mirror of
https://github.com/elastic/kibana.git
synced 2025-04-24 09:48:58 -04:00
* Reporting cookies (#24177) * Switching Reporting to use session cookies explicitly * Fixing bug when security is explicitly disabled * Responding to feedback * Fixing yarn.lock * Fixing yarn.lock
This commit is contained in:
Brandon Kobel
GitHub
parent
86706e8b53
commit
7bac28be6b
23 changed files with 857 additions and 221 deletions
|
|
@ -28,6 +28,7 @@
|
|||
"@kbn/plugin-helpers": "link:../packages/kbn-plugin-helpers",
|
||||
"@kbn/test": "link:../packages/kbn-test",
|
||||
"@types/jest": "^22.2.3",
|
||||
"@types/cookie": "^0.3.1",
|
||||
"@types/pngjs": "^3.3.1",
|
||||
"abab": "^1.0.4",
|
||||
"ansicolors": "0.3.2",
|
||||
|
|
@ -98,9 +99,10 @@
|
|||
"bluebird": "3.1.1",
|
||||
"boom": "3.1.1",
|
||||
"brace": "0.11.1",
|
||||
"chrome-remote-interface": "0.24.2",
|
||||
"chrome-remote-interface": "0.26.1",
|
||||
"classnames": "2.2.5",
|
||||
"concat-stream": "1.5.1",
|
||||
"cookie": "^0.3.1",
|
||||
"d3": "3.5.6",
|
||||
"d3-scale": "1.0.6",
|
||||
"dedent": "^0.7.0",
|
||||
|
|
@ -115,6 +117,7 @@
|
|||
"history": "4.7.2",
|
||||
"humps": "2.0.1",
|
||||
"icalendar": "0.7.1",
|
||||
"iron": "4",
|
||||
"isomorphic-fetch": "2.2.1",
|
||||
"joi": "6.10.1",
|
||||
"jquery": "^3.3.1",
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ import { cryptoFactory } from '../../../server/lib/crypto';
|
|||
function createJobFn(server) {
|
||||
const crypto = cryptoFactory(server);
|
||||
|
||||
return async function createJob(jobParams, headers, request) {
|
||||
return async function createJob(jobParams, headers, serializedSession, request) {
|
||||
const serializedEncryptedHeaders = await crypto.encrypt(headers);
|
||||
|
||||
const savedObjectsClient = request.getSavedObjectsClient();
|
||||
|
|
|
|||
|
|
@ -0,0 +1,3 @@
|
|||
// Jest Snapshot v1, https://goo.gl/fbAQLP
|
||||
|
||||
exports[`throw an Error if the objectType, savedObjectId and relativeUrls are provided 1`] = `"objectType and savedObjectId should not be provided in addition to the relativeUrls"`;
|
||||
|
|
@ -61,7 +61,7 @@ export function compatibilityShimFactory(server) {
|
|||
queryString,
|
||||
browserTimezone,
|
||||
layout
|
||||
}, headers, request) {
|
||||
}, headers, serializedSession, request) {
|
||||
|
||||
if (objectType && savedObjectId && relativeUrls) {
|
||||
throw new Error('objectType and savedObjectId should not be provided in addition to the relativeUrls');
|
||||
|
|
@ -75,7 +75,7 @@ export function compatibilityShimFactory(server) {
|
|||
layout
|
||||
};
|
||||
|
||||
return await createJob(transformedJobParams, headers, request);
|
||||
return await createJob(transformedJobParams, headers, serializedSession, request);
|
||||
};
|
||||
};
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -29,7 +29,7 @@ test(`passes title through if provided`, async () => {
|
|||
const title = 'test title';
|
||||
|
||||
const createJobMock = jest.fn();
|
||||
await compatibilityShim(createJobMock)({ title, relativeUrl: '/something' }, null, createMockRequest());
|
||||
await compatibilityShim(createJobMock)({ title, relativeUrl: '/something' }, null, null, createMockRequest());
|
||||
|
||||
expect(createJobMock.mock.calls.length).toBe(1);
|
||||
expect(createJobMock.mock.calls[0][0].title).toBe(title);
|
||||
|
|
@ -48,7 +48,7 @@ test(`gets the title from the savedObject`, async () => {
|
|||
}
|
||||
});
|
||||
|
||||
await compatibilityShim(createJobMock)({ objectType: 'search', savedObjectId: 'abc' }, null, mockRequest);
|
||||
await compatibilityShim(createJobMock)({ objectType: 'search', savedObjectId: 'abc' }, null, null, mockRequest);
|
||||
|
||||
expect(createJobMock.mock.calls.length).toBe(1);
|
||||
expect(createJobMock.mock.calls[0][0].title).toBe(title);
|
||||
|
|
@ -67,7 +67,7 @@ test(`passes the objectType and savedObjectId to the savedObjectsClient`, async
|
|||
|
||||
const objectType = 'search';
|
||||
const savedObjectId = 'abc';
|
||||
await compatibilityShim(createJobMock)({ objectType, savedObjectId, }, null, mockRequest);
|
||||
await compatibilityShim(createJobMock)({ objectType, savedObjectId, }, null, null, mockRequest);
|
||||
|
||||
const getMock = mockRequest.getSavedObjectsClient().get.mock;
|
||||
expect(getMock.calls.length).toBe(1);
|
||||
|
|
@ -87,7 +87,7 @@ test(`logs deprecations when generating the title/relativeUrl using the savedObj
|
|||
}
|
||||
});
|
||||
|
||||
await compatibilityShim(createJobMock)({ objectType: 'search', savedObjectId: 'abc' }, null, mockRequest);
|
||||
await compatibilityShim(createJobMock)({ objectType: 'search', savedObjectId: 'abc' }, null, null, mockRequest);
|
||||
|
||||
expect(mockServer.log.mock.calls.length).toBe(2);
|
||||
expect(mockServer.log.mock.calls[0][0]).toEqual(['warning', 'reporting', 'deprecation']);
|
||||
|
|
@ -101,7 +101,7 @@ test(`passes objectType through`, async () => {
|
|||
const mockRequest = createMockRequest();
|
||||
|
||||
const objectType = 'foo';
|
||||
await compatibilityShim(createJobMock)({ title: 'test', relativeUrl: '/something', objectType }, null, mockRequest);
|
||||
await compatibilityShim(createJobMock)({ title: 'test', relativeUrl: '/something', objectType }, null, null, mockRequest);
|
||||
|
||||
expect(createJobMock.mock.calls.length).toBe(1);
|
||||
expect(createJobMock.mock.calls[0][0].objectType).toBe(objectType);
|
||||
|
|
@ -113,7 +113,7 @@ test(`passes the relativeUrls through`, async () => {
|
|||
const createJobMock = jest.fn();
|
||||
|
||||
const relativeUrls = ['/app/kibana#something', '/app/kibana#something-else'];
|
||||
await compatibilityShim(createJobMock)({ title: 'test', relativeUrls }, null, null);
|
||||
await compatibilityShim(createJobMock)({ title: 'test', relativeUrls }, null, null, null);
|
||||
expect(createJobMock.mock.calls.length).toBe(1);
|
||||
expect(createJobMock.mock.calls[0][0].relativeUrls).toBe(relativeUrls);
|
||||
});
|
||||
|
|
@ -123,7 +123,7 @@ const testSavedObjectRelativeUrl = (objectType, expectedUrl) => {
|
|||
const compatibilityShim = compatibilityShimFactory(createMockServer());
|
||||
const createJobMock = jest.fn();
|
||||
|
||||
await compatibilityShim(createJobMock)({ title: 'test', objectType, savedObjectId: 'abc', }, null, null);
|
||||
await compatibilityShim(createJobMock)({ title: 'test', objectType, savedObjectId: 'abc', }, null, null, null);
|
||||
expect(createJobMock.mock.calls.length).toBe(1);
|
||||
expect(createJobMock.mock.calls[0][0].relativeUrls).toEqual([expectedUrl]);
|
||||
});
|
||||
|
|
@ -137,7 +137,10 @@ test(`appends the queryString to the relativeUrl when generating from the savedO
|
|||
const compatibilityShim = compatibilityShimFactory(createMockServer());
|
||||
const createJobMock = jest.fn();
|
||||
|
||||
await compatibilityShim(createJobMock)({ title: 'test', objectType: 'search', savedObjectId: 'abc', queryString: 'foo=bar' }, null, null);
|
||||
await compatibilityShim(createJobMock)(
|
||||
{ title: 'test', objectType: 'search', savedObjectId: 'abc', queryString: 'foo=bar' },
|
||||
null, null, null
|
||||
);
|
||||
expect(createJobMock.mock.calls.length).toBe(1);
|
||||
expect(createJobMock.mock.calls[0][0].relativeUrls).toEqual(['/app/kibana#/discover/abc?foo=bar']);
|
||||
});
|
||||
|
|
@ -151,22 +154,24 @@ test(`throw an Error if the objectType, savedObjectId and relativeUrls are provi
|
|||
objectType: 'something',
|
||||
relativeUrls: ['/something'],
|
||||
savedObjectId: 'abc',
|
||||
}, null, null);
|
||||
}, null, null, null);
|
||||
|
||||
await expect(promise).rejects.toBeDefined();
|
||||
await expect(promise).rejects.toThrowErrorMatchingSnapshot();
|
||||
});
|
||||
|
||||
test(`passes headers and request through`, async () => {
|
||||
test(`passes headers, serializedSession and request through`, async () => {
|
||||
const compatibilityShim = compatibilityShimFactory(createMockServer());
|
||||
|
||||
const createJobMock = jest.fn();
|
||||
|
||||
const headers = {};
|
||||
const serializedSession = 'thisoldeserializedsession';
|
||||
const request = createMockRequest();
|
||||
|
||||
await compatibilityShim(createJobMock)({ title: 'test', relativeUrl: '/something' }, headers, request);
|
||||
await compatibilityShim(createJobMock)({ title: 'test', relativeUrl: '/something' }, headers, serializedSession, request);
|
||||
|
||||
expect(createJobMock.mock.calls.length).toBe(1);
|
||||
expect(createJobMock.mock.calls[0][1]).toBe(headers);
|
||||
expect(createJobMock.mock.calls[0][2]).toBe(request);
|
||||
expect(createJobMock.mock.calls[0][2]).toBe(serializedSession);
|
||||
expect(createJobMock.mock.calls[0][3]).toBe(request);
|
||||
});
|
||||
|
|
|
|||
|
|
@ -18,14 +18,16 @@ function createJobFn(server) {
|
|||
relativeUrls,
|
||||
browserTimezone,
|
||||
layout
|
||||
}, headers) {
|
||||
}, headers, serializedSession) {
|
||||
const serializedEncryptedHeaders = await crypto.encrypt(headers);
|
||||
const encryptedSerializedSession = await crypto.encrypt(serializedSession);
|
||||
|
||||
return {
|
||||
type: objectType,
|
||||
title: title,
|
||||
objects: relativeUrls.map(u => ({ relativeUrl: u })),
|
||||
headers: serializedEncryptedHeaders,
|
||||
session: encryptedSerializedSession,
|
||||
browserTimezone,
|
||||
layout,
|
||||
forceNow: new Date().toISOString(),
|
||||
|
|
|
|||
|
|
@ -0,0 +1,9 @@
|
|||
// Jest Snapshot v1, https://goo.gl/fbAQLP
|
||||
|
||||
exports[`headers it fails if it can't decrypt the headers 1`] = `"Failed to decrypt report job data. Please re-generate this report."`;
|
||||
|
||||
exports[`sessionCookie it fails if it can't decrypt the session 1`] = `"Failed to decrypt report job data. Please re-generate this report."`;
|
||||
|
||||
exports[`sessionCookie it throws error if cookie name can't be determined 1`] = `"Unable to determine the session cookie name"`;
|
||||
|
||||
