open-vault/ui/app/models/mfa-method.js

169 lines
4.3 KiB
JavaScript
Raw Normal View History

MFA Config (#15200) * adds mirage factories for mfa methods and login enforcement * adds mirage handler for mfa config endpoints * adds mirage identity manager for uuids * updates mfa test to use renamed mfaLogin mirage handler * updates mfa login workflow for push methods (#15214) * MFA Login Enforcement Model (#15244) * adds mfa login enforcement model, adapter and serializer * updates mfa methods to hasMany realtionship and transforms property names * updates login enforcement adapter to use urlForQuery over buildURL * Model for mfa method (#15218) * Model for mfa method * Added adapter and serializer for mfa method - Updated mfa method model - Basic route to handle list view - Added MFA to access nav * Show landing page if methods are not configured * Updated adapter,serializer - Backend is adding new endpoint to list all the mfa methods * Updated landing page - Added MFA diagram - Created helper to resolve full path for assets like images * Remove ember assign * Fixed failing test * MFA method and enforcement list view (#15353) * MFA method and enforcement list view - Added new route for list views - List mfa methods along with id, type and icon - Added client side pagination to list views * Throw error if method id is not present * MFA Login Enforcement Form (#15410) * adds mfa login enforcement form and header components and radio card component * skips login enforcement form tests for now * adds jsdoc annotations for mfa-login-enforcement-header component * adds error handling when fetching identity targets in login enforcement form component * updates radio-card label elements * MFA Login Enforcement Create and Edit routes (#15422) * adds mfa login enforcement form and header components and radio card component * skips login enforcement form tests for now * updates to login enforcement form to fix issues hydrating methods and targets from model when editing * updates to mfa-config mirage handler and login enforcement handler * fixes issue with login enforcement serializer normalizeItems method throwing error on save * updates to mfa route structure * adds login enforcement create and edit routes * MFA Login Enforcement Read Views (#15462) * adds login enforcement read views * skip mfa-method-list-item test for now * MFA method form (#15432) * MFA method form - Updated model for form attributes - Form for editing, creating mfa methods * Added comments * Update model for mfa method * Refactor buildURL in mfa method adapter * Update adapter to handle mfa create * Fixed adapter to handle create mfa response * Sidebranch: MFA end user setup (#15273) * initial setup of components and route * fix navbar * replace parent component with controller * use auth service to return entity id * adapter and some error handling: * clean up adapter and handle warning * wip * use library for qrCode generation * clear warning and QR code display fix * flow for restart setup * add documentation * clean up * fix warning issue * handle root user * remove comment * update copy * fix margin * address comment * MFA Guided Setup Route (#15479) * adds mfa method create route with type selection workflow * updates mfa method create route links to use DocLink component * MFA Guided Setup Config View (#15486) * adds mfa guided setup config view * resets type query param on mfa method create route exit * hide next button if type is not selected in mfa method create route * updates to sure correct state when changing mfa method type in guided setup * Enforcement view at MFA method level (#15485) - List enforcements for each mfa method - Delete MFA method if no enforcements are present - Moved method, enforcement list item component to mfa folder * MFA Login Enforcement Validations (#15498) * adds model and form validations for mfa login enforcements * updates mfa login enforcement validation messages * updates validation message for mfa login enforcement targets * adds transition action to configure mfa button on landing page * unset enforcement on preference change in mfa guided setup workflow * Added validations for mfa method model (#15506) * UI/mfa breadcrumbs and small fixes (#15499) * add active class when on index * breadcrumbs * remove box-shadow to match designs * fix refresh load mfa-method * breadcrumb create * add an empty state the enforcements list view * change to beforeModel * UI/mfa small bugs (#15522) * remove pagintion and fix on methods list view * fix enforcements * Fix label for value on radio-card (#15542) * MFA Login Enforcement Component Tests (#15539) * adds tests for mfa-login-enforcement-header component * adds tests for mfa-login-enforcement-form component * Remove default values from mfa method model (#15540) - use passcode had a default value, as a result it was being sent with all the mfa method types during save and edit flows.. * UI/mfa small cleanup (#15549) * data-test-mleh -> data-test-mfa * Only one label per radio card * Remove unnecessary async * Simplify boolean logic * Make mutation clear * Revert "data-test-mleh -> data-test-mfa" This reverts commit 31430df7bb42580a976d082667cb6ed1f09c3944. * updates mfa login enforcement form to only display auth method types for current mounts as targets (#15547) * remove token type (#15548) * remove token type * conditional param * removes type from mfa method payload and fixes bug transitioning to method route on save success * removes punctuation from mfa form error message string match * updates qr-code component invocation to angle bracket * Re-trigger CI jobs with empty commit Co-authored-by: Arnav Palnitkar <arnav@hashicorp.com> Co-authored-by: Angel Garbarino <Monkeychip@users.noreply.github.com> Co-authored-by: Chelsea Shaw <82459713+hashishaw@users.noreply.github.com> Co-authored-by: Michele Degges <mdeggies@gmail.com>
2022-05-21 00:40:16 +00:00
import Model, { attr } from '@ember-data/model';
import { capitalize } from '@ember/string';
import { expandAttributeMeta } from 'vault/utils/field-to-attrs';
import { withModelValidations } from 'vault/decorators/model-validations';
import { isPresent } from '@ember/utils';
const METHOD_PROPS = {
common: [],
duo: ['username_format', 'secret_key', 'integration_key', 'api_hostname', 'push_info', 'use_passcode'],
okta: ['username_format', 'mount_accessor', 'org_name', 'api_token', 'base_url', 'primary_email'],
totp: ['issuer', 'period', 'key_size', 'qr_size', 'algorithm', 'digits', 'skew', 'max_validation_attempts'],
pingid: [
'username_format',
'settings_file_base64',
'use_signature',
'idp_url',
'admin_url',
'authenticator_url',
'org_alias',
],
};
const REQUIRED_PROPS = {
duo: ['secret_key', 'integration_key', 'api_hostname'],
okta: ['org_name', 'api_token'],
totp: ['issuer'],
pingid: ['settings_file_base64'],
};
const validators = Object.keys(REQUIRED_PROPS).reduce((obj, type) => {
REQUIRED_PROPS[type].forEach((prop) => {
obj[`${prop}`] = [
{
message: `${prop.replace(/_/g, ' ')} is required`,
validator(model) {
return model.type === type ? isPresent(model[prop]) : true;
},
},
];
});
return obj;
}, {});
@withModelValidations(validators)
export default class MfaMethod extends Model {
// common
@attr('string') type;
@attr('string', {
label: 'Username format',
subText: 'How to map identity names to MFA method names. ',
})
username_format;
@attr('string', {
label: 'Namespace',
})
namespace_id;
@attr('string') mount_accessor;
// PING ID
@attr('string', {
label: 'Settings file',
subText: 'A base-64 encoded third party setting file retrieved from the PingIDs configuration page.',
})
settings_file_base64;
@attr('boolean') use_signature;
@attr('string') idp_url;
@attr('string') admin_url;
@attr('string') authenticator_url;
@attr('string') org_alias;
// OKTA
@attr('string', {
label: 'Organization name',
subText: 'Name of the organization to be used in the Okta API.',
})
org_name;
@attr('string', {
label: 'Okta API key',
})
api_token;
@attr('string', {
label: 'Base URL',
subText:
'If set, will be used as the base domain for API requests. Example are okta.com, oktapreview.com and okta-emea.com.',
})
base_url;
@attr('boolean') primary_email;
// DUO
@attr('string', {
label: 'Duo secret key',
sensitive: true,
})
secret_key;
@attr('string', {
label: 'Duo integration key',
sensitive: true,
})
integration_key;
@attr('string', {
label: 'Duo API hostname',
})
api_hostname;
@attr('string', {
label: 'Duo push information',
subText: 'Additional information displayed to the user when the push is presented to them.',
})
push_info;
@attr('boolean', {
label: 'Passcode reminder',
subText: 'If this is turned on, the user is reminded to use the passcode upon MFA validation.',
})
use_passcode;
// TOTP
@attr('string', {
label: 'Issuer',
subText: 'The human-readable name of the keys issuing organization.',
})
issuer;
@attr({
label: 'Period',
editType: 'ttl',
subText: 'How long each generated TOTP is valid.',
})
period;
@attr('number', {
label: 'Key size',
subText: 'The size in bytes of the Vault generated key.',
})
key_size;
@attr('number', {
label: 'QR size',
subText: 'The pixel size of the generated square QR code.',
})
qr_size;
@attr('string', {
label: 'Algorithm',
possibleValues: ['SHA1', 'SHA256', 'SHA512'],
subText: 'The hashing algorithm used to generate the TOTP code.',
})
algorithm;
@attr('number', {
label: 'Digits',
possibleValues: [6, 8],
subText: 'The number digits in the generated TOTP code.',
})
digits;
@attr('number', {
label: 'Skew',
possibleValues: [0, 1],
subText: 'The number of delay periods allowed when validating a TOTP token.',
})
skew;
@attr('number') max_validation_attempts;
get name() {
return this.type === 'totp' ? this.type.toUpperCase() : capitalize(this.type);
}
get formFields() {
return [...METHOD_PROPS.common, ...METHOD_PROPS[this.type]];
}
get attrs() {
return expandAttributeMeta(this, this.formFields);
}
}