typos 2018-04-05 21:36:33 +00:00			`moduleForComponent('auth-form', 'Integration \| Component \| auth form', {`
			`integration: true,`
			`beforeEach() {`
			`Ember.getOwner(this).lookup('service:csp-event').attach();`
			`component.setContext(this);`
UI - unauthed login methods (#4854) * fetch auth methods when going to the auth route and pass them to the auth form component * add boolean editType for form-fields * look in the data hash in the serializer * remove renderInPlace for info-tooltips as it does something goofy with widths * add new fields for auth methods * fix console refresh command on routes that use lazyPaginatedQuery * add wrapped_token param that logs you in via the token backend and show other backends if your list contains supported ones * handle casing when looking up supported backends * change listingVisibility to match the new API * move wrapped_token up to the vault route level so it works from the app root 2018-07-05 18:28:12 +00:00			`this.register('service:router', routerService);`
			`this.inject.service('router');`
Ui request forwarding error (#4275) * add ember-cli-content-security-policy * only enable client side CSP when not in production - the go side handles this otherwise * add service that handles and stores CSP violations via the securitypolicyviolation event * update auth form component to show a specialized message when there's a CSP error * move to computed prop for showing the CSP error message * fix typos 2018-04-05 21:36:33 +00:00			`},`

			`afterEach() {`
			`Ember.getOwner(this).lookup('service:csp-event').remove();`
			`component.removeContext();`
			`},`
			`});`

			const CSP_ERR_TEXT = `Error This is a standby Vault node but can't communicate with the active node via request forwarding. Sign in at the active node to use the Vault UI.`;
			`test('it renders error on CSP violation', function(assert) {`
			`this.register('service:auth', authService);`
			`this.inject.service('auth');`
			`this.set('cluster', Ember.Object.create({ standby: true }));`
UI - unauthed login methods (#4854) * fetch auth methods when going to the auth route and pass them to the auth form component * add boolean editType for form-fields * look in the data hash in the serializer * remove renderInPlace for info-tooltips as it does something goofy with widths * add new fields for auth methods * fix console refresh command on routes that use lazyPaginatedQuery * add wrapped_token param that logs you in via the token backend and show other backends if your list contains supported ones * handle casing when looking up supported backends * change listingVisibility to match the new API * move wrapped_token up to the vault route level so it works from the app root 2018-07-05 18:28:12 +00:00			`this.set('selectedAuth', 'token');`
			this.render(hbs`{{auth-form cluster=cluster selectedAuth=selectedAuth}}`);
Ui request forwarding error (#4275) * add ember-cli-content-security-policy * only enable client side CSP when not in production - the go side handles this otherwise * add service that handles and stores CSP violations via the securitypolicyviolation event * update auth form component to show a specialized message when there's a CSP error * move to computed prop for showing the CSP error message * fix typos 2018-04-05 21:36:33 +00:00			`assert.equal(component.errorText, '');`
UI - transit update (#4298) * use waitForEvent for the CSP service as @alisdair suggested * Secrets engine not secret engine * move algorithm -> hash_algorithm and add support for picking signature_algorithm for RSA keys when signing or verifying in transit 2018-04-09 21:50:36 +00:00			`component.login();`
			`// because this is an ember-concurrency backed service,`
			`// we have to manually force settling the run queue`
			`Ember.run.later(() => Ember.run.cancelTimers(), 50);`
			`return wait().then(() => {`
Ui request forwarding error (#4275) * add ember-cli-content-security-policy * only enable client side CSP when not in production - the go side handles this otherwise * add service that handles and stores CSP violations via the securitypolicyviolation event * update auth form component to show a specialized message when there's a CSP error * move to computed prop for showing the CSP error message * fix typos 2018-04-05 21:36:33 +00:00			`assert.equal(component.errorText, CSP_ERR_TEXT);`
			`});`
			`});`

			`test('it renders with vault style errors', function(assert) {`
			`let server = new Pretender(function() {`
			`this.get('/v1/auth/**', () => {`
			`return [`
			`400,`
			`{ 'Content-Type': 'application/json' },`
			`JSON.stringify({`
			`errors: ['Not allowed'],`
			`}),`
			`];`
			`});`
			`});`

