From 7d2c4d4d09fd9c9ec4b03d643d710c2147ef92a8 Mon Sep 17 00:00:00 2001 From: Pierre Gayvallet Date: Wed, 10 Mar 2021 20:21:39 +0100 Subject: [PATCH] remove `try` auth mode (#94287) * remove `try` auth mode * update generated doc * update generated doc * adapt integration test --- api_docs/actions.json | 104 +++++++++--------- api_docs/core.json | 80 +++++++------- api_docs/core_http.json | 24 ++-- api_docs/lists.json | 78 ++++++++++++- api_docs/lists.mdx | 3 + api_docs/vis_type_timeseries.json | 20 +--- .../kibana-plugin-core-server.authtoolkit.md | 2 +- ...ugin-core-server.authtoolkit.nothandled.md | 2 +- ...-server.routeconfigoptions.authrequired.md | 4 +- ...a-plugin-core-server.routeconfigoptions.md | 2 +- src/core/server/http/http_server.ts | 7 +- .../integration_tests/core_services.test.ts | 31 ------ .../http/integration_tests/http_auth.test.ts | 53 +-------- .../http/integration_tests/router.test.ts | 19 +++- src/core/server/http/lifecycle/auth.ts | 2 +- src/core/server/http/router/route.ts | 6 +- .../bootstrap/register_bootstrap_route.ts | 2 +- src/core/server/server.api.md | 2 +- 18 files changed, 219 insertions(+), 222 deletions(-) diff --git a/api_docs/actions.json b/api_docs/actions.json index fb9bafd6def94..ec2bd86581f32 100644 --- a/api_docs/actions.json +++ b/api_docs/actions.json @@ -127,7 +127,7 @@ "description": [], "source": { "path": "x-pack/plugins/actions/server/types.ts", - "lineNumber": 70 + "lineNumber": 63 } }, { @@ -138,7 +138,7 @@ "description": [], "source": { "path": "x-pack/plugins/actions/server/types.ts", - "lineNumber": 71 + "lineNumber": 64 } }, { @@ -149,7 +149,7 @@ "description": [], "source": { "path": "x-pack/plugins/actions/server/types.ts", - "lineNumber": 72 + "lineNumber": 65 } }, { @@ -160,7 +160,7 @@ "description": [], "source": { "path": "x-pack/plugins/actions/server/types.ts", - "lineNumber": 73 + "lineNumber": 66 }, "signature": [ "Config | undefined" @@ -174,13 +174,13 @@ "description": [], "source": { "path": "x-pack/plugins/actions/server/types.ts", - "lineNumber": 74 + "lineNumber": 67 } } ], "source": { "path": "x-pack/plugins/actions/server/types.ts", - "lineNumber": 69 + "lineNumber": 62 }, "initialIsOpen": false }, @@ -199,7 +199,7 @@ "description": [], "source": { "path": "x-pack/plugins/actions/server/types.ts", - "lineNumber": 47 + "lineNumber": 40 }, "signature": [ "() => ", @@ -220,7 +220,7 @@ "description": [], "source": { "path": "x-pack/plugins/actions/server/types.ts", - "lineNumber": 48 + "lineNumber": 41 }, "signature": [ "() => ", @@ -237,7 +237,7 @@ ], "source": { "path": "x-pack/plugins/actions/server/types.ts", - "lineNumber": 46 + "lineNumber": 39 }, "initialIsOpen": false }, @@ -256,7 +256,7 @@ "description": [], "source": { "path": "x-pack/plugins/actions/server/types.ts", - "lineNumber": 56 + "lineNumber": 49 }, "signature": [ { @@ -276,7 +276,7 @@ "description": [], "source": { "path": "x-pack/plugins/actions/server/types.ts", - "lineNumber": 57 + "lineNumber": 50 }, "signature": [ { @@ -291,7 +291,7 @@ ], "source": { "path": "x-pack/plugins/actions/server/types.ts", - "lineNumber": 55 + "lineNumber": 48 }, "initialIsOpen": false }, @@ -320,7 +320,7 @@ "description": [], "source": { "path": "x-pack/plugins/actions/server/types.ts", - "lineNumber": 108 + "lineNumber": 101 } }, { @@ -331,7 +331,7 @@ "description": [], "source": { "path": "x-pack/plugins/actions/server/types.ts", - "lineNumber": 109 + "lineNumber": 102 } }, { @@ -342,7 +342,7 @@ "description": [], "source": { "path": "x-pack/plugins/actions/server/types.ts", - "lineNumber": 110 + "lineNumber": 103 }, "signature": [ "number | undefined" @@ -356,7 +356,7 @@ "description": [], "source": { "path": "x-pack/plugins/actions/server/types.ts", - "lineNumber": 111 + "lineNumber": 104 }, "signature": [ "\"basic\" | \"standard\" | \"gold\" | \"platinum\" | \"enterprise\" | \"trial\"" @@ -370,7 +370,7 @@ "description": [], "source": { "path": "x-pack/plugins/actions/server/types.ts", - "lineNumber": 112 + "lineNumber": 105 }, "signature": [ "{ params?: ValidatorType | undefined; config?: ValidatorType | undefined; secrets?: ValidatorType | undefined; } | undefined" @@ -395,7 +395,7 @@ "description": [], "source": { "path": "x-pack/plugins/actions/server/types.ts", - "lineNumber": 117 + "lineNumber": 110 } }, { @@ -408,7 +408,7 @@ "description": [], "source": { "path": "x-pack/plugins/actions/server/types.ts", - "lineNumber": 117 + "lineNumber": 110 } } ], @@ -416,7 +416,7 @@ "returnComment": [], "source": { "path": "x-pack/plugins/actions/server/types.ts", - "lineNumber": 117 + "lineNumber": 110 } }, { @@ -427,7 +427,7 @@ "description": [], "source": { "path": "x-pack/plugins/actions/server/types.ts", - "lineNumber": 118 + "lineNumber": 111 }, "signature": [ { @@ -443,7 +443,7 @@ ], "source": { "path": "x-pack/plugins/actions/server/types.ts", - "lineNumber": 102 + "lineNumber": 95 }, "initialIsOpen": false }, @@ -472,7 +472,7 @@ "description": [], "source": { "path": "x-pack/plugins/actions/server/types.ts", - "lineNumber": 62 + "lineNumber": 55 } }, { @@ -483,7 +483,7 @@ "description": [], "source": { "path": "x-pack/plugins/actions/server/types.ts", - "lineNumber": 63 + "lineNumber": 56 }, "signature": [ { @@ -503,7 +503,7 @@ "description": [], "source": { "path": "x-pack/plugins/actions/server/types.ts", - "lineNumber": 64 + "lineNumber": 57 }, "signature": [ "Config" @@ -517,7 +517,7 @@ "description": [], "source": { "path": "x-pack/plugins/actions/server/types.ts", - "lineNumber": 65 + "lineNumber": 58 }, "signature": [ "Secrets" @@ -531,7 +531,7 @@ "description": [], "source": { "path": "x-pack/plugins/actions/server/types.ts", - "lineNumber": 66 + "lineNumber": 59 }, "signature": [ "Params" @@ -540,7 +540,7 @@ ], "source": { "path": "x-pack/plugins/actions/server/types.ts", - "lineNumber": 61 + "lineNumber": 54 }, "initialIsOpen": false }, @@ -577,7 +577,7 @@ "description": [], "source": { "path": "x-pack/plugins/actions/server/types.ts", - "lineNumber": 81 + "lineNumber": 74 }, "signature": [ "Secrets" @@ -586,7 +586,7 @@ ], "source": { "path": "x-pack/plugins/actions/server/types.ts", - "lineNumber": 77 + "lineNumber": 70 }, "initialIsOpen": false } @@ -1008,7 +1008,7 @@ "description": [], "source": { "path": "x-pack/plugins/actions/server/plugin.ts", - "lineNumber": 86 + "lineNumber": 85 } } ], @@ -1016,13 +1016,13 @@ "returnComment": [], "source": { "path": "x-pack/plugins/actions/server/plugin.ts", - "lineNumber": 80 + "lineNumber": 79 } } ], "source": { "path": "x-pack/plugins/actions/server/plugin.ts", - "lineNumber": 79 + "lineNumber": 78 }, "lifecycle": "setup", "initialIsOpen": true @@ -1053,7 +1053,7 @@ "description": [], "source": { "path": "x-pack/plugins/actions/server/plugin.ts", - "lineNumber": 91 + "lineNumber": 90 } }, { @@ -1071,13 +1071,13 @@ "description": [], "source": { "path": "x-pack/plugins/actions/server/plugin.ts", - "lineNumber": 91 + "lineNumber": 90 } } ], "source": { "path": "x-pack/plugins/actions/server/plugin.ts", - "lineNumber": 91 + "lineNumber": 90 } } ], @@ -1085,7 +1085,7 @@ "returnComment": [], "source": { "path": "x-pack/plugins/actions/server/plugin.ts", - "lineNumber": 91 + "lineNumber": 90 } }, { @@ -1107,7 +1107,7 @@ "description": [], "source": { "path": "x-pack/plugins/actions/server/plugin.ts", - "lineNumber": 93 + "lineNumber": 92 } }, { @@ -1120,7 +1120,7 @@ "description": [], "source": { "path": "x-pack/plugins/actions/server/plugin.ts", - "lineNumber": 94 + "lineNumber": 93 } }, { @@ -1138,13 +1138,13 @@ "description": [], "source": { "path": "x-pack/plugins/actions/server/plugin.ts", - "lineNumber": 95 + "lineNumber": 94 } } ], "source": { "path": "x-pack/plugins/actions/server/plugin.ts", - "lineNumber": 95 + "lineNumber": 94 } } ], @@ -1152,7 +1152,7 @@ "returnComment": [], "source": { "path": "x-pack/plugins/actions/server/plugin.ts", - "lineNumber": 92 + "lineNumber": 91 } }, { @@ -1197,7 +1197,7 @@ "description": [], "source": { "path": "x-pack/plugins/actions/server/plugin.ts", - "lineNumber": 97 + "lineNumber": 96 } } ], @@ -1205,7 +1205,7 @@ "returnComment": [], "source": { "path": "x-pack/plugins/actions/server/plugin.ts", - "lineNumber": 97 + "lineNumber": 96 } }, { @@ -1250,7 +1250,7 @@ "description": [], "source": { "path": "x-pack/plugins/actions/server/plugin.ts", - "lineNumber": 98 + "lineNumber": 97 } } ], @@ -1258,7 +1258,7 @@ "returnComment": [], "source": { "path": "x-pack/plugins/actions/server/plugin.ts", - "lineNumber": 98 + "lineNumber": 97 } }, { @@ -1269,7 +1269,7 @@ "description": [], "source": { "path": "x-pack/plugins/actions/server/plugin.ts", - "lineNumber": 99 + "lineNumber": 98 }, "signature": [ { @@ -1301,7 +1301,7 @@ "description": [], "source": { "path": "x-pack/plugins/actions/server/plugin.ts", - "lineNumber": 101 + "lineNumber": 100 } }, { @@ -1314,7 +1314,7 @@ "description": [], "source": { "path": "x-pack/plugins/actions/server/plugin.ts", - "lineNumber": 102 + "lineNumber": 101 } }, { @@ -1327,7 +1327,7 @@ "description": [], "source": { "path": "x-pack/plugins/actions/server/plugin.ts", - "lineNumber": 103 + "lineNumber": 102 } } ], @@ -1335,13 +1335,13 @@ "returnComment": [], "source": { "path": "x-pack/plugins/actions/server/plugin.ts", - "lineNumber": 100 + "lineNumber": 99 } } ], "source": { "path": "x-pack/plugins/actions/server/plugin.ts", - "lineNumber": 90 + "lineNumber": 89 }, "lifecycle": "start", "initialIsOpen": true diff --git a/api_docs/core.json b/api_docs/core.json index 5446492e0e863..ba8f27d50d13c 100644 --- a/api_docs/core.json +++ b/api_docs/core.json @@ -6622,14 +6622,6 @@ "label": "asScoped", "signature": [ "(request?: ", - { - "pluginId": "core", - "scope": "server", - "docId": "kibCorePluginApi", - "section": "def-server.FakeRequest", - "text": "FakeRequest" - }, - " | ", { "pluginId": "core", "scope": "server", @@ -6645,6 +6637,14 @@ "section": "def-server.LegacyRequest", "text": "LegacyRequest" }, + " | ", + { + "pluginId": "core", + "scope": "server", + "docId": "kibCorePluginApi", + "section": "def-server.FakeRequest", + "text": "FakeRequest" + }, " | undefined) => Pick<", { "pluginId": "core", @@ -6664,14 +6664,6 @@ "label": "request", "isRequired": false, "signature": [ - { - "pluginId": "core", - "scope": "server", - "docId": "kibCorePluginApi", - "section": "def-server.FakeRequest", - "text": "FakeRequest" - }, - " | ", { "pluginId": "core", "scope": "server", @@ -6687,6 +6679,14 @@ "section": "def-server.LegacyRequest", "text": "LegacyRequest" }, + " | ", + { + "pluginId": "core", + "scope": "server", + "docId": "kibCorePluginApi", + "section": "def-server.FakeRequest", + "text": "FakeRequest" + }, " | undefined" ], "description": [ @@ -16174,14 +16174,6 @@ }, "signature": [ "{ callAsInternalUser: LegacyAPICaller; asScoped: (request?: ", - { - "pluginId": "core", - "scope": "server", - "docId": "kibCorePluginApi", - "section": "def-server.FakeRequest", - "text": "FakeRequest" - }, - " | ", { "pluginId": "core", "scope": "server", @@ -16197,6 +16189,14 @@ "section": "def-server.LegacyRequest", "text": "LegacyRequest" }, + " | ", + { + "pluginId": "core", + "scope": "server", + "docId": "kibCorePluginApi", + "section": "def-server.FakeRequest", + "text": "FakeRequest" + }, " | undefined) => Pick; }" ], "initialIsOpen": false @@ -16218,14 +16218,6 @@ }, "signature": [ "{ close: () => void; callAsInternalUser: LegacyAPICaller; asScoped: (request?: ", - { - "pluginId": "core", - "scope": "server", - "docId": "kibCorePluginApi", - "section": "def-server.FakeRequest", - "text": "FakeRequest" - }, - " | ", { "pluginId": "core", "scope": "server", @@ -16241,6 +16233,14 @@ "section": "def-server.LegacyRequest", "text": "LegacyRequest" }, + " | ", + { + "pluginId": "core", + "scope": "server", + "docId": "kibCorePluginApi", + "section": "def-server.FakeRequest", + "text": "FakeRequest" + }, " | undefined) => Pick; }" ], "initialIsOpen": false @@ -16533,14 +16533,6 @@ "lineNumber": 192 }, "signature": [ - { - "pluginId": "core", - "scope": "server", - "docId": "kibCorePluginApi", - "section": "def-server.FakeRequest", - "text": "FakeRequest" - }, - " | ", { "pluginId": "core", "scope": "server", @@ -16555,6 +16547,14 @@ "docId": "kibCoreHttpPluginApi", "section": "def-server.LegacyRequest", "text": "LegacyRequest" + }, + " | ", + { + "pluginId": "core", + "scope": "server", + "docId": "kibCorePluginApi", + "section": "def-server.FakeRequest", + "text": "FakeRequest" } ], "initialIsOpen": false diff --git a/api_docs/core_http.json b/api_docs/core_http.json index c4a5bdd464c98..8053550cc0e80 100644 --- a/api_docs/core_http.json +++ b/api_docs/core_http.json @@ -2887,7 +2887,7 @@ "type": "Function", "label": "notHandled", "description": [ - "\nUser has no credentials.\nAllows user to access a resource when authRequired is 'optional' or 'try'\nRejects a request when authRequired: true" + "\nUser has no credentials.\nAllows user to access a resource when authRequired is 'optional'\nRejects a request when authRequired: true" ], "source": { "path": "src/core/server/http/lifecycle/auth.ts", @@ -4648,7 +4648,7 @@ ], "source": { "path": "src/core/server/http/router/route.ts", - "lineNumber": 173 + "lineNumber": 171 } }, { @@ -4661,7 +4661,7 @@ ], "source": { "path": "src/core/server/http/router/route.ts", - "lineNumber": 231 + "lineNumber": 229 }, "signature": [ "false | ", @@ -4685,7 +4685,7 @@ ], "source": { "path": "src/core/server/http/router/route.ts", - "lineNumber": 236 + "lineNumber": 234 }, "signature": [ { @@ -4701,7 +4701,7 @@ ], "source": { "path": "src/core/server/http/router/route.ts", - "lineNumber": 159 + "lineNumber": 157 }, "initialIsOpen": false }, @@ -4732,14 +4732,14 @@ "type": "CompoundType", "label": "authRequired", "description": [ - "\nDefines authentication mode for a route:\n- true. A user has to have valid credentials to access a resource\n- false. A user can access a resource without any credentials.\n- 'optional'. A user can access a resource if has valid credentials or no credentials at all.\n Can be useful when we grant access to a resource but want to identify a user if possible.\n- 'try'. A user can access a resource with valid, invalid or without any credentials.\n Users with valid credentials will be authenticated\n\nDefaults to `true` if an auth mechanism is registered." + "\nDefines authentication mode for a route:\n- true. A user has to have valid credentials to access a resource\n- false. A user can access a resource without any credentials.\n- 'optional'. A user can access a resource, and will be authenticated if provided credentials are valid.\n Can be useful when we grant access to a resource but want to identify a user if possible.