From 321a4cf010a7c4c8139295227bcda4b8f5784450 Mon Sep 17 00:00:00 2001 From: Aleh Zasypkin Date: Tue, 3 Mar 2020 14:37:37 +0100 Subject: [PATCH] Do not use slashes in app IDs (these are forbidden) and remove `/app` prefix for view route (with `appRoute`) that are rendered by dedicated server routes. --- .../plugins/security/public/hacks/legacy.ts | 2 +- .../xpack_main/public/services/path.js | 2 +- .../account_management_app.test.ts | 4 +- .../account_management_app.ts | 4 +- .../logged_out/logged_out_app.test.ts | 8 ++-- .../logged_out/logged_out_app.ts | 6 +-- .../authentication/login/login_app.test.ts | 2 +- .../public/authentication/login/login_app.ts | 2 +- .../authentication/logout/logout_app.test.ts | 2 +- .../authentication/logout/logout_app.ts | 2 +- .../overwritten_session_app.test.ts | 4 +- .../overwritten_session_app.ts | 4 +- .../nav_control/nav_control_service.tsx | 2 +- .../authentication/providers/kerberos.test.ts | 2 +- .../authentication/providers/kerberos.ts | 2 +- .../authentication/providers/oidc.test.ts | 2 +- .../server/authentication/providers/oidc.ts | 2 +- .../authentication/providers/pki.test.ts | 2 +- .../server/authentication/providers/pki.ts | 2 +- .../authentication/providers/saml.test.ts | 37 +++++++++---------- .../server/authentication/providers/saml.ts | 4 +- .../server/routes/views/account_management.ts | 15 +++----- .../server/routes/views/index.test.ts | 18 ++++----- .../server/routes/views/logged_out.test.ts | 2 +- .../server/routes/views/logged_out.ts | 2 +- .../routes/views/overwritten_session.ts | 2 +- .../apis/security/kerberos_login.ts | 2 +- .../apis/security/pki_auth.ts | 2 +- .../apis/security/saml_login.ts | 2 +- 29 files changed, 67 insertions(+), 75 deletions(-) diff --git a/x-pack/legacy/plugins/security/public/hacks/legacy.ts b/x-pack/legacy/plugins/security/public/hacks/legacy.ts index 1a70f89c95019..2c683fe4ecf80 100644 --- a/x-pack/legacy/plugins/security/public/hacks/legacy.ts +++ b/x-pack/legacy/plugins/security/public/hacks/legacy.ts @@ -15,7 +15,7 @@ const securityPluginSetup = (npSetup.plugins as any).security as SecurityPluginS if (securityPluginSetup) { routes.when('/account', { template: '
', - controller: () => npStart.core.application.navigateToApp('security/account'), + controller: () => npStart.core.application.navigateToApp('security_account'), }); const getNextParameter = () => { diff --git a/x-pack/legacy/plugins/xpack_main/public/services/path.js b/x-pack/legacy/plugins/xpack_main/public/services/path.js index 1af5e29490abb..d2fe550178e61 100644 --- a/x-pack/legacy/plugins/xpack_main/public/services/path.js +++ b/x-pack/legacy/plugins/xpack_main/public/services/path.js @@ -12,7 +12,7 @@ export const Path = { return ( path === '/login' || path === '/logout' || - path === '/app/security/logged_out' || + path === '/security/logged_out' || path === '/status' ); }, diff --git a/x-pack/plugins/security/public/account_management/account_management_app.test.ts b/x-pack/plugins/security/public/account_management/account_management_app.test.ts index 145c0d1a659ee..3061f16071fae 100644 --- a/x-pack/plugins/security/public/account_management/account_management_app.test.ts +++ b/x-pack/plugins/security/public/account_management/account_management_app.test.ts @@ -27,8 +27,8 @@ describe('accountManagementApp', () => { const [[appRegistration]] = coreSetupMock.application.register.mock.calls; expect(appRegistration).toEqual({ - id: 'security/account', - appRoute: '/app/security/account', + id: 'security_account', + appRoute: '/security/account', navLinkStatus: AppNavLinkStatus.hidden, title: 'Account Management', mount: expect.any(Function), diff --git a/x-pack/plugins/security/public/account_management/account_management_app.ts b/x-pack/plugins/security/public/account_management/account_management_app.ts index a145f33a4ef96..a0b892deaa33a 100644 --- a/x-pack/plugins/security/public/account_management/account_management_app.ts +++ b/x-pack/plugins/security/public/account_management/account_management_app.ts @@ -16,7 +16,7 @@ interface CreateDeps { } export const accountManagementApp = Object.freeze({ - id: 'security/account', + id: 'security_account', create({ application, authc, getStartServices }: CreateDeps) { const title = i18n.translate('xpack.security.account.breadcrumb', { defaultMessage: 'Account Management', @@ -26,7 +26,7 @@ export const accountManagementApp = Object.freeze({ title, // TODO: switch to proper enum once https://github.com/elastic/kibana/issues/58327 is resolved. navLinkStatus: 3, - appRoute: '/app/security/account', + appRoute: '/security/account', async mount({ element }: AppMountParameters) { const [[coreStart], { renderAccountManagementPage }] = await Promise.all([ getStartServices(), diff --git a/x-pack/plugins/security/public/authentication/logged_out/logged_out_app.test.ts b/x-pack/plugins/security/public/authentication/logged_out/logged_out_app.test.ts index 974183dbe3fa6..c8303ecc940d6 100644 --- a/x-pack/plugins/security/public/authentication/logged_out/logged_out_app.test.ts +++ b/x-pack/plugins/security/public/authentication/logged_out/logged_out_app.test.ts @@ -18,17 +18,15 @@ describe('loggedOutApp', () => { loggedOutApp.create(coreSetupMock); expect(coreSetupMock.http.anonymousPaths.register).toHaveBeenCalledTimes(1); - expect(coreSetupMock.http.anonymousPaths.register).toHaveBeenCalledWith( - '/app/security/logged_out' - ); + expect(coreSetupMock.http.anonymousPaths.register).toHaveBeenCalledWith('/security/logged_out'); expect(coreSetupMock.application.register).toHaveBeenCalledTimes(1); const [[appRegistration]] = coreSetupMock.application.register.mock.calls; expect(appRegistration).toEqual({ - id: 'security/logged_out', + id: 'security_logged_out', chromeless: true, - appRoute: '/app/security/logged_out', + appRoute: '/security/logged_out', title: 'Logged out', mount: expect.any(Function), }); diff --git a/x-pack/plugins/security/public/authentication/logged_out/logged_out_app.ts b/x-pack/plugins/security/public/authentication/logged_out/logged_out_app.ts index 2d0711ef2b44f..b7f2615318791 100644 --- a/x-pack/plugins/security/public/authentication/logged_out/logged_out_app.ts +++ b/x-pack/plugins/security/public/authentication/logged_out/logged_out_app.ts @@ -14,14 +14,14 @@ interface CreateDeps { } export const loggedOutApp = Object.freeze({ - id: 'security/logged_out', + id: 'security_logged_out', create({ application, http, getStartServices }: CreateDeps) { - http.anonymousPaths.register('/app/security/logged_out'); + http.anonymousPaths.register('/security/logged_out'); application.register({ id: this.id, title: i18n.translate('xpack.security.loggedOutAppTitle', { defaultMessage: 'Logged out' }), chromeless: true, - appRoute: '/app/security/logged_out', + appRoute: '/security/logged_out', async mount({ element }: AppMountParameters) { const [[coreStart], { renderLoggedOutPage }] = await Promise.all([ getStartServices(), diff --git a/x-pack/plugins/security/public/authentication/login/login_app.test.ts b/x-pack/plugins/security/public/authentication/login/login_app.test.ts index eaaa37efcac4b..051f08058ed8d 100644 --- a/x-pack/plugins/security/public/authentication/login/login_app.test.ts +++ b/x-pack/plugins/security/public/authentication/login/login_app.test.ts @@ -27,7 +27,7 @@ describe('loginApp', () => { const [[appRegistration]] = coreSetupMock.application.register.mock.calls; expect(appRegistration).toEqual({ - id: 'security/login', + id: 'security_login', chromeless: true, appRoute: '/login', title: 'Login', diff --git a/x-pack/plugins/security/public/authentication/login/login_app.ts b/x-pack/plugins/security/public/authentication/login/login_app.ts index aff51250350b5..4f4bf3903a1fa 100644 --- a/x-pack/plugins/security/public/authentication/login/login_app.ts +++ b/x-pack/plugins/security/public/authentication/login/login_app.ts @@ -16,7 +16,7 @@ interface CreateDeps { } export const loginApp = Object.freeze({ - id: 'security/login', + id: 'security_login', create({ application, http, getStartServices, config }: CreateDeps) { http.anonymousPaths.register('/login'); application.register({ diff --git a/x-pack/plugins/security/public/authentication/logout/logout_app.test.ts b/x-pack/plugins/security/public/authentication/logout/logout_app.test.ts index ae9217416468c..c17a0c2ca27b1 100644 --- a/x-pack/plugins/security/public/authentication/logout/logout_app.test.ts +++ b/x-pack/plugins/security/public/authentication/logout/logout_app.test.ts @@ -38,7 +38,7 @@ describe('logoutApp', () => { const [[appRegistration]] = coreSetupMock.application.register.mock.calls; expect(appRegistration).toEqual({ - id: 'security/logout', + id: 'security_logout', chromeless: true, appRoute: '/logout', title: 'Logout', diff --git a/x-pack/plugins/security/public/authentication/logout/logout_app.ts b/x-pack/plugins/security/public/authentication/logout/logout_app.ts index 7045596874edc..72f69ce4460c3 100644 --- a/x-pack/plugins/security/public/authentication/logout/logout_app.ts +++ b/x-pack/plugins/security/public/authentication/logout/logout_app.ts @@ -13,7 +13,7 @@ interface CreateDeps { } export const logoutApp = Object.freeze({ - id: 'security/logout', + id: 'security_logout', create({ application, http }: CreateDeps) { http.anonymousPaths.register('/logout'); application.register({ diff --git a/x-pack/plugins/security/public/authentication/overwritten_session/overwritten_session_app.test.ts b/x-pack/plugins/security/public/authentication/overwritten_session/overwritten_session_app.test.ts index 580b5aeaf58d5..7b15d8c46f6eb 100644 --- a/x-pack/plugins/security/public/authentication/overwritten_session/overwritten_session_app.test.ts +++ b/x-pack/plugins/security/public/authentication/overwritten_session/overwritten_session_app.test.ts @@ -26,10 +26,10 @@ describe('overwrittenSessionApp', () => { const [[appRegistration]] = coreSetupMock.application.register.mock.calls; expect(appRegistration).toEqual({ - id: 'security/overwritten_session', + id: 'security_overwritten_session', title: 'Overwritten Session', chromeless: true, - appRoute: '/app/security/overwritten_session', + appRoute: '/security/overwritten_session', mount: expect.any(Function), }); }); diff --git a/x-pack/plugins/security/public/authentication/overwritten_session/overwritten_session_app.ts b/x-pack/plugins/security/public/authentication/overwritten_session/overwritten_session_app.ts index af68c78ce52d1..1bbe388a635e2 100644 --- a/x-pack/plugins/security/public/authentication/overwritten_session/overwritten_session_app.ts +++ b/x-pack/plugins/security/public/authentication/overwritten_session/overwritten_session_app.ts @@ -15,7 +15,7 @@ interface CreateDeps { } export const overwrittenSessionApp = Object.freeze({ - id: 'security/overwritten_session', + id: 