From 109ff8d77d43d13a59618ef41a526c0670a77d94 Mon Sep 17 00:00:00 2001
From: Vault Automation <github-team-secure-vault-core@hashicorp.com>
Date: Thu, 2 Oct 2025 13:14:09 -0400
Subject: [PATCH] [Bugfix][UI]: Fix auth method disable bug (#9773) (#9790)

* Fix auth method disable bug

* Add acceptance tests

* Use api parseError helper

Co-authored-by: Kianna <30884335+kiannaquach@users.noreply.github.com>
---
 ui/app/controllers/vault/cluster/access/methods.js | 10 ++++++----
 ui/app/templates/vault/cluster/access/methods.hbs  |  6 +++++-
 ui/tests/acceptance/access/methods-test.js         | 13 +++++++++++++
 3 files changed, 24 insertions(+), 5 deletions(-)

diff --git a/ui/app/controllers/vault/cluster/access/methods.js b/ui/app/controllers/vault/cluster/access/methods.js
index d73bb3fe85..43cc99e378 100644
--- a/ui/app/controllers/vault/cluster/access/methods.js
+++ b/ui/app/controllers/vault/cluster/access/methods.js
@@ -12,6 +12,8 @@ import sortObjects from 'vault/utils/sort-objects';
 
 export default class VaultClusterAccessMethodsController extends Controller {
   @service flashMessages;
+  @service api;
+  @service router;
 
   @tracked authMethodOptions = [];
   @tracked selectedAuthType = null;
@@ -78,12 +80,12 @@ export default class VaultClusterAccessMethodsController extends Controller {
   *disableMethod(method) {
     const { type, path } = method;
     try {
-      yield method.destroyRecord();
+      yield this.api.sys.authDisableMethod(path);
       this.flashMessages.success(`The ${type} Auth Method at ${path} has been disabled.`);
+      this.router.transitionTo('vault.cluster.access.methods');
     } catch (err) {
-      this.flashMessages.danger(
-        `There was an error disabling Auth Method at ${path}: ${err.errors.join(' ')}.`
-      );
+      const { message } = yield this.api.parseError(err);
+      this.flashMessages.danger(`There was an error disabling Auth Method at ${path}: ${message}.`);
     } finally {
       this.methodToDisable = null;
     }
diff --git a/ui/app/templates/vault/cluster/access/methods.hbs b/ui/app/templates/vault/cluster/access/methods.hbs
index f68da22694..3c2f1a37e9 100644
--- a/ui/app/templates/vault/cluster/access/methods.hbs
+++ b/ui/app/templates/vault/cluster/access/methods.hbs
@@ -102,7 +102,11 @@
                 (has-capability this.model.capabilities "delete" pathKey="authMethodDelete" params=method.id)
               )
             }}
-              <dd.Interactive @color="critical" {{on "click" (fn (mut this.methodToDisable) method)}}>
+              <dd.Interactive
+                @color="critical"
+                {{on "click" (fn (mut this.methodToDisable) method)}}
+                data-test-button="Disable auth method"
+              >
                 Disable
               </dd.Interactive>
             {{/if}}
diff --git a/ui/tests/acceptance/access/methods-test.js b/ui/tests/acceptance/access/methods-test.js
index 7077b7bee4..c3b92fee40 100644
--- a/ui/tests/acceptance/access/methods-test.js
+++ b/ui/tests/acceptance/access/methods-test.js
@@ -91,4 +91,17 @@ module('Acceptance | auth-methods list view', function (hooks) {
         .exists({ count: 1 }, `auth method ${key} appears in list view after navigating from OIDC Provider`);
     }
   });
+
+  test('it should disable an auth method', async function (assert) {
+    const authPath1 = `userpass-1-${this.uid}`;
+    const type = 'userpass';
+    await visit('/vault/settings/auth/enable');
+    await runCmd(mountAuthCmd(type, authPath1));
+    await visit('/vault/access/');
+    await click(`${GENERAL.linkedBlock(authPath1)} ${GENERAL.menuTrigger}`);
+    await click(GENERAL.button('Disable auth method'));
+    await click(GENERAL.confirmButton);
+    assert.dom(GENERAL.linkedBlock(authPath1)).doesNotExist('auth mount disabled');
+    await runCmd(`delete sys/auth/${authPath1}`);
+  });
 });