Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Sets logout and saml callback APIs as public in serverless #162523

Merged
merged 3 commits into from
Jul 26, 2023
Merged

Sets logout and saml callback APIs as public in serverless #162523

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
a8d3eb2
Marks logout and saml callback APIs as public for serverless. Addes i…
jeramysoucy Jul 25, 2023
1afe08e
Merge branch 'main' into serverless-mark-public-apis
jeramysoucy Jul 25, 2023
38bdef8
[CI] Auto-commit changed files from 'node scripts/eslint --no-cache -…
kibanamachine Jul 25, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions x-pack/plugins/security/server/routes/authentication/common.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,7 @@ describe('Common authentication routes', () => {

it('correctly defines route.', async () => {
expect(routeConfig.options).toEqual({
access: 'public',
authRequired: false,
tags: [ROUTE_TAG_CAN_REDIRECT, ROUTE_TAG_AUTH_FLOW],
});
Expand Down
6 changes: 5 additions & 1 deletion x-pack/plugins/security/server/routes/authentication/common.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,11 @@ export function defineCommonRoutes({
// Allow unknown query parameters as this endpoint can be hit by the 3rd-party with any
// set of query string parameters (e.g. SAML/OIDC logout request/response parameters).
validate: { query: schema.object({}, { unknowns: 'allow' }) },
options: { authRequired: false, tags: [ROUTE_TAG_CAN_REDIRECT, ROUTE_TAG_AUTH_FLOW] },
options: {
access: 'public',
authRequired: false,
tags: [ROUTE_TAG_CAN_REDIRECT, ROUTE_TAG_AUTH_FLOW],
},
},
async (context, request, response) => {
const serverBasePath = basePath.serverBasePath;
Expand Down
1 change: 1 addition & 0 deletions x-pack/plugins/security/server/routes/authentication/saml.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,7 @@ describe('SAML authentication routes', () => {

it('correctly defines route.', () => {
expect(routeConfig.options).toEqual({
access: 'public',
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

note: not for this PR, just thinking aloud, we'll definitely need to have some SAML tests in the serverless test suite as it's the only way to authenticated to Kibana there.

authRequired: false,
xsrfRequired: false,
tags: [ROUTE_TAG_CAN_REDIRECT, ROUTE_TAG_AUTH_FLOW],
Expand Down
1 change: 1 addition & 0 deletions x-pack/plugins/security/server/routes/authentication/saml.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ export function defineSAMLRoutes({
),
},
options: {
access: 'public',
authRequired: false,
xsrfRequired: false,
tags: [ROUTE_TAG_CAN_REDIRECT, ROUTE_TAG_AUTH_FLOW],
Expand Down
9 changes: 9 additions & 0 deletions x-pack/test_serverless/api_integration/services/svl_common_api.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,12 +13,21 @@ const COMMON_REQUEST_HEADERS = {
'kbn-xsrf': 'some-xsrf-token',
};

const INTERNAL_REQUEST_HEADERS = {
...COMMON_REQUEST_HEADERS,
'x-elastic-internal-origin': 'kibana',
};

export function SvlCommonApiServiceProvider({}: FtrProviderContext) {
return {
getCommonRequestHeader() {
return COMMON_REQUEST_HEADERS;
},

getInternalRequestHeader() {
return INTERNAL_REQUEST_HEADERS;
},

assertResponseStatusCode(expectedStatus: number, actualStatus: number, responseBody: object) {
expect(actualStatus).to.eql(
expectedStatus,
Expand Down
4 changes: 2 additions & 2 deletions x-pack/test_serverless/api_integration/test_suites/common/spaces.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ export default function ({ getService }: FtrProviderContext) {
it('rejects request to create a space', async () => {
const { body, status } = await supertest
.post('/api/spaces/space')
.set(svlCommonApi.getCommonRequestHeader())
.set(svlCommonApi.getInternalRequestHeader())
.send({
id: 'custom',
name: 'Custom',
Expand All @@ -36,7 +36,7 @@ export default function ({ getService }: FtrProviderContext) {
it('rejects request to update a space with disabledFeatures', async () => {
const { body, status } = await supertest
.put('/api/spaces/space/default')
.set(svlCommonApi.getCommonRequestHeader())
.set(svlCommonApi.getInternalRequestHeader())
.send({
id: 'custom',
name: 'Custom',
Expand Down