Merge branch '7.5' into patch-1

elastic · Jan 30, 2020 · 530370f · 530370f
2 parents e67324d + 00af791
commit 530370f
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 14 deletions.
diff --git a/docs/api/saved-objects/import.asciidoc b/docs/api/saved-objects/import.asciidoc
@@ -49,7 +49,7 @@ Import an index pattern and dashboard:
 
 [source,js]
 --------------------------------------------------
-$ curl -X POST "localhost:5601/api/saved_objects/_import" -H "kbn-xsrf: true" --form [email protected] <1>
+$ curl -X POST "localhost:5601/api/saved_objects/_import" -H "kbn-xsrf: true" --form [email protected]
 --------------------------------------------------
 
 The `file.ndjson` file contains the following:

diff --git a/docs/user/security/authentication/index.asciidoc b/docs/user/security/authentication/index.asciidoc
@@ -1,6 +1,6 @@
 [role="xpack"]
 [[kibana-authentication]]
-=== Authentication in Kibana
+=== Authentication in {kib}
 ++++
 <titleabbrev>Authentication</titleabbrev>
 ++++
@@ -16,23 +16,23 @@
 [[basic-authentication]]
 ==== Basic authentication
 
-Basic authentication requires a username and password to successfully log in to {kib}. It is enabled by default and based on the Native security realm provided by {es}. The basic authentication provider uses a Kibana provided login form, and supports authentication using the `Authorization` request header's `Basic` scheme.
+To successfully log in to {kib}, basic authentication requires a username and password. Basic authentication is enabled by default, and is based on the Native security realm or LDAP security realm that is provided by {es}. The basic authentication provider uses a {kib} provided login form, and supports authentication using the `Authorization` request header `Basic` scheme.
 
-The session cookies that are issued by the basic authentication provider are stateless. Therefore, logging out of Kibana when using the basic authentication provider clears the session cookies from the browser but does not invalidate the session cookie for reuse.
+The session cookies that are issued by the basic authentication provider are stateless. Therefore, logging out of {kib} when using the basic authentication provider clears the session cookies from the browser, but does not invalidate the session cookie for reuse.
 
 For more information about basic authentication and built-in users, see
 {ref}/setting-up-authentication.html[User authentication].
 
 [[token-authentication]]
 ==== Token authentication
 
-Token authentication allows users to login using the same Kibana provided login form as basic authentication. The token authentication provider is built on {es}'s token APIs. The bearer tokens returned by {es}'s {ref}/security-api-get-token.html[get token API] can be used directly with Kibana using the `Authorization` request header with the `Bearer` scheme.
+Token authentication allows users to login using the same {kib} provided login form as basic authentication, and is based on the Native security realm or LDAP security realm that is provided by {es}. The token authentication provider is built on {es} token APIs. The bearer tokens returned by {es}'s {ref}/security-api-get-token.html[get token API] can be used directly with {kib} using the `Authorization` request header with the `Bearer` scheme.
 
-The session cookies that are issued by the token authentication provider are stateful, and logging out of Kibana invalidates the session cookies for reuse.
+The session cookies that are issued by the token authentication provider are stateful, and logging out of {kib} invalidates the session cookies for reuse.
 
-Prior to configuring Kibana, ensure token support is enabled in Elasticsearch. See the {ref}/security-api-get-token.html[Elasticsearch token API] documentation for more information.
+Prior to configuring {kib}, ensure token support is enabled in {es}. See the {ref}/security-api-get-token.html[{es} token API] documentation for more information.
 
-To enable the token authentication provider in Kibana, set the following value in your `kibana.yml`:
+To enable the token authentication provider in {kib}, set the following value in your `kibana.yml`:
 
 [source,yaml]
 --------------------------------------------------------------------------------
@@ -125,7 +125,7 @@ Basic authentication is supported _only_ if `basic` authentication provider is e
 
 At the beginning of the SAML handshake, {kib} stores the initial URL in the session cookie, so it can redirect the user back to that URL after successful SAML authentication.
 If the URL is long, the session cookie might exceed the maximum size supported by the browser--typically 4KB for all cookies per domain. When this happens, the session cookie is truncated,
-or dropped completely, and you might experience sporadic failures during SAML authentication. 
+or dropped completely, and you might experience sporadic failures during SAML authentication.
 
 To remedy this issue, you can decrease the maximum
 size of the URL that {kib} is allowed to store during the SAML handshake. The default value is 2KB.
@@ -182,15 +182,15 @@ Users will be able to access the login page and use Basic authentication by navi
 [float]
 ==== Single sign-on provider details
 
-The following sections apply both to <<saml>> and <<oidc>> 
+The following sections apply both to <<saml>> and <<oidc>>
 
 [float]
 ===== Access and refresh tokens
 
 Once the user logs in to {kib} Single Sign-On, either using SAML or OpenID Connect, {es} issues access and refresh tokens
 that {kib} encrypts and stores them in its own session cookie. This way, the user isn't redirected to the Identity Provider
-for every request that requires authentication. It also means that the {kib} session depends on the `xpack.security.sessionTimeout` 
-setting and the user is automatically logged out if the session expires. An access token that is stored in the session cookie 
+for every request that requires authentication. It also means that the {kib} session depends on the `xpack.security.sessionTimeout`
+setting and the user is automatically logged out if the session expires. An access token that is stored in the session cookie
 can expire, in  which case {kib} will automatically renew it with a one-time-use refresh token and store it in the same cookie.
 
 {kib} can only determine if an access token has expired if it receives a request that requires authentication. If both access

diff --git a/src/legacy/core_plugins/kibana/public/discover/controllers/discover.js b/src/legacy/core_plugins/kibana/public/discover/controllers/discover.js
@@ -688,7 +688,9 @@ function discoverController(
       $scope.$watch('state.query', (newQuery, oldQuery) => {
         if (!_.isEqual(newQuery, oldQuery)) {
           const query = migrateLegacyQuery(newQuery);
-          $scope.updateQueryAndFetch({ query });
+          if (!_.isEqual(query, newQuery)) {
+            $scope.updateQueryAndFetch({ query });
+          }
         }
       });
 
@@ -837,9 +839,14 @@ function discoverController(
   };
 
   $scope.updateQueryAndFetch = function({ query, dateRange }) {
+    const oldDateRange = timefilter.getTime();
     timefilter.setTime(dateRange);
     $state.query = query;
-    $scope.fetch();
+    // storing the updated timerange in the state will trigger a fetch
+    // call automatically, so only trigger fetch in case this is a refresh call (no changes in parameters).
+    if (_.isEqual(oldDateRange, dateRange)) {
+      $scope.fetch();
+    }
   };
 
   function onResults(resp) {