Skip to content

Fix bug in support for jwt.url_param customization#1025

Merged
cliu123 merged 2 commits intoopensearch-project:mainfrom
cwperks:jwt-url-param
Jul 7, 2022
Merged

Fix bug in support for jwt.url_param customization#1025
cliu123 merged 2 commits intoopensearch-project:mainfrom
cwperks:jwt-url-param

Conversation

@cwperks
Copy link
Member

@cwperks cwperks commented Jul 7, 2022

Signed-off-by: Craig Perkins cwperx@amazon.com

Description

There is a bug in our implementation for jwt.url_param customization that hardcodes the url_param setting to urlParamName.

This PR fixes the issue and adds tests. The issue is described in detail here: #872

Category

Bug fix

Why these changes are required?

There is a bug in an advertised feature for JWT authentication via the URL for opensearch dashboards.

What is the old behavior before changes and new behavior after changes?

The old behavior supports JWT as a URL Param, but the URL Param must be urlParamName

Issues Resolved

#872

Testing

Verified by creating a cluster with JWT backend and additional unit tests.

Check List

  • New functionality includes testing
  • Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@cwperks cwperks requested a review from a team July 7, 2022 16:59
@codecov-commenter
Copy link

codecov-commenter commented Jul 7, 2022
edited
Loading

Codecov Report

Merging #1025 (a66f694) into main (348c550) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##             main    #1025   +/-   ##
=======================================
  Coverage   72.27%   72.27%           
=======================================
  Files          87       87           
  Lines        1915     1915           
  Branches      249      249           
=======================================
  Hits         1384     1384           
  Misses        478      478           
  Partials       53       53

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 348c550...a66f694. Read the comment docs.

peternied
peternied reviewed Jul 7, 2022
View reviewed changes
server/auth/types/jwt/jwt_auth.test.ts Outdated
Copy link
Member

@peternied peternied Jul 7, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you push this into the url like http://localhost:5601/app/api/v1/auth/authinfo?authorization=testtoken & http://localhost:5601/app/api/v1/auth/authinfo?q=1&authorization=testtoken

Copy link
Member

@peternied peternied Jul 7, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this makes it easier to see what will/won't work for a real request

Copy link
Member Author

@cwperks cwperks Jul 7, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated to add the url params in the url string

server/auth/types/jwt/jwt_auth.test.ts Outdated
Copy link
Member

@peternied peternied Jul 7, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: I like smaller test functions that make it clearer what is being tested, could you refactor the call for getAuthenticationHandler to be a private function to make the test case read more like Setup / Action / Verification

Copy link
Member Author

@cwperks cwperks Jul 7, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I created a helper function in this fixture called getTestJWTAuthenticationHandlerWithConfig to reduce some duplication and make the tests tighter.

peternied
peternied previously approved these changes Jul 7, 2022
View reviewed changes
@cwperks
Fix bug in support for jwt.url_param customization
bed27cc 
Signed-off-by: Craig Perkins <cwperx@amazon.com>
peternied
peternied previously approved these changes Jul 7, 2022
View reviewed changes
@cwperks
Address eslint errors
a66f694 
Signed-off-by: Craig Perkins <cwperx@amazon.com>
@cliu123 cliu123 merged commit 5e4004f into opensearch-project:main Jul 7, 2022
@cliu123 cliu123 added the backport 2.x backport to 2.x branch label Jul 7, 2022
opensearch-trigger-bot bot pushed a commit that referenced this pull request Jul 7, 2022
@cwperks @github-actions
Fix bug in support for jwt.url_param customization (#1025)
0756edc 
Signed-off-by: Craig Perkins <cwperx@amazon.com>
(cherry picked from commit 5e4004f)
@opensearch-trigger-bot opensearch-trigger-bot bot mentioned this pull request Jul 7, 2022
Merged
cliu123 pushed a commit that referenced this pull request Jul 7, 2022
@opensearch-trigger-bot @cwperks
Fix bug in support for jwt.url_param customization (#1025) (#1027)
85e4a01 
Signed-off-by: Craig Perkins <cwperx@amazon.com>
(cherry picked from commit 5e4004f)

Co-authored-by: Craig Perkins <cwperx@amazon.com>
spartan2015 pushed a commit to spartan2015/security-dashboards-plugin that referenced this pull request Aug 8, 2022
@cwperks
Fix bug in support for jwt.url_param customization (opensearch-projec…
546dd81 
…t#1025)

Signed-off-by: Craig Perkins <cwperx@amazon.com>
Signed-off-by: Vasile Negru <vasile@eosfintek.com>
@Desvelao Desvelao mentioned this pull request Oct 27, 2025
Merged
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@peternied peternied peternied approved these changes

@cliu123 cliu123 cliu123 approved these changes

Assignees

No one assigned

Labels

backport 2.x backport to 2.x branch

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@cwperks @codecov-commenter @peternied @cliu123