Adds integration tests for anonymous auth login with basic authorizat…

…ion header Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
DarshitChanpura · Mar 12, 2024 · 5492d2a · 5492d2a
1 parent 63abb41
commit 5492d2a
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 3 deletions.
diff --git a/server/auth/types/basic/basic_auth.ts b/server/auth/types/basic/basic_auth.ts
@@ -28,7 +28,7 @@ import { SecurityPluginConfigType } from '../../..';
 import { SecuritySessionCookie } from '../../../session/security_cookie';
 import { BasicAuthRoutes } from './routes';
 import { AuthenticationType } from '../authentication_type';
-import { LOGIN_PAGE_URI, ANONYMOUS_AUTH_LOGIN } from '../../../../common';
+import { LOGIN_PAGE_URI, ANONYMOUS_AUTH_HEADER } from '../../../../common';
 import { composeNextUrlQueryParam } from '../../../utils/next_url';
 import { AUTH_HEADER_NAME, AuthType, OPENDISTRO_SECURITY_ANONYMOUS } from '../../../../common';
 
@@ -130,7 +130,7 @@ export class BasicAuthentication extends AuthenticationType {
     request: OpenSearchDashboardsRequest
   ): any {
     if (this.config.auth.anonymous_auth_enabled && cookie.isAnonymousAuth) {
-      return {};
+      return { authorization: ANONYMOUS_AUTH_HEADER };
     }
     const headers: any = {};
     Object.assign(headers, { authorization: cookie.credentials?.authHeaderValue });

diff --git a/server/readonly/readonly_service.ts b/server/readonly/readonly_service.ts
@@ -24,6 +24,7 @@ import {
   isPrivateTenant,
   LOGIN_PAGE_URI,
   CUSTOM_ERROR_PAGE_URI,
+  ANONYMOUS_AUTH_HEADER,
 } from '../../common';
 import { SecurityClient } from '../backend/opensearch_security_client';
 import { IAuthenticationType, OpenSearchAuthInfo } from '../auth/types/authentication_type';

diff --git a/test/jest_integration/basic_auth.test.ts b/test/jest_integration/basic_auth.test.ts
@@ -132,6 +132,20 @@ describe('start OpenSearch Dashboards server', () => {
     expect(response.status).toEqual(200);
   });
 
+  it('cannot access home page as anonymous user if no credentials are supplied', async () => {
+    const response = await osdTestServer.request
+      .get(root, '/app/home#/')
+      .unset(AUTHORIZATION_HEADER_NAME);
+    expect(response.status).toEqual(302);
+  });
+
+  it('can access home page as anonymous user', async () => {
+    const response = await osdTestServer.request
+      .get(root, '/app/home#/')
+      .set(AUTHORIZATION_HEADER_NAME, ANONYMOUS_AUTH_HEADER);
+    expect(response.status).toEqual(200);
+  });
+
   it('call authinfo API as admin', async () => {
     const testUserCredentials = Buffer.from(ADMIN_CREDENTIALS);
     const response = await osdTestServer.request
@@ -143,10 +157,17 @@ describe('start OpenSearch Dashboards server', () => {
   it('call authinfo API without credentials', async () => {
     const response = await osdTestServer.request
       .get(root, '/api/v1/auth/authinfo')
-      .unset('Authorization');
+      .unset(AUTHORIZATION_HEADER_NAME);
     expect(response.status).toEqual(401);
   });
 
+  it('call authinfo API as anonymous user', async () => {
+    const response = await osdTestServer.request
+      .get(root, '/api/v1/auth/authinfo')
+      .set(AUTHORIZATION_HEADER_NAME, ANONYMOUS_AUTH_HEADER);
+    expect(response.status).toEqual(200);
+  });
+
   it('call authinfo API with cookie', async () => {
     const authCookie = await getAuthCookie(root, ADMIN_USER, ADMIN_PASSWORD);