elastic · cee-chen · Oct 16, 2020 · Oct 16, 2020
diff --git a/x-pack/plugins/enterprise_search/server/lib/enterprise_search_request_handler.test.ts b/x-pack/plugins/enterprise_search/server/lib/enterprise_search_request_handler.test.ts
@@ -325,6 +325,10 @@ describe('EnterpriseSearchRequestHandler', () => {
         expect(mockLogger.error).toHaveBeenCalled();
       });
 
+      it('errors when receiving a 401 response', async () => {
+        EnterpriseSearchAPI.mockReturn({}, { status: 401 });
+      });
+
       it('errors when redirected to /login', async () => {
         EnterpriseSearchAPI.mockReturn({}, { url: 'http://localhost:3002/login' });
       });

diff --git a/x-pack/plugins/enterprise_search/server/lib/enterprise_search_request_handler.ts b/x-pack/plugins/enterprise_search/server/lib/enterprise_search_request_handler.ts
@@ -84,8 +84,12 @@ export class EnterpriseSearchRequestHandler {
         // Handle response headers
         this.setResponseHeaders(apiResponse);
 
-        // Handle authentication redirects
-        if (apiResponse.url.endsWith('/login') || apiResponse.url.endsWith('/ent/select')) {
+        // Handle unauthenticated users / authentication redirects
+        if (
+          apiResponse.status === 401 ||
+          apiResponse.url.endsWith('/login') ||
+          apiResponse.url.endsWith('/ent/select')
+        ) {
           return this.handleAuthenticationError(response);
         }
 
@@ -213,6 +217,10 @@ export class EnterpriseSearchRequestHandler {
     return response.customError({ statusCode: 502, headers: this.headers, body: errorMessage });
   }
 
+  /**
+   * Note: Kibana auto logs users out when it receives a 401 response, so we want to catch and
+   * return 401 responses from Enterprise Search as a 502 so Kibana sessions aren't interrupted
+   */
   handleAuthenticationError(response: KibanaResponseFactory) {
     const errorMessage = 'Cannot authenticate Enterprise Search user';