'security_overwritten_session', create({ application, authc, getStartServices }: CreateDeps) { application.register({ id: this.id, @@ -23,7 +23,7 @@ export const overwrittenSessionApp = Object.freeze({ defaultMessage: 'Overwritten Session', }), chromeless: true, - appRoute: '/app/security/overwritten_session', + appRoute: '/security/overwritten_session', async mount({ element }: AppMountParameters) { const [[coreStart], { renderOverwrittenSessionPage }] = await Promise.all([ getStartServices(), diff --git a/x-pack/plugins/security/public/nav_control/nav_control_service.tsx b/x-pack/plugins/security/public/nav_control/nav_control_service.tsx index e104b4b32109f..aa3ec2e47469d 100644 --- a/x-pack/plugins/security/public/nav_control/nav_control_service.tsx +++ b/x-pack/plugins/security/public/nav_control/nav_control_service.tsx @@ -70,7 +70,7 @@ export class SecurityNavControlService { const props = { user: currentUserPromise, - editProfileUrl: core.http.basePath.prepend('/app/security/account'), + editProfileUrl: core.http.basePath.prepend('/security/account'), logoutUrl: this.logoutUrl, }; ReactDOM.render( diff --git a/x-pack/plugins/security/server/authentication/providers/kerberos.test.ts b/x-pack/plugins/security/server/authentication/providers/kerberos.test.ts index 6f589ce56fe90..955805296e2bd 100644 --- a/x-pack/plugins/security/server/authentication/providers/kerberos.test.ts +++ b/x-pack/plugins/security/server/authentication/providers/kerberos.test.ts @@ -494,7 +494,7 @@ describe('KerberosAuthenticationProvider', () => { mockOptions.tokens.invalidate.mockResolvedValue(undefined); await expect(provider.logout(request, tokenPair)).resolves.toEqual( - DeauthenticationResult.redirectTo('/mock-server-basepath/app/security/logged_out') + DeauthenticationResult.redirectTo('/mock-server-basepath/security/logged_out') ); expect(mockOptions.tokens.invalidate).toHaveBeenCalledTimes(1); diff --git a/x-pack/plugins/security/server/authentication/providers/kerberos.ts b/x-pack/plugins/security/server/authentication/providers/kerberos.ts index cc9bddcb16a6b..632a07ca2b21a 100644 --- a/x-pack/plugins/security/server/authentication/providers/kerberos.ts +++ b/x-pack/plugins/security/server/authentication/providers/kerberos.ts @@ -92,7 +92,7 @@ export class KerberosAuthenticationProvider extends BaseAuthenticationProvider { } return DeauthenticationResult.redirectTo( - `${this.options.basePath.serverBasePath}/app/security/logged_out` + `${this.options.basePath.serverBasePath}/security/logged_out` ); } diff --git a/x-pack/plugins/security/server/authentication/providers/oidc.test.ts b/x-pack/plugins/security/server/authentication/providers/oidc.test.ts index 22b08efacd41e..6a4ba1ccb41e2 100644 --- a/x-pack/plugins/security/server/authentication/providers/oidc.test.ts +++ b/x-pack/plugins/security/server/authentication/providers/oidc.test.ts @@ -575,7 +575,7 @@ describe('OIDCAuthenticationProvider', () => { mockOptions.client.callAsInternalUser.mockResolvedValue({ redirect: null }); await expect(provider.logout(request, { accessToken, refreshToken })).resolves.toEqual( - DeauthenticationResult.redirectTo('/mock-server-basepath/app/security/logged_out') + DeauthenticationResult.redirectTo('/mock-server-basepath/security/logged_out') ); expect(mockOptions.client.callAsInternalUser).toHaveBeenCalledTimes(1); diff --git a/x-pack/plugins/security/server/authentication/providers/oidc.ts b/x-pack/plugins/security/server/authentication/providers/oidc.ts index 70e8cbac5fe98..d52466826c2be 100644 --- a/x-pack/plugins/security/server/authentication/providers/oidc.ts +++ b/x-pack/plugins/security/server/authentication/providers/oidc.ts @@ -395,7 +395,7 @@ export class OIDCAuthenticationProvider extends BaseAuthenticationProvider { } return DeauthenticationResult.redirectTo( - `${this.options.basePath.serverBasePath}/app/security/logged_out` + `${this.options.basePath.serverBasePath}/security/logged_out` ); } catch (err) { this.logger.debug(`Failed to deauthenticate user: ${err.message}`); diff --git a/x-pack/plugins/security/server/authentication/providers/pki.test.ts b/x-pack/plugins/security/server/authentication/providers/pki.test.ts index 5d8aed0681e35..044416032a4c3 100644 --- a/x-pack/plugins/security/server/authentication/providers/pki.test.ts +++ b/x-pack/plugins/security/server/authentication/providers/pki.test.ts @@ -511,7 +511,7 @@ describe('PKIAuthenticationProvider', () => { mockOptions.tokens.invalidate.mockResolvedValue(undefined); await expect(provider.logout(request, state)).resolves.toEqual( - DeauthenticationResult.redirectTo('/mock-server-basepath/app/security/logged_out') + DeauthenticationResult.redirectTo('/mock-server-basepath/security/logged_out') ); expect(mockOptions.tokens.invalidate).toHaveBeenCalledTimes(1); diff --git a/x-pack/plugins/security/server/authentication/providers/pki.ts b/x-pack/plugins/security/server/authentication/providers/pki.ts index 9dfd963c5c0b3..252ab8cc67144 100644 --- a/x-pack/plugins/security/server/authentication/providers/pki.ts +++ b/x-pack/plugins/security/server/authentication/providers/pki.ts @@ -99,7 +99,7 @@ export class PKIAuthenticationProvider extends BaseAuthenticationProvider { } return DeauthenticationResult.redirectTo( - `${this.options.basePath.serverBasePath}/app/security/logged_out` + `${this.options.basePath.serverBasePath}/security/logged_out` ); } diff --git a/x-pack/plugins/security/server/authentication/providers/saml.test.ts b/x-pack/plugins/security/server/authentication/providers/saml.test.ts index 0f074fd11b966..e00d3b89fb0bf 100644 --- a/x-pack/plugins/security/server/authentication/providers/saml.test.ts +++ b/x-pack/plugins/security/server/authentication/providers/saml.test.ts @@ -365,16 +365,13 @@ describe('SAMLAuthenticationProvider', () => { state ) ).resolves.toEqual( - AuthenticationResult.redirectTo( - '/mock-server-basepath/app/security/overwritten_session', - { - state: { - username: 'new-user', - accessToken: 'new-valid-token', - refreshToken: 'new-valid-refresh-token', - }, - } - ) + AuthenticationResult.redirectTo('/mock-server-basepath/security/overwritten_session', { + state: { + username: 'new-user', + accessToken: 'new-valid-token', + refreshToken: 'new-valid-refresh-token', + }, + }) ); expectAuthenticateCall(mockOptions.client, { headers: { authorization } }); @@ -962,7 +959,7 @@ describe('SAMLAuthenticationProvider', () => { }); }); - it('redirects to /app/security/logged_out if `redirect` field in SAML logout response is null.', async () => { + it('redirects to /security/logged_out if `redirect` field in SAML logout response is null.', async () => { const request = httpServerMock.createKibanaRequest(); const accessToken = 'x-saml-token'; const refreshToken = 'x-saml-refresh-token'; @@ -972,7 +969,7 @@ describe('SAMLAuthenticationProvider', () => { await expect( provider.logout(request, { username: 'user', accessToken, refreshToken }) ).resolves.toEqual( - DeauthenticationResult.redirectTo('/mock-server-basepath/app/security/logged_out') + DeauthenticationResult.redirectTo('/mock-server-basepath/security/logged_out') ); expect(mockOptions.client.callAsInternalUser).toHaveBeenCalledTimes(1); @@ -981,7 +978,7 @@ describe('SAMLAuthenticationProvider', () => { }); }); - it('redirects to /app/security/logged_out if `redirect` field in SAML logout response is not defined.', async () => { + it('redirects to /security/logged_out if `redirect` field in SAML logout response is not defined.', async () => { const request = httpServerMock.createKibanaRequest(); const accessToken = 'x-saml-token'; const refreshToken = 'x-saml-refresh-token'; @@ -991,7 +988,7 @@ describe('SAMLAuthenticationProvider', () => { await expect( provider.logout(request, { username: 'user', accessToken, refreshToken }) ).resolves.toEqual( - DeauthenticationResult.redirectTo('/mock-server-basepath/app/security/logged_out') + DeauthenticationResult.redirectTo('/mock-server-basepath/security/logged_out') ); expect(mockOptions.client.callAsInternalUser).toHaveBeenCalledTimes(1); @@ -1012,7 +1009,7 @@ describe('SAMLAuthenticationProvider', () => { await expect( provider.logout(request, { username: 'user', accessToken, refreshToken }) ).resolves.toEqual( - DeauthenticationResult.redirectTo('/mock-server-basepath/app/security/logged_out') + DeauthenticationResult.redirectTo('/mock-server-basepath/security/logged_out') ); expect(mockOptions.client.callAsInternalUser).toHaveBeenCalledTimes(1); @@ -1033,7 +1030,7 @@ describe('SAMLAuthenticationProvider', () => { refreshToken: 'x-saml-refresh-token', }) ).resolves.toEqual( - DeauthenticationResult.redirectTo('/mock-server-basepath/app/security/logged_out') + DeauthenticationResult.redirectTo('/mock-server-basepath/security/logged_out') ); expect(mockOptions.client.callAsInternalUser).toHaveBeenCalledTimes(1); @@ -1042,13 +1039,13 @@ describe('SAMLAuthenticationProvider', () => { }); }); - it('redirects to /app/security/logged_out if `redirect` field in SAML invalidate response is null.', async () => { + it('redirects to /security/logged_out if `redirect` field in SAML invalidate response is null.', async () => { const request = httpServerMock.createKibanaRequest({ query: { SAMLRequest: 'xxx yyy' } }); mockOptions.client.callAsInternalUser.mockResolvedValue({ redirect: null }); await expect(provider.logout(request)).resolves.toEqual( - DeauthenticationResult.redirectTo('/mock-server-basepath/app/security/logged_out') + DeauthenticationResult.redirectTo('/mock-server-basepath/security/logged_out') ); expect(mockOptions.client.callAsInternalUser).toHaveBeenCalledTimes(1); @@ -1057,13 +1054,13 @@ describe('SAMLAuthenticationProvider', () => { }); }); - it('redirects to /app/security/logged_out if `redirect` field in SAML invalidate response is not defined.', async () => { + it('redirects to /security/logged_out if `redirect` field in SAML invalidate response is not defined.', async () => { const request = httpServerMock.createKibanaRequest({ query: { SAMLRequest: 'xxx yyy' } }); mockOptions.client.callAsInternalUser.mockResolvedValue({ redirect: undefined }); await expect(provider.logout(request)).resolves.toEqual( - DeauthenticationResult.redirectTo('/mock-server-basepath/app/security/logged_out') + DeauthenticationResult.redirectTo('/mock-server-basepath/security/logged_out') ); expect(mockOptions.client.callAsInternalUser).toHaveBeenCalledTimes(1); diff --git a/x-pack/plugins/security/server/authentication/providers/saml.ts b/x-pack/plugins/security/server/authentication/providers/saml.ts index 4a50a1c8c2d01..1152ee5048699 100644 --- a/x-pack/plugins/security/server/authentication/providers/saml.ts +++ b/x-pack/plugins/security/server/authentication/providers/saml.ts @@ -231,7 +231,7 @@ export class SAMLAuthenticationProvider