exports[`urls it throw error if full URL is provided that is not a Kibana URL 1`] = `"Unable to generate report for url https://localhost/app/kibana, it's not a Kibana URL"`;
|
||||
|
|
@ -5,10 +5,22 @@
|
|||
*/
|
||||
|
||||
import url from 'url';
|
||||
import cookie from 'cookie';
|
||||
import { getAbsoluteUrlFactory } from './get_absolute_url';
|
||||
import { cryptoFactory } from '../../../../server/lib/crypto';
|
||||
|
||||
export function compatibilityShimFactory(server) {
|
||||
const getAbsoluteUrl = getAbsoluteUrlFactory(server);
|
||||
const crypto = cryptoFactory(server);
|
||||
|
||||
const decryptJobHeaders = async (job) => {
|
||||
try {
|
||||
const decryptedHeaders = await crypto.decrypt(job.headers);
|
||||
return decryptedHeaders;
|
||||
} catch (err) {
|
||||
throw new Error('Failed to decrypt report job data. Please re-generate this report.');
|
||||
}
|
||||
};
|
||||
|
||||
const getSavedObjectAbsoluteUrl = (savedObj) => {
|
||||
if (savedObj.urlHash) {
|
||||
|
|
@ -27,11 +39,49 @@ export function compatibilityShimFactory(server) {
|
|||
throw new Error(`Unable to generate report for url ${savedObj.url}, it's not a Kibana URL`);
|
||||
};
|
||||
|
||||
const getSerializedSession = async (decryptedHeaders, jobSession) => {
|
||||
if (!server.plugins.security) {
|
||||
return null;
|
||||
}
|
||||
|
||||
if (jobSession) {
|
||||
try {
|
||||
return await crypto.decrypt(jobSession);
|
||||
} catch (err) {
|
||||
throw new Error('Failed to decrypt report job data. Please re-generate this report.');
|
||||
}
|
||||
}
|
||||
|
||||
const cookies = decryptedHeaders.cookie ? cookie.parse(decryptedHeaders.cookie) : null;
|
||||
if (cookies === null) {
|
||||
return null;
|
||||
}
|
||||
|
||||
const cookieName = server.plugins.security.getSessionCookieOptions().name;
|
||||
if (!cookieName) {
|
||||
throw new Error('Unable to determine the session cookie name');
|
||||
}
|
||||
|
||||
return cookies[cookieName];
|
||||
};
|
||||
|
||||
return function (executeJob) {
|
||||
return async function (job, cancellationToken) {
|
||||
const urls = job.objects.map(getSavedObjectAbsoluteUrl);
|
||||
const decryptedHeaders = await decryptJobHeaders(job);
|
||||
const authorizationHeader = decryptedHeaders.authorization;
|
||||
const serializedSession = await getSerializedSession(decryptedHeaders, job.session);
|
||||
|
||||
return await executeJob({ ...job, urls }, cancellationToken);
|
||||
return await executeJob({
|
||||
title: job.title,
|
||||
browserTimezone: job.browserTimezone,
|
||||
layout: job.layout,
|
||||
basePath: job.basePath,
|
||||
forceNow: job.forceNow,
|
||||
urls,
|
||||
authorizationHeader,
|
||||
serializedSession,
|
||||
}, cancellationToken);
|
||||
};
|
||||
};
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -5,12 +5,14 @@
|
|||
*/
|
||||
|
||||
import { compatibilityShimFactory } from './compatibility_shim';
|
||||
import { cryptoFactory } from '../../../../server/lib/crypto';
|
||||
|
||||
const createMockServer = () => {
|
||||
const createMockServer = ({ security = null } = {}) => {
|
||||
const config = {
|
||||
'server.host': 'localhost',
|
||||
'server.port': '5601',
|
||||
'server.basePath': '',
|
||||
'xpack.reporting.encryptionKey': '1234567890qwerty'
|
||||
};
|
||||
|
||||
return {
|
||||
|
|
@ -23,63 +25,302 @@ const createMockServer = () => {
|
|||
return {
|
||||
get: key => config[key]
|
||||
};
|
||||
},
|
||||
plugins: {
|
||||
security
|
||||
}
|
||||
};
|
||||
};
|
||||
|
||||
test(`it throw error if full URL is provided that is not a Kibana URL`, async () => {
|
||||
const mockCreateJob = jest.fn();
|
||||
const compatibilityShim = compatibilityShimFactory(createMockServer());
|
||||
const encrypt = async (mockServer, headers) => {
|
||||
const crypto = cryptoFactory(mockServer);
|
||||
return await crypto.encrypt(headers);
|
||||
};
|
||||
|
||||
await expect(compatibilityShim(mockCreateJob)({ query: '', objects: [ { url: 'https://localhost/app/kibana' } ] })).rejects.toBeDefined();
|
||||
});
|
||||
describe('urls', () => {
|
||||
test(`it throw error if full URL is provided that is not a Kibana URL`, async () => {
|
||||
const mockCreateJob = jest.fn();
|
||||
const compatibilityShim = compatibilityShimFactory(createMockServer());
|
||||
|
||||
test(`it passes url through if it is a Kibana URL`, async () => {
|
||||
const mockCreateJob = jest.fn();
|
||||
const compatibilityShim = compatibilityShimFactory(createMockServer());
|
||||
await expect(compatibilityShim(mockCreateJob)({ query: '', objects: [ { url: 'https://localhost/app/kibana' } ] })).rejects.toThrowErrorMatchingSnapshot();
|
||||
});
|
||||
|
||||
const url = 'http://localhost:5601/app/kibana/#visualize';
|
||||
await compatibilityShim(mockCreateJob)({ objects: [ { url } ] });
|
||||
expect(mockCreateJob.mock.calls.length).toBe(1);
|
||||
expect(mockCreateJob.mock.calls[0][0].objects[0].url).toBe(url);
|
||||
});
|
||||
test(`it passes url through if it is a Kibana URL`, async () => {
|
||||
const mockExecuteJob = jest.fn();
|
||||
const headers = {};
|
||||
const mockServer = createMockServer();
|
||||
const encryptedHeaders = await encrypt(mockServer, headers);
|
||||
const compatibilityShim = compatibilityShimFactory(mockServer);
|
||||
|
||||
test(`it generates the absolute url if a urlHash is provided`, async () => {
|
||||
const mockCreateJob = jest.fn();
|
||||
const compatibilityShim = compatibilityShimFactory(createMockServer());
|
||||
const url = 'http://localhost:5601/app/kibana/#visualize';
|
||||
await compatibilityShim(mockExecuteJob)({ objects: [ { url } ], headers: encryptedHeaders });
|
||||
expect(mockExecuteJob.mock.calls.length).toBe(1);
|
||||
expect(mockExecuteJob.mock.calls[0][0].urls[0]).toBe(url);
|
||||
});
|
||||
|
||||
const urlHash = '#visualize';
|
||||
await compatibilityShim(mockCreateJob)({ objects: [ { urlHash } ] });
|
||||
expect(mockCreateJob.mock.calls.length).toBe(1);
|
||||
expect(mockCreateJob.mock.calls[0][0].urls[0]).toBe('http://localhost:5601/app/kibana#visualize');
|
||||
});
|
||||
test(`it generates the absolute url if a urlHash is provided`, async () => {
|
||||
const mockExecuteJob = jest.fn();
|
||||
const headers = {};
|
||||
const mockServer = createMockServer();
|
||||
const encryptedHeaders = await encrypt(mockServer, headers);
|
||||
const compatibilityShim = compatibilityShimFactory(mockServer);
|
||||
|
||||
test(`it generates the absolute url if a relativeUrl is provided`, async () => {
|
||||
const mockCreateJob = jest.fn();
|
||||
const compatibilityShim = compatibilityShimFactory(createMockServer());
|
||||
const urlHash = '#visualize';
|
||||
await compatibilityShim(mockExecuteJob)({ objects: [ { urlHash } ], headers: encryptedHeaders });
|
||||
expect(mockExecuteJob.mock.calls.length).toBe(1);
|
||||
expect(mockExecuteJob.mock.calls[0][0].urls[0]).toBe('http://localhost:5601/app/kibana#visualize');
|
||||
});
|
||||
|
||||
const relativeUrl = '/app/kibana#/visualize?';
|
||||
await compatibilityShim(mockCreateJob)({ objects: [ { relativeUrl } ] });
|
||||
expect(mockCreateJob.mock.calls.length).toBe(1);
|
||||
expect(mockCreateJob.mock.calls[0][0].urls[0]).toBe('http://localhost:5601/app/kibana#/visualize?');
|
||||
});
|
||||
test(`it generates the absolute url using server's basePath if a relativeUrl is provided`, async () => {
|
||||
const mockExecuteJob = jest.fn();
|
||||
const headers = {};
|
||||
const mockServer = createMockServer();
|
||||
const encryptedHeaders = await encrypt(mockServer, headers);
|
||||
const compatibilityShim = compatibilityShimFactory(mockServer);
|
||||
|
||||
test(`it generates the absolute url if a relativeUrl with querystring is provided`, async () => {
|
||||
const mockCreateJob = jest.fn();
|
||||
const compatibilityShim = compatibilityShimFactory(createMockServer());
|
||||
const relativeUrl = '/app/kibana#/visualize?';
|
||||
await compatibilityShim(mockExecuteJob)({ objects: [ { relativeUrl } ], headers: encryptedHeaders });
|
||||
expect(mockExecuteJob.mock.calls.length).toBe(1);
|
||||
expect(mockExecuteJob.mock.calls[0][0].urls[0]).toBe('http://localhost:5601/app/kibana#/visualize?');
|
||||
});
|
||||
|
||||
const relativeUrl = '/app/kibana?_t=123456789#/visualize?_g=()';
|
||||
await compatibilityShim(mockCreateJob)({ objects: [ { relativeUrl } ] });
|
||||
expect(mockCreateJob.mock.calls.length).toBe(1);
|
||||
expect(mockCreateJob.mock.calls[0][0].urls[0]).toBe('http://localhost:5601/app/kibana?_t=123456789#/visualize?_g=()');
|
||||
test(`it generates the absolute url using server's basePath if a relativeUrl with querystring is provided`, async () => {
|
||||
const mockExecuteJob = jest.fn();
|
||||
const headers = {};
|
||||
const mockServer = createMockServer();
|
||||
const encryptedHeaders = await encrypt(mockServer, headers);
|
||||
const compatibilityShim = compatibilityShimFactory(mockServer);
|
||||
|
||||
const relativeUrl = '/app/kibana?_t=123456789#/visualize?_g=()';
|
||||
await compatibilityShim(mockExecuteJob)({ objects: [ { relativeUrl } ], headers: encryptedHeaders });
|
||||
expect(mockExecuteJob.mock.calls.length).toBe(1);
|
||||
expect(mockExecuteJob.mock.calls[0][0].urls[0]).toBe('http://localhost:5601/app/kibana?_t=123456789#/visualize?_g=()');
|
||||
});
|
||||
});
|
||||
|
||||
test(`it passes the provided browserTimezone through`, async () => {
|
||||
const mockCreateJob = jest.fn();
|
||||
const compatibilityShim = compatibilityShimFactory(createMockServer());
|
||||
const mockExecuteJob = jest.fn();
|
||||
const headers = {};
|
||||
const mockServer = createMockServer();
|
||||
const encryptedHeaders = await encrypt(mockServer, headers);
|
||||
const compatibilityShim = compatibilityShimFactory(mockServer);
|
||||
|
||||
const browserTimezone = 'UTC';
|
||||
await compatibilityShim(mockCreateJob)({ browserTimezone, objects: [] });
|
||||
expect(mockCreateJob.mock.calls.length).toBe(1);
|
||||
expect(mockCreateJob.mock.calls[0][0].browserTimezone).toEqual(browserTimezone);
|
||||
await compatibilityShim(mockExecuteJob)({ browserTimezone, objects: [], headers: encryptedHeaders });
|
||||
expect(mockExecuteJob.mock.calls.length).toBe(1);
|
||||
expect(mockExecuteJob.mock.calls[0][0].browserTimezone).toEqual(browserTimezone);
|
||||
});
|
||||
|
||||
test(`it passes the provided title through`, async () => {
|
||||
const mockExecuteJob = jest.fn();
|
||||
const headers = {};
|
||||
const mockServer = createMockServer();
|
||||
const encryptedHeaders = await encrypt(mockServer, headers);
|
||||
const compatibilityShim = compatibilityShimFactory(mockServer);
|
||||
|
||||
const title = 'thetitle';
|
||||
await compatibilityShim(mockExecuteJob)({ title, objects: [], headers: encryptedHeaders });
|
||||
expect(mockExecuteJob.mock.calls.length).toBe(1);
|
||||
expect(mockExecuteJob.mock.calls[0][0].title).toEqual(title);
|
||||
});
|
||||
|
||||
test(`it passes the provided layout through`, async () => {
|
||||
const mockExecuteJob = jest.fn();
|
||||
const headers = {};
|
||||
const mockServer = createMockServer();
|
||||
const encryptedHeaders = await encrypt(mockServer, headers);
|
||||
const compatibilityShim = compatibilityShimFactory(mockServer);
|
||||
|
||||
const layout = Symbol();
|
||||
await compatibilityShim(mockExecuteJob)({ layout, objects: [], headers: encryptedHeaders });
|
||||
expect(mockExecuteJob.mock.calls.length).toBe(1);
|
||||
expect(mockExecuteJob.mock.calls[0][0].layout).toEqual(layout);
|
||||
});
|
||||
|
||||
test(`it passes the provided basePath through`, async () => {
|
||||
const mockExecuteJob = jest.fn();
|
||||
const headers = {};
|
||||
const mockServer = createMockServer();
|
||||
const encryptedHeaders = await encrypt(mockServer, headers);
|
||||
const compatibilityShim = compatibilityShimFactory(mockServer);
|
||||
|
||||
const basePath = '/foo/bar/baz';
|
||||
await compatibilityShim(mockExecuteJob)({ basePath, objects: [], headers: encryptedHeaders });
|
||||
expect(mockExecuteJob.mock.calls.length).toBe(1);
|
||||
expect(mockExecuteJob.mock.calls[0][0].basePath).toEqual(basePath);
|
||||
});
|
||||
|
||||
test(`it passes the provided forceNow through`, async () => {
|
||||
const mockExecuteJob = jest.fn();
|
||||
const headers = {};
|
||||
const mockServer = createMockServer();
|
||||
const encryptedHeaders = await encrypt(mockServer, headers);
|
||||
const compatibilityShim = compatibilityShimFactory(mockServer);
|
||||
|
||||
const forceNow = 'ISO 8601 Formatted Date';
|
||||
await compatibilityShim(mockExecuteJob)({ forceNow, objects: [], headers: encryptedHeaders });
|
||||
expect(mockExecuteJob.mock.calls.length).toBe(1);
|
||||
expect(mockExecuteJob.mock.calls[0][0].forceNow).toEqual(forceNow);
|
||||
});
|
||||
|
||||
describe('headers', () => {
|
||||
test(`it fails if it can't decrypt the headers`, async () => {
|
||||
const mockExecuteJob = jest.fn();
|
||||
const mockServer = createMockServer();
|
||||
const encryptedHeaders = 'imnotencryptedgrimacingface';
|
||||
const compatibilityShim = compatibilityShimFactory(mockServer);
|
||||
|
||||
await expect(compatibilityShim(mockExecuteJob)({ objects: [], headers: encryptedHeaders })).rejects.toThrowErrorMatchingSnapshot();
|
||||
});
|
||||
|
||||
test(`passes the authorization header through`, async () => {
|
||||
const mockExecuteJob = jest.fn();
|
||||
const headers = {
|
||||
authorization: 'foo',
|
||||
bar: 'quz',
|
||||
};
|
||||
const mockServer = createMockServer();
|
||||
const encryptedHeaders = await encrypt(mockServer, headers);
|
||||
const compatibilityShim = compatibilityShimFactory(mockServer);
|
||||
|
||||
await compatibilityShim(mockExecuteJob)({ objects: [], headers: encryptedHeaders });
|
||||
expect(mockExecuteJob.mock.calls.length).toBe(1);
|
||||
expect(mockExecuteJob.mock.calls[0][0].authorizationHeader).toEqual('foo');
|
||||
});
|
||||
});
|
||||
|
||||
describe('sessionCookie', () => {
|
||||
test(`it doesn't pass serializedSession through if server.plugins.security is null`, async () => {
|
||||
const mockExecuteJob = jest.fn();
|
||||
const mockServer = createMockServer();
|
||||
|
||||
const headers = {};
|
||||
const encryptedHeaders = await encrypt(mockServer, headers);
|
||||
|
||||
const session = 'asession';
|
||||
const encryptedSession = await encrypt(mockServer, session);
|
||||
|
||||
const compatibilityShim = compatibilityShimFactory(mockServer);
|
||||
await compatibilityShim(mockExecuteJob)({ objects: [], headers: encryptedHeaders, session: encryptedSession });
|
||||
expect(mockExecuteJob.mock.calls.length).toBe(1);
|
||||
expect(mockExecuteJob.mock.calls[0][0].serializedSession).toEqual(null);
|
||||
});
|
||||
|
||||
test(`it fails if it can't decrypt the session`, async () => {
|
||||
const mockExecuteJob = jest.fn();
|
||||
const mockServer = createMockServer({
|
||||
security: {}
|
||||
});
|
||||
|
||||
const headers = {};
|
||||
const encryptedHeaders = await encrypt(mockServer, headers);
|
||||
|
||||
const session = 'asession';
|
||||
|
||||
const compatibilityShim = compatibilityShimFactory(mockServer);
|
||||
|
||||
await expect(compatibilityShim(mockExecuteJob)({ objects: [], headers: encryptedHeaders, session }))
|
||||
.rejects
|
||||
.toThrowErrorMatchingSnapshot();
|
||||
});
|
||||
|
||||
test(`it passes decrypted session through`, async () => {
|
||||
const mockExecuteJob = jest.fn();
|
||||
const mockServer = createMockServer({
|
||||
security: {}
|
||||
});
|
||||
|
||||
const headers = {};
|
||||
const encryptedHeaders = await encrypt(mockServer, headers);
|
||||
|
||||
const session = 'asession';
|
||||
const encryptedSession = await encrypt(mockServer, session);
|
||||
|
||||
const compatibilityShim = compatibilityShimFactory(mockServer);
|
||||
await compatibilityShim(mockExecuteJob)({ objects: [], headers: encryptedHeaders, session: encryptedSession });
|
||||
expect(mockExecuteJob.mock.calls.length).toBe(1);
|
||||
expect(mockExecuteJob.mock.calls[0][0].serializedSession).toEqual(session);
|
||||
});
|
||||
|
||||
test(`it passes null if encrypted headers don't have any cookies`, async () => {
|
||||
const mockExecuteJob = jest.fn();
|
||||
const mockServer = createMockServer({
|
||||
security: {}
|
||||
});
|
||||
|
||||
const headers = {};
|
||||
const encryptedHeaders = await encrypt(mockServer, headers);
|
||||
|
||||
const compatibilityShim = compatibilityShimFactory(mockServer);
|
||||
await compatibilityShim(mockExecuteJob)({ objects: [], headers: encryptedHeaders, session: null });
|
||||
expect(mockExecuteJob.mock.calls.length).toBe(1);
|
||||
expect(mockExecuteJob.mock.calls[0][0].serializedSession).toEqual(null);
|
||||
});
|
||||
|
||||
test(`it passes null if encrypted headers doesn't have session cookie`, async () => {
|
||||
const mockExecuteJob = jest.fn();
|
||||
const mockServer = createMockServer({
|
||||
security: {
|
||||
getSessionCookieOptions() {
|
||||
return {
|
||||
name: 'sid',
|
||||
};
|
||||
}
|
||||
}
|
||||
});
|
||||
|
||||
const headers = {
|
||||
'foo': 'bar',
|
||||
};
|
||||
const encryptedHeaders = await encrypt(mockServer, headers);
|
||||
|
||||
const compatibilityShim = compatibilityShimFactory(mockServer);
|
||||
await compatibilityShim(mockExecuteJob)({ objects: [], headers: encryptedHeaders, session: null });
|
||||
expect(mockExecuteJob.mock.calls.length).toBe(1);
|
||||
expect(mockExecuteJob.mock.calls[0][0].serializedSession).toEqual(null);
|
||||
});
|
||||
|
||||
test(`it throws error if cookie name can't be determined`, async () => {
|
||||
const mockExecuteJob = jest.fn();
|
||||
const mockServer = createMockServer({
|
||||
security: {
|
||||
getSessionCookieOptions() {
|
||||
return {};
|
||||
}
|
||||
}
|
||||
});
|
||||
|
||||
const headers = {
|
||||
'cookie': 'foo=bar;',
|
||||
};
|
||||
const encryptedHeaders = await encrypt(mockServer, headers);
|
||||
|
||||
const compatibilityShim = compatibilityShimFactory(mockServer);
|
||||
await expect(compatibilityShim(mockExecuteJob)({ objects: [], headers: encryptedHeaders, session: null }))
|
||||
.rejects
|
||||
.toThrowErrorMatchingSnapshot();
|
||||
});
|
||||
|
||||
test(`it passes value of session cookie from the headers through`, async () => {
|
||||
const mockExecuteJob = jest.fn();
|
||||
const mockServer = createMockServer({
|
||||
security: {
|
||||
getSessionCookieOptions() {
|
||||
return {
|
||||
name: 'sid'
|
||||
};
|
||||
}
|
||||
}
|
||||
});
|
||||
|
||||
const headers = {
|
||||
'cookie': 'sid=foo; bar=quz;',
|
||||
};
|
||||
const encryptedHeaders = await encrypt(mockServer, headers);
|
||||
|
||||
const compatibilityShim = compatibilityShimFactory(mockServer);
|
||||
await compatibilityShim(mockExecuteJob)({ objects: [], headers: encryptedHeaders, session: null });
|
||||
expect(mockExecuteJob.mock.calls.length).toBe(1);
|
||||
expect(mockExecuteJob.mock.calls[0][0].serializedSession).toEqual('foo');
|
||||
});
|
||||
});
|
||||
|
|
|
|||
|
|
@ -6,44 +6,23 @@
|
|||
|
||||
import url from 'url';
|
||||
import * as Rx from 'rxjs';
|
||||
import { mergeMap, catchError, map, takeUntil } from 'rxjs/operators';
|
||||
import { omit } from 'lodash';
|
||||
import { mergeMap, map, takeUntil } from 'rxjs/operators';
|
||||
import { UI_SETTINGS_CUSTOM_PDF_LOGO } from '../../../../common/constants';
|
||||
import { oncePerServer } from '../../../../server/lib/once_per_server';
|
||||
import { generatePdfObservableFactory } from '../lib/generate_pdf';
|
||||
import { cryptoFactory } from '../../../../server/lib/crypto';
|
||||
import { compatibilityShimFactory } from './compatibility_shim';
|
||||
|
||||
const KBN_SCREENSHOT_HEADER_BLACKLIST = [
|
||||
'accept-encoding',
|
||||
'content-length',
|
||||
'content-type',
|
||||
'host',
|
||||
'referer',
|
||||
// `Transfer-Encoding` is hop-by-hop header that is meaningful
|
||||
// only for a single transport-level connection, and shouldn't
|
||||
// be stored by caches or forwarded by proxies.
