diff --git a/public/apps/login/login-page.tsx b/public/apps/login/login-page.tsx index 70d894781..cf350a7c1 100644 --- a/public/apps/login/login-page.tsx +++ b/public/apps/login/login-page.tsx @@ -212,7 +212,7 @@ export function LoginPage(props: LoginPageDeps) { ); - if (authOpts.length > 1) { + if (authOpts.length > 0) { if (props.config.auth.anonymous_auth_enabled) { const anonymousConfig = props.config.ui[AuthType.ANONYMOUS].login; formBody.push( diff --git a/server/auth/types/authentication_type.ts b/server/auth/types/authentication_type.ts index 8bde376ac..b5e1a0cb3 100755 --- a/server/auth/types/authentication_type.ts +++ b/server/auth/types/authentication_type.ts @@ -113,6 +113,12 @@ export abstract class AuthenticationType implements IAuthenticationType { const authHeaders = {}; let cookie: SecuritySessionCookie | null | undefined; let authInfo: any | undefined; + + if (this.config.auth.anonymous_auth_enabled) { + const anonymousAuthHeaders = { _auth_request_type_: 'anonymous' }; + Object.assign(authHeaders, anonymousAuthHeaders); + } + // if this is an REST API call, suppose the request includes necessary auth header // see https://www.elastic.co/guide/en/opensearch-dashboards/master/using-api.html if (this.requestIncludesAuthInfo(request)) { @@ -153,10 +159,14 @@ export abstract class AuthenticationType implements IAuthenticationType { if (request.url.pathname && request.url.pathname.startsWith('/bundles/')) { return toolkit.notHandled(); } + console.log('Request is unauthorized'); + console.log(request.url); + console.log(request.route); // send to auth workflow return this.handleUnauthedRequest(request, response, toolkit); } + console.log('we have a cookie: ' + JSON.stringify(cookie)); // extend session expiration time if (this.config.session.keepalive) { @@ -211,6 +221,7 @@ export abstract class AuthenticationType implements IAuthenticationType { } if (!authInfo) { authInfo = await this.securityClient.authinfo(request, authHeaders); + console.log(authInfo); } authState.authInfo = authInfo; diff --git a/server/auth/types/basic/basic_auth.ts b/server/auth/types/basic/basic_auth.ts index f21f86827..5a3e69c4e 100644 --- a/server/auth/types/basic/basic_auth.ts +++ b/server/auth/types/basic/basic_auth.ts @@ -111,21 +111,13 @@ export class BasicAuthentication extends AuthenticationType { request, this.coreSetup.http.basePath.serverBasePath ); - if (this.config.auth.anonymous_auth_enabled) { - const redirectLocation = `${this.coreSetup.http.basePath.serverBasePath}${ANONYMOUS_AUTH_LOGIN}?${nextUrlParam}`; - return response.redirected({ - headers: { - location: `${redirectLocation}`, - }, - }); - } else { - const redirectLocation = `${this.coreSetup.http.basePath.serverBasePath}${LOGIN_PAGE_URI}?${nextUrlParam}`; - return response.redirected({ - headers: { - location: `${redirectLocation}`, - }, - }); - } + + const redirectLocation = `${this.coreSetup.http.basePath.serverBasePath}${LOGIN_PAGE_URI}?${nextUrlParam}`; + return response.redirected({ + headers: { + location: `${redirectLocation}`, + }, + }); } else { return response.unauthorized({ body: `Authentication required`, diff --git a/server/auth/types/basic/routes.ts b/server/auth/types/basic/routes.ts index bae3e338c..a45179b6f 100755 --- a/server/auth/types/basic/routes.ts +++ b/server/auth/types/basic/routes.ts @@ -186,7 +186,9 @@ export class BasicAuthRoutes { } context.security_plugin.logger.info('The Redirect Path is ' + redirectUrl); try { - user = await this.securityClient.authenticateWithHeaders(request, {}); + user = await this.securityClient.authenticateWithHeaders(request, { + _auth_request_type_: 'anonymous', + }); } catch (error) { context.security_plugin.logger.error( `Failed authentication: ${error}. Redirecting to Login Page` @@ -200,6 +202,8 @@ export class BasicAuthRoutes { }); } + console.log('Anon user: ' + JSON.stringify(user)); + this.sessionStorageFactory.asScoped(request).clear(); const sessionStorage: SecuritySessionCookie = { username: user.username, @@ -209,6 +213,7 @@ export class BasicAuthRoutes { }; if (user.multitenancy_enabled) { + request.headers._auth_request_type_ = 'anonymous'; const selectTenant = resolveTenant({ request, username: user.username, diff --git a/server/auth/types/multiple/multi_auth.ts b/server/auth/types/multiple/multi_auth.ts index 2bcc5e1ba..80dc66fec 100644 --- a/server/auth/types/multiple/multi_auth.ts +++ b/server/auth/types/multiple/multi_auth.ts @@ -166,20 +166,13 @@ export class MultipleAuthentication extends AuthenticationType { this.coreSetup.http.basePath.serverBasePath ); - if (this.config.auth.anonymous_auth_enabled) { - const redirectLocation = `${this.coreSetup.http.basePath.serverBasePath}${ANONYMOUS_AUTH_LOGIN}?${nextUrlParam}`; - return response.redirected({ - headers: { - location: `${redirectLocation}`, - }, - }); - } return response.redirected({ headers: { location: `${this.coreSetup.http.basePath.serverBasePath}${LOGIN_PAGE_URI}?${nextUrlParam}`, }, }); } else { + console.log('not a page request'); return response.unauthorized(); } }