Use generate endpoint instead of admin-generate during MFA setup (#17932)

* fixes: #17113: Make MFA setup wizard call token based generate endpoint

* add changelog for #17932

* cleanup: bring back .gitkeep

* re trigger ci jobs
This commit is contained in:
Florian Bürgi 2022-11-23 00:05:30 +01:00 committed by GitHub
parent 4129f8a5d0
commit 474482210f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 11 additions and 10 deletions

3
changelog/17932.txt Normal file
View file

@ -0,0 +1,3 @@
```release-note:bug:
UI: Fix "MFA-Setup permission denied error" by using user-token specific MFA generate endpoint instead of admin-generate
```

View file

@ -1,8 +1,8 @@
import ApplicationAdapter from './application'; import ApplicationAdapter from './application';
export default class MfaSetupAdapter extends ApplicationAdapter { export default class MfaSetupAdapter extends ApplicationAdapter {
adminGenerate(data) { currentTokenGenerate(data) {
const url = `/v1/identity/mfa/method/totp/admin-generate`; const url = `/v1/identity/mfa/method/totp/generate`;
return this.ajax(url, 'POST', { data }); return this.ajax(url, 'POST', { data });
} }

View file

@ -29,7 +29,7 @@ export default class MfaSetupStepOne extends Component {
@action @action
async verifyUUID(evt) { async verifyUUID(evt) {
evt.preventDefault(); evt.preventDefault();
const response = await this.postAdminGenerate(); const response = await this.postCurrentTokenGenerate();
if (response === 'stop_progress') { if (response === 'stop_progress') {
this.args.isUUIDVerified(false); this.args.isUUIDVerified(false);
@ -40,15 +40,14 @@ export default class MfaSetupStepOne extends Component {
} }
} }
async postAdminGenerate() { async postCurrentTokenGenerate() {
this.error = ''; this.error = '';
this.warning = ''; this.warning = '';
const adapter = this.store.adapterFor('mfa-setup'); const adapter = this.store.adapterFor('mfa-setup');
let response; let response;
try { try {
response = await adapter.adminGenerate({ response = await adapter.currentTokenGenerate({
entity_id: this.args.entityId,
method_id: this.UUID, // comes from value on the input method_id: this.UUID, // comes from value on the input
}); });
this.args.saveUUIDandQrCode(this.UUID, response.data?.url); this.args.saveUUIDandQrCode(this.UUID, response.data?.url);

View file

@ -7,7 +7,6 @@
<div class="box"> <div class="box">
{{#if (eq this.onStep 1)}} {{#if (eq this.onStep 1)}}
<Mfa::MfaSetupStepOne <Mfa::MfaSetupStepOne
@entityId={{this.entityId}}
@isUUIDVerified={{this.isUUIDVerified}} @isUUIDVerified={{this.isUUIDVerified}}
@restartFlow={{this.restartFlow}} @restartFlow={{this.restartFlow}}
@saveUUIDandQrCode={{this.saveUUIDandQrCode}} @saveUUIDandQrCode={{this.saveUUIDandQrCode}}

View file

@ -50,10 +50,10 @@ module('Acceptance | mfa-setup', function (hooks) {
await click('[data-test-status-link="mfa"]'); await click('[data-test-status-link="mfa"]');
}); });
test('it should login through MFA and post to admin-generate and be able to restart the setup', async function (assert) { test('it should login through MFA and post to generate and be able to restart the setup', async function (assert) {
assert.expect(5); assert.expect(5);
// the network requests required in this test // the network requests required in this test
this.server.post('/identity/mfa/method/totp/admin-generate', (scheme, req) => { this.server.post('/identity/mfa/method/totp/generate', (scheme, req) => {
const json = JSON.parse(req.requestBody); const json = JSON.parse(req.requestBody);
assert.strictEqual(json.method_id, '123', 'sends the UUID value'); assert.strictEqual(json.method_id, '123', 'sends the UUID value');
return { return {
@ -82,7 +82,7 @@ module('Acceptance | mfa-setup', function (hooks) {
test('it should show a warning if you enter in the same UUID without restarting the setup', async function (assert) { test('it should show a warning if you enter in the same UUID without restarting the setup', async function (assert) {
assert.expect(2); assert.expect(2);
// the network requests required in this test // the network requests required in this test
this.server.post('/identity/mfa/method/totp/admin-generate', () => { this.server.post('/identity/mfa/method/totp/generate', () => {
return { return {
data: null, data: null,
warnings: ['Entity already has a secret for MFA method “”'], warnings: ['Entity already has a secret for MFA method “”'],