fix: 🐛 oidc retry not working for secure links in desktop ui (#2641)

* fix: 🐛 oidc retry not working for secure links in desktop ui
hashicorp · Jan 7, 2025 · f7f1041 · f7f1041
1 parent 1cbf3b2
commit f7f1041
Show file tree

Hide file tree

Showing 6 changed files with 60 additions and 14 deletions.
diff --git a/ui/admin/app/controllers/scopes/scope/authenticate/method/oidc.js b/ui/admin/app/controllers/scopes/scope/authenticate/method/oidc.js
@@ -3,21 +3,34 @@
  * SPDX-License-Identifier: BUSL-1.1
  */
 
-import Controller from '@ember/controller';
+import Controller, { inject as controller } from '@ember/controller';
 import { inject as service } from '@ember/service';
+import { action } from '@ember/object';
 
 export default class ScopesScopeAuthenticateMethodOidcController extends Controller {
+  @controller('scopes/scope/authenticate/method/index') authenticateMethod;
+
   // =services
 
   @service session;
 
-  // =attributes
+  // =actions
 
   /**
-   * Authentication URL for the pending OIDC flow, if any.
-   * @type {?string}
+   * Retry by starting a new OIDC authentication flow.
+   * @param {object} e
    */
-  get authURL() {
-    return this.session.data.pending.oidc.attributes.auth_url;
+  @action
+  async retryAuthentication(e) {
+    // TODO: This event handler can be removed when rose dialog gets
+    // refactored to use hds.
+    e.preventDefault();
+
+    const scope = this.authMethod.scope;
+    const authenticatorName = `authenticator:${this.authMethod.type}`;
+    await this.authenticateMethod.startOIDCAuthentication(authenticatorName, {
+      scope,
+      authMethod: this.authMethod,
+    });
   }
 }
diff --git a/ui/admin/app/routes/scopes/scope/authenticate/method/oidc.js b/ui/admin/app/routes/scopes/scope/authenticate/method/oidc.js
@@ -33,6 +33,16 @@ export default class ScopesScopeAuthenticateMethodOidcRoute extends Route {
     return oidc.attemptFetchToken({ scope, authMethod });
   }
 
+  /**
+   * Adds the auth-method to the controller context.
+   * @param {Controller} controller
+   */
+  setupController(controller) {
+    super.setupController(...arguments);
+    const authMethod = this.modelFor('scopes.scope.authenticate.method');
+    controller.authMethod = authMethod;
+  }
+
   @runEvery(POLL_TIMEOUT_SECONDS * 1000)
   poller() {
     this.refresh();

diff --git a/ui/admin/app/templates/scopes/scope/authenticate/method/oidc.hbs b/ui/admin/app/templates/scopes/scope/authenticate/method/oidc.hbs
@@ -12,7 +12,7 @@
     <p>{{t 'resources.auth-method.messages.pending.description'}}</p>
     <p>
       {{t 'resources.auth-method.questions.no-see-window'}}
-      <a href={{this.authURL}} target='_blank' rel='noreferrer noopener'>
+      <a href='#' {{on 'click' this.retryAuthentication}}>
         {{t 'actions.retry'}}
       </a>
     </p>

diff --git a/ui/desktop/app/controllers/scopes/scope/authenticate/method/oidc.js b/ui/desktop/app/controllers/scopes/scope/authenticate/method/oidc.js
@@ -3,21 +3,34 @@
  * SPDX-License-Identifier: BUSL-1.1
  */
 
-import Controller from '@ember/controller';
+import Controller, { inject as controller } from '@ember/controller';
+import { action } from '@ember/object';
 import { inject as service } from '@ember/service';
 
 export default class ScopesScopeAuthenticateMethodOidcController extends Controller {
+  @controller('scopes/scope/authenticate/method/index') authenticateMethod;
+
   // =services
 
   @service session;
 
-  // =attributes
+  // =actions
 
   /**
-   * Authentication URL for the pending OIDC flow, if any.
-   * @type {?string}
+   * Retry by starting a new OIDC authentication flow.
+   * @param {object} e
    */
-  get authURL() {
-    return this.session.data.pending.oidc.attributes.auth_url;
+  @action
+  async retryAuthentication(e) {
+    // TODO: This event handler can be removed when rose dialog gets
+    // refactored to use hds.
+    e.preventDefault();
+
+    const scope = this.authMethod.scope;
+    const authenticatorName = `authenticator:${this.authMethod.type}`;
+    await this.authenticateMethod.startOIDCAuthentication(authenticatorName, {
+      scope,
+      authMethod: this.authMethod,
+    });
   }
 }
diff --git a/ui/desktop/app/routes/scopes/scope/authenticate/method/oidc.js b/ui/desktop/app/routes/scopes/scope/authenticate/method/oidc.js
@@ -31,6 +31,16 @@ export default class ScopesScopeAuthenticateMethodOidcRoute extends Route {
     return oidc.attemptFetchToken({ scope, authMethod });
   }
 
+  /**
+   * Adds the auth-method to the controller context.
+   * @param {Controller} controller
+   */
+  setupController(controller) {
+    super.setupController(...arguments);
+    const authMethod = this.modelFor('scopes.scope.authenticate.method');
+    controller.authMethod = authMethod;
+  }
+
   @runEvery(POLL_TIMEOUT_SECONDS * 1000)
   poller() {
     this.refresh();

diff --git a/ui/desktop/app/templates/scopes/scope/authenticate/method/oidc.hbs b/ui/desktop/app/templates/scopes/scope/authenticate/method/oidc.hbs
@@ -11,7 +11,7 @@
     <p>{{t 'resources.auth-method.messages.pending.description'}}</p>
     <p>
       {{t 'resources.auth-method.questions.no-see-window'}}
-      <a href={{this.authURL}} target='_blank' rel='noreferrer noopener'>
+      <a href='#' {{on 'click' this.retryAuthentication}}>
         {{t 'actions.retry'}}
       </a>
     </p>