[BUG] Automatic login as anonymous user when passing wrong username and password #1840
Closed
1 task
Comments
|
[Triage] Hi @DarshitChanpura, thank you for filing this issue. This sounds like a good issue to get fixed since this is likely unexpected. |
stephen-crawford
added
bug
2 tasks
DarshitChanpura
added a commit
to DarshitChanpura/security-dashboards-plugin
that referenced
this issue
Apr 2, 2024
Signed-off-by: Darshit Chanpura <[email protected]>
opensearch-trigger-bot bot
pushed a commit
that referenced
this issue
Apr 12, 2024
* Fixes anonymous auth flow to work with SAML Signed-off-by: Darshit Chanpura <[email protected]> * Adds hardcoded credentials for anonymous user Signed-off-by: Darshit Chanpura <[email protected]> * Updates basic auth header to be a config constant Signed-off-by: Darshit Chanpura <[email protected]> * Removes unneeded usage of anonymous auth header constant Signed-off-by: Darshit Chanpura <[email protected]> * Updates logic to display anonymous auth login button Signed-off-by: Darshit Chanpura <[email protected]> * Adds test to check whether anonymous auth login button is displayed correctly Signed-off-by: Darshit Chanpura <[email protected]> * Fixes integrationtests Signed-off-by: Darshit Chanpura <[email protected]> * Adds integration tests for anonymous auth login with basic authorization header Signed-off-by: Darshit Chanpura <[email protected]> * Generates random password for anonymous user Signed-off-by: Darshit Chanpura <[email protected]> * Fixes lint errors Signed-off-by: Darshit Chanpura <[email protected]> * Adds saml auth header to differentiate saml requests Signed-off-by: Darshit Chanpura <[email protected]> * Fixes linter errors Signed-off-by: Darshit Chanpura <[email protected]> * Fixes basic auth tests Signed-off-by: Darshit Chanpura <[email protected]> * Removes console loggers Signed-off-by: Darshit Chanpura <[email protected]> * Fixes lint error Signed-off-by: Darshit Chanpura <[email protected]> * Addresses feedback Signed-off-by: Darshit Chanpura <[email protected]> * Resolves #1840 Signed-off-by: Darshit Chanpura <[email protected]> * Replace magic value with constant Signed-off-by: Darshit Chanpura <[email protected]> * Renames query param and removes unused variables Signed-off-by: Darshit Chanpura <[email protected]> * Uses enum instead of magic constant Signed-off-by: Darshit Chanpura <[email protected]> * Extracts template function to a separate util file Signed-off-by: Darshit Chanpura <[email protected]> * Renames test Signed-off-by: Darshit Chanpura <[email protected]> * Removes unnecessary modifications required to solve this bug Signed-off-by: Darshit Chanpura <[email protected]> * Fixes import Signed-off-by: Darshit Chanpura <[email protected]> * Removes unused param Signed-off-by: Darshit Chanpura <[email protected]> * Removes unused method param Signed-off-by: Darshit Chanpura <[email protected]> * Removes incorrect method param Signed-off-by: Darshit Chanpura <[email protected]> --------- Signed-off-by: Darshit Chanpura <[email protected]> (cherry picked from commit 681d1b1)
derek-ho
pushed a commit
that referenced
this issue
Apr 12, 2024
* Fixes anonymous auth flow to work with SAML Signed-off-by: Darshit Chanpura <[email protected]> * Adds hardcoded credentials for anonymous user Signed-off-by: Darshit Chanpura <[email protected]> * Updates basic auth header to be a config constant Signed-off-by: Darshit Chanpura <[email protected]> * Removes unneeded usage of anonymous auth header constant Signed-off-by: Darshit Chanpura <[email protected]> * Updates logic to display anonymous auth login button Signed-off-by: Darshit Chanpura <[email protected]> * Adds test to check whether anonymous auth login button is displayed correctly Signed-off-by: Darshit Chanpura <[email protected]> * Fixes integrationtests Signed-off-by: Darshit Chanpura <[email protected]> * Adds integration tests for anonymous auth login with basic authorization header Signed-off-by: Darshit Chanpura <[email protected]> * Generates random password for anonymous user Signed-off-by: Darshit Chanpura <[email protected]> * Fixes lint errors Signed-off-by: Darshit Chanpura <[email protected]> * Adds saml auth header to differentiate saml requests Signed-off-by: Darshit Chanpura <[email protected]> * Fixes linter errors Signed-off-by: Darshit Chanpura <[email protected]> * Fixes basic auth tests Signed-off-by: Darshit Chanpura <[email protected]> * Removes console loggers Signed-off-by: Darshit Chanpura <[email protected]> * Fixes lint error Signed-off-by: Darshit Chanpura <[email protected]> * Addresses feedback Signed-off-by: Darshit Chanpura <[email protected]> * Resolves #1840 Signed-off-by: Darshit Chanpura <[email protected]> * Replace magic value with constant Signed-off-by: Darshit Chanpura <[email protected]> * Renames query param and removes unused variables Signed-off-by: Darshit Chanpura <[email protected]> * Uses enum instead of magic constant Signed-off-by: Darshit Chanpura <[email protected]> * Extracts template function to a separate util file Signed-off-by: Darshit Chanpura <[email protected]> * Renames test Signed-off-by: Darshit Chanpura <[email protected]> * Removes unnecessary modifications required to solve this bug Signed-off-by: Darshit Chanpura <[email protected]> * Fixes import Signed-off-by: Darshit Chanpura <[email protected]> * Removes unused param Signed-off-by: Darshit Chanpura <[email protected]> * Removes unused method param Signed-off-by: Darshit Chanpura <[email protected]> * Removes incorrect method param Signed-off-by: Darshit Chanpura <[email protected]> --------- Signed-off-by: Darshit Chanpura <[email protected]> (cherry picked from commit 681d1b1) Co-authored-by: Darshit Chanpura <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
With anonymous auth enabled, a user is automatically logged in as
opendistro_security_anonymousupon passing wrong crendentials. See the attached video:Screen.Recording.2024-03-20.at.10.27.14.PM.mov
Steps to reproduce:
Exit Criteria:
The text was updated successfully, but these errors were encountered: