mirror of
https://github.com/hashicorp/vault.git
synced 2025-08-17 12:07:02 +02:00
0b12cdcfd1
* Adding explicit MPL license for sub-package. This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository. * Adding explicit MPL license for sub-package. This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository. * Updating the license from MPL to Business Source License. Going forward, this project will be licensed under the Business Source License v1.1. Please see our blog post for more details at https://hashi.co/bsl-blog, FAQ at www.hashicorp.com/licensing-faq, and details of the license at www.hashicorp.com/bsl. * add missing license headers * Update copyright file headers to BUS-1.1 * Fix test that expected exact offset on hcl file --------- Co-authored-by: hashicorp-copywrite[bot] <110428419+hashicorp-copywrite[bot]@users.noreply.github.com> Co-authored-by: Sarah Thompson <sthompson@hashicorp.com> Co-authored-by: Brian Kassouf <bkassouf@hashicorp.com>
99 lines
4.1 KiB
JavaScript
99 lines
4.1 KiB
JavaScript
/**
|
|
* Copyright (c) HashiCorp, Inc.
|
|
* SPDX-License-Identifier: BUSL-1.1
|
|
*/
|
|
|
|
import { module, test } from 'qunit';
|
|
import { setupApplicationTest } from 'ember-qunit';
|
|
import { click, visit, fillIn } from '@ember/test-helpers';
|
|
import { setupMirage } from 'ember-cli-mirage/test-support';
|
|
import sinon from 'sinon';
|
|
import { Response } from 'miragejs';
|
|
import { ERROR_JWT_LOGIN } from 'vault/components/auth-jwt';
|
|
|
|
module('Acceptance | jwt auth method', function (hooks) {
|
|
setupApplicationTest(hooks);
|
|
setupMirage(hooks);
|
|
|
|
hooks.beforeEach(function () {
|
|
localStorage.clear(); // ensure that a token isn't stored otherwise visit('/vault/auth') will redirect to secrets
|
|
this.stub = sinon.stub();
|
|
this.server.post(
|
|
'/auth/:path/oidc/auth_url',
|
|
() =>
|
|
new Response(
|
|
400,
|
|
{ 'Content-Type': 'application/json' },
|
|
JSON.stringify({ errors: [ERROR_JWT_LOGIN] })
|
|
)
|
|
);
|
|
this.server.get('/auth/foo/oidc/callback', () => ({
|
|
auth: { client_token: 'root' },
|
|
}));
|
|
});
|
|
|
|
test('it works correctly with default name and no role', async function (assert) {
|
|
assert.expect(6);
|
|
this.server.post('/auth/jwt/login', (schema, req) => {
|
|
const { jwt, role } = JSON.parse(req.requestBody);
|
|
assert.ok(true, 'request made to auth/jwt/login after submit');
|
|
assert.strictEqual(jwt, 'my-test-jwt-token', 'JWT token is sent in body');
|
|
assert.strictEqual(role, undefined, 'role is not sent in body when not filled in');
|
|
req.passthrough();
|
|
});
|
|
await visit('/vault/auth');
|
|
await fillIn('[data-test-select="auth-method"]', 'jwt');
|
|
assert.dom('[data-test-role]').exists({ count: 1 }, 'Role input exists');
|
|
assert.dom('[data-test-jwt]').exists({ count: 1 }, 'JWT input exists');
|
|
await fillIn('[data-test-jwt]', 'my-test-jwt-token');
|
|
await click('[data-test-auth-submit]');
|
|
assert.dom('[data-test-message-error]').exists('Failed login');
|
|
});
|
|
|
|
test('it works correctly with default name and a role', async function (assert) {
|
|
assert.expect(7);
|
|
this.server.post('/auth/jwt/login', (schema, req) => {
|
|
const { jwt, role } = JSON.parse(req.requestBody);
|
|
assert.ok(true, 'request made to auth/jwt/login after login');
|
|
assert.strictEqual(jwt, 'my-test-jwt-token', 'JWT token is sent in body');
|
|
assert.strictEqual(role, 'some-role', 'role is sent in the body when filled in');
|
|
req.passthrough();
|
|
});
|
|
await visit('/vault/auth');
|
|
await fillIn('[data-test-select="auth-method"]', 'jwt');
|
|
assert.dom('[data-test-role]').exists({ count: 1 }, 'Role input exists');
|
|
assert.dom('[data-test-jwt]').exists({ count: 1 }, 'JWT input exists');
|
|
await fillIn('[data-test-role]', 'some-role');
|
|
await fillIn('[data-test-jwt]', 'my-test-jwt-token');
|
|
assert.dom('[data-test-jwt]').exists({ count: 1 }, 'JWT input exists');
|
|
await click('[data-test-auth-submit]');
|
|
assert.dom('[data-test-message-error]').exists('Failed login');
|
|
});
|
|
|
|
test('it works correctly with custom endpoint and a role', async function (assert) {
|
|
assert.expect(6);
|
|
this.server.get('/sys/internal/ui/mounts', () => ({
|
|
data: {
|
|
auth: {
|
|
'test-jwt/': { description: '', options: {}, type: 'jwt' },
|
|
},
|
|
},
|
|
}));
|
|
this.server.post('/auth/test-jwt/login', (schema, req) => {
|
|
const { jwt, role } = JSON.parse(req.requestBody);
|
|
assert.ok(true, 'request made to auth/custom-jwt-login after login');
|
|
assert.strictEqual(jwt, 'my-test-jwt-token', 'JWT token is sent in body');
|
|
assert.strictEqual(role, 'some-role', 'role is sent in body when filled in');
|
|
req.passthrough();
|
|
});
|
|
await visit('/vault/auth');
|
|
await click('[data-test-auth-method-link="jwt"]');
|
|
assert.dom('[data-test-role]').exists({ count: 1 }, 'Role input exists');
|
|
assert.dom('[data-test-jwt]').exists({ count: 1 }, 'JWT input exists');
|
|
await fillIn('[data-test-role]', 'some-role');
|
|
await fillIn('[data-test-jwt]', 'my-test-jwt-token');
|
|
await click('[data-test-auth-submit]');
|
|
assert.dom('[data-test-message-error]').exists('Failed login');
|
|
});
|
|
});
|