Fix Exec not working with reverse proxy X-Nomad-Token (#12925)

* Capture token secret on fetch * Fix tests * Fix lint errors
hashicorp · May 10, 2022 · 992c2f6 · 992c2f6
1 parent b566512
commit 992c2f6
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 4 deletions.
diff --git a/ui/app/services/token.js b/ui/app/services/token.js
@@ -31,7 +31,9 @@ export default class TokenService extends Service {
   @task(function* () {
     const TokenAdapter = getOwner(this).lookup('adapter:token');
     try {
-      return yield TokenAdapter.findSelf();
+      var token = yield TokenAdapter.findSelf();
+      this.secret = token.secret;
+      return token;
     } catch (e) {
       const errors = e.errors ? e.errors.mapBy('detail') : [];
       if (errors.find((error) => error === 'ACL support disabled')) {

diff --git a/ui/tests/acceptance/proxy-test.js b/ui/tests/acceptance/proxy-test.js
@@ -17,17 +17,38 @@ module('Acceptance | reverse proxy', function (hooks) {
     server.create('agent');
     managementToken = server.create('token');
 
+    // Prepare a setRequestHeader that accumulate headers already set. This is to avoid double setting X-Nomad-Token
+    this._originalXMLHttpRequestSetRequestHeader =
+      XMLHttpRequest.prototype.setRequestHeader;
+    (function (setRequestHeader) {
+      XMLHttpRequest.prototype.setRequestHeader = function (header, value) {
+        if (!this.headers) {
+          this.headers = {};
+        }
+        if (!this.headers[header]) {
+          this.headers[header] = [];
+        }
+        // Add the value to the header
+        this.headers[header].push(value);
+        setRequestHeader.call(this, header, value);
+      };
+    })(this._originalXMLHttpRequestSetRequestHeader);
+
     // Simulate a reverse proxy injecting X-Nomad-Token header for all requests
     this._originalXMLHttpRequestSend = XMLHttpRequest.prototype.send;
     (function (send) {
       XMLHttpRequest.prototype.send = function (data) {
-        this.setRequestHeader('X-Nomad-Token', managementToken.secretId);
+        if (!this.headers || !('X-Nomad-Token' in this.headers)) {
+          this.setRequestHeader('X-Nomad-Token', managementToken.secretId);
+        }
         send.call(this, data);
       };
     })(this._originalXMLHttpRequestSend);
   });
 
   hooks.afterEach(function () {
+    XMLHttpRequest.prototype.setRequestHeader =
+      this._originalXMLHttpRequestSetRequestHeader;
     XMLHttpRequest.prototype.send = this._originalXMLHttpRequestSend;
   });
 
@@ -38,8 +59,8 @@ module('Acceptance | reverse proxy', function (hooks) {
     await Jobs.visit();
     assert.equal(
       window.localStorage.nomadTokenSecret,
-      null,
-      'No token secret set'
+      secretId,
+      'Token secret was set'
     );
 
     // Make sure that server received the header