UI: Add MFA support for SSO methods #30489
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
hellobontempo
commented
May 1, 2025
| @@ -29,7 +29,6 @@ import type { HTMLElementEvent } from 'vault/forms'; | |||
| * dynamically renders the corresponding form. | |||
| * | |||
| * | |||
| * @param {string} wrappedToken - Query param value of a wrapped token that can be used to login when added directly to the URL via the "wrapped_token" query param | |||
hellobontempo
commented
May 1, 2025
| } catch (error) { | ||
| this.onError(error as Error); | ||
| } | ||
| }) | ||
| ); | ||
|
|
||
| handleAuthResponse(authResponse: AuthData, authType: string, formData?: object) { | ||
| // Standard methods get mfa_requirements from the authenticate method in the auth service |
There was a problem hiding this comment.
Long term plan is that each method component no longer call this.auth.authenticate and instead uses the api service for to explicitly make its login request. Once the auth logic isn't so abstracted handling MFA can be consolidated to one place (either here or the auth service) because we will have more control over the authResponse.
|
Build Results: |
|
CI Results: failed ❌ |
hellobontempo
commented
May 2, 2025
| @@ -73,7 +73,7 @@ export default class AuthLoginFormComponent extends Component { | |||
| if (data?.mfa_requirement) { | |||
| const parsedMfaAuthResponse = this.auth._parseMfaResponse(data.mfa_requirement); | |||
| // calls onAuthResponse in parent auth/page.js component | |||
| this.args.onSuccess(parsedMfaAuthResponse, backendType, data); | |||
There was a problem hiding this comment.
I'm still referencing old components and tests as I wire things up. Updated here, too to double check changing these args in the parent page.js didn't break anything unexpected.
lane-wetmore
approved these changes
May 2, 2025
Co-authored-by: lane-wetmore <lane.wetmore@hashicorp.com>
84316c6
into
VAULT-35470/wire-up-accessible-auth-components
8 of 9 checks passed
hellobontempo
added a commit
that referenced
this pull request
May 8, 2025
* UI: Move `wrapped_token` login functionality to route (#30465) * move token unwrap functionality to page component * update mfa test * remove wrapped_token logic from page component * more cleanup to relocate unwrap logic * move wrapped_token to route * move unwrap tests to acceptance * move mfa form back * add some padding * update mfa-form tests * get param from params * wait for auth form on back * run rests * UI: Add MFA support for SSO methods (#30489) * initial implementation of mfa validation for sso methods * update typescript interfaces * add stopgap changes to auth service * switch order backend is defined * update login form for tests even though it will be deleted * attempt to stabilize wrapped_query test * =update login form test why not * Update ui/app/components/auth/form/saml.ts Co-authored-by: lane-wetmore <lane.wetmore@hashicorp.com> --------- Co-authored-by: lane-wetmore <lane.wetmore@hashicorp.com> * Move CSP error to page component (#30492) * initial implementation of mfa validation for sso methods * update typescript interfaces * add stopgap changes to auth service * switch order backend is defined * update login form for tests even though it will be deleted * attempt to stabilize wrapped_query test * =update login form test why not * move csp error to page component * move csp error to page component * Move fetching unauthenticated mounts to the route (#30509) * rename namespace arg to namespaceQueryParam * move fetch mounts to route * add margin to sign in button spacing * update selectors for oidc provider test * add todo delete comments * fix arg typo in test * change method name * fix args handling tab click * remove tests that no longer relate to components functionality * add tests for preselectedAuthType functionality * move typescript interfaces, fix selector * add await * oops * move format method down, make private * move tab formatting to the route * move to page object * fix token unwrap aborting transition * not sure what that is doing there.. * add comments * rename to presetAuthType * use did-insert instead * UI: Implement `Auth::FormTemplate` (#30521) * replace Auth::LoginForm with Auth::FormTemplate * first round of test updates * return null if mounts object is empty * add comment and test for empty sys/internal/mounts data * more test updates * delete listing_visibility test, delete login-form component test * update divs to Hds::Card::Container * add overflow class * remove unused getters * move requesting stored auth type to page component * fix typo * Update ui/app/components/auth/form/oidc-jwt.ts make comment make more sense * small cleanup items, update imports * Delete old auth components (#30527) * delete old components * update codeowners * Update `with` query param functionality (#30537) * update path input to type=hidden * add test coverage * update page test * update auth route * delete login form * update ent test * consolidate logic in getter * add more comments * more comments.. * rename selector * refresh model as well * redirect for invalid query params * move unwrap to redirect * only redirect on invalid query params * add tests for query param * test selector updates * remove todos, update relevant ones with initials * add changelog --------- Co-authored-by: lane-wetmore <lane.wetmore@hashicorp.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Adds MFA support for SSO methods
TODO only if you're a HashiCorp employee
backport/label that matches the desired release branch. Note that in the CE repo, the latest release branch will look likebackport/x.x.x, but older release branches will bebackport/ent/x.x.x+ent.of a public function, even if that change is in a CE file, double check that
applying the patch for this PR to the ENT repo and running tests doesn't
break any tests. Sometimes ENT only tests rely on public functions in CE
files.
in the PR description, commit message, or branch name.
description. Also, make sure the changelog is in this PR, not in your ENT PR.