From c80716be6e1c192f6c33c016e16522a24cdc2519 Mon Sep 17 00:00:00 2001 From: Larry Gregory Date: Tue, 4 Feb 2020 14:51:43 -0500 Subject: [PATCH] logout should redirect to the login screen at the server base path --- .../server/authentication/providers/basic.test.ts | 6 +++--- .../security/server/authentication/providers/basic.ts | 4 ++-- .../security/server/authentication/providers/saml.test.ts | 2 +- .../security/server/authentication/providers/saml.ts | 2 +- .../server/authentication/providers/token.test.ts | 8 ++++---- .../security/server/authentication/providers/token.ts | 4 ++-- 6 files changed, 13 insertions(+), 13 deletions(-) diff --git a/x-pack/plugins/security/server/authentication/providers/basic.test.ts b/x-pack/plugins/security/server/authentication/providers/basic.test.ts index f9c665d6cea48..6adb477ee36d8 100644 --- a/x-pack/plugins/security/server/authentication/providers/basic.test.ts +++ b/x-pack/plugins/security/server/authentication/providers/basic.test.ts @@ -85,7 +85,7 @@ describe('BasicAuthenticationProvider', () => { expect(authenticationResult.redirected()).toBe(true); expect(authenticationResult.redirectURL).toBe( - '/base-path/login?next=%2Fbase-path%2Fs%2Ffoo%2Fsome-path%20%23%20that%20needs%20to%20be%20encoded' + '/mock-server-basepath/login?next=%2Fbase-path%2Fs%2Ffoo%2Fsome-path%20%23%20that%20needs%20to%20be%20encoded' ); }); @@ -193,7 +193,7 @@ describe('BasicAuthenticationProvider', () => { const request = httpServerMock.createKibanaRequest(); const deauthenticateResult = await provider.logout(request); expect(deauthenticateResult.redirected()).toBe(true); - expect(deauthenticateResult.redirectURL).toBe('/base-path/login?msg=LOGGED_OUT'); + expect(deauthenticateResult.redirectURL).toBe('/mock-server-basepath/login?msg=LOGGED_OUT'); }); it('passes query string parameters to the login page.', async () => { @@ -203,7 +203,7 @@ describe('BasicAuthenticationProvider', () => { const deauthenticateResult = await provider.logout(request); expect(deauthenticateResult.redirected()).toBe(true); expect(deauthenticateResult.redirectURL).toBe( - '/base-path/login?next=%2Fapp%2Fml&msg=SESSION_EXPIRED' + '/mock-server-basepath/login?next=%2Fapp%2Fml&msg=SESSION_EXPIRED' ); }); }); diff --git a/x-pack/plugins/security/server/authentication/providers/basic.ts b/x-pack/plugins/security/server/authentication/providers/basic.ts index 07d141b4e1b2b..7e65ac2fbcbfa 100644 --- a/x-pack/plugins/security/server/authentication/providers/basic.ts +++ b/x-pack/plugins/security/server/authentication/providers/basic.ts @@ -88,7 +88,7 @@ export class BasicAuthenticationProvider extends BaseAuthenticationProvider { `${this.options.basePath.get(request)}${request.url.path}` ); authenticationResult = AuthenticationResult.redirectTo( - `${this.options.basePath.get(request)}/login?next=${nextURL}` + `${this.options.basePath.serverBasePath}/login?next=${nextURL}` ); } @@ -104,7 +104,7 @@ export class BasicAuthenticationProvider extends BaseAuthenticationProvider { // logout reason that login page may need to know. const queryString = request.url.search || `?msg=LOGGED_OUT`; return DeauthenticationResult.redirectTo( - `${this.options.basePath.get(request)}/login${queryString}` + `${this.options.basePath.serverBasePath}/login${queryString}` ); } diff --git a/x-pack/plugins/security/server/authentication/providers/saml.test.ts b/x-pack/plugins/security/server/authentication/providers/saml.test.ts index a5d1010a1bec8..8171406ebbfe0 100644 --- a/x-pack/plugins/security/server/authentication/providers/saml.test.ts +++ b/x-pack/plugins/security/server/authentication/providers/saml.test.ts @@ -350,7 +350,7 @@ describe('SAMLAuthenticationProvider', () => { }); expect(authenticationResult.redirected()).toBe(true); - expect(authenticationResult.redirectURL).toBe('/base-path/overwritten_session'); + expect(authenticationResult.redirectURL).toBe('/mock-server-basepath/overwritten_session'); }); }); diff --git a/x-pack/plugins/security/server/authentication/providers/saml.ts b/x-pack/plugins/security/server/authentication/providers/saml.ts index faa19239fcc3b..624cd6564d7a6 100644 --- a/x-pack/plugins/security/server/authentication/providers/saml.ts +++ b/x-pack/plugins/security/server/authentication/providers/saml.ts @@ -390,7 +390,7 @@ export class SAMLAuthenticationProvider extends BaseAuthenticationProvider { 'Login initiated by Identity Provider is for a different user than currently authenticated.' ); return AuthenticationResult.redirectTo( - `${this.options.basePath.get(request)}/overwritten_session`, + `${this.options.basePath.serverBasePath}/overwritten_session`, { state: newState } ); } diff --git a/x-pack/plugins/security/server/authentication/providers/token.test.ts b/x-pack/plugins/security/server/authentication/providers/token.test.ts index 3d377140cb42e..6c3c872f22ea2 100644 --- a/x-pack/plugins/security/server/authentication/providers/token.test.ts +++ b/x-pack/plugins/security/server/authentication/providers/token.test.ts @@ -124,7 +124,7 @@ describe('TokenAuthenticationProvider', () => { expect(authenticationResult.redirected()).toBe(true); expect(authenticationResult.redirectURL).toBe( - '/base-path/login?next=%2Fbase-path%2Fs%2Ffoo%2Fsome-path%20%23%20that%20needs%20to%20be%20encoded' + '/mock-server-basepath/login?next=%2Fbase-path%2Fs%2Ffoo%2Fsome-path%20%23%20that%20needs%20to%20be%20encoded' ); }); @@ -320,7 +320,7 @@ describe('TokenAuthenticationProvider', () => { expect(request.headers).not.toHaveProperty('authorization'); expect(authenticationResult.redirected()).toBe(true); expect(authenticationResult.redirectURL).toBe( - '/base-path/login?next=%2Fbase-path%2Fsome-path' + '/mock-server-basepath/login?next=%2Fbase-path%2Fsome-path' ); expect(authenticationResult.user).toBeUndefined(); expect(authenticationResult.state).toEqual(null); @@ -432,7 +432,7 @@ describe('TokenAuthenticationProvider', () => { sinon.assert.calledWithExactly(mockOptions.tokens.invalidate, tokenPair); expect(authenticationResult.redirected()).toBe(true); - expect(authenticationResult.redirectURL).toBe('/base-path/login?msg=LOGGED_OUT'); + expect(authenticationResult.redirectURL).toBe('/mock-server-basepath/login?msg=LOGGED_OUT'); }); it('redirects to /login with optional search parameters if tokens are invalidated successfully', async () => { @@ -447,7 +447,7 @@ describe('TokenAuthenticationProvider', () => { sinon.assert.calledWithExactly(mockOptions.tokens.invalidate, tokenPair); expect(authenticationResult.redirected()).toBe(true); - expect(authenticationResult.redirectURL).toBe('/base-path/login?yep=nope'); + expect(authenticationResult.redirectURL).toBe('/mock-server-basepath/login?yep=nope'); }); }); }); diff --git a/x-pack/plugins/security/server/authentication/providers/token.ts b/x-pack/plugins/security/server/authentication/providers/token.ts index c5f8f07e50b11..1c181621ced5c 100644 --- a/x-pack/plugins/security/server/authentication/providers/token.ts +++ b/x-pack/plugins/security/server/authentication/providers/token.ts @@ -134,7 +134,7 @@ export class TokenAuthenticationProvider extends BaseAuthenticationProvider { const queryString = request.url.search || `?msg=LOGGED_OUT`; return DeauthenticationResult.redirectTo( - `${this.options.basePath.get(request)}/login${queryString}` + `${this.options.basePath.serverBasePath}/login${queryString}` ); } @@ -248,6 +248,6 @@ export class TokenAuthenticationProvider extends BaseAuthenticationProvider { */ private getLoginPageURL(request: KibanaRequest) { const nextURL = encodeURIComponent(`${this.options.basePath.get(request)}${request.url.path}`); - return `${this.options.basePath.get(request)}/login?next=${nextURL}`; + return `${this.options.basePath.serverBasePath}/login?next=${nextURL}`; } }