-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ignore intermediate unauthenticated session during repeated authentication attempt. #79300
Changes from all commits
9b4d182
899f8e1
d412169
27ba418
743dea6
b3057e3
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -10,13 +10,13 @@ import { resolve } from 'path'; | |
import url from 'url'; | ||
import { CA_CERT_PATH } from '@kbn/dev-utils'; | ||
import expect from '@kbn/expect'; | ||
import { getStateAndNonce } from '../../oidc_api_integration/fixtures/oidc_tools'; | ||
import { getStateAndNonce } from '../../../oidc_api_integration/fixtures/oidc_tools'; | ||
import { | ||
getMutualAuthenticationResponseToken, | ||
getSPNEGOToken, | ||
} from '../../kerberos_api_integration/fixtures/kerberos_tools'; | ||
import { getSAMLRequestId, getSAMLResponse } from '../../saml_api_integration/fixtures/saml_tools'; | ||
import { FtrProviderContext } from '../ftr_provider_context'; | ||
} from '../../../kerberos_api_integration/fixtures/kerberos_tools'; | ||
import { getSAMLRequestId, getSAMLResponse } from '../../fixtures/saml/saml_tools'; | ||
import { FtrProviderContext } from '../../ftr_provider_context'; | ||
|
||
export default function ({ getService }: FtrProviderContext) { | ||
const randomness = getService('randomness'); | ||
|
@@ -29,7 +29,7 @@ export default function ({ getService }: FtrProviderContext) { | |
|
||
const CA_CERT = readFileSync(CA_CERT_PATH); | ||
const CLIENT_CERT = readFileSync( | ||
resolve(__dirname, '../../pki_api_integration/fixtures/first_client.p12') | ||
resolve(__dirname, '../../../pki_api_integration/fixtures/first_client.p12') | ||
); | ||
|
||
async function checkSessionCookie( | ||
|
@@ -97,11 +97,23 @@ export default function ({ getService }: FtrProviderContext) { | |
// to fully authenticate user yet. | ||
const intermediateAuthCookie = request.cookie(handshakeResponse.headers['set-cookie'][0])!; | ||
|
||
// When login page is accessed directly. | ||
await supertest | ||
.get('/login') | ||
.ca(CA_CERT) | ||
.set('Cookie', intermediateAuthCookie.cookieString()) | ||
.expect(200); | ||
|
||
// When user tries to access any other page in Kibana. | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. note: that is the main test in this PR, I made sure it fails without my change. |
||
const response = await supertest | ||
.get('/abc/xyz/handshake?one=two three') | ||
.ca(CA_CERT) | ||
.set('Cookie', intermediateAuthCookie.cookieString()) | ||
.expect(302); | ||
expect(response.headers['set-cookie']).to.be(undefined); | ||
expect(response.headers.location).to.be( | ||
'/login?next=%2Fabc%2Fxyz%2Fhandshake%3Fone%3Dtwo%2520three' | ||
); | ||
}); | ||
|
||
describe('SAML', () => { | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -30,7 +30,9 @@ export default function ({ getService }: FtrProviderContext) { | |
} | ||
|
||
async function getNumberOfSessionDocuments() { | ||
return (await es.search({ index: '.kibana_security_session*' })).hits.total.value; | ||
return (((await es.search({ index: '.kibana_security_session*' })).hits.total as unknown) as { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. note: typechecker suddenly started to complain about these return types (types are invalid indeed). |
||
value: number; | ||
}).value; | ||
} | ||
|
||
describe('Session Idle cleanup', () => { | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
note: slowly moving security related integration tests to a single folder.