			`this.set('cluster', Ember.Object.create({}));`
UI - unauthed login methods (#4854) * fetch auth methods when going to the auth route and pass them to the auth form component * add boolean editType for form-fields * look in the data hash in the serializer * remove renderInPlace for info-tooltips as it does something goofy with widths * add new fields for auth methods * fix console refresh command on routes that use lazyPaginatedQuery * add wrapped_token param that logs you in via the token backend and show other backends if your list contains supported ones * handle casing when looking up supported backends * change listingVisibility to match the new API * move wrapped_token up to the vault route level so it works from the app root 2018-07-05 18:28:12 +00:00			`this.set('selectedAuth', 'token');`
			this.render(hbs`{{auth-form cluster=cluster selectedAuth=selectedAuth}}`);
Ui request forwarding error (#4275) * add ember-cli-content-security-policy * only enable client side CSP when not in production - the go side handles this otherwise * add service that handles and stores CSP violations via the securitypolicyviolation event * update auth form component to show a specialized message when there's a CSP error * move to computed prop for showing the CSP error message * fix typos 2018-04-05 21:36:33 +00:00			`return component.login().then(() => {`
			`assert.equal(component.errorText, 'Error Authentication failed: Not allowed');`
			`server.shutdown();`
			`});`
			`});`

			`test('it renders AdapterError style errors', function(assert) {`
			`let server = new Pretender(function() {`
			`this.get('/v1/auth/**', () => {`
			`return [400, { 'Content-Type': 'application/json' }];`
			`});`
			`});`

			`this.set('cluster', Ember.Object.create({}));`
UI - unauthed login methods (#4854) * fetch auth methods when going to the auth route and pass them to the auth form component * add boolean editType for form-fields * look in the data hash in the serializer * remove renderInPlace for info-tooltips as it does something goofy with widths * add new fields for auth methods * fix console refresh command on routes that use lazyPaginatedQuery * add wrapped_token param that logs you in via the token backend and show other backends if your list contains supported ones * handle casing when looking up supported backends * change listingVisibility to match the new API * move wrapped_token up to the vault route level so it works from the app root 2018-07-05 18:28:12 +00:00			`this.set('selectedAuth', 'token');`
			this.render(hbs`{{auth-form cluster=cluster selectedAuth=selectedAuth}}`);
Ui request forwarding error (#4275) * add ember-cli-content-security-policy * only enable client side CSP when not in production - the go side handles this otherwise * add service that handles and stores CSP violations via the securitypolicyviolation event * update auth form component to show a specialized message when there's a CSP error * move to computed prop for showing the CSP error message * fix typos 2018-04-05 21:36:33 +00:00			`return component.login().then(() => {`
			`assert.equal(component.errorText, 'Error Authentication failed: Bad Request');`
			`server.shutdown();`
			`});`
			`});`
UI - unauthed login methods (#4854) * fetch auth methods when going to the auth route and pass them to the auth form component * add boolean editType for form-fields * look in the data hash in the serializer * remove renderInPlace for info-tooltips as it does something goofy with widths * add new fields for auth methods * fix console refresh command on routes that use lazyPaginatedQuery * add wrapped_token param that logs you in via the token backend and show other backends if your list contains supported ones * handle casing when looking up supported backends * change listingVisibility to match the new API * move wrapped_token up to the vault route level so it works from the app root 2018-07-05 18:28:12 +00:00
			`test('it renders all the supported tabs when no methods are passed', function(assert) {`
			this.render(hbs`{{auth-form cluster=cluster}}`);
			`assert.equal(component.tabs.length, BACKENDS.length, 'renders a tab for every backend');`
			`});`

			`test('it renders all the supported methods and Other tab when methods are present', function(assert) {`
			`let methods = [`
			`{`
			`type: 'userpass',`
			`id: 'foo',`
			`path: 'foo/',`
			`},`
			`{`
			`type: 'approle',`
			`id: 'approle',`
			`path: 'approle/',`
			`},`
			`];`
			`this.set('methods', methods);`

			this.render(hbs`{{auth-form cluster=cluster methods=methods}}`);
			`assert.equal(component.tabs.length, 2, 'renders a tab for userpass and Other');`
			`assert.equal(component.tabs.objectAt(0).name, 'foo', 'uses the path in the label');`
			`assert.equal(component.tabs.objectAt(1).name, 'Other', 'second tab is the Other tab');`
			`});`

