Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Change files.
Browse files Browse the repository at this point in the history
azasypkin committed Dec 9, 2019

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
1 parent 4189b08 commit 94018c1
Showing 75 changed files with 2,340 additions and 2,062 deletions.
2 changes: 1 addition & 1 deletion docs/user/security/authentication/index.asciidoc
Original file line number Diff line number Diff line change
@@ -163,7 +163,7 @@ required by {kib}. If you want to use Third Party initiated SSO , then you must
+
[source,yaml]
--------------------------------------------------------------------------------
server.xsrf.whitelist: [/api/security/v1/oidc]
server.xsrf.whitelist: [/api/security/oidc/initiate_login]
--------------------------------------------------------------------------------

[float]
4 changes: 2 additions & 2 deletions test/common/services/security/user.ts
Original file line number Diff line number Diff line change
@@ -38,7 +38,7 @@ export class User {
public async create(username: string, user: any) {
this.log.debug(`creating user ${username}`);
const { data, status, statusText } = await this.axios.post(
`/api/security/v1/users/${username}`,
`/internal/security/users/${username}`,
{
username,
...user,
@@ -55,7 +55,7 @@ export class User {
public async delete(username: string) {
this.log.debug(`deleting user ${username}`);
const { data, status, statusText } = await this.axios.delete(
`/api/security/v1/users/${username}`
`/internal/security/users/${username}`
);
if (status !== 204) {
throw new Error(
7 changes: 0 additions & 7 deletions x-pack/legacy/plugins/security/common/constants.ts

This file was deleted.

5 changes: 3 additions & 2 deletions x-pack/legacy/plugins/security/common/model.ts
Original file line number Diff line number Diff line change
@@ -4,8 +4,9 @@
* you may not use this file except in compliance with the Elastic License.
*/

export { ApiKey } from './api_key';
export {
ApiKey,
ApiKeyToInvalidate,
AuthenticatedUser,
BuiltinESPrivileges,
EditUser,
@@ -19,4 +20,4 @@ export {
User,
canUserChangePassword,
getUserDisplayName,
} from '../../../../../plugins/security/common/model';
} from '../../../../plugins/security/common/model';
10 changes: 1 addition & 9 deletions x-pack/legacy/plugins/security/index.js
Original file line number Diff line number Diff line change
@@ -5,10 +5,6 @@
*/

import { resolve } from 'path';
import { initAuthenticateApi } from './server/routes/api/v1/authenticate';
import { initUsersApi } from './server/routes/api/v1/users';
import { initApiKeysApi } from './server/routes/api/v1/api_keys';
import { initIndicesApi } from './server/routes/api/v1/indices';
import { initOverwrittenSessionView } from './server/routes/views/overwritten_session';
import { initLoginView } from './server/routes/views/login';
import { initLogoutView } from './server/routes/views/logout';
@@ -34,7 +30,7 @@ export const security = (kibana) => new kibana.Plugin({
lifespan: Joi.any().description('This key is handled in the new platform security plugin ONLY'),
}).default(),
secureCookies: Joi.any().description('This key is handled in the new platform security plugin ONLY'),
loginAssistanceMessage: Joi.string().default(),
loginAssistanceMessage: Joi.any().description('This key is handled in the new platform security plugin ONLY'),
authorization: Joi.object({
legacyFallback: Joi.object({
enabled: Joi.boolean().default(true) // deprecated
@@ -144,10 +140,6 @@ export const security = (kibana) => new kibana.Plugin({

server.expose({ getUser: request => securityPlugin.authc.getCurrentUser(KibanaRequest.from(request)) });

initAuthenticateApi(securityPlugin, server);
initUsersApi(securityPlugin, server);
initApiKeysApi(server);
initIndicesApi(server);
initLoginView(securityPlugin, server);
initLogoutView(server);
initLoggedOutView(securityPlugin, server);
Original file line number Diff line number Diff line change
@@ -11,8 +11,8 @@ import 'plugins/security/services/auto_logout';

function isUnauthorizedResponseAllowed(response) {
const API_WHITELIST = [
'/api/security/v1/login',
'/api/security/v1/users/.*/password'
'/internal/security/login',
'/internal/security/users/.*/password'
];

const url = response.config.url;
4 changes: 2 additions & 2 deletions x-pack/legacy/plugins/security/public/lib/api.ts
Original file line number Diff line number Diff line change
@@ -7,12 +7,12 @@
import { kfetch } from 'ui/kfetch';
import { AuthenticatedUser, Role, User, EditUser } from '../../common/model';

const usersUrl = '/api/security/v1/users';
const usersUrl = '/internal/security/users';
const rolesUrl = '/api/security/role';

export class UserAPIClient {
public async getCurrentUser(): Promise<AuthenticatedUser> {
return await kfetch({ pathname: `/api/security/v1/me` });
return await kfetch({ pathname: `/internal/security/me` });
}

public async getUsers(): Promise<User[]> {
5 changes: 2 additions & 3 deletions x-pack/legacy/plugins/security/public/lib/api_keys_api.ts
Original file line number Diff line number Diff line change
@@ -5,8 +5,7 @@
*/

import { kfetch } from 'ui/kfetch';
import { ApiKey, ApiKeyToInvalidate } from '../../common/model/api_key';
import { INTERNAL_API_BASE_PATH } from '../../common/constants';
import { ApiKey, ApiKeyToInvalidate } from '../../common/model';

interface CheckPrivilegesResponse {
areApiKeysEnabled: boolean;
@@ -22,7 +21,7 @@ interface GetApiKeysResponse {
apiKeys: ApiKey[];
}

const apiKeysUrl = `${INTERNAL_API_BASE_PATH}/api_key`;
const apiKeysUrl = `/internal/security/api_key`;

export class ApiKeysApi {
public static async checkPrivileges(): Promise<CheckPrivilegesResponse> {
Original file line number Diff line number Diff line change
@@ -6,7 +6,7 @@
import { IHttpResponse } from 'angular';
import chrome from 'ui/chrome';

const apiBase = chrome.addBasePath(`/api/security/v1/fields`);
const apiBase = chrome.addBasePath(`/internal/security/fields`);

export async function getFields($http: any, query: string): Promise<string[]> {
return await $http
Original file line number Diff line number Diff line change
@@ -10,7 +10,7 @@ const module = uiModules.get('security', []);
module.service('shieldIndices', ($http, chrome) => {
return {
getFields: (query) => {
return $http.get(chrome.addBasePath(`/api/security/v1/fields/${query}`))
return $http.get(chrome.addBasePath(`/internal/security/fields/${query}`))
.then(response => response.data);
}
};
4 changes: 2 additions & 2 deletions x-pack/legacy/plugins/security/public/services/shield_user.js
Original file line number Diff line number Diff line change
@@ -10,7 +10,7 @@ import { uiModules } from 'ui/modules';

const module = uiModules.get('security', ['ngResource']);
module.service('ShieldUser', ($resource, chrome) => {
const baseUrl = chrome.addBasePath('/api/security/v1/users/:username');
const baseUrl = chrome.addBasePath('/internal/security/users/:username');
const ShieldUser = $resource(baseUrl, {
username: '@username'
}, {
@@ -21,7 +21,7 @@ module.service('ShieldUser', ($resource, chrome) => {
},
getCurrent: {
method: 'GET',
url: chrome.addBasePath('/api/security/v1/me')
url: chrome.addBasePath('/internal/security/me')
}
});

Original file line number Diff line number Diff line change
@@ -190,7 +190,7 @@ class BasicLoginFormUI extends Component<Props, State> {

const { username, password } = this.state;

http.post('./api/security/v1/login', { username, password }).then(
http.post('./internal/security/login', { username, password }).then(
() => (window.location.href = next),
(error: any) => {
const { statusCode = 500 } = error.data || {};
Original file line number Diff line number Diff line change
@@ -12,5 +12,5 @@ chrome
$window.sessionStorage.clear();

// Redirect user to the server logout endpoint to complete logout.
$window.location.href = chrome.addBasePath(`/api/security/v1/logout${$window.location.search}`);
$window.location.href = chrome.addBasePath(`/api/security/logout${$window.location.search}`);
});
Original file line number Diff line number Diff line change
@@ -29,7 +29,7 @@ import _ from 'lodash';
import { toastNotifications } from 'ui/notify';
// eslint-disable-next-line @kbn/eslint/no-restricted-paths
import { SectionLoading } from '../../../../../../../../../src/plugins/es_ui_shared/public/components/section_loading';
import { ApiKey, ApiKeyToInvalidate } from '../../../../../common/model/api_key';
import { ApiKey, ApiKeyToInvalidate } from '../../../../../common/model';
import { ApiKeysApi } from '../../../../lib/api_keys_api';
import { PermissionDenied } from './permission_denied';
import { EmptyPrompt } from './empty_prompt';
Original file line number Diff line number Diff line change
@@ -8,7 +8,7 @@ import React, { Fragment, useRef, useState } from 'react';
import { EuiConfirmModal, EuiOverlayMask } from '@elastic/eui';
import { toastNotifications } from 'ui/notify';
import { i18n } from '@kbn/i18n';
import { ApiKeyToInvalidate } from '../../../../../../common/model/api_key';
import { ApiKeyToInvalidate } from '../../../../../../common/model';
import { ApiKeysApi } from '../../../../../lib/api_keys_api';

interface Props {
Original file line number Diff line number Diff line change
@@ -39,7 +39,7 @@ const ELASTICSEARCH_PASSWORD = 'ELASTICSEARCH_PASSWORD';
/**
* The Kibana server endpoint used for authentication
*/
const LOGIN_API_ENDPOINT = '/api/security/v1/login';
const LOGIN_API_ENDPOINT = '/internal/security/login';

/**
* Authenticates with Kibana using, if specified, credentials specified by
@@ -68,7 +68,7 @@ const credentialsProvidedByEnvironment = (): boolean =>
* Authenticates with Kibana by reading credentials from the
* `CYPRESS_ELASTICSEARCH_USERNAME` and `CYPRESS_ELASTICSEARCH_PASSWORD`
* environment variables, and POSTing the username and password directly to
* Kibana's `security/v1/login` endpoint, bypassing the login page (for speed).
* Kibana's `/internal/security/login` endpoint, bypassing the login page (for speed).
*/
const loginViaEnvironmentCredentials = () => {
cy.log(
@@ -90,7 +90,7 @@ const loginViaEnvironmentCredentials = () => {
/**
* Authenticates with Kibana by reading credentials from the
* `kibana.dev.yml` file and POSTing the username and password directly to
* Kibana's `security/v1/login` endpoint, bypassing the login page (for speed).
* Kibana's `/internal/security/login` endpoint, bypassing the login page (for speed).
*/
const loginViaConfig = () => {
cy.log(
1 change: 0 additions & 1 deletion x-pack/plugins/security/common/constants.ts
Original file line number Diff line number Diff line change
@@ -7,4 +7,3 @@
export const GLOBAL_RESOURCE = '*';
export const APPLICATION_PREFIX = 'kibana-';
export const RESERVED_PRIVILEGES_APPLICATION_WILDCARD = 'kibana-*';
export const INTERNAL_API_BASE_PATH = '/internal/security';
1 change: 1 addition & 0 deletions x-pack/plugins/security/common/model/index.ts
Original file line number Diff line number Diff line change
@@ -4,6 +4,7 @@
* you may not use this file except in compliance with the Elastic License.
*/

export { ApiKey, ApiKeyToInvalidate } from './api_key';
export { User, EditUser, getUserDisplayName } from './user';
export { AuthenticatedUser, canUserChangePassword } from './authenticated_user';
export { BuiltinESPrivileges } from './builtin_es_privileges';
Original file line number Diff line number Diff line change
@@ -42,7 +42,7 @@ describe('OIDCAuthenticationProvider', () => {

describe('`login` method', () => {
it('redirects third party initiated login attempts to the OpenId Connect Provider.', async () => {
const request = httpServerMock.createKibanaRequest({ path: '/api/security/v1/oidc' });
const request = httpServerMock.createKibanaRequest({ path: '/api/security/oidc' });

mockOptions.client.callAsInternalUser.withArgs('shield.oidcPrepare').resolves({
state: 'statevalue',
@@ -205,28 +205,27 @@ describe('OIDCAuthenticationProvider', () => {
describe('authorization code flow', () => {
defineAuthenticationFlowTests(() => ({
request: httpServerMock.createKibanaRequest({
path: '/api/security/v1/oidc?code=somecodehere&state=somestatehere',
path: '/api/security/oidc?code=somecodehere&state=somestatehere',
}),
attempt: {
flow: OIDCAuthenticationFlow.AuthorizationCode,
authenticationResponseURI: '/api/security/v1/oidc?code=somecodehere&state=somestatehere',
authenticationResponseURI: '/api/security/oidc?code=somecodehere&state=somestatehere',
},
expectedRedirectURI: '/api/security/v1/oidc?code=somecodehere&state=somestatehere',
expectedRedirectURI: '/api/security/oidc?code=somecodehere&state=somestatehere',
}));
});

describe('implicit flow', () => {
defineAuthenticationFlowTests(() => ({
request: httpServerMock.createKibanaRequest({
path:
'/api/security/v1/oidc?authenticationResponseURI=http://kibana/api/security/v1/oidc/implicit#id_token=sometoken',
'/api/security/oidc?authenticationResponseURI=http://kibana/api/security/oidc/implicit#id_token=sometoken',
}),
attempt: {
flow: OIDCAuthenticationFlow.Implicit,
authenticationResponseURI:
'http://kibana/api/security/v1/oidc/implicit#id_token=sometoken',
authenticationResponseURI: 'http://kibana/api/security/oidc/implicit#id_token=sometoken',
},
expectedRedirectURI: 'http://kibana/api/security/v1/oidc/implicit#id_token=sometoken',
expectedRedirectURI: 'http://kibana/api/security/oidc/implicit#id_token=sometoken',
}));
});
});
Loading

0 comments on commit 94018c1

Please sign in to comment.