* We have a NP plugin! :celebration:
* Redirecting to login on all 401s
* Adding commented out code for when credentials are omitted
* Fixing types
* Respond 403 when user changes password with incorrect current password
* Adding AnonymousPaths where we ignore all 401s
* Adding anonymous path tests
* Extracted a dedicated SessionExpires class and added tests
* Fixing plugin after refactoring to add SessionExpired
* Beginning to work on the session timeout interceptor
* Fixing UnauthorizedResponseInterceptor anonymous path test
* Removing test anonymous path
* Trying to improve readability
* Displaying session logout warning
* Mocking out the base path
* Revert "Mocking out the base path"
This reverts commit 824086c168.
* Changing coreMock to use a concrete instance of BasePath
* Adding session timeout interceptor tests
* Adding session timeout tests
* Adding more tests for short session timeouts
* Moving some files to a session folder
* More thrashing around: renaming and reorganizing
* Renaming Interceptor to HttpInterceptor
* Fixing some type errors
* Fixing legacy chrome API tests
* Fixing other tests to use the concrete instance of BasePath
* Adjusting some types
* Putting DeeplyMocked back, I don't get how DeeplyMockedKeys works
* Moving anonymousPaths to public core http
* Reading sessionTimeout from injected vars and supporting null timeout
* Doesn't extend session when there is no response
* Updating docs and snapshots
* Casting sessionTimeout injectedVar to "number | null"
* Fixing i18n issues
* Update x-pack/plugins/security/public/plugin.ts
Co-Authored-By: Larry Gregory <lgregorydev@gmail.com>
* Adding milliseconds postfix to SessionTimeout private fields
* Even better anonymous paths, with some validation
* Adjusting public method docs for IAnonymousPaths
* Adjusting spelling of base-path to basePath
* Update x-pack/plugins/security/public/session/session_timeout.tsx
Co-Authored-By: Larry Gregory <lgregorydev@gmail.com>
* Update src/core/public/http/anonymous_paths.ts
Co-Authored-By: Josh Dover <me@joshdover.com>
* Update src/core/public/http/anonymous_paths.ts
Co-Authored-By: Josh Dover <me@joshdover.com>
* AnonymousPaths implements IAnonymousPaths and uses IBasePath
* Removing DeeplyMocked
* Removing TODOs
* Fixing types...
* Now, ever more normal
* Temporary Core workarounds.
* Move files to NP Security Plugin.
* Fix references.
* Migrate to the New Platform.
* Review#1: remove unused `loginAttempt` from provider iterator, rely more on RecursiveReadonly, etc.
* Integrate latest core changes: isTlsEnabled and get rid of legacy ES config.
* Revert `deepFreeze` changes and rely on `src/core/utils`.
* Review#2: do not mutate injectedVars in onInit. Integrate latest upstream changes.
* Use mocks provided by the Core.
* Expect ElasticsearchError instead of Boom errors as 401 Cluster client errors.
* Simplify session handling for `login`.
* Review#3: properly handle session updates for `login`, remove redundant hapi-auth-cookie deps from x-pack package.json, migrate to new core sessionStorage API, integrate latest Kerberos provider changes from upstream
* Do not clear session on login if it does not exist.