mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-17 12:07:02 +02:00
Code Issues Projects Releases Wiki Activity
bc69ef899a
vault/ui/tests/acceptance/saml-auth-method-test.js
Austin Gebauer 21bd134ad2
ui: adds a new auth form option (#22640) 
* ui: adds a new auth form option

* add warning if nonsecure context, cleanup

* more ember-y

* Only show saml auth method for enterprise, plus tests

* Use error message helper

* Dont include saml on community auth list

* Add allSupportedAuthBackends method

* change token request from GET to PUT to match backend change

* Fetch role on sign in, cancel login after timeout

* saml acceptance test

* Add changelog

* saml test only on enterprise

* set the acs_url according to which cluster the UI is served from

* prepare namespace in addition to path with a helper func

---------

Co-authored-by: Chelsea Shaw <cshaw@hashicorp.com>
2023-09-08 08:53:26 -07:00

162 lines
5.5 KiB
JavaScript
Raw Blame History

/**
* Copyright (c) HashiCorp, Inc.
* SPDX-License-Identifier: BUSL-1.1
*/
import { module, test } from 'qunit';
import { setupApplicationTest } from 'ember-qunit';
import sinon from 'sinon';
import { click, fillIn, find, waitUntil } from '@ember/test-helpers';
import { setupMirage } from 'ember-cli-mirage/test-support';
import { Response } from 'miragejs';
import authPage from 'vault/tests/pages/auth';
import { fakeWindow } from 'vault/tests/helpers/oidc-window-stub';
module('Acceptance | enterprise saml auth method', function (hooks) {
setupApplicationTest(hooks);
setupMirage(hooks);
hooks.beforeEach(function () {
this.openStub = sinon.stub(window, 'open').callsFake(() => fakeWindow.create());
this.server.put('/auth/saml/sso_service_url', () => ({
data: {
sso_service_url: 'http://sso-url.hashicorp.com/service',
token_poll_id: '1234',
},
}));
this.server.put('/auth/saml/token', () => ({
auth: { client_token: 'root' },
}));
// ensure clean state
localStorage.removeItem('selectedAuth');
authPage.logout();
});
hooks.afterEach(function () {
this.openStub.restore();
});
test('it should login with saml when selected from auth methods dropdown', async function (assert) {
assert.expect(1);
this.server.get('/auth/token/lookup-self', (schema, req) => {
assert.ok(true, 'request made to auth/token/lookup-self after saml callback');
req.passthrough();
});
// select from dropdown or click auth path tab
await waitUntil(() => find('[data-test-select="auth-method"]'));
await fillIn('[data-test-select="auth-method"]', 'saml');
await click('[data-test-auth-submit]');
});
test('it should login with saml from listed auth mount tab', async function (assert) {
assert.expect(4);
this.server.get('/sys/internal/ui/mounts', () => ({
data: {
auth: {
'test-path/': { description: '', options: {}, type: 'saml' },
},
},
}));
this.server.put('/auth/test-path/sso_service_url', () => {
assert.ok(true, 'role request made to correct non-standard mount path');
return {
data: {
sso_service_url: 'http://sso-url.hashicorp.com/service',
token_poll_id: '1234',
},
};
});
this.server.put('/auth/test-path/token', () => {
assert.ok(true, 'login request made to correct non-standard mount path');
return {
auth: { client_token: 'root' },
};
});
this.server.get('/auth/token/lookup-self', (schema, req) => {
assert.ok(true, 'request made to auth/token/lookup-self after oidc callback');
assert.deepEqual(
req.requestHeaders,
{ 'X-Vault-Token': 'root' },
'calls lookup-self with returned client token after login'
);
req.passthrough();
});
// click auth path tab
await waitUntil(() => find('[data-test-auth-method="test-path"]'));
await click('[data-test-auth-method="test-path"]');
await click('[data-test-auth-submit]');
});
test('it should render API errors from both endpoints', async function (assert) {
assert.expect(3);
this.server.put('/auth/saml/sso_service_url', (schema, { requestBody }) => {
const { role } = JSON.parse(requestBody);
if (!role) {
return new Response(
400,
{ 'Content-Type': 'application/json' },
JSON.stringify({ errors: ["missing required 'role' parameter"] })
);
}
return {
data: {
sso_service_url: 'http://sso-url.hashicorp.com/service',
token_poll_id: '1234',
},
};
});
this.server.put('/auth/saml/token', (schema, { requestHeaders }) => {
if (requestHeaders['X-Vault-Namespace']) {
return new Response(
400,
{ 'Content-Type': 'application/json' },
JSON.stringify({ errors: ['something went wrong'] })
);
}
return {
auth: { client_token: 'root' },
};
});
this.server.get('/auth/token/lookup-self', (schema, req) => {
assert.ok(true, 'request made to auth/token/lookup-self after saml callback');
req.passthrough();
});
// select saml auth type
await waitUntil(() => find('[data-test-select="auth-method"]'));
await fillIn('[data-test-select="auth-method"]', 'saml');
await fillIn('[data-test-auth-form-ns-input]', 'some-ns');
await click('[data-test-auth-submit]');
assert
.dom('[data-test-message-error-description]')
.hasText("missing required 'role' parameter", 'shows API error from role fetch');
await fillIn('[data-test-role]', 'my-role');
await click('[data-test-auth-submit]');
assert
.dom('[data-test-message-error-description]')
.hasText('something went wrong', 'shows API error from login attempt');
await fillIn('[data-test-auth-form-ns-input]', '');
await click('[data-test-auth-submit]');
});
test('it should populate saml auth method on logout', async function (assert) {
authPage.logout();
// select from dropdown
await waitUntil(() => find('[data-test-select="auth-method"]'));
await fillIn('[data-test-select="auth-method"]', 'saml');
await click('[data-test-auth-submit]');
await waitUntil(() => find('[data-test-user-menu-trigger]'));
await click('[data-test-user-menu-trigger]');
await click('#logout');
assert
.dom('[data-test-select="auth-method"]')
.hasValue('saml', 'Previous auth method selected on logout');
});
});
Reference in New Issue View Git Blame Copy Permalink