Clean Up and Removing non required steps

Signed-off-by: Sam <[email protected]>
opensearch-project · Oct 12, 2023 · d75958e · d75958e
1 parent 8aeb4ff
commit d75958e
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 49 deletions.
diff --git a/server/auth/types/kerberos/kerberos_authentication.ts b/server/auth/types/kerberos/kerberos_authentication.ts
@@ -29,21 +29,26 @@ import {
   LifecycleResponseFactory,
   AuthToolkit,
 } from '../../../../../../src/core/server';
-import { KerberosAuthRoutes } from './routes';
-import { AuthType, KERBEROS_AUTH_LOGIN } from '../../../../common';
+import { KerberosAuthRoutes, WWW_AUTHENTICATE_HEADER_NAME } from './routes';
+import { KERBEROS_AUTH_LOGIN } from '../../../../common';
 
 export class KerberosAuthentication extends AuthenticationType {
   private authHeaderName: string;
 
   requestIncludesAuthInfo(request: OpenSearchDashboardsRequest): boolean {
-    return get(request.headers, 'authorization') ? true : false;
-  }
-  public isValidCookie(
-    cookie: SecuritySessionCookie,
-    request: OpenSearchDashboardsRequest<unknown, unknown, unknown, any>
-  ): Promise<boolean> {
-    throw new Error('isValidCookie method not implemented');
+    console.debug(
+      get(request.headers, 'authorization') &&
+        get(request.headers, 'authorization').toString().startsWith('Negotiate')
+    );
+    if (
+      get(request.headers, 'authorization') &&
+      get(request.headers, 'authorization').toString().startsWith('Negotiate')
+    ) {
+      return true;
+    }
+    return false;
   }
+
   public async init() {
     const kerberosAuthRoutes = new KerberosAuthRoutes(
       this.router,
@@ -67,58 +72,29 @@ export class KerberosAuthentication extends AuthenticationType {
 
     this.authHeaderName = 'authorization';
   }
-  buildAuthHeaderFromCookie(
-    cookie: SecuritySessionCookie,
-    request: OpenSearchDashboardsRequest
-  ): any {
-    throw new Error('buildAuthHeaderFromCookie method not implemented.');
-  }
 
   async getAdditionalAuthHeader(
     request: OpenSearchDashboardsRequest<unknown, unknown, unknown, any>
   ): Promise<any> {
     const header: any = {};
-    const token = get(request.headers, this.authHeaderName);
-    if (token) {
-      header[this.authHeaderName] = `${token}`;
-    }
     return header;
   }
 
   getCookie(request: OpenSearchDashboardsRequest, authInfo: any): SecuritySessionCookie {
-    const authorizationHeaderValue: string = request.headers[this.authHeaderName] as string;
-
-    return {
-      username: authInfo.user_name,
-      credentials: {
-        authHeaderValueExtra: true,
-      },
-      authType: AuthType.KERBEROS,
-      expiryTime: Date.now() + this.config.session.ttl,
-    };
+    return {};
   }
 
   handleUnauthedRequest(
     request: OpenSearchDashboardsRequest,
     response: LifecycleResponseFactory,
     toolkit: AuthToolkit
   ): IOpenSearchDashboardsResponse | AuthResult {
-    const serverBasePath = this.coreSetup.http.basePath.serverBasePath;
+    console.debug('Handling Unauthed Request');
 
-    const loginEndpoint = this.config.kerberos.login_endpoint;
-    if (loginEndpoint) {
-      console.log('redriecting to login endpoint in unauthedrequest');
-      return toolkit.redirected({
-        location: `${serverBasePath}` + KERBEROS_AUTH_LOGIN,
-      });
-    } else {
-      console.log('ERROROR');
-      return toolkit.notHandled(); // TODO: redirect to error page?
-    }
+    return response.unauthorized({
+      headers: {
+        [WWW_AUTHENTICATE_HEADER_NAME]: 'Negotiate',
+      },
+    });
   }
-
-  // public authHandler: AuthenticationHandler = async (request, response, toolkit) => {
-  //          return toolkit.notHandled();
-  //
-  //   }
 }
diff --git a/server/auth/types/kerberos/routes.ts b/server/auth/types/kerberos/routes.ts
@@ -53,15 +53,14 @@ export class KerberosAuthRoutes {
         },
       },
       async (context, request, response) => {
-        console.log('ASYNC HAHAHAH %J ', request.headers);
         if (request.auth.isAuthenticated) {
-          console.log('IS AUTHEITCATEDDDDDD');
           const nextUrl =
             request.query.nextUrl ||
             `${this.coreSetup.http.basePath.serverBasePath}/app/opensearch-dashboards`;
           response.redirected({
             headers: {
               location: nextUrl,
+              authorization: request.headers.authorization,
             },
           });
         }
@@ -137,14 +136,14 @@ export class KerberosAuthRoutes {
     console.log(`Negotiating: ${negotiationProposal}`);
 
     const isNegotiating: boolean =
-      negotiationProposal.startsWith('Negotiate') || // Kerberos negotiation  //TODO
+      negotiationProposal.startsWith('Negotiate') || // Kerberos negotiation
       negotiationProposal === 'Basic realm="Authorization Required"'; // Basic auth negotiation
 
     // Browser should populate the header and repeat the request after the header is added...
     if (isNegotiating) {
       return response.unauthorized({
         headers: {
-          [WWW_AUTHENTICATE_HEADER_NAME]: 'Negotiate', // TODO
+          [WWW_AUTHENTICATE_HEADER_NAME]: negotiationProposal,
         },
       });
     }