scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-10-29 09:42:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

UI: remove renew self call after login (#28204)

Browse Source 
* check for renewAfterEpoch before comparing it

* add test coverage for regression

* add comment. Fixes VAULT-4630

* throw error

* add changelog
This commit is contained in:
Chelsea Shaw
2024-08-28 10:05:29 -05:00
committed by GitHub
parent de0c724d72
commit 872f31fa1d
4 changed files with 22 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
changelog/28204.txt Normal file
View File

@@ -0,0 +1,3 @@
```release-note:bug
ui: fixes renew-self being called right after login for non-renewable tokens
```

2
ui/app/components/auth-jwt.js
View File

@@ -87,6 +87,8 @@ export default Component.extend({
this.onError(err); this.onError(err);
}, },
// NOTE TO DEVS: Be careful when updating the OIDC flow and ensure the updates
// work with implicit flow. See issue https://github.com/hashicorp/vault-plugin-auth-jwt/pull/192
prepareForOIDC: task(function* (oidcWindow) { prepareForOIDC: task(function* (oidcWindow) {
const thisWindow = this.getWindow(); const thisWindow = this.getWindow();
// show the loading animation in the parent // show the loading animation in the parent

2
ui/app/services/auth.js
View File

@@ -390,7 +390,7 @@ export default Service.extend({
const now = this.now(); const now = this.now();
this.set('lastFetch', timestamp); this.set('lastFetch', timestamp);
// if expiration was allowed and we're over half the ttl we want to go ahead and renew here // if expiration was allowed and we're over half the ttl we want to go ahead and renew here
if (this.allowExpiration && now >= this.renewAfterEpoch) { if (this.allowExpiration && this.renewAfterEpoch && now >= this.renewAfterEpoch) {
this.renew(); this.renew();
} }
this.set('allowExpiration', false); this.set('allowExpiration', false);

17
ui/tests/acceptance/auth-test.js
View File

@@ -6,8 +6,9 @@
import { module, test } from 'qunit'; import { module, test } from 'qunit';
import { setupApplicationTest } from 'ember-qunit'; import { setupApplicationTest } from 'ember-qunit';
import { click, currentURL, visit, waitUntil, find, fillIn } from '@ember/test-helpers'; import { click, currentURL, visit, waitUntil, find, fillIn } from '@ember/test-helpers';
import { allSupportedAuthBackends, supportedAuthBackends } from 'vault/helpers/supported-auth-backends';
import { setupMirage } from 'ember-cli-mirage/test-support'; import { setupMirage } from 'ember-cli-mirage/test-support';
import { allSupportedAuthBackends, supportedAuthBackends } from 'vault/helpers/supported-auth-backends';
import VAULT_KEYS from 'vault/tests/helpers/vault-keys';
const AUTH_FORM = { const AUTH_FORM = {
method: '[data-test-select=auth-method]', method: '[data-test-select=auth-method]',
@@ -15,6 +16,7 @@ const AUTH_FORM = {
login: '[data-test-auth-submit]', login: '[data-test-auth-submit]',
}; };
const ENT_AUTH_METHODS = ['saml']; const ENT_AUTH_METHODS = ['saml'];
const { rootToken } = VAULT_KEYS;
module('Acceptance | auth', function (hooks) { module('Acceptance | auth', function (hooks) {
setupApplicationTest(hooks); setupApplicationTest(hooks);
@@ -193,4 +195,17 @@ module('Acceptance | auth', function (hooks) {
await fillIn(AUTH_FORM.method, 'token'); await fillIn(AUTH_FORM.method, 'token');
await click('[data-test-auth-submit]'); await click('[data-test-auth-submit]');
}); });
test('it does not call renew-self after successful login with non-renewable token', async function (assert) {
this.server.post(
'/auth/token/renew-self',
() => new Error('should not call renew-self directly after logging in')
);
await visit('/vault/auth');
await fillIn(AUTH_FORM.method, 'token');
await fillIn(AUTH_FORM.token, rootToken);
await click('[data-test-auth-submit]');
assert.strictEqual(currentURL(), '/vault/dashboard');
});
}); });