[Enterprise Search] Fix users being logged out of Kibana if Enterprise Search returns a 401 #80757
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
cee-chen
added
bug
cee-chen
added
the
release_note:skip
cee-chen
commented
Oct 15, 2020
| apiResponse.url.endsWith('/login') || | ||
| apiResponse.url.endsWith('/ent/select') |
There was a problem hiding this comment.
@orhantoy Let me know if you think we can remove redirect checks going forward - I might leave it in for now just in case users are somehow using mismatched Enterprise Search / Kibana versions, but would be good to potentially clean up down the road
| if (apiResponse.url.endsWith('/login') || apiResponse.url.endsWith('/ent/select')) { | ||
| // Handle unauthenticated users / authentication redirects | ||
| if ( | ||
| apiResponse.status === 401 || |
There was a problem hiding this comment.
Since this is destructured above, we can get rid of apiResponse. here. I'd also submit that you can also destructure url and clan this up a bit below
EDIT: I see that url is already declared in scope. Perhaps:
const { status, url: responseUrl } = apiResponse;
...
responseUrl.endsWith('/login') ||
responseUrl.endsWith('/ent/select')... but that doesn't really help much
scottybollinger
approved these changes
Oct 16, 2020
|
Ahhh thanks for that scotty. I actually don't even know why I moved the destructure up above since I'm not even using it lol 🤦♀️ I'm gonna move it back down but leave it un-destructured for now, I'm hoping eventually we can clean up our if statement for unauthenticated users anyway if/when @orhantoy confirms that we'll likely never run into redirects from Kibana going forward. |
…f redirect - apparently this changed at some point between 7.9 and 7.10
💚 Build SucceededMetrics [docs]
History
To update your PR or re-run it, just comment with: |
cee-chen
pushed a commit
to cee-chen/kibana
that referenced
this pull request
Oct 16, 2020
…f redirect (elastic#80757) - apparently this changed at some point between 7.9 and 7.10
gmmorris
added a commit
to gmmorris/kibana
that referenced
this pull request
Oct 19, 2020
* master: (43 commits) [ML] Transforms: Fix tab ids for expanded row. (elastic#80666) server logs config paths to use for runner (elastic#52980) Fix audit logger logging to console even when disabled (elastic#80928) skip flaky suite (elastic#80929) Added Enterprise Search config to kibana-docker (elastic#80872) skip flaky suite (elastic#80914) [keystore_cli] parse values as JSON before adding to keystore (elastic#80848) [Ingest Manager] Fix for comparing versions with -SNAPSHOT suffix (elastic#80742) ECS audit logging (elastic#74640) [Uptime] Add client-side unit tests for remaining synthetics code (elastic#80215) [Security_Solution][Resolver] Promote z-index on node labels (elastic#80854) Move renderHeaderActions back into mount useEffect + update tests (elastic#80861) [Reporting] Document Network Policy configuration (elastic#80431) [Reporting] Add contextual documentation for CSV Max Bytes setting (elastic#80782) Add catch for Enterprise Search sending back a 401 response instead of redirect (elastic#80757) [Actions] Back Button on Add Connector Flyout (elastic#80160) removing `kibana_datatable` in favor of `datatable` (elastic#80548) [Alerting UI] Updating 'Add new' wording (elastic#80509) [Docs] Document Encrypted Saved Objects functionality. (elastic#80183) [Discover] fix auto-refresh (elastic#80635) ...
gmmorris
added a commit
to gmmorris/kibana
that referenced
this pull request
Oct 19, 2020
* master: (23 commits) [ML] Transforms: Fix tab ids for expanded row. (elastic#80666) server logs config paths to use for runner (elastic#52980) Fix audit logger logging to console even when disabled (elastic#80928) skip flaky suite (elastic#80929) Added Enterprise Search config to kibana-docker (elastic#80872) skip flaky suite (elastic#80914) [keystore_cli] parse values as JSON before adding to keystore (elastic#80848) [Ingest Manager] Fix for comparing versions with -SNAPSHOT suffix (elastic#80742) ECS audit logging (elastic#74640) [Uptime] Add client-side unit tests for remaining synthetics code (elastic#80215) [Security_Solution][Resolver] Promote z-index on node labels (elastic#80854) Move renderHeaderActions back into mount useEffect + update tests (elastic#80861) [Reporting] Document Network Policy configuration (elastic#80431) [Reporting] Add contextual documentation for CSV Max Bytes setting (elastic#80782) Add catch for Enterprise Search sending back a 401 response instead of redirect (elastic#80757) [Actions] Back Button on Add Connector Flyout (elastic#80160) removing `kibana_datatable` in favor of `datatable` (elastic#80548) [Alerting UI] Updating 'Add new' wording (elastic#80509) [Docs] Document Encrypted Saved Objects functionality. (elastic#80183) [Discover] fix auto-refresh (elastic#80635) ...
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
At some point between 7.9 and 7.10, Enterprise Search started returning 401 responses (instead of /login redirects) when users were unauthenticated or did not exist (e.g. standard auth).
We need to expand our
handleAuthenticationErrorcatch to check for 401 responses as well so we don't pass them back to Kibana - Kibana responds to 401 status codes by logging the user out of Kibana, which we don't want to do in this case.QA
elasticuser[error][enterpriseSearch][plugins] Cannot authenticate Enterprise Search usermessage in the Kibana terminal logsChecklist