Skip to content

Commit

Permalink
Fix Exec not working with reverse proxy X-Nomad-Token (#12925) (#13253)
Browse files Browse the repository at this point in the history
* Capture token secret on fetch

* Fix tests

* Fix lint errors

Co-authored-by: Georges-Etienne Legendre <[email protected]>
  • Loading branch information
hc-github-team-nomad-core and legege authored Jun 6, 2022
1 parent 82debba commit 57771fb
Show file tree
Hide file tree
Showing 2 changed files with 24 additions and 3 deletions.
4 changes: 3 additions & 1 deletion ui/app/services/token.js
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,9 @@ export default class TokenService extends Service {
@task(function*() {
const TokenAdapter = getOwner(this).lookup('adapter:token');
try {
return yield TokenAdapter.findSelf();
var token = yield TokenAdapter.findSelf();
this.secret = token.secret;
return token;
} catch (e) {
const errors = e.errors ? e.errors.mapBy('detail') : [];
if (errors.find(error => error === 'ACL support disabled')) {
Expand Down
23 changes: 21 additions & 2 deletions ui/tests/acceptance/proxy-test.js
Original file line number Diff line number Diff line change
Expand Up @@ -17,17 +17,36 @@ module('Acceptance | reverse proxy', function(hooks) {
server.create('agent');
managementToken = server.create('token');

// Prepare a setRequestHeader that accumulate headers already set. This is to avoid double setting X-Nomad-Token
this._originalXMLHttpRequestSetRequestHeader = XMLHttpRequest.prototype.setRequestHeader;
(function(setRequestHeader) {
XMLHttpRequest.prototype.setRequestHeader = function(header, value) {
if (!this.headers) {
this.headers = {};
}
if (!this.headers[header]) {
this.headers[header] = [];
}
// Add the value to the header
this.headers[header].push(value);
setRequestHeader.call(this, header, value);
};
})(this._originalXMLHttpRequestSetRequestHeader);

// Simulate a reverse proxy injecting X-Nomad-Token header for all requests
this._originalXMLHttpRequestSend = XMLHttpRequest.prototype.send;
(function(send) {
XMLHttpRequest.prototype.send = function(data) {
this.setRequestHeader('X-Nomad-Token', managementToken.secretId);
if (!this.headers || !('X-Nomad-Token' in this.headers)) {
this.setRequestHeader('X-Nomad-Token', managementToken.secretId);
}
send.call(this, data);
};
})(this._originalXMLHttpRequestSend);
});

hooks.afterEach(function() {
XMLHttpRequest.prototype.setRequestHeader = this._originalXMLHttpRequestSetRequestHeader;
XMLHttpRequest.prototype.send = this._originalXMLHttpRequestSend;
});

Expand All @@ -36,7 +55,7 @@ module('Acceptance | reverse proxy', function(hooks) {
const { secretId } = managementToken;

await Jobs.visit();
assert.ok(window.localStorage.nomadTokenSecret == null, 'No token secret set');
assert.equal(window.localStorage.nomadTokenSecret, secretId, 'Token secret was set');

// Make sure that server received the header
assert.ok(
Expand Down

0 comments on commit 57771fb

Please sign in to comment.