Skip to content

Commit

Permalink
feat: improve isAnonymousPage, add error log in isReadonly
Browse files Browse the repository at this point in the history
Signed-off-by: Kajetan Nobel <[email protected]>
  • Loading branch information
kajetan-nobel committed Oct 31, 2023
1 parent 798ca64 commit e70efb5
Show file tree
Hide file tree
Showing 3 changed files with 19 additions and 10 deletions.
13 changes: 13 additions & 0 deletions common/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,19 @@ export const OPENID_AUTH_LOGOUT = '/auth/openid/logout';
export const SAML_AUTH_LOGOUT = '/auth/saml/logout';
export const ANONYMOUS_AUTH_LOGOUT = '/auth/anonymous/logout';

export const ANONYMOUS_ROUTES = [
LOGIN_PAGE_URI,
CUSTOM_ERROR_PAGE_URI,
API_AUTH_LOGIN,
API_AUTH_LOGOUT,
OPENID_AUTH_LOGIN,
ANONYMOUS_AUTH_LOGIN,
OPENID_AUTH_LOGOUT,
SAML_AUTH_LOGOUT,
ANONYMOUS_AUTH_LOGOUT,
SAML_AUTH_LOGIN,
];

export const ERROR_MISSING_ROLE_PATH = '/missing-role';
export const AUTH_HEADER_NAME = 'authorization';
export const AUTH_GRANT_TYPE = 'authorization_code';
Expand Down
2 changes: 1 addition & 1 deletion server/readonly/readonly_service.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -114,7 +114,7 @@ describe('checks isAnonymousPage', () => {
[
{
headers: {
referer: 'https://localhost/login',
referer: 'https://localhost/app/login',
},
},
true,
Expand Down
14 changes: 5 additions & 9 deletions server/readonly/readonly_service.ts
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ import {
OpenSearchDashboardsRequest,
SessionStorageFactory,
} from '../../../../src/core/server';
import { globalTenantName, isPrivateTenant } from '../../common';
import { globalTenantName, isPrivateTenant, ANONYMOUS_ROUTES } from '../../common';
import { SecurityClient } from '../backend/opensearch_security_client';
import { IAuthenticationType, OpenSearchAuthInfo } from '../auth/types/authentication_type';
import { SecuritySessionCookie } from '../session/security_cookie';
Expand Down Expand Up @@ -53,13 +53,8 @@ export class ReadonlyService extends BaseReadonlyService {
return false;
}

try {
const url = new URL(request.headers.referer as string);
const pathsToIgnore = ['login', 'logout', 'customerror'];
return pathsToIgnore.includes(url.pathname?.split('/').pop() || '');
} catch (error: any) {
this.logger.error(`Could not parse the referer for the capabilites: ${error.stack}`);
}
const url = new URL(request.headers.referer as string);
return ANONYMOUS_ROUTES.some((path) => url.pathname?.includes(path));
}

isReadOnlyTenant(authInfo: OpenSearchAuthInfo): boolean {
Expand All @@ -70,7 +65,7 @@ export class ReadonlyService extends BaseReadonlyService {
return false;
}

let readWriteAccess = authInfo.tenants[currentTenant];
const readWriteAccess = authInfo.tenants[currentTenant];
return !readWriteAccess;
}

Expand Down Expand Up @@ -100,6 +95,7 @@ export class ReadonlyService extends BaseReadonlyService {

return authInfo && this.isReadOnlyTenant(authInfo);
} catch (error: any) {
this.logger.error(`Failed to resolve if it's a readonly tenant: ${error.stack}`);
return false;
}
}
Expand Down

0 comments on commit e70efb5

Please sign in to comment.