diff --git a/ui/app/components/auth-jwt.js b/ui/app/components/auth-jwt.js index 8c3bc69d4066..10aa8a5953eb 100644 --- a/ui/app/components/auth-jwt.js +++ b/ui/app/components/auth-jwt.js @@ -11,8 +11,8 @@ const ERROR_WINDOW_CLOSED = 'The provider window was closed before authentication was complete. Please click Sign In to try again.'; const ERROR_MISSING_PARAMS = 'The callback from the provider did not supply all of the required parameters. Please click Sign In to try again. If the problem persists, you may want to contact your administrator.'; - -export { ERROR_WINDOW_CLOSED, ERROR_MISSING_PARAMS }; +const ERROR_JWT_LOGIN = 'OIDC login is not configured for this mount'; +export { ERROR_WINDOW_CLOSED, ERROR_MISSING_PARAMS, ERROR_JWT_LOGIN }; export default Component.extend({ store: service(), @@ -20,6 +20,7 @@ export default Component.extend({ selectedAuthType: null, roleName: null, role: null, + errorMessage: null, onRoleName() {}, onLoading() {}, onError() {}, @@ -36,13 +37,14 @@ export default Component.extend({ } else if (shouldDebounce) { this.fetchRole.perform(this.roleName); } + this.set('errorMessage', null); this.set('oldSelectedAuthPath', selectedAuthPath); }, - // OIDC roles in the JWT/OIDC backend are those with an authUrl, - // those that are JWT type will 400 when trying to fetch the role - isOIDC: computed('role', 'role.authUrl', function() { - return this.role && this.role.authUrl; + // Assumes authentication using OIDC until it's known that the mount is + // configured for JWT authentication via static keys, JWKS, or OIDC discovery. + isOIDC: computed('errorMessage', function() { + return this.errorMessage !== ERROR_JWT_LOGIN; }), getWindow() { @@ -64,6 +66,9 @@ export default Component.extend({ if (!e.httpStatus || e.httpStatus !== 400) { throw e; } + if (e.errors && e.errors.length > 0) { + this.set('errorMessage', e.errors[0]); + } } this.set('role', role); }) @@ -152,7 +157,7 @@ export default Component.extend({ if (e && e.preventDefault) { e.preventDefault(); } - if (!this.isOIDC) { + if (!this.isOIDC || !this.role || !this.role.authUrl) { return; } diff --git a/ui/tests/acceptance/auth-test.js b/ui/tests/acceptance/auth-test.js index e6d0a0b88e4b..3dd939b48ede 100644 --- a/ui/tests/acceptance/auth-test.js +++ b/ui/tests/acceptance/auth-test.js @@ -65,7 +65,6 @@ module('Acceptance | auth', function(hooks) { await component.token('token'); } if (backend.type === 'jwt' || backend.type === 'oidc') { - await jwtComponent.jwt('1'); await jwtComponent.role('test'); } await component.login(); @@ -81,7 +80,6 @@ module('Acceptance | auth', function(hooks) { } else if (backend.type === 'jwt' || backend.type === 'oidc') { let authReq = this.server.passthroughRequests[this.server.passthroughRequests.length - 2]; body = JSON.parse(authReq.requestBody); - assert.ok(Object.keys(body).includes('jwt'), `${backend.type} includes jwt`); assert.ok(Object.keys(body).includes('role'), `${backend.type} includes role`); } else { assert.ok(Object.keys(body).includes('password'), `${backend.type} includes password`); diff --git a/ui/tests/integration/components/auth-jwt-test.js b/ui/tests/integration/components/auth-jwt-test.js index f4d1a56c0592..475b9e906455 100644 --- a/ui/tests/integration/components/auth-jwt-test.js +++ b/ui/tests/integration/components/auth-jwt-test.js @@ -11,7 +11,7 @@ import Pretender from 'pretender'; import { resolve } from 'rsvp'; import { create } from 'ember-cli-page-object'; import form from '../../pages/components/auth-jwt'; -import { ERROR_WINDOW_CLOSED, ERROR_MISSING_PARAMS } from 'vault/components/auth-jwt'; +import { ERROR_WINDOW_CLOSED, ERROR_MISSING_PARAMS, ERROR_JWT_LOGIN } from 'vault/components/auth-jwt'; const component = create(form); const windows = []; @@ -120,7 +120,7 @@ module('Integration | Component | auth jwt', function(hooks) { }), ]; } - return [400, { 'Content-Type': 'application/json' }, JSON.stringify({ errors: ['nope'] })]; + return [400, { 'Content-Type': 'application/json' }, JSON.stringify({ errors: [ERROR_JWT_LOGIN] })]; }); }); });