From 5492d2a373a577075eb42c5813f6d0539e77181b Mon Sep 17 00:00:00 2001 From: Darshit Chanpura Date: Tue, 12 Mar 2024 00:33:54 -0400 Subject: [PATCH] Adds integration tests for anonymous auth login with basic authorization header Signed-off-by: Darshit Chanpura --- server/auth/types/basic/basic_auth.ts | 4 ++-- server/readonly/readonly_service.ts | 1 + test/jest_integration/basic_auth.test.ts | 23 ++++++++++++++++++++++- 3 files changed, 25 insertions(+), 3 deletions(-) diff --git a/server/auth/types/basic/basic_auth.ts b/server/auth/types/basic/basic_auth.ts index 5a3e69c4e..539257bf3 100644 --- a/server/auth/types/basic/basic_auth.ts +++ b/server/auth/types/basic/basic_auth.ts @@ -28,7 +28,7 @@ import { SecurityPluginConfigType } from '../../..'; import { SecuritySessionCookie } from '../../../session/security_cookie'; import { BasicAuthRoutes } from './routes'; import { AuthenticationType } from '../authentication_type'; -import { LOGIN_PAGE_URI, ANONYMOUS_AUTH_LOGIN } from '../../../../common'; +import { LOGIN_PAGE_URI, ANONYMOUS_AUTH_HEADER } from '../../../../common'; import { composeNextUrlQueryParam } from '../../../utils/next_url'; import { AUTH_HEADER_NAME, AuthType, OPENDISTRO_SECURITY_ANONYMOUS } from '../../../../common'; @@ -130,7 +130,7 @@ export class BasicAuthentication extends AuthenticationType { request: OpenSearchDashboardsRequest ): any { if (this.config.auth.anonymous_auth_enabled && cookie.isAnonymousAuth) { - return {}; + return { authorization: ANONYMOUS_AUTH_HEADER }; } const headers: any = {}; Object.assign(headers, { authorization: cookie.credentials?.authHeaderValue }); diff --git a/server/readonly/readonly_service.ts b/server/readonly/readonly_service.ts index 6e690b5f7..337d04812 100644 --- a/server/readonly/readonly_service.ts +++ b/server/readonly/readonly_service.ts @@ -24,6 +24,7 @@ import { isPrivateTenant, LOGIN_PAGE_URI, CUSTOM_ERROR_PAGE_URI, + ANONYMOUS_AUTH_HEADER, } from '../../common'; import { SecurityClient } from '../backend/opensearch_security_client'; import { IAuthenticationType, OpenSearchAuthInfo } from '../auth/types/authentication_type'; diff --git a/test/jest_integration/basic_auth.test.ts b/test/jest_integration/basic_auth.test.ts index 9e1e7ae04..00605adc9 100644 --- a/test/jest_integration/basic_auth.test.ts +++ b/test/jest_integration/basic_auth.test.ts @@ -132,6 +132,20 @@ describe('start OpenSearch Dashboards server', () => { expect(response.status).toEqual(200); }); + it('cannot access home page as anonymous user if no credentials are supplied', async () => { + const response = await osdTestServer.request + .get(root, '/app/home#/') + .unset(AUTHORIZATION_HEADER_NAME); + expect(response.status).toEqual(302); + }); + + it('can access home page as anonymous user', async () => { + const response = await osdTestServer.request + .get(root, '/app/home#/') + .set(AUTHORIZATION_HEADER_NAME, ANONYMOUS_AUTH_HEADER); + expect(response.status).toEqual(200); + }); + it('call authinfo API as admin', async () => { const testUserCredentials = Buffer.from(ADMIN_CREDENTIALS); const response = await osdTestServer.request @@ -143,10 +157,17 @@ describe('start OpenSearch Dashboards server', () => { it('call authinfo API without credentials', async () => { const response = await osdTestServer.request .get(root, '/api/v1/auth/authinfo') - .unset('Authorization'); + .unset(AUTHORIZATION_HEADER_NAME); expect(response.status).toEqual(401); }); + it('call authinfo API as anonymous user', async () => { + const response = await osdTestServer.request + .get(root, '/api/v1/auth/authinfo') + .set(AUTHORIZATION_HEADER_NAME, ANONYMOUS_AUTH_HEADER); + expect(response.status).toEqual(200); + }); + it('call authinfo API with cookie', async () => { const authCookie = await getAuthCookie(root, ADMIN_USER, ADMIN_PASSWORD);