|
||||
'transfer-encoding',
|
||||
];
|
||||
|
||||
function executeJobFn(server) {
|
||||
const generatePdfObservable = generatePdfObservableFactory(server);
|
||||
const crypto = cryptoFactory(server);
|
||||
const compatibilityShim = compatibilityShimFactory(server);
|
||||
|
||||
const decryptJobHeaders = async (job) => {
|
||||
const decryptedHeaders = await crypto.decrypt(job.headers);
|
||||
return { job, decryptedHeaders };
|
||||
};
|
||||
const config = server.config();
|
||||
|
||||
const omitBlacklistedHeaders = ({ job, decryptedHeaders }) => {
|
||||
const filteredHeaders = omit(decryptedHeaders, KBN_SCREENSHOT_HEADER_BLACKLIST);
|
||||
return { job, filteredHeaders };
|
||||
};
|
||||
|
||||
const getCustomLogo = async ({ job, filteredHeaders }) => {
|
||||
const getCustomLogo = async (job) => {
|
||||
const fakeRequest = {
|
||||
headers: filteredHeaders,
|
||||
headers: {
|
||||
...job.authorizationHeader && { authorization: job.authorizationHeader },
|
||||
}
|
||||
};
|
||||
|
||||
const savedObjects = server.savedObjects;
|
||||
|
|
@ -54,10 +33,29 @@ function executeJobFn(server) {
|
|||
|
||||
const logo = await uiSettings.get(UI_SETTINGS_CUSTOM_PDF_LOGO);
|
||||
|
||||
return { job, filteredHeaders, logo };
|
||||
return { job, logo };
|
||||
};
|
||||
|
||||
const addForceNowQuerystring = async ({ job, filteredHeaders, logo }) => {
|
||||
const getSessionCookie = async ({ job, logo }) => {
|
||||
if (!job.serializedSession) {
|
||||
return { job, logo, sessionCookie: null };
|
||||
}
|
||||
|
||||
const cookieOptions = await server.plugins.security.getSessionCookieOptions();
|
||||
const { httpOnly, name, path, secure } = cookieOptions;
|
||||
|
||||
return { job, logo, sessionCookie: {
|
||||
domain: config.get('xpack.reporting.kibanaServer.hostname') || config.get('server.host'),
|
||||
httpOnly,
|
||||
name,
|
||||
path,
|
||||
sameSite: 'Strict',
|
||||
secure,
|
||||
value: job.serializedSession,
|
||||
} };
|
||||
};
|
||||
|
||||
const addForceNowQuerystring = async ({ job, logo, sessionCookie }) => {
|
||||
const urls = job.urls.map(jobUrl => {
|
||||
if (!job.forceNow) {
|
||||
return jobUrl;
|
||||
|
|
@ -79,18 +77,16 @@ function executeJobFn(server) {
|
|||
hash: transformedHash
|
||||
});
|
||||
});
|
||||
return { job, filteredHeaders, logo, urls };
|
||||
return { job, logo, sessionCookie, urls };
|
||||
};
|
||||
|
||||
return compatibilityShim(function executeJob(jobToExecute, cancellationToken) {
|
||||
const process$ = Rx.of(jobToExecute).pipe(
|
||||
mergeMap(decryptJobHeaders),
|
||||
catchError(() => Rx.throwError('Failed to decrypt report job data. Please re-generate this report.')),
|
||||
map(omitBlacklistedHeaders),
|
||||
mergeMap(getCustomLogo),
|
||||
mergeMap(getSessionCookie),
|
||||
mergeMap(addForceNowQuerystring),
|
||||
mergeMap(({ job, filteredHeaders, logo, urls }) => {
|
||||
return generatePdfObservable(job.title, urls, job.browserTimezone, filteredHeaders, job.layout, logo);
|
||||
mergeMap(({ job, logo, sessionCookie, urls }) => {
|
||||
return generatePdfObservable(job.title, urls, job.browserTimezone, sessionCookie, job.layout, logo);
|
||||
}),
|
||||
map(buffer => ({
|
||||
content_type: 'application/pdf',
|
||||
|
|
|
|||
|
|
@ -17,7 +17,17 @@ const cancellationToken = {
|
|||
};
|
||||
|
||||
let mockServer;
|
||||
let config;
|
||||
beforeEach(() => {
|
||||
config = {
|
||||
'xpack.security.cookieName': 'sid',
|
||||
'xpack.reporting.encryptionKey': 'testencryptionkey',
|
||||
'xpack.reporting.kibanaServer.protocol': 'http',
|
||||
'xpack.reporting.kibanaServer.hostname': 'localhost',
|
||||
'xpack.reporting.kibanaServer.port': 5601,
|
||||
'server.basePath': ''
|
||||
};
|
||||
|
||||
mockServer = {
|
||||
expose: () => { },
|
||||
config: memoize(() => ({ get: jest.fn() })),
|
||||
|
|
@ -28,7 +38,8 @@ beforeEach(() => {
|
|||
callWithRequest: jest.fn()
|
||||
};
|
||||
})
|
||||
}
|
||||
},
|
||||
security: null,
|
||||
},
|
||||
savedObjects: {
|
||||
getScopedSavedObjectsClient: jest.fn(),
|
||||
|
|
@ -37,13 +48,7 @@ beforeEach(() => {
|
|||
};
|
||||
|
||||
mockServer.config().get.mockImplementation((key) => {
|
||||
return {
|
||||
'xpack.reporting.encryptionKey': 'testencryptionkey',
|
||||
'xpack.reporting.kibanaServer.protocol': 'http',
|
||||
'xpack.reporting.kibanaServer.hostname': 'localhost',
|
||||
'xpack.reporting.kibanaServer.port': 5601,
|
||||
'server.basePath': ''
|
||||
}[key];
|
||||
return config[key];
|
||||
});
|
||||
|
||||
generatePdfObservableFactory.mockReturnValue(jest.fn());
|
||||
|
|
@ -51,63 +56,105 @@ beforeEach(() => {
|
|||
|
||||
afterEach(() => generatePdfObservableFactory.mockReset());
|
||||
|
||||
const encryptHeaders = async (headers) => {
|
||||
const encrypt = async (headers) => {
|
||||
const crypto = cryptoFactory(mockServer);
|
||||
return await crypto.encrypt(headers);
|
||||
};
|
||||
|
||||
describe(`sessionCookie`, () => {
|
||||
test(`if serializedSession doesn't exist it doesn't pass sessionCookie to generatePdfObservable`, async () => {
|
||||
mockServer.plugins.security = {};
|
||||
const headers = {};
|
||||
const encryptedHeaders = await encrypt(headers);
|
||||
|
||||
test(`fails if it can't decrypt headers`, async () => {
|
||||
const executeJob = executeJobFactory(mockServer);
|
||||
await expect(executeJob({ objects: [], timeRange: {} }, cancellationToken)).rejects.toBeDefined();
|
||||
});
|
||||
const generatePdfObservable = generatePdfObservableFactory();
|
||||
generatePdfObservable.mockReturnValue(Rx.of(Buffer.from('')));
|
||||
|
||||
test(`passes in decrypted headers to generatePdf`, async () => {
|
||||
const headers = {
|
||||
foo: 'bar',
|
||||
baz: 'quix',
|
||||
};
|
||||
const executeJob = executeJobFactory(mockServer);
|
||||
await executeJob({ objects: [], headers: encryptedHeaders, session: null }, cancellationToken);
|
||||
|
||||
const generatePdfObservable = generatePdfObservableFactory();
|
||||
generatePdfObservable.mockReturnValue(Rx.of(Buffer.from('')));
|
||||
|
||||
const encryptedHeaders = await encryptHeaders(headers);
|
||||
const executeJob = executeJobFactory(mockServer);
|
||||
await executeJob({ objects: [], headers: encryptedHeaders }, cancellationToken);
|
||||
|
||||
expect(generatePdfObservable).toBeCalledWith(undefined, [], undefined, headers, undefined, undefined);
|
||||
});
|
||||
|
||||
test(`omits blacklisted headers`, async () => {
|
||||
const permittedHeaders = {
|
||||
foo: 'bar',
|
||||
baz: 'quix',
|
||||
};
|
||||
|
||||
const blacklistedHeaders = {
|
||||
'accept-encoding': '',
|
||||
'content-length': '',
|
||||
'content-type': '',
|
||||
'host': '',
|
||||
'transfer-encoding': '',
|
||||
};
|
||||
|
||||
const encryptedHeaders = await encryptHeaders({
|
||||
...permittedHeaders,
|
||||
...blacklistedHeaders
|
||||
expect(generatePdfObservable).toBeCalledWith(undefined, [], undefined, null, undefined, undefined);
|
||||
});
|
||||
|
||||
const generatePdfObservable = generatePdfObservableFactory();
|
||||
generatePdfObservable.mockReturnValue(Rx.of(Buffer.from('')));
|
||||
test(`if uses xpack.reporting.kibanaServer.hostname for domain of sessionCookie passed to generatePdfObservable`, async () => {
|
||||
const sessionCookieOptions = {
|
||||
httpOnly: true,
|
||||
name: 'foo',
|
||||
path: '/bar',
|
||||
secure: false,
|
||||
};
|
||||
mockServer.plugins.security = {
|
||||
getSessionCookieOptions() {
|
||||
return sessionCookieOptions;
|
||||
},
|
||||
};
|
||||
const headers = {};
|
||||
const encryptedHeaders = await encrypt(headers);
|
||||
|
||||
const executeJob = executeJobFactory(mockServer);
|
||||
await executeJob({ objects: [], headers: encryptedHeaders }, cancellationToken);
|
||||
const session = 'thisoldesession';
|
||||
const encryptedSession = await encrypt(session);
|
||||
|
||||
expect(generatePdfObservable).toBeCalledWith(undefined, [], undefined, permittedHeaders, undefined, undefined);
|
||||
const generatePdfObservable = generatePdfObservableFactory();
|
||||
generatePdfObservable.mockReturnValue(Rx.of(Buffer.from('')));
|
||||
|
||||
const executeJob = executeJobFactory(mockServer);
|
||||
await executeJob({ objects: [], headers: encryptedHeaders, session: encryptedSession }, cancellationToken);
|
||||
|
||||
expect(generatePdfObservable).toBeCalledWith(undefined, [], undefined, {
