diff --git a/x-pack/legacy/plugins/reporting/index.ts b/x-pack/legacy/plugins/reporting/index.ts index 3fb297cb8d82ce..d38e19dee2ef2d 100644 --- a/x-pack/legacy/plugins/reporting/index.ts +++ b/x-pack/legacy/plugins/reporting/index.ts @@ -4,21 +4,21 @@ * you may not use this file except in compliance with the Elastic License. */ -import { resolve } from 'path'; import { i18n } from '@kbn/i18n'; import { Legacy } from 'kibana'; import { IUiSettingsClient } from 'kibana/server'; +import { resolve } from 'path'; +import { PluginStart as DataPluginStart } from '../../../../src/plugins/data/server'; +import { PluginSetupContract as SecurityPluginSetup } from '../../../plugins/security/server'; import { PLUGIN_ID, UI_SETTINGS_CUSTOM_PDF_LOGO } from './common/constants'; -import { ReportingConfigOptions, ReportingPluginSpecOptions } from './types.d'; import { config as reportingConfig } from './config'; import { LegacySetup, ReportingPlugin, - ReportingSetupDeps, reportingPluginFactory, + ReportingSetupDeps, } from './server/plugin'; - -import { PluginStart as DataPluginStart } from '../../../../src/plugins/data/server'; +import { ReportingConfigOptions, ReportingPluginSpecOptions } from './types.d'; const kbToBase64Length = (kb: number) => { return Math.floor((kb * 1024 * 8) / 6); @@ -75,6 +75,7 @@ export const reporting = (kibana: any) => { async init(server: Legacy.Server) { const coreSetup = server.newPlatform.setup.core; const pluginsSetup: ReportingSetupDeps = { + security: server.newPlatform.setup.plugins.security as SecurityPluginSetup, usageCollection: server.newPlatform.setup.plugins.usageCollection, }; @@ -92,7 +93,6 @@ export const reporting = (kibana: any) => { plugins: { elasticsearch: server.plugins.elasticsearch, xpack_main: server.plugins.xpack_main, - security: server.plugins.security, }, savedObjects: server.savedObjects, fieldFormatServiceFactory, diff --git a/x-pack/legacy/plugins/reporting/server/lib/get_user.ts b/x-pack/legacy/plugins/reporting/server/lib/get_user.ts index 9ee8d9a835c89e..350004ddb78f80 100644 --- a/x-pack/legacy/plugins/reporting/server/lib/get_user.ts +++ b/x-pack/legacy/plugins/reporting/server/lib/get_user.ts @@ -5,19 +5,25 @@ */ import { Legacy } from 'kibana'; +import { KibanaRequest } from '../../../../../../src/core/server'; import { Logger, ServerFacade } from '../../types'; +import { ReportingSetupDeps } from '../plugin'; -export function getUserFactory(server: ServerFacade, logger: Logger) { +export function getUserFactory( + server: ServerFacade, + security: ReportingSetupDeps['security'], + logger: Logger +) { /* * Legacy.Request because this is called from routing middleware */ return async (request: Legacy.Request) => { - if (!server.plugins.security) { + if (!security) { return null; } try { - return await server.plugins.security.getUser(request); + return await security.authc.getCurrentUser(KibanaRequest.from(request)); } catch (err) { logger.error(err, ['getUser']); return null; diff --git a/x-pack/legacy/plugins/reporting/server/plugin.ts b/x-pack/legacy/plugins/reporting/server/plugin.ts index 42ef5c3df182e6..cf66ec74969cae 100644 --- a/x-pack/legacy/plugins/reporting/server/plugin.ts +++ b/x-pack/legacy/plugins/reporting/server/plugin.ts @@ -7,6 +7,7 @@ import { Legacy } from 'kibana'; import { CoreSetup, CoreStart, Plugin, LoggerFactory } from 'src/core/server'; import { UsageCollectionSetup } from 'src/plugins/usage_collection/server'; +import { PluginSetupContract as SecurityPluginSetup } from '../../../../plugins/security/server'; import { XPackMainPlugin } from '../../xpack_main/server/xpack_main'; // @ts-ignore import { mirrorPluginStatus } from '../../../server/lib/mirror_plugin_status'; @@ -29,6 +30,7 @@ export type ReportingStart = object; export interface ReportingSetupDeps { usageCollection: UsageCollectionSetup; + security: SecurityPluginSetup; } export