UI unauthenticated auth method login (#4972) * fix unauthenticated auth form * make sure to redirect if you're already authed * add the ability to build in a welcome message at build time 2018-07-20 21:48:25 +00:00			`test('it calls authorize with the correct path', function(assert) {`
			`this.register('service:auth', workingAuthService);`
			`this.inject.service('auth');`
			`let authSpy = sinon.spy(this.get('auth'), 'authenticate');`
			`let methods = [`
			`{`
			`type: 'userpass',`
			`id: 'foo',`
			`path: 'foo/',`
			`},`
			`];`
			`this.set('methods', methods);`
			`this.set('selectedAuth', 'foo/');`

			this.render(hbs`{{auth-form cluster=cluster methods=methods selectedAuth=selectedAuth}}`);
			`component.login();`

			`return wait().then(() => {`
			`assert.ok(authSpy.calledOnce, 'a call to authenticate was made');`
			`let { data } = authSpy.getCall(0).args[0];`
			`assert.equal(data.path, methods[0].id, 'uses the id for the path');`
			`authSpy.restore();`
			`});`
			`});`

UI - unauthed login methods (#4854) * fetch auth methods when going to the auth route and pass them to the auth form component * add boolean editType for form-fields * look in the data hash in the serializer * remove renderInPlace for info-tooltips as it does something goofy with widths * add new fields for auth methods * fix console refresh command on routes that use lazyPaginatedQuery * add wrapped_token param that logs you in via the token backend and show other backends if your list contains supported ones * handle casing when looking up supported backends * change listingVisibility to match the new API * move wrapped_token up to the vault route level so it works from the app root 2018-07-05 18:28:12 +00:00			`test('it renders all the supported methods when no supported methods are present in passed methods', function(`
			`assert`
			`) {`
			`let methods = [`
			`{`
			`type: 'approle',`
			`id: 'approle',`
			`path: 'approle/',`
			`},`
			`];`
			`this.set('methods', methods);`
			this.render(hbs`{{auth-form cluster=cluster methods=methods}}`);
			`assert.equal(component.tabs.length, BACKENDS.length, 'renders a tab for every backend');`
			`});`

			`test('it makes a request to unwrap if passed a wrappedToken and logs in', function(assert) {`
			`this.register('service:auth', workingAuthService);`
			`this.inject.service('auth');`
			`let authSpy = sinon.spy(this.get('auth'), 'authenticate');`
			`let server = new Pretender(function() {`
			`this.post('/v1/sys/wrapping/unwrap', () => {`
			`return [`
			`200,`
			`{ 'Content-Type': 'application/json' },`
			`JSON.stringify({`
			`auth: {`
			`client_token: '12345',`
			`},`
			`}),`
			`];`
			`});`
			`});`

			`let wrappedToken = '54321';`
			`this.set('wrappedToken', wrappedToken);`
			this.render(hbs`{{auth-form cluster=cluster wrappedToken=wrappedToken}}`);
			`Ember.run.later(() => Ember.run.cancelTimers(), 50);`
			`return wait().then(() => {`
			`assert.equal(server.handledRequests[0].url, '/v1/sys/wrapping/unwrap', 'makes call to unwrap the token');`
			`assert.equal(`
			`server.handledRequests[0].requestHeaders['X-Vault-Token'],`
			`wrappedToken,`
			`'uses passed wrapped token for the unwrap'`
			`);`
			`assert.ok(authSpy.calledOnce, 'a call to authenticate was made');`
			`server.shutdown();`
			`authSpy.restore();`
			`});`
			`});`

			`test('it shows an error if unwrap errors', function(assert) {`
			`let server = new Pretender(function() {`
			`this.post('/v1/sys/wrapping/unwrap', () => {`
			`return [`
			`400,`
			`{ 'Content-Type': 'application/json' },`
			`JSON.stringify({`
			`errors: ['There was an error unwrapping!'],`
			`}),`
			`];`
			`});`
			`});`

			`this.set('wrappedToken', '54321');`
			this.render(hbs`{{auth-form cluster=cluster wrappedToken=wrappedToken}}`);
			`Ember.run.later(() => Ember.run.cancelTimers(), 50);`

			`return wait().then(() => {`
			`assert.equal(`
			`component.errorText,`
			`'Error Token unwrap failed: There was an error unwrapping!',`
			`'shows the error'`
			`);`
			`server.shutdown();`
			`});`
			`});`