consul/ui-v2/app/utils/acls-status.js

58 lines
1.4 KiB
JavaScript
Raw Normal View History

// This is used by all acl routes to check whether
// acls are enabled on the server, and whether the user
// has a valid token
// Right now this is very acl specific, but is likely to be
// made a bit more less specific
export default function(isValidServerError, P = Promise) {
return function(obj) {
const propName = Object.keys(obj)[0];
const p = obj[propName];
let authorize;
let enable;
return {
isAuthorized: new P(function(resolve) {
authorize = function(bool) {
resolve(bool);
};
}),
isEnabled: new P(function(resolve) {
enable = function(bool) {
resolve(bool);
};
}),
[propName]: p
.catch(function(e) {
switch (e.errors[0].status) {
case '500':
if (isValidServerError(e)) {
enable(true);
authorize(false);
UI: Removes success notification on faking a success response for `self` (#4906) In order to continue supporting the legacy ACL system, we replace the 500 error from a non-existent `self` endpoint with a response of a `null` `AccessorID` - which makes sense (a null AccessorID means old API) We then redirect the user to the old ACL pages which then gives a 403 if their token was wrong which then redirects them back to the login page. Due to the multiple redirects and not wanting to test the validity of the token before redirecting (thus calling the same API endpoint twice), it is not straightforwards to turn the 'faked' response from the `self` endpoint into an error (flash messages are 'lost' through multiple redirects). In order to make this a slightly better experience, you can now return a `false` during execution of an action requiring success/failure feedback, this essentially skips the notification, so if the action is 'successful' but you don't want to show the notification, you can. This resolves showing a successful notification when the `self` endpoint response is faked. The last part of the puzzle is to make sure that the global 403 catching error in the application Route also produces an erroneous notification. Please note this can only happen with a ui client using the new ACL system when communicating with a cluster using the old ACL system, and only when you enter the wrong token. Lastly, further acceptance tests have been added around this This commit also adds functionality to avoid any possible double notification messages, to avoid UI overlapping
2018-11-07 15:57:41 +00:00
} else {
return P.reject(e);
}
break;
case '403':
enable(true);
authorize(false);
break;
case '401':
enable(false);
authorize(false);
break;
default:
enable(false);
authorize(false);
throw e;
}
return [];
})
.then(function(res) {
enable(true);
authorize(true);
return res;
}),
};
};
}