Updates basic auth header to be a config constant

Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
DarshitChanpura · Mar 11, 2024 · a0f2db4 · a0f2db4
1 parent cbdf7a6
commit a0f2db4
Show file tree

Hide file tree

Showing 4 changed files with 8 additions and 17 deletions.
diff --git a/common/index.ts b/common/index.ts
@@ -34,6 +34,8 @@ export const OPENID_AUTH_LOGIN_WITH_FRAGMENT = '/auth/openid/captureUrlFragment'
 export const SAML_AUTH_LOGIN = '/auth/saml/login';
 export const SAML_AUTH_LOGIN_WITH_FRAGMENT = '/auth/saml/captureUrlFragment';
 export const ANONYMOUS_AUTH_LOGIN = '/auth/anonymous';
+export const ANONYMOUS_AUTH_HEADER =
+  'Basic b3BlbmRpc3Ryb19zZWN1cml0eV9hbm9ueW1vdXM6b3BlbmRpc3Ryb19zZWN1cnV0eV9hbm9ueW1vdXM=';
 
 export const OPENID_AUTH_LOGOUT = '/auth/openid/logout';
 export const SAML_AUTH_LOGOUT = '/auth/saml/logout';

diff --git a/server/auth/types/authentication_type.ts b/server/auth/types/authentication_type.ts
@@ -31,7 +31,7 @@ import { SecuritySessionCookie } from '../../session/security_cookie';
 import { SecurityClient } from '../../backend/opensearch_security_client';
 import { resolveTenant, isValidTenant } from '../../multitenancy/tenant_resolver';
 import { UnauthenticatedError } from '../../errors';
-import { GLOBAL_TENANT_SYMBOL } from '../../../common';
+import { ANONYMOUS_AUTH_HEADER, GLOBAL_TENANT_SYMBOL } from '../../../common';
 
 export interface IAuthenticationType {
   type: string;
@@ -115,7 +115,7 @@ export abstract class AuthenticationType implements IAuthenticationType {
     let authInfo: any | undefined;
 
     if (this.config.auth.anonymous_auth_enabled) {
-      const anonymousAuthHeaders = { _auth_request_type_: 'anonymous', authorization: 'Basic b3BlbmRpc3Ryb19zZWN1cml0eV9hbm9ueW1vdXM6b3BlbmRpc3Ryb19zZWN1cml0eV9hbm9ueW1vdXM=' };
+      const anonymousAuthHeaders = { authorization: ANONYMOUS_AUTH_HEADER };
       Object.assign(authHeaders, anonymousAuthHeaders);
     }
 
@@ -162,7 +162,6 @@ export abstract class AuthenticationType implements IAuthenticationType {
         // send to auth workflow
         return this.handleUnauthedRequest(request, response, toolkit);
       }
-      console.log('we have a cookie: ' + JSON.stringify(cookie));
 
       // extend session expiration time
       if (this.config.session.keepalive) {
@@ -217,7 +216,6 @@ export abstract class AuthenticationType implements IAuthenticationType {
     }
     if (!authInfo) {
       authInfo = await this.securityClient.authinfo(request, authHeaders);
-      console.log(authInfo);
     }
     authState.authInfo = authInfo;
 

diff --git a/server/auth/types/basic/routes.ts b/server/auth/types/basic/routes.ts
@@ -23,6 +23,7 @@ import { SecurityPluginConfigType } from '../../..';
 import { User } from '../../user';
 import { SecurityClient } from '../../../backend/opensearch_security_client';
 import {
+  ANONYMOUS_AUTH_HEADER,
   ANONYMOUS_AUTH_LOGIN,
   API_AUTH_LOGIN,
   API_AUTH_LOGOUT,
@@ -186,13 +187,8 @@ export class BasicAuthRoutes {
           }
           context.security_plugin.logger.info('The Redirect Path is ' + redirectUrl);
           try {
-            // user = await this.securityClient.authenticateWithHeaders(request, {
-            //   _auth_request_type_: 'anonymous',
-            // });
-            // opendistro_security_anonymous:opendistro_security_anonymous
-            const authHeader = "b3BlbmRpc3Ryb19zZWN1cml0eV9hbm9ueW1vdXM6b3BlbmRpc3Ryb19zZWN1cml0eV9hbm9ueW1vdXM="; 
             user = await this.securityClient.authenticateWithHeaders(request, {
-              authorization: `Basic ${authHeader}`,
+              authorization: ANONYMOUS_AUTH_HEADER,
             });
           } catch (error) {
             context.security_plugin.logger.error(
@@ -207,8 +203,6 @@ export class BasicAuthRoutes {
             });
           }
 
-          console.log('Anon user: ' + JSON.stringify(user));
-
           this.sessionStorageFactory.asScoped(request).clear();
           const sessionStorage: SecuritySessionCookie = {
             username: user.username,
@@ -218,8 +212,7 @@ export class BasicAuthRoutes {
           };
 
           if (user.multitenancy_enabled) {
-            request.headers._auth_request_type_ = 'anonymous';
-            request.headers.authorization = 'Basic b3BlbmRpc3Ryb19zZWN1cml0eV9hbm9ueW1vdXM6b3BlbmRpc3Ryb19zZWN1cml0eV9hbm9ueW1vdXM=';
+            request.headers.authorization = ANONYMOUS_AUTH_HEADER;
             const selectTenant = resolveTenant({
               request,
               username: user.username,
@@ -238,8 +231,7 @@ export class BasicAuthRoutes {
           return response.redirected({
             headers: {
               location: `${redirectUrl}`,
-              _auth_request_type_: "anonymous",
-              authorization: "Basic b3BlbmRpc3Ryb19zZWN1cml0eV9hbm9ueW1vdXM6b3BlbmRpc3Ryb19zZWN1cml0eV9hbm9ueW1vdXM="
+              authorization: ANONYMOUS_AUTH_HEADER,
             },
           });
         } else {

diff --git a/server/auth/types/multiple/multi_auth.ts b/server/auth/types/multiple/multi_auth.ts
@@ -172,7 +172,6 @@ export class MultipleAuthentication extends AuthenticationType {
         },
       });
     } else {
-      console.log('not a page request');
       return response.unauthorized();
     }
   }