Skip to content

Commit

Permalink
Ensure that challenge response contains body (opensearch-project#4233)
Browse files Browse the repository at this point in the history
Signed-off-by: Craig Perkins <cwperx@amazon.com>
cwperks authored Apr 18, 2024

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
1 parent 9a85f23 commit a528c91
Showing 3 changed files with 25 additions and 4 deletions.
Original file line number Diff line number Diff line change
@@ -41,6 +41,8 @@
import org.opensearch.test.framework.cluster.LocalCluster;
import org.opensearch.test.framework.cluster.TestRestClient;

import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.Matchers.equalTo;
import static org.opensearch.action.support.WriteRequest.RefreshPolicy.IMMEDIATE;
import static org.opensearch.test.framework.TestSecurityConfig.AuthcDomain.AUTHC_HTTPBASIC_INTERNAL;
import static org.opensearch.test.framework.TestSecurityConfig.Role.ALL_ACCESS;
@@ -127,11 +129,13 @@ private void runResourceTest(
final var requests = AsyncActions.generate(() -> {
final HttpPost post = new HttpPost(client.getHttpServerUri() + requestPath);
post.setEntity(new ByteArrayEntity(compressedRequestBody, ContentType.APPLICATION_JSON));
return client.executeRequest(post);
TestRestClient.HttpResponse response = client.executeRequest(post);
return response.getStatusCode();
}, parrallelism, totalNumberOfRequests);

AsyncActions.getAll(requests, 2, TimeUnit.MINUTES)
.forEach((response) -> { response.assertStatusCode(HttpStatus.SC_UNAUTHORIZED); });
AsyncActions.getAll(requests, 2, TimeUnit.MINUTES).forEach((responseCode) -> {
assertThat(responseCode, equalTo(HttpStatus.SC_UNAUTHORIZED));
});
}
}

Original file line number Diff line number Diff line change
@@ -106,6 +106,19 @@ public void testBrowserShouldRequestForCredentials() {
}
}

@Test
public void shouldRespondWithChallengeWhenNoCredentialsArePresent() {
try (TestRestClient client = cluster.getRestClient()) {
HttpResponse response = client.getAuthInfo();

assertThat(response, is(notNullValue()));
response.assertStatusCode(SC_UNAUTHORIZED);
assertThat(response.getHeader("WWW-Authenticate"), is(notNullValue()));
assertThat(response.getHeader("WWW-Authenticate").getValue(), equalTo("Basic realm=\"OpenSearch Security\""));
assertThat(response.getBody(), equalTo("Unauthorized"));
}
}

@Test
public void testUserShouldNotHaveAssignedCustomAttributes() {
try (TestRestClient client = cluster.getRestClient(TEST_USER)) {
Original file line number Diff line number Diff line change
@@ -68,7 +68,11 @@ public AuthCredentials extractCredentials(final SecurityRequest request, final T
@Override
public Optional<SecurityResponse> reRequestAuthentication(final SecurityRequest request, AuthCredentials creds) {
return Optional.of(
new SecurityResponse(HttpStatus.SC_UNAUTHORIZED, Map.of("WWW-Authenticate", "Basic realm=\"OpenSearch Security\""), "")
new SecurityResponse(
HttpStatus.SC_UNAUTHORIZED,
Map.of("WWW-Authenticate", "Basic realm=\"OpenSearch Security\""),
"Unauthorized"
)
);
}

0 comments on commit a528c91

Please sign in to comment.