OIDC Alternate Path Bug (#17661)

* adds error handling to auth-jwt component for missing roles and fixes bug where role wasn't being retained when using alternate oidc mount path at login

* fixes jwt login bug from auth mount tabs and adds test

* updates okta-number-challenge success value to arg in template

* adds changelog entry

* fixes issues logging in manually with jwt

* reverts mistaken change

ui/tests/integration/components/auth-jwt-test.js

@@ -50,7 +50,6 @@ const renderIt = async (context, path = 'jwt') => {
       @selectedAuthPath={{this.selectedAuthPath}}
       @onError={{action (mut this.error)}}
       @onLoading={{action (mut this.isLoading)}}
-      @onToken={{action (mut this.token)}}
       @onNamespace={{action (mut this.namespace)}}
       @onSelectedAuth={{action (mut this.selectedAuth)}}
       @onSubmit={{action this.handler}}
@@ -73,30 +72,19 @@ module('Integration | Component | auth jwt', function (hooks) {
         return [200, { 'Content-Type': 'application/json' }, JSON.stringify(OIDC_AUTH_RESPONSE)];
       });
       this.post('/v1/auth/:path/oidc/auth_url', (request) => {
-        let body = JSON.parse(request.requestBody);
-        if (body.role === 'test') {
+        const { role } = JSON.parse(request.requestBody);
+        if (['test', 'okta', 'bar'].includes(role)) {
+          const auth_url = role === 'test' ? 'http://example.com' : role === 'okta' ? 'http://okta.com' : '';
           return [
             200,
             { 'Content-Type': 'application/json' },
             JSON.stringify({
-              data: {
-                auth_url: 'http://example.com',
-              },
+              data: { auth_url },
             }),
           ];
         }
-        if (body.role === 'okta') {
-          return [
-            200,
-            { 'Content-Type': 'application/json' },
-            JSON.stringify({
-              data: {
-                auth_url: 'http://okta.com',
-              },
-            }),
-          ];
-        }
-        return [400, { 'Content-Type': 'application/json' }, JSON.stringify({ errors: [ERROR_JWT_LOGIN] })];
+        const errors = role === 'foo' ? ['role "foo" could not be found'] : [ERROR_JWT_LOGIN];
+        return [400, { 'Content-Type': 'application/json' }, JSON.stringify({ errors })];
       });
     });
   });
@@ -209,8 +197,7 @@ module('Integration | Component | auth jwt', function (hooks) {
     });
     this.window.trigger('message', buildMessage());
     await settled();
-    assert.strictEqual(this.token, 'token', 'calls onToken with token');
-    assert.ok(this.handler.calledOnce, 'calls the onSubmit handler');
+    assert.ok(this.handler.withArgs(null, null, 'token').calledOnce, 'calls the onSubmit handler with token');
   });
 
   test('oidc: fails silently when event origin does not match window origin', async function (assert) {
@@ -240,4 +227,26 @@ module('Integration | Component | auth jwt', function (hooks) {
     await settled();
     assert.notOk(this.handler.called, 'should not call the submit handler');
   });
+
+  test('oidc: it should trigger error callback when role is not found', async function (assert) {
+    await renderIt(this, 'oidc');
+    await component.role('foo');
+    await component.login();
+    assert.strictEqual(
+      this.error,
+      'Invalid role. Please try again.',
+      'Error message is returned when role is not found'
+    );
+  });
+
+  test('oidc: it should trigger error callback when role is returned without auth_url', async function (assert) {
+    await renderIt(this, 'oidc');
+    await component.role('bar');
+    await component.login();
+    assert.strictEqual(
+      this.error,
+      'Missing auth_url. Please check that allowed_redirect_uris for the role include this mount path.',
+      'Error message is returned when role is returned without auth_url'
+    );
+  });
 });