Skip to content

Commit

Permalink
Skip checking for the reserved realm (#76687)
Browse files Browse the repository at this point in the history
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
  • Loading branch information
legrego and elasticmachine authored Sep 9, 2020
1 parent 9edb8d9 commit 2965f3e
Show file tree
Hide file tree
Showing 6 changed files with 13 additions and 24 deletions.
10 changes: 2 additions & 8 deletions x-pack/test/api_integration/apis/security/basic_login.js
Original file line number Diff line number Diff line change
Expand Up @@ -148,11 +148,8 @@ export default function ({ getService }) {
]);
expect(apiResponse.body.username).to.be(validUsername);
expect(apiResponse.body.authentication_provider).to.eql('__http__');
expect(apiResponse.body.authentication_realm).to.eql({
name: 'reserved',
type: 'reserved',
});
expect(apiResponse.body.authentication_type).to.be('realm');
// Do not assert on the `authentication_realm`, as the value differes for on-prem vs cloud
});

describe('with session cookie', () => {
Expand Down Expand Up @@ -197,11 +194,8 @@ export default function ({ getService }) {
]);
expect(apiResponse.body.username).to.be(validUsername);
expect(apiResponse.body.authentication_provider).to.eql('basic');
expect(apiResponse.body.authentication_realm).to.eql({
name: 'reserved',
type: 'reserved',
});
expect(apiResponse.body.authentication_type).to.be('realm');
// Do not assert on the `authentication_realm`, as the value differes for on-prem vs cloud
});

it('should extend cookie on every successful non-system API call', async () => {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -79,9 +79,9 @@ export default function ({ getService }: FtrProviderContext) {
.expect(200);

expect(user.username).to.eql(username);
expect(user.authentication_realm).to.eql({ name: 'reserved', type: 'reserved' });
expect(user.authentication_provider).to.eql('basic');
expect(user.authentication_type).to.eql('realm');
// Do not assert on the `authentication_realm`, as the value differes for on-prem vs cloud
});

describe('initiating SPNEGO', () => {
Expand Down
19 changes: 7 additions & 12 deletions x-pack/test/login_selector_api_integration/apis/login_selector.ts
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ export default function ({ getService }: FtrProviderContext) {
sessionCookie: Cookie,
username: string,
providerName: string,
authenticationRealm: { name: string; type: string },
authenticationRealm: { name: string; type: string } | null,
authenticationType: string
) {
expect(sessionCookie.key).to.be('sid');
Expand Down Expand Up @@ -67,7 +67,9 @@ export default function ({ getService }: FtrProviderContext) {

expect(apiResponse.body.username).to.be(username);
expect(apiResponse.body.authentication_provider).to.be(providerName);
expect(apiResponse.body.authentication_realm).to.eql(authenticationRealm);
if (authenticationRealm) {
expect(apiResponse.body.authentication_realm).to.eql(authenticationRealm);
}
expect(apiResponse.body.authentication_type).to.be(authenticationType);
}

Expand Down Expand Up @@ -228,16 +230,9 @@ export default function ({ getService }: FtrProviderContext) {
const basicSessionCookie = request.cookie(
basicAuthenticationResponse.headers['set-cookie'][0]
)!;
await checkSessionCookie(
basicSessionCookie,
'elastic',
'basic1',
{
name: 'reserved',
type: 'reserved',
},
'realm'
);
// Skip auth provider check since this comes from the reserved realm,
// which is not available when running on ESS
await checkSessionCookie(basicSessionCookie, 'elastic', 'basic1', null, 'realm');

const authenticationResponse = await supertest
.post('/api/security/saml/callback')
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -43,9 +43,9 @@ export default function ({ getService }: FtrProviderContext) {
.expect(200);

expect(user.username).to.eql(username);
expect(user.authentication_realm).to.eql({ name: 'reserved', type: 'reserved' });
expect(user.authentication_provider).to.eql('basic');
expect(user.authentication_type).to.be('realm');
// Do not assert on the `authentication_realm`, as the value differes for on-prem vs cloud
});

describe('initiating handshake', () => {
Expand Down
2 changes: 1 addition & 1 deletion x-pack/test/pki_api_integration/apis/security/pki_auth.ts
Original file line number Diff line number Diff line change
Expand Up @@ -93,8 +93,8 @@ export default function ({ getService }: FtrProviderContext) {
.expect(200);

expect(user.username).to.eql(username);
expect(user.authentication_realm).to.eql({ name: 'reserved', type: 'reserved' });
expect(user.authentication_provider).to.eql('basic');
// Do not assert on the `authentication_realm`, as the value differes for on-prem vs cloud
});

it('should properly set cookie and authenticate user', async () => {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -93,9 +93,9 @@ export default function ({ getService }: FtrProviderContext) {
.expect(200);

expect(user.username).to.eql(username);
expect(user.authentication_realm).to.eql({ name: 'reserved', type: 'reserved' });
expect(user.authentication_provider).to.eql('basic');
expect(user.authentication_type).to.be('realm');
// Do not assert on the `authentication_realm`, as the value differes for on-prem vs cloud
});

describe('initiating handshake', () => {
Expand Down

0 comments on commit 2965f3e

Please sign in to comment.