Skip to content

Commit

Permalink
Identity manager secure context fallback (hashicorp#19403)
Browse files Browse the repository at this point in the history
* adds check for isSecureContext in identity-manager and falls back to incrementing ids

* adds uuid package to replace crypto.randomUUID

* adds test for okta number challenge nonce value validation
  • Loading branch information
zofskeez authored Feb 28, 2023
1 parent da31528 commit eb70bfd
Show file tree
Hide file tree
Showing 6 changed files with 60 additions and 6 deletions.
3 changes: 2 additions & 1 deletion ui/app/components/auth-form.js
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ import { computed } from '@ember/object';
import { supportedAuthBackends } from 'vault/helpers/supported-auth-backends';
import { task, timeout } from 'ember-concurrency';
import { waitFor } from '@ember/test-waiters';
import { v4 as uuidv4 } from 'uuid';

const BACKENDS = supportedAuthBackends();

Expand Down Expand Up @@ -307,7 +308,7 @@ export default Component.extend(DEFAULTS, {
}
// add nonce field for okta backend
if (backend.type === 'okta') {
data.nonce = crypto.randomUUID();
data.nonce = uuidv4();
// add a default path of okta if it doesn't exist to be used for Okta Number Challenge
if (!data.path) {
data.path = 'okta';
Expand Down
9 changes: 5 additions & 4 deletions ui/app/utils/identity-manager.js
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
import { v4 as uuidv4 } from 'uuid';

// manage a set of unique ids
export default class {
constructor() {
Expand All @@ -12,11 +14,10 @@ export default class {
* @public
*/
fetch() {
let uuid = crypto.randomUUID();
// odds are incredibly low that we'll run into a duplicate using crypto.randomUUID()
// but just to be safe...
let uuid = uuidv4();
// odds are incredibly low that we'll run into a duplicate but just to be safe...
while (this.ids.has(uuid)) {
uuid = crypto.randomUUID();
uuid = uuidv4();
}
this.ids.add(uuid);
return uuid;
Expand Down
3 changes: 2 additions & 1 deletion ui/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -256,6 +256,7 @@
"highlight.js": "^10.4.1",
"js-yaml": "^3.13.1",
"lodash": "^4.17.13",
"node-notifier": "^8.0.1"
"node-notifier": "^8.0.1",
"uuid": "^9.0.0"
}
}
32 changes: 32 additions & 0 deletions ui/tests/integration/components/auth-form-test.js
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ import sinon from 'sinon';
import Pretender from 'pretender';
import { create } from 'ember-cli-page-object';
import authForm from '../../pages/components/auth-form';
import { validate } from 'uuid';

const component = create(authForm);

Expand Down Expand Up @@ -314,4 +315,35 @@ module('Integration | Component | auth form', function (hooks) {

server.shutdown();
});

test('it should set nonce value as uuid for okta method type', async function (assert) {
assert.expect(1);

const server = new Pretender(function () {
this.post('/v1/auth/okta/login/foo', (req) => {
const { nonce } = JSON.parse(req.requestBody);
assert.true(validate(nonce), 'Nonce value passed as uuid for okta login');
return [
200,
{ 'content-type': 'application/json' },
JSON.stringify({
auth: {
client_token: '12345',
},
}),
];
});
this.get('/v1/sys/internal/ui/mounts', this.passthrough);
});

this.set('cluster', EmberObject.create({}));
await render(hbs`<AuthForm @cluster={{this.cluster}} />`);

await component.selectMethod('okta');
await component.username('foo');
await component.password('bar');
await component.login();

server.shutdown();
});
});
14 changes: 14 additions & 0 deletions ui/tests/unit/serializers/cluster-test.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
import { module, test } from 'qunit';
import { setupTest } from 'ember-qunit';
import { validate } from 'uuid';

module('Unit | Serializer | cluster', function (hooks) {
setupTest(hooks);

test('it should generate ids for replication attributes', async function (assert) {
const serializer = this.owner.lookup('serializer:cluster');
const data = {};
serializer.setReplicationId(data);
assert.true(validate(data.id), 'UUID is generated for replication attribute');
});
});
5 changes: 5 additions & 0 deletions ui/yarn.lock
Original file line number Diff line number Diff line change
Expand Up @@ -18579,6 +18579,11 @@ uuid@^8.3.0, uuid@^8.3.2:
resolved "https://registry.yarnpkg.com/uuid/-/uuid-8.3.2.tgz#80d5b5ced271bb9af6c445f21a1a04c606cefbe2"
integrity sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==

uuid@^9.0.0:
version "9.0.0"
resolved "https://registry.yarnpkg.com/uuid/-/uuid-9.0.0.tgz#592f550650024a38ceb0c562f2f6aa435761efb5"
integrity sha512-MXcSTerfPa4uqyzStbRoTgt5XIe3x5+42+q1sDuy3R5MDk66URdLMOZe5aPX/SQd+kuYAh0FdP/pO28IkQyTeg==

v8-compile-cache@^2.0.3, v8-compile-cache@^2.3.0:
version "2.3.0"
resolved "https://registry.yarnpkg.com/v8-compile-cache/-/v8-compile-cache-2.3.0.tgz#2de19618c66dc247dcfb6f99338035d8245a2cee"
Expand Down

0 comments on commit eb70bfd

Please sign in to comment.