Skip to content

Commit

Permalink
Merge pull request #147 from sujithvm/opendistro-1.4
Browse files Browse the repository at this point in the history
Specify headers to be stored in session
  • Loading branch information
sujithvm authored Mar 9, 2020
2 parents 6a03a8d + 85b59e1 commit 30e80ad
Show file tree
Hide file tree
Showing 5 changed files with 107 additions and 15 deletions.
1 change: 1 addition & 0 deletions lib/auth/types/AuthType.js
Original file line number Diff line number Diff line change
Expand Up @@ -119,6 +119,7 @@ export default class AuthType {
authType: this.type,
authHeaderName: this.authHeaderName,
allowedHeaders: union(this.requestHeadersWhitelist, this.allowedAdditionalAuthHeaders),
headersToStoreInSession: this.allowedAdditionalAuthHeaders,
authenticateFunction: this.authenticate.bind(this),
validateAvailableTenants: this.validateAvailableTenants
}
Expand Down
6 changes: 4 additions & 2 deletions lib/session/sessionPlugin.js
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ internals.config = Joi.object({
authType: Joi.string().allow(null),
authHeaderName: Joi.string(),
allowedHeaders: Joi.array().default([]),
headersToStoreInSession: Joi.array().default([]),
authenticateFunction: Joi.func(),
validateAvailableTenants: Joi.boolean().default(true),
validateAvailableRoles: Joi.boolean().default(true)
Expand Down Expand Up @@ -116,10 +117,11 @@ const register = function (server, options) {
throw new MissingRoleError('No roles available for this user, please contact your system administrator.');
}

// If we used any additional auth headers when authenticating, we need to store them in the session
// Store only specified auth headers in the session.
// Headers stored in the session are added to every request coming in at AuthType#addAdditionalAuthHeaders .
authResponse.session.additionalAuthHeaders = null;
if (Object.keys(additionalAuthHeaders).length) {
authResponse.session.additionalAuthHeaders = additionalAuthHeaders;
authResponse.session.additionalAuthHeaders = filterAuthHeaders(additionalAuthHeaders, settings.headersToStoreInSession);
}

request.cookieAuth.set(authResponse.session);
Expand Down
14 changes: 1 addition & 13 deletions tests/AuthType.test.js
Original file line number Diff line number Diff line change
@@ -1,17 +1,5 @@
import AuthType from "../lib/auth/types/AuthType";

class MockServer {
config() {
return {
get: () => {
return null;
}
}
}
register(args) {
this.registerArgs = args;
}
}
import { MockServer } from './Mocks'

describe('AuthType tests', () => {
it('should contain only security_impersonate_as when no additional headers are passed', () => {
Expand Down
44 changes: 44 additions & 0 deletions tests/Mocks.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
class MockServer {
config() {
return {
get: () => {
return null;
}
}
}
ext(_, preAuthFunc) {
this.preAuthFunc = preAuthFunc;
}
register(args) {
this.registerArgs = args;
}
}

class MockRequest {
constructor() {
this.auth = {};
this.state = {};
this.cookieAuth = {
set(_) { }
};
}
}

class MockAuthResponse {
constructor() {
this.user = { roles: [""] };
this.session = {};
}
}

class MockHapi {
state(storageCookieName, storage) {
}
}

export {
MockServer,
MockRequest,
MockAuthResponse,
MockHapi
}
57 changes: 57 additions & 0 deletions tests/SessionPlugin.test.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
import { plugin } from "../lib/session/sessionPlugin";
import { MockServer, MockRequest, MockAuthResponse, MockHapi } from './Mocks'

describe('Session Plugin tests', () => {
var mockServer = new MockServer();
var request = new MockRequest();
var h = new MockHapi();
var authResponse = new MockAuthResponse();
const testHeaderKey1 = "test-header-key-1", testHeaderValue1 = "test-header-value-1";
const testHeaderKey2 = "test-header-key-2", testHeaderValue2 = "test-header-value-2";
var additionalAuthHeaders = {
[testHeaderKey1]: testHeaderValue1,
[testHeaderKey2]: testHeaderValue2
};

it('should store only 1 specified header in the session', () => {
// arrange
plugin.register(mockServer, { headersToStoreInSession:[testHeaderKey1] })
mockServer.preAuthFunc(request, h)

// act
request.auth.securitySessionStorage._handleAuthResponse({}, authResponse, additionalAuthHeaders)

// assert
const storedHeaders = authResponse.session.additionalAuthHeaders;
expect(storedHeaders).toHaveProperty(testHeaderKey1, testHeaderValue1);
expect(storedHeaders).not.toHaveProperty(testHeaderKey2);
});

it('should store 2 specified headers in the session', () => {
// arrange
plugin.register(mockServer, { headersToStoreInSession:[testHeaderKey1, testHeaderKey2] })
mockServer.preAuthFunc(request, h)

// act
request.auth.securitySessionStorage._handleAuthResponse({}, authResponse, additionalAuthHeaders)

// assert
const storedHeaders = authResponse.session.additionalAuthHeaders;
expect(storedHeaders).toHaveProperty(testHeaderKey1, testHeaderValue1);
expect(storedHeaders).toHaveProperty(testHeaderKey2, testHeaderValue2);
});

it('should store no headers in the session', () => {
// arrange
plugin.register(mockServer, { headersToStoreInSession:[] })
mockServer.preAuthFunc(request, h)

// act
request.auth.securitySessionStorage._handleAuthResponse({}, authResponse, additionalAuthHeaders)

// assert
const storedHeaders = authResponse.session.additionalAuthHeaders;
expect(storedHeaders).not.toHaveProperty(testHeaderKey1, testHeaderValue1);
expect(storedHeaders).not.toHaveProperty(testHeaderKey2, testHeaderValue2);
});
});

0 comments on commit 30e80ad

Please sign in to comment.