From 0f39953dcbec1eff7f6a2710b70c01ed11c44316 Mon Sep 17 00:00:00 2001 From: Jochen Kressin Date: Mon, 11 Dec 2023 16:11:16 +0100 Subject: [PATCH] Lint and some changes required by Typescript after the linter added imports Signed-off-by: Jochen Kressin --- server/auth/types/jwt/jwt_auth.ts | 45 ++++++++------- server/auth/types/jwt/jwt_helper.test.ts | 72 +++++++++++------------- 2 files changed, 57 insertions(+), 60 deletions(-) diff --git a/server/auth/types/jwt/jwt_auth.ts b/server/auth/types/jwt/jwt_auth.ts index e38a4f32d..3bf116da1 100644 --- a/server/auth/types/jwt/jwt_auth.ts +++ b/server/auth/types/jwt/jwt_auth.ts @@ -25,21 +25,21 @@ import { AuthToolkit, IOpenSearchDashboardsResponse, } from 'opensearch-dashboards/server'; +import { ServerStateCookieOptions } from '@hapi/hapi'; import { SecurityPluginConfigType } from '../../..'; import { SecuritySessionCookie } from '../../../session/security_cookie'; import { AuthenticationType } from '../authentication_type'; import { JwtAuthRoutes } from './routes'; -import {ServerStateCookieOptions} from "@hapi/hapi"; import { ExtraAuthStorageOptions, getExtraAuthStorageValue, setExtraAuthStorage, -} from "../../../session/cookie_splitter"; +} from '../../../session/cookie_splitter'; export const JWT_DEFAULT_EXTRA_STORAGE_OPTIONS: ExtraAuthStorageOptions = { cookiePrefix: 'security_authentication_jwt', additionalCookies: 5, -} +}; export class JwtAuthentication extends AuthenticationType { public readonly type: string = 'jwt'; @@ -68,7 +68,7 @@ export class JwtAuthentication extends AuthenticationType { // @ts-ignore const hapiServer: Server = this.sessionStorageFactory.asScoped({}).server; - const {cookiePrefix, additionalCookies} = this.getExtraAuthStorageOptions(); + const { cookiePrefix, additionalCookies } = this.getExtraAuthStorageOptions(); const extraCookieSettings: ServerStateCookieOptions = { isSecure: this.config.cookie.secure, isSameSite: this.config.cookie.isSameSite, @@ -87,11 +87,15 @@ export class JwtAuthentication extends AuthenticationType { } private getExtraAuthStorageOptions(): ExtraAuthStorageOptions { - let extraAuthStorageOptions: ExtraAuthStorageOptions = { - cookiePrefix: this.config.jwt?.extra_storage.cookie_prefix || JWT_DEFAULT_EXTRA_STORAGE_OPTIONS.cookiePrefix, - additionalCookies: this.config.jwt?.extra_storage.additional_cookies || JWT_DEFAULT_EXTRA_STORAGE_OPTIONS.additionalCookies, - logger: this.logger - } + const extraAuthStorageOptions: ExtraAuthStorageOptions = { + cookiePrefix: + this.config.jwt?.extra_storage.cookie_prefix || + JWT_DEFAULT_EXTRA_STORAGE_OPTIONS.cookiePrefix, + additionalCookies: + this.config.jwt?.extra_storage.additional_cookies || + JWT_DEFAULT_EXTRA_STORAGE_OPTIONS.additionalCookies, + logger: this.logger, + }; return extraAuthStorageOptions; } @@ -122,8 +126,6 @@ export class JwtAuthentication extends AuthenticationType { return true; } - - const urlParamName = this.config.jwt?.url_param; if (urlParamName && request.url.searchParams.get(urlParamName)) { return true; @@ -149,7 +151,7 @@ export class JwtAuthentication extends AuthenticationType { ): SecuritySessionCookie { setExtraAuthStorage( request, - this.getBearerToken(request) || '', // TODO Does an empty string make sense?, + this.getBearerToken(request) || '', this.getExtraAuthStorageOptions() ); return { @@ -162,14 +164,14 @@ export class JwtAuthentication extends AuthenticationType { }; } - async isValidCookie(cookie: SecuritySessionCookie, request: OpenSearchDashboardsRequest): Promise { - // TODO Double check this, implemented too quickly - const hasAuthHeaderValue = (cookie.credentials?.authHeaderValue || this.getExtraAuthStorageValue(request, cookie)) + async isValidCookie( + cookie: SecuritySessionCookie, + request: OpenSearchDashboardsRequest + ): Promise { + const hasAuthHeaderValue = + cookie.credentials?.authHeaderValue || this.getExtraAuthStorageValue(request, cookie); return ( - cookie.authType === this.type && - cookie.username && - cookie.expiryTime && - hasAuthHeaderValue + cookie.authType === this.type && cookie.username && cookie.expiryTime && hasAuthHeaderValue ); } @@ -196,7 +198,10 @@ export class JwtAuthentication extends AuthenticationType { return extraValue; } - buildAuthHeaderFromCookie(cookie: SecuritySessionCookie, request: OpenSearchDashboardsRequest): any { + buildAuthHeaderFromCookie( + cookie: SecuritySessionCookie, + request: OpenSearchDashboardsRequest + ): any { const header: any = {}; if (cookie.credentials.authHeaderValueExtra) { try { diff --git a/server/auth/types/jwt/jwt_helper.test.ts b/server/auth/types/jwt/jwt_helper.test.ts index b25b212f5..73dd0e0ab 100644 --- a/server/auth/types/jwt/jwt_helper.test.ts +++ b/server/auth/types/jwt/jwt_helper.test.ts @@ -14,43 +14,40 @@ */ import { getAuthenticationHandler } from '../../auth_handler_factory'; -import { - JWT_DEFAULT_EXTRA_STORAGE_OPTIONS, - JwtAuthentication -} from "./jwt_auth"; +import { JWT_DEFAULT_EXTRA_STORAGE_OPTIONS } from './jwt_auth'; import { CoreSetup, ILegacyClusterClient, IRouter, Logger, OpenSearchDashboardsRequest, - SessionStorageFactory -} from "../../../../../../src/core/server"; -import {SecuritySessionCookie} from "../../../session/security_cookie"; -import {SecurityPluginConfigType} from "../../../index"; -import {httpServerMock} from "../../../../../../src/core/server/http/http_server.mocks"; -import {deflateValue} from "../../../utils/compression"; + SessionStorageFactory, +} from '../../../../../../src/core/server'; +import { SecuritySessionCookie } from '../../../session/security_cookie'; +import { SecurityPluginConfigType } from '../../../index'; +import { httpServerMock } from '../../../../../../src/core/server/http/http_server.mocks'; +import { deflateValue } from '../../../utils/compression'; describe('test jwt auth library', () => { - const router: IRouter = { post: (body) => {} }; - let core: CoreSetup = { + const router: Partial = { post: (body) => {} }; + const core = { http: { basePath: { - serverBasePath: '/' - } - } - }; + serverBasePath: '/', + }, + }, + } as CoreSetup; let esClient: ILegacyClusterClient; - let sessionStorageFactory: SessionStorageFactory = { + const sessionStorageFactory: SessionStorageFactory = { asScoped: jest.fn().mockImplementation(() => { return { server: { states: { - add: jest.fn() - } - } - } - }) + add: jest.fn(), + }, + }, + }; + }), }; let logger: Logger; @@ -65,12 +62,10 @@ describe('test jwt auth library', () => { }, }; - - function getTestJWTAuthenticationHandlerWithConfig(config: SecurityPluginConfigType) { return getAuthenticationHandler( 'jwt', - router, + router as IRouter, config, core, esClient, @@ -87,8 +82,8 @@ describe('test jwt auth library', () => { url_param: 'authorization', extra_storage: { cookie_prefix: JWT_DEFAULT_EXTRA_STORAGE_OPTIONS.cookiePrefix, - additional_cookies: JWT_DEFAULT_EXTRA_STORAGE_OPTIONS.additionalCookies - } + additional_cookies: JWT_DEFAULT_EXTRA_STORAGE_OPTIONS.additionalCookies, + }, }, }; const auth = await getTestJWTAuthenticationHandlerWithConfig(config); @@ -111,8 +106,8 @@ describe('test jwt auth library', () => { url_param: 'urlParamName', extra_storage: { cookie_prefix: JWT_DEFAULT_EXTRA_STORAGE_OPTIONS.cookiePrefix, - additional_cookies: JWT_DEFAULT_EXTRA_STORAGE_OPTIONS.additionalCookies - } + additional_cookies: JWT_DEFAULT_EXTRA_STORAGE_OPTIONS.additionalCookies, + }, }, }; const auth = await getTestJWTAuthenticationHandlerWithConfig(config); @@ -128,22 +123,20 @@ describe('test jwt auth library', () => { }); test('make sure that cookies with authHeaderValue instead of split cookies are still valid', async () => { - const config = ({ + const config = { ...cookieConfig, jwt: { header: 'Authorization', url_param: 'authorization', extra_storage: { - cookie_prefix: 'testcookie', - additional_cookies: 2, - } + cookie_prefix: JWT_DEFAULT_EXTRA_STORAGE_OPTIONS.cookiePrefix, + additional_cookies: JWT_DEFAULT_EXTRA_STORAGE_OPTIONS.additionalCookies, + }, }, - } as unknown) as SecurityPluginConfigType; + } as SecurityPluginConfigType; const jwtAuthentication = await getTestJWTAuthenticationHandlerWithConfig(config); - console.log('What sessionstorageFactory did I use?', sessionStorageFactory) - const mockRequest = httpServerMock.createRawRequest(); const osRequest = OpenSearchDashboardsRequest.from(mockRequest); @@ -157,14 +150,13 @@ describe('test jwt auth library', () => { authorization: 'Bearer eyToken', }; - const headers = jwtAuthentication.buildAuthHeaderFromCookie(cookie, osRequest); expect(headers).toEqual(expectedHeaders); }); test('get authHeaderValue from split cookies', async () => { - const config = ({ + const config = { ...cookieConfig, jwt: { header: 'Authorization', @@ -172,9 +164,9 @@ describe('test jwt auth library', () => { extra_storage: { cookie_prefix: 'testcookie', additional_cookies: 2, - } + }, }, - } as unknown) as SecurityPluginConfigType; + } as SecurityPluginConfigType; const jwtAuthentication = await getTestJWTAuthenticationHandlerWithConfig(config);