extends BaseAuthenticationProvider { } return DeauthenticationResult.redirectTo( - `${this.options.basePath.serverBasePath}/app/security/logged_out` + `${this.options.basePath.serverBasePath}/security/logged_out` ); } catch (err) { this.logger.debug(`Failed to deauthenticate user: ${err.message}`); @@ -366,7 +366,7 @@ export class SAMLAuthenticationProvider extends BaseAuthenticationProvider { 'Login initiated by Identity Provider is for a different user than currently authenticated.' ); return AuthenticationResult.redirectTo( - `${this.options.basePath.serverBasePath}/app/security/overwritten_session`, + `${this.options.basePath.serverBasePath}/security/overwritten_session`, { state: newState } ); } diff --git a/x-pack/plugins/security/server/routes/views/account_management.ts b/x-pack/plugins/security/server/routes/views/account_management.ts index 07e0d8289af16..3c84483d8f494 100644 --- a/x-pack/plugins/security/server/routes/views/account_management.ts +++ b/x-pack/plugins/security/server/routes/views/account_management.ts @@ -10,13 +10,10 @@ import { RouteDefinitionParams } from '..'; * Defines routes required for the Account Management view. */ export function defineAccountManagementRoutes({ router, csp }: RouteDefinitionParams) { - router.get( - { path: '/app/security/account', validate: false }, - async (context, request, response) => { - return response.ok({ - body: await context.core.rendering.render({ includeUserSettings: true }), - headers: { 'content-security-policy': csp.header }, - }); - } - ); + router.get({ path: '/security/account', validate: false }, async (context, request, response) => { + return response.ok({ + body: await context.core.rendering.render({ includeUserSettings: true }), + headers: { 'content-security-policy': csp.header }, + }); + }); } diff --git a/x-pack/plugins/security/server/routes/views/index.test.ts b/x-pack/plugins/security/server/routes/views/index.test.ts index 00a071e714226..63e8a518c6198 100644 --- a/x-pack/plugins/security/server/routes/views/index.test.ts +++ b/x-pack/plugins/security/server/routes/views/index.test.ts @@ -19,10 +19,10 @@ describe('View routes', () => { expect(routeParamsMock.router.get.mock.calls.map(([{ path }]) => path)).toMatchInlineSnapshot(` Array [ - "/app/security/account", - "/app/security/logged_out", + "/security/account", + "/security/logged_out", "/logout", - "/app/security/overwritten_session", + "/security/overwritten_session", ] `); }); @@ -37,10 +37,10 @@ describe('View routes', () => { Array [ "/login", "/internal/security/login_state", - "/app/security/account", - "/app/security/logged_out", + "/security/account", + "/security/logged_out", "/logout", - "/app/security/overwritten_session", + "/security/overwritten_session", ] `); }); @@ -55,10 +55,10 @@ describe('View routes', () => { Array [ "/login", "/internal/security/login_state", - "/app/security/account", - "/app/security/logged_out", + "/security/account", + "/security/logged_out", "/logout", - "/app/security/overwritten_session", + "/security/overwritten_session", ] `); }); diff --git a/x-pack/plugins/security/server/routes/views/logged_out.test.ts b/x-pack/plugins/security/server/routes/views/logged_out.test.ts index e9753ce529470..822802b62d874 100644 --- a/x-pack/plugins/security/server/routes/views/logged_out.test.ts +++ b/x-pack/plugins/security/server/routes/views/logged_out.test.ts @@ -29,7 +29,7 @@ describe('LoggedOut view routes', () => { loggedOutRouteConfig, loggedOutRouteHandler, ] = routeParamsMock.router.get.mock.calls.find( - ([{ path }]) => path === '/app/security/logged_out' + ([{ path }]) => path === '/security/logged_out' )!; routeConfig = loggedOutRouteConfig; diff --git a/x-pack/plugins/security/server/routes/views/logged_out.ts b/x-pack/plugins/security/server/routes/views/logged_out.ts index 28d7485459655..2f69d8c35f03e 100644 --- a/x-pack/plugins/security/server/routes/views/logged_out.ts +++ b/x-pack/plugins/security/server/routes/views/logged_out.ts @@ -24,7 +24,7 @@ export function defineLoggedOutRoutes({ }: RouteDefinitionParams) { router.get( { - path: '/app/security/logged_out', + path: '/security/logged_out', validate: false, options: { authRequired: false }, }, diff --git a/x-pack/plugins/security/server/routes/views/overwritten_session.ts b/x-pack/plugins/security/server/routes/views/overwritten_session.ts index ed023069e93f5..c21ab1c207362 100644 --- a/x-pack/plugins/security/server/routes/views/overwritten_session.ts +++ b/x-pack/plugins/security/server/routes/views/overwritten_session.ts @@ -11,7 +11,7 @@ import { RouteDefinitionParams } from '..'; */ export function defineOverwrittenSessionRoutes({ router, csp }: RouteDefinitionParams) { router.get( - { path: '/app/security/overwritten_session', validate: false }, + { path: '/security/overwritten_session', validate: false }, async (context, request, response) => { return response.ok({ body: await context.core.rendering.render({ includeUserSettings: true }), diff --git a/x-pack/test/kerberos_api_integration/apis/security/kerberos_login.ts b/x-pack/test/kerberos_api_integration/apis/security/kerberos_login.ts index a28c75b555b60..b561c9ea47513 100644 --- a/x-pack/test/kerberos_api_integration/apis/security/kerberos_login.ts +++ b/x-pack/test/kerberos_api_integration/apis/security/kerberos_login.ts @@ -242,7 +242,7 @@ export default function({ getService }: FtrProviderContext) { expect(cookies).to.have.length(1); checkCookieIsCleared(request.cookie(cookies[0])!); - expect(logoutResponse.headers.location).to.be('/app/security/logged_out'); + expect(logoutResponse.headers.location).to.be('/security/logged_out'); // Token that was stored in the previous cookie should be invalidated as well and old // session cookie should not allow API access. diff --git a/x-pack/test/pki_api_integration/apis/security/pki_auth.ts b/x-pack/test/pki_api_integration/apis/security/pki_auth.ts index aaa8debda8f9a..fe772a3b1d460 100644 --- a/x-pack/test/pki_api_integration/apis/security/pki_auth.ts +++ b/x-pack/test/pki_api_integration/apis/security/pki_auth.ts @@ -290,7 +290,7 @@ export default function({ getService }: FtrProviderContext) { expect(cookies).to.have.length(1); checkCookieIsCleared(request.cookie(cookies[0])!); - expect(logoutResponse.headers.location).to.be('/app/security/logged_out'); + expect(logoutResponse.headers.location).to.be('/security/logged_out'); }); it('should redirect to home page if session cookie is not provided', async () => { diff --git a/x-pack/test/saml_api_integration/apis/security/saml_login.ts b/x-pack/test/saml_api_integration/apis/security/saml_login.ts index 90c35c69d8eb6..e49d95f2ec6c2 100644 --- a/x-pack/test/saml_api_integration/apis/security/saml_login.ts +++ b/x-pack/test/saml_api_integration/apis/security/saml_login.ts @@ -728,7 +728,7 @@ export default function({ getService }: FtrProviderContext) { .set('kbn-xsrf', 'xxx') .set('Cookie', existingSessionCookie.cookieString()) .send({ SAMLResponse: await createSAMLResponse({ username: newUsername }) }) - .expect('location', '/app/security/overwritten_session') + .expect('location', '/security/overwritten_session') .expect(302); const newSessionCookie = request.cookie(