conjur-asset-ui 1.4.2 → 1.6.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +8 -3
- data/CHANGELOG.md +10 -0
- data/Makefile +19 -0
- data/README.md +0 -3
- data/Rakefile +22 -17
- data/TODO.md +0 -23
- data/app/.csscomb.json +304 -0
- data/app/.eslintignore +3 -0
- data/app/.eslintrc +265 -0
- data/app/config/preprocessor.js +19 -0
- data/app/config/webpack.js +124 -0
- data/app/gulpfile.js +96 -0
- data/app/package.json +86 -0
- data/app/src/actions.js +550 -0
- data/app/src/app.js +83 -0
- data/app/src/clients/audit.js +34 -0
- data/app/src/clients/auth.js +24 -0
- data/app/src/clients/generic.js +52 -0
- data/app/src/clients/graph.js +7 -0
- data/app/src/clients/layer_members.js +18 -0
- data/app/src/clients/list.js +31 -0
- data/app/src/clients/members.js +20 -0
- data/app/src/clients/request.js +531 -0
- data/app/src/clients/search.js +5 -0
- data/app/src/components/app/__tests__/app-test.js +22 -0
- data/app/src/components/app/app.js +36 -0
- data/app/src/components/app/wrapper.js +17 -0
- data/app/src/components/audit/__tests__/table_header-test.js +22 -0
- data/app/src/components/audit/box.js +9 -0
- data/app/src/components/audit/constants.js +5 -0
- data/app/src/components/audit/entry.js +105 -0
- data/app/src/components/audit/fields_mixin.js +11 -0
- data/app/src/components/audit/humanize_event.js +213 -0
- data/app/src/components/audit/table.js +64 -0
- data/app/src/components/audit/table_header.js +37 -0
- data/app/src/components/audit/timestamp.js +28 -0
- data/app/src/components/auth/login.js +177 -0
- data/app/src/components/auth/login.less +71 -0
- data/app/src/components/auth/logout.js +42 -0
- data/app/src/components/auth/logout.less +21 -0
- data/app/src/components/chart/chart.js +540 -0
- data/app/src/components/chart/chart_helper_mixin.js +78 -0
- data/app/src/components/custom/list.js +3 -0
- data/app/src/components/custom/view.js +81 -0
- data/app/src/components/dashboard/activity.js +144 -0
- data/app/src/components/dashboard/dashboard.js +46 -0
- data/app/src/components/flash/flash.js +98 -0
- data/app/src/components/flash/flash.less +3 -0
- data/app/src/components/generic/__tests__/time-test.js +42 -0
- data/app/src/components/generic/annotations.js +39 -0
- data/app/src/components/generic/breadcrumbs.js +57 -0
- data/app/src/components/generic/foldable_audit_section.js +204 -0
- data/app/src/components/generic/list.js +141 -0
- data/app/src/components/generic/list_factory.js +41 -0
- data/app/src/components/generic/resource_link.js +64 -0
- data/app/src/components/generic/role_link.js +66 -0
- data/app/src/components/generic/tab_mixin.js +146 -0
- data/app/src/components/generic/time.js +32 -0
- data/app/src/components/graph/__tests__/collapse-test.js +133 -0
- data/app/src/components/graph/__tests__/edges-from-vertices-test.js +48 -0
- data/app/src/components/graph/__tests__/new-vertex-set-test.js +16 -0
- data/app/src/components/graph/__tests__/next-id-test.js +27 -0
- data/app/src/components/graph/__tests__/role-kind-from-id-test.js +24 -0
- data/app/src/components/graph/__tests__/vertices-from-edges-test.js +72 -0
- data/app/src/components/graph/graph.js +449 -0
- data/app/src/components/graph/graph.less +39 -0
- data/app/src/components/graph/helpers.js +368 -0
- data/app/src/components/group/list.js +3 -0
- data/app/src/components/group/view.js +153 -0
- data/app/src/components/host/activity.js +111 -0
- data/app/src/components/host/details.js +28 -0
- data/app/src/components/host/executors.js +77 -0
- data/app/src/components/host/host_link.js +18 -0
- data/app/src/components/host/list.js +3 -0
- data/app/src/components/host/updaters.js +77 -0
- data/app/src/components/host/view.js +145 -0
- data/app/src/components/layer/list.js +3 -0
- data/app/src/components/layer/view.js +197 -0
- data/app/src/components/navbar/__tests__/navbar-test.js +21 -0
- data/app/src/components/navbar/nav_search_form.js +40 -0
- data/app/src/components/navbar/navbar.js +96 -0
- data/app/src/components/notfound/notfound.js +35 -0
- data/app/src/components/notfound/notfound.less +21 -0
- data/app/src/components/owned_resources/owned_resources.js +84 -0
- data/app/src/components/owned_resources/owned_resources_box.js +101 -0
- data/app/src/components/permissions/permissions.js +138 -0
- data/app/src/components/permissions/permissions_table.js +101 -0
- data/app/src/components/policy/list.js +3 -0
- data/app/src/components/policy/view.js +107 -0
- data/app/src/components/refresh/refresh.js +29 -0
- data/app/src/components/refresh/refresh.less +15 -0
- data/app/src/components/search/group.js +43 -0
- data/app/src/components/search/group_heading.js +50 -0
- data/app/src/components/search/group_title.js +37 -0
- data/app/src/components/search/result_item.js +55 -0
- data/app/src/components/search/search.js +118 -0
- data/app/src/components/user/activity.js +112 -0
- data/app/src/components/user/details.js +30 -0
- data/app/src/components/user/list.js +3 -0
- data/app/src/components/user/pubkeys.js +118 -0
- data/app/src/components/user/pubkeys.less +56 -0
- data/app/src/components/user/view.js +143 -0
- data/app/src/components/variable/activity.js +101 -0
- data/app/src/components/variable/details.js +46 -0
- data/app/src/components/variable/fetchers.js +77 -0
- data/app/src/components/variable/list.js +3 -0
- data/app/src/components/variable/updaters.js +77 -0
- data/app/src/components/variable/view.js +115 -0
- data/app/src/constants.js +36 -0
- data/{public → app/src}/images/conjur-logo.svg +0 -0
- data/{public → app/src}/images/icon-client-pc.svg +0 -0
- data/{public → app/src}/images/icon-environment.png +0 -0
- data/{public → app/src}/images/icon-person.svg +0 -0
- data/{public → app/src}/images/icon-policy.png +0 -0
- data/{public → app/src}/images/icon-resource.png +0 -0
- data/{public → app/src}/images/icon-service-dots.svg +0 -0
- data/{public → app/src}/images/icon-variable.png +0 -0
- data/app/src/pages/index.html +27 -0
- data/app/src/routes.js +64 -0
- data/app/src/stores/app_store.js +35 -0
- data/app/src/stores/audit_store.js +143 -0
- data/app/src/stores/graph_store.js +51 -0
- data/app/src/stores/group_store.js +104 -0
- data/app/src/stores/host_store.js +111 -0
- data/app/src/stores/layer_store.js +115 -0
- data/app/src/stores/policy_store.js +88 -0
- data/app/src/stores/resources_store.js +115 -0
- data/app/src/stores/route_store.js +21 -0
- data/app/src/stores/search_store.js +77 -0
- data/app/src/stores/user_store.js +109 -0
- data/app/src/stores/variable_store.js +93 -0
- data/app/src/styles/bootstrap.less +54 -0
- data/{public/css → app/src/styles}/styles.less +26 -82
- data/app/src/utils.js +38 -0
- data/app/src/vendor/pace.js +2 -0
- data/conjur-asset-ui.gemspec +3 -4
- data/docker/assets-build/Dockerfile +12 -0
- data/docker/conjur-ui/Dockerfile +33 -0
- data/docker/conjur-ui/README.md +38 -0
- data/docker/conjur-ui/mime.types +90 -0
- data/docker/conjur-ui/nginx.conf +110 -0
- data/docker/conjur-ui/start.py +72 -0
- data/docker/conjur-ui/start.sh +18 -0
- data/docker/conjur-ui/test.env +8 -0
- data/lib/conjur-asset-ui-version.rb +1 -1
- data/lib/conjur/command/ui.rb +10 -2
- data/lib/conjur/webserver/home.rb +3 -3
- data/lib/conjur/webserver/login.rb +1 -1
- data/lib/conjur/webserver/server.rb +16 -4
- data/public/js/views/roleGraph.js +91 -0
- metadata +167 -105
- data/.jshintrc +0 -41
- data/bower.json +0 -98
- data/gulpfile.js +0 -139
- data/package.json +0 -47
- data/preprocessor.js +0 -7
- data/public/_client_libs.html +0 -9
- data/public/index.html.erb +0 -63
- data/public/js/init.js +0 -196
- data/public/js/lib/pace.js +0 -2
- data/public/js/lib/sorted-set.no-require.js +0 -1145
- data/public/js/lib/sorted-set.no-require.js.txt +0 -6
- data/public/js/models/groupRecord.js +0 -72
- data/public/js/models/hostRecord.js +0 -60
- data/public/js/models/layerRecord.js +0 -79
- data/public/js/models/namespace.js +0 -12
- data/public/js/models/policyList.js +0 -16
- data/public/js/models/policyRecord.js +0 -54
- data/public/js/models/record.js +0 -117
- data/public/js/models/resourceList.js +0 -87
- data/public/js/models/userList.js +0 -25
- data/public/js/models/userRecord.js +0 -75
- data/public/js/models/variableList.js +0 -27
- data/public/js/models/variableRecord.js +0 -77
- data/public/js/routers.js +0 -242
- data/public/js/views/annotations.js +0 -47
- data/public/js/views/audit.js +0 -369
- data/public/js/views/breadcrumbs.js +0 -62
- data/public/js/views/chart.js +0 -617
- data/public/js/views/dashboard.js +0 -146
- data/public/js/views/generic.js +0 -122
- data/public/js/views/group.js +0 -109
- data/public/js/views/groups.js +0 -26
- data/public/js/views/host.js +0 -200
- data/public/js/views/hosts.js +0 -26
- data/public/js/views/layer.js +0 -146
- data/public/js/views/layers.js +0 -26
- data/public/js/views/mixins/search.js +0 -22
- data/public/js/views/mixins/tabs.js +0 -154
