fix(openbao-ui): serve standalone KeyCape login at /ui/vault/auth
Ember's auth route bounces between ?with=netkingdom/ and ?with=token when OIDC mounts are hidden from the unauthenticated listing. Bypass Ember on the bare auth path with a static login page that calls auth_url directly; OIDC callbacks still proxy to the OpenBao UI.
This commit is contained in:
@@ -52,6 +52,19 @@ require_pattern() {
|
||||
ok "$label"
|
||||
}
|
||||
|
||||
step "Standalone login page"
|
||||
auth_html="$(curl -fsS "$BASE_URL/ui/vault/auth")"
|
||||
require_pattern \
|
||||
"auth page serves standalone KeyCape login" \
|
||||
"$auth_html" \
|
||||
'id="login-submit"|Sign in with KeyCape'
|
||||
|
||||
if grep -Eq 'vault-|engines-dist' <<<"$auth_html"; then
|
||||
err "auth page still serves Ember shell (expected standalone login.html)"
|
||||
exit 1
|
||||
fi
|
||||
ok "auth page is standalone login.html (no Ember shell)"
|
||||
|
||||
step "Overlay asset endpoints"
|
||||
index_html="$(curl -fsS "$BASE_URL/ui/")"
|
||||
overlay_js="$(curl -fsS "$BASE_URL/ui/platform-overlay/overlay.js")"
|
||||
|
||||
Reference in New Issue
Block a user