Skip to content
This repository has been archived by the owner on Oct 6, 2019. It is now read-only.

Commit

Permalink
Change authentication from cookies to token-based (#105)
Browse files Browse the repository at this point in the history 
* Minor text fix

* Frontend switched from cookie to token based authentication

* Removed csrf from frontend, since cookies are no longer used

* Removed csrf from backend
  • Loading branch information
@Caiyeon
Caiyeon committed Jul 5, 2017
1 parent 62395f7 commit bb7f94d
Show file tree
Hide file tree
Showing 19 changed files with 192 additions and 266 deletions.
14 changes: 2 additions & 12 deletions frontend/client/components/layout/Navbar.vue
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,6 @@
<ul class="menu-list">
<li v-if="tokenExpiresIn === ''">Token will never expire</li>
<li v-else>Token expires {{tokenExpiresIn}}</li>
<li>Cookie expires {{cookieExpiresIn}}</li>
</ul>
</aside>
</div>
Expand Down Expand Up @@ -106,6 +105,7 @@ export default {
},
mounted: function () {
// refresh current time every second, since time is not reactive
setInterval(() => {
this.now = moment()
}, 1000)
Expand Down Expand Up @@ -133,20 +133,10 @@ export default {
}),
tokenExpiresIn: function () {
if (this.session === null) {
return ''
}
if (this.session['token_expiry'] === 'never') {
if (this.session === null || this.session['token_expiry'] === 'never') {
return ''
}
return this.now.to(moment(this.session['token_expiry'], 'ddd, h:mm:ss A MMMM Do YYYY'))
},
cookieExpiresIn: function () {
if (this.session === null) {
return ''
}
return this.now.to(moment(this.session['cookie_expiry'], 'ddd, h:mm:ss A MMMM Do YYYY'))
}
},
Expand Down
24 changes: 20 additions & 4 deletions frontend/client/views/admin/Mounts.vue
View file
Original file line number Diff line number Diff line change
Expand Up @@ -94,8 +94,17 @@ export default {
}
},
computed: {
session: function () {
return this.$store.getters.session
}
},
mounted: function () {
this.$http.get('/api/mounts').then((response) => {
this.$http.get('/api/mounts', {
headers: {'X-Vault-Token': this.session ? this.session.token : ''}
})
.then((response) => {
this.mounts = []
this.csrf = response.headers['x-csrf-token']
let result = response.data.result
Expand All @@ -117,7 +126,9 @@ export default {
methods: {
getMountConfig: function (index) {
this.selectedIndex = index
this.$http.get('/api/mounts/' + this.mounts[index].path.slice(0, -1))
this.$http.get('/api/mounts/' + this.mounts[index].path.slice(0, -1), {
headers: {'X-Vault-Token': this.session ? this.session.token : ''}
})
.then((response) => {
this.mountConfig = JSON.stringify(response.data.result, null, 4)
this.mountConfigModified = this.mountConfig
Expand All @@ -135,7 +146,10 @@ export default {
default_lease_ttl: parsed.default_lease_ttl.toString(),
max_lease_ttl: parsed.max_lease_ttl.toString()
}, {
headers: {'X-CSRF-Token': this.csrf}
headers: {
'X-CSRF-Token': this.csrf,
'X-Vault-Token': this.session ? this.session.token : ''
}
})
.then((response) => {
Expand All @@ -145,7 +159,9 @@ export default {
type: 'success'
})
// update page data accordingly
this.$http.get(address).then((response) => {
this.$http.get(address, {
headers: {'X-Vault-Token': this.session ? this.session.token : ''}
}).then((response) => {
this.mounts[this.selectedIndex].conf = response.data.result
this.mountConfig = JSON.stringify(response.data.result, null, 4)
this.mountConfigModified = this.mountConfig
Expand Down
20 changes: 14 additions & 6 deletions frontend/client/views/admin/Policies.vue
View file
Original file line number Diff line number Diff line change
Expand Up @@ -129,7 +129,6 @@ const querystring = require('querystring')
export default {
data () {
return {
csrf: '',
policies: [],
policyRules: '',
policyRulesModified: '',