- data/public/js/views/namespaces.js +0 -40
- data/public/js/views/navSearch.js +0 -36
- data/public/js/views/owned.js +0 -184
- data/public/js/views/permissions.js +0 -254
- data/public/js/views/policies.js +0 -26
- data/public/js/views/policy.js +0 -70
- data/public/js/views/resource.js +0 -59
- data/public/js/views/role.js +0 -63
- data/public/js/views/searchResults.js +0 -212
- data/public/js/views/sections.js +0 -226
- data/public/js/views/time.js +0 -39
- data/public/js/views/user.js +0 -297
- data/public/js/views/users.js +0 -26
- data/public/js/views/variable.js +0 -310
- data/public/js/views/variables.js +0 -26
- data/spec/javascripts/helpers/.gitkeep +0 -0
- data/spec/javascripts/support/jasmine.yml +0 -112
- data/spec/javascripts/support/jasmine_helper.rb +0 -22
- data/spec/javascripts/support/run.html.erb +0 -23
- data/spec/javascripts/views/AuditSpec.js +0 -22
- data/spec/javascripts/views/AuditSpec.ls +0 -18
data/app/src/app.js
ADDED
@@ -0,0 +1,83 @@
|
|
1
|
+
import './styles/bootstrap.less';
|
2
|
+
import './styles/styles.less';
|
3
|
+
|
4
|
+
import React from 'react';
|
5
|
+
import Router from 'react-router';
|
6
|
+
import Fluxxor from 'fluxxor';
|
7
|
+
import {isObject} from 'lodash';
|
8
|
+
|
9
|
+
import actions from './actions';
|
10
|
+
import routes from './routes';
|
11
|
+
|
12
|
+
import AppStore from './stores/app_store';
|
13
|
+
import RouteStore from './stores/route_store';
|
14
|
+
import SearchStore from './stores/search_store';
|
15
|
+
import AuditStore from './stores/audit_store';
|
16
|
+
import ResourcesStore from './stores/resources_store';
|
17
|
+
import GraphStore from './stores/graph_store';
|
18
|
+
|
19
|
+
import UserStore from './stores/user_store';
|
20
|
+
import GroupStore from './stores/group_store';
|
21
|
+
import HostStore from './stores/host_store';
|
22
|
+
import LayerStore from './stores/layer_store';
|
23
|
+
import VariableStore from './stores/variable_store';
|
24
|
+
import PolicyStore from './stores/policy_store';
|
25
|
+
|
26
|
+
let router = Router.create({
|
27
|
+
routes: routes,
|
28
|
+
location: Router.HistoryLocation
|
29
|
+
});
|
30
|
+
|
31
|
+
let stores = {
|
32
|
+
app: new AppStore(),
|
33
|
+
route: new RouteStore(),
|
34
|
+
search: new SearchStore(),
|
35
|
+
audit: new AuditStore(),
|
36
|
+
resources: new ResourcesStore(),
|
37
|
+
graph: new GraphStore(),
|
38
|
+
user: new UserStore(),
|
39
|
+
group: new GroupStore(),
|
40
|
+
host: new HostStore(),
|
41
|
+
layer: new LayerStore(),
|
42
|
+
variable: new VariableStore(),
|
43
|
+
policy: new PolicyStore()
|
44
|
+
};
|
45
|
+
|
46
|
+
let flux = new Fluxxor.Flux(stores, actions);
|
47
|
+
|
48
|
+
flux.on('dispatch', function(type, payload) {
|
49
|
+
/*eslint-disable no-console */
|
50
|
+
if (console && console.log) {
|
51
|
+
console.log('[Dispatch]', type, payload);
|
52
|
+
}
|
53
|
+
/*eslint-enable no-console */
|
54
|
+
});
|
55
|
+
|
56
|
+
Promise.all([
|
57
|
+
new Promise((resolve) => {
|
58
|
+
if (window.addEventListener) {
|
59
|
+
window.addEventListener('DOMContentLoaded', resolve);
|
60
|
+
} else {
|
61
|
+
window.attachEvent('onload', resolve);
|
62
|
+
}
|
63
|
+
})
|
64
|
+
]).then(() => {
|
65
|
+
router.run(function(Handler, state) {
|
66
|
+
if (flux.actions.getRManager().isLogged ||
|
67
|
+
(isObject(state.routes[0]) && (
|
68
|
+
state.routes[1].name === 'login' ||
|
69
|
+
state.routes[1].name === 'logout'))) {
|
70
|
+
|
71
|
+
flux.actions.routes.transition(state.params);
|
72
|
+
|
73
|
+
React.render(
|
74
|
+
<Handler flux={flux} />,
|
75
|
+
document.getElementById('wrapper')
|
76
|
+
);
|
77
|
+
} else {
|
78
|
+
this.transitionTo('login', {}, {
|
79
|
+
returnTo: state.path
|
80
|
+
});
|
81
|
+
}
|
82
|
+
});
|
83
|
+
});
|
@@ -0,0 +1,34 @@
|
|
1
|
+
import 'event-source-polyfill';
|
2
|
+
|
3
|
+
export const c = {
|
4
|
+
AUDIT_ALL: 'AUDIT_ALL',
|
5
|
+
AUDIT_FLOW: 'AUDIT_FLOW',
|
6
|
+
AUDIT_ROLE: 'AUDIT_ROLE',
|
7
|
+
AUDIT_RESOURCE: 'AUDIT_RESOURCE'
|
8
|
+
};
|
9
|
+
|
10
|
+
export function fetch(rmanager, type, fullId) {
|
11
|
+
switch (type) {
|
12
|
+
case c.AUDIT_ALL:
|
13
|
+
return rmanager
|
14
|
+
.callServer('GET', '/api/audit/all')
|
15
|
+
.end();
|
16
|
+
|
17
|
+
/*eslint-disable no-undef */
|
18
|
+
case c.AUDIT_FLOW:
|
19
|
+
return new EventSource('/api/audit/all');
|
20
|
+
/*eslint-enable no-undef */
|
21
|
+
|
22
|
+
case c.AUDIT_ROLE:
|
