mirror of
https://github.com/hashicorp/vault.git
synced 2025-08-14 18:47:01 +02:00
712cc9eee0
* adds development workflow to mirage config * adds mirage handler and factory for mfa workflow * adds mfa handling to auth service and cluster adapter * moves auth success logic from form to controller * adds mfa form component * shows delayed auth message for all methods * adds new code delay to mfa form * adds error views * fixes merge conflict * adds integration tests for mfa-form component * fixes auth tests * updates mfa response handling to align with backend * updates mfa-form to handle multiple methods and constraints * adds noDefault arg to Select component * updates mirage mfa handler to align with backend and adds generator for various mfa scenarios * adds tests * flaky test fix attempt * reverts test fix attempt * adds changelog entry * updates comments for todo items * removes faker from mfa mirage factory and handler * adds number to word helper * fixes tests
90 lines
2.6 KiB
JavaScript
90 lines
2.6 KiB
JavaScript
import Component from '@glimmer/component';
|
|
import { inject as service } from '@ember/service';
|
|
import { tracked } from '@glimmer/tracking';
|
|
import { action, set } from '@ember/object';
|
|
import { task, timeout } from 'ember-concurrency';
|
|
import { numberToWord } from 'vault/helpers/number-to-word';
|
|
/**
|
|
* @module MfaForm
|
|
* The MfaForm component is used to enter a passcode when mfa is required to login
|
|
*
|
|
* @example
|
|
* ```js
|
|
* <MfaForm @clusterId={this.model.id} @authData={this.authData} />
|
|
* ```
|
|
* @param {string} clusterId - id of selected cluster
|
|
* @param {object} authData - data from initial auth request -- { mfa_requirement, backend, data }
|
|
* @param {function} onSuccess - fired when passcode passes validation
|
|
*/
|
|
|
|
export default class MfaForm extends Component {
|
|
@service auth;
|
|
|
|
@tracked passcode;
|
|
@tracked countdown;
|
|
@tracked errors;
|
|
|
|
get constraints() {
|
|
return this.args.authData.mfa_requirement.mfa_constraints;
|
|
}
|
|
get multiConstraint() {
|
|
return this.constraints.length > 1;
|
|
}
|
|
get singleConstraintMultiMethod() {
|
|
return !this.isMultiConstraint && this.constraints[0].methods.length > 1;
|
|
}
|
|
get singlePasscode() {
|
|
return (
|
|
!this.isMultiConstraint &&
|
|
this.constraints[0].methods.length === 1 &&
|
|
this.constraints[0].methods[0].uses_passcode
|
|
);
|
|
}
|
|
get description() {
|
|
let base = 'Multi-factor authentication is enabled for your account.';
|
|
if (this.singlePasscode) {
|
|
base += ' Enter your authentication code to log in.';
|
|
}
|
|
if (this.singleConstraintMultiMethod) {
|
|
base += ' Select the MFA method you wish to use.';
|
|
}
|
|
if (this.multiConstraint) {
|
|
const num = this.constraints.length;
|
|
base += ` ${numberToWord(num, true)} methods are required for successful authentication.`;
|
|
}
|
|
return base;
|
|
}
|
|
|
|
@task *validate() {
|
|
try {
|
|
const response = yield this.auth.totpValidate({
|
|
clusterId: this.args.clusterId,
|
|
...this.args.authData,
|
|
});
|
|
this.args.onSuccess(response);
|
|
} catch (error) {
|
|
this.errors = error.errors;
|
|
// TODO: update if specific error can be parsed for incorrect passcode
|
|
// this.newCodeDelay.perform();
|
|
}
|
|
}
|
|
|
|
@task *newCodeDelay() {
|
|
this.passcode = null;
|
|
this.countdown = 30;
|
|
while (this.countdown) {
|
|
yield timeout(1000);
|
|
this.countdown--;
|
|
}
|
|
}
|
|
|
|
@action onSelect(constraint, id) {
|
|
set(constraint, 'selectedId', id);
|
|
set(constraint, 'selectedMethod', constraint.methods.findBy('id', id));
|
|
}
|
|
@action submit(e) {
|
|
e.preventDefault();
|
|
this.validate.perform();
|
|
}
|
|
}
|