Expand All @@ -146,16 +145,21 @@ export default {
},
mounted: function () {
this.$http.get('/api/policy').then((response) => {
this.$http.get('/api/policy', {
headers: {'X-Vault-Token': this.session ? this.session.token : ''}
})
.then((response) => {
this.policies = response.data.result
this.csrf = response.headers['x-csrf-token']
})
.catch((error) => {
this.$onError(error)
})
},
computed: {
session: function () {
return this.$store.getters.session
},
filteredPolicies: function () {
if (this.nameFilter) {
// filter by name
Expand All @@ -179,7 +183,9 @@ export default {
this.policyRules = ''
this.policyRulesModified = ''
this.selectedPolicy = policyName
this.$http.get('/api/policy?policy=' + policyName).then((response) => {
this.$http.get('/api/policy?policy=' + policyName, {
headers: {'X-Vault-Token': this.session ? this.session.token : ''}
}).then((response) => {
this.policyRules = response.data.result
this.policyRulesModified = this.policyRules
})
Expand All @@ -199,7 +205,9 @@ export default {
// crawl through each policy
for (var i = 0; i < this.policies.length; i++) {
let policyName = this.policies[i]
this.$http.get('/api/policy?policy=' + policyName).then((response) => {
this.$http.get('/api/policy?policy=' + policyName, {
headers: {'X-Vault-Token': this.session ? this.session.token : ''}
}).then((response) => {
var searchString = this.search.regex ? this.search.str : this.makeRegex(this.search.str)
if (response.data.result.match(searchString)) {
this.search.found.push(policyName)
Expand All @@ -218,7 +226,7 @@ export default {
addPolicyRequest: function () {
this.$http.post('/api/policy/request?policy=' + this.selectedPolicy,
querystring.stringify({ rules: this.policyRulesModified }), {
headers: {'X-CSRF-Token': this.csrf}
headers: {'X-Vault-Token': this.session ? this.session.token : ''}
})
.then((response) => {
Expand Down
20 changes: 10 additions & 10 deletions frontend/client/views/admin/Requests.vue
View file
Original file line number Diff line number Diff line change
Expand Up @@ -175,7 +175,6 @@ const querystring = require('querystring')
export default {
data () {
return {
csrf: '',
searchString: '',
searchType: 'changeid',
request: null,
Expand All @@ -191,6 +190,10 @@ export default {
},
computed: {
session: function () {
return this.$store.getters.session
},
searchURL: function () {
var url = '/api/policy/request?type=' + this.searchType
if (this.searchType === 'changeid') {
Expand All @@ -217,8 +220,9 @@ export default {
if (this.request !== null) {
return
}
this.$http.get(this.searchURL).then((response) => {
this.csrf = response.headers['x-csrf-token']
this.$http.get(this.searchURL, {
headers: {'X-Vault-Token': this.session ? this.session.token : ''}
}).then((response) => {
this.request = response.data.result
this.progress = response.data.progress
this.required = response.data.required
Expand All @@ -232,12 +236,9 @@ export default {
this.$http.post(this.updateURL, querystring.stringify({
unseal: this.unsealToken
}), {
headers: {'X-CSRF-Token': this.csrf}
})
.then((response) => {
headers: {'X-Vault-Token': this.session ? this.session.token : ''}
}).then((response) => {
this.unsealToken = ''
// if more unseals are needed
if (response.data.progress) {
this.progress = response.data.progress
Expand All @@ -254,7 +255,6 @@ export default {
type: 'warning'
})
}
// if change was successfully completed
} else {
this.progress = this.required
Expand All @@ -277,7 +277,7 @@ export default {
reject: function () {
this.$http.delete('/api/policy/request/' + this.searchString, {
headers: {'X-CSRF-Token': this.csrf}
headers: {'X-Vault-Token': this.session ? this.session.token : ''}
})
.then((response) => {
this.$notify({
Expand Down
53 changes: 26 additions & 27 deletions frontend/client/views/admin/Users.vue
View file
Original file line number Diff line number Diff line change
Expand Up @@ -292,7 +292,6 @@ export default {
data () {
return {
csrf: '',
tabName: 'token',
tableData: [],
tableColumns: [
Expand Down Expand Up @@ -328,6 +327,10 @@ export default {
},
computed: {
session: function () {
return this.$store.getters.session
},
selectedItemTitle: function () {
if (this.selectedIndex !== -1) {
return String(this.tableData[this.selectedIndex][this.tableColumns[0]])
Expand Down Expand Up @@ -387,9 +390,10 @@ export default {
if (index === 0) {
// tokens tab requires special pagination
this.$http.get('/api/token/accessors').then((response) => {
this.$http.get('/api/token/accessors', {
headers: {'X-Vault-Token': this.session ? this.session.token : ''}
}).then((response) => {
this.accessors = response.data.result
this.csrf = response.headers['x-csrf-token']
this.lastPage = Math.ceil(this.accessors.length / 300)
this.loadPage(1)
})
Expand All @@ -398,9 +402,10 @@ export default {
})
} else {
// otherwise populate new table data according to tab name
this.$http.get('/api/users?type=' + this.tabName).then((response) => {
this.$http.get('/api/users?type=' + this.tabName, {
headers: {'X-Vault-Token': this.session ? this.session.token : ''}
}).then((response) => {
this.tableData = response.data.result
this.csrf = response.headers['x-csrf-token']
})
.catch((error) => {
this.$onError(error)
Expand All @@ -426,29 +431,23 @@ export default {
},
deleteItem (index) {
// fetching extra csrf will be unnecessary after API redesign
this.$http.get('/api/users/csrf').then((response) => {
this.$http.post('/api/users/revoke', {
Type: this.tabName.toLowerCase(),
ID: this.tableData[index][this.tableColumns[0]]
}, {
headers: {'X-CSRF-Token': response.headers['x-csrf-token']}
})
.then((response) => {
this.closeDeleteModal()
this.tableData.splice(index, 1)
this.$notify({
title: 'Success',
message: 'Deletion successful',
type: 'success'
})
})
.catch((error) => {
this.closeDeleteModal()
this.$onError(error)
this.$http.post('/api/users/revoke', {
Type: this.tabName.toLowerCase(),
ID: this.tableData[index][this.tableColumns[0]]
}, {
headers: {'X-Vault-Token': this.session ? this.session.token : ''}
})
.then((response) => {
this.closeDeleteModal()
this.tableData.splice(index, 1)
this.$notify({
title: 'Success',
message: 'Deletion successful',
type: 'success'
})
})
.catch((error) => {
this.closeDeleteModal()
this.$onError(error)
})
},
Expand All @@ -465,7 +464,7 @@ export default {
this.$http.post('/api/token/lookup-accessor', {
Accessors: this.accessors.slice((pg - 1) * 300, pg * 300).join(',')
}, {
headers: {'X-CSRF-Token': this.csrf}
headers: {'X-Vault-Token': this.session ? this.session.token : ''}
})
.then((response) => {
this.tableData = response.data.result
Expand Down Expand Up @@ -514,7 +513,7 @@ export default {
this.$http.post('/api/token/lookup-accessor', {
Accessors: this.accessors.slice(i * 300, (i + 1) * 300).join(',')
}, {
headers: {'X-CSRF-Token': this.csrf}
headers: {'X-Vault-Token': this.session ? this.session.token : ''}
})
.then((response) => {
var found = false
Expand Down
8 changes: 6 additions & 2 deletions frontend/client/views/bulletinboard/index.vue
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,12 +40,14 @@
export default {
data () {
return {
csrf: '',
bulletins: []
}
},
computed: {
session: function () {
return this.$store.getters.session
},
bulletinPairs: function () {
var pairs = []
for (var i = 0; i < this.bulletins.length; i += 2) {
Expand All @@ -60,7 +62,9 @@ export default {
},
mounted: function () {
this.$http.get('/api/bulletins').then((response) => {
this.$http.get('/api/bulletins', {
headers: {'X-Vault-Token': this.session ? this.session.token : ''}
}).then((response) => {
this.bulletins = response.data.result
})
.catch((error) => {
Expand Down
Loading

0 comments on commit bb7f94d

Please sign in to comment.