diff --git a/changelog/14916.txt b/changelog/14916.txt new file mode 100644 index 000000000..d61065a8d --- /dev/null +++ b/changelog/14916.txt @@ -0,0 +1,3 @@ +```release-note:bug +ui: Fixes issue logging in with OIDC from a listed auth mounts tab +``` \ No newline at end of file diff --git a/ui/app/components/auth-form.js b/ui/app/components/auth-form.js index 490711636..8497d76ff 100644 --- a/ui/app/components/auth-form.js +++ b/ui/app/components/auth-form.js @@ -117,7 +117,8 @@ export default Component.extend(DEFAULTS, { if (!methods && !wrappedToken) { return {}; } - if (keyIsPath) { + // if type is provided we can ignore path since we are attempting to lookup a specific backend by type + if (keyIsPath && !type) { return methods.findBy('path', selected); } return BACKENDS.findBy('type', selected); @@ -227,7 +228,7 @@ export default Component.extend(DEFAULTS, { }); this.onSuccess(authResponse, backendType, data); } catch (e) { - this.set('loading', false); + this.set('isLoading', false); if (!this.auth.mfaError) { this.set('error', `Authentication failed: ${this.auth.handleError(e)}`); } @@ -260,7 +261,7 @@ export default Component.extend(DEFAULTS, { error: null, }); // if callback from oidc or jwt we have a token at this point - let backend = ['oidc', 'jwt'].includes(this.selectedAuth) + let backend = ['oidc', 'jwt'].includes(this.providerName) ? this.getAuthBackend('token') : this.selectedAuthBackend || {}; let backendMeta = BACKENDS.find( @@ -279,7 +280,7 @@ export default Component.extend(DEFAULTS, { }, handleError(e) { this.setProperties({ - loading: false, + isLoading: false, error: e ? this.auth.handleError(e) : null, }); }, diff --git a/ui/app/components/auth-jwt.js b/ui/app/components/auth-jwt.js index 6d200fd74..f5ae2a44f 100644 --- a/ui/app/components/auth-jwt.js +++ b/ui/app/components/auth-jwt.js @@ -178,8 +178,14 @@ export default Component.extend({ if (!this.isOIDC || !this.role || !this.role.authUrl) { return; } - - await this.fetchRole.perform(this.roleName, { debounce: false }); + try { + await this.fetchRole.perform(this.roleName, { debounce: false }); + } catch (error) { + // this task could be cancelled if the instances in didReceiveAttrs resolve after this was started + if (error?.name !== 'TaskCancelation') { + throw error; + } + } let win = this.getWindow(); const POPUP_WIDTH = 500; diff --git a/ui/tests/acceptance/logout-auth-method-test.js b/ui/tests/acceptance/logout-auth-method-test.js deleted file mode 100644 index 03a6ac85f..000000000 --- a/ui/tests/acceptance/logout-auth-method-test.js +++ /dev/null @@ -1,43 +0,0 @@ -import { module, test } from 'qunit'; -import { setupApplicationTest } from 'ember-qunit'; -import { click, visit, fillIn } from '@ember/test-helpers'; -import { setupMirage } from 'ember-cli-mirage/test-support'; -import { fakeWindow, buildMessage } from '../helpers/oidc-window-stub'; -import sinon from 'sinon'; -import { later, _cancelTimers as cancelTimers } from '@ember/runloop'; - -module('Acceptance | logout auth method', function (hooks) { - setupApplicationTest(hooks); - setupMirage(hooks); - - hooks.beforeEach(function () { - this.openStub = sinon.stub(window, 'open').callsFake(() => fakeWindow.create()); - }); - hooks.afterEach(function () { - this.openStub.restore(); - }); - - // coverage for bug where token was selected as auth method for oidc and jwt - test('it should populate oidc auth method on logout', async function (assert) { - this.server.post('/auth/oidc/oidc/auth_url', () => ({ - data: { auth_url: 'http://example.com' }, - })); - this.server.get('/auth/foo/oidc/callback', () => ({ - auth: { client_token: 'root' }, - })); - // ensure clean state - sessionStorage.removeItem('selectedAuth'); - await