|
||||
domain: config['xpack.reporting.kibanaServer.hostname'],
|
||||
httpOnly: sessionCookieOptions.httpOnly,
|
||||
name: sessionCookieOptions.name,
|
||||
path: sessionCookieOptions.path,
|
||||
sameSite: 'Strict',
|
||||
secure: sessionCookieOptions.secure,
|
||||
value: session
|
||||
}, undefined, undefined);
|
||||
});
|
||||
|
||||
test(`if uses server.host and reporting config isn't set for domain of sessionCookie passed to generatePdfObservable`, async () => {
|
||||
config['xpack.reporting.kibanaServer.hostname'] = undefined;
|
||||
config['server.host'] = 'something.com';
|
||||
const sessionCookieOptions = {
|
||||
httpOnly: true,
|
||||
name: 'foo',
|
||||
path: '/bar',
|
||||
secure: false,
|
||||
};
|
||||
mockServer.plugins.security = {
|
||||
getSessionCookieOptions() {
|
||||
return sessionCookieOptions;
|
||||
},
|
||||
};
|
||||
const headers = {};
|
||||
const encryptedHeaders = await encrypt(headers);
|
||||
|
||||
const session = 'thisoldesession';
|
||||
const encryptedSession = await encrypt(session);
|
||||
|
||||
const generatePdfObservable = generatePdfObservableFactory();
|
||||
generatePdfObservable.mockReturnValue(Rx.of(Buffer.from('')));
|
||||
|
||||
const executeJob = executeJobFactory(mockServer);
|
||||
await executeJob({ objects: [], headers: encryptedHeaders, session: encryptedSession }, cancellationToken);
|
||||
|
||||
expect(generatePdfObservable).toBeCalledWith(undefined, [], undefined, {
|
||||
domain: config['server.host'],
|
||||
httpOnly: sessionCookieOptions.httpOnly,
|
||||
name: sessionCookieOptions.name,
|
||||
path: sessionCookieOptions.path,
|
||||
sameSite: 'Strict',
|
||||
secure: sessionCookieOptions.secure,
|
||||
value: session
|
||||
}, undefined, undefined);
|
||||
});
|
||||
});
|
||||
|
||||
test(`gets logo from uiSettings`, async () => {
|
||||
const encryptedHeaders = await encryptHeaders({});
|
||||
const authorizationHeader = 'thisoldeheader';
|
||||
const encryptedHeaders = await encrypt({
|
||||
authorization: authorizationHeader,
|
||||
thisotherheader: 'pleasedontshowup'
|
||||
});
|
||||
|
||||
const logo = 'custom-logo';
|
||||
mockServer.uiSettingsServiceFactory().get.mockReturnValue(logo);
|
||||
|
|
@ -118,12 +165,38 @@ test(`gets logo from uiSettings`, async () => {
|
|||
const executeJob = executeJobFactory(mockServer);
|
||||
await executeJob({ objects: [], headers: encryptedHeaders }, cancellationToken);
|
||||
|
||||
expect(mockServer.savedObjects.getScopedSavedObjectsClient).toBeCalledWith({
|
||||
headers: {
|
||||
authorization: authorizationHeader
|
||||
},
|
||||
});
|
||||
expect(mockServer.uiSettingsServiceFactory().get).toBeCalledWith('xpackReporting:customPdfLogo');
|
||||
expect(generatePdfObservable).toBeCalledWith(undefined, [], undefined, {}, undefined, logo);
|
||||
expect(generatePdfObservable).toBeCalledWith(undefined, [], undefined, null, undefined, logo);
|
||||
});
|
||||
|
||||
test(`doesn't pass authorization header if it doesn't exist when getting logo from uiSettings`, async () => {
|
||||
const encryptedHeaders = await encrypt({
|
||||
thisotherheader: 'pleasedontshowup'
|
||||
});
|
||||
|
||||
const logo = 'custom-logo';
|
||||
mockServer.uiSettingsServiceFactory().get.mockReturnValue(logo);
|
||||
|
||||
const generatePdfObservable = generatePdfObservableFactory();
|
||||
generatePdfObservable.mockReturnValue(Rx.of(Buffer.from('')));
|
||||
|
||||
const executeJob = executeJobFactory(mockServer);
|
||||
await executeJob({ objects: [], headers: encryptedHeaders }, cancellationToken);
|
||||
|
||||
expect(mockServer.savedObjects.getScopedSavedObjectsClient).toBeCalledWith({
|
||||
headers: {},
|
||||
});
|
||||
expect(mockServer.uiSettingsServiceFactory().get).toBeCalledWith('xpackReporting:customPdfLogo');
|
||||
expect(generatePdfObservable).toBeCalledWith(undefined, [], undefined, null, undefined, logo);
|
||||
});
|
||||
|
||||
test(`passes browserTimezone to generatePdf`, async () => {
|
||||
const encryptedHeaders = await encryptHeaders({});
|
||||
const encryptedHeaders = await encrypt({});
|
||||
|
||||
const generatePdfObservable = generatePdfObservableFactory();
|
||||
generatePdfObservable.mockReturnValue(Rx.of(Buffer.from('')));
|
||||
|
|
@ -133,11 +206,11 @@ test(`passes browserTimezone to generatePdf`, async () => {
|
|||
await executeJob({ objects: [], browserTimezone, headers: encryptedHeaders }, cancellationToken);
|
||||
|
||||
expect(mockServer.uiSettingsServiceFactory().get).toBeCalledWith('xpackReporting:customPdfLogo');
|
||||
expect(generatePdfObservable).toBeCalledWith(undefined, [], browserTimezone, {}, undefined, undefined);
|
||||
expect(generatePdfObservable).toBeCalledWith(undefined, [], browserTimezone, null, undefined, undefined);
|
||||
});
|
||||
|
||||
test(`adds forceNow to hash's query, if it exists`, async () => {
|
||||
const encryptedHeaders = await encryptHeaders({});
|
||||
const encryptedHeaders = await encrypt({});
|
||||
|
||||
const generatePdfObservable = generatePdfObservableFactory();
|
||||
generatePdfObservable.mockReturnValue(Rx.of(Buffer.from('')));
|
||||
|
|
@ -147,11 +220,11 @@ test(`adds forceNow to hash's query, if it exists`, async () => {
|
|||
|
||||
await executeJob({ objects: [{ relativeUrl: 'app/kibana#/something' }], forceNow, headers: encryptedHeaders }, cancellationToken);
|
||||
|
||||
expect(generatePdfObservable).toBeCalledWith(undefined, ['http://localhost:5601/app/kibana#/something?forceNow=2000-01-01T00%3A00%3A00.000Z'], undefined, {}, undefined, undefined);
|
||||
expect(generatePdfObservable).toBeCalledWith(undefined, ['http://localhost:5601/app/kibana#/something?forceNow=2000-01-01T00%3A00%3A00.000Z'], undefined, null, undefined, undefined);
|
||||
});
|
||||
|
||||
test(`appends forceNow to hash's query, if it exists`, async () => {
|
||||
const encryptedHeaders = await encryptHeaders({});
|
||||
const encryptedHeaders = await encrypt({});
|
||||
|
||||
const generatePdfObservable = generatePdfObservableFactory();
|
||||
generatePdfObservable.mockReturnValue(Rx.of(Buffer.from('')));
|
||||
|
|
@ -165,11 +238,11 @@ test(`appends forceNow to hash's query, if it exists`, async () => {
|
|||
headers: encryptedHeaders
|
||||
}, cancellationToken);
|
||||
|
||||
expect(generatePdfObservable).toBeCalledWith(undefined, ['http://localhost:5601/app/kibana#/something?_g=something&forceNow=2000-01-01T00%3A00%3A00.000Z'], undefined, {}, undefined, undefined);
|
||||
expect(generatePdfObservable).toBeCalledWith(undefined, ['http://localhost:5601/app/kibana#/something?_g=something&forceNow=2000-01-01T00%3A00%3A00.000Z'], undefined, null, undefined, undefined);
|
||||
});
|
||||
|
||||
test(`doesn't append forceNow query to url, if it doesn't exists`, async () => {
|
||||
const encryptedHeaders = await encryptHeaders({});
|
||||
const encryptedHeaders = await encrypt({});
|
||||
|
||||
const generatePdfObservable = generatePdfObservableFactory();
|
||||
generatePdfObservable.mockReturnValue(Rx.of(Buffer.from('')));
|
||||
|
|
@ -178,12 +251,12 @@ test(`doesn't append forceNow query to url, if it doesn't exists`, async () => {
|
|||
|
||||
await executeJob({ objects: [{ relativeUrl: 'app/kibana#/something' }], headers: encryptedHeaders }, cancellationToken);
|
||||
|
||||
expect(generatePdfObservable).toBeCalledWith(undefined, ['http://localhost:5601/app/kibana#/something'], undefined, {}, undefined, undefined);
|
||||
expect(generatePdfObservable).toBeCalledWith(undefined, ['http://localhost:5601/app/kibana#/something'], undefined, null, undefined, undefined);
|
||||
});
|
||||
|
||||
test(`returns content_type of application/pdf`, async () => {
|
||||
const executeJob = executeJobFactory(mockServer);
|
||||
const encryptedHeaders = await encryptHeaders({});
|
||||
const encryptedHeaders = await encrypt({});
|
||||
|
||||
const generatePdfObservable = generatePdfObservableFactory();
|
||||
generatePdfObservable.mockReturnValue(Rx.of(Buffer.from('')));
|
||||
|
|
@ -199,7 +272,7 @@ test(`returns content of generatePdf getBuffer base64 encoded`, async () => {
|
|||
generatePdfObservable.mockReturnValue(Rx.of(Buffer.from(testContent)));
|
||||
|
||||
const executeJob = executeJobFactory(mockServer);
|
||||
const encryptedHeaders = await encryptHeaders({});
|
||||
const encryptedHeaders = await encrypt({});
