Ensure no deprecated Node.js core API's are used in Kibana. This is
achieved by throwing an error in either development mode or in CI if one
of the deprecated API's is called, and as such, new PR's should no
longer be able to be merged if they use deprecated API's.
Some of these API's (like the `Buffer` constructor`) is a security risk.
This adds an absolute session timeout (lifespan) to user sessions.
It also improves the existing session timeout toast and the overall
user experience in several ways.
* run mocha tests from x-pack with root mocha script
* Only run Karma tests in xpack intake job
* disable failing suites
* fix typo
* skip correct suite (there are multiple root suites)
* support disabling junit reporting with $DISABLE_JUNIT_REPORTER
* don't generate junit in ispec_plugin tests
* eui to 16.0.0
* type defs
* card click
* snapshot updates
* time format test updates
* ts return
* integration fix
* async
* more time format fixes
* more time format fixes
* test updates
* add uisettings dateformat timepicker test
* after method to clear setting
* Update dependency rxjs to ^6.5.3
* move argument type def up for better coverage
* adapt to possibly undefined helpExtension
* complete definition of deprecation$ type
* define types that bindNodeCallback can no longer infer
* define more types that bindNodeCallback can't infer
* be more explicit and accurate about the types for a subject/observable pair
* fix interface error, TS now identifies it
* ignore a return type flaw because types are not being managed properly
* avoid overspecifying types
* allow types to be inferred where possible
* remove unnecessary withLatestFrom()
* reduce number of rxjs versions installed
* update kbn/pm dist
* Update moment related packages
* unify moment version in yarn.lock
* adapt ro pluralization fixes
* update some bad pluralization in fixtures/snapshots
* [npm] Removes react-clipboard.js
Added in the original commit of APM, but does not appear to still be used.
* [npm] Remove redux-test-utils
Signed-off-by: Tyler Smalley <tyler.smalley@elastic.co>
Added in https://github.com/elastic/kibana/pull/18885 as part of the
RxJS 6 upgrade and used in the screenshot stictcher, however it is not
longer used.
Signed-off-by: Tyler Smalley <tyler.smalley@elastic.co>
Originally added in https://github.com/elastic/kibana/pull/19236 as part
of the notification service, however it's no longer used.
Signed-off-by: Tyler Smalley <tyler.smalley@elastic.co>
* [npm] Remove babel-plugin-mock-imports
Originally added as part of
https://github.com/elastic/kibana/pull/22695, however, it doesn't appear
to have ever actually been used.
* [npm] Removes gulp-multi-process
Signed-off-by: Tyler Smalley <tyler.smalley@elastic.co>
Added when X-Pack was closed-source and
import/no-extraneous-dependencies was implemented. Does not appear to
still be used.
Signed-off-by: Tyler Smalley <tyler.smalley@elastic.co>
* We have a NP plugin! :celebration:
* Redirecting to login on all 401s
* Adding commented out code for when credentials are omitted
* Fixing types
* Respond 403 when user changes password with incorrect current password
* Adding AnonymousPaths where we ignore all 401s
* Adding anonymous path tests
* Extracted a dedicated SessionExpires class and added tests
* Fixing plugin after refactoring to add SessionExpired
* Beginning to work on the session timeout interceptor
* Fixing UnauthorizedResponseInterceptor anonymous path test
* Removing test anonymous path
* Trying to improve readability
* Displaying session logout warning
* Mocking out the base path
* Revert "Mocking out the base path"
This reverts commit 824086c168.
* Changing coreMock to use a concrete instance of BasePath
* Adding session timeout interceptor tests
* Adding session timeout tests
* Adding more tests for short session timeouts
* Moving some files to a session folder
* More thrashing around: renaming and reorganizing
* Renaming Interceptor to HttpInterceptor
* Fixing some type errors
* Fixing legacy chrome API tests
* Fixing other tests to use the concrete instance of BasePath
* Adjusting some types
* Putting DeeplyMocked back, I don't get how DeeplyMockedKeys works
* Moving anonymousPaths to public core http
* Reading sessionTimeout from injected vars and supporting null timeout
* Doesn't extend session when there is no response
* Updating docs and snapshots
* Casting sessionTimeout injectedVar to "number | null"
* Fixing i18n issues
* Update x-pack/plugins/security/public/plugin.ts
Co-Authored-By: Larry Gregory <lgregorydev@gmail.com>
* Adding milliseconds postfix to SessionTimeout private fields
* Even better anonymous paths, with some validation
* Adjusting public method docs for IAnonymousPaths
* Adjusting spelling of base-path to basePath
* Update x-pack/plugins/security/public/session/session_timeout.tsx
Co-Authored-By: Larry Gregory <lgregorydev@gmail.com>
* Update src/core/public/http/anonymous_paths.ts
Co-Authored-By: Josh Dover <me@joshdover.com>
* Update src/core/public/http/anonymous_paths.ts
Co-Authored-By: Josh Dover <me@joshdover.com>
* AnonymousPaths implements IAnonymousPaths and uses IBasePath
* Removing DeeplyMocked
* Removing TODOs
* Fixing types...
* Now, ever more normal