23
|
+
return rmanager
|
24
|
+
.callServer('GET', `/api/audit/roles/${fullId}`)
|
25
|
+
.end();
|
26
|
+
|
27
|
+
case c.AUDIT_RESOURCE:
|
28
|
+
return rmanager
|
29
|
+
.callServer('GET', `/api/audit/resources/${fullId}`)
|
30
|
+
.end();
|
31
|
+
|
32
|
+
default:
|
33
|
+
}
|
34
|
+
}
|
@@ -0,0 +1,24 @@
|
|
1
|
+
import {request} from './request';
|
2
|
+
|
3
|
+
export function account() {
|
4
|
+
return request
|
5
|
+
.get('/api/info')
|
6
|
+
.timeout(30000)
|
7
|
+
.end();
|
8
|
+
}
|
9
|
+
|
10
|
+
export function login(username, password) {
|
11
|
+
return request
|
12
|
+
.get('/api/authn/users/login')
|
13
|
+
.auth(username, password)
|
14
|
+
.timeout(30000)
|
15
|
+
.end();
|
16
|
+
}
|
17
|
+
|
18
|
+
export function authenticate(username, apiKey) {
|
19
|
+
return request
|
20
|
+
.post(`/api/authn/users/${username}/authenticate`)
|
21
|
+
.send(apiKey)
|
22
|
+
.timeout(30000)
|
23
|
+
.end();
|
24
|
+
}
|
@@ -0,0 +1,52 @@
|
|
1
|
+
import {pluralize} from '../utils';
|
2
|
+
|
3
|
+
export const c = {
|
4
|
+
ATTRIBUTES: 'ATTRIBUTES',
|
5
|
+
OWNED_RESOURCES: 'OWNED_RESOURCES',
|
6
|
+
ALL_ROLES: 'ALL_ROLES',
|
7
|
+
RESOURCE: 'RESOURCE',
|
8
|
+
PUBLIC_KEYS: 'PUBLIC_KEYS'
|
9
|
+
};
|
10
|
+
|
11
|
+
const encode = window.encodeURIComponent;
|
12
|
+
|
13
|
+
export function fetch(rmanager, type, kind, id) {
|
14
|
+
switch (type) {
|
15
|
+
case c.ATTRIBUTES:
|
16
|
+
return rmanager
|
17
|
+
.callServer('GET', `/api/${pluralize(kind)}/${encode(id)}`)
|
18
|
+
.end();
|
19
|
+
|
20
|
+
case c.OWNED_RESOURCES:
|
21
|
+
var roleid = [kind, id].join(':');
|
22
|
+
|
23
|
+
return rmanager
|
24
|
+
.callServer('GET', `/api/authz/\${account}/resources?owner=${roleid}`)
|
25
|
+
.end()
|
26
|
+
.then(function(res) {
|
27
|
+
res.body = res.body.filter(function(item) {
|
28
|
+
// assets of 'secret' kind are internal
|
29
|
+
return item.id.split(':')[1] !== 'secret';
|
30
|
+
});
|
31
|
+
|
32
|
+
return res;
|
33
|
+
});
|
34
|
+
|
35
|
+
case c.ALL_ROLES:
|
36
|
+
return rmanager
|
37
|
+
.callServer('GET', `/api/authz/\${account}/roles/${encode(kind)}/${encode(id)}?all`)
|
38
|
+
.end();
|
39
|
+
|
40
|
+
case c.RESOURCE:
|
41
|
+
return rmanager
|
42
|
+
.callServer('GET', `/api/authz/\${account}/resources/${kind}/${encode(id)}`)
|
43
|
+
.end();
|
44
|
+
|
45
|
+
case c.PUBLIC_KEYS:
|
46
|
+
return rmanager
|
47
|
+
.callServer('GET', `/api/pubkeys/${encode(id)}`)
|
48
|
+
.end();
|
49
|
+
|
50
|
+
default:
|
51
|
+
}
|
52
|
+
}
|
@@ -0,0 +1,18 @@
|
|
1
|
+
export const c = {
|
2
|
+
LAYER_MEMBERS_USE: 'LAYER_MEMBERS_USE',
|
3
|
+
LAYER_MEMBERS_ADMIN: 'LAYER_MEMBERS_ADMIN'
|
4
|
+
};
|
5
|
+
|
6
|
+
export function fetch(rmanager, type, id) {
|
7
|
+
var role = '';
|
8
|
+
|
9
|
+
if (type === c.LAYER_MEMBERS_USE) {
|
10
|
+
role = `@/layer/${id}/use_host`;
|
11
|
+
} else if (type === c.LAYER_MEMBERS_ADMIN) {
|
12
|
+
role = `@/layer/${id}/admin_host`;
|
13
|
+
}
|
14
|
+
|
15
|
+
return rmanager
|
16
|
+
.callServer('GET', `/api/authz/\${account}/roles/${role}?members`)
|
17
|
+
.end();
|
18
|
+
}
|
@@ -0,0 +1,31 @@
|
|
1
|
+
const encode = window.encodeURIComponent;
|
2
|
+
|
3
|
+
export function fetch(rmanager, kind) {
|
4
|
+
if (kind === 'custom-type') {
|
5
|
+
return rmanager
|
6
|
+
.callServer('GET', `/api/authz/\${account}/resources`)
|
7
|
+
.end();
|
8
|
+
} else {
|
9
|
+
return rmanager
|
10
|
+
.callServer('GET', `/api/authz/\${account}/resources/${encode(kind)}`)
|
11
|
+
.end();
|
12
|
+
}
|
13
|
+
}
|
14
|
+
|
15
|
+
export function fetchOne(rmanager, kind, id) {
|
16
|
+
return rmanager
|
17
|
+
.callServer('GET', `/api/authz/\${account}/resources/${encode(kind)}/${encode(id)}`)
|
18
|
+
.end();
|
19
|
+
}
|
20
|
+
|
21
|
+
export function fetchGroupRoles(rmanager, id) {
|
22
|
+
return rmanager
|
23
|
+
.callServer('GET', `/api/authz/\${account}/roles/group/${id}?members`)
|
24
|
+
.end();
|
25
|
+
}
|
26
|
+
|
27
|
+
export function fetchResources(rmanager, fullId) {
|
28
|
+
return rmanager
|
29
|
+
.callServer('GET', `/api/authz/\${account}/resources?acting_as=${fullId}`)
|
30
|
+
.end();
|
31
|
+
}
|
@@ -0,0 +1,20 @@
|
|
1
|
+
export const c = {
|
2
|
+
MEMBERS_EXECUTE: 'MEMBERS_EXECUTE',
|
3
|
+
MEMBERS_UPDATE: 'MEMBERS_UPDATE'
|
4
|
+
};
|
5
|
+
|
6
|
+
const encode = window.encodeURIComponent;
|
7
|
+
|
8
|
+
export function fetch(rmanager, assetType, type, id) {
|
9
|
+
var privilege = '';
|
10
|
+
|
11
|
+
if (type === c.MEMBERS_EXECUTE) {
|
12
|
+
privilege = 'execute';
|
13
|
+
} else if (type === c.MEMBERS_UPDATE) {
|
14
|
+
privilege = 'update';
|
15
|
+
}
|
16
|
+
|
17
|
+
return rmanager
|
18
|
+
.callServer('GET', `/api/authz/\${account}/roles/allowed_to/${privilege}/${assetType}/${encode(id)}`)
|
19
|
+
.end();
|
20
|
+
}
|
@@ -0,0 +1,531 @@
|
|
1
|
+
import {Buffer} from 'buffer';
|
2
|
+
import _ from 'lodash';
|
3
|
+
import superagent from 'superagent';
|
4
|
+
import moment from 'moment';
|
5
|
+
|
6
|
+
function PRequest(method, url, rmanager) {
|
7
|
+
superagent.Request.apply(this, [method, url]);
|
8
|
+
|
9
|
+
this.rmanager = rmanager;
|
10
|
+
this._highPriority = false;
|
11
|
+
}
|
12
|
+
|
13
|
+
PRequest.prototype = Object.create(superagent.Request.prototype);
|
14
|
+
|
15
|
+
PRequest.prototype.highPriority = function() {
|
16
|
+
this._highPriority = true;
|
17
|
+
return this;
|
18
|
+
};
|
19
|
+
|
20
|
+
PRequest.prototype.isHighPriority = function() {
|
21
|
+
return this._highPriority;
|
22
|
+
};
|
23
|
+
|
24
|
+
PRequest.prototype.end = function() {
|
25
|
+
let _super = superagent.Request.prototype.end,
|
26
|
+
self = this;
|
27
|
+
|
28
|
+
return new Promise(function(accept, reject) {
|
29
|
+
self.rmanager.placeOnWaitQ(_super, self, accept, reject);
|
30
|
+
});
|
31
|
+
};
|
32
|
+
|
33
|
+
var configProps = {
|
34
|
+
_conf: {
|
35
|
+
value: {
|
36
|
+
applianceUrl: null,
|
37
|
+
account: null,
|
38
|
+
username: null,
|
39
|
+
apiKey: null,
|
40
|
+
token: null,
|
41
|
+
tokenExpire: null,
|
42
|
+
requestToken: null
|
43
|
+
}
|
44
|
+
}
|
45
|
+
};
|
46
|
+
|
47
|
+
/**
|
48
|
+
*
|
49
|
+
* RManagerNoopConfig provides a no-op configuration for
|
50
|
+
* RManager. Allows in-memory storage of attributes, always shows the
|
51
|
+
* user as logged in, disallows logout. Used when the UI is launched
|
52
|
+
* in plugin mode.
|
53
|
+
*
|
54
|
+
*/
|
55
|
+
function RManagerNoopConfig(configCookie) {
|
56
|
+
var cookie = JSON.parse(configCookie);
|
57
|
+
this.account = cookie.account;
|
58
|
+
this.applianceUrl = `http://${document.location.host}`;
|
59
|
+
this.username = cookie.login;
|
60
|
+
}
|
61
|
+
|
62
|
+
Object.defineProperties(RManagerNoopConfig.prototype, configProps);
|
63
|
+
Object.defineProperties(RManagerNoopConfig.prototype, {
|
64
|
+
applianceUrl: {
|
65
|
+
get: function getApplianceUrl() {
|
66
|
+
return this._conf.applianceUrl;
|
67
|
+
},
|
68
|
+
set: function setApplianceUrl(applianceUrl) {
|
69
|
+
this._conf.applianceUrl = applianceUrl;
|
70
|
+
}
|
71
|
+
},
|
72
|
+
account: {
|
73
|
+
get: function getAccount() {
|
74
|
+
return this._conf.account;
|
75
|
+
},
|
76
|
+
set: function setAccount(account) {
|
77
|
+
this._conf.account = account;
|
78
|
+
}
|
79
|
+
},
|
80
|
+
username: {
|
81
|
+
get: function getUsername() {
|
82
|
+
return this._conf.username;
|
83
|
+
},
|
84
|
+
set: function setUsername(username) {
|
85
|
+
this._conf.username = username;
|
86
|
+
}
|
87
|
+
},
|
88
|
+
apiKey: {
|
89
|
+
get: function getApiKey() {
|
90
|
+
return this._conf.apiKey;
|
91
|
+
},
|
92
|
+
set: function setApiKey(apiKey) {
|
93
|
+
this._conf.apiKey = apiKey;
|
94
|
+
}
|
95
|
+
},
|
96
|
+
token: {
|
97
|
+
get: function getToken() {
|
98
|
+
return this._conf.token;
|
99
|
+
},
|
100
|
+
set: function setToken(token) {
|
101
|
+
this._conf.token = token;
|
102
|
+
}
|
103
|
+
},
|
104
|
+
tokenExpire: {
|
105
|
+
get: function getTokenExpire() {
|
106
|
+
return this._conf.tokenExpire;
|
107
|
+
},
|
108
|
+
set: function setTokenExpire(tokenExpire) {
|
109
|
+
this._conf.tokenExpire = tokenExpire;
|
110
|
+
}
|
111
|
+
},
|
112
|
+
isLogged: {
|
113
|
+
get: function() {
|
114
|
+
return true;
|
115
|
+
}
|
116
|
+
},
|
117
|
+
allowLogout: {
|
118
|
+
get: function() {
|
119
|
+
return false;
|
120
|
+
}
|
121
|
+
}
|
122
|
+
});
|
123
|
+
|
124
|
+
RManagerNoopConfig.prototype._saveState = function() {};
|
125
|
+
RManagerNoopConfig.prototype._restoreState = function() {};
|
126
|
+
RManagerNoopConfig.prototype._removeStoredState = function() {};
|
127
|
+
|
128
|
+
/**
|
129
|
+
*
|
130
|
+
* RManagerLocalStorageConfig provides a local-storage-backed
|
131
|
+
* configuration for RManager. Persists the provided attributes to
|
132
|
+
* local storage, manages refreshing the user's token, shows the user
|
133
|
+
* as logged in while he has an active token, allows logout.
