Better message for unanticipated authorisation errors #113460
Conversation
thomheymann
added
release_note:fix
Team:Security
| { | ||
| type: LoginFormMessageType.Info, | ||
| content: i18n.translate('xpack.security.login.authenticationErrorDescription', { | ||
| defaultMessage: 'An unexpected authentication error occured. Please log in again.', |
There was a problem hiding this comment.
Nit:
| defaultMessage: 'An unexpected authentication error occured. Please log in again.', | |
| defaultMessage: 'An unexpected authentication error occurred. Please log in again.', |
| @@ -32,11 +32,11 @@ const getProviderParameter = (tenant: string) => { | |||
| export class SessionExpired { | |||
| constructor(private logoutUrl: string, private tenant: string) {} | |||
|
|
|||
| logout() { | |||
| logout(reason = 'SESSION_EXPIRED') { | |||
There was a problem hiding this comment.
We are the only consumer of this module --
What do you think about making this argument required so we don't accidentally run into the same problem in the future?
| logout(reason = 'SESSION_EXPIRED') { | |
| logout(reason: 'SESSION_EXPIRED' | 'AUTHENTICATION_ERROR') { // see LoginPage component for valid reasons |
There was a problem hiding this comment.
Agreed but making this argument required isn't going to solve the problem that logout reasons aren't typed and we can't guarantee that we have translated messages for each logout reason. I'll refactor this properly.
There was a problem hiding this comment.
Just for posterity, I tested locally. Here's what I did:
- Configure
xpack.security.session.idleTImeout: 90s, log in, and allow the session to time out - kicks you back to the login page with the existing session timeout message as expected:
- Log in, delete my cookie, and navigate to a different page in Kibana - as soon as an XHR request is made, the client receives a 401 error and kicks you back to the login page with the new message as expected:
One nit below, otherwise LGTM!
| @@ -513,7 +513,7 @@ export class LoginForm extends Component<Props, State> { | |||
| ); | |||
|
|
|||
| window.location.href = location; | |||
| } catch (err) { | |||
| } catch (err: any) { | |||
There was a problem hiding this comment.
Nit: was this change needed? err is already inferred to be of any type, correct?
If we can remove this, we should. We collect stats on explicit usage of any in Kibana and we want to minimize that wherever possible.
| } catch (err: any) { | |
| } catch (err) { |
There was a problem hiding this comment.
typescript complained since err can now be any or undefined so has to be explicitly set to any 🙄
| const query = parse(window.location.href, true).query; | ||
| const { searchParams } = new URL(window.location.href); | ||
|
|
||
| return ( | ||
| <LoginForm | ||
| http={this.props.http} | ||
| notifications={this.props.notifications} | ||
| selector={selector} | ||
| // @ts-expect-error Map.get is ok with getting `undefined` | ||
| message={messageMap.get(query[LOGOUT_REASON_QUERY_STRING_PARAMETER]?.toString())} | ||
| message={ | ||
| loginFormMessages[searchParams.get(LOGOUT_REASON_QUERY_STRING_PARAMETER) as LogoutReason] | ||
| } | ||
| loginAssistanceMessage={this.props.loginAssistanceMessage} | ||
| loginHelp={loginHelp} | ||
| authProviderHint={query[AUTH_PROVIDER_HINT_QUERY_STRING_PARAMETER]?.toString()} | ||
| authProviderHint={searchParams.get(AUTH_PROVIDER_HINT_QUERY_STRING_PARAMETER) || undefined} |
There was a problem hiding this comment.
Oh, @thomheymann I am guessing this change is what caused the async chunks to increase:
Async chunks
Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app
I'm a bit on the fence, we eventually want to get rid of our usage of the url module completely, but maybe we should take this change out until we can change URL parsing in the rest of the plugin (see is_internal_url.ts and parse_next.ts). WDYT?
There was a problem hiding this comment.
Actually I don't think using the WHATWG URL API is causing the extra async chunk. It might be the new LogoutReason enum added to the common module. I'll do some experimenting to see
There was a problem hiding this comment.
That's strange, if anything I'd expect the bundle size to go down since we're not including url module anymore.
|
@elastic/kibana-operations I'm trying to figure out what is causing the async chunk size to increase so drastically. From the build metrics above:
I am not sure what could be causing this.
This seems to have caused a 27K increase in total async chunks. Referencing the Keep Kibana fast page in the docs, I ran this command to get the metrics with and without Thom's changes: I've attached them here: However, I can't make heads or tails of this when trying to compare before/after. It appears that the chunks have been reordered have lots of different contents (see Thoughts? Is there anything obvious we can do to prevent this 27K increase in async chunk size? |
I did a bit more digging on this, it doesn't seem like there is an easy fix we can implement today. It may involve extensive refactoring. I opened a separate ER for this: #113670 In the meantime I think we can merge this PR and move on with our lives 👍 |
|
@elasticmachine merge upstream |
|
@elasticmachine merge upstream |
💚 Build SucceededMetrics [docs]Module Count
Async chunks
Page load bundle
History
To update your PR or re-run it, just comment with: |
I wouldn't worry about it too much. The async chunks are calculated to reduce the amount of load operations and can sometimes include duplicated code so that one chunk can load instead of another. The changes in the import graph are sometimes impossible for us to understand and the total "async chunk size" only represents the size of assets that would be loaded if every async load was deemed necessary (which is highly unlikely). |
* Custom message for unanticipated 401 errors * Refactor logout reasons * Fix types Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
💚 Backport successful
This backport PR will be merged automatically after passing CI. |
Resolves #111551
Release note
Add custom error message when receiving 401 response to avoid confusion with Kibana session timeout.