Merge "Fix problems with multitenancy" into multitenancy
This commit is contained in:
commit
50b53ab219
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
"name": "fts-keystone",
|
||||
"version": "0.0.3",
|
||||
"version": "0.0.4",
|
||||
"description": "Keystone authentication & multitenancy support for Kibana 4.4.x",
|
||||
"author": "Fujitsu Enabling Software Technology GmbH",
|
||||
"license": "Apache-2.0",
|
||||
|
|
|
@ -27,13 +27,22 @@ describe('plugins/fts-keystone', ()=> {
|
|||
let server;
|
||||
|
||||
beforeEach(()=> {
|
||||
let configGet = sinon.stub();
|
||||
configGet.withArgs('fts-keystone.cookie.name').returns('keystone');
|
||||
server = {
|
||||
log: sinon.stub()
|
||||
log: sinon.stub(),
|
||||
config: function () {
|
||||
return {
|
||||
get: configGet
|
||||
};
|
||||
}
|
||||
};
|
||||
});
|
||||
|
||||
it('should return isBoom if session not available', ()=> {
|
||||
let request = {};
|
||||
let request = {
|
||||
state: {}
|
||||
};
|
||||
let errMsg = /Session support is missing/;
|
||||
|
||||
chai.expect(()=> {
|
||||
|
@ -41,14 +50,16 @@ describe('plugins/fts-keystone', ()=> {
|
|||
}).to.throw(errMsg);
|
||||
|
||||
request = {
|
||||
yar: undefined
|
||||
yar: undefined,
|
||||
state: {}
|
||||
};
|
||||
chai.expect(()=> {
|
||||
retrieveToken(server, request);
|
||||
}).to.throw(errMsg);
|
||||
|
||||
request = {
|
||||
session: null
|
||||
session: null,
|
||||
state: {}
|
||||
};
|
||||
chai.expect(()=> {
|
||||
retrieveToken(server, request);
|
||||
|
@ -62,9 +73,11 @@ describe('plugins/fts-keystone', ()=> {
|
|||
'get': sinon
|
||||
.stub()
|
||||
.withArgs(CONSTANTS.SESSION_TOKEN_KEY)
|
||||
.returns(undefined)
|
||||
.returns(undefined),
|
||||
'reset': sinon.stub()
|
||||
},
|
||||
headers: {}
|
||||
headers: {},
|
||||
state: {}
|
||||
};
|
||||
|
||||
let result = retrieveToken(server, request);
|
||||
|
@ -82,7 +95,8 @@ describe('plugins/fts-keystone', ()=> {
|
|||
};
|
||||
let request = {
|
||||
yar : yar,
|
||||
headers: {}
|
||||
headers: {},
|
||||
state: {}
|
||||
};
|
||||
let token;
|
||||
|
||||
|
@ -102,7 +116,7 @@ describe('plugins/fts-keystone', ()=> {
|
|||
it('should set token in session if not there and request has it', () => {
|
||||
let expectedToken = 'SOME_RANDOM_TOKEN';
|
||||
let yar = {
|
||||
'reset': sinon.spy(),
|
||||
'reset': sinon.stub(),
|
||||
'set' : sinon.spy(),
|
||||
'get' : sinon.stub()
|
||||
};
|
||||
|
@ -110,7 +124,8 @@ describe('plugins/fts-keystone', ()=> {
|
|||
yar : yar,
|
||||
headers: {
|
||||
'x-auth-token': expectedToken
|
||||
}
|
||||
},
|
||||
state: {}
|
||||
};
|
||||
let token;
|
||||
|
||||
|
@ -158,14 +173,15 @@ describe('plugins/fts-keystone', ()=> {
|
|||
let token;
|
||||
let request = {
|
||||
yar : yar,
|
||||
headers: headers
|
||||
headers: headers,
|
||||
state: {}
|
||||
};
|
||||
|
||||
token = retrieveToken(server, request);
|
||||
chai.expect(token).to.not.be.undefined;
|
||||
chai.expect(token).to.be.eql(RELOAD_SYMBOL);
|
||||
|
||||
chai.expect(yar.reset.calledOnce).to.be.ok;
|
||||
chai.expect(yar.reset.calledTwice).to.be.ok;
|
||||
chai.expect(yar.get.calledOnce).to.be.ok;
|
||||
|
||||
chai.expect(yar.set.callCount).to.be.eq(2);
|
||||
|
|
|
@ -43,6 +43,14 @@ module.exports = (server, request) => {
|
|||
throw new Error('Session support is missing');
|
||||
}
|
||||
|
||||
// this is a workaround for problem with 'default' session:
|
||||
// when there is no session cookie present, then yar uses default session,
|
||||
// as a result many clients use the same session - security risk!
