Fix Exec not working with reverse proxy X-Nomad-Token (#12925) (#13253)

* Capture token secret on fetch * Fix tests * Fix lint errors Co-authored-by: Georges-Etienne Legendre <georges-etienne.legendre@bell.ca>
hashicorp · Jun 6, 2022 · 57771fb · 57771fb
1 parent 82debba
commit 57771fb
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 3 deletions.
diff --git a/ui/app/services/token.js b/ui/app/services/token.js
@@ -31,7 +31,9 @@ export default class TokenService extends Service {
   @task(function*() {
     const TokenAdapter = getOwner(this).lookup('adapter:token');
     try {
-      return yield TokenAdapter.findSelf();
+      var token = yield TokenAdapter.findSelf();
+      this.secret = token.secret;
+      return token;
     } catch (e) {
       const errors = e.errors ? e.errors.mapBy('detail') : [];
       if (errors.find(error => error === 'ACL support disabled')) {

diff --git a/ui/tests/acceptance/proxy-test.js b/ui/tests/acceptance/proxy-test.js
@@ -17,17 +17,36 @@ module('Acceptance | reverse proxy', function(hooks) {
     server.create('agent');
     managementToken = server.create('token');
 
+    // Prepare a setRequestHeader that accumulate headers already set. This is to avoid double setting X-Nomad-Token
+    this._originalXMLHttpRequestSetRequestHeader = XMLHttpRequest.prototype.setRequestHeader;
+    (function(setRequestHeader) {
+      XMLHttpRequest.prototype.setRequestHeader = function(header, value) {
+        if (!this.headers) {
+          this.headers = {};
+        }
+        if (!this.headers[header]) {
+          this.headers[header] = [];
+        }
+        // Add the value to the header
+        this.headers[header].push(value);
+        setRequestHeader.call(this, header, value);
+      };
+    })(this._originalXMLHttpRequestSetRequestHeader);
+
     // Simulate a reverse proxy injecting X-Nomad-Token header for all requests
     this._originalXMLHttpRequestSend = XMLHttpRequest.prototype.send;
     (function(send) {
       XMLHttpRequest.prototype.send = function(data) {
-        this.setRequestHeader('X-Nomad-Token', managementToken.secretId);
+        if (!this.headers || !('X-Nomad-Token' in this.headers)) {
+          this.setRequestHeader('X-Nomad-Token', managementToken.secretId);
+        }
         send.call(this, data);
       };
     })(this._originalXMLHttpRequestSend);
   });
 
   hooks.afterEach(function() {
+    XMLHttpRequest.prototype.setRequestHeader = this._originalXMLHttpRequestSetRequestHeader;
     XMLHttpRequest.prototype.send = this._originalXMLHttpRequestSend;
   });
 
@@ -36,7 +55,7 @@ module('Acceptance | reverse proxy', function(hooks) {
     const { secretId } = managementToken;
 
     await Jobs.visit();
-    assert.ok(window.localStorage.nomadTokenSecret == null, 'No token secret set');
+    assert.equal(window.localStorage.nomadTokenSecret, secretId, 'Token secret was set');
 
     // Make sure that server received the header
     assert.ok(