mirror of
https://github.com/hashicorp/vault.git
synced 2025-09-20 05:11:12 +02:00
ca14c1919f
* adds mirage factories for mfa methods and login enforcement * adds mirage handler for mfa config endpoints * adds mirage identity manager for uuids * updates mfa test to use renamed mfaLogin mirage handler * updates mfa login workflow for push methods (#15214) * MFA Login Enforcement Model (#15244) * adds mfa login enforcement model, adapter and serializer * updates mfa methods to hasMany realtionship and transforms property names * updates login enforcement adapter to use urlForQuery over buildURL * Model for mfa method (#15218) * Model for mfa method * Added adapter and serializer for mfa method - Updated mfa method model - Basic route to handle list view - Added MFA to access nav * Show landing page if methods are not configured * Updated adapter,serializer - Backend is adding new endpoint to list all the mfa methods * Updated landing page - Added MFA diagram - Created helper to resolve full path for assets like images * Remove ember assign * Fixed failing test * MFA method and enforcement list view (#15353) * MFA method and enforcement list view - Added new route for list views - List mfa methods along with id, type and icon - Added client side pagination to list views * Throw error if method id is not present * MFA Login Enforcement Form (#15410) * adds mfa login enforcement form and header components and radio card component * skips login enforcement form tests for now * adds jsdoc annotations for mfa-login-enforcement-header component * adds error handling when fetching identity targets in login enforcement form component * updates radio-card label elements * MFA Login Enforcement Create and Edit routes (#15422) * adds mfa login enforcement form and header components and radio card component * skips login enforcement form tests for now * updates to login enforcement form to fix issues hydrating methods and targets from model when editing * updates to mfa-config mirage handler and login enforcement handler * fixes issue with login enforcement serializer normalizeItems method throwing error on save * updates to mfa route structure * adds login enforcement create and edit routes * MFA Login Enforcement Read Views (#15462) * adds login enforcement read views * skip mfa-method-list-item test for now * MFA method form (#15432) * MFA method form - Updated model for form attributes - Form for editing, creating mfa methods * Added comments * Update model for mfa method * Refactor buildURL in mfa method adapter * Update adapter to handle mfa create * Fixed adapter to handle create mfa response * Sidebranch: MFA end user setup (#15273) * initial setup of components and route * fix navbar * replace parent component with controller * use auth service to return entity id * adapter and some error handling: * clean up adapter and handle warning * wip * use library for qrCode generation * clear warning and QR code display fix * flow for restart setup * add documentation * clean up * fix warning issue * handle root user * remove comment * update copy * fix margin * address comment * MFA Guided Setup Route (#15479) * adds mfa method create route with type selection workflow * updates mfa method create route links to use DocLink component * MFA Guided Setup Config View (#15486) * adds mfa guided setup config view * resets type query param on mfa method create route exit * hide next button if type is not selected in mfa method create route * updates to sure correct state when changing mfa method type in guided setup * Enforcement view at MFA method level (#15485) - List enforcements for each mfa method - Delete MFA method if no enforcements are present - Moved method, enforcement list item component to mfa folder * MFA Login Enforcement Validations (#15498) * adds model and form validations for mfa login enforcements * updates mfa login enforcement validation messages * updates validation message for mfa login enforcement targets * adds transition action to configure mfa button on landing page * unset enforcement on preference change in mfa guided setup workflow * Added validations for mfa method model (#15506) * UI/mfa breadcrumbs and small fixes (#15499) * add active class when on index * breadcrumbs * remove box-shadow to match designs * fix refresh load mfa-method * breadcrumb create * add an empty state the enforcements list view * change to beforeModel * UI/mfa small bugs (#15522) * remove pagintion and fix on methods list view * fix enforcements * Fix label for value on radio-card (#15542) * MFA Login Enforcement Component Tests (#15539) * adds tests for mfa-login-enforcement-header component * adds tests for mfa-login-enforcement-form component * Remove default values from mfa method model (#15540) - use passcode had a default value, as a result it was being sent with all the mfa method types during save and edit flows.. * UI/mfa small cleanup (#15549) * data-test-mleh -> data-test-mfa * Only one label per radio card * Remove unnecessary async * Simplify boolean logic * Make mutation clear * Revert "data-test-mleh -> data-test-mfa" This reverts commit 31430df7bb42580a976d082667cb6ed1f09c3944. * updates mfa login enforcement form to only display auth method types for current mounts as targets (#15547) * remove token type (#15548) * remove token type * conditional param * removes type from mfa method payload and fixes bug transitioning to method route on save success * removes punctuation from mfa form error message string match * updates qr-code component invocation to angle bracket * Re-trigger CI jobs with empty commit Co-authored-by: Arnav Palnitkar <arnav@hashicorp.com> Co-authored-by: Angel Garbarino <Monkeychip@users.noreply.github.com> Co-authored-by: Chelsea Shaw <82459713+hashishaw@users.noreply.github.com> Co-authored-by: Michele Degges <mdeggies@gmail.com>
117 lines
3.8 KiB
JavaScript
117 lines
3.8 KiB
JavaScript
import Component from '@glimmer/component';
|
|
import { inject as service } from '@ember/service';
|
|
import { tracked } from '@glimmer/tracking';
|
|
import { action, set } from '@ember/object';
|
|
import { task, timeout } from 'ember-concurrency';
|
|
import { numberToWord } from 'vault/helpers/number-to-word';
|
|
/**
|
|
* @module MfaForm
|
|
* The MfaForm component is used to enter a passcode when mfa is required to login
|
|
*
|
|
* @example
|
|
* ```js
|
|
* <MfaForm @clusterId={this.model.id} @authData={this.authData} />
|
|
* ```
|
|
* @param {string} clusterId - id of selected cluster
|
|
* @param {object} authData - data from initial auth request -- { mfa_requirement, backend, data }
|
|
* @param {function} onSuccess - fired when passcode passes validation
|
|
* @param {function} onError - fired for multi-method or non-passcode method validation errors
|
|
*/
|
|
|
|
export const TOTP_VALIDATION_ERROR =
|
|
'The passcode failed to validate. If you entered the correct passcode, contact your administrator.';
|
|
|
|
export default class MfaForm extends Component {
|
|
@service auth;
|
|
|
|
@tracked countdown;
|
|
@tracked error;
|
|
@tracked codeDelayMessage;
|
|
|
|
constructor() {
|
|
super(...arguments);
|
|
// trigger validation immediately when passcode is not required
|
|
const passcodeOrSelect = this.constraints.filter((constraint) => {
|
|
return constraint.methods.length > 1 || constraint.methods.findBy('uses_passcode');
|
|
});
|
|
if (!passcodeOrSelect.length) {
|
|
this.validate.perform();
|
|
}
|
|
}
|
|
|
|
get constraints() {
|
|
return this.args.authData.mfa_requirement.mfa_constraints;
|
|
}
|
|
get multiConstraint() {
|
|
return this.constraints.length > 1;
|
|
}
|
|
get singleConstraintMultiMethod() {
|
|
return !this.isMultiConstraint && this.constraints[0].methods.length > 1;
|
|
}
|
|
get singlePasscode() {
|
|
return (
|
|
!this.isMultiConstraint &&
|
|
this.constraints[0].methods.length === 1 &&
|
|
this.constraints[0].methods[0].uses_passcode
|
|
);
|
|
}
|
|
get description() {
|
|
let base = 'Multi-factor authentication is enabled for your account.';
|
|
if (this.singlePasscode) {
|
|
base += ' Enter your authentication code to log in.';
|
|
}
|
|
if (this.singleConstraintMultiMethod) {
|
|
base += ' Select the MFA method you wish to use.';
|
|
}
|
|
if (this.multiConstraint) {
|
|
const num = this.constraints.length;
|
|
base += ` ${numberToWord(num, true)} methods are required for successful authentication.`;
|
|
}
|
|
return base;
|
|
}
|
|
|
|
@task *validate() {
|
|
try {
|
|
this.error = null;
|
|
const response = yield this.auth.totpValidate({
|
|
clusterId: this.args.clusterId,
|
|
...this.args.authData,
|
|
});
|
|
this.args.onSuccess(response);
|
|
} catch (error) {
|
|
const errors = error.errors || [];
|
|
const codeUsed = errors.find((e) => e.includes('code already used'));
|
|
const rateLimit = errors.find((e) => e.includes('maximum TOTP validation attempts'));
|
|
const delayMessage = codeUsed || rateLimit;
|
|
|
|
if (delayMessage) {
|
|
const reason = codeUsed ? 'This code has already been used' : 'Maximum validation attempts exceeded';
|
|
this.codeDelayMessage = `${reason}. Please wait until a new code is available.`;
|
|
this.newCodeDelay.perform(delayMessage);
|
|
} else if (this.singlePasscode) {
|
|
this.error = TOTP_VALIDATION_ERROR;
|
|
} else {
|
|
this.args.onError(this.auth.handleError(error));
|
|
}
|
|
}
|
|
}
|
|
|
|
@task *newCodeDelay(message) {
|
|
// parse validity period from error string to initialize countdown
|
|
this.countdown = parseInt(message.match(/(\d\w seconds)/)[0].split(' ')[0]);
|
|
while (this.countdown) {
|
|
yield timeout(1000);
|
|
this.countdown--;
|
|
}
|
|
}
|
|
|
|
@action onSelect(constraint, id) {
|
|
set(constraint, 'selectedId', id);
|
|
set(constraint, 'selectedMethod', constraint.methods.findBy('id', id));
|
|
}
|
|
@action submit(e) {
|
|
e.preventDefault();
|
|
this.validate.perform();
|
|
}
|
|
}
|