|
||||
const cookieName = server.config().get('fts-keystone.cookie.name');
|
||||
if (!request.state[cookieName]) {
|
||||
request.yar.reset();
|
||||
}
|
||||
|
||||
// DEV PURPOSE ONLY
|
||||
// request.yar.set(SESSION_TOKEN_KEY, 'a60e832483c34526a0c2bc3c6f8fa320');
|
||||
|
||||
|
|
|
@ -42,7 +42,7 @@ export default () => {
|
|||
|
||||
if (diff >= 0) {
|
||||
session.reset();
|
||||
return reply(Boom.unauthorized('User token has expired')).takeover();
|
||||
return reply(Boom.unauthorized('User token has expired'));
|
||||
} else {
|
||||
return reply.continue({
|
||||
credentials: userObj,
|
||||
|
|
|
@ -46,7 +46,7 @@ function bindAuthScheme(server) {
|
|||
server.auth.strategy(
|
||||
'session',
|
||||
'keystone-token',
|
||||
true,
|
||||
false,
|
||||
require('./auth/strategy')(server)
|
||||
)
|
||||
]);
|
||||
|
|
|
@ -27,7 +27,7 @@ export default function (server, method, path) {
|
|||
method : method,
|
||||
path : path,
|
||||
config : {
|
||||
auth : false,
|
||||
auth : 'session',
|
||||
payload: {
|
||||
output: 'data',
|
||||
parse : false
|
||||
|
|
|
@ -26,7 +26,7 @@ export default function (server, method, path) {
|
|||
method : method,
|
||||
path : path,
|
||||
config : {
|
||||
auth : false,
|
||||
auth : 'session',
|
||||
payload: {
|
||||
output: 'data',
|
||||
parse : false
|
||||
|
|
|
@ -13,6 +13,7 @@
|
|||
*/
|
||||
|
||||
import Wreck from 'wreck';
|
||||
import Boom from 'boom';
|
||||
|
||||
import { SESSION_USER_KEY } from '../../../const';
|
||||
import { getOpts } from '../_utils';
|
||||
|
@ -20,14 +21,15 @@ import kibanaIndex from '../../kibana/kibanaIndex';
|
|||
import mapUri from '../_map_uri';
|
||||
|
||||
export default function (server, method, path) {
|
||||
const defaultKibanaIndex = defaultKibanaIndex;
|
||||
const defaultKibanaIndex = server.config().get('kibana.index');
|
||||
const logIndexPostionInUrl = 3;
|
||||
|
||||
return {
|
||||
method : method,
|
||||
path : path,
|
||||
config : {
|
||||
tags: ['elasticsearch', 'multitenancy'],
|
||||
auth: false
|
||||
auth: 'session'
|
||||
},
|
||||
handler: handler
|
||||
};
|
||||
|
@ -42,7 +44,11 @@ export default function (server, method, path) {
|
|||
if (indexPos > -1) {
|
||||
url[indexPos] = kibanaIndex(server, session[SESSION_USER_KEY]);
|
||||
kibanaIndexRequest = true;
|
||||
} else if (url.length > logIndexPostionInUrl
|
||||
&& !url[logIndexPostionInUrl].startsWith(session[SESSION_USER_KEY].project.id)) {
|
||||
return reply(Boom.unauthorized('User does not have access to this resource'));
|
||||
}
|
||||
|
||||
url = url.join('/');
|
||||
|
||||
const opts = getOpts(server, request, url);
|
||||
|
|
Loading…
Reference in New Issue