Use generate endpoint instead of admin-generate during MFA setup (#17932)
* fixes: #17113: Make MFA setup wizard call token based generate endpoint * add changelog for #17932 * cleanup: bring back .gitkeep * re trigger ci jobs
This commit is contained in:
parent
4129f8a5d0
commit
474482210f
3
changelog/17932.txt
Normal file
3
changelog/17932.txt
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
```release-note:bug:
|
||||||
|
UI: Fix "MFA-Setup permission denied error" by using user-token specific MFA generate endpoint instead of admin-generate
|
||||||
|
```
|
|
@ -1,8 +1,8 @@
|
||||||
import ApplicationAdapter from './application';
|
import ApplicationAdapter from './application';
|
||||||
|
|
||||||
export default class MfaSetupAdapter extends ApplicationAdapter {
|
export default class MfaSetupAdapter extends ApplicationAdapter {
|
||||||
adminGenerate(data) {
|
currentTokenGenerate(data) {
|
||||||
const url = `/v1/identity/mfa/method/totp/admin-generate`;
|
const url = `/v1/identity/mfa/method/totp/generate`;
|
||||||
return this.ajax(url, 'POST', { data });
|
return this.ajax(url, 'POST', { data });
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -29,7 +29,7 @@ export default class MfaSetupStepOne extends Component {
|
||||||
@action
|
@action
|
||||||
async verifyUUID(evt) {
|
async verifyUUID(evt) {
|
||||||
evt.preventDefault();
|
evt.preventDefault();
|
||||||
const response = await this.postAdminGenerate();
|
const response = await this.postCurrentTokenGenerate();
|
||||||
|
|
||||||
if (response === 'stop_progress') {
|
if (response === 'stop_progress') {
|
||||||
this.args.isUUIDVerified(false);
|
this.args.isUUIDVerified(false);
|
||||||
|
@ -40,15 +40,14 @@ export default class MfaSetupStepOne extends Component {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
async postAdminGenerate() {
|
async postCurrentTokenGenerate() {
|
||||||
this.error = '';
|
this.error = '';
|
||||||
this.warning = '';
|
this.warning = '';
|
||||||
const adapter = this.store.adapterFor('mfa-setup');
|
const adapter = this.store.adapterFor('mfa-setup');
|
||||||
let response;
|
let response;
|
||||||
|
|
||||||
try {
|
try {
|
||||||
response = await adapter.adminGenerate({
|
response = await adapter.currentTokenGenerate({
|
||||||
entity_id: this.args.entityId,
|
|
||||||
method_id: this.UUID, // comes from value on the input
|
method_id: this.UUID, // comes from value on the input
|
||||||
});
|
});
|
||||||
this.args.saveUUIDandQrCode(this.UUID, response.data?.url);
|
this.args.saveUUIDandQrCode(this.UUID, response.data?.url);
|
||||||
|
|
|
@ -7,7 +7,6 @@
|
||||||
<div class="box">
|
<div class="box">
|
||||||
{{#if (eq this.onStep 1)}}
|
{{#if (eq this.onStep 1)}}
|
||||||
<Mfa::MfaSetupStepOne
|
<Mfa::MfaSetupStepOne
|
||||||
@entityId={{this.entityId}}
|
|
||||||
@isUUIDVerified={{this.isUUIDVerified}}
|
@isUUIDVerified={{this.isUUIDVerified}}
|
||||||
@restartFlow={{this.restartFlow}}
|
@restartFlow={{this.restartFlow}}
|
||||||
@saveUUIDandQrCode={{this.saveUUIDandQrCode}}
|
@saveUUIDandQrCode={{this.saveUUIDandQrCode}}
|
||||||
|
|
|
@ -50,10 +50,10 @@ module('Acceptance | mfa-setup', function (hooks) {
|
||||||
await click('[data-test-status-link="mfa"]');
|
await click('[data-test-status-link="mfa"]');
|
||||||
});
|
});
|
||||||
|
|
||||||
test('it should login through MFA and post to admin-generate and be able to restart the setup', async function (assert) {
|
test('it should login through MFA and post to generate and be able to restart the setup', async function (assert) {
|
||||||
assert.expect(5);
|
assert.expect(5);
|
||||||
// the network requests required in this test
|
// the network requests required in this test
|
||||||
this.server.post('/identity/mfa/method/totp/admin-generate', (scheme, req) => {
|
this.server.post('/identity/mfa/method/totp/generate', (scheme, req) => {
|
||||||
const json = JSON.parse(req.requestBody);
|
const json = JSON.parse(req.requestBody);
|
||||||
assert.strictEqual(json.method_id, '123', 'sends the UUID value');
|
assert.strictEqual(json.method_id, '123', 'sends the UUID value');
|
||||||
return {
|
return {
|
||||||
|
@ -82,7 +82,7 @@ module('Acceptance | mfa-setup', function (hooks) {
|
||||||
test('it should show a warning if you enter in the same UUID without restarting the setup', async function (assert) {
|
test('it should show a warning if you enter in the same UUID without restarting the setup', async function (assert) {
|
||||||
assert.expect(2);
|
assert.expect(2);
|
||||||
// the network requests required in this test
|
// the network requests required in this test
|
||||||
this.server.post('/identity/mfa/method/totp/admin-generate', () => {
|
this.server.post('/identity/mfa/method/totp/generate', () => {
|
||||||
return {
|
return {
|
||||||
data: null,
|
data: null,
|
||||||
warnings: ['Entity already has a secret for MFA method “”'],
|
warnings: ['Entity already has a secret for MFA method “”'],
|
||||||
|
|
Loading…
Reference in a new issue