[Security/EBT] Skip user_id registration on anonymous pages (#143280)

Co-authored-by: Larry Gregory <lgregorydev@gmail.com>
2025-04-24 17:59:23 -04:00 · 2022-10-13 17:59:09 +02:00 · 2022-10-13 17:59:09 +02:00 · d4d2a77fd5
commit d4d2a77fd5
parent 63a4b2283f
3 changed files with 65 additions and 7 deletions
--- a/x-pack/plugins/security/public/analytics/analytics_service.test.ts
+++ b/x-pack/plugins/security/public/analytics/analytics_service.test.ts
@ -34,9 +34,12 @@ describe('AnalyticsService', () => {
    const authc = authenticationMock.createSetup();
    authc.getCurrentUser.mockResolvedValue(securityMock.createMockAuthenticatedUser());

+    const { analytics, http } = coreMock.createSetup();
+
    analyticsService.setup({
      authc,
-      analytics: coreMock.createSetup().analytics,
+      analytics,
+      http,
      securityLicense: licenseMock.create({ allowLogin: true }),
    });
    analyticsService.start({ http: mockCore.http });
@ -63,9 +66,12 @@ describe('AnalyticsService', () => {
    const authc = authenticationMock.createSetup();
    authc.getCurrentUser.mockResolvedValue(securityMock.createMockAuthenticatedUser());

+    const { analytics, http } = coreMock.createSetup();
+
    analyticsService.setup({
      authc,
-      analytics: coreMock.createSetup().analytics,
+      analytics,
+      http,
      securityLicense: licenseMock.create(licenseFeatures$.asObservable()),
    });
    analyticsService.start({ http: mockCore.http });
@ -116,9 +122,12 @@ describe('AnalyticsService', () => {
    const authc = authenticationMock.createSetup();
    authc.getCurrentUser.mockResolvedValue(securityMock.createMockAuthenticatedUser());

+    const { analytics, http } = coreMock.createSetup();
+
    analyticsService.setup({
      authc,
-      analytics: coreMock.createSetup().analytics,
+      analytics,
+      http,
      securityLicense: licenseMock.create({ allowLogin: true }),
    });
    analyticsService.start({ http: mockCore.http });
@ -141,9 +150,12 @@ describe('AnalyticsService', () => {
    const authc = authenticationMock.createSetup();
    authc.getCurrentUser.mockResolvedValue(securityMock.createMockAuthenticatedUser());

+    const { analytics, http } = coreMock.createSetup();
+
    analyticsService.setup({
      authc,
-      analytics: coreMock.createSetup().analytics,
+      analytics,
+      http,
      securityLicense: licenseMock.create({ allowLogin: false }),
    });
    analyticsService.start({ http: mockCore.http });
@ -167,9 +179,12 @@ describe('AnalyticsService', () => {
    const authc = authenticationMock.createSetup();
    authc.getCurrentUser.mockResolvedValue(securityMock.createMockAuthenticatedUser());

+    const { analytics, http } = coreMock.createSetup();
+
    analyticsService.setup({
      authc,
-      analytics: coreMock.createSetup().analytics,
+      analytics,
+      http,
      securityLicense: licenseMock.create({ allowLogin: true }),
    });
    analyticsService.start({ http: mockCore.http });
@ -185,4 +200,42 @@ describe('AnalyticsService', () => {
      mockCurrentAuthTypeInfo
    );
  });
+
+  it('does not register the analytics context provider if the page is anonymous', () => {
+    const authc = authenticationMock.createSetup();
+    const { analytics, http } = coreMock.createSetup();
+
+    http.anonymousPaths.isAnonymous.mockReturnValue(true);
+
+    analyticsService.setup({
+      authc,
+      analytics,
+      http,
+      securityLicense: licenseMock.create({ allowLogin: false }),
+    });
+
+    expect(analytics.registerContextProvider).not.toHaveBeenCalled();
+  });
+
+  it('registers the user_id analytics context provider if the page is not anonymous', () => {
+    const authc = authenticationMock.createSetup();
+    authc.getCurrentUser.mockResolvedValue(securityMock.createMockAuthenticatedUser());
+
+    const { analytics, http } = coreMock.createSetup();
+
+    http.anonymousPaths.isAnonymous.mockReturnValue(false);
+
+    analyticsService.setup({
+      authc,
+      analytics,
+      http,
+      securityLicense: licenseMock.create({ allowLogin: false }),
+    });
+
+    expect(analytics.registerContextProvider).toHaveBeenCalledWith(
+      expect.objectContaining({
+        name: 'user_id',
+      })
+    );
+  });
 });
--- a/x-pack/plugins/security/public/analytics/analytics_service.ts
+++ b/x-pack/plugins/security/public/analytics/analytics_service.ts
@ -11,6 +11,7 @@ import { throttleTime } from 'rxjs/operators';

 import type {
  AnalyticsServiceSetup as CoreAnalyticsServiceSetup,
+  HttpSetup,
  HttpStart,
 } from '@kbn/core/public';

@ -22,6 +23,7 @@ interface AnalyticsServiceSetupParams {
  securityLicense: SecurityLicense;
  analytics: CoreAnalyticsServiceSetup;
  authc: AuthenticationServiceSetup;
+  http: HttpSetup;
  cloudId?: string;
 }

@ -43,9 +45,11 @@ export class AnalyticsService {
  private securityLicense!: SecurityLicense;
  private securityFeaturesSubscription?: Subscription;

-  public setup({ analytics, authc, cloudId, securityLicense }: AnalyticsServiceSetupParams) {
+  public setup({ analytics, authc, cloudId, http, securityLicense }: AnalyticsServiceSetupParams) {
    this.securityLicense = securityLicense;
-    registerUserContext(analytics, authc, cloudId);
+    if (http.anonymousPaths.isAnonymous(window.location.pathname) === false) {
+      registerUserContext(analytics, authc, cloudId);
+    }
  }

  public start({ http }: AnalyticsServiceStartParams) {
--- a/x-pack/plugins/security/public/plugin.tsx
+++ b/x-pack/plugins/security/public/plugin.tsx
@ -113,6 +113,7 @@ export class SecurityPlugin
      analytics: core.analytics,
      authc: this.authc,
      cloudId: cloud?.cloudId,
+      http: core.http,
      securityLicense: license,
    });