Fix token login for vanilla default policy

Out of the box vault doesn't allow the default policy to POST against auth/token/lookup. A more correct way of verifying a token is to GET auth/token/lookup-self.
djenriquez · Jan 20, 2017 · fe16e98 · fe16e98
1 parent c3dfdce
commit fe16e98
Showing 1 changed file with 13 additions and 22 deletions.
diff --git a/src/login.js b/src/login.js
@@ -64,41 +64,32 @@ exports.login = function (req, res) {
     }
 
     let endpoint = '';
-    let body = {}
-    let config = {}
+    let body = {};
+    let config = { method: 'post' };
+    var instance = axios.create({ baseURL: `${_.get(req, "body.VaultUrl")}/v1/auth/`});
 
     switch (creds.Type.toLowerCase()) {
         case 'github':
-            endpoint = '/v1/auth/github/login';
-            body = {
-                token: creds.Token
-            };
+            config['url'] = 'github/login';
+            config['data'] = { token: creds.Token };
             break;
         case 'usernamepassword':
-            endpoint = `/v1/auth/userpass/login/${username}`;
-            body = {
-                password: creds.Password
-            };
+            config['url'] = `userpass/login/${username}`;
+            config['data'] = { password: creds.Password };
             break;
         case 'ldap':
-            endpoint = `/v1/auth/ldap/login/${username}`;
-            body = {
-                password: creds.Password
-            };
+            config['url'] = `ldap/login/${username}`;
+            config['data'] = { password: creds.Password };
             break;
         case 'token':
-            endpoint = `/v1/auth/token/lookup`
-            body = {
-                token: creds.Token
-            };
-            config = {
-                headers: { "X-Vault-Token": creds.Token }
-            };
+            config['method'] = 'get';
+            config['url'] = `token/lookup-self`;
+            config['headers'] = { "X-Vault-Token": creds.Token };
             break;
         default:
             res.status(400).send("Invalid auth method");
     }
-    axios.post(`${_.get(req, "body.VaultUrl")}${endpoint}`, body, config)
+    instance.request(config)
         .then((resp) => {
             if (creds.Type.toLowerCase() === 'token') {
                 res.json({