scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-11-04 04:28:08 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
jira-sync-workflow-dispatch
vault/ui/tests/acceptance/oidc-auth-method-test.js
Jordan Reimer 17eaac32c7 OIDC/JWT Role Fetch Error Handling Updates (#23908) 
* updates oidc/jwt role fetch error handling

* adds changelog entry
2023-11-03 09:05:50 -06:00

156 lines
5.7 KiB
JavaScript
Raw Permalink Blame History

/**
* Copyright (c) HashiCorp, Inc.
* SPDX-License-Identifier: BUSL-1.1
*/
import { module, test } from 'qunit';
import { setupApplicationTest } from 'ember-qunit';
import { click, fillIn, find, waitUntil } from '@ember/test-helpers';
import authPage from 'vault/tests/pages/auth';
import { setupMirage } from 'ember-cli-mirage/test-support';
import { fakeWindow, buildMessage } from '../helpers/oidc-window-stub';
import sinon from 'sinon';
import { later, _cancelTimers as cancelTimers } from '@ember/runloop';
import { Response } from 'miragejs';
module('Acceptance | oidc auth method', function (hooks) {
setupApplicationTest(hooks);
setupMirage(hooks);
hooks.beforeEach(function () {
this.openStub = sinon.stub(window, 'open').callsFake(() => fakeWindow.create());
this.setupMocks = (assert) => {
this.server.post('/auth/oidc/oidc/auth_url', () => ({
data: { auth_url: 'http://example.com' },
}));
// there was a bug that would result in the /auth/:path/login endpoint hit with an empty payload rather than lookup-self
// ensure that the correct endpoint is hit after the oidc callback
if (assert) {
this.server.get('/auth/token/lookup-self', (schema, req) => {
assert.ok(true, 'request made to auth/token/lookup-self after oidc callback');
req.passthrough();
});
}
};
this.server.get('/auth/foo/oidc/callback', () => ({
auth: { client_token: 'root' },
}));
// select method from dropdown or click auth path tab
this.selectMethod = async (method, useLink) => {
const methodSelector = useLink
? `[data-test-auth-method-link="${method}"]`
: '[data-test-select="auth-method"]';
await waitUntil(() => find(methodSelector));
if (useLink) {
await click(`[data-test-auth-method-link="${method}"]`);
} else {
await fillIn('[data-test-select="auth-method"]', method);
}
};
// ensure clean state
localStorage.removeItem('selectedAuth');
authPage.logout();
});
hooks.afterEach(function () {
this.openStub.restore();
});
test('it should login with oidc when selected from auth methods dropdown', async function (assert) {
assert.expect(1);
this.setupMocks(assert);
await this.selectMethod('oidc');
later(() => {
window.postMessage(buildMessage().data, window.origin);
cancelTimers();
}, 50);
await click('[data-test-auth-submit]');
});
test('it should login with oidc from listed auth mount tab', async function (assert) {
assert.expect(3);
this.setupMocks(assert);
this.server.get('/sys/internal/ui/mounts', () => ({
data: {
auth: {
'test-path/': { description: '', options: {}, type: 'oidc' },
},
},
}));
// this request is fired twice -- total assertion count should be 3 rather than 2
// JLR TODO - auth-jwt: verify whether additional request is necessary, especially when glimmerizing component
// look into whether didReceiveAttrs is necessary to trigger this request
this.server.post('/auth/test-path/oidc/auth_url', () => {
assert.ok(true, 'auth_url request made to correct non-standard mount path');
return { data: { auth_url: 'http://example.com' } };
});
await this.selectMethod('oidc', true);
later(() => {
window.postMessage(buildMessage().data, window.origin);
cancelTimers();
}, 50);
await click('[data-test-auth-submit]');
});
// coverage for bug where token was selected as auth method for oidc and jwt
test('it should populate oidc auth method on logout', async function (assert) {
this.setupMocks();
await this.selectMethod('oidc');
later(() => {
window.postMessage(buildMessage().data, window.origin);
cancelTimers();
}, 50);
await click('[data-test-auth-submit]');
await waitUntil(() => find('[data-test-user-menu-trigger]'));
await click('[data-test-user-menu-trigger]');
await click('#logout');
assert
.dom('[data-test-select="auth-method"]')
.hasValue('oidc', 'Previous auth method selected on logout');
});
test('it should fetch role when switching between oidc/jwt auth methods and changing the mount path', async function (assert) {
let reqCount = 0;
this.server.post('/auth/:method/oidc/auth_url', (schema, req) => {
reqCount++;
const errors =
req.params.method === 'jwt' ? ['OIDC login is not configured for this mount'] : ['missing role'];
return new Response(400, {}, { errors });
});
await this.selectMethod('oidc');
assert.dom('[data-test-jwt]').doesNotExist('JWT Token input hidden for OIDC');
await this.selectMethod('jwt');
assert.dom('[data-test-jwt]').exists('JWT Token input renders for JWT configured method');
await click('[data-test-auth-form-options-toggle]');
await fillIn('[data-test-auth-form-mount-path]', 'foo');
assert.strictEqual(reqCount, 3, 'Role is fetched when dependant values are changed');
});
test('it should display role fetch errors when signing in with OIDC', async function (assert) {
this.server.post('/auth/:method/oidc/auth_url', (schema, req) => {
const { role } = JSON.parse(req.requestBody);
const status = role ? 403 : 400;
const errors = role ? ['permission denied'] : ['missing role'];
return new Response(status, {}, { errors });
});
await this.selectMethod('oidc');
await click('[data-test-auth-submit]');
assert.dom('[data-test-message-error-description]').hasText('Invalid role. Please try again.');
await fillIn('[data-test-role]', 'test');
await click('[data-test-auth-submit]');
assert.dom('[data-test-message-error-description]').hasText('Error fetching role: permission denied');
});
});
Reference in New Issue View Git Blame Copy Permalink