\n\nDefaults to `true` if an auth mechanism is registered." ], "source": { "path": "src/core/server/http/router/route.ts", - "lineNumber": 118 + "lineNumber": 116 }, "signature": [ - "boolean | \"optional\" | \"try\" | undefined" + "boolean | \"optional\" | undefined" ] }, { @@ -4752,7 +4752,7 @@ ], "source": { "path": "src/core/server/http/router/route.ts", - "lineNumber": 127 + "lineNumber": 125 }, "signature": [ "(Method extends \"get\" ? never : boolean) | undefined" @@ -4768,7 +4768,7 @@ ], "source": { "path": "src/core/server/http/router/route.ts", - "lineNumber": 132 + "lineNumber": 130 }, "signature": [ "readonly string[] | undefined" @@ -4784,7 +4784,7 @@ ], "source": { "path": "src/core/server/http/router/route.ts", - "lineNumber": 137 + "lineNumber": 135 }, "signature": [ "(Method extends ", @@ -4816,7 +4816,7 @@ ], "source": { "path": "src/core/server/http/router/route.ts", - "lineNumber": 142 + "lineNumber": 140 }, "signature": [ "{ payload?: (Method extends ", diff --git a/api_docs/lists.json b/api_docs/lists.json index 077ea74fdff28..8c6639e0ac85e 100644 --- a/api_docs/lists.json +++ b/api_docs/lists.json @@ -3706,7 +3706,83 @@ }, "common": { "classes": [], - "functions": [], + "functions": [ + { + "id": "def-common.buildExceptionFilter", + "type": "Function", + "children": [ + { + "id": "def-common.buildExceptionFilter.{\n- lists,\n excludeExceptions,\n chunkSize,\n}", + "type": "Object", + "label": "{\n lists,\n excludeExceptions,\n chunkSize,\n}", + "tags": [], + "description": [], + "children": [ + { + "tags": [], + "id": "def-common.buildExceptionFilter.{\n- lists,\n excludeExceptions,\n chunkSize,\n}.lists", + "type": "Array", + "label": "lists", + "description": [], + "source": { + "path": "x-pack/plugins/lists/common/exceptions/build_exceptions_filter.ts", + "lineNumber": 74 + }, + "signature": [ + "(({ description: string; entries: ({ field: string; operator: \"excluded\" | \"included\"; type: \"match\"; value: string; } | { field: string; operator: \"excluded\" | \"included\"; type: \"match_any\"; value: string[]; } | { field: string; list: { id: string; type: \"boolean\" | \"date\" | \"text\" | \"keyword\" | \"ip\" | \"long\" | \"double\" | \"date_nanos\" | \"geo_point\" | \"geo_shape\" | \"short\" | \"binary\" | \"date_range\" | \"ip_range\" | \"shape\" | \"integer\" | \"byte\" | \"float\" | \"double_range\" | \"float_range\" | \"half_float\" | \"integer_range\" | \"long_range\"; }; operator: \"excluded\" | \"included\"; type: \"list\"; } | { field: string; operator: \"excluded\" | \"included\"; type: \"exists\"; } | { entries: ({ field: string; operator: \"excluded\" | \"included\"; type: \"match\"; value: string; } | { field: string; operator: \"excluded\" | \"included\"; type: \"match_any\"; value: string[]; } | { field: string; operator: \"excluded\" | \"included\"; type: \"exists\"; })[]; field: string; type: \"nested\"; })[]; list_id: string; name: string; type: \"simple\"; } & { comments?: { comment: string; }[] | undefined; item_id?: string | undefined; meta?: object | undefined; namespace_type?: \"single\" | \"agnostic\" | undefined; os_types?: (\"windows\" | \"linux\" | \"macos\")[] | undefined; tags?: string[] | undefined; }) | { _version: string | undefined; comments: ({ comment: string; created_at: string; created_by: string; id: string; } & { updated_at?: string | undefined; updated_by?: string | undefined; })[]; created_at: string; created_by: string; description: string; entries: ({ field: string; operator: \"excluded\" | \"included\"; type: \"match\"; value: string; } | { field: string; operator: \"excluded\" | \"included\"; type: \"match_any\"; value: string[]; } | { field: string; list: { id: string; type: \"boolean\" | \"date\" | \"text\" | \"keyword\" | \"ip\" | \"long\" | \"double\" | \"date_nanos\" | \"geo_point\" | \"geo_shape\" | \"short\" | \"binary\" | \"date_range\" | \"ip_range\" | \"shape\" | \"integer\" | \"byte\" | \"float\" | \"double_range\" | \"float_range\" | \"half_float\" | \"integer_range\" | \"long_range\"; }; operator: \"excluded\" | \"included\"; type: \"list\"; } | { field: string; operator: \"excluded\" | \"included\"; type: \"exists\"; } | { entries: ({ field: string; operator: \"excluded\" | \"included\"; type: \"match\"; value: string; } | { field: string; operator: \"excluded\" | \"included\"; type: \"match_any\"; value: string[]; } | { field: string; operator: \"excluded\" | \"included\"; type: \"exists\"; })[]; field: string; type: \"nested\"; })[]; id: string; item_id: string; list_id: string; meta: object | undefined; name: string; namespace_type: \"single\" | \"agnostic\"; os_types: (\"windows\" | \"linux\" | \"macos\")[]; tags: string[]; tie_breaker_id: string; type: \"simple\"; updated_at: string; updated_by: string; })[]" + ] + }, + { + "tags": [], + "id": "def-common.buildExceptionFilter.{\n- lists,\n excludeExceptions,\n chunkSize,\n}.excludeExceptions", + "type": "boolean", + "label": "excludeExceptions", + "description": [], + "source": { + "path": "x-pack/plugins/lists/common/exceptions/build_exceptions_filter.ts", + "lineNumber": 75 + } + }, + { + "tags": [], + "id": "def-common.buildExceptionFilter.