OIDC Login Bug (#14916)
* fixes issue logging in with oidc from listed auth path tab * adds changelog entry * adds more tests for oidc auth workflow * updates oidc auth method test to use non-standard path
This commit is contained in:
parent
2f7635efe3
commit
4b48fefc53
|
@ -0,0 +1,3 @@
|
|||
```release-note:bug
|
||||
ui: Fixes issue logging in with OIDC from a listed auth mounts tab
|
||||
```
|
|
@ -117,7 +117,8 @@ export default Component.extend(DEFAULTS, {
|
|||
if (!methods && !wrappedToken) {
|
||||
return {};
|
||||
}
|
||||
if (keyIsPath) {
|
||||
// if type is provided we can ignore path since we are attempting to lookup a specific backend by type
|
||||
if (keyIsPath && !type) {
|
||||
return methods.findBy('path', selected);
|
||||
}
|
||||
return BACKENDS.findBy('type', selected);
|
||||
|
@ -227,7 +228,7 @@ export default Component.extend(DEFAULTS, {
|
|||
});
|
||||
this.onSuccess(authResponse, backendType, data);
|
||||
} catch (e) {
|
||||
this.set('loading', false);
|
||||
this.set('isLoading', false);
|
||||
if (!this.auth.mfaError) {
|
||||
this.set('error', `Authentication failed: ${this.auth.handleError(e)}`);
|
||||
}
|
||||
|
@ -260,7 +261,7 @@ export default Component.extend(DEFAULTS, {
|
|||
error: null,
|
||||
});
|
||||
// if callback from oidc or jwt we have a token at this point
|
||||
let backend = ['oidc', 'jwt'].includes(this.selectedAuth)
|
||||
let backend = ['oidc', 'jwt'].includes(this.providerName)
|
||||
? this.getAuthBackend('token')
|
||||
: this.selectedAuthBackend || {};
|
||||
let backendMeta = BACKENDS.find(
|
||||
|
@ -279,7 +280,7 @@ export default Component.extend(DEFAULTS, {
|
|||
},
|
||||
handleError(e) {
|
||||
this.setProperties({
|
||||
loading: false,
|
||||
isLoading: false,
|
||||
error: e ? this.auth.handleError(e) : null,
|
||||
});
|
||||
},
|
||||
|
|
|
@ -178,8 +178,14 @@ export default Component.extend({
|
|||
if (!this.isOIDC || !this.role || !this.role.authUrl) {
|
||||
return;
|
||||
}
|
||||
|
||||
try {
|
||||
await this.fetchRole.perform(this.roleName, { debounce: false });
|
||||
} catch (error) {
|
||||
// this task could be cancelled if the instances in didReceiveAttrs resolve after this was started
|
||||
if (error?.name !== 'TaskCancelation') {
|
||||
throw error;
|
||||
}
|
||||
}
|
||||
let win = this.getWindow();
|
||||
|
||||
const POPUP_WIDTH = 500;
|
||||
|
|
|
@ -1,43 +0,0 @@
|
|||
import { module, test } from 'qunit';
|
||||
import { setupApplicationTest } from 'ember-qunit';
|
||||
import { click, visit, fillIn } from '@ember/test-helpers';
|
||||
import { setupMirage } from 'ember-cli-mirage/test-support';
|
||||
import { fakeWindow, buildMessage } from '../helpers/oidc-window-stub';
|
||||
import sinon from 'sinon';
|
||||
import { later, _cancelTimers as cancelTimers } from '@ember/runloop';
|
||||
|
||||
module('Acceptance | logout auth method', function (hooks) {
|
||||
setupApplicationTest(hooks);
|
||||
setupMirage(hooks);
|
||||
|
||||
hooks.beforeEach(function () {
|
||||
this.openStub = sinon.stub(window, 'open').callsFake(() => fakeWindow.create());
|
||||
});
|
||||
hooks.afterEach(function () {
|
||||
this.openStub.restore();
|
||||
});
|
||||
|
||||
// coverage for bug where token was selected as auth method for oidc and jwt
|
||||
test('it should populate oidc auth method on logout', async function (assert) {
|
||||
this.server.post('/auth/oidc/oidc/auth_url', () => ({
|
||||
data: { auth_url: 'http://example.com' },
|
||||
}));
|
||||
this.server.get('/auth/foo/oidc/callback', () => ({
|
||||
auth: { client_token: 'root' },
|
||||
}));
|
||||
// ensure clean state
|
||||
sessionStorage.removeItem('selectedAuth');
|
||||
await visit('/vault/auth');
|
||||
await fillIn('[data-test-select="auth-method"]', 'oidc');
|
||||
later(() => {
|
||||
window.postMessage(buildMessage().data, window.origin);
|
||||
cancelTimers();
|
||||
}, 50);
