From 77bad06db9a7060b45f477644dc10bcf638f4d39 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Florian=20B=C3=BCrgi?= Date: Wed, 23 Nov 2022 00:05:30 +0100 Subject: [PATCH] Use generate endpoint instead of admin-generate during MFA setup (#17932) * fixes: #17113: Make MFA setup wizard call token based generate endpoint * add changelog for #17932 * cleanup: bring back .gitkeep * re trigger ci jobs --- changelog/17932.txt | 3 +++ ui/app/adapters/mfa-setup.js | 4 ++-- ui/app/components/mfa/mfa-setup-step-one.js | 7 +++---- ui/app/templates/vault/cluster/mfa-setup.hbs | 1 - ui/tests/acceptance/mfa-setup-test.js | 6 +++--- 5 files changed, 11 insertions(+), 10 deletions(-) create mode 100644 changelog/17932.txt diff --git a/changelog/17932.txt b/changelog/17932.txt new file mode 100644 index 0000000000..09dd01c1b7 --- /dev/null +++ b/changelog/17932.txt @@ -0,0 +1,3 @@ +```release-note:bug: +UI: Fix "MFA-Setup permission denied error" by using user-token specific MFA generate endpoint instead of admin-generate +``` diff --git a/ui/app/adapters/mfa-setup.js b/ui/app/adapters/mfa-setup.js index 806249a88a..5e39390c9e 100644 --- a/ui/app/adapters/mfa-setup.js +++ b/ui/app/adapters/mfa-setup.js @@ -1,8 +1,8 @@ import ApplicationAdapter from './application'; export default class MfaSetupAdapter extends ApplicationAdapter { - adminGenerate(data) { - const url = `/v1/identity/mfa/method/totp/admin-generate`; + currentTokenGenerate(data) { + const url = `/v1/identity/mfa/method/totp/generate`; return this.ajax(url, 'POST', { data }); } diff --git a/ui/app/components/mfa/mfa-setup-step-one.js b/ui/app/components/mfa/mfa-setup-step-one.js index f94807c8f1..dfdafdb031 100644 --- a/ui/app/components/mfa/mfa-setup-step-one.js +++ b/ui/app/components/mfa/mfa-setup-step-one.js @@ -29,7 +29,7 @@ export default class MfaSetupStepOne extends Component { @action async verifyUUID(evt) { evt.preventDefault(); - const response = await this.postAdminGenerate(); + const response = await this.postCurrentTokenGenerate(); if (response === 'stop_progress') { this.args.isUUIDVerified(false); @@ -40,15 +40,14 @@ export default class MfaSetupStepOne extends Component { } } - async postAdminGenerate() { + async postCurrentTokenGenerate() { this.error = ''; this.warning = ''; const adapter = this.store.adapterFor('mfa-setup'); let response; try { - response = await adapter.adminGenerate({ - entity_id: this.args.entityId, + response = await adapter.currentTokenGenerate({ method_id: this.UUID, // comes from value on the input }); this.args.saveUUIDandQrCode(this.UUID, response.data?.url); diff --git a/ui/app/templates/vault/cluster/mfa-setup.hbs b/ui/app/templates/vault/cluster/mfa-setup.hbs index a0ca099337..b885a998f1 100644 --- a/ui/app/templates/vault/cluster/mfa-setup.hbs +++ b/ui/app/templates/vault/cluster/mfa-setup.hbs @@ -7,7 +7,6 @@
{{#if (eq this.onStep 1)}} { + this.server.post('/identity/mfa/method/totp/generate', (scheme, req) => { const json = JSON.parse(req.requestBody); assert.strictEqual(json.method_id, '123', 'sends the UUID value'); return { @@ -82,7 +82,7 @@ module('Acceptance | mfa-setup', function (hooks) { test('it should show a warning if you enter in the same UUID without restarting the setup', async function (assert) { assert.expect(2); // the network requests required in this test - this.server.post('/identity/mfa/method/totp/admin-generate', () => { + this.server.post('/identity/mfa/method/totp/generate', () => { return { data: null, warnings: ['Entity already has a secret for MFA method “”'],