Skip to content

Commit

Permalink
Fix bug in support for jwt.url_param customization (#1025) (#1027)
Browse files Browse the repository at this point in the history
Signed-off-by: Craig Perkins <[email protected]>
(cherry picked from commit 5e4004f)

Co-authored-by: Craig Perkins <[email protected]>
  • Loading branch information
opensearch-trigger-bot[bot] and cwperks authored Jul 7, 2022
1 parent 4a4416d commit 85e4a01
Show file tree
Hide file tree
Showing 2 changed files with 76 additions and 3 deletions.
74 changes: 74 additions & 0 deletions server/auth/types/jwt/jwt_auth.test.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,74 @@
/*
* Copyright OpenSearch Contributors
*
* Licensed under the Apache License, Version 2.0 (the "License").
* You may not use this file except in compliance with the License.
* A copy of the License is located at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* or in the "license" file accompanying this file. This file is distributed
* on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
* express or implied. See the License for the specific language governing
* permissions and limitations under the License.
*/

import { getAuthenticationHandler } from '../../auth_handler_factory';

describe('test jwt auth library', () => {
const router: IRouter = { post: (body) => {} };
let core: CoreSetup;
let esClient: ILegacyClusterClient;
let sessionStorageFactory: SessionStorageFactory<SecuritySessionCookie>;
let logger: Logger;

function getTestJWTAuthenticationHandlerWithConfig(config: SecurityPluginConfigType) {
return getAuthenticationHandler(
'jwt',
router,
config,
core,
esClient,
sessionStorageFactory,
logger
);
}

test('test getTokenFromUrlParam', () => {
const config = {
jwt: {
header: 'Authorization',
url_param: 'authorization',
},
};
const auth = getTestJWTAuthenticationHandlerWithConfig(config);

const url = new URL('http://localhost:5601/app/api/v1/auth/authinfo?authorization=testtoken');
const request = {
url,
};

const expectedToken = 'testtoken';
const token = auth.getTokenFromUrlParam(request);
expect(token).toEqual(expectedToken);
});

test('test getTokenFromUrlParam incorrect url_param', () => {
const config = {
jwt: {
header: 'Authorization',
url_param: 'urlParamName',
},
};
const auth = getTestJWTAuthenticationHandlerWithConfig(config);

const url = new URL('http://localhost:5601/app/api/v1/auth/authinfo?authorization=testtoken');
const request = {
url,
};

const expectedToken = undefined;
const token = auth.getTokenFromUrlParam(request);
expect(token).toEqual(expectedToken);
});
});
5 changes: 2 additions & 3 deletions server/auth/types/jwt/jwt_auth.ts
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ export class JwtAuthentication extends AuthenticationType {
private getTokenFromUrlParam(request: OpenSearchDashboardsRequest): string | undefined {
const urlParamName = this.config.jwt?.url_param;
if (urlParamName) {
const token = request.url.searchParams.get('urlParamName');
const token = request.url.searchParams.get(urlParamName);
return (token as string) || undefined;
}
return undefined;
Expand All @@ -79,9 +79,8 @@ export class JwtAuthentication extends AuthenticationType {
if (request.headers[this.authHeaderName]) {
return true;
}

const urlParamName = this.config.jwt?.url_param;
if (urlParamName && request.url.searchParams.get('urlParamName')) {
if (urlParamName && request.url.searchParams.get(urlParamName)) {
return true;
}

Expand Down

0 comments on commit 85e4a01

Please sign in to comment.