Reject authentication requests if license is not available. (#88850)
This commit is contained in:
parent
d28fa36e8a
commit
c7267b63df
|
@ -9,7 +9,7 @@ import { SecurityLicense, SecurityLicenseFeatures } from '.';
|
||||||
|
|
||||||
export const licenseMock = {
|
export const licenseMock = {
|
||||||
create: (features?: Partial<SecurityLicenseFeatures>): jest.Mocked<SecurityLicense> => ({
|
create: (features?: Partial<SecurityLicenseFeatures>): jest.Mocked<SecurityLicense> => ({
|
||||||
isLicenseAvailable: jest.fn(),
|
isLicenseAvailable: jest.fn().mockReturnValue(true),
|
||||||
isEnabled: jest.fn().mockReturnValue(true),
|
isEnabled: jest.fn().mockReturnValue(true),
|
||||||
getType: jest.fn().mockReturnValue('basic'),
|
getType: jest.fn().mockReturnValue('basic'),
|
||||||
getFeatures: jest.fn(),
|
getFeatures: jest.fn(),
|
||||||
|
|
|
@ -121,6 +121,23 @@ describe('AuthenticationService', () => {
|
||||||
.authenticate;
|
.authenticate;
|
||||||
});
|
});
|
||||||
|
|
||||||
|
it('returns error if license is not available.', async () => {
|
||||||
|
const mockResponse = httpServerMock.createLifecycleResponseFactory();
|
||||||
|
|
||||||
|
mockSetupAuthenticationParams.license.isLicenseAvailable.mockReturnValue(false);
|
||||||
|
|
||||||
|
await authHandler(httpServerMock.createKibanaRequest(), mockResponse, mockAuthToolkit);
|
||||||
|
|
||||||
|
expect(mockResponse.customError).toHaveBeenCalledTimes(1);
|
||||||
|
expect(mockResponse.customError).toHaveBeenCalledWith({
|
||||||
|
body: 'License is not available.',
|
||||||
|
statusCode: 503,
|
||||||
|
headers: { 'Retry-After': '30' },
|
||||||
|
});
|
||||||
|
expect(mockAuthToolkit.authenticated).not.toHaveBeenCalled();
|
||||||
|
expect(mockAuthToolkit.redirected).not.toHaveBeenCalled();
|
||||||
|
});
|
||||||
|
|
||||||
it('replies with no credentials when security is disabled in elasticsearch', async () => {
|
it('replies with no credentials when security is disabled in elasticsearch', async () => {
|
||||||
const mockRequest = httpServerMock.createKibanaRequest();
|
const mockRequest = httpServerMock.createKibanaRequest();
|
||||||
const mockResponse = httpServerMock.createLifecycleResponseFactory();
|
const mockResponse = httpServerMock.createLifecycleResponseFactory();
|
||||||
|
|
|
@ -106,8 +106,20 @@ export class AuthenticationService {
|
||||||
});
|
});
|
||||||
|
|
||||||
http.registerAuth(async (request, response, t) => {
|
http.registerAuth(async (request, response, t) => {
|
||||||
// If security is disabled continue with no user credentials and delete the client cookie as well.
|
if (!license.isLicenseAvailable()) {
|
||||||
|
this.logger.error('License is not available, authentication is not possible.');
|
||||||
|
return response.customError({
|
||||||
|
body: 'License is not available.',
|
||||||
|
statusCode: 503,
|
||||||
|
headers: { 'Retry-After': '30' },
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
// If security is disabled, then continue with no user credentials.
|
||||||
if (!license.isEnabled()) {
|
if (!license.isEnabled()) {
|
||||||
|
this.logger.debug(
|
||||||
|
'Current license does not support any security features, authentication is not needed.'
|
||||||
|
);
|
||||||
return t.authenticated();
|
return t.authenticated();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue