From b1c6693b74f2fa7051b31225d6e598b3bae09878 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=9Cjeramysoucy=E2=80=9D?= Date: Mon, 24 Jul 2023 09:38:30 -0400 Subject: [PATCH 1/4] Marks public security, spaces, and encrypted saved object APIs --- .../server/routes/key_rotation.ts | 1 + .../security/server/routes/authentication/common.ts | 6 +++++- .../security/server/routes/authentication/oidc.ts | 10 ++++++++-- .../security/server/routes/authentication/saml.ts | 1 + .../server/routes/authorization/privileges/get.ts | 1 + .../server/routes/authorization/roles/delete.ts | 1 + .../security/server/routes/authorization/roles/get.ts | 1 + .../server/routes/authorization/roles/get_all.ts | 2 +- .../security/server/routes/authorization/roles/put.ts | 1 + .../server/routes/session_management/invalidate.ts | 2 +- .../security/server/routes/views/access_agreement.ts | 8 ++++++-- .../security/server/routes/views/account_management.ts | 5 +++-- .../plugins/security/server/routes/views/logged_out.ts | 2 +- x-pack/plugins/security/server/routes/views/login.ts | 2 +- x-pack/plugins/security/server/routes/views/logout.ts | 2 +- .../server/routes/views/overwritten_session.ts | 2 +- .../spaces/server/routes/api/external/copy_to_space.ts | 2 ++ .../spaces/server/routes/api/external/delete.ts | 1 + .../routes/api/external/disable_legacy_url_aliases.ts | 1 + .../plugins/spaces/server/routes/api/external/get.ts | 1 + .../spaces/server/routes/api/external/get_all.ts | 1 + .../routes/api/external/get_shareable_references.ts | 1 + .../plugins/spaces/server/routes/api/external/post.ts | 1 + .../plugins/spaces/server/routes/api/external/put.ts | 1 + .../routes/api/external/update_objects_spaces.ts | 1 + x-pack/plugins/spaces/server/routes/views/index.ts | 2 +- 26 files changed, 45 insertions(+), 14 deletions(-) diff --git a/x-pack/plugins/encrypted_saved_objects/server/routes/key_rotation.ts b/x-pack/plugins/encrypted_saved_objects/server/routes/key_rotation.ts index 9305446767e9d..a351d22f50a8f 100644 --- a/x-pack/plugins/encrypted_saved_objects/server/routes/key_rotation.ts +++ b/x-pack/plugins/encrypted_saved_objects/server/routes/key_rotation.ts @@ -40,6 +40,7 @@ export function defineKeyRotationRoutes({ }, options: { tags: ['access:rotateEncryptionKey'], + access: 'public', }, }, async (context, request, response) => { diff --git a/x-pack/plugins/security/server/routes/authentication/common.ts b/x-pack/plugins/security/server/routes/authentication/common.ts index 696c3f625425d..8d1a1c483b565 100644 --- a/x-pack/plugins/security/server/routes/authentication/common.ts +++ b/x-pack/plugins/security/server/routes/authentication/common.ts @@ -41,7 +41,11 @@ export function defineCommonRoutes({ // Allow unknown query parameters as this endpoint can be hit by the 3rd-party with any // set of query string parameters (e.g. SAML/OIDC logout request/response parameters). validate: { query: schema.object({}, { unknowns: 'allow' }) }, - options: { authRequired: false, tags: [ROUTE_TAG_CAN_REDIRECT, ROUTE_TAG_AUTH_FLOW] }, + options: { + authRequired: false, + tags: [ROUTE_TAG_CAN_REDIRECT, ROUTE_TAG_AUTH_FLOW], + access: 'public', + }, }, async (context, request, response) => { const serverBasePath = basePath.serverBasePath; diff --git a/x-pack/plugins/security/server/routes/authentication/oidc.ts b/x-pack/plugins/security/server/routes/authentication/oidc.ts index 2c4ab9de1491b..a8787a651c581 100644 --- a/x-pack/plugins/security/server/routes/authentication/oidc.ts +++ b/x-pack/plugins/security/server/routes/authentication/oidc.ts @@ -37,7 +37,7 @@ export function defineOIDCRoutes({ { path, validate: false, - options: { authRequired: false }, + options: { authRequired: false, access: 'public' }, }, (context, request, response) => { const serverBasePath = basePath.serverBasePath; @@ -106,7 +106,11 @@ export function defineOIDCRoutes({ { unknowns: 'allow' } ), }, - options: { authRequired: false, tags: [ROUTE_TAG_CAN_REDIRECT, ROUTE_TAG_AUTH_FLOW] }, + options: { + authRequired: false, + tags: [ROUTE_TAG_CAN_REDIRECT, ROUTE_TAG_AUTH_FLOW], + access: 'public', + }, }, createLicensedRouteHandler(async (context, request, response) => { const serverBasePath = basePath.serverBasePath; @@ -187,6 +191,7 @@ export function defineOIDCRoutes({ authRequired: false, xsrfRequired: false, tags: [ROUTE_TAG_CAN_REDIRECT, ROUTE_TAG_AUTH_FLOW], + access: 'public', }, }, createLicensedRouteHandler(async (context, request, response) => { @@ -229,6 +234,7 @@ export function defineOIDCRoutes({ options: { authRequired: false, tags: [ROUTE_TAG_CAN_REDIRECT, ROUTE_TAG_AUTH_FLOW], + access: 'public', }, }, createLicensedRouteHandler(async (context, request, response) => { diff --git a/x-pack/plugins/security/server/routes/authentication/saml.ts b/x-pack/plugins/security/server/routes/authentication/saml.ts index c1fa0cfc8e4ef..035264984826e 100644 --- a/x-pack/plugins/security/server/routes/authentication/saml.ts +++ b/x-pack/plugins/security/server/routes/authentication/saml.ts @@ -35,6 +35,7 @@ export function defineSAMLRoutes({ authRequired: false, xsrfRequired: false, tags: [ROUTE_TAG_CAN_REDIRECT, ROUTE_TAG_AUTH_FLOW], + access: 'public', }, }, async (context, request, response) => { diff --git a/x-pack/plugins/security/server/routes/authorization/privileges/get.ts b/x-pack/plugins/security/server/routes/authorization/privileges/get.ts index 8817fca4831ae..0724bf50cc5b3 100644 --- a/x-pack/plugins/security/server/routes/authorization/privileges/get.ts +++ b/x-pack/plugins/security/server/routes/authorization/privileges/get.ts @@ -26,6 +26,7 @@ export function defineGetPrivilegesRoutes({ router, authz }: RouteDefinitionPara ), }), }, + options: { access: 'public' }, }, createLicensedRouteHandler((context, request, response) => { const respectLicenseLevel = request.query.respectLicenseLevel !== 'false'; // if undefined resolve to true by default diff --git a/x-pack/plugins/security/server/routes/authorization/roles/delete.ts b/x-pack/plugins/security/server/routes/authorization/roles/delete.ts index b484fd0151841..4a9bdd0fe714a 100644 --- a/x-pack/plugins/security/server/routes/authorization/roles/delete.ts +++ b/x-pack/plugins/security/server/routes/authorization/roles/delete.ts @@ -18,6 +18,7 @@ export function defineDeleteRolesRoutes({ router }: RouteDefinitionParams) { validate: { params: schema.object({ name: schema.string({ minLength: 1 }) }), }, + options: { access: 'public' }, }, createLicensedRouteHandler(async (context, request, response) => { try { diff --git a/x-pack/plugins/security/server/routes/authorization/roles/get.ts b/x-pack/plugins/security/server/routes/authorization/roles/get.ts index 8a8b688fd9bb5..57fb9e2ad8e63 100644 --- a/x-pack/plugins/security/server/routes/authorization/roles/get.ts +++ b/x-pack/plugins/security/server/routes/authorization/roles/get.ts @@ -24,6 +24,7 @@ export function defineGetRolesRoutes({ validate: { params: schema.object({ name: schema.string({ minLength: 1 }) }), }, + options: { access: 'public' }, }, createLicensedRouteHandler(async (context, request, response) => { try { diff --git a/x-pack/plugins/security/server/routes/authorization/roles/get_all.ts b/x-pack/plugins/security/server/routes/authorization/roles/get_all.ts index c6407e3784763..a39c14fd4cb83 100644 --- a/x-pack/plugins/security/server/routes/authorization/roles/get_all.ts +++ b/x-pack/plugins/security/server/routes/authorization/roles/get_all.ts @@ -17,7 +17,7 @@ export function defineGetAllRolesRoutes({ logger, }: RouteDefinitionParams) { router.get( - { path: '/api/security/role', validate: false }, + { path: '/api/security/role', validate: false, options: { access: 'public' } }, createLicensedRouteHandler(async (context, request, response) => { try { const esClient = (await context.core).elasticsearch.client; diff --git a/x-pack/plugins/security/server/routes/authorization/roles/put.ts b/x-pack/plugins/security/server/routes/authorization/roles/put.ts index bc2df19cf261d..d7b8800cdb6d0 100644 --- a/x-pack/plugins/security/server/routes/authorization/roles/put.ts +++ b/x-pack/plugins/security/server/routes/authorization/roles/put.ts @@ -56,6 +56,7 @@ export function definePutRolesRoutes({ }; }), }, + options: { access: 'public' }, }, createLicensedRouteHandler(async (context, request, response) => { const { name } = request.params; diff --git a/x-pack/plugins/security/server/routes/session_management/invalidate.ts b/x-pack/plugins/security/server/routes/session_management/invalidate.ts index 3416be3dd2965..236e96a11121d 100644 --- a/x-pack/plugins/security/server/routes/session_management/invalidate.ts +++ b/x-pack/plugins/security/server/routes/session_management/invalidate.ts @@ -33,7 +33,7 @@ export function defineInvalidateSessionsRoutes({ router, getSession }: RouteDefi ), }), }, - options: { tags: ['access:sessionManagement'] }, + options: { tags: ['access:sessionManagement'], access: 'public' }, }, async (_context, request, response) => { return response.ok({ diff --git a/x-pack/plugins/security/server/routes/views/access_agreement.ts b/x-pack/plugins/security/server/routes/views/access_agreement.ts index 3724892edd6df..fb69fadfd0338 100644 --- a/x-pack/plugins/security/server/routes/views/access_agreement.ts +++ b/x-pack/plugins/security/server/routes/views/access_agreement.ts @@ -24,7 +24,7 @@ export function defineAccessAgreementRoutes({ const canHandleRequest = () => license.getFeatures().allowAccessAgreement; httpResources.register( - { path: '/security/access_agreement', validate: false }, + { path: '/security/access_agreement', validate: false, options: { access: 'public' } }, createLicensedRouteHandler(async (context, request, response) => canHandleRequest() ? response.renderCoreApp() @@ -35,7 +35,11 @@ export function defineAccessAgreementRoutes({ ); router.get( - { path: '/internal/security/access_agreement/state', validate: false }, + { + path: '/internal/security/access_agreement/state', + validate: false, + options: { access: 'public' }, + }, createLicensedRouteHandler(async (context, request, response) => { if (!canHandleRequest()) { return response.forbidden({ diff --git a/x-pack/plugins/security/server/routes/views/account_management.ts b/x-pack/plugins/security/server/routes/views/account_management.ts index af49f325a25d2..36e8d209b7cfb 100644 --- a/x-pack/plugins/security/server/routes/views/account_management.ts +++ b/x-pack/plugins/security/server/routes/views/account_management.ts @@ -11,7 +11,8 @@ import type { RouteDefinitionParams } from '..'; * Defines routes required for the Account Management view. */ export function defineAccountManagementRoutes({ httpResources }: RouteDefinitionParams) { - httpResources.register({ path: '/security/account', validate: false }, (context, req, res) => - res.renderCoreApp() + httpResources.register( + { path: '/security/account', validate: false, options: { access: 'public' } }, + (context, req, res) => res.renderCoreApp() ); } diff --git a/x-pack/plugins/security/server/routes/views/logged_out.ts b/x-pack/plugins/security/server/routes/views/logged_out.ts index 360c0fb2c9b7c..32322189cb609 100644 --- a/x-pack/plugins/security/server/routes/views/logged_out.ts +++ b/x-pack/plugins/security/server/routes/views/logged_out.ts @@ -20,7 +20,7 @@ export function defineLoggedOutRoutes({ { path: '/security/logged_out', validate: false, - options: { authRequired: false }, + options: { authRequired: false, access: 'public' }, }, async (context, request, response) => { // Authentication flow isn't triggered automatically for this route, so we should explicitly diff --git a/x-pack/plugins/security/server/routes/views/login.ts b/x-pack/plugins/security/server/routes/views/login.ts index 9a7145b0e09df..ee2813eda7747 100644 --- a/x-pack/plugins/security/server/routes/views/login.ts +++ b/x-pack/plugins/security/server/routes/views/login.ts @@ -39,7 +39,7 @@ export function defineLoginRoutes({ { unknowns: 'allow' } ), }, - options: { authRequired: 'optional' }, + options: { authRequired: 'optional', access: 'public' }, }, async (context, request, response) => { // Default to true if license isn't available or it can't be resolved for some reason. diff --git a/x-pack/plugins/security/server/routes/views/logout.ts b/x-pack/plugins/security/server/routes/views/logout.ts index 3fb905ee10d37..0da28e137137e 100644 --- a/x-pack/plugins/security/server/routes/views/logout.ts +++ b/x-pack/plugins/security/server/routes/views/logout.ts @@ -12,7 +12,7 @@ import type { RouteDefinitionParams } from '..'; */ export function defineLogoutRoutes({ httpResources }: RouteDefinitionParams) { httpResources.register( - { path: '/logout', validate: false, options: { authRequired: false } }, + { path: '/logout', validate: false, options: { authRequired: false, access: 'public' } }, (context, request, response) => response.renderAnonymousCoreApp() ); } diff --git a/x-pack/plugins/security/server/routes/views/overwritten_session.ts b/x-pack/plugins/security/server/routes/views/overwritten_session.ts index 115f7ea0a093f..63aac3e255dac 100644 --- a/x-pack/plugins/security/server/routes/views/overwritten_session.ts +++ b/x-pack/plugins/security/server/routes/views/overwritten_session.ts @@ -12,7 +12,7 @@ import type { RouteDefinitionParams } from '..'; */ export function defineOverwrittenSessionRoutes({ httpResources }: RouteDefinitionParams) { httpResources.register( - { path: '/security/overwritten_session', validate: false }, + { path: '/security/overwritten_session', validate: false, options: { access: 'public' } }, (context, req, res) => res.renderCoreApp() ); } diff --git a/x-pack/plugins/spaces/server/routes/api/external/copy_to_space.ts b/x-pack/plugins/spaces/server/routes/api/external/copy_to_space.ts index 7faf03ea60b57..e1bc60383bce1 100644 --- a/x-pack/plugins/spaces/server/routes/api/external/copy_to_space.ts +++ b/x-pack/plugins/spaces/server/routes/api/external/copy_to_space.ts @@ -32,6 +32,7 @@ export function initCopyToSpacesApi(deps: ExternalRouteDeps) { path: '/api/spaces/_copy_saved_objects', options: { tags: ['access:copySavedObjectsToSpaces'], + access: 'public', }, validate: { body: schema.object( @@ -142,6 +143,7 @@ export function initCopyToSpacesApi(deps: ExternalRouteDeps) { path: '/api/spaces/_resolve_copy_saved_objects_errors', options: { tags: ['access:copySavedObjectsToSpaces'], + access: 'public', }, validate: { body: schema.object( diff --git a/x-pack/plugins/spaces/server/routes/api/external/delete.ts b/x-pack/plugins/spaces/server/routes/api/external/delete.ts index b2f0d71d34a21..7d14843b177a8 100644 --- a/x-pack/plugins/spaces/server/routes/api/external/delete.ts +++ b/x-pack/plugins/spaces/server/routes/api/external/delete.ts @@ -25,6 +25,7 @@ export function initDeleteSpacesApi(deps: ExternalRouteDeps) { id: schema.string(), }), }, + options: { access: 'public' }, }, createLicensedRouteHandler(async (context, request, response) => { const spacesClient = getSpacesService().createSpacesClient(request); diff --git a/x-pack/plugins/spaces/server/routes/api/external/disable_legacy_url_aliases.ts b/x-pack/plugins/spaces/server/routes/api/external/disable_legacy_url_aliases.ts index ff523ea99c06b..978f756f75f74 100644 --- a/x-pack/plugins/spaces/server/routes/api/external/disable_legacy_url_aliases.ts +++ b/x-pack/plugins/spaces/server/routes/api/external/disable_legacy_url_aliases.ts @@ -29,6 +29,7 @@ export function initDisableLegacyUrlAliasesApi(deps: ExternalRouteDeps) { ), }), }, + options: { access: 'public' }, }, createLicensedRouteHandler(async (_context, request, response) => { const spacesClient = getSpacesService().createSpacesClient(request); diff --git a/x-pack/plugins/spaces/server/routes/api/external/get.ts b/x-pack/plugins/spaces/server/routes/api/external/get.ts index a26cfe0211d16..af105bf8cda57 100644 --- a/x-pack/plugins/spaces/server/routes/api/external/get.ts +++ b/x-pack/plugins/spaces/server/routes/api/external/get.ts @@ -23,6 +23,7 @@ export function initGetSpaceApi(deps: ExternalRouteDeps) { id: schema.string(), }), }, + options: { access: 'public' }, // will be made configurable by https://github.com/elastic/kibana/pull/162087 }, createLicensedRouteHandler(async (context, request, response) => { const spaceId = request.params.id; diff --git a/x-pack/plugins/spaces/server/routes/api/external/get_all.ts b/x-pack/plugins/spaces/server/routes/api/external/get_all.ts index 06d629a194560..95998d0c926fc 100644 --- a/x-pack/plugins/spaces/server/routes/api/external/get_all.ts +++ b/x-pack/plugins/spaces/server/routes/api/external/get_all.ts @@ -35,6 +35,7 @@ export function initGetAllSpacesApi(deps: ExternalRouteDeps) { ), }), }, + options: { access: 'public' }, // will be made configurable by https://github.com/elastic/kibana/pull/162087 }, createLicensedRouteHandler(async (context, request, response) => { log.debug(`Inside GET /api/spaces/space`); diff --git a/x-pack/plugins/spaces/server/routes/api/external/get_shareable_references.ts b/x-pack/plugins/spaces/server/routes/api/external/get_shareable_references.ts index ec5b0ce82ece4..5bea23c2289da 100644 --- a/x-pack/plugins/spaces/server/routes/api/external/get_shareable_references.ts +++ b/x-pack/plugins/spaces/server/routes/api/external/get_shareable_references.ts @@ -22,6 +22,7 @@ export function initGetShareableReferencesApi(deps: ExternalRouteDeps) { objects: schema.arrayOf(schema.object({ type: schema.string(), id: schema.string() })), }), }, + options: { access: 'public' }, }, createLicensedRouteHandler(async (context, request, response) => { const [startServices] = await getStartServices(); diff --git a/x-pack/plugins/spaces/server/routes/api/external/post.ts b/x-pack/plugins/spaces/server/routes/api/external/post.ts index 3ea6da647b4f2..20fba7eb98243 100644 --- a/x-pack/plugins/spaces/server/routes/api/external/post.ts +++ b/x-pack/plugins/spaces/server/routes/api/external/post.ts @@ -23,6 +23,7 @@ export function initPostSpacesApi(deps: ExternalRouteDeps) { validate: { body: spaceSchema, }, + options: { access: 'public' }, }, createLicensedRouteHandler(async (context, request, response) => { log.debug(`Inside POST /api/spaces/space`); diff --git a/x-pack/plugins/spaces/server/routes/api/external/put.ts b/x-pack/plugins/spaces/server/routes/api/external/put.ts index fb9f818576580..eb00a90046fd2 100644 --- a/x-pack/plugins/spaces/server/routes/api/external/put.ts +++ b/x-pack/plugins/spaces/server/routes/api/external/put.ts @@ -26,6 +26,7 @@ export function initPutSpacesApi(deps: ExternalRouteDeps) { }), body: spaceSchema, }, + options: { access: 'public' }, // will be made configurable by https://github.com/elastic/kibana/pull/162087 }, createLicensedRouteHandler(async (context, request, response) => { const spacesClient = getSpacesService().createSpacesClient(request); diff --git a/x-pack/plugins/spaces/server/routes/api/external/update_objects_spaces.ts b/x-pack/plugins/spaces/server/routes/api/external/update_objects_spaces.ts index ea95557514d52..ef1b5665d68ab 100644 --- a/x-pack/plugins/spaces/server/routes/api/external/update_objects_spaces.ts +++ b/x-pack/plugins/spaces/server/routes/api/external/update_objects_spaces.ts @@ -43,6 +43,7 @@ export function initUpdateObjectsSpacesApi(deps: ExternalRouteDeps) { spacesToRemove: spacesSchema, }), }, + options: { access: 'public' }, }, createLicensedRouteHandler(async (_context, request, response) => { const [startServices] = await getStartServices(); diff --git a/x-pack/plugins/spaces/server/routes/views/index.ts b/x-pack/plugins/spaces/server/routes/views/index.ts index d0cff27e85433..2aa66b69225d9 100644 --- a/x-pack/plugins/spaces/server/routes/views/index.ts +++ b/x-pack/plugins/spaces/server/routes/views/index.ts @@ -18,7 +18,7 @@ export interface ViewRouteDeps { export function initSpacesViewsRoutes(deps: ViewRouteDeps) { deps.httpResources.register( - { path: '/spaces/space_selector', validate: false }, + { path: '/spaces/space_selector', validate: false, options: { access: 'public' } }, (context, request, response) => response.renderCoreApp() ); From 0d47f643a5d0f6196646b4535afb89333b7b53db Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=9Cjeramysoucy=E2=80=9D?= Date: Mon, 24 Jul 2023 11:03:14 -0400 Subject: [PATCH 2/4] Updates unit tests --- .../server/routes/key_rotation.test.ts | 5 ++++- .../security/server/routes/authentication/common.test.ts | 1 + .../security/server/routes/authentication/saml.test.ts | 1 + .../server/routes/session_management/invalidate.test.ts | 2 +- .../security/server/routes/views/access_agreement.test.ts | 4 ++-- .../plugins/security/server/routes/views/logged_out.test.ts | 2 +- x-pack/plugins/security/server/routes/views/login.test.ts | 2 +- 7 files changed, 11 insertions(+), 6 deletions(-) diff --git a/x-pack/plugins/encrypted_saved_objects/server/routes/key_rotation.test.ts b/x-pack/plugins/encrypted_saved_objects/server/routes/key_rotation.test.ts index b1c7f3b38139b..d068de97f7b96 100644 --- a/x-pack/plugins/encrypted_saved_objects/server/routes/key_rotation.test.ts +++ b/x-pack/plugins/encrypted_saved_objects/server/routes/key_rotation.test.ts @@ -43,7 +43,10 @@ describe('Key rotation routes', () => { }); it('correctly defines route.', () => { - expect(routeConfig.options).toEqual({ tags: ['access:rotateEncryptionKey'] }); + expect(routeConfig.options).toEqual({ + access: 'public', + tags: ['access:rotateEncryptionKey'], + }); expect(routeConfig.validate).toEqual({ body: undefined, query: expect.any(Type), diff --git a/x-pack/plugins/security/server/routes/authentication/common.test.ts b/x-pack/plugins/security/server/routes/authentication/common.test.ts index 46a9bb729d76b..d5e04f7614999 100644 --- a/x-pack/plugins/security/server/routes/authentication/common.test.ts +++ b/x-pack/plugins/security/server/routes/authentication/common.test.ts @@ -66,6 +66,7 @@ describe('Common authentication routes', () => { it('correctly defines route.', async () => { expect(routeConfig.options).toEqual({ + access: 'public', authRequired: false, tags: [ROUTE_TAG_CAN_REDIRECT, ROUTE_TAG_AUTH_FLOW], }); diff --git a/x-pack/plugins/security/server/routes/authentication/saml.test.ts b/x-pack/plugins/security/server/routes/authentication/saml.test.ts index a3fb47afb0ae8..30b9bb5160b2b 100644 --- a/x-pack/plugins/security/server/routes/authentication/saml.test.ts +++ b/x-pack/plugins/security/server/routes/authentication/saml.test.ts @@ -54,6 +54,7 @@ describe('SAML authentication routes', () => { it('correctly defines route.', () => { expect(routeConfig.options).toEqual({ + access: 'public', authRequired: false, xsrfRequired: false, tags: [ROUTE_TAG_CAN_REDIRECT, ROUTE_TAG_AUTH_FLOW], diff --git a/x-pack/plugins/security/server/routes/session_management/invalidate.test.ts b/x-pack/plugins/security/server/routes/session_management/invalidate.test.ts index c0bb04fc3bad9..1c35ae0f8345c 100644 --- a/x-pack/plugins/security/server/routes/session_management/invalidate.test.ts +++ b/x-pack/plugins/security/server/routes/session_management/invalidate.test.ts @@ -43,7 +43,7 @@ describe('Invalidate sessions routes', () => { }); it('correctly defines route.', () => { - expect(routeConfig.options).toEqual({ tags: ['access:sessionManagement'] }); + expect(routeConfig.options).toEqual({ access: 'public', tags: ['access:sessionManagement'] }); const bodySchema = (routeConfig.validate as any).body as ObjectType; expect(() => bodySchema.validate({})).toThrowErrorMatchingInlineSnapshot( diff --git a/x-pack/plugins/security/server/routes/views/access_agreement.test.ts b/x-pack/plugins/security/server/routes/views/access_agreement.test.ts index a2a96f0545743..18281610f5207 100644 --- a/x-pack/plugins/security/server/routes/views/access_agreement.test.ts +++ b/x-pack/plugins/security/server/routes/views/access_agreement.test.ts @@ -68,7 +68,7 @@ describe('Access agreement view routes', () => { }); it('correctly defines route.', () => { - expect(routeConfig.options).toBeUndefined(); + expect(routeConfig.options).toEqual({ access: 'public' }); expect(routeConfig.validate).toBe(false); }); @@ -109,7 +109,7 @@ describe('Access agreement view routes', () => { }); it('correctly defines route.', () => { - expect(routeConfig.options).toBeUndefined(); + expect(routeConfig.options).toEqual({ access: 'public' }); expect(routeConfig.validate).toBe(false); }); diff --git a/x-pack/plugins/security/server/routes/views/logged_out.test.ts b/x-pack/plugins/security/server/routes/views/logged_out.test.ts index c5fc45716ec22..4ed9ff6e95387 100644 --- a/x-pack/plugins/security/server/routes/views/logged_out.test.ts +++ b/x-pack/plugins/security/server/routes/views/logged_out.test.ts @@ -35,7 +35,7 @@ describe('LoggedOut view routes', () => { }); it('correctly defines route.', () => { - expect(routeConfig.options).toEqual({ authRequired: false }); + expect(routeConfig.options).toEqual({ access: 'public', authRequired: false }); expect(routeConfig.validate).toBe(false); }); diff --git a/x-pack/plugins/security/server/routes/views/login.test.ts b/x-pack/plugins/security/server/routes/views/login.test.ts index 7575aafead6e0..a11454716fb75 100644 --- a/x-pack/plugins/security/server/routes/views/login.test.ts +++ b/x-pack/plugins/security/server/routes/views/login.test.ts @@ -52,7 +52,7 @@ describe('Login view routes', () => { }); it('correctly defines route.', () => { - expect(routeConfig.options).toEqual({ authRequired: 'optional' }); + expect(routeConfig.options).toEqual({ access: 'public', authRequired: 'optional' }); expect(routeConfig.validate).toEqual({ body: undefined, From 003703ad4ab0dd976ca4b128a7fdeb231f114e92 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=9Cjeramysoucy=E2=80=9D?= Date: Mon, 24 Jul 2023 13:06:19 -0400 Subject: [PATCH 3/4] Missed a few view endpoints --- x-pack/plugins/security/server/routes/views/capture_url.ts | 5 ++++- x-pack/plugins/security/server/routes/views/login.ts | 6 +++++- x-pack/plugins/spaces/server/routes/views/index.ts | 2 +- 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/x-pack/plugins/security/server/routes/views/capture_url.ts b/x-pack/plugins/security/server/routes/views/capture_url.ts index 8eff92d78999d..68ec266ce1b65 100644 --- a/x-pack/plugins/security/server/routes/views/capture_url.ts +++ b/x-pack/plugins/security/server/routes/views/capture_url.ts @@ -19,7 +19,10 @@ export function defineCaptureURLRoutes({ httpResources }: RouteDefinitionParams) validate: { query: schema.object({ next: schema.maybe(schema.string()) }, { unknowns: 'ignore' }), }, - options: { authRequired: false }, + options: { + authRequired: false, + access: 'public', + }, }, (context, request, response) => response.renderAnonymousCoreApp() ); diff --git a/x-pack/plugins/security/server/routes/views/login.ts b/x-pack/plugins/security/server/routes/views/login.ts index ee2813eda7747..3e54d53410903 100644 --- a/x-pack/plugins/security/server/routes/views/login.ts +++ b/x-pack/plugins/security/server/routes/views/login.ts @@ -57,7 +57,11 @@ export function defineLoginRoutes({ ); router.get( - { path: '/internal/security/login_state', validate: false, options: { authRequired: false } }, + { + path: '/internal/security/login_state', + validate: false, + options: { authRequired: false, access: 'public' }, + }, async (context, request, response) => { const { allowLogin, layout = 'form' } = license.getFeatures(); const { sortedProviders, selector } = config.authc; diff --git a/x-pack/plugins/spaces/server/routes/views/index.ts b/x-pack/plugins/spaces/server/routes/views/index.ts index 2aa66b69225d9..423e5356a486d 100644 --- a/x-pack/plugins/spaces/server/routes/views/index.ts +++ b/x-pack/plugins/spaces/server/routes/views/index.ts @@ -23,7 +23,7 @@ export function initSpacesViewsRoutes(deps: ViewRouteDeps) { ); deps.httpResources.register( - { path: ENTER_SPACE_PATH, validate: false }, + { path: ENTER_SPACE_PATH, validate: false, options: { access: 'public' } }, async (context, request, response) => { try { const { uiSettings } = await context.core; From 6dd712cbe38a9bae91f364641e2abd5d92b77df3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=9Cjeramysoucy=E2=80=9D?= Date: Mon, 24 Jul 2023 14:13:54 -0400 Subject: [PATCH 4/4] Updates view tests --- x-pack/plugins/security/server/routes/views/capture_url.test.ts | 2 +- x-pack/plugins/security/server/routes/views/login.test.ts | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/x-pack/plugins/security/server/routes/views/capture_url.test.ts b/x-pack/plugins/security/server/routes/views/capture_url.test.ts index 13f07b528996c..0635b628d1e74 100644 --- a/x-pack/plugins/security/server/routes/views/capture_url.test.ts +++ b/x-pack/plugins/security/server/routes/views/capture_url.test.ts @@ -34,7 +34,7 @@ describe('Capture URL view routes', () => { }); it('correctly defines route.', () => { - expect(routeConfig.options).toEqual({ authRequired: false }); + expect(routeConfig.options).toEqual({ access: 'public', authRequired: false }); expect(routeConfig.validate).toEqual({ body: undefined, diff --git a/x-pack/plugins/security/server/routes/views/login.test.ts b/x-pack/plugins/security/server/routes/views/login.test.ts index a11454716fb75..078541d502b7d 100644 --- a/x-pack/plugins/security/server/routes/views/login.test.ts +++ b/x-pack/plugins/security/server/routes/views/login.test.ts @@ -155,7 +155,7 @@ describe('Login view routes', () => { }); it('correctly defines route.', () => { - expect(routeConfig.options).toEqual({ authRequired: false }); + expect(routeConfig.options).toEqual({ access: 'public', authRequired: false }); expect(routeConfig.validate).toBe(false); });