|
134
|
+
*
|
135
|
+
* Used when connecting to server-side UI.
|
136
|
+
*/
|
137
|
+
|
138
|
+
function RManagerLocalStorageConfig() {
|
139
|
+
this._timer = null;
|
140
|
+
}
|
141
|
+
|
142
|
+
Object.defineProperties(RManagerLocalStorageConfig.prototype, configProps);
|
143
|
+
Object.defineProperties(RManagerLocalStorageConfig.prototype, {
|
144
|
+
applianceUrl: {
|
145
|
+
get: function getApplianceUrl() {
|
146
|
+
return this._conf.applianceUrl;
|
147
|
+
},
|
148
|
+
set: function setApplianceUrl(applianceUrl) {
|
149
|
+
this._conf.applianceUrl = applianceUrl;
|
150
|
+
this.account = null;
|
151
|
+
}
|
152
|
+
},
|
153
|
+
account: {
|
154
|
+
get: function getAccount() {
|
155
|
+
return this._conf.account;
|
156
|
+
},
|
157
|
+
set: function setAccount(account) {
|
158
|
+
this._conf.account = account;
|
159
|
+
this.username = null;
|
160
|
+
}
|
161
|
+
},
|
162
|
+
username: {
|
163
|
+
get: function getUsername() {
|
164
|
+
return this._conf.username;
|
165
|
+
},
|
166
|
+
set: function setUsername(username) {
|
167
|
+
this._conf.username = username;
|
168
|
+
this.apiKey = null;
|
169
|
+
}
|
170
|
+
},
|
171
|
+
apiKey: {
|
172
|
+
get: function getApiKey() {
|
173
|
+
return this._conf.apiKey;
|
174
|
+
},
|
175
|
+
set: function setApiKey(apiKey) {
|
176
|
+
this._conf.apiKey = apiKey;
|
177
|
+
this.token = null;
|
178
|
+
}
|
179
|
+
},
|
180
|
+
token: {
|
181
|
+
get: function getToken() {
|
182
|
+
return this._conf.token;
|
183
|
+
},
|
184
|
+
set: function setToken(token) {
|
185
|
+
if (_.isNull(token)) {
|
186
|
+
this._conf.token = null;
|
187
|
+
} else if (_.isString(token)) {
|
188
|
+
this._conf.token = token;
|
189
|
+
} else {
|
190
|
+
this._conf.token = new Buffer(JSON.stringify(token)).toString('base64');
|
191
|
+
}
|
192
|
+
|
193
|
+
this.tokenExpire = null;
|
194
|
+
}
|
195
|
+
},
|
196
|
+
tokenExpire: {
|
197
|
+
get: function getTokenExpire() {
|
198
|
+
return this._conf.tokenExpire;
|
199
|
+
},
|
200
|
+
set: function setTokenExpire(tokenExpire) {
|
201
|
+
this._stopTokenRefreshTimeout();
|
202
|
+
|
203
|
+
if (_.isNull(tokenExpire)) {
|
204
|
+
this._conf.tokenExpire = null;
|
205
|
+
} else {
|
206
|
+
const expirationDate = tokenExpire + 300000,
|
207
|
+
timeout = expirationDate - moment.utc();
|
208
|
+
|
209
|
+
this._startTokenRefreshTimeout(timeout > 0 ? timeout : 1);
|
210
|
+
this._conf.tokenExpire = expirationDate;
|
211
|
+
}
|
212
|
+
}
|
213
|
+
},
|
214
|
+
isLogged: {
|
215
|
+
get: function isLogged() {
|
216
|
+
let diff = this.tokenExpire - moment.utc();
|
217
|
+
|
218
|
+
if (_.isString(this.applianceUrl) && _.isString(this.account) &&
|
219
|
+
_.isString(this.username) && _.isString(this.apiKey) &&
|
220
|
+
_.isString(this.token) && _.isNumber(this.tokenExpire) &&
|
221
|
+
(diff > 0)) {
|
222
|
+
return true;
|
223
|
+
} else {
|
224
|
+
return false;
|
225
|
+
}
|
226
|
+
}
|
227
|
+
},
|
228
|
+
allowLogout: {
|
229
|
+
get: function() {
|
230
|
+
return true;
|
231
|
+
}
|
232
|
+
}
|
233
|
+
});
|
234
|
+
|
235
|
+
RManagerLocalStorageConfig.prototype._saveState = function() {
|
236
|
+
if (this.isLogged) {
|
237
|
+
let state = {
|
238
|
+
applianceUrl: this.applianceUrl,
|
239
|
+
account: this.account,
|
240
|
+
username: this.username,
|
241
|
+
apiKey: this.apiKey,
|
242
|
+
token: this.token,
|
243
|
+
tokenExpire: this.tokenExpire
|
244
|
+
};
|
245
|
+
|
246
|
+
if (window.localStorage) {
|
247
|
+
window.localStorage.conjur = JSON.stringify(state);
|
248
|
+
}
|
249
|
+
}
|
250
|
+
};
|
251
|
+
|
252
|
+
RManagerLocalStorageConfig.prototype._restoreState = function() {
|
253
|
+
let state;
|
254
|
+
|
255
|
+
try {
|
256
|
+
if (window.localStorage) {
|
257
|
+
state = JSON.parse(window.localStorage.conjur);
|
258
|
+
}
|
259
|
+
} catch(e) {
|
260
|
+
this._removeStoredState();
|
261
|
+
}
|
262
|
+
|
263
|
+
if (_.isObject(state)) {
|
264
|
+
let diff = state.tokenExpire - moment.utc();
|
265
|
+
|
266
|
+
if (diff > 1000) { // expired
|
267
|
+
this.applianceUrl = state.applianceUrl;
|
