mirror of
https://github.com/hashicorp/vault.git
synced 2025-08-17 12:07:02 +02:00
0b12cdcfd1
* Adding explicit MPL license for sub-package. This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository. * Adding explicit MPL license for sub-package. This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository. * Updating the license from MPL to Business Source License. Going forward, this project will be licensed under the Business Source License v1.1. Please see our blog post for more details at https://hashi.co/bsl-blog, FAQ at www.hashicorp.com/licensing-faq, and details of the license at www.hashicorp.com/bsl. * add missing license headers * Update copyright file headers to BUS-1.1 * Fix test that expected exact offset on hcl file --------- Co-authored-by: hashicorp-copywrite[bot] <110428419+hashicorp-copywrite[bot]@users.noreply.github.com> Co-authored-by: Sarah Thompson <sthompson@hashicorp.com> Co-authored-by: Brian Kassouf <bkassouf@hashicorp.com>
108 lines
4.1 KiB
JavaScript
108 lines
4.1 KiB
JavaScript
/**
|
|
* Copyright (c) HashiCorp, Inc.
|
|
* SPDX-License-Identifier: BUSL-1.1
|
|
*/
|
|
|
|
import { module, test } from 'qunit';
|
|
import { setupApplicationTest } from 'ember-qunit';
|
|
import { click, fillIn, find, waitUntil } from '@ember/test-helpers';
|
|
import authPage from 'vault/tests/pages/auth';
|
|
import { setupMirage } from 'ember-cli-mirage/test-support';
|
|
import { fakeWindow, buildMessage } from '../helpers/oidc-window-stub';
|
|
import sinon from 'sinon';
|
|
import { later, _cancelTimers as cancelTimers } from '@ember/runloop';
|
|
|
|
module('Acceptance | oidc auth method', function (hooks) {
|
|
setupApplicationTest(hooks);
|
|
setupMirage(hooks);
|
|
|
|
hooks.beforeEach(function () {
|
|
this.openStub = sinon.stub(window, 'open').callsFake(() => fakeWindow.create());
|
|
// OIDC test fails when using fake timestamps, we use the real timestamp.now here
|
|
this.server.post('/auth/oidc/oidc/auth_url', () => ({
|
|
data: { auth_url: 'http://example.com' },
|
|
}));
|
|
this.server.get('/auth/foo/oidc/callback', () => ({
|
|
auth: { client_token: 'root' },
|
|
}));
|
|
// ensure clean state
|
|
localStorage.removeItem('selectedAuth');
|
|
});
|
|
|
|
hooks.afterEach(function () {
|
|
this.openStub.restore();
|
|
});
|
|
|
|
test('it should login with oidc when selected from auth methods dropdown', async function (assert) {
|
|
assert.expect(1);
|
|
|
|
this.server.get('/auth/token/lookup-self', (schema, req) => {
|
|
assert.ok(true, 'request made to auth/token/lookup-self after oidc callback');
|
|
req.passthrough();
|
|
});
|
|
authPage.logout();
|
|
// select from dropdown or click auth path tab
|
|
await waitUntil(() => find('[data-test-select="auth-method"]'));
|
|
await fillIn('[data-test-select="auth-method"]', 'oidc');
|
|
later(() => {
|
|
window.postMessage(buildMessage().data, window.origin);
|
|
cancelTimers();
|
|
}, 50);
|
|
await click('[data-test-auth-submit]');
|
|
});
|
|
|
|
test('it should login with oidc from listed auth mount tab', async function (assert) {
|
|
assert.expect(3);
|
|
|
|
this.server.get('/sys/internal/ui/mounts', () => ({
|
|
data: {
|
|
auth: {
|
|
'test-path/': { description: '', options: {}, type: 'oidc' },
|
|
},
|
|
},
|
|
}));
|
|
// this request is fired twice -- total assertion count should be 3 rather than 2
|
|
// JLR TODO - auth-jwt: verify whether additional request is necessary, especially when glimmerizing component
|
|
// look into whether didReceiveAttrs is necessary to trigger this request
|
|
this.server.post('/auth/test-path/oidc/auth_url', () => {
|
|
assert.ok(true, 'auth_url request made to correct non-standard mount path');
|
|
return { data: { auth_url: 'http://example.com' } };
|
|
});
|
|
// there was a bug that would result in the /auth/:path/login endpoint hit with an empty payload rather than lookup-self
|
|
// ensure that the correct endpoint is hit after the oidc callback
|
|
this.server.get('/auth/token/lookup-self', (schema, req) => {
|
|
assert.ok(true, 'request made to auth/token/lookup-self after oidc callback');
|
|
req.passthrough();
|
|
});
|
|
|
|
authPage.logout();
|
|
// select from dropdown or click auth path tab
|
|
await waitUntil(() => find('[data-test-auth-method-link="oidc"]'));
|
|
await click('[data-test-auth-method-link="oidc"]');
|
|
later(() => {
|
|
window.postMessage(buildMessage().data, window.origin);
|
|
cancelTimers();
|
|
}, 50);
|
|
await click('[data-test-auth-submit]');
|
|
});
|
|
|
|
// coverage for bug where token was selected as auth method for oidc and jwt
|
|
test('it should populate oidc auth method on logout', async function (assert) {
|
|
authPage.logout();
|
|
// select from dropdown or click auth path tab
|
|
await waitUntil(() => find('[data-test-select="auth-method"]'));
|
|
await fillIn('[data-test-select="auth-method"]', 'oidc');
|
|
later(() => {
|
|
window.postMessage(buildMessage().data, window.origin);
|
|
cancelTimers();
|
|
}, 50);
|
|
await click('[data-test-auth-submit]');
|
|
await waitUntil(() => find('[data-test-user-menu-trigger]'));
|
|
await click('[data-test-user-menu-trigger]');
|
|
await click('#logout');
|
|
assert
|
|
.dom('[data-test-select="auth-method"]')
|
|
.hasValue('oidc', 'Previous auth method selected on logout');
|
|
});
|
|
});
|