Skip to content
This repository was archived by the owner on Apr 17, 2025. It is now read-only.

Add ability for using tokens#46

Merged
jcrowthe merged 2 commits intoadobe:masterfrom
derBroBro:master
Dec 23, 2019
Merged

Add ability for using tokens#46
jcrowthe merged 2 commits intoadobe:masterfrom
derBroBro:master

Conversation

@derBroBro
Copy link
Contributor

@derBroBro derBroBro commented Dec 16, 2019

Proposed changes

It looks like tokens from the CLI/UI are not working as expected. After some investigations I figured out, that these token look a little bit diffrent to tokens generated by the LDAP / UserPass sigin in Crypter itself.
"External" tokens are not including the policies in policies. They include the same values in the identity_policies instead.
The last changelogs (1.2.3 to to 1.3) did not include any information about a change in these. Also the documentation of the identity_policies is not very detailed.

To fix this, I aggregated together policy and identity_policies. In my local tests this workin with the token as well with the existing userpass signin.

If I missied some test etc. please just give me a hint,

Types of changes

What types of changes does your code introduce to Cryptr?

  • Bugfix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)

Checklist

Put an x in the boxes that apply. You can also fill these out after creating the PR. If you're unsure about any of them, don't hesitate to ask. We're here to help! This is simply a reminder of what we are going to look for before merging your code.

  • I have read the CONTRIBUTING doc
  • I have signed the CLA
  • I have added necessary documentation (if appropriate) # Not required here.

Further comments

N/A

@derBroBro derBroBro mentioned this pull request Dec 16, 2019
Closed
@derBroBro
Copy link
Contributor Author

derBroBro commented Dec 21, 2019

@jcrowthe if I can change something, just let me know :)

jcrowthe
jcrowthe suggested changes Dec 23, 2019
View reviewed changes
Copy link
Contributor

@jcrowthe jcrowthe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey, thanks for the fix. I've noted below an ordering issue.

To support older versions of Vault as well, would you modify this PR to make safer checks that identity_policies exists prior to each usage? With that added I will have no problem merging. Thanks!

app/elements/secrets-init.html Outdated
// Wait for all policy requests to return. Once complete, trigger _parseAccess()
if (this.loginResponse && this.loginResponse.policies && this.policyRequests.length == this.loginResponse.policies.length) {
var policies = this.loginResponse.policies.concat(this.loginResponse.identity_policies);
if (this.loginResponse && this.loginResponse.policies && this.policyRequests.length == policies.length) {
Copy link
Contributor

@jcrowthe jcrowthe Dec 23, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This checks for the existence of values prior to using them. The creation of a new variable policies happens prior to this check.

@jcrowthe jcrowthe mentioned this pull request Dec 23, 2019
Merged
6 tasks
@derBroBro
Copy link
Contributor Author

derBroBro commented Dec 23, 2019

Good hint. I chaned some stuff to make it much more secure.
if you want I can also move some stuff into a helper function to keep it "dry" (skipped this to touch less code).

jcrowthe
jcrowthe approved these changes Dec 23, 2019
View reviewed changes
Copy link
Contributor

@jcrowthe jcrowthe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! Feel free to provide additional PR's if you find issues :)

@jcrowthe jcrowthe merged commit f0933f8 into adobe:master Dec 23, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

1 more reviewer

@jcrowthe jcrowthe jcrowthe approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@derBroBro @jcrowthe