268
|
+
this.account = state.account;
|
269
|
+
this.username = state.username;
|
270
|
+
this.apiKey = state.apiKey;
|
271
|
+
this.token = state.token;
|
272
|
+
this.tokenExpire = state.tokenExpire - 300000;
|
273
|
+
} else {
|
274
|
+
this._removeStoredState();
|
275
|
+
}
|
276
|
+
}
|
277
|
+
};
|
278
|
+
|
279
|
+
RManagerLocalStorageConfig.prototype._removeStoredState = function() {
|
280
|
+
if (window.localStorage) {
|
281
|
+
window.localStorage.conjur = null;
|
282
|
+
}
|
283
|
+
};
|
284
|
+
|
285
|
+
RManagerLocalStorageConfig.prototype._startTokenRefreshTimeout = function(timeout) {
|
286
|
+
this._timer = window.setTimeout(() => {
|
287
|
+
this.requestToken();
|
288
|
+
}, timeout);
|
289
|
+
};
|
290
|
+
|
291
|
+
RManagerLocalStorageConfig.prototype._stopTokenRefreshTimeout = function() {
|
292
|
+
window.clearTimeout(this._timer);
|
293
|
+
};
|
294
|
+
|
295
|
+
export function RManager(flux, configCookie) {
|
296
|
+
this.flux = flux;
|
297
|
+
|
298
|
+
this._config = configCookie? new RManagerNoopConfig(configCookie) : new RManagerLocalStorageConfig();
|
299
|
+
this._config._restoreState();
|
300
|
+
this._config.requestToken = _.bind(this.requestToken, this);
|
301
|
+
|
302
|
+
this._waitQueue = [];
|
303
|
+
this._runPool = {};
|
304
|
+
this._nextRequestId = 1;
|
305
|
+
}
|
306
|
+
|
307
|
+
Object.defineProperties(RManager.prototype, {
|
308
|
+
account: {
|
309
|
+
get: function() {
|
310
|
+
return this._config.account;
|
311
|
+
},
|
312
|
+
set: function(account) {
|
313
|
+
this._config.account = account;
|
314
|
+
}
|
315
|
+
},
|
316
|
+
username: {
|
317
|
+
get: function() {
|
318
|
+
return this._config.username;
|
319
|
+
},
|
320
|
+
set: function(u) {
|
321
|
+
this._config.username = u;
|
322
|
+
}
|
323
|
+
},
|
324
|
+
isLogged: {
|
325
|
+
get: function() {
|
326
|
+
return this._config.isLogged;
|
327
|
+
}
|
328
|
+
},
|
329
|
+
allowLogout: {
|
330
|
+
get: function() {
|
331
|
+
return this._config.allowLogout;
|
332
|
+
}
|
333
|
+
}
|
334
|
+
});
|
335
|
+
|
336
|
+
RManager.prototype.placeOnWaitQ = function(run, request, accept, reject) {
|
337
|
+
let self = this;
|
338
|
+
|
339
|
+
this._waitQueue.push({
|
340
|
+
request: request,
|
341
|
+
run: function(index) {
|
342
|
+
run.call(request, function(err, value) {
|
343
|
+
if (err || value.error) {
|
344
|
+
if (value && value.error) {
|
345
|
+
self.flux.actions.flashMessage(value.error.message);
|
346
|
+
} else {
|
347
|
+
self.flux.actions.flashMessage(err.message);
|
348
|
+
}
|
349
|
+
|
350
|
+
reject(value);
|
351
|
+
} else {
|
352
|
+
accept(value);
|
353
|
+
}
|
354
|
+
|
355
|
+
self.removeFromRunPool(index);
|
356
|
+
});
|
357
|
+
}
|
358
|
+
});
|
359
|
+
|
360
|
+
this._notify();
|
361
|
+
};
|
362
|
+
|
363
|
+
RManager.prototype.emptyWaitQ = function() {
|
364
|
+
this._waitQueue = [];
|
365
|
+
};
|
366
|
+
|
367
|
+
RManager.prototype.takeFromWaitQ = function() {
|
368
|
+
return this._waitQueue.shift();
|
369
|
+
};
|
370
|
+
|
371
|
+
RManager.prototype.pushBackToWaitQ = function(request) {
|
372
|
+
this._waitQueue.unshift(request);
|
373
|
+
};
|
374
|
+
|
375
|
+
RManager.prototype.isWaitQEmpty = function() {
|
376
|
+
return this._waitQueue.length === 0;
|
377
|
+
};
|
378
|
+
|
379
|
+
RManager.prototype.isFirstOnWaitQHighPriority = function() {
|
380
|
+
return this._waitQueue[0] && this._waitQueue[0].request.isHighPriority();
|
381
|
+
};
|
382
|
+
|
383
|
+
RManager.prototype.placeInRunPool = function(request) {
|
384
|
+
const requestId = this._nextRequestId;
|
385
|
+
this._nextRequestId += 1;
|
386
|
+
|
387
|
+
this._runPool[requestId] = request;
|
388
|
+
|
389
|
+
return requestId;
|
390
|
+
};
|
391
|
+
|
392
|
+
RManager.prototype.removeFromRunPool = function(requestId) {
|
393
|
+
delete this._runPool[requestId];
|
394
|
+
};
|
395
|
+
|
396
|
+
RManager.prototype.isHighPriorityInRunPool = function() {
|
397
|
+
return _.isObject(_.find(this._runPool, (e) => {
|
398
|
+
return _.isObject(e) && e.request.isHighPriority();
|
399
|
+
}));
|
400
