Use generate endpoint instead of admin-generate during MFA setup (#17932)

* fixes: #17113: Make MFA setup wizard call token based generate endpoint * add changelog for #17932 * cleanup: bring back .gitkeep * re trigger ci jobs
2022-11-23 00:05:30 +01:00 · 2022-11-23 00:05:30 +01:00 · 474482210f
parent 4129f8a5d0
commit 474482210f
5 changed files with 11 additions and 10 deletions
--- a/changelog/17932.txt
+++ b/changelog/17932.txt
@ -0,0 +1,3 @@
 ```release-note:bug:
 UI: Fix "MFA-Setup permission denied error" by using user-token specific MFA generate endpoint instead of admin-generate
 ```
--- a/ui/app/adapters/mfa-setup.js
+++ b/ui/app/adapters/mfa-setup.js
@ -1,8 +1,8 @@
 import ApplicationAdapter from './application';
 export default class MfaSetupAdapter extends ApplicationAdapter {
-  adminGenerate(data) {
+  currentTokenGenerate(data) {
-    const url = `/v1/identity/mfa/method/totp/admin-generate`;
+    const url = `/v1/identity/mfa/method/totp/generate`;
    return this.ajax(url, 'POST', { data });
  }
--- a/ui/app/components/mfa/mfa-setup-step-one.js
+++ b/ui/app/components/mfa/mfa-setup-step-one.js
@ -29,7 +29,7 @@ export default class MfaSetupStepOne extends Component {
  @action
  async verifyUUID(evt) {
    evt.preventDefault();
-    const response = await this.postAdminGenerate();
+    const response = await this.postCurrentTokenGenerate();
    if (response === 'stop_progress') {
      this.args.isUUIDVerified(false);
@ -40,15 +40,14 @@ export default class MfaSetupStepOne extends Component {
    }
  }
-  async postAdminGenerate() {
+  async postCurrentTokenGenerate() {
    this.error = '';
    this.warning = '';
    const adapter = this.store.adapterFor('mfa-setup');
    let response;
    try {
-      response = await adapter.adminGenerate({
+      response = await adapter.currentTokenGenerate({
        entity_id: this.args.entityId,
        method_id: this.UUID, // comes from value on the input
      });
      this.args.saveUUIDandQrCode(this.UUID, response.data?.url);
--- a/ui/app/templates/vault/cluster/mfa-setup.hbs
+++ b/ui/app/templates/vault/cluster/mfa-setup.hbs
@ -7,7 +7,6 @@
      <div class="box">
        {{#if (eq this.onStep 1)}}
          <Mfa::MfaSetupStepOne
            @entityId={{this.entityId}}
            @isUUIDVerified={{this.isUUIDVerified}}
            @restartFlow={{this.restartFlow}}
            @saveUUIDandQrCode={{this.saveUUIDandQrCode}}
--- a/ui/tests/acceptance/mfa-setup-test.js
+++ b/ui/tests/acceptance/mfa-setup-test.js
@ -50,10 +50,10 @@ module('Acceptance | mfa-setup', function (hooks) {
    await click('[data-test-status-link="mfa"]');
  });
-  test('it should login through MFA and post to admin-generate and be able to restart the setup', async function (assert) {
+  test('it should login through MFA and post to generate and be able to restart the setup', async function (assert) {
    assert.expect(5);
    // the network requests required in this test
-    this.server.post('/identity/mfa/method/totp/admin-generate', (scheme, req) => {
+    this.server.post('/identity/mfa/method/totp/generate', (scheme, req) => {
      const json = JSON.parse(req.requestBody);
      assert.strictEqual(json.method_id, '123', 'sends the UUID value');
      return {
@ -82,7 +82,7 @@ module('Acceptance | mfa-setup', function (hooks) {
  test('it should show a warning if you enter in the same UUID without restarting the setup', async function (assert) {
    assert.expect(2);
    // the network requests required in this test
-    this.server.post('/identity/mfa/method/totp/admin-generate', () => {
+    this.server.post('/identity/mfa/method/totp/generate', () => {
      return {
        data: null,
        warnings: ['Entity already has a secret for MFA method “”'],