|
||||
const { content } = await executeJob({ objects: [], timeRange: {}, headers: encryptedHeaders }, cancellationToken);
|
||||
|
||||
expect(content).toEqual(Buffer.from(testContent).toString('base64'));
|
||||
|
|
|
|||
|
|
@ -33,9 +33,9 @@ function generatePdfObservableFn(server) {
|
|||
const captureConcurrency = 1;
|
||||
const getLayout = getLayoutFactory(server);
|
||||
|
||||
const urlScreenshotsObservable = (urls, headers, layout) => {
|
||||
const urlScreenshotsObservable = (urls, sessionCookie, layout) => {
|
||||
return Rx.from(urls).pipe(
|
||||
mergeMap(url => screenshotsObservable(url, headers, layout),
|
||||
mergeMap(url => screenshotsObservable(url, sessionCookie, layout),
|
||||
(outer, inner) => inner,
|
||||
captureConcurrency
|
||||
)
|
||||
|
|
@ -67,9 +67,11 @@ function generatePdfObservableFn(server) {
|
|||
};
|
||||
|
||||
|
||||
return function generatePdfObservable(title, urls, browserTimezone, headers, layoutParams, logo) {
|
||||
return function generatePdfObservable(title, urls, browserTimezone, sessionCookie, layoutParams, logo) {
|
||||
|
||||
const layout = getLayout(layoutParams);
|
||||
const screenshots$ = urlScreenshotsObservable(urls, headers, layout);
|
||||
|
||||
const screenshots$ = urlScreenshotsObservable(urls, sessionCookie, layout);
|
||||
|
||||
return screenshots$.pipe(
|
||||
toArray(),
|
||||
|
|
|
|||
|
|
@ -43,11 +43,11 @@ export function screenshotsObservableFactory(server) {
|
|||
}
|
||||
};
|
||||
|
||||
const openUrl = async (browser, url, headers) => {
|
||||
const openUrl = async (browser, url, sessionCookie) => {
|
||||
const waitForSelector = '.application';
|
||||
|
||||
await browser.open(url, {
|
||||
headers,
|
||||
sessionCookie,
|
||||
waitForSelector,
|
||||
});
|
||||
};
|
||||
|
|
@ -231,7 +231,7 @@ export function screenshotsObservableFactory(server) {
|
|||
return screenshots;
|
||||
};
|
||||
|
||||
return function screenshotsObservable(url, headers, layout) {
|
||||
return function screenshotsObservable(url, sessionCookie, layout) {
|
||||
|
||||
return Rx.defer(async () => await getPort()).pipe(
|
||||
mergeMap(bridgePort => {
|
||||
|
|
@ -259,7 +259,7 @@ export function screenshotsObservableFactory(server) {
|
|||
tap(browser => startRecording(browser)),
|
||||
tap(() => logger.debug(`opening ${url}`)),
|
||||
mergeMap(
|
||||
browser => openUrl(browser, url, headers),
|
||||
browser => openUrl(browser, url, sessionCookie),
|
||||
browser => browser
|
||||
),
|
||||
tap(() => logger.debug('injecting custom css')),
|
||||
|
|
|
|||
|
|
@ -30,7 +30,7 @@ export class HeadlessChromiumDriver {
|
|||
return result.result.value;
|
||||
}
|
||||
|
||||
async open(url, { headers, waitForSelector }) {
|
||||
async open(url, { sessionCookie, waitForSelector }) {
|
||||
this._logger.debug(`HeadlessChromiumDriver:opening url ${url}`);
|
||||
const { Network, Page } = this._client;
|
||||
await Promise.all([
|
||||
|
|
@ -39,7 +39,7 @@ export class HeadlessChromiumDriver {
|
|||
]);
|
||||
|
||||
await ignoreSSLErrorsBehavior(this._client.Security);
|
||||
await Network.setExtraHTTPHeaders({ headers });
|
||||
await Network.setCookie(sessionCookie);
|
||||
await Page.navigate({ url });
|
||||
await Page.loadEventFired();
|
||||
const { frameTree } = await Page.getResourceTree();
|
||||
|
|
|
|||
|
|
@ -18,14 +18,11 @@ export function PhantomDriver({ page, browser, zoom, logger }) {
|
|||
if (page === false || browser === false) throw new Error('Phantom instance is closed');
|
||||
};
|
||||
|
||||
const configurePage = (pageOptions) => {
|
||||
const configurePage = () => {
|
||||
const RESOURCE_TIMEOUT = 5000;
|
||||
return fromCallback(cb => page.set('resourceTimeout', RESOURCE_TIMEOUT, cb))
|
||||
.then(() => {
|
||||
if (zoom) return fromCallback(cb => page.set('zoomFactor', zoom, cb));
|
||||
})
|
||||
.then(() => {
|
||||
if (pageOptions.headers) return fromCallback(cb => page.set('customHeaders', pageOptions.headers, cb));
|
||||
});
|
||||
};
|
||||
|
||||
|
|
@ -33,9 +30,26 @@ export function PhantomDriver({ page, browser, zoom, logger }) {
|
|||
open(url, pageOptions) {
|
||||
validateInstance();
|
||||
|
||||
return configurePage(pageOptions)
|
||||
return configurePage()
|
||||
.then(() => logger.debug('Configured page'))
|
||||
.then(() => fromCallback(cb => page.open(url, cb)))
|
||||
.then(async (status) => {
|
||||
const { sessionCookie } = pageOptions;
|
||||
if (sessionCookie) {
|
||||
await fromCallback(cb => page.clearCookies(cb));
|
||||
// phantom doesn't support the SameSite option for the cookie, so we aren't setting it
|
||||
await fromCallback(cb => page.addCookie({
|
||||
name: sessionCookie.name,
|
||||
value: sessionCookie.value,
|
||||
path: sessionCookie.path,
|
||||
httponly: sessionCookie.httpOnly,
|
||||
secure: sessionCookie.secure,
|
||||
}, cb));
|
||||
return await fromCallback(cb => page.open(url, cb));
|
||||
} else {
|
||||
return status;
|
||||
}
|
||||
})
|
||||
.then(status => {
|
||||
logger.debug(`Page opened with status ${status}`);
|
||||
if (status !== 'success') throw new Error('URL open failed. Is the server running?');
|
||||
|
|
|
|||
|
|
@ -13,10 +13,10 @@ function enqueueJobFn(server) {
|
|||
const queueConfig = server.config().get('xpack.reporting.queue');
|
||||
const exportTypesRegistry = server.plugins.reporting.exportTypesRegistry;
|
||||
|
||||
return async function enqueueJob(exportTypeId, jobParams, user, headers, request) {
|
||||
return async function enqueueJob(exportTypeId, jobParams, user, headers, serializedSession, request) {
|
||||
const exportType = exportTypesRegistry.getById(exportTypeId);
|
||||
const createJob = exportType.createJobFactory(server);
|
||||
const payload = await createJob(jobParams, headers, request);
|
||||
const payload = await createJob(jobParams, headers, serializedSession, request);
|
||||
|
||||
const options = {
|
||||
timeout: queueConfig.timeout,
|
||||
|
|
|
|||
|
|
@ -110,9 +110,12 @@ export function main(server) {
|
|||
|
||||
async function handler(exportTypeId, jobParams, request, reply) {
|
||||
const user = request.pre.user;
|
||||
const headers = request.headers;
|
||||
const headers = {
|
||||
authorization: request.headers.authorization,
|
||||
};
|
||||
const serializedSession = server.plugins.security ? await server.plugins.security.serializeSession(request) : null;
|
||||
|
||||
const job = await enqueueJob(exportTypeId, jobParams, user, headers, request);
|
||||
const job = await enqueueJob(exportTypeId, jobParams, user, headers, serializedSession, request);
|
||||
|
||||
// return the queue's job information
|
||||
const jobJson = job.toJSON();
|
||||
|
|
|
|||
|
|
@ -518,4 +518,55 @@ describe('Authenticator', () => {
|
|||
}
|
||||
});
|
||||
});
|
||||
|
||||
describe('`serializeSession` method', () => {
|
||||
let serializeSession;
|
||||
beforeEach(async () => {
|
||||
config.get.withArgs('xpack.security.authProviders').returns(['basic']);
|
||||
config.get.withArgs('server.basePath').returns('/base-path');
|
||||
|
||||
await initAuthenticator(server);
|
||||
|
||||
// Second argument will be a method we'd like to test.
|
||||
serializeSession = server.expose.withArgs('serializeSession').firstCall.args[1];
|
||||
});
|
||||
|
||||
it('fails if request is not provided.', async () => {
|
||||
try {
|
||||
await serializeSession();
|
||||
expect().fail('`serializeSession` should fail.');
|
||||
} catch(err) {
|
||||
expect(err).to.be.a(Error);
|
||||
expect(err.message).to.be('Request should be a valid object, was [undefined].');
|
||||
}
|
||||
});
|
||||
|
||||
it('calls session.serialize with request', async () => {
|
||||
const request = {};
|
||||
const expectedResult = Symbol();
|
||||
session.serialize.withArgs(request).returns(Promise.resolve(expectedResult));
|
||||
const actualResult = await serializeSession(request);
|
||||
expect(actualResult).to.be(expectedResult);
|
||||
});
|
||||
});
|
||||
|
||||
describe('`getSessionCookieOptions` method', () => {
|
||||
let getSessionCookieOptions;
|
||||
beforeEach(async () => {
|
||||
config.get.withArgs('xpack.security.authProviders').returns(['basic']);
|
||||
config.get.withArgs('server.basePath').returns('/base-path');
|
||||
|
||||
await initAuthenticator(server);
|
||||
|
||||
// Second argument will be a method we'd like to test.