|
+
};
|
401
|
+
|
402
|
+
RManager.prototype._notify = function() {
|
403
|
+
// inspect run q for request to refresh token
|
404
|
+
if (this.isHighPriorityInRunPool()) {
|
405
|
+
// if yes - end method
|
406
|
+
return;
|
407
|
+
// if no - go forward
|
408
|
+
// if waitq is not empty - go forward
|
409
|
+
} else if (!this.isWaitQEmpty()) {
|
410
|
+
// if first on waitq is refresh token request
|
411
|
+
// run and place it on runq - end
|
412
|
+
if (this.isFirstOnWaitQHighPriority()) {
|
413
|
+
let request = this.takeFromWaitQ(),
|
414
|
+
requestId = this.placeInRunPool(request);
|
415
|
+
|
416
|
+
request.run(requestId);
|
417
|
+
} else {
|
418
|
+
// take from waitq util request to refresh token endpoint
|
419
|
+
// run them all and place on runq - end
|
420
|
+
let request,
|
421
|
+
requestId;
|
422
|
+
|
423
|
+
for (;;) {
|
424
|
+
request = this.takeFromWaitQ();
|
425
|
+
|
426
|
+
if (_.isUndefined(request) || _.isNull(request)) {
|
427
|
+
break;
|
428
|
+
}
|
429
|
+
|
430
|
+
if (request.request.isHighPriority()) {
|
431
|
+
this.pushBackToWaitQ(request);
|
432
|
+
|
433
|
+
break;
|
434
|
+
}
|
435
|
+
|
436
|
+
requestId = this.placeInRunPool(request);
|
437
|
+
|
438
|
+
request.run(requestId);
|
439
|
+
}
|
440
|
+
}
|
441
|
+
}
|
442
|
+
};
|
443
|
+
|
444
|
+
RManager.prototype.getRequest = function(method, path) {
|
445
|
+
let url = path;
|
446
|
+
|
447
|
+
if (_.isString(this._config.applianceUrl)) {
|
448
|
+
url = `${this._config.applianceUrl}${url}`;
|
449
|
+
}
|
450
|
+
|
451
|
+
return new PRequest(method, url, this);
|
452
|
+
};
|
453
|
+
|
454
|
+
RManager.prototype.callServer = function(verb, path) {
|
455
|
+
let req = this.getRequest(
|
456
|
+
verb,
|
457
|
+
path.replace('\${account}', window.encodeURIComponent(this._config.account))
|
458
|
+
);
|
459
|
+
|
460
|
+
if (typeof this._config.token === 'string') {
|
461
|
+
req.set('Authorization', `Token token="${this._config.token}"`);
|
462
|
+
}
|
463
|
+
|
464
|
+
return req;
|
465
|
+
};
|
466
|
+
|
467
|
+
RManager.prototype.login = function(applianceUrl, username, password) {
|
468
|
+
return this.requestAccount(applianceUrl)
|
469
|
+
.then(() => {
|
470
|
+
return this.requestApiKey(username, password)
|
471
|
+
.then(() => {
|
472
|
+
return this._config.requestToken();
|
473
|
+
});
|
474
|
+
})
|
475
|
+
.then(
|
476
|
+
() => {
|
477
|
+
return true;
|
478
|
+
},
|
479
|
+
() => {
|
480
|
+
return false;
|
481
|
+
});
|
482
|
+
};
|
483
|
+
|
484
|
+
RManager.prototype.logout = function() {
|
485
|
+
this._config.applianceUrl = null;
|
486
|
+
this._config._removeStoredState();
|
487
|
+
this.emptyWaitQ();
|
488
|
+
};
|
489
|
+
|
490
|
+
RManager.prototype.requestAccount = function(applianceUrl) {
|
491
|
+
return this
|
492
|
+
.getRequest('GET', '/api/info')
|
493
|
+
.timeout(30000)
|
494
|
+
.highPriority()
|
495
|
+
.end()
|
496
|
+
.then(res => {
|
497
|
+
this._config.applianceUrl = applianceUrl;
|
498
|
+
this._config.account = res.body.account;
|
499
|
+
});
|
500
|
+
};
|
501
|
+
|
502
|
+
RManager.prototype.requestApiKey = function(username, password) {
|
503
|
+
return this
|
504
|
+
.getRequest('GET', '/api/authn/users/login')
|
505
|
+
.auth(username, password)
|
506
|
+
.timeout(30000)
|
507
|
+
.highPriority()
|
508
|
+
.set('Accept', 'text/plain')
|
509
|
+
.end()
|
510
|
+
.then(res => {
|
511
|
+
this._config.username = username;
|
512
|
+
this._config.apiKey = res.text;
|
513
|
+
});
|
514
|
+
};
|
515
|
+
|
516
|
+
RManager.prototype.requestToken = function() {
|
517
|
+
return this
|
518
|
+
.getRequest('POST', `/api/authn/users/${this._config.username}/authenticate`)
|
519
|
+
.send(this._config.apiKey)
|
520
|
+
.timeout(30000)
|
521
|
+
.highPriority()
|
522
|
+
.end()
|
523
|
+
.then(res => {
|
524
|
+
this._config.token = res.body;
|
525
|
+
this._config.tokenExpire = moment.utc(res.body.timestamp, 'YYYY-MM-DD hh:mm:ss UTC');
|
526
|
+
|
527
|
+
if (this._config.isLogged) {
|
528
|
+
this._config._saveState();
|
529
|
+
}
|
530
|
+
});
|
531
|
+
};
|