Skip to content

Commit

Permalink
Updates basic auth header to be a config constant
Browse files Browse the repository at this point in the history
Signed-off-by: Darshit Chanpura <[email protected]>
  • Loading branch information
DarshitChanpura committed Mar 11, 2024
1 parent cbdf7a6 commit a0f2db4
Show file tree
Hide file tree
Showing 4 changed files with 8 additions and 17 deletions.
2 changes: 2 additions & 0 deletions common/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,8 @@ export const OPENID_AUTH_LOGIN_WITH_FRAGMENT = '/auth/openid/captureUrlFragment'
export const SAML_AUTH_LOGIN = '/auth/saml/login';
export const SAML_AUTH_LOGIN_WITH_FRAGMENT = '/auth/saml/captureUrlFragment';
export const ANONYMOUS_AUTH_LOGIN = '/auth/anonymous';
export const ANONYMOUS_AUTH_HEADER =
'Basic b3BlbmRpc3Ryb19zZWN1cml0eV9hbm9ueW1vdXM6b3BlbmRpc3Ryb19zZWN1cnV0eV9hbm9ueW1vdXM=';

export const OPENID_AUTH_LOGOUT = '/auth/openid/logout';
export const SAML_AUTH_LOGOUT = '/auth/saml/logout';
Expand Down
6 changes: 2 additions & 4 deletions server/auth/types/authentication_type.ts
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ import { SecuritySessionCookie } from '../../session/security_cookie';
import { SecurityClient } from '../../backend/opensearch_security_client';
import { resolveTenant, isValidTenant } from '../../multitenancy/tenant_resolver';
import { UnauthenticatedError } from '../../errors';
import { GLOBAL_TENANT_SYMBOL } from '../../../common';
import { ANONYMOUS_AUTH_HEADER, GLOBAL_TENANT_SYMBOL } from '../../../common';

export interface IAuthenticationType {
type: string;
Expand Down Expand Up @@ -115,7 +115,7 @@ export abstract class AuthenticationType implements IAuthenticationType {
let authInfo: any | undefined;

if (this.config.auth.anonymous_auth_enabled) {
const anonymousAuthHeaders = { _auth_request_type_: 'anonymous', authorization: 'Basic b3BlbmRpc3Ryb19zZWN1cml0eV9hbm9ueW1vdXM6b3BlbmRpc3Ryb19zZWN1cml0eV9hbm9ueW1vdXM=' };
const anonymousAuthHeaders = { authorization: ANONYMOUS_AUTH_HEADER };
Object.assign(authHeaders, anonymousAuthHeaders);
}

Expand Down Expand Up @@ -162,7 +162,6 @@ export abstract class AuthenticationType implements IAuthenticationType {
// send to auth workflow
return this.handleUnauthedRequest(request, response, toolkit);
}
console.log('we have a cookie: ' + JSON.stringify(cookie));

// extend session expiration time
if (this.config.session.keepalive) {
Expand Down Expand Up @@ -217,7 +216,6 @@ export abstract class AuthenticationType implements IAuthenticationType {
}
if (!authInfo) {
authInfo = await this.securityClient.authinfo(request, authHeaders);
console.log(authInfo);
}
authState.authInfo = authInfo;

Expand Down
16 changes: 4 additions & 12 deletions server/auth/types/basic/routes.ts
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ import { SecurityPluginConfigType } from '../../..';
import { User } from '../../user';
import { SecurityClient } from '../../../backend/opensearch_security_client';
import {
ANONYMOUS_AUTH_HEADER,
ANONYMOUS_AUTH_LOGIN,
API_AUTH_LOGIN,
API_AUTH_LOGOUT,
Expand Down Expand Up @@ -186,13 +187,8 @@ export class BasicAuthRoutes {
}
context.security_plugin.logger.info('The Redirect Path is ' + redirectUrl);
try {
// user = await this.securityClient.authenticateWithHeaders(request, {
// _auth_request_type_: 'anonymous',
// });
// opendistro_security_anonymous:opendistro_security_anonymous
const authHeader = "b3BlbmRpc3Ryb19zZWN1cml0eV9hbm9ueW1vdXM6b3BlbmRpc3Ryb19zZWN1cml0eV9hbm9ueW1vdXM=";
user = await this.securityClient.authenticateWithHeaders(request, {
authorization: `Basic ${authHeader}`,
authorization: ANONYMOUS_AUTH_HEADER,
});
} catch (error) {
context.security_plugin.logger.error(
Expand All @@ -207,8 +203,6 @@ export class BasicAuthRoutes {
});
}

console.log('Anon user: ' + JSON.stringify(user));

this.sessionStorageFactory.asScoped(request).clear();
const sessionStorage: SecuritySessionCookie = {
username: user.username,
Expand All @@ -218,8 +212,7 @@ export class BasicAuthRoutes {
};

if (user.multitenancy_enabled) {
request.headers._auth_request_type_ = 'anonymous';
request.headers.authorization = 'Basic b3BlbmRpc3Ryb19zZWN1cml0eV9hbm9ueW1vdXM6b3BlbmRpc3Ryb19zZWN1cml0eV9hbm9ueW1vdXM=';
request.headers.authorization = ANONYMOUS_AUTH_HEADER;
const selectTenant = resolveTenant({
request,
username: user.username,
Expand All @@ -238,8 +231,7 @@ export class BasicAuthRoutes {
return response.redirected({
headers: {
location: `${redirectUrl}`,
_auth_request_type_: "anonymous",
authorization: "Basic b3BlbmRpc3Ryb19zZWN1cml0eV9hbm9ueW1vdXM6b3BlbmRpc3Ryb19zZWN1cml0eV9hbm9ueW1vdXM="
authorization: ANONYMOUS_AUTH_HEADER,
},
});
} else {
Expand Down
1 change: 0 additions & 1 deletion server/auth/types/multiple/multi_auth.ts
Original file line number Diff line number Diff line change
Expand Up @@ -172,7 +172,6 @@ export class MultipleAuthentication extends AuthenticationType {
},
});
} else {
console.log('not a page request');
return response.unauthorized();
}
}
Expand Down

0 comments on commit a0f2db4

Please sign in to comment.