UI: remove renew self call after login (#28204) (#28211)

* check for renewAfterEpoch before comparing it * add test coverage for regression * add comment. Fixes VAULT-4630 * throw error * add changelog
hashicorp · Aug 29, 2024 · d2d7958 · d2d7958
1 parent ff2e104
commit d2d7958
Show file tree

Hide file tree

Showing 4 changed files with 21 additions and 1 deletion.
diff --git a/changelog/28204.txt b/changelog/28204.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+ui: fixes renew-self being called right after login for non-renewable tokens
+```
diff --git a/ui/app/components/auth-jwt.js b/ui/app/components/auth-jwt.js
@@ -87,6 +87,8 @@ export default Component.extend({
     this.onError(err);
   },
 
+  // NOTE TO DEVS: Be careful when updating the OIDC flow and ensure the updates
+  // work with implicit flow. See issue https://github.com/hashicorp/vault-plugin-auth-jwt/pull/192
   prepareForOIDC: task(function* (oidcWindow) {
     const thisWindow = this.getWindow();
     // show the loading animation in the parent

diff --git a/ui/app/services/auth.js b/ui/app/services/auth.js
@@ -389,7 +389,7 @@ export default Service.extend({
     const now = this.now();
     this.set('lastFetch', timestamp);
     // if expiration was allowed and we're over half the ttl we want to go ahead and renew here
-    if (this.allowExpiration && now >= this.renewAfterEpoch) {
+    if (this.allowExpiration && this.renewAfterEpoch && now >= this.renewAfterEpoch) {
       this.renew();
     }
     this.set('allowExpiration', false);

diff --git a/ui/tests/acceptance/auth-test.js b/ui/tests/acceptance/auth-test.js
@@ -11,9 +11,11 @@ import authForm from '../pages/components/auth-form';
 import jwtForm from '../pages/components/auth-jwt';
 import { create } from 'ember-cli-page-object';
 import { setupMirage } from 'ember-cli-mirage/test-support';
+import VAULT_KEYS from 'vault/tests/helpers/vault-keys';
 
 const component = create(authForm);
 const jwtComponent = create(jwtForm);
+const { rootToken } = VAULT_KEYS;
 
 module('Acceptance | auth', function (hooks) {
   setupApplicationTest(hooks);
@@ -141,4 +143,17 @@ module('Acceptance | auth', function (hooks) {
     await component.selectMethod('token');
     await click('[data-test-auth-submit]');
   });
+
+  test('it does not call renew-self after successful login with non-renewable token', async function (assert) {
+    this.server.post(
+      '/auth/token/renew-self',
+      () => new Error('should not call renew-self directly after logging in')
+    );
+
+    await visit('/vault/auth');
+    await component.selectMethod('token');
+    await component.token(rootToken);
+    await click('[data-test-auth-submit]');
+    assert.strictEqual(currentURL(), '/vault/dashboard');
+  });
 });