visit('/vault/auth'); - await fillIn('[data-test-select="auth-method"]', 'oidc'); - later(() => { - window.postMessage(buildMessage().data, window.origin); - cancelTimers(); - }, 50); - await click('[data-test-auth-submit]'); - await click('.nav-user-button button'); - await click('#logout'); - assert - .dom('[data-test-select="auth-method"]') - .hasValue('oidc', 'Previous auth method selected on logout'); - }); -}); diff --git a/ui/tests/acceptance/oidc-auth-method-test.js b/ui/tests/acceptance/oidc-auth-method-test.js new file mode 100644 index 000000000..d90304f36 --- /dev/null +++ b/ui/tests/acceptance/oidc-auth-method-test.js @@ -0,0 +1,91 @@ +import { module, test } from 'qunit'; +import { setupApplicationTest } from 'ember-qunit'; +import { click, visit, fillIn } from '@ember/test-helpers'; +import { setupMirage } from 'ember-cli-mirage/test-support'; +import { fakeWindow, buildMessage } from '../helpers/oidc-window-stub'; +import sinon from 'sinon'; +import { later, _cancelTimers as cancelTimers } from '@ember/runloop'; + +module('Acceptance | oidc auth method', function (hooks) { + setupApplicationTest(hooks); + setupMirage(hooks); + + hooks.beforeEach(function () { + this.openStub = sinon.stub(window, 'open').callsFake(() => fakeWindow.create()); + this.server.post('/auth/oidc/oidc/auth_url', () => ({ + data: { auth_url: 'http://example.com' }, + })); + this.server.get('/auth/foo/oidc/callback', () => ({ + auth: { client_token: 'root' }, + })); + // ensure clean state + sessionStorage.removeItem('selectedAuth'); + }); + hooks.afterEach(function () { + this.openStub.restore(); + }); + + const login = async (select) => { + await visit('/vault/auth'); + // select from dropdown or click auth path tab + if (select) { + await fillIn('[data-test-select="auth-method"]', 'oidc'); + } else { + await click('[data-test-auth-method-link="oidc"]'); + } + later(() => { + window.postMessage(buildMessage().data, window.origin); + cancelTimers(); + }, 50); + await click('[data-test-auth-submit]'); + }; + + test('it should login with oidc when selected from auth methods dropdown', async function (assert) { + assert.expect(1); + + this.server.get('/auth/token/lookup-self', (schema, req) => { + assert.ok(true, 'request made to auth/token/lookup-self after oidc callback'); + req.passthrough(); + }); + + await login(true); + }); + + test('it should login with oidc from listed auth mount tab', async function (assert) { + assert.expect(2); + + this.server.get('/sys/internal/ui/mounts', () => ({ + data: { + auth: { + 'test-path/': { description: '', options: {}, type: 'oidc' }, + }, + }, + })); + let didAssert; + this.server.post('/auth/test-path/oidc/auth_url', () => { + // request may be fired more than once -- we are only concerned if the endpoint is hit, not how many times + if (!didAssert) { + assert.ok(true, 'auth_url request made to correct non-standard mount path'); + didAssert = true; + } + return { data: { auth_url: 'http://example.com' } }; + }); + // there was a bug that would result in the /auth/:path/login endpoint hit with an empty payload rather than lookup-self + // ensure that the correct endpoint is hit after the oidc callback + this.server.get('/auth/token/lookup-self', (schema, req) => { + assert.ok(true, 'request made to auth/token/lookup-self after oidc callback'); + req.passthrough(); + }); + await login(); + }); + + // coverage for bug where token was selected as auth method for oidc and jwt + test('it should populate oidc auth method on logout', async function (assert) { + await login(true); + await click('.nav-user-button button'); + await click('#logout'); + assert + .dom('[data-test-select="auth-method"]') + .hasValue('oidc', 'Previous auth method selected on logout'); + }); +});