Logout should redirect to the login screen at the server base path

[legrego]

Summary

When logging out, the redirection to the login screen should always be at the root of the server's base path.

This fixes the scenario when logging out of any non-Default space would cause the login screen to be rendered at ${serverBasePath}/s/${spaceId}/login, instead of ${serverBasePath}/login

Resolves #56695

[legrego]

@elasticmachine merge upstream

[elasticmachine]

Pinging @elastic/kibana-security (Team:Security)

[jportner]

ACK: reviewing now...

[jportner]

Okay, I determined a problem with this PR, and I also discovered two more bugs.

I believe we should be accounting for two flows:

1. User clicks "Log out" -> user sees Log In screen -> user logs in -> user sees the Space Selection screen
2. User's session expires -> user sees Log In screen -> user logs in -> user sees whatever screen they were on before session timeout

This PR fixes behavior for the former, but breaks behavior for the latter.

Both of these flows currently function by redirecting the user to the "/logout" endpoint. So perhaps we need a flag on that route to determine whether to preserve the current space in the URL or not.

---

Aside from that:

• Session idle timeout is not working (session lasts forever, no matter which page you are on) Idle sessions never expire #57119
• Logging in with a properly-formatted "next" query param doesn't appear to redirect you back to the correct page, you just land on the dashboard Kibana doesn't redirect to correct page after session expiration #57113

I'll open issues for these and investigate.

Edit: I linked the issues above.

[legrego]

Thanks for reviewing and testing!

Both of these flows currently function by redirecting the user to the "/logout" endpoint. So perhaps we need a flag on that route to determine whether to preserve the current space in the URL or not.

I was originally going to fix the front-end "Logout" link, by making sure it always pointed to ${serverBasePath}/logout, but thought fixing it at the source here would be the more correct approach. However, given this breaks the session expiration flow, I think I should revisit this decision and just fix the logout link in the UI. This way session expiration can still remember the previous screen by calling logout from a space-aware context.

Session idle timeout is not working (session lasts forever, no matter which page you are on)
Logging in with a properly-formatted "next" query param doesn't appear to redirect you back to the correct page, you just land on the dashboard

Yikes. I'm surprised we don't have tests for at least the next query param scenario. I know testing idle timeout is rather tricky in an automated fashion in an e2e test

[jportner]

I was originally going to fix the front-end "Logout" link, by making sure it always pointed to ${serverBasePath}/logout, but thought fixing it at the source here would be the more correct approach. However, given this breaks the session expiration flow, I think I should revisit this decision and just fix the logout link in the UI. This way session expiration can still remember the previous screen by calling logout from a space-aware context.

Good idea!

Yikes. I'm surprised we don't have tests for at least the next query param scenario. I know testing idle timeout is rather tricky in an automated fashion in an e2e test

Yeah... if we do have them they might be broken, or if we don't, they need to be added 😛

[legrego]

Flaky test result not related to this PR:

 1) visualize app
12:53:44         
12:53:44           visual builder
12:53:44             switch index patterns
12:53:44               should be able to switch between index patterns:
12:53:44       Error: retry.try timeout: TimeoutError: Waiting for element to be located By(css selector, .euiFilterSelectItem)
12:53:44  Wait timed out after 18009ms
12:53:44      at /dev/shm/workspace/kibana/node_modules/selenium-webdriver/lib/webdriver.js:841:17
12:53:44      at process._tickCallback (internal/process/next_tick.js:68:7)
12:53:44        at onFailure (test/common/services/retry/retry_for_success.ts:28:9)
12:53:44        at retryForSuccess (test/common/services/retry/retry_for_success.ts:68:13)
12:53:44  
12:53:44                   └- ✖ fail: "visualize app  visual builder switch index patterns should be able to switch between index patterns"
12:53:44                   │
12:53:44                 └-> "after all" hook
12:53:44                 └-> "after all" hook
12:53:44               └-> "after all" hook
12:53:44             └-> "after all" hook
12:53:44           └-> "after all" hook

[jportner]

LGTM!

[legrego]

@elasticmachine merge upstream

[kibanamachine]

💚 Build Succeeded

• continuous-integration/kibana-ci/pull-request
• Commit: 481120b

History

• 💚 Build #25380 succeeded 97ed15d
• 💛 Build #25286 was flaky d016110
• 💚 Build #24940 succeeded e5ca14a
• 💚 Build #24399 succeeded c80716b

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream