From a0f2db473e49655d05089731273a9ee98653c5fe Mon Sep 17 00:00:00 2001 From: Darshit Chanpura Date: Mon, 11 Mar 2024 16:56:01 -0400 Subject: [PATCH] Updates basic auth header to be a config constant Signed-off-by: Darshit Chanpura --- common/index.ts | 2 ++ server/auth/types/authentication_type.ts | 6 ++---- server/auth/types/basic/routes.ts | 16 ++++------------ server/auth/types/multiple/multi_auth.ts | 1 - 4 files changed, 8 insertions(+), 17 deletions(-) diff --git a/common/index.ts b/common/index.ts index b5e6a475d..6b3df18c5 100644 --- a/common/index.ts +++ b/common/index.ts @@ -34,6 +34,8 @@ export const OPENID_AUTH_LOGIN_WITH_FRAGMENT = '/auth/openid/captureUrlFragment' export const SAML_AUTH_LOGIN = '/auth/saml/login'; export const SAML_AUTH_LOGIN_WITH_FRAGMENT = '/auth/saml/captureUrlFragment'; export const ANONYMOUS_AUTH_LOGIN = '/auth/anonymous'; +export const ANONYMOUS_AUTH_HEADER = + 'Basic b3BlbmRpc3Ryb19zZWN1cml0eV9hbm9ueW1vdXM6b3BlbmRpc3Ryb19zZWN1cnV0eV9hbm9ueW1vdXM='; export const OPENID_AUTH_LOGOUT = '/auth/openid/logout'; export const SAML_AUTH_LOGOUT = '/auth/saml/logout'; diff --git a/server/auth/types/authentication_type.ts b/server/auth/types/authentication_type.ts index 66b4ce14a..1b7d87cf6 100755 --- a/server/auth/types/authentication_type.ts +++ b/server/auth/types/authentication_type.ts @@ -31,7 +31,7 @@ import { SecuritySessionCookie } from '../../session/security_cookie'; import { SecurityClient } from '../../backend/opensearch_security_client'; import { resolveTenant, isValidTenant } from '../../multitenancy/tenant_resolver'; import { UnauthenticatedError } from '../../errors'; -import { GLOBAL_TENANT_SYMBOL } from '../../../common'; +import { ANONYMOUS_AUTH_HEADER, GLOBAL_TENANT_SYMBOL } from '../../../common'; export interface IAuthenticationType { type: string; @@ -115,7 +115,7 @@ export abstract class AuthenticationType implements IAuthenticationType { let authInfo: any | undefined; if (this.config.auth.anonymous_auth_enabled) { - const anonymousAuthHeaders = { _auth_request_type_: 'anonymous', authorization: 'Basic b3BlbmRpc3Ryb19zZWN1cml0eV9hbm9ueW1vdXM6b3BlbmRpc3Ryb19zZWN1cml0eV9hbm9ueW1vdXM=' }; + const anonymousAuthHeaders = { authorization: ANONYMOUS_AUTH_HEADER }; Object.assign(authHeaders, anonymousAuthHeaders); } @@ -162,7 +162,6 @@ export abstract class AuthenticationType implements IAuthenticationType { // send to auth workflow return this.handleUnauthedRequest(request, response, toolkit); } - console.log('we have a cookie: ' + JSON.stringify(cookie)); // extend session expiration time if (this.config.session.keepalive) { @@ -217,7 +216,6 @@ export abstract class AuthenticationType implements IAuthenticationType { } if (!authInfo) { authInfo = await this.securityClient.authinfo(request, authHeaders); - console.log(authInfo); } authState.authInfo = authInfo; diff --git a/server/auth/types/basic/routes.ts b/server/auth/types/basic/routes.ts index 2328c8c35..aed5cf587 100755 --- a/server/auth/types/basic/routes.ts +++ b/server/auth/types/basic/routes.ts @@ -23,6 +23,7 @@ import { SecurityPluginConfigType } from '../../..'; import { User } from '../../user'; import { SecurityClient } from '../../../backend/opensearch_security_client'; import { + ANONYMOUS_AUTH_HEADER, ANONYMOUS_AUTH_LOGIN, API_AUTH_LOGIN, API_AUTH_LOGOUT, @@ -186,13 +187,8 @@ export class BasicAuthRoutes { } context.security_plugin.logger.info('The Redirect Path is ' + redirectUrl); try { - // user = await this.securityClient.authenticateWithHeaders(request, { - // _auth_request_type_: 'anonymous', - // }); - // opendistro_security_anonymous:opendistro_security_anonymous - const authHeader = "b3BlbmRpc3Ryb19zZWN1cml0eV9hbm9ueW1vdXM6b3BlbmRpc3Ryb19zZWN1cml0eV9hbm9ueW1vdXM="; user = await this.securityClient.authenticateWithHeaders(request, { - authorization: `Basic ${authHeader}`, + authorization: ANONYMOUS_AUTH_HEADER, }); } catch (error) { context.security_plugin.logger.error( @@ -207,8 +203,6 @@ export class BasicAuthRoutes { }); } - console.log('Anon user: ' + JSON.stringify(user)); - this.sessionStorageFactory.asScoped(request).clear(); const sessionStorage: SecuritySessionCookie = { username: user.username, @@ -218,8 +212,7 @@ export class BasicAuthRoutes { }; if (user.multitenancy_enabled) { - request.headers._auth_request_type_ = 'anonymous'; - request.headers.authorization = 'Basic b3BlbmRpc3Ryb19zZWN1cml0eV9hbm9ueW1vdXM6b3BlbmRpc3Ryb19zZWN1cml0eV9hbm9ueW1vdXM='; + request.headers.authorization = ANONYMOUS_AUTH_HEADER; const selectTenant = resolveTenant({ request, username: user.username, @@ -238,8 +231,7 @@ export class BasicAuthRoutes { return response.redirected({ headers: { location: `${redirectUrl}`, - _auth_request_type_: "anonymous", - authorization: "Basic b3BlbmRpc3Ryb19zZWN1cml0eV9hbm9ueW1vdXM6b3BlbmRpc3Ryb19zZWN1cml0eV9hbm9ueW1vdXM=" + authorization: ANONYMOUS_AUTH_HEADER, }, }); } else { diff --git a/server/auth/types/multiple/multi_auth.ts b/server/auth/types/multiple/multi_auth.ts index 80dc66fec..840bcdcf1 100644 --- a/server/auth/types/multiple/multi_auth.ts +++ b/server/auth/types/multiple/multi_auth.ts @@ -172,7 +172,6 @@ export class MultipleAuthentication extends AuthenticationType { }, }); } else { - console.log('not a page request'); return response.unauthorized(); } }