Use /acl/token/self instead of /acl/token/:accessor_id

2026-01-06 18:35:44 +03:00 · 2017-10-14 12:42:14 -07:00
parent 560dd3f88e
commit a845455141
7 changed files with 57 additions and 62 deletions
--- a/ui/app/adapters/token.js
+++ b/ui/app/adapters/token.js
@@ -1,5 +1,21 @@
+import Ember from 'ember';
 import { default as ApplicationAdapter, namespace } from './application';

+const { inject } = Ember;
+
 export default ApplicationAdapter.extend({
+  store: inject.service(),
+
  namespace: namespace + '/acl',
+
+  findSelf() {
+    return this.ajax(`${this.buildURL()}/token/self`).then(token => {
+      const store = this.get('store');
+      store.pushPayload('token', {
+        tokens: [token],
+      });
+
+      return store.peekRecord('token', store.normalize('token', token).data.id);
+    });
+  },
 });
--- a/ui/app/controllers/settings/tokens.js
+++ b/ui/app/controllers/settings/tokens.js
@@ -1,13 +1,12 @@
 import Ember from 'ember';

-const { Controller, inject, computed } = Ember;
+const { Controller, inject, computed, getOwner } = Ember;

 export default Controller.extend({
  token: inject.service(),

  tokenRecord: null,
  secret: computed.reads('token.secret'),
-  accessor: computed.reads('token.accessor'),

  tokenIsValid: false,
  tokenIsInvalid: false,
@@ -21,33 +20,33 @@ export default Controller.extend({
      this.setProperties({
        tokenIsValid: false,
        tokenIsInvalid: false,
+        tokenRecord: null,
      });
    },

    verifyToken() {
-      const { secret, accessor } = this.getProperties('secret', 'accessor');
+      const { secret } = this.getProperties('secret', 'accessor');
+      const TokenAdapter = getOwner(this).lookup('adapter:token');

      this.set('token.secret', secret);
-      this.get('store')
-        .findRecord('token', accessor)
-        .then(
-          token => {
-            this.set('token.accessor', accessor);
-            this.setProperties({
-              tokenIsValid: true,
-              tokenIsInvalid: false,
-              tokenRecord: token,
-            });
-          },
-          () => {
-            this.set('token.secret', null);
-            this.setProperties({
-              tokenIsInvalid: true,
-              tokenIsValid: false,
-              tokenRecord: null,
-            });
-          }
-        );
+
+      TokenAdapter.findSelf().then(
+        token => {
+          this.setProperties({
+            tokenIsValid: true,
+            tokenIsInvalid: false,
+            tokenRecord: token,
+          });
+        },
+        () => {
+          this.set('token.secret', null);
+          this.setProperties({
+            tokenIsInvalid: true,
+            tokenIsValid: false,
+            tokenRecord: null,
+          });
+        }
+      );
    },
  },
 });
--- a/ui/app/serializers/token.js
+++ b/ui/app/serializers/token.js
@@ -7,7 +7,6 @@ export default ApplicationSerializer.extend({
  primaryKey: 'AccessorID',

  attrs: {
-    taskGroupName: 'TaskGroup',
    secret: 'SecretID',
  },

--- a/ui/app/services/token.js
+++ b/ui/app/services/token.js
@@ -4,20 +4,6 @@ import fetch from 'fetch';
 const { Service, computed, assign } = Ember;

 export default Service.extend({
-  accessor: computed({
-    get() {
-      return window.sessionStorage.nomadTokenAccessor;
-    },
-    set(key, value) {
-      if (value == null) {
-        window.sessionStorage.removeItem('nomadTokenAccessor');
-      } else {
-        window.sessionStorage.nomadTokenAccessor = value;
-      }
-      return value;
-    },
-  }),
-
  secret: computed({
    get() {
      return window.sessionStorage.nomadTokenSecret;
--- a/ui/app/templates/settings/tokens.hbs
+++ b/ui/app/templates/settings/tokens.hbs
@@ -25,13 +25,6 @@
          <p class="help">Sent with every request to determine authorization</p>
        </div>

-        <div class="field">
-          <label class="label">Accessor ID</label>
-          <div class="control">
-            <input class="input token-accessor" type="text" placeholder="XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX" value={{token.accessor}} oninput={{action (mut accessor) value="target.value"}}>
-          </div>
-          <p class="help">Used to look up authorized policies</p>
-        </div>
        <p class="content"><button class="button is-primary token-submit" {{action "verifyToken"}}>Set Token</button></p>
      {{/if}}

@@ -51,7 +44,7 @@
          <div class="columns">
            <div class="column">
              <h3 class="title is-4">Token Failed to Authenticate</h3>
-              <p>The token secret and accessor you have provided do not match.</p>
+              <p>The token secret you have provided does not match an existing token.</p>
            </div>
          </div>
        </div>
--- a/ui/mirage/config.js
+++ b/ui/mirage/config.js
@@ -89,6 +89,19 @@ export default function() {
    return JSON.stringify(findLeader(schema));
  });

+  this.get('/acl/token/self', function({ tokens }, req) {
+    const secret = req.requestHeaders['X-Nomad-Token'];
+    const tokenForSecret = tokens.findBy({ secretId: secret });
+
+    // Return the token if it exists
+    if (tokenForSecret) {
+      return this.serialize(tokenForSecret);
+    }
+
+    // Client error if it doesn't
+    return new Response(400, {}, null);
+  });
+
  this.get('/acl/token/:id', function({ tokens }, req) {
    const token = tokens.find(req.params.id);
    const secret = req.requestHeaders['X-Nomad-Token'];
--- a/ui/tests/acceptance/token-test.js
+++ b/ui/tests/acceptance/token-test.js
@@ -21,27 +21,24 @@ moduleForAcceptance('Acceptance | tokens', {
 });

 test('the token form sets the token in session storage', function(assert) {
-  const { secretId, accessorId } = managementToken;
+  const { secretId } = managementToken;

  visit('/settings/tokens');

  andThen(() => {
    assert.ok(window.sessionStorage.nomadTokenSecret == null, 'No token secret set');
-    assert.ok(window.sessionStorage.nomadTokenAccessor == null, 'No token accessor set');

    fillIn('.token-secret', secretId);
-    fillIn('.token-accessor', accessorId);
    click('.token-submit');

    andThen(() => {
      assert.equal(window.sessionStorage.nomadTokenSecret, secretId, 'Token secret was set');
-      assert.equal(window.sessionStorage.nomadTokenAccessor, accessorId, 'Token accessor was set');
    });
  });
 });

 test('the X-Nomad-Token header gets sent with requests once it is set', function(assert) {
-  const { secretId, accessorId } = managementToken;
+  const { secretId } = managementToken;
  let requestPosition = 0;

  visit(`/jobs/${job.id}`);
@@ -60,7 +57,6 @@ test('the X-Nomad-Token header gets sent with requests once it is set', function
  visit('/settings/tokens');
  andThen(() => {
    fillIn('.token-secret', secretId);
-    fillIn('.token-accessor', accessorId);
    click('.token-submit');
  });

@@ -78,7 +74,7 @@ test('the X-Nomad-Token header gets sent with requests once it is set', function
 });

 test('an error message is shown when authenticating a token fails', function(assert) {
-  const { secretId, accessorId } = managementToken;
+  const { secretId } = managementToken;
  const bogusSecret = 'this-is-not-the-secret';
  assert.notEqual(
    secretId,
@@ -90,7 +86,6 @@ test('an error message is shown when authenticating a token fails', function(ass

  andThen(() => {
    fillIn('.token-secret', bogusSecret);
-    fillIn('.token-accessor', accessorId);
    click('.token-submit');

    andThen(() => {
@@ -98,10 +93,6 @@ test('an error message is shown when authenticating a token fails', function(ass
        window.sessionStorage.nomadTokenSecret == null,
        'Token secret is discarded on failure'
      );
-      assert.ok(
-        window.sessionStorage.nomadTokenAccessor == null,
-        'Token accessor is discarded on failure'
-      );
      assert.ok(find('.token-error'), 'Token error message is shown');
      assert.notOk(find('.token-success'), 'Token success message is not shown');
      assert.notOk(find('.token-policy'), 'No token policies are shown');
@@ -112,13 +103,12 @@ test('an error message is shown when authenticating a token fails', function(ass
 test('a success message and a special management token message are shown when authenticating succeeds', function(
  assert
 ) {
-  const { secretId, accessorId } = managementToken;
+  const { secretId } = managementToken;

  visit('/settings/tokens');

  andThen(() => {
    fillIn('.token-secret', secretId);
-    fillIn('.token-accessor', accessorId);
    click('.token-submit');

    andThen(() => {
@@ -133,7 +123,7 @@ test('a success message and a special management token message are shown when au
 test('a success message and associated policies are shown when authenticating succeeds', function(
  assert
 ) {
-  const { secretId, accessorId } = clientToken;
+  const { secretId } = clientToken;
  const policy = clientToken.policies.models[0];
  policy.update('description', 'Make sure there is a description');

@@ -141,7 +131,6 @@ test('a success message and associated policies are shown when authenticating su

  andThen(() => {
    fillIn('.token-secret', secretId);
-    fillIn('.token-accessor', accessorId);
    click('.token-submit');

    andThen(() => {