|
||||
await click('[data-test-auth-submit]');
|
||||
await click('.nav-user-button button');
|
||||
await click('#logout');
|
||||
assert
|
||||
.dom('[data-test-select="auth-method"]')
|
||||
.hasValue('oidc', 'Previous auth method selected on logout');
|
||||
});
|
||||
});
|
|
@ -0,0 +1,91 @@
|
|||
import { module, test } from 'qunit';
|
||||
import { setupApplicationTest } from 'ember-qunit';
|
||||
import { click, visit, fillIn } from '@ember/test-helpers';
|
||||
import { setupMirage } from 'ember-cli-mirage/test-support';
|
||||
import { fakeWindow, buildMessage } from '../helpers/oidc-window-stub';
|
||||
import sinon from 'sinon';
|
||||
import { later, _cancelTimers as cancelTimers } from '@ember/runloop';
|
||||
|
||||
module('Acceptance | oidc auth method', function (hooks) {
|
||||
setupApplicationTest(hooks);
|
||||
setupMirage(hooks);
|
||||
|
||||
hooks.beforeEach(function () {
|
||||
this.openStub = sinon.stub(window, 'open').callsFake(() => fakeWindow.create());
|
||||
this.server.post('/auth/oidc/oidc/auth_url', () => ({
|
||||
data: { auth_url: 'http://example.com' },
|
||||
}));
|
||||
this.server.get('/auth/foo/oidc/callback', () => ({
|
||||
auth: { client_token: 'root' },
|
||||
}));
|
||||
// ensure clean state
|
||||
sessionStorage.removeItem('selectedAuth');
|
||||
});
|
||||
hooks.afterEach(function () {
|
||||
this.openStub.restore();
|
||||
});
|
||||
|
||||
const login = async (select) => {
|
||||
await visit('/vault/auth');
|
||||
// select from dropdown or click auth path tab
|
||||
if (select) {
|
||||
await fillIn('[data-test-select="auth-method"]', 'oidc');
|
||||
} else {
|
||||
await click('[data-test-auth-method-link="oidc"]');
|
||||
}
|
||||
later(() => {
|
||||
window.postMessage(buildMessage().data, window.origin);
|
||||
cancelTimers();
|
||||
}, 50);
|
||||
await click('[data-test-auth-submit]');
|
||||
};
|
||||
|
||||
test('it should login with oidc when selected from auth methods dropdown', async function (assert) {
|
||||
assert.expect(1);
|
||||
|
||||
this.server.get('/auth/token/lookup-self', (schema, req) => {
|
||||
assert.ok(true, 'request made to auth/token/lookup-self after oidc callback');
|
||||
req.passthrough();
|
||||
});
|
||||
|
||||
await login(true);
|
||||
});
|
||||
|
||||
test('it should login with oidc from listed auth mount tab', async function (assert) {
|
||||
assert.expect(2);
|
||||
|
||||
this.server.get('/sys/internal/ui/mounts', () => ({
|
||||
data: {
|
||||
auth: {
|
||||
'test-path/': { description: '', options: {}, type: 'oidc' },
|
||||
},
|
||||
},
|
||||
}));
|
||||
let didAssert;
|
||||
this.server.post('/auth/test-path/oidc/auth_url', () => {
|
||||
// request may be fired more than once -- we are only concerned if the endpoint is hit, not how many times
|
||||
if (!didAssert) {
|
||||
assert.ok(true, 'auth_url request made to correct non-standard mount path');
|
||||
didAssert = true;
|
||||
}
|
||||
return { data: { auth_url: 'http://example.com' } };
|
||||
});
|
||||
// there was a bug that would result in the /auth/:path/login endpoint hit with an empty payload rather than lookup-self
|
||||
// ensure that the correct endpoint is hit after the oidc callback
|
||||
this.server.get('/auth/token/lookup-self', (schema, req) => {
|
||||
assert.ok(true, 'request made to auth/token/lookup-self after oidc callback');
|
||||
req.passthrough();
|
||||
});
|
||||
await login();
|
||||
});
|
||||
|
||||
// coverage for bug where token was selected as auth method for oidc and jwt
|
||||
test('it should populate oidc auth method on logout', async function (assert) {
|
||||
await login(true);
|
||||
await click('.nav-user-button button');
|
||||
await click('#logout');
|
||||
assert
|
||||
.dom('[data-test-select="auth-method"]')
|
||||
.hasValue('oidc', 'Previous auth method selected on logout');
|
||||
});
|
||||
});
|
Loading…
Reference in New Issue