{\n- lists,\n excludeExceptions,\n chunkSize,\n}.chunkSize", + "type": "number", + "label": "chunkSize", + "description": [], + "source": { + "path": "x-pack/plugins/lists/common/exceptions/build_exceptions_filter.ts", + "lineNumber": 76 + } + } + ], + "source": { + "path": "x-pack/plugins/lists/common/exceptions/build_exceptions_filter.ts", + "lineNumber": 73 + } + } + ], + "signature": [ + "({ lists, excludeExceptions, chunkSize, }: { lists: (({ description: string; entries: ({ field: string; operator: \"excluded\" | \"included\"; type: \"match\"; value: string; } | { field: string; operator: \"excluded\" | \"included\"; type: \"match_any\"; value: string[]; } | { field: string; list: { id: string; type: \"boolean\" | \"date\" | \"text\" | \"keyword\" | \"ip\" | \"long\" | \"double\" | \"date_nanos\" | \"geo_point\" | \"geo_shape\" | \"short\" | \"binary\" | \"date_range\" | \"ip_range\" | \"shape\" | \"integer\" | \"byte\" | \"float\" | \"double_range\" | \"float_range\" | \"half_float\" | \"integer_range\" | \"long_range\"; }; operator: \"excluded\" | \"included\"; type: \"list\"; } | { field: string; operator: \"excluded\" | \"included\"; type: \"exists\"; } | { entries: ({ field: string; operator: \"excluded\" | \"included\"; type: \"match\"; value: string; } | { field: string; operator: \"excluded\" | \"included\"; type: \"match_any\"; value: string[]; } | { field: string; operator: \"excluded\" | \"included\"; type: \"exists\"; })[]; field: string; type: \"nested\"; })[]; list_id: string; name: string; type: \"simple\"; } & { comments?: { comment: string; }[] | undefined; item_id?: string | undefined; meta?: object | undefined; namespace_type?: \"single\" | \"agnostic\" | undefined; os_types?: (\"windows\" | \"linux\" | \"macos\")[] | undefined; tags?: string[] | undefined; }) | { _version: string | undefined; comments: ({ comment: string; created_at: string; created_by: string; id: string; } & { updated_at?: string | undefined; updated_by?: string | undefined; })[]; created_at: string; created_by: string; description: string; entries: ({ field: string; operator: \"excluded\" | \"included\"; type: \"match\"; value: string; } | { field: string; operator: \"excluded\" | \"included\"; type: \"match_any\"; value: string[]; } | { field: string; list: { id: string; type: \"boolean\" | \"date\" | \"text\" | \"keyword\" | \"ip\" | \"long\" | \"double\" | \"date_nanos\" | \"geo_point\" | \"geo_shape\" | \"short\" | \"binary\" | \"date_range\" | \"ip_range\" | \"shape\" | \"integer\" | \"byte\" | \"float\" | \"double_range\" | \"float_range\" | \"half_float\" | \"integer_range\" | \"long_range\"; }; operator: \"excluded\" | \"included\"; type: \"list\"; } | { field: string; operator: \"excluded\" | \"included\"; type: \"exists\"; } | { entries: ({ field: string; operator: \"excluded\" | \"included\"; type: \"match\"; value: string; } | { field: string; operator: \"excluded\" | \"included\"; type: \"match_any\"; value: string[]; } | { field: string; operator: \"excluded\" | \"included\"; type: \"exists\"; })[]; field: string; type: \"nested\"; })[]; id: string; item_id: string; list_id: string; meta: object | undefined; name: string; namespace_type: \"single\" | \"agnostic\"; os_types: (\"windows\" | \"linux\" | \"macos\")[]; tags: string[]; tie_breaker_id: string; type: \"simple\"; updated_at: string; updated_by: string; })[]; excludeExceptions: boolean; chunkSize: number; }) => ", + { + "pluginId": "data", + "scope": "common", + "docId": "kibDataPluginApi", + "section": "def-common.Filter", + "text": "Filter" + }, + " | undefined" + ], + "description": [], + "label": "buildExceptionFilter", + "source": { + "path": "x-pack/plugins/lists/common/exceptions/build_exceptions_filter.ts", + "lineNumber": 69 + }, + "tags": [], + "returnComment": [], + "initialIsOpen": false + } + ], "interfaces": [], "enums": [ { diff --git a/api_docs/lists.mdx b/api_docs/lists.mdx index 8e4a8efb7c24e..5d5f771548355 100644 --- a/api_docs/lists.mdx +++ b/api_docs/lists.mdx @@ -41,6 +41,9 @@ import listsObj from './lists.json'; ### Objects +### Functions + + ### Enums diff --git a/api_docs/vis_type_timeseries.json b/api_docs/vis_type_timeseries.json index 657e9a560060e..907ced500294a 100644 --- a/api_docs/vis_type_timeseries.json +++ b/api_docs/vis_type_timeseries.json @@ -30,7 +30,7 @@ "description": [], "source": { "path": "src/plugins/vis_type_timeseries/server/plugin.ts", - "lineNumber": 48 + "lineNumber": 53 }, "signature": [ "(requestContext: ", @@ -45,19 +45,11 @@ { "pluginId": "core", "scope": "server", - "docId": "kibCorePluginApi", - "section": "def-server.FakeRequest", - "text": "FakeRequest" + "docId": "kibCoreHttpPluginApi", + "section": "def-server.KibanaRequest", + "text": "KibanaRequest" }, - ", options: ", - { - "pluginId": "visTypeTimeseries", - "scope": "server", - "docId": "kibVisTypeTimeseriesPluginApi", - "section": "def-server.GetVisDataOptions", - "text": "GetVisDataOptions" - }, - ") => Promise<", + ", options: any) => Promise<", { "pluginId": "visTypeTimeseries", "scope": "common", @@ -71,7 +63,7 @@ ], "source": { "path": "src/plugins/vis_type_timeseries/server/plugin.ts", - "lineNumber": 47 + "lineNumber": 52 }, "lifecycle": "setup", "initialIsOpen": true diff --git a/docs/development/core/server/kibana-plugin-core-server.authtoolkit.md b/docs/development/core/server/kibana-plugin-core-server.authtoolkit.md index 0f0b070dbe87e..5f8b98ab2e894 100644 --- a/docs/development/core/server/kibana-plugin-core-server.authtoolkit.md +++ b/docs/development/core/server/kibana-plugin-core-server.authtoolkit.md @@ -17,6 +17,6 @@ export interface AuthToolkit | Property | Type | Description | | --- | --- | --- | | [authenticated](./kibana-plugin-core-server.authtoolkit.authenticated.md) | (data?: AuthResultParams) => AuthResult | Authentication is successful with given credentials, allow request to pass through | -| [notHandled](./kibana-plugin-core-server.authtoolkit.nothandled.md) | () => AuthResult | User has no credentials. Allows user to access a resource when authRequired is 'optional' or 'try' Rejects a request when authRequired: true | +| [notHandled](./kibana-plugin-core-server.authtoolkit.nothandled.md) | () => AuthResult | User has no credentials. Allows user to access a resource when authRequired is 'optional' Rejects a request when authRequired: true | | [redirected](./kibana-plugin-core-server.authtoolkit.redirected.md) | (headers: {
location: string;
} & ResponseHeaders) => AuthResult | Redirects user to another location to complete authentication when authRequired: true Allows user to access a resource without redirection when authRequired: 'optional' | diff --git a/docs/development/core/server/kibana-plugin-core-server.authtoolkit.nothandled.md b/docs/development/core/server/kibana-plugin-core-server.authtoolkit.nothandled.md index 7dc3b47e27e18..577faa6562558 100644 --- a/docs/development/core/server/kibana-plugin-core-server.authtoolkit.nothandled.md +++ b/docs/development/core/server/kibana-plugin-core-server.authtoolkit.nothandled.md @@ -4,7 +4,7 @@ ## AuthToolkit.notHandled property -User has no credentials. Allows user to access a resource when authRequired is 'optional' or 'try' Rejects a request when authRequired: true +User has no credentials. Allows user to access a resource when authRequired is 'optional' Rejects a request when authRequired: true Signature: diff --git a/docs/development/core/server/kibana-plugin-core-server.routeconfigoptions.authrequired.md b/docs/development/core/server/kibana-plugin-core-server.routeconfigoptions.authrequired.md index 9f3822e5c206b..28f712316bc36 100644 --- a/docs/development/core/server/kibana-plugin-core-server.routeconfigoptions.authrequired.md +++ b/docs/development/core/server/kibana-plugin-core-server.routeconfigoptions.authrequired.md @@ -4,12 +4,12 @@ ## RouteConfigOptions.authRequired property -Defines authentication mode for a route: - true. A user has to have valid credentials to access a resource - false. A user can access a resource without any credentials. - 'optional'. A user can access a resource if has valid credentials or no credentials at all. Can be useful when we grant access to a resource but want to identify a user if possible. - 'try'. A user can access a resource with valid, invalid or without any credentials. Users with valid credentials will be authenticated +Defines authentication mode for a route: - true. A user has to have valid credentials to access a resource - false. A user can access a resource without any credentials. - 'optional'. A user can access a resource, and will be authenticated if provided credentials are valid. Can be useful when we grant access to a resource but want to identify a user if possible. Defaults to `true` if an auth mechanism is registered. Signature: ```typescript -authRequired?: boolean | 'optional' | 'try'; +authRequired?: boolean | 'optional'; ``` diff --git a/docs/development/core/server/kibana-plugin-core-server.routeconfigoptions.md b/docs/development/core/server/kibana-plugin-core-server.routeconfigoptions.md index bd53570becf63..cf0fe32c14d1d 100644 --- a/docs/development/core/server/kibana-plugin-core-server.routeconfigoptions.md +++ b/docs/development/core/server/kibana-plugin-core-server.routeconfigoptions.md @@ -16,7 +16,7 @@ export interface RouteConfigOptions | Property | Type | Description | | --- | --- | --- | -| [authRequired](./kibana-plugin-core-server.routeconfigoptions.authrequired.md) | boolean | 'optional' | 'try' | Defines authentication mode for a route: - true. A user has to have valid credentials to access a resource - false. A user can access a resource without any credentials. - 'optional'. A user can access a resource if has valid credentials or no credentials at all. Can be useful when we grant access to a resource but want to identify a user if possible. - 'try'. A user can access a resource with valid, invalid or without any credentials. Users with valid credentials will be authenticatedDefaults to true if an auth mechanism is registered. | +| [authRequired](./kibana-plugin-core-server.routeconfigoptions.authrequired.md) | boolean | 'optional' | Defines authentication mode for a route: - true. A user has to have valid credentials to access a resource - false. A user can access a resource without any credentials. - 'optional'. A user can access a resource, and will be authenticated if provided credentials are valid. Can be useful when we grant access to a resource but want to identify a user if possible.Defaults to true if an auth mechanism is registered. | | [body](./kibana-plugin-core-server.routeconfigoptions.body.md) | Method extends 'get' | 'options' ? undefined : RouteConfigOptionsBody | Additional body options [RouteConfigOptionsBody](./kibana-plugin-core-server.routeconfigoptionsbody.md). | | [tags](./kibana-plugin-core-server.routeconfigoptions.tags.md) | readonly string[] | Additional metadata tag strings to attach to the route. | | [timeout](./kibana-plugin-core-server.routeconfigoptions.timeout.md) | {
payload?: Method extends 'get' | 'options' ? undefined : number;
idleSocket?: number;
} | Defines per-route timeouts. | diff --git a/src/core/server/http/http_server.ts b/src/core/server/http/http_server.ts index 1cedddc1d1e5c..b0510bc414bf8 100644 --- a/src/core/server/http/http_server.ts +++ b/src/core/server/http/http_server.ts @@ -225,16 +225,15 @@ export class HttpServer { private getAuthOption( authRequired: RouteConfigOptions['authRequired'] = true - ): undefined | false | { mode: 'required' | 'optional' | 'try' } { + ): undefined | false | { mode: 'required' | 'try' } { if (this.authRegistered === false) return undefined; if (authRequired === true) { return { mode: 'required' }; } if (authRequired === 'optional') { - return { mode: 'optional' }; - } - if (authRequired === 'try') { + // we want to use HAPI `try` mode and not `optional` to not throw unauthorized errors when the user + // has invalid or expired credentials return { mode: 'try' }; } if (authRequired === false) { diff --git a/src/core/server/http/integration_tests/core_services.test.ts b/src/core/server/http/integration_tests/core_services.test.ts index 33bdf28c6d901..6c11534df0d11 100644 --- a/src/core/server/http/integration_tests/core_services.test.ts +++ b/src/core/server/http/integration_tests/core_services.test.ts @@ -136,37 +136,6 @@ describe('http service', () => { await root.start(); await kbnTestServer.request.get(root, '/is-auth').expect(200, { isAuthenticated: false }); }); - - it('returns true if authenticated on a route with "try" auth', async () => { - const { http } = await root.setup(); - const { createRouter, auth, registerAuth } = http; - - registerAuth((req, res, toolkit) => toolkit.authenticated()); - const router = createRouter(''); - router.get( - { path: '/is-auth', validate: false, options: { authRequired: 'try' } }, - (context, req, res) => res.ok({ body: { isAuthenticated: auth.isAuthenticated(req) } }) - ); - - await root.start(); - await kbnTestServer.request.get(root, '/is-auth').expect(200, { isAuthenticated: true }); - }); - - it('returns false if not authenticated on a route with "try" auth', async () => { - const { http } = await root.setup(); - const { createRouter, auth, registerAuth } = http; - - registerAuth((req, res, toolkit) => toolkit.notHandled()); - - const router = createRouter(''); - router.get( - { path: '/is-auth', validate: false, options: { authRequired: 'try' } }, - (context, req, res) => res.ok({ body: { isAuthenticated: auth.isAuthenticated(req) } }) - ); - - await root.start(); - await kbnTestServer.request.get(root, '/is-auth').expect(200, { isAuthenticated: false }); - }); }); describe('#get()', () => { it('returns authenticated status and allow associate auth state with request', async () => { diff --git a/src/core/server/http/integration_tests/http_auth.test.ts b/src/core/server/http/integration_tests/http_auth.test.ts index 2aa4d2796a6f2..0696deb9c07ae 100644 --- a/src/core/server/http/integration_tests/http_auth.test.ts +++ b/src/core/server/http/integration_tests/http_auth.test.ts @@ -146,46 +146,6 @@ describe('http auth', () => { await kbnTestServer.request.get(root, '/route').expect(200, { authenticated: false }); }); - it('blocks access when auth returns `unauthorized`', async () => { - const { http } = await root.setup(); - const { registerAuth, createRouter, auth } = http; - - registerAuth((req, res, toolkit) => res.unauthorized()); - - const router = createRouter(''); - registerRoute(router, auth, 'optional'); - - await root.start(); - await kbnTestServer.request.get(root, '/route').expect(401); - }); - }); - describe('when authRequired is `try`', () => { - it('allows authenticated access when auth returns `authenticated`', async () => { - const { http } = await root.setup(); - const { registerAuth, createRouter, auth } = http; - - registerAuth((req, res, toolkit) => toolkit.authenticated()); - - const router = createRouter(''); - registerRoute(router, auth, 'try'); - - await root.start(); - await kbnTestServer.request.get(root, '/route').expect(200, { authenticated: true }); - }); - - it('allows anonymous access when auth returns `notHandled`', async () => { - const { http } = await root.setup(); - const { registerAuth, createRouter, auth } = http; - - registerAuth((req, res, toolkit) => toolkit.notHandled()); - - const router = createRouter(''); - registerRoute(router, auth, 'try'); - - await root.start(); - await kbnTestServer.request.get(root, '/route').expect(200, { authenticated: false }); - }); - it('allows anonymous access when auth returns `unauthorized`', async () => { const { http } = await root.setup(); const { registerAuth, createRouter, auth } = http; @@ -193,7 +153,7 @@ describe('http auth', () => { registerAuth((req, res, toolkit) => res.unauthorized()); const router = createRouter(''); - registerRoute(router, auth, 'try'); + registerRoute(router, auth, 'optional'); await root.start(); await kbnTestServer.request.get(root, '/route').expect(200, { authenticated: false }); @@ -234,16 +194,5 @@ describe('http auth', () => { await root.start(); await kbnTestServer.request.get(root, '/route').expect(200, { authenticated: false }); }); - - it('allow access to resources when `authRequired` is `try`', async () => { - const { http } = await root.setup(); - const { createRouter, auth } = http; - - const router = createRouter(''); - registerRoute(router, auth, 'try'); - - await root.start(); - await kbnTestServer.request.get(root, '/route').expect(200, { authenticated: false }); - }); }); }); diff --git a/src/core/server/http/integration_tests/router.test.ts b/src/core/server/http/integration_tests/router.test.ts index 248b1e1278c4c..03324dc6c722f 100644 --- a/src/core/server/http/integration_tests/router.test.ts +++ b/src/core/server/http/integration_tests/router.test.ts @@ -114,19 +114,30 @@ describe('Options', () => { }); }); - it('User with invalid credentials cannot access a route', async () => { - const { server: innerServer, createRouter, registerAuth } = await server.setup(setupDeps); + it('User with invalid credentials can access a route', async () => { + const { server: innerServer, createRouter, registerAuth, auth } = await server.setup( + setupDeps + ); const router = createRouter('/'); registerAuth((req, res, toolkit) => res.unauthorized()); router.get( { path: '/', validate: false, options: { authRequired: 'optional' } }, - (context, req, res) => res.ok({ body: 'ok' }) + (context, req, res) => + res.ok({ + body: { + httpAuthIsAuthenticated: auth.isAuthenticated(req), + requestIsAuthenticated: req.auth.isAuthenticated, + }, + }) ); await server.start(); - await supertest(innerServer.listener).get('/').expect(401); + await supertest(innerServer.listener).get('/').expect(200, { + httpAuthIsAuthenticated: false, + requestIsAuthenticated: false, + }); }); it('does not redirect user and allows access to a resource', async () => { diff --git a/src/core/server/http/lifecycle/auth.ts b/src/core/server/http/lifecycle/auth.ts index 758bfad874d90..167cf0747b4c1 100644 --- a/src/core/server/http/lifecycle/auth.ts +++ b/src/core/server/http/lifecycle/auth.ts @@ -123,7 +123,7 @@ export interface AuthToolkit { authenticated: (data?: AuthResultParams) => AuthResult; /** * User has no credentials. - * Allows user to access a resource when authRequired is 'optional' or 'try' + * Allows user to access a resource when authRequired is 'optional' * Rejects a request when authRequired: true * */ notHandled: () => AuthResult; diff --git a/src/core/server/http/router/route.ts b/src/core/server/http/router/route.ts index 879b48f7253a0..77b40ca5995bb 100644 --- a/src/core/server/http/router/route.ts +++ b/src/core/server/http/router/route.ts @@ -108,14 +108,12 @@ export interface RouteConfigOptions { * Defines authentication mode for a route: * - true. A user has to have valid credentials to access a resource * - false. A user can access a resource without any credentials. - * - 'optional'. A user can access a resource if has valid credentials or no credentials at all. + * - 'optional'. A user can access a resource, and will be authenticated if provided credentials are valid. * Can be useful when we grant access to a resource but want to identify a user if possible. - * - 'try'. A user can access a resource with valid, invalid or without any credentials. - * Users with valid credentials will be authenticated * * Defaults to `true` if an auth mechanism is registered. */ - authRequired?: boolean | 'optional' | 'try'; + authRequired?: boolean | 'optional'; /** * Defines xsrf protection requirements for a route: diff --git a/src/core/server/rendering/bootstrap/register_bootstrap_route.ts b/src/core/server/rendering/bootstrap/register_bootstrap_route.ts index 2c5274e89a221..5644b44f3508b 100644 --- a/src/core/server/rendering/bootstrap/register_bootstrap_route.ts +++ b/src/core/server/rendering/bootstrap/register_bootstrap_route.ts @@ -20,7 +20,7 @@ export const registerBootstrapRoute = ({ { path: '/bootstrap.js', options: { - authRequired: 'try', + authRequired: 'optional', tags: ['api'], }, validate: false, diff --git a/src/core/server/server.api.md b/src/core/server/server.api.md index 78b97d1c3f52e..a1a774e8721c8 100644 --- a/src/core/server/server.api.md +++ b/src/core/server/server.api.md @@ -1966,7 +1966,7 @@ export interface RouteConfig { // @public export interface RouteConfigOptions { - authRequired?: boolean | 'optional' | 'try'; + authRequired?: boolean | 'optional'; body?: Method extends 'get' | 'options' ? undefined : RouteConfigOptionsBody; tags?: readonly string[]; timeout?: {