|
||||
getSessionCookieOptions = server.expose.withArgs('getSessionCookieOptions').firstCall.args[1];
|
||||
});
|
||||
|
||||
it('calls session.getCookieOptions', async () => {
|
||||
const expectedResult = Symbol();
|
||||
session.getCookieOptions.returns(Promise.resolve(expectedResult));
|
||||
const actualResult = await getSessionCookieOptions();
|
||||
expect(actualResult).to.be(expectedResult);
|
||||
});
|
||||
});
|
||||
});
|
||||
|
|
|
|||
|
|
@ -6,6 +6,7 @@
|
|||
|
||||
import expect from 'expect.js';
|
||||
import sinon from 'sinon';
|
||||
import iron from 'iron';
|
||||
|
||||
import { serverFixture } from '../../__tests__/__fixtures__/server';
|
||||
import { Session } from '../session';
|
||||
|
|
@ -45,6 +46,7 @@ describe('Session', () => {
|
|||
password: 'encryption-key',
|
||||
clearInvalid: true,
|
||||
validateFunc: sinon.match.func,
|
||||
isHttpOnly: true,
|
||||
isSecure: 'secure-cookies',
|
||||
path: 'base/path/'
|
||||
});
|
||||
|
|
@ -197,4 +199,87 @@ describe('Session', () => {
|
|||
sinon.assert.calledOnce(request.cookieAuth.clear);
|
||||
});
|
||||
});
|
||||
|
||||
describe('`serialize` method', () => {
|
||||
let session;
|
||||
beforeEach(async () => {
|
||||
config.get.withArgs('xpack.security.cookieName').returns('cookie-name');
|
||||
config.get.withArgs('xpack.security.encryptionKey').returns('encryption-key');
|
||||
session = await Session.create(server);
|
||||
});
|
||||
|
||||
it('returns null if state is null', async () => {
|
||||
const request = {
|
||||
_states: {
|
||||
}
|
||||
};
|
||||
|
||||
const returnValue = await session.serialize(request);
|
||||
expect(returnValue).to.eql(null);
|
||||
});
|
||||
|
||||
it('uses iron to encrypt the state with the set password', async () => {
|
||||
const stateValue = {
|
||||
foo: 'bar'
|
||||
};
|
||||
const request = {
|
||||
_states: {
|
||||
'cookie-name': {
|
||||
value: stateValue,
|
||||
}
|
||||
}
|
||||
};
|
||||
|
||||
sandbox.stub(iron, 'seal')
|
||||
.withArgs(stateValue, 'encryption-key', iron.defaults)
|
||||
.callsArgWith(3, null, 'serialized-value');
|
||||
|
||||
const returnValue = await session.serialize(request);
|
||||
expect(returnValue).to.eql('serialized-value');
|
||||
});
|
||||
|
||||
it(`rejects if iron can't seal the session`, async () => {
|
||||
const stateValue = {
|
||||
foo: 'bar'
|
||||
};
|
||||
const request = {
|
||||
_states: {
|
||||
'cookie-name': {
|
||||
value: stateValue,
|
||||
}
|
||||
}
|
||||
};
|
||||
|
||||
sandbox.stub(iron, 'seal')
|
||||
.withArgs(stateValue, 'encryption-key', iron.defaults)
|
||||
.callsArgWith(3, new Error('IDK'), null);
|
||||
|
||||
try {
|
||||
await session.serialize(request);
|
||||
expect().fail('`serialize` should fail.');
|
||||
} catch(err) {
|
||||
expect(err).to.be.a(Error);
|
||||
expect(err.message).to.be('IDK');
|
||||
}
|
||||
});
|
||||
});
|
||||
|
||||
describe('`getCookieOptions` method', () => {
|
||||
let session;
|
||||
beforeEach(async () => {
|
||||
config.get.withArgs('xpack.security.cookieName').returns('cookie-name');
|
||||
config.get.withArgs('xpack.security.secureCookies').returns('secure-cookies');
|
||||
config.get.withArgs('server.basePath').returns('base/path');
|
||||
session = await Session.create(server);
|
||||
});
|
||||
|
||||
it('returns cookie options', () => {
|
||||
expect(session.getCookieOptions()).to.eql({
|
||||
name: 'cookie-name',
|
||||
path: 'base/path/',
|
||||
httpOnly: true,
|
||||
secure: 'secure-cookies'
|
||||
});
|
||||
});
|
||||
});
|
||||
});
|
||||
|
|
|
|||
|
|
@ -209,6 +209,25 @@ class Authenticator {
|
|||
return DeauthenticationResult.notHandled();
|
||||
}
|
||||
|
||||
/**
|
||||
* Serializes the request's session.
|
||||
* @param {Hapi.Request} request HapiJS request instance.
|
||||
* @returns {Promise.<string>}
|
||||
*/
|
||||
async serializeSession(request) {
|
||||
assertRequest(request);
|
||||
|
||||
return await this._session.serialize(request);
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the options that we're using for the session cookie
|
||||
* @returns {CookieOptions}
|
||||
*/
|
||||
getSessionCookieOptions() {
|
||||
return this._session.getCookieOptions();
|
||||
}
|
||||
|
||||
/**
|
||||
* Instantiates authentication provider based on the provider key from config.
|
||||
* @param {string} providerType Provider type key.
|
||||
|
|
@ -277,6 +296,8 @@ export async function initAuthenticator(server) {
|
|||
server.expose('authenticate', (request) => authenticator.authenticate(request));
|
||||
server.expose('deauthenticate', (request) => authenticator.deauthenticate(request));
|
||||
server.expose('registerAuthScopeGetter', (scopeExtender) => authScope.registerGetter(scopeExtender));
|
||||
server.expose('serializeSession', (request) => authenticator.serializeSession(request));
|
||||
server.expose('getSessionCookieOptions', () => authenticator.getSessionCookieOptions());
|
||||
|
||||
server.expose('isAuthenticated', async (request) => {
|
||||
try {
|
||||
|
|
|
|||
|
|
@ -6,6 +6,8 @@
|
|||
|
||||
import hapiAuthCookie from 'hapi-auth-cookie';
|
||||
|
||||
import iron from 'iron';
|
||||
|
||||
const HAPI_STRATEGY_NAME = 'security-cookie';
|
||||
// Forbid applying of Hapi authentication strategies to routes automatically.
|
||||
const HAPI_STRATEGY_MODE = false;
|
||||
|
|
@ -16,6 +18,16 @@ function assertRequest(request) {
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* CookieOptions
|
||||
* @typedef {Object} CookieOptions
|
||||
* @property {string} name - The name of the cookie
|
||||
* @property {string} password - The password that is used to encrypt the cookie
|
||||
* @property {string} path - The path that is set for the cookie
|
||||
* @property {boolean} secure - Whether the cookie should only be sent over HTTPS
|
||||
* @property {?number} ttl - Session duration in ms. If `null` session will stay active until the browser is closed.
|
||||
*/
|
||||
|
||||
/**
|
||||
* Manages Kibana user session.
|
||||
*/
|
||||
|
|
@ -28,20 +40,20 @@ export class Session {
|
|||
_server = null;
|
||||
|
||||
/**
|
||||
* Session duration in ms. If `null` session will stay active until the browser is closed.
|
||||
* @type {?number}
|
||||
* Options for the cookie
|
||||
* @type {CookieOptions}
|
||||
* @private
|
||||
*/
|
||||
_ttl = null;
|
||||
_cookieOptions = null;
|
||||
|
||||
/**
|
||||
* Instantiates Session. Constructor is not supposed to be used directly. To make sure that all
|
||||
* `Session` dependencies/plugins are properly initialized one should use static `Session.create` instead.
|
||||
* @param {Hapi.Server} server HapiJS Server instance.
|
||||
*/
|
||||
constructor(server) {
|
||||
constructor(server, cookieOptions) {
|
||||
this._server = server;
|
||||
this._ttl = this._server.config().get('xpack.security.sessionTimeout');
|
||||
this._cookieOptions = cookieOptions;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -80,7 +92,7 @@ export class Session {
|
|||
|
||||
request.cookieAuth.set({
|
||||
value,
|
||||
expires: this._ttl && Date.now() + this._ttl
|
||||
expires: this._cookieOptions.ttl && Date.now() + this._cookieOptions.ttl
|
||||
});
|
||||
}
|
||||
|
||||
|
|
@ -95,6 +107,43 @@ export class Session {
|
|||
request.cookieAuth.clear();
|
||||
}
|
||||
|
||||
/**
|
||||
* Serializes current session.
|
||||
* @param {Hapi.Request} request HapiJS request instance.
|
||||
* @returns {Promise.<string>}
|
||||
*/
|
||||
async serialize(request) {
|
||||
const state = request._states[this._cookieOptions.name];
|
||||
if (!state) {
|
||||
return null;
|
||||
}
|
||||
|
||||
const value = await new Promise((resolve, reject) => {
|
||||
iron.seal(state.value, this._cookieOptions.password, iron.defaults, (err, result) => {
|
||||
if (err) {
|
||||
reject(err);
|
||||
} else {
|
||||
resolve(result);
|
||||
}
|
||||
});
|
||||
});
|
||||
|
||||
return value;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the options that we're using for the session cookie
|
||||
* @returns {CookieOptions}
|
||||
*/
|
||||
getCookieOptions() {
|
||||
return {
|
||||
name: this._cookieOptions.name,
|
||||
path: this._cookieOptions.path,
|
||||
httpOnly: this._cookieOptions.httpOnly,
|
||||
secure: this._cookieOptions.secure,
|
||||
};
|
||||
}
|
||||
|
||||
/**
|
||||
* Prepares and creates a session instance.
|
||||
* @param {Hapi.Server} server HapiJS Server instance.
|
||||
|
|
@ -113,16 +162,31 @@ export class Session {
|
|||
});
|
||||
|
||||
const config = server.config();
|
||||
const httpOnly = true;
|
||||
const name = config.get('xpack.security.cookieName');
|
||||
const password = config.get('xpack.security.encryptionKey');
|
||||
const path = `${config.get('server.basePath')}/`;
|
||||
const secure = config.get('xpack.security.secureCookies');
|
||||
const ttl = config.get(`xpack.security.sessionTimeout`);
|
||||
|
||||
server.auth.strategy(HAPI_STRATEGY_NAME, 'cookie', HAPI_STRATEGY_MODE, {
|
||||
cookie: config.get('xpack.security.cookieName'),
|
||||
password: config.get('xpack.security.encryptionKey'),
|
||||
cookie: name,
|
||||
password,
|
||||
clearInvalid: true,
|
||||
validateFunc: Session._validateCookie,
|
||||
isSecure: config.get('xpack.security.secureCookies'),
|
||||
path: `${config.get('server.basePath')}/`
|
||||
isHttpOnly: httpOnly,
|
||||
isSecure: secure,
|
||||
path: path,
|
||||
});
|
||||
|
||||
return new Session(server);
|
||||
return new Session(server, {
|
||||
httpOnly,
|
||||
name,
|
||||
password,
|
||||
path,
|
||||
secure,
|
||||
ttl,
|
||||
});
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -129,6 +129,11 @@
|
|||
url-join "^4.0.0"
|
||||
ws "^4.1.0"
|
||||
|
||||
"@types/cookie@^0.3.1":
|
||||
version "0.3.1"
|
||||
resolved "https://registry.yarnpkg.com/@types/cookie/-/cookie-0.3.1.tgz#720a756ea8e760a258708b52441bd341f1ef4296"
|
||||
integrity sha512-64Uv+8bTRVZHlbB8eXQgMP9HguxPgnOOIYrQpwHWrtLDrtcG/lILKhUl7bV65NSOIJ9dXGYD7skQFXzhL8tk1A==
|
||||
|
||||
"@types/delay@^2.0.1":
|
||||
version "2.0.1"
|
||||
resolved "https://registry.yarnpkg.com/@types/delay/-/delay-2.0.1.tgz#61bcf318a74b61e79d1658fbf054f984c90ef901"
|
||||
|
|
@ -1656,13 +1661,13 @@ chownr@^1.0.1:
|
|||
resolved "https://registry.yarnpkg.com/chownr/-/chownr-1.0.1.tgz#e2a75042a9551908bebd25b8523d5f9769d79181"
|
||||
integrity sha1-4qdQQqlVGQi+vSW4Uj1fl2nXkYE=
|
||||
|
||||
chrome-remote-interface@0.24.2:
|
||||
version "0.24.2"
|
||||
resolved "https://registry.yarnpkg.com/chrome-remote-interface/-/chrome-remote-interface-0.24.2.tgz#43a05440a1fa60b73769e72f3e7892ac11d66eba"
|
||||
integrity sha512-KmG2wHqlnTEPwdmc0baW4qpSEldN6zAHrkwCquo6wsFnOFkmvYZRv4Kbko7GylFyrLjbyUQzUCMwfxNIftIhvA==
|
||||
chrome-remote-interface@0.26.1:
|
||||
version "0.26.1"
|
||||
resolved "https://registry.yarnpkg.com/chrome-remote-interface/-/chrome-remote-interface-0.26.1.tgz#6c7d4479742b6d236752d716a9bc2d322d7d8ad2"
|
||||
integrity sha512-ela482aJK0riFu05sl+zdbnb3ezMiqzwsqf/f/27HngWds+Fat3vcZWpIoDoeQuWMid/+LfKAteAYWaWPqsweg==
|
||||
dependencies:
|
||||
commander "2.1.x"
|
||||
ws "2.0.x"
|
||||
commander "2.11.x"
|
||||
ws "^3.3.3"
|
||||
|
||||
ci-info@^1.0.0:
|
||||
version "1.1.2"
|
||||
|
|
@ -1849,10 +1854,10 @@ commander@0.6.1:
|
|||
resolved "https://registry.yarnpkg.com/commander/-/commander-0.6.1.tgz#fa68a14f6a945d54dbbe50d8cdb3320e9e3b1a06"
|
||||
integrity sha1-+mihT2qUXVTbvlDYzbMyDp47GgY=
|
||||
|
||||
commander@2.1.x:
|
||||
version "2.1.0"
|
||||
resolved "https://registry.yarnpkg.com/commander/-/commander-2.1.0.tgz#d121bbae860d9992a3d517ba96f56588e47c6781"
|
||||
integrity sha1-0SG7roYNmZKj1Re6lvVliOR8Z4E=
|
||||
commander@2.11.x:
|
||||
version "2.11.0"
|
||||
resolved "https://registry.yarnpkg.com/commander/-/commander-2.11.0.tgz#157152fd1e7a6c8d98a5b715cf376df928004563"
|
||||
integrity sha512-b0553uYA5YAEGgyYIGYROzKQ7X5RAqedkfjiZxwi0kL1g3bOaBNNZfYkzt/CL0umgD5wc9Jec2FbB98CjkMRvQ==
|
||||
|
||||
commander@2.12.2, commander@^2.9.0:
|
||||
version "2.12.2"
|
||||
|
|
@ -1955,6 +1960,11 @@ convert-source-map@^1.4.0, convert-source-map@^1.5.0:
|
|||
resolved "https://registry.yarnpkg.com/convert-source-map/-/convert-source-map-1.5.1.tgz#b8278097b9bc229365de5c62cf5fcaed8b5599e5"
|
||||
integrity sha1-uCeAl7m8IpNl3lxiz1/K7YtVmeU=
|
||||
|
||||
cookie@^0.3.1:
|
||||
version "0.3.1"
|
||||
resolved "https://registry.yarnpkg.com/cookie/-/cookie-0.3.1.tgz#e7e0a1f9ef43b4c8ba925c5c5a96e806d16873bb"
|
||||
integrity sha1-5+Ch+e9DtMi6klxcWpboBtFoc7s=
|
||||
|
||||
cookiejar@^2.1.0:
|
||||
version "2.1.1"
|
||||
resolved "https://registry.yarnpkg.com/cookiejar/-/cookiejar-2.1.1.tgz#41ad57b1b555951ec171412a81942b1e8200d34a"
|
||||
|
|
@ -4451,7 +4461,7 @@ ip@1.1.5:
|
|||
resolved "https://registry.yarnpkg.com/ip/-/ip-1.1.5.tgz#bdded70114290828c0a039e72ef25f5aaec4354a"
|
||||
integrity sha1-vd7XARQpCCjAoDnnLvJfWq7ENUo=
|
||||
|
||||
iron@4.x.x:
|
||||
iron@4, iron@4.x.x:
|
||||
version "4.0.5"
|
||||
resolved "https://registry.yarnpkg.com/iron/-/iron-4.0.5.tgz#4f042cceb8b9738f346b59aa734c83a89bc31428"
|
||||
integrity sha1-TwQszri5c480a1mqc0yDqJvDFCg=
|
||||
|
|
@ -10029,11 +10039,13 @@ write-file-atomic@^2.1.0:
|
|||
imurmurhash "^0.1.4"
|
||||
signal-exit "^3.0.2"
|
||||
|
||||
ws@2.0.x:
|
||||
version "2.0.3"
|
||||
resolved "https://registry.yarnpkg.com/ws/-/ws-2.0.3.tgz#532fd499c3f7d7d720e543f1f807106cfc57d9cb"
|
||||
integrity sha1-Uy/UmcP319cg5UPx+AcQbPxX2cs=
|
||||
ws@^3.3.3:
|
||||
version "3.3.3"
|
||||
resolved "https://registry.yarnpkg.com/ws/-/ws-3.3.3.tgz#f1cf84fe2d5e901ebce94efaece785f187a228f2"
|
||||
integrity sha512-nnWLa/NwZSt4KQJu51MYlCcSQ5g7INpOrOMt4XV8j4dqTXdmlUmSHQ8/oLC069ckre0fRsgfvsKwbTdtKLCDkA==
|
||||
dependencies:
|
||||
async-limiter "~1.0.0"
|
||||
safe-buffer "~5.1.0"
|
||||
ultron "~1.1.0"
|
||||
|
||||
ws@^4.1.0:
|
||||
|
|
|
|||
34
yarn.lock
34
yarn.lock
|
|
@ -3209,13 +3209,13 @@ chownr@^1.0.1:
|
|||
resolved "https://registry.yarnpkg.com/chownr/-/chownr-1.0.1.tgz#e2a75042a9551908bebd25b8523d5f9769d79181"
|
||||
integrity sha1-4qdQQqlVGQi+vSW4Uj1fl2nXkYE=
|
||||
|
||||
chrome-remote-interface@0.24.2:
|
||||
version "0.24.2"
|
||||
resolved "https://registry.yarnpkg.com/chrome-remote-interface/-/chrome-remote-interface-0.24.2.tgz#43a05440a1fa60b73769e72f3e7892ac11d66eba"
|
||||
integrity sha512-KmG2wHqlnTEPwdmc0baW4qpSEldN6zAHrkwCquo6wsFnOFkmvYZRv4Kbko7GylFyrLjbyUQzUCMwfxNIftIhvA==
|
||||
chrome-remote-interface@0.26.1:
|
||||
version "0.26.1"
|
||||
resolved "https://registry.yarnpkg.com/chrome-remote-interface/-/chrome-remote-interface-0.26.1.tgz#6c7d4479742b6d236752d716a9bc2d322d7d8ad2"
|
||||
integrity sha512-ela482aJK0riFu05sl+zdbnb3ezMiqzwsqf/f/27HngWds+Fat3vcZWpIoDoeQuWMid/+LfKAteAYWaWPqsweg==
|
||||
dependencies:
|
||||
commander "2.1.x"
|
||||
ws "2.0.x"
|
||||
commander "2.11.x"
|
||||
ws "^3.3.3"
|
||||
|
||||
chromedriver@2.42.1:
|
||||
version "2.42.1"
|
||||
|
|
@ -3545,10 +3545,10 @@ commander@2, commander@^2.12.1, commander@^2.9.0:
|
|||
resolved "https://registry.yarnpkg.com/commander/-/commander-2.15.1.tgz#df46e867d0fc2aec66a34662b406a9ccafff5b0f"
|
||||
integrity sha512-VlfT9F3V0v+jr4yxPc5gg9s62/fIVWsd2Bk2iD435um1NlGMYdVCq+MjcXnhYq2icNOizHr1kK+5TI6H0Hy0ag==
|
||||
|
||||
commander@2.1.x:
|
||||
version "2.1.0"
|
||||
resolved "https://registry.yarnpkg.com/commander/-/commander-2.1.0.tgz#d121bbae860d9992a3d517ba96f56588e47c6781"
|
||||
integrity sha1-0SG7roYNmZKj1Re6lvVliOR8Z4E=
|
||||
commander@2.11.x:
|
||||
version "2.11.0"
|
||||
resolved "https://registry.yarnpkg.com/commander/-/commander-2.11.0.tgz#157152fd1e7a6c8d98a5b715cf376df928004563"
|
||||
integrity sha512-b0553uYA5YAEGgyYIGYROzKQ7X5RAqedkfjiZxwi0kL1g3bOaBNNZfYkzt/CL0umgD5wc9Jec2FbB98CjkMRvQ==
|
||||
|
||||
commander@2.8.1, commander@2.8.x, commander@~2.8.1:
|
||||
version "2.8.1"
|
||||
|
|
@ -3787,7 +3787,7 @@ convert-source-map@1.X, convert-source-map@^1.1.0, convert-source-map@^1.4.0, co
|
|||
resolved "https://registry.yarnpkg.com/convert-source-map/-/convert-source-map-1.5.1.tgz#b8278097b9bc229365de5c62cf5fcaed8b5599e5"
|
||||
integrity sha1-uCeAl7m8IpNl3lxiz1/K7YtVmeU=
|
||||
|
||||
cookie@0.3.1:
|
||||
cookie@0.3.1, cookie@^0.3.1:
|
||||
version "0.3.1"
|
||||
resolved "https://registry.yarnpkg.com/cookie/-/cookie-0.3.1.tgz#e7e0a1f9ef43b4c8ba925c5c5a96e806d16873bb"
|
||||
integrity sha1-5+Ch+e9DtMi6klxcWpboBtFoc7s=
|
||||
|
|
@ -7962,7 +7962,7 @@ ip@1.1.5:
|
|||
resolved "https://registry.yarnpkg.com/ip/-/ip-1.1.5.tgz#bdded70114290828c0a039e72ef25f5aaec4354a"
|
||||
integrity sha1-vd7XARQpCCjAoDnnLvJfWq7ENUo=
|
||||
|
||||
iron@4.x.x:
|
||||
iron@4, iron@4.x.x:
|
||||
version "4.0.5"
|
||||
resolved "https://registry.yarnpkg.com/iron/-/iron-4.0.5.tgz#4f042cceb8b9738f346b59aa734c83a89bc31428"
|
||||
integrity sha1-TwQszri5c480a1mqc0yDqJvDFCg=
|
||||
|
|
@ -17061,11 +17061,13 @@ ws@1.1.2:
|
|||
options ">=0.0.5"
|
||||
ultron "1.0.x"
|
||||
|
||||
ws@2.0.x:
|
||||
version "2.0.3"
|
||||
resolved "https://registry.yarnpkg.com/ws/-/ws-2.0.3.tgz#532fd499c3f7d7d720e543f1f807106cfc57d9cb"
|
||||
integrity sha1-Uy/UmcP319cg5UPx+AcQbPxX2cs=
|
||||
ws@^3.3.3:
|
||||
version "3.3.3"
|
||||
resolved "https://registry.yarnpkg.com/ws/-/ws-3.3.3.tgz#f1cf84fe2d5e901ebce94efaece785f187a228f2"
|
||||
integrity sha512-nnWLa/NwZSt4KQJu51MYlCcSQ5g7INpOrOMt4XV8j4dqTXdmlUmSHQ8/oLC069ckre0fRsgfvsKwbTdtKLCDkA==
|
||||
dependencies:
|
||||
async-limiter "~1.0.0"
|
||||
safe-buffer "~5.1.0"
|
||||
ultron "~1.1.0"
|
||||
|
||||
ws@^4.0.0, ws@^4.1.0:
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue