From b3057e3e1272633bd29b1c7f68e57c34548ff8ef Mon Sep 17 00:00:00 2001
From: Aleh Zasypkin <aleh.zasypkin@gmail.com>
Date: Mon, 5 Oct 2020 18:21:35 +0200
Subject: [PATCH] Review#1: extract authenticated session check logic into a
 dedicated function.

---
 .../server/authentication/authenticator.ts         | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/x-pack/plugins/security/server/authentication/authenticator.ts b/x-pack/plugins/security/server/authentication/authenticator.ts
index ac028c19a2f5a..b8ec6258eb0d5 100644
--- a/x-pack/plugins/security/server/authentication/authenticator.ts
+++ b/x-pack/plugins/security/server/authentication/authenticator.ts
@@ -131,6 +131,10 @@ function isLoginAttemptWithProviderType(
   );
 }
 
+function isSessionAuthenticated(sessionValue?: Readonly<SessionValue> | null) {
+  return !!sessionValue?.username;
+}
+
 /**
  * Instantiates authentication provider based on the provider key from config.
  * @param providerType Provider type key.
@@ -558,7 +562,7 @@ export class Authenticator {
       return ownsSession ? { value: existingSessionValue, overwritten: false } : null;
     }
 
-    const isExistingSessionAuthenticated = !!existingSessionValue?.username;
+    const isExistingSessionAuthenticated = isSessionAuthenticated(existingSessionValue);
     const isNewSessionAuthenticated = !!authenticationResult.user;
 
     const providerHasChanged = !!existingSessionValue && !ownsSession;
@@ -637,7 +641,7 @@ export class Authenticator {
     //  4. Request isn't attributed with HTTP Authorization header
     return (
       canRedirectRequest(request) &&
-      (!sessionValue || !sessionValue.username) &&
+      !isSessionAuthenticated(sessionValue) &&
       this.options.config.authc.selector.enabled &&
       HTTPAuthorizationHeader.parseFromRequest(request) == null
     );
@@ -688,14 +692,14 @@ export class Authenticator {
       return authenticationResult;
     }
 
-    const isSessionAuthenticated = !!sessionUpdateResult?.value?.username;
+    const isUpdatedSessionAuthenticated = isSessionAuthenticated(sessionUpdateResult?.value);
 
     let preAccessRedirectURL;
-    if (isSessionAuthenticated && sessionUpdateResult?.overwritten) {
+    if (isUpdatedSessionAuthenticated && sessionUpdateResult?.overwritten) {
       this.logger.debug('Redirecting user to the overwritten session UI.');
       preAccessRedirectURL = `${this.options.basePath.serverBasePath}${OVERWRITTEN_SESSION_ROUTE}`;
     } else if (
-      isSessionAuthenticated &&
+      isUpdatedSessionAuthenticated &&
       this.shouldRedirectToAccessAgreement(sessionUpdateResult?.value ?? null)
     ) {
       this.logger.debug('Redirecting user to the access agreement UI.');