Changes

x-pack/legacy/plugins/security/index.ts

@@ -4,117 +4,75 @@
  * you may not use this file except in compliance with the Elastic License.
  */
 
+import { Root } from 'joi';
 import { resolve } from 'path';
-import { initOverwrittenSessionView } from './server/routes/views/overwritten_session';
-import { initLoginView } from './server/routes/views/login';
-import { initLogoutView } from './server/routes/views/logout';
-import { initLoggedOutView } from './server/routes/views/logged_out';
+import { Server } from 'src/legacy/server/kbn_server';
+import { KibanaRequest, LegacyRequest } from '../../../../src/core/server';
+// @ts-ignore
 import { AuditLogger } from '../../server/lib/audit_logger';
+// @ts-ignore
 import { watchStatusAndLicenseToInitialize } from '../../server/lib/watch_status_and_license_to_initialize';
-import { KibanaRequest } from '../../../../src/core/server';
+import { AuthenticatedUser, SecurityPluginSetup } from '../../../plugins/security/server';
 
-export const security = kibana =>
+/**
+ * Public interface of the security plugin.
+ */
+export interface SecurityPlugin {
+  getUser: (request: LegacyRequest) => Promise<AuthenticatedUser>;
+}
+
+function getSecurityPluginSetup(server: Server) {
+  const securityPlugin = server.newPlatform.setup.plugins.security as SecurityPluginSetup;
+  if (!securityPlugin) {
+    throw new Error('Kibana Platform Security plugin is not available.');
+  }
+
+  return securityPlugin;
+}
+
+export const security = (kibana: Record<string, any>) =>
   new kibana.Plugin({
     id: 'security',
     configPrefix: 'xpack.security',
     publicDir: resolve(__dirname, 'public'),
     require: ['kibana', 'elasticsearch', 'xpack_main'],
 
-    config(Joi) {
-      const HANDLED_IN_NEW_PLATFORM = Joi.any().description(
-        'This key is handled in the new platform security plugin ONLY'
-      );
+    // This config is only used by `AuditLogger` and should be removed as soon as `AuditLogger`
+    // is migrated to Kibana Platform.
+    config(Joi: Root) {
       return Joi.object({
         enabled: Joi.boolean().default(true),
-        cookieName: HANDLED_IN_NEW_PLATFORM,
-        encryptionKey: HANDLED_IN_NEW_PLATFORM,
-        session: HANDLED_IN_NEW_PLATFORM,
-        secureCookies: HANDLED_IN_NEW_PLATFORM,
-        loginAssistanceMessage: HANDLED_IN_NEW_PLATFORM,
-        authorization: HANDLED_IN_NEW_PLATFORM,
-        audit: Joi.object({
-          enabled: Joi.boolean().default(false),
-        }).default(),
-        authc: HANDLED_IN_NEW_PLATFORM,
-      }).default();
+        audit: Joi.object({ enabled: Joi.boolean().default(false) }).default(),
+      })
+        .unknown()
+        .default();
     },
 
     uiExports: {
-      styleSheetPaths: resolve(__dirname, 'public/index.scss'),
-      apps: [
-        {
-          id: 'login',
-          title: 'Login',
-          main: 'plugins/security/views/login',
-          hidden: true,
-        },
-        {
-          id: 'overwritten_session',
-          title: 'Overwritten Session',
-          main: 'plugins/security/views/overwritten_session',
-          description:
-            'The view is shown when user had an active session previously, but logged in as a different user.',
-          hidden: true,
-        },
-        {
-          id: 'logout',
-          title: 'Logout',
-          main: 'plugins/security/views/logout',
-          hidden: true,
-        },
-        {
-          id: 'logged_out',
-          title: 'Logged out',
-          main: 'plugins/security/views/logged_out',
-          hidden: true,
-        },
-      ],
-      hacks: [
-        'plugins/security/hacks/on_session_timeout',
-        'plugins/security/hacks/on_unauthorized_response',
-        'plugins/security/hacks/register_account_management_app',
-      ],
-      injectDefaultVars: server => {
-        const securityPlugin = server.newPlatform.setup.plugins.security;
-        if (!securityPlugin) {
-          throw new Error('New Platform XPack Security plugin is not available.');
-        }
-
+      hacks: ['plugins/security/hacks/legacy'],
+      injectDefaultVars: (server: Server) => {
         return {
-          secureCookies: securityPlugin.__legacyCompat.config.secureCookies,
-          session: {
-            tenant: server.newPlatform.setup.core.http.basePath.serverBasePath,
-          },
+          secureCookies: getSecurityPluginSetup(server).__legacyCompat.config.secureCookies,
           enableSpaceAwarePrivileges: server.config().get('xpack.spaces.enabled'),
-          logoutUrl: `${server.newPlatform.setup.core.http.basePath.serverBasePath}/logout`,
         };
       },
     },
 
-    async postInit(server) {
-      const securityPlugin = server.newPlatform.setup.plugins.security;
-      if (!securityPlugin) {
-        throw new Error('New Platform XPack Security plugin is not available.');
-      }
-
+    async postInit(server: Server) {
       watchStatusAndLicenseToInitialize(server.plugins.xpack_main, this, async () => {
         const xpackInfo = server.plugins.xpack_main.info;
         if (xpackInfo.isAvailable() && xpackInfo.feature('security').isEnabled()) {
-          await securityPlugin.__legacyCompat.registerPrivilegesWithCluster();
+          await getSecurityPluginSetup(server).__legacyCompat.registerPrivilegesWithCluster();
         }
       });
     },
 
-    async init(server) {
-      const securityPlugin = server.newPlatform.setup.plugins.security;
-      if (!securityPlugin) {
-        throw new Error('New Platform XPack Security plugin is not available.');
-      }
+    async init(server: Server) {
+      const securityPlugin = getSecurityPluginSetup(server);
 
-      const config = server.config();
       const xpackInfo = server.plugins.xpack_main.info;
       securityPlugin.__legacyCompat.registerLegacyAPI({
-        auditLogger: new AuditLogger(server, 'security', config, xpackInfo),
+        auditLogger: new AuditLogger(server, 'security', server.config(), xpackInfo),
       });
 
       // Legacy xPack Info endpoint returns whatever we return in a callback for `registerLicenseCheckResultsGenerator`
@@ -128,29 +86,8 @@ export const security = kibana =>
         );
 
       server.expose({
-        getUser: async request => securityPlugin.authc.getCurrentUser(KibanaRequest.from(request)),
-      });
-
-      initLoginView(securityPlugin, server);
-      initLogoutView(server);
-      initLoggedOutView(securityPlugin, server);
-      initOverwrittenSessionView(server);
-
-      server.injectUiAppVars('login', () => {
-        const {
-          showLogin,
-          allowLogin,
-          layout = 'form',
-        } = securityPlugin.__legacyCompat.license.getFeatures();
-        const { loginAssistanceMessage } = securityPlugin.__legacyCompat.config;
-        return {
-          loginAssistanceMessage,
-          loginState: {
-            showLogin,
-            allowLogin,
-            layout,
-          },
-        };
+        getUser: async (request: LegacyRequest) =>
+          securityPlugin.authc.getCurrentUser(KibanaRequest.from(request)),
       });
     },
   });

x-pack/legacy/plugins/security/public/hacks/legacy.ts

@@ -0,0 +1,65 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+// @ts-ignore
+import { uiModules } from 'ui/modules';
+import { npSetup, npStart } from 'ui/new_platform';
+import routes from 'ui/routes';
+import { isSystemApiRequest } from '../../../../../../src/plugins/kibana_legacy/public';
+import { SecurityPluginSetup } from '../../../../../plugins/security/public';
+
+const securityPluginSetup = (npSetup.plugins as any).security as SecurityPluginSetup;
+if (securityPluginSetup) {
+  routes.when('/account', {
+    template: '<div />',
+    controller: () => npStart.core.application.navigateToApp('security'),
+  });
+
+  const getNextParameter = () => {
+    const { location } = window;
+    const next = encodeURIComponent(`${location.pathname}${location.search}${location.hash}`);
+    return `&next=${next}`;
+  };
+
+  const getProviderParameter = (tenant: string) => {
+    const key = `${tenant}/session_provider`;
+    const providerName = sessionStorage.getItem(key);
+    return providerName ? `&provider=${encodeURIComponent(providerName)}` : '';
+  };
+
+  const module = uiModules.get('security', []);
+  module.config(($httpProvider: ng.IHttpProvider) => {
+    $httpProvider.interceptors.push(($q, $window, Promise) => {
+      const isAnonymous = npSetup.core.http.anonymousPaths.isAnonymous(window.location.pathname);
+
+      function interceptorFactory(responseHandler: (response: ng.IHttpResponse<unknown>) => any) {
+        return function interceptor(response: ng.IHttpResponse<unknown>) {
+          // TODO: SHOULD WE CHECK THAT IT'S NOT ERROR RESPONSE (&& response.status !== 401)?
+          if (!isAnonymous && !isSystemApiRequest(response.config)) {
+            securityPluginSetup.sessionTimeout.extend(response.config.url);
+          }
+
+          if (response.status !== 401 || isAnonymous) {
+            return responseHandler(response);
+          }
+
+          const { logoutUrl, tenant } = securityPluginSetup.__legacyCompat;
+          const next = getNextParameter();
+          const provider = getProviderParameter(tenant);
+
+          $window.location.href = `${logoutUrl}?msg=SESSION_EXPIRED${next}${provider}`;
+
+          return Promise.halt();
+        };
+      }
+
+      return {
+        response: interceptorFactory(response => response),
+        responseError: interceptorFactory($q.reject),
+      };
+    });
+  });
+}