From 873cf0cb78a9e7da160668cd3fd07d43fb1a8861 Mon Sep 17 00:00:00 2001 From: Georges-Etienne Legendre Date: Tue, 10 May 2022 13:42:12 -0400 Subject: [PATCH] Fix Exec not working with reverse proxy X-Nomad-Token (#12925) * Capture token secret on fetch * Fix tests * Fix lint errors --- ui/app/services/token.js | 4 +++- ui/tests/acceptance/proxy-test.js | 23 +++++++++++++++++++++-- 2 files changed, 24 insertions(+), 3 deletions(-) diff --git a/ui/app/services/token.js b/ui/app/services/token.js index c11453e2340..29b828daf8d 100644 --- a/ui/app/services/token.js +++ b/ui/app/services/token.js @@ -31,7 +31,9 @@ export default class TokenService extends Service { @task(function*() { const TokenAdapter = getOwner(this).lookup('adapter:token'); try { - return yield TokenAdapter.findSelf(); + var token = yield TokenAdapter.findSelf(); + this.secret = token.secret; + return token; } catch (e) { const errors = e.errors ? e.errors.mapBy('detail') : []; if (errors.find(error => error === 'ACL support disabled')) { diff --git a/ui/tests/acceptance/proxy-test.js b/ui/tests/acceptance/proxy-test.js index 582a57e767f..05087ba7397 100644 --- a/ui/tests/acceptance/proxy-test.js +++ b/ui/tests/acceptance/proxy-test.js @@ -17,17 +17,36 @@ module('Acceptance | reverse proxy', function(hooks) { server.create('agent'); managementToken = server.create('token'); + // Prepare a setRequestHeader that accumulate headers already set. This is to avoid double setting X-Nomad-Token + this._originalXMLHttpRequestSetRequestHeader = XMLHttpRequest.prototype.setRequestHeader; + (function(setRequestHeader) { + XMLHttpRequest.prototype.setRequestHeader = function(header, value) { + if (!this.headers) { + this.headers = {}; + } + if (!this.headers[header]) { + this.headers[header] = []; + } + // Add the value to the header + this.headers[header].push(value); + setRequestHeader.call(this, header, value); + }; + })(this._originalXMLHttpRequestSetRequestHeader); + // Simulate a reverse proxy injecting X-Nomad-Token header for all requests this._originalXMLHttpRequestSend = XMLHttpRequest.prototype.send; (function(send) { XMLHttpRequest.prototype.send = function(data) { - this.setRequestHeader('X-Nomad-Token', managementToken.secretId); + if (!this.headers || !('X-Nomad-Token' in this.headers)) { + this.setRequestHeader('X-Nomad-Token', managementToken.secretId); + } send.call(this, data); }; })(this._originalXMLHttpRequestSend); }); hooks.afterEach(function() { + XMLHttpRequest.prototype.setRequestHeader = this._originalXMLHttpRequestSetRequestHeader; XMLHttpRequest.prototype.send = this._originalXMLHttpRequestSend; }); @@ -36,7 +55,7 @@ module('Acceptance | reverse proxy', function(hooks) { const { secretId } = managementToken; await Jobs.visit(); - assert.ok(window.localStorage.nomadTokenSecret == null, 'No token secret set'); + assert.equal(window.localStorage.nomadTokenSecret, secretId, 'Token secret was set'); // Make sure that server received the header assert.ok(