From 992c2f6c62c78665f4d313f1b9f21b81c0dfe8f7 Mon Sep 17 00:00:00 2001 From: Georges-Etienne Legendre Date: Tue, 10 May 2022 13:42:12 -0400 Subject: [PATCH] Fix Exec not working with reverse proxy X-Nomad-Token (#12925) * Capture token secret on fetch * Fix tests * Fix lint errors --- ui/app/services/token.js | 4 +++- ui/tests/acceptance/proxy-test.js | 27 ++++++++++++++++++++++++--- 2 files changed, 27 insertions(+), 4 deletions(-) diff --git a/ui/app/services/token.js b/ui/app/services/token.js index 13755155cd9..de591393c07 100644 --- a/ui/app/services/token.js +++ b/ui/app/services/token.js @@ -31,7 +31,9 @@ export default class TokenService extends Service { @task(function* () { const TokenAdapter = getOwner(this).lookup('adapter:token'); try { - return yield TokenAdapter.findSelf(); + var token = yield TokenAdapter.findSelf(); + this.secret = token.secret; + return token; } catch (e) { const errors = e.errors ? e.errors.mapBy('detail') : []; if (errors.find((error) => error === 'ACL support disabled')) { diff --git a/ui/tests/acceptance/proxy-test.js b/ui/tests/acceptance/proxy-test.js index 7d7a4643e5b..7c8b3608033 100644 --- a/ui/tests/acceptance/proxy-test.js +++ b/ui/tests/acceptance/proxy-test.js @@ -17,17 +17,38 @@ module('Acceptance | reverse proxy', function (hooks) { server.create('agent'); managementToken = server.create('token'); + // Prepare a setRequestHeader that accumulate headers already set. This is to avoid double setting X-Nomad-Token + this._originalXMLHttpRequestSetRequestHeader = + XMLHttpRequest.prototype.setRequestHeader; + (function (setRequestHeader) { + XMLHttpRequest.prototype.setRequestHeader = function (header, value) { + if (!this.headers) { + this.headers = {}; + } + if (!this.headers[header]) { + this.headers[header] = []; + } + // Add the value to the header + this.headers[header].push(value); + setRequestHeader.call(this, header, value); + }; + })(this._originalXMLHttpRequestSetRequestHeader); + // Simulate a reverse proxy injecting X-Nomad-Token header for all requests this._originalXMLHttpRequestSend = XMLHttpRequest.prototype.send; (function (send) { XMLHttpRequest.prototype.send = function (data) { - this.setRequestHeader('X-Nomad-Token', managementToken.secretId); + if (!this.headers || !('X-Nomad-Token' in this.headers)) { + this.setRequestHeader('X-Nomad-Token', managementToken.secretId); + } send.call(this, data); }; })(this._originalXMLHttpRequestSend); }); hooks.afterEach(function () { + XMLHttpRequest.prototype.setRequestHeader = + this._originalXMLHttpRequestSetRequestHeader; XMLHttpRequest.prototype.send = this._originalXMLHttpRequestSend; }); @@ -38,8 +59,8 @@ module('Acceptance | reverse proxy', function (hooks) { await Jobs.visit(); assert.equal( window.localStorage.nomadTokenSecret, - null, - 'No token secret set' + secretId, + 'Token secret was set' ); // Make sure that server received the header