Fix bug in support for jwt.url_param customization (#1025)

Signed-off-by: Craig Perkins <cwperx@amazon.com> (cherry picked from commit 5e4004f)
opensearch-project · Jul 7, 2022 · 0756edc · 0756edc
1 parent 4a4416d
commit 0756edc
Show file tree

Hide file tree

Showing 2 changed files with 76 additions and 3 deletions.
diff --git a/server/auth/types/jwt/jwt_auth.test.ts b/server/auth/types/jwt/jwt_auth.test.ts
@@ -0,0 +1,74 @@
+/*
+ *   Copyright OpenSearch Contributors
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License").
+ *   You may not use this file except in compliance with the License.
+ *   A copy of the License is located at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   or in the "license" file accompanying this file. This file is distributed
+ *   on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ *   express or implied. See the License for the specific language governing
+ *   permissions and limitations under the License.
+ */
+
+import { getAuthenticationHandler } from '../../auth_handler_factory';
+
+describe('test jwt auth library', () => {
+  const router: IRouter = { post: (body) => {} };
+  let core: CoreSetup;
+  let esClient: ILegacyClusterClient;
+  let sessionStorageFactory: SessionStorageFactory<SecuritySessionCookie>;
+  let logger: Logger;
+
+  function getTestJWTAuthenticationHandlerWithConfig(config: SecurityPluginConfigType) {
+    return getAuthenticationHandler(
+      'jwt',
+      router,
+      config,
+      core,
+      esClient,
+      sessionStorageFactory,
+      logger
+    );
+  }
+
+  test('test getTokenFromUrlParam', () => {
+    const config = {
+      jwt: {
+        header: 'Authorization',
+        url_param: 'authorization',
+      },
+    };
+    const auth = getTestJWTAuthenticationHandlerWithConfig(config);
+
+    const url = new URL('http://localhost:5601/app/api/v1/auth/authinfo?authorization=testtoken');
+    const request = {
+      url,
+    };
+
+    const expectedToken = 'testtoken';
+    const token = auth.getTokenFromUrlParam(request);
+    expect(token).toEqual(expectedToken);
+  });
+
+  test('test getTokenFromUrlParam incorrect url_param', () => {
+    const config = {
+      jwt: {
+        header: 'Authorization',
+        url_param: 'urlParamName',
+      },
+    };
+    const auth = getTestJWTAuthenticationHandlerWithConfig(config);
+
+    const url = new URL('http://localhost:5601/app/api/v1/auth/authinfo?authorization=testtoken');
+    const request = {
+      url,
+    };
+
+    const expectedToken = undefined;
+    const token = auth.getTokenFromUrlParam(request);
+    expect(token).toEqual(expectedToken);
+  });
+});
diff --git a/server/auth/types/jwt/jwt_auth.ts b/server/auth/types/jwt/jwt_auth.ts
@@ -57,7 +57,7 @@ export class JwtAuthentication extends AuthenticationType {
   private getTokenFromUrlParam(request: OpenSearchDashboardsRequest): string | undefined {
     const urlParamName = this.config.jwt?.url_param;
     if (urlParamName) {
-      const token = request.url.searchParams.get('urlParamName');
+      const token = request.url.searchParams.get(urlParamName);
       return (token as string) || undefined;
     }
     return undefined;
@@ -79,9 +79,8 @@ export class JwtAuthentication extends AuthenticationType {
     if (request.headers[this.authHeaderName]) {
       return true;
     }
-
     const urlParamName = this.config.jwt?.url_param;
-    if (urlParamName && request.url.searchParams.get('urlParamName')) {
+    if (urlParamName && request.url.searchParams.get(urlParamName)) {
       return true;
     }