type ReportingStartDeps = object; @@ -39,7 +41,6 @@ export interface LegacySetup { info: Legacy.Server['info']; plugins: { elasticsearch: LegacyPlugins['elasticsearch']; - security: LegacyPlugins['security']; xpack_main: XPackMainPlugin & { status?: any; }; @@ -105,7 +106,7 @@ export function reportingPluginFactory( isCollectorReady = true; // Reporting routes - registerRoutes(__LEGACY, exportTypesRegistry, browserDriverFactory, logger); + registerRoutes(__LEGACY, plugins, exportTypesRegistry, browserDriverFactory, logger); return {}; } diff --git a/x-pack/legacy/plugins/reporting/server/routes/generate_from_jobparams.ts b/x-pack/legacy/plugins/reporting/server/routes/generate_from_jobparams.ts index d920015c4290c0..ed761b1e684ae2 100644 --- a/x-pack/legacy/plugins/reporting/server/routes/generate_from_jobparams.ts +++ b/x-pack/legacy/plugins/reporting/server/routes/generate_from_jobparams.ts @@ -4,24 +4,26 @@ * you may not use this file except in compliance with the Elastic License. */ -import { Legacy } from 'kibana'; import boom from 'boom'; import Joi from 'joi'; +import { Legacy } from 'kibana'; import rison from 'rison-node'; import { API_BASE_URL } from '../../common/constants'; -import { ServerFacade, ReportingResponseToolkit, Logger } from '../../types'; +import { Logger, ReportingResponseToolkit, ServerFacade } from '../../types'; +import { ReportingSetupDeps } from '../plugin'; +import { makeRequestFacade } from './lib/make_request_facade'; import { - getRouteConfigFactoryReportingPre, GetRouteConfigFactoryFn, + getRouteConfigFactoryReportingPre, RouteConfigFactory, } from './lib/route_config_factories'; -import { makeRequestFacade } from './lib/make_request_facade'; import { HandlerErrorFunction, HandlerFunction } from './types'; const BASE_GENERATE = `${API_BASE_URL}/generate`; export function registerGenerateFromJobParams( server: ServerFacade, + plugins: ReportingSetupDeps, handler: HandlerFunction, handleError: HandlerErrorFunction, logger: Logger @@ -29,6 +31,7 @@ export function registerGenerateFromJobParams( const getRouteConfig = () => { const getOriginalRouteConfig: GetRouteConfigFactoryFn = getRouteConfigFactoryReportingPre( server, + plugins, logger ); const routeConfigFactory: RouteConfigFactory = getOriginalRouteConfig( diff --git a/x-pack/legacy/plugins/reporting/server/routes/generate_from_savedobject.ts b/x-pack/legacy/plugins/reporting/server/routes/generate_from_savedobject.ts index 0da8e40ea29c0f..8696f36a45c620 100644 --- a/x-pack/legacy/plugins/reporting/server/routes/generate_from_savedobject.ts +++ b/x-pack/legacy/plugins/reporting/server/routes/generate_from_savedobject.ts @@ -7,11 +7,12 @@ import { Legacy } from 'kibana'; import { get } from 'lodash'; import { API_BASE_GENERATE_V1, CSV_FROM_SAVEDOBJECT_JOB_TYPE } from '../../common/constants'; -import { ServerFacade, ReportingResponseToolkit, Logger } from '../../types'; -import { HandlerErrorFunction, HandlerFunction, QueuedJobPayload } from './types'; -import { getRouteOptionsCsv } from './lib/route_config_factories'; -import { makeRequestFacade } from './lib/make_request_facade'; import { getJobParamsFromRequest } from '../../export_types/csv_from_savedobject/server/lib/get_job_params_from_request'; +import { Logger, ReportingResponseToolkit, ServerFacade } from '../../types'; +import { ReportingSetupDeps } from '../plugin'; +import { makeRequestFacade } from './lib/make_request_facade'; +import { getRouteOptionsCsv } from './lib/route_config_factories'; +import { HandlerErrorFunction, HandlerFunction, QueuedJobPayload } from './types'; /* * This function registers API Endpoints for queuing Reporting jobs. The API inputs are: @@ -24,11 +25,12 @@ import { getJobParamsFromRequest } from '../../export_types/csv_from_savedobject */ export function registerGenerateCsvFromSavedObject( server: ServerFacade, + plugins: ReportingSetupDeps, handleRoute: HandlerFunction, handleRouteError: HandlerErrorFunction, logger: Logger ) { - const routeOptions = getRouteOptionsCsv(server, logger); + const routeOptions = getRouteOptionsCsv(server, plugins, logger); server.route({ path: `${API_BASE_GENERATE_V1}/csv/saved-object/{savedObjectType}:{savedObjectId}`, diff --git a/x-pack/legacy/plugins/reporting/server/routes/generate_from_savedobject_immediate.ts b/x-pack/legacy/plugins/reporting/server/routes/generate_from_savedobject_immediate.ts index 60799b20ce4205..f3ed760bba4302 100644 --- a/x-pack/legacy/plugins/reporting/server/routes/generate_from_savedobject_immediate.ts +++ b/x-pack/legacy/plugins/reporting/server/routes/generate_from_savedobject_immediate.ts @@ -7,18 +7,19 @@ import { Legacy } from 'kibana'; import { API_BASE_GENERATE_V1 } from '../../common/constants'; import { createJobFactory, executeJobFactory } from '../../export_types/csv_from_savedobject'; +import { getJobParamsFromRequest } from '../../export_types/csv_from_savedobject/server/lib/get_job_params_from_request'; +import { JobDocPayloadPanelCsv } from '../../export_types/csv_from_savedobject/types'; import { - ServerFacade, - ResponseFacade, HeadlessChromiumDriverFactory, - ReportingResponseToolkit, - Logger, JobDocOutput, + Logger, + ReportingResponseToolkit, + ResponseFacade, + ServerFacade, } from '../../types'; -import { JobDocPayloadPanelCsv } from '../../export_types/csv_from_savedobject/types'; -import { getJobParamsFromRequest } from '../../export_types/csv_from_savedobject/server/lib/get_job_params_from_request'; -import { getRouteOptionsCsv } from './lib/route_config_factories'; +import { ReportingSetupDeps } from '../plugin'; import { makeRequestFacade } from './lib/make_request_facade'; +import { getRouteOptionsCsv } from './lib/route_config_factories'; /* * This function registers API Endpoints for immediate Reporting jobs. The API inputs are: @@ -31,9 +32,10 @@ import { makeRequestFacade } from './lib/make_request_facade'; */ export function registerGenerateCsvFromSavedObjectImmediate( server: ServerFacade, + plugins: ReportingSetupDeps, parentLogger: Logger ) { - const routeOptions = getRouteOptionsCsv(server, parentLogger); + const routeOptions = getRouteOptionsCsv(server, plugins, parentLogger); /* * CSV export with the `immediate` option does not queue a job with Reporting's ESQueue to run the job async. Instead, this does: diff --git a/x-pack/legacy/plugins/reporting/server/routes/generation.ts b/x-pack/legacy/plugins/reporting/server/routes/generation.ts index 2a3102d0dd1590..3c9ef6987b2d95 100644 --- a/x-pack/legacy/plugins/reporting/server/routes/generation.ts +++ b/x-pack/legacy/plugins/reporting/server/routes/generation.ts @@ -8,20 +8,22 @@ import boom from 'boom'; import { Legacy } from 'kibana'; import { API_BASE_URL } from '../../common/constants'; import { - ServerFacade, ExportTypesRegistry, HeadlessChromiumDriverFactory, - ReportingResponseToolkit, Logger, + ReportingResponseToolkit, + ServerFacade, } from '../../types'; +import { createQueueFactory, enqueueJobFactory } from '../lib'; +import { ReportingSetupDeps } from '../plugin'; import { registerGenerateFromJobParams } from './generate_from_jobparams'; import { registerGenerateCsvFromSavedObject } from './generate_from_savedobject'; import { registerGenerateCsvFromSavedObjectImmediate } from './generate_from_savedobject_immediate'; -import { createQueueFactory, enqueueJobFactory } from '../lib'; import { makeRequestFacade } from './lib/make_request_facade'; export function registerJobGenerationRoutes( server: ServerFacade, + plugins: ReportingSetupDeps, exportTypesRegistry: ExportTypesRegistry, browserDriverFactory: HeadlessChromiumDriverFactory, logger: Logger @@ -73,11 +75,11 @@ export function registerJobGenerationRoutes( return