diff --git a/src/core/server/http/cookie_session_storage.ts b/src/core/server/http/cookie_session_storage.ts index e48e90ebfeb9d4e..1ff0670d78f4e0b 100644 --- a/src/core/server/http/cookie_session_storage.ts +++ b/src/core/server/http/cookie_session_storage.ts @@ -150,7 +150,7 @@ export async function createCookieSessionStorageFactory( isHttpOnly: true, isSameSite: cookieOptions.sameSite === 'None' ? false : cookieOptions.sameSite ?? false, }, - validateFunc: async (req, session: T | T[]) => { + validateFunc: async (req: Request, session: T | T[]) => { const result = cookieOptions.validate(session); if (!result.isValid) { clearInvalidCookie(req, result.path); diff --git a/src/core/server/http/http_server.mocks.ts b/src/core/server/http/http_server.mocks.ts index fc9c3ca67d85699..8e8eaf46a706433 100644 --- a/src/core/server/http/http_server.mocks.ts +++ b/src/core/server/http/http_server.mocks.ts @@ -87,6 +87,9 @@ function createKibanaRequestMock

({ method, url, route: { + // @ts-expect-error According to types/hapi__hapi the following settings-fields have problems: + // - `auth` can't be a boolean, but it can according to the @hapi/hapi source (https://github.com/hapijs/hapi/blob/v18.4.2/lib/route.js#L139) + // - `app` isn't a valid property, but it is and this was fixed in the types in v19.0.1 (https://github.com/DefinitelyTyped/DefinitelyTyped/pull/41968) settings: { tags: routeTags, auth: routeAuthRequired, app: kibanaRouteOptions }, }, raw: { diff --git a/src/core/server/http/http_service.mock.ts b/src/core/server/http/http_service.mock.ts index 03de8fae00c1db3..4fc972c9679bbf3 100644 --- a/src/core/server/http/http_service.mock.ts +++ b/src/core/server/http/http_service.mock.ts @@ -88,6 +88,7 @@ const createInternalSetupContractMock = () => { start: jest.fn(), stop: jest.fn(), config: jest.fn().mockReturnValue(configMock.create()), + // @ts-expect-error somehow it thinks that `Server` isn't a `Construtable` } as unknown) as jest.MockedClass, createCookieSessionStorageFactory: jest.fn(), registerOnPreRouting: jest.fn(), diff --git a/src/core/server/http/router/request.test.ts b/src/core/server/http/router/request.test.ts index ac4969789002224..3587c63706ea552 100644 --- a/src/core/server/http/router/request.test.ts +++ b/src/core/server/http/router/request.test.ts @@ -198,6 +198,7 @@ describe('KibanaRequest', () => { const request = httpServerMock.createRawRequest({ route: { settings: { + // @ts-expect-error According to types/hapi__hapi, `auth` can't be a boolean, but it can according to the @hapi/hapi source (https://github.com/hapijs/hapi/blob/v18.4.2/lib/route.js#L139) auth, }, }, @@ -211,6 +212,7 @@ describe('KibanaRequest', () => { const request = httpServerMock.createRawRequest({ route: { settings: { + // @ts-expect-error According to types/hapi__hapi, the `auth` object has to have a `strategies` array, but it doesn't look like it needs it auth, }, }, @@ -225,6 +227,7 @@ describe('KibanaRequest', () => { const request = httpServerMock.createRawRequest({ route: { settings: { + // @ts-expect-error According to types/hapi__hapi, the `auth` object has to have a `strategies` array, but it doesn't look like it needs it auth, }, }, @@ -239,6 +242,7 @@ describe('KibanaRequest', () => { const request = httpServerMock.createRawRequest({ route: { settings: { + // @ts-expect-error According to types/hapi__hapi, the `auth` object has to have a `strategies` array, but it doesn't look like it needs it auth, }, }, @@ -253,6 +257,7 @@ describe('KibanaRequest', () => { const request = httpServerMock.createRawRequest({ route: { settings: { + // @ts-expect-error According to types/hapi__hapi, `auth` can't be a string, but I'm not sure that's true auth, }, }, @@ -268,6 +273,7 @@ describe('KibanaRequest', () => { const request = httpServerMock.createRawRequest({ route: { settings: { + // @ts-expect-error According to types/hapi__hapi, the `auth` object has to have a `strategies` array, but it doesn't look like it needs it auth, }, }, diff --git a/src/core/server/http/router/request.ts b/src/core/server/http/router/request.ts index 5bbdd4bea9a5f1d..65393289552de5c 100644 --- a/src/core/server/http/router/request.ts +++ b/src/core/server/http/router/request.ts @@ -19,7 +19,7 @@ import { URL } from 'url'; import uuid from 'uuid'; -import { Request, RouteOptionsApp, RequestApplicationState } from '@hapi/hapi'; +import { Request, RouteOptionsApp, RequestApplicationState, RouteOptions } from '@hapi/hapi'; import { Observable, fromEvent, merge } from 'rxjs'; import { shareReplay, first, takeUntil } from 'rxjs/operators'; import { RecursiveReadonly } from '@kbn/utility-types'; @@ -260,8 +260,16 @@ export class KibanaRequest< const socketTimeout = (request.raw.req.socket as any)?.timeout; const options = ({ authRequired: this.getAuthRequired(request), - // some places in LP call KibanaRequest.from(request) manually. remove fallback to true before v8 - xsrfRequired: (request.route.settings.app as KibanaRouteOptions)?.xsrfRequired ?? true, + // TypeScript note: Casting to `RouterOptions` to fix the following error: + // + // Property 'app' does not exist on type 'RouteSettings' + // + // In @types/hapi__hapi v18, `request.route.settings` is of type + // `RouteSettings`, which doesn't have an `app` property. I think this is + // a mistake. In v19, the `RouteSettings` interface does have an `app` + // property. + xsrfRequired: + ((request.route.settings as RouteOptions).app as KibanaRouteOptions)?.xsrfRequired ?? true, // some places in LP call KibanaRequest.from(request) manually. remove fallback to true before v8 tags: request.route.settings.tags || [], timeout: { payload: payloadTimeout, @@ -301,6 +309,7 @@ export class KibanaRequest< return true; } + // @ts-expect-error According to @types/hapi__hapi, `route.settings` should be of type `RouteSettings`, but it seems that it's actually `RouteOptions`. if (authOptions === false) return false; throw new Error( `unexpected authentication options: ${JSON.stringify(authOptions)} for route: ${