* [security] Token auth provider
From a user perspective, the token provider behaves similarly to the
basic provider in that it can power the native login experience and can
also be used for API calls via the authorization header (albeit with the
Bearer realm).
From a technical perspective, the token provider deals with
authentication via the token service in Elasticsearch, so while it
handles user credentials in the case of login, a temporary, refreshable
access token is stored in the session cookie instead. This means that
when you log out, not only is the cookie invalidated, but the token
itself cannot be reused.
* token provider integration tests
* include token api integration tests by default
* remove unused ProviderOptions from typedef
* assert that valid login sets an authorization header
* unit tests for refresh token and failure cases
* integration tests for headers and sessions
* clean up login/logout tests for consistent setup functions
* test for header rejection scenarios
EUI 5.7.0 had a color refresh which switched around our palette to better match branding guidelines. Hex colors are still hard coded in large parts of Kibana so most of the changes not in kbn/ui-framework are simple shifts to match that styling.
Login is no longer coupled directly to our basic auth provider, so
alternative auth providers can now be used with our standard login flow.
The LoginAttempt request service is the mechanism for auth providers to
integrate with the login flow.
We're using the successfully logged out page with the SAML provider
currently, so redirecting to the /login page is problematic since they
won't be able to login using this url. Instead, we're redirecting them
to '/' so that the auth providers can figure out what to do.
Node 10 uses `null` to denote the non-existence of a querystring
parameter when `url.parse(urlString, true)` is used, the following
changes fix our usages within the security plugin.
In practical terms, the flexibility afforded by providers being able to
recover from the failures of previously configured providers isn't
compelling, but the ambiguity is not ideal.
* feat(NA): upgrade node js version on file configs.
* chore(NA): migrate configs and 3rd party dependencies to work on node js 10.x
* fix(NA): add missing async function declaration.
* chore(NA): updated elastic/good package to work with node10
* chore(NA): update lockfiles.
* fix(NA): add missing dep.
* fix(NA): types for node 10.
* test(NA): fix error return type for node10.
* fix(NA): kbn-pm webpack config to unlazy a require using lazy-cache. fix(NA): build to work with node 10.
* test(NA): jest integration test for kbn-pluin-helpers.
* test(NA): fix jest tests for kbn-es.
* fix(NA): use ostmpdir instead of a tmp folder inside the fixtures.
* fix(NA): change afterEach on kbn es decompress test.
* fix(NA): change afterEach on kbn es decompress test.
* fix(NA): readd mock-fs for the tests that still use it on kbn-es and that works on node10.
* fix(NA): readd mock-fs for the tests that still use it on kbn-es and that works on node10.
* refact(NA): rewrite tests using mock-fs and completely remove this dependency.
* fix(NA): failing test implementation using jest mock in order to replace mock-fs.
* fix(NA): update jest snapshots to match new ones generated one node 10.
* fix(NA): cli/cluster mock to spyOn off method instead off spyOn removeListener as this was changed on Node 10.
* fix(NA): tests for cluster_manager to also spyOn off and on instead of addListener and removeListener
* test(NA): fix management advance settings image field test flow.
* fix(NA): apply missing types for src/core/server/plugins/discovery/plugins_discovery.ts.
* test(NA): updated 2 missing snapshots for KuiCodeEditor on kbn-ui-framework.
* refact(NA): fix eslint errors.
* refact(NA): fix ts code with tslint fix. chore(NA): update jest snapshots.
* chore(NA): migrate kbn config schema peer dependency to last used joi version to avoid warning on bootstrap.
* fix(NA): tslint errors.
* chore(NA): upgrade types node to the last version.
* fix(NA): missing utf8 input format encoding when reading a file.
* chore(NA): upgrade to node 10.14.1
* fix(NA): Buffer api usage to avoid deprecation warnings.
* translate login/logout visualization component part 2
* Update login translation part 2 - change FormattedMessage to intl.formatMessage
* change some ids
* update Infra Ops Part 2 - directly wrap some classes by injectI18n()
* update one snapshot
* update one snapshot
* update tests
* update collapsible_panel.test.tsx
* update one snapshot
* update one test
* change some code
* update one snapshot
* update roles.html
* Fix unit tests
* Fix message
* Translate Spaces component
* fix one little error
* update Spaces component
* update translation of Spaces components
* Update snapshots
* update Space translation - intl type
* update Space translation - remove view/views id namespace
* rename ids
* use testing helper functions instead of shallow, render, mount from enzyme
* fix unit tests
* fix ts path for enzyme test helpers
* fix path to enzyme helpers test functions
* Update snapshots
* fix path to enzyme test helpers
* Remove unused dependency.
* Adding very basic place for the logged out page
* Redirecting to logged_out when we aren't using SLO
* Basing styles on the login styles
* Fixing linting errors
* Responding to PR feedback
* Fixing issue with the basepath and the login link
* Adding proper i18n prefix
* Updating unit tests
* Revert "Reporting cookies (#24177)"
This reverts commit 9f4ec18000.
* Take 2
* Adding comment
* Better escaping and encoding for use in eval
* Checking for an empty string also
* Fixing session test
* Making it easier and more terse to specify the user for a test
* Using ES list privileges API to determine the authorization mode
This let's us correct use RBAC authorization for the proper users when
security is enabled, and spaces is disabled to detect whether they have
privileges of any kind and if so use RBAC.
* Fixing authorization service test
* Fixing tests referencing wrong expects
* Putting create test back
* Update x-pack/plugins/security/server/lib/authorization/mode.js
* Update x-pack/plugins/security/server/lib/authorization/mode.js