err; } - registerGenerateFromJobParams(server, handler, handleError, logger); + registerGenerateFromJobParams(server, plugins, handler, handleError, logger); // Register beta panel-action download-related API's if (config.get('xpack.reporting.csv.enablePanelActionDownload')) { - registerGenerateCsvFromSavedObject(server, handler, handleError, logger); - registerGenerateCsvFromSavedObjectImmediate(server, logger); + registerGenerateCsvFromSavedObject(server, plugins, handler, handleError, logger); + registerGenerateCsvFromSavedObjectImmediate(server, plugins, logger); } } diff --git a/x-pack/legacy/plugins/reporting/server/routes/index.ts b/x-pack/legacy/plugins/reporting/server/routes/index.ts index da664dcb91ae44..4cfa9dd465eabf 100644 --- a/x-pack/legacy/plugins/reporting/server/routes/index.ts +++ b/x-pack/legacy/plugins/reporting/server/routes/index.ts @@ -5,20 +5,22 @@ */ import { - ServerFacade, ExportTypesRegistry, HeadlessChromiumDriverFactory, Logger, + ServerFacade, } from '../../types'; +import { ReportingSetupDeps } from '../plugin'; import { registerJobGenerationRoutes } from './generation'; import { registerJobInfoRoutes } from './jobs'; export function registerRoutes( server: ServerFacade, + plugins: ReportingSetupDeps, exportTypesRegistry: ExportTypesRegistry, browserDriverFactory: HeadlessChromiumDriverFactory, logger: Logger ) { - registerJobGenerationRoutes(server, exportTypesRegistry, browserDriverFactory, logger); - registerJobInfoRoutes(server, exportTypesRegistry, logger); + registerJobGenerationRoutes(server, plugins, exportTypesRegistry, browserDriverFactory, logger); + registerJobInfoRoutes(server, plugins, exportTypesRegistry, logger); } diff --git a/x-pack/legacy/plugins/reporting/server/routes/jobs.test.js b/x-pack/legacy/plugins/reporting/server/routes/jobs.test.js index a5d75ef32af245..c9d4f9fc027be3 100644 --- a/x-pack/legacy/plugins/reporting/server/routes/jobs.test.js +++ b/x-pack/legacy/plugins/reporting/server/routes/jobs.test.js @@ -54,6 +54,10 @@ beforeEach(() => { }; }); +const mockPlugins = { + security: null, +}; + const getHits = (...sources) => { return { hits: { @@ -67,7 +71,7 @@ test(`returns 404 if job not found`, async () => { .getCluster('admin') .callWithInternalUser.mockReturnValue(Promise.resolve(getHits())); - registerJobInfoRoutes(mockServer, exportTypesRegistry, mockLogger); + registerJobInfoRoutes(mockServer, mockPlugins, exportTypesRegistry, mockLogger); const request = { method: 'GET', @@ -84,7 +88,7 @@ test(`returns 401 if not valid job type`, async () => { .getCluster('admin') .callWithInternalUser.mockReturnValue(Promise.resolve(getHits({ jobtype: 'invalidJobType' }))); - registerJobInfoRoutes(mockServer, exportTypesRegistry, mockLogger); + registerJobInfoRoutes(mockServer, mockPlugins, exportTypesRegistry, mockLogger); const request = { method: 'GET', @@ -103,7 +107,7 @@ describe(`when job is incomplete`, () => { Promise.resolve(getHits({ jobtype: 'unencodedJobType', status: 'pending' })) ); - registerJobInfoRoutes(mockServer, exportTypesRegistry, mockLogger); + registerJobInfoRoutes(mockServer, mockPlugins, exportTypesRegistry, mockLogger); const request = { method: 'GET', @@ -145,7 +149,7 @@ describe(`when job is failed`, () => { .getCluster('admin') .callWithInternalUser.mockReturnValue(Promise.resolve(hits)); - registerJobInfoRoutes(mockServer, exportTypesRegistry, mockLogger); + registerJobInfoRoutes(mockServer, mockPlugins, exportTypesRegistry, mockLogger); const request = { method: 'GET', @@ -190,7 +194,7 @@ describe(`when job is completed`, () => { .getCluster('admin') .callWithInternalUser.mockReturnValue(Promise.resolve(hits)); - registerJobInfoRoutes(mockServer, exportTypesRegistry, mockLogger); + registerJobInfoRoutes(mockServer, mockPlugins, exportTypesRegistry, mockLogger); const request = { method: 'GET', diff --git a/x-pack/legacy/plugins/reporting/server/routes/jobs.ts b/x-pack/legacy/plugins/reporting/server/routes/jobs.ts index 049ee0ce20ceb7..f9b731db5a702b 100644 --- a/x-pack/legacy/plugins/reporting/server/routes/jobs.ts +++ b/x-pack/legacy/plugins/reporting/server/routes/jobs.ts @@ -5,25 +5,26 @@ */ import Boom from 'boom'; -import { Legacy } from 'kibana'; import { ResponseObject } from 'hapi'; +import { Legacy } from 'kibana'; import { API_BASE_URL } from '../../common/constants'; import { - ServerFacade, ExportTypesRegistry, - Logger, - ReportingResponseToolkit, JobDocOutput, JobSource, ListQuery, + Logger, + ReportingResponseToolkit, + ServerFacade, } from '../../types'; import { jobsQueryFactory } from '../lib/jobs_query'; +import { ReportingSetupDeps } from '../plugin'; import { jobResponseHandlerFactory } from './lib/job_response_handler'; +import { makeRequestFacade } from './lib/make_request_facade'; import { getRouteConfigFactoryDownloadPre, getRouteConfigFactoryManagementPre, } from './lib/route_config_factories'; -import { makeRequestFacade } from './lib/make_request_facade'; const MAIN_ENTRY = `${API_BASE_URL}/jobs`; @@ -33,12 +34,13 @@ function isResponse(response: Boom | ResponseObject): response is Response export function registerJobInfoRoutes( server: ServerFacade, + plugins: ReportingSetupDeps, exportTypesRegistry: ExportTypesRegistry, logger: Logger ) { const jobsQuery = jobsQueryFactory(server); - const getRouteConfig = getRouteConfigFactoryManagementPre(server, logger); - const getRouteConfigDownload = getRouteConfigFactoryDownloadPre(server, logger); + const getRouteConfig = getRouteConfigFactoryManagementPre(server, plugins, logger); + const getRouteConfigDownload = getRouteConfigFactoryDownloadPre(server, plugins, logger); // list jobs in the queue, paginated server.route({ diff --git a/x-pack/legacy/plugins/reporting/server/routes/lib/authorized_user_pre_routing.test.js b/x-pack/legacy/plugins/reporting/server/routes/lib/authorized_user_pre_routing.test.js index 841f753f0c09b4..3460d22592e3db 100644 --- a/x-pack/legacy/plugins/reporting/server/routes/lib/authorized_user_pre_routing.test.js +++ b/x-pack/legacy/plugins/reporting/server/routes/lib/authorized_user_pre_routing.test.js @@ -4,7 +4,6 @@ * you may not use this file except in compliance with the Elastic License. */ -import expect from '@kbn/expect'; import { authorizedUserPreRoutingFactory } from './authorized_user_pre_routing'; describe('authorized_user_pre_routing', function() { @@ -60,41 +59,88 @@ describe('authorized_user_pre_routing', function() { return mockServer; }; })(); - const getMockLogger = () => ({ warn: jest.fn() }); + + const mockRequestRaw = { + body: {}, + events: {}, + headers: {}, + isSystemRequest: false, + params: {}, + query: {}, + route: { settings: { payload: 'abc' }, options: { authRequired: true, body: {}, tags: [] } }, + withoutSecretHeaders: true, + }; + const getMockRequest = () => ({ + ...mockRequestRaw, + raw: { req: mockRequestRaw }, + }); + + const getMockPlugins = pluginSet => { + return pluginSet || { security: null }; + }; + + const getMockLogger = () => ({ + warn: jest.fn(), + error: msg => { + throw new Error(msg); + }, + }); it('should return with boom notFound when xpackInfo is undefined', async function() { const mockServer = createMockServer({ xpackInfoUndefined: true }); - const authorizedUserPreRouting = authorizedUserPreRoutingFactory(mockServer, getMockLogger()); - const response = await authorizedUserPreRouting({}); - expect(response.isBoom).to.be(true); - expect(response.output.statusCode).to.be(404); + const authorizedUserPreRouting = authorizedUserPreRoutingFactory( + mockServer, + getMockPlugins(), + getMockLogger() + ); + const response = await authorizedUserPreRouting(getMockRequest()); + expect(response.isBoom).toBe(true); + expect(response.output.statusCode).toBe(404); }); it(`should return with boom notFound when xpackInfo isn't available`, async function() { const mockServer = createMockServer({ xpackInfoAvailable: false }); - const authorizedUserPreRouting = authorizedUserPreRoutingFactory(mockServer, getMockLogger()); - const response = await authorizedUserPreRouting(); - expect(response.isBoom).to.be(true); - expect(response.output.statusCode).to.be(404); + const authorizedUserPreRouting = authorizedUserPreRoutingFactory( + mockServer, + getMockPlugins(), + getMockLogger() + ); + const response = await authorizedUserPreRouting(getMockRequest()); + expect(response.isBoom).toBe(true); + expect(response.output.statusCode).toBe(404); }); it('should return with null user when security is disabled in Elasticsearch', async function() { const mockServer = createMockServer({ securityEnabled: false }); - const authorizedUserPreRouting = authorizedUserPreRoutingFactory(mockServer, getMockLogger()); - const response = await authorizedUserPreRouting(); - expect(response).to.be(null); + const authorizedUserPreRouting = authorizedUserPreRoutingFactory( + mockServer, + getMockPlugins(), + getMockLogger() + ); + const response = await authorizedUserPreRouting(getMockRequest()); + expect(response).toBe(null); }); it('should return with boom unauthenticated when security is enabled but no authenticated user', async function() { - const mockServer = createMockServer({ user: null }); + const mockServer = createMockServer({ + user: null, + config: { 'xpack.reporting.roles.allow': ['.reporting_user'] }, + }); + const mockPlugins = getMockPlugins({ + security: { authc: { getCurrentUser: () => null } }, + }); - const authorizedUserPreRouting = authorizedUserPreRoutingFactory(mockServer, getMockLogger()); - const response = await authorizedUserPreRouting(); - expect(response.isBoom).to.be(true); - expect(response.output.statusCode).to.be(401); + const authorizedUserPreRouting = authorizedUserPreRoutingFactory( + mockServer, + mockPlugins, + getMockLogger() + ); + const response = await authorizedUserPreRouting(getMockRequest()); + expect(response.isBoom).toBe(true); + expect(response.output.statusCode).toBe(401); }); it(`should return with boom forbidden when security is enabled but user doesn't have allowed role`, async function() { @@ -102,11 +148,18 @@ describe('authorized_user_pre_routing', function() { user: { roles: [] }, config: { 'xpack.reporting.roles.allow': ['.reporting_user'] }, }); + const mockPlugins = getMockPlugins({ + security: { authc: { getCurrentUser: () => ({ roles: ['something_else'] }) } }, + }); - const authorizedUserPreRouting = authorizedUserPreRoutingFactory(mockServer, getMockLogger()); - const response = await authorizedUserPreRouting(); - expect(response.isBoom).to.be(true); - expect(response.output.statusCode).to.be(403); + const authorizedUserPreRouting = authorizedUserPreRoutingFactory( + mockServer, + mockPlugins, + getMockLogger() + ); + const response = await authorizedUserPreRouting(getMockRequest()); + expect(response.isBoom).toBe(true); + expect(response.output.statusCode).toBe(403); }); it('should return with user when security is enabled and user has explicitly allowed role', async function() { @@ -115,10 +168,19 @@ describe('authorized_user_pre_routing', function() { user, config: { 'xpack.reporting.roles.allow': ['.reporting_user'] }, }); + const mockPlugins = getMockPlugins({ + security: { + authc: { getCurrentUser: () => ({ roles: ['.reporting_user', 'something_else'] }) }, + }, + }); - const authorizedUserPreRouting = authorizedUserPreRoutingFactory(mockServer, getMockLogger()); - const response = await authorizedUserPreRouting(); - expect(response).to.be(user); + const authorizedUserPreRouting = authorizedUserPreRoutingFactory( + mockServer, + mockPlugins, + getMockLogger() + ); + const response = await authorizedUserPreRouting(getMockRequest()); + expect(response).toEqual(user); }); it('should return with user when security is enabled and user has superuser role', async function() { @@ -127,9 +189,16 @@ describe('authorized_user_pre_routing', function() { user, config: { 'xpack.reporting.roles.allow': [] }, }); + const mockPlugins = getMockPlugins({ + security: { authc: { getCurrentUser: () => ({ roles: ['superuser', 'something_else'] }) } }, + }); - const authorizedUserPreRouting = authorizedUserPreRoutingFactory(mockServer, getMockLogger()); - const response = await authorizedUserPreRouting(); - expect(response).to.be(user); + const authorizedUserPreRouting = authorizedUserPreRoutingFactory( + mockServer, + mockPlugins, + getMockLogger() + ); + const response = await authorizedUserPreRouting(getMockRequest()); + expect(response).toEqual(user); }); }); diff --git a/x-pack/legacy/plugins/reporting/server/routes/lib/authorized_user_pre_routing.ts b/x-pack/legacy/plugins/reporting/server/routes/lib/authorized_user_pre_routing.ts index 906f266290a421..874027251570c3 100644 --- a/x-pack/legacy/plugins/reporting/server/routes/lib/authorized_user_pre_routing.ts +++ b/x-pack/legacy/plugins/reporting/server/routes/lib/authorized_user_pre_routing.ts @@ -7,8 +7,9 @@ import Boom from 'boom'; import { Legacy } from 'kibana'; import { AuthenticatedUser } from '../../../../../../plugins/security/server'; +import { Logger, ServerFacade } from '../../../types'; import { getUserFactory } from '../../lib/get_user'; -import { ServerFacade, Logger } from '../../../types'; +import { ReportingSetupDeps } from '../../plugin'; const superuserRole = 'superuser'; @@ -18,9 +19,10 @@ export type PreRoutingFunction = ( export const authorizedUserPreRoutingFactory = function authorizedUserPreRoutingFn( server: ServerFacade, + plugins: ReportingSetupDeps, logger: Logger ) { - const getUser = getUserFactory(server, logger); + const getUser = getUserFactory(server, plugins.security, logger); const config = server.config(); return async function authorizedUserPreRouting(request: Legacy.Request) { diff --git a/x-pack/legacy/plugins/reporting/server/routes/lib/get_document_payload.ts b/x-pack/legacy/plugins/reporting/server/routes/lib/get_document_payload.ts index 1c0566100e1977..fb3944ea33552f 100644 --- a/x-pack/legacy/plugins/reporting/server/routes/lib/get_document_payload.ts +++ b/x-pack/legacy/plugins/reporting/server/routes/lib/get_document_payload.ts @@ -4,17 +4,17 @@ * you may not use this file except in compliance with the Elastic License. */ -import * as _ from 'lodash'; // @ts-ignore import contentDisposition from 'content-disposition'; +import * as _ from 'lodash'; +import { CSV_JOB_TYPE } from '../../../common/constants'; import { - ServerFacade, - ExportTypesRegistry, ExportTypeDefinition, + ExportTypesRegistry, JobDocOutput, JobSource, + ServerFacade, } from '../../../types'; -import { CSV_JOB_TYPE } from '../../../common/constants'; interface ICustomHeaders { [x: string]: any; diff --git a/x-pack/legacy/plugins/reporting/server/routes/lib/reporting_feature_pre_routing.ts b/x-pack/legacy/plugins/reporting/server/routes/lib/reporting_feature_pre_routing.ts index 88c5e4edc12f87..7367fceb508572 100644 --- a/x-pack/legacy/plugins/reporting/server/routes/lib/reporting_feature_pre_routing.ts +++ b/x-pack/legacy/plugins/reporting/server/routes/lib/reporting_feature_pre_routing.ts @@ -7,11 +7,13 @@ import Boom from 'boom'; import { Legacy } from 'kibana'; import { Logger, ServerFacade } from '../../../types'; +import { ReportingSetupDeps } from '../../plugin'; export type GetReportingFeatureIdFn = (request: Legacy.Request) => string; export const reportingFeaturePreRoutingFactory = function reportingFeaturePreRoutingFn( server: ServerFacade, + plugins: ReportingSetupDeps, logger: Logger ) { const xpackMainPlugin = server.plugins.xpack_main; diff --git a/x-pack/legacy/plugins/reporting/server/routes/lib/route_config_factories.ts b/x-pack/legacy/plugins/reporting/server/routes/lib/route_config_factories.ts index 25c08261490d56..931f642397bf8e 100644 --- a/x-pack/legacy/plugins/reporting/server/routes/lib/route_config_factories.ts +++ b/x-pack/legacy/plugins/reporting/server/routes/lib/route_config_factories.ts @@ -6,10 +6,13 @@ import Joi from 'joi'; import { CSV_FROM_SAVEDOBJECT_JOB_TYPE } from '../../../common/constants'; -import { ServerFacade, Logger } from '../../../types'; +import { Logger, ServerFacade } from '../../../types'; +import { ReportingSetupDeps } from '../../plugin'; import { authorizedUserPreRoutingFactory } from './authorized_user_pre_routing'; -import { reportingFeaturePreRoutingFactory } from './reporting_feature_pre_routing'; -import { GetReportingFeatureIdFn } from './reporting_feature_pre_routing'; +import { + GetReportingFeatureIdFn, + reportingFeaturePreRoutingFactory, +} from './reporting_feature_pre_routing'; const API_TAG = 'api'; @@ -27,10 +30,11 @@ export type GetRouteConfigFactoryFn = ( export function getRouteConfigFactoryReportingPre( server: ServerFacade, + plugins: ReportingSetupDeps, logger: Logger ): GetRouteConfigFactoryFn { - const authorizedUserPreRouting = authorizedUserPreRoutingFactory(server, logger); - const reportingFeaturePreRouting = reportingFeaturePreRoutingFactory(server, logger); + const authorizedUserPreRouting = authorizedUserPreRoutingFactory(server, plugins, logger); + const reportingFeaturePreRouting = reportingFeaturePreRoutingFactory(server, plugins, logger); return (getFeatureId?: GetReportingFeatureIdFn): RouteConfigFactory => { const preRouting: any[] = [{ method: authorizedUserPreRouting, assign: 'user' }]; @@ -45,8 +49,12 @@ export function getRouteConfigFactoryReportingPre( }; } -export function getRouteOptionsCsv(server: ServerFacade, logger: Logger) { - const getRouteConfig = getRouteConfigFactoryReportingPre(server, logger); +export function getRouteOptionsCsv( + server: ServerFacade, + plugins: ReportingSetupDeps, + logger: Logger +) { + const getRouteConfig = getRouteConfigFactoryReportingPre(server, plugins, logger); return { ...getRouteConfig(() => CSV_FROM_SAVEDOBJECT_JOB_TYPE), validate: { @@ -68,10 +76,11 @@ export function getRouteOptionsCsv(server: ServerFacade, logger: Logger) { export function getRouteConfigFactoryManagementPre( server: ServerFacade, + plugins: ReportingSetupDeps, logger: Logger ): GetRouteConfigFactoryFn { - const authorizedUserPreRouting = authorizedUserPreRoutingFactory(server, logger); - const reportingFeaturePreRouting = reportingFeaturePreRoutingFactory(server, logger); + const authorizedUserPreRouting = authorizedUserPreRoutingFactory(server, plugins, logger); + const reportingFeaturePreRouting = reportingFeaturePreRoutingFactory(server, plugins, logger); const managementPreRouting = reportingFeaturePreRouting(() => 'management'); return (): RouteConfigFactory => { @@ -91,9 +100,10 @@ export function getRouteConfigFactoryManagementPre( // download is loaded into memory. export function getRouteConfigFactoryDownloadPre( server: ServerFacade, + plugins: ReportingSetupDeps, logger: Logger ): GetRouteConfigFactoryFn { - const getManagementRouteConfig = getRouteConfigFactoryManagementPre(server, logger); + const getManagementRouteConfig = getRouteConfigFactoryManagementPre(server, plugins, logger); return (): RouteConfigFactory => ({ ...getManagementRouteConfig(), tags: [API_TAG], diff --git a/x-pack/legacy/plugins/reporting/server/routes/types.d.ts b/x-pack/legacy/plugins/reporting/server/routes/types.d.ts index f3660a22cbac1e..28862a765d666d 100644 --- a/x-pack/legacy/plugins/reporting/server/routes/types.d.ts +++ b/x-pack/legacy/plugins/reporting/server/routes/types.d.ts @@ -5,7 +5,7 @@ */ import { Legacy } from 'kibana'; -import { RequestFacade, ReportingResponseToolkit, JobDocPayload } from '../../types'; +import { JobDocPayload, ReportingResponseToolkit } from '../../types'; export type HandlerFunction = ( exportType: string,