forked from elastic/kibana
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[security] Support alternate auth providers for login (elastic#26979)
Login is no longer coupled directly to our basic auth provider, so alternative auth providers can now be used with our standard login flow. The LoginAttempt request service is the mechanism for auth providers to integrate with the login flow.
- Loading branch information
Showing
12 changed files
with
302 additions
and
94 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
38 changes: 38 additions & 0 deletions
38
x-pack/plugins/security/server/lib/authentication/__tests__/login_attempt.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License; | ||
* you may not use this file except in compliance with the Elastic License. | ||
*/ | ||
|
||
import expect from 'expect.js'; | ||
|
||
import { LoginAttempt } from '../login_attempt'; | ||
|
||
describe('LoginAttempt', () => { | ||
describe('getCredentials()', () => { | ||
it('returns null by default', () => { | ||
const attempt = new LoginAttempt(); | ||
expect(attempt.getCredentials()).to.be(null); | ||
}); | ||
|
||
it('returns a credentials object after credentials are set', () => { | ||
const attempt = new LoginAttempt(); | ||
attempt.setCredentials('foo', 'bar'); | ||
expect(attempt.getCredentials()).to.eql({ username: 'foo', password: 'bar' }); | ||
}); | ||
}); | ||
|
||
describe('setCredentials()', () => { | ||
it('sets the credentials for this login attempt', () => { | ||
const attempt = new LoginAttempt(); | ||
attempt.setCredentials('foo', 'bar'); | ||
expect(attempt.getCredentials()).to.eql({ username: 'foo', password: 'bar' }); | ||
}); | ||
|
||
it('throws if credentials have already been set', () => { | ||
const attempt = new LoginAttempt(); | ||
attempt.setCredentials('foo', 'bar'); | ||
expect(() => attempt.setCredentials()).to.throwError('Credentials for login attempt have already been set'); | ||
}); | ||
}); | ||
}); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
48 changes: 48 additions & 0 deletions
48
x-pack/plugins/security/server/lib/authentication/login_attempt.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License; | ||
* you may not use this file except in compliance with the Elastic License. | ||
*/ | ||
|
||
/** | ||
* Object that represents login credentials | ||
* @typedef {{ | ||
* username: string, | ||
* password: string | ||
* }} LoginCredentials | ||
*/ | ||
|
||
/** | ||
* A LoginAttempt represents a single attempt to provide login credentials. | ||
* Once credentials are set, they cannot be changed. | ||
*/ | ||
export class LoginAttempt { | ||
/** | ||
* Username and password for login | ||
* @type {?LoginCredentials} | ||
* @protected | ||
*/ | ||
_credentials = null; | ||
|
||
/** | ||
* Gets the username and password for this login | ||
* @returns {LoginCredentials} | ||
*/ | ||
getCredentials() { | ||
return this._credentials; | ||
} | ||
|
||
/** | ||
* Sets the username and password for this login | ||
* @param {string} username | ||
* @param {string} password | ||
* @returns {LoginCredentials} | ||
*/ | ||
setCredentials(username, password) { | ||
if (this._credentials) { | ||
throw new Error('Credentials for login attempt have already been set'); | ||
} | ||
|
||
this._credentials = { username, password }; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.