Maybe final changes batch

Signed-off-by: Peter Nied <petern@amazon.com>
peternied · Oct 3, 2023 · 22991e3 · 22991e3
1 parent 20c9ea7
commit 22991e3
Show file tree

Hide file tree

Showing 11 changed files with 10 additions and 11 deletions.
diff --git a/src/main/java/org/opensearch/security/auditlog/AuditLog.java b/src/main/java/org/opensearch/security/auditlog/AuditLog.java
@@ -38,7 +38,6 @@
 import org.opensearch.security.auditlog.config.AuditConfig;
 import org.opensearch.security.compliance.ComplianceConfig;
 import org.opensearch.security.filter.SecurityRequest;
-import org.opensearch.security.filter.SecurityRequestChannel;
 import org.opensearch.tasks.Task;
 import org.opensearch.transport.TransportRequest;
 

diff --git a/src/main/java/org/opensearch/security/auditlog/impl/AbstractAuditLog.java b/src/main/java/org/opensearch/security/auditlog/impl/AbstractAuditLog.java
@@ -66,7 +66,6 @@
 import org.opensearch.security.compliance.ComplianceConfig;
 import org.opensearch.security.dlic.rest.support.Utils;
 import org.opensearch.security.filter.SecurityRequest;
-import org.opensearch.security.filter.SecurityRequestChannel;
 import org.opensearch.security.support.Base64Helper;
 import org.opensearch.security.support.ConfigConstants;
 import org.opensearch.security.user.User;

diff --git a/src/main/java/org/opensearch/security/auditlog/impl/AuditLogImpl.java b/src/main/java/org/opensearch/security/auditlog/impl/AuditLogImpl.java
@@ -34,7 +34,6 @@
 import org.opensearch.security.auditlog.config.AuditConfig;
 import org.opensearch.security.auditlog.routing.AuditMessageRouter;
 import org.opensearch.security.filter.SecurityRequest;
-import org.opensearch.security.filter.SecurityRequestChannel;
 import org.opensearch.tasks.Task;
 import org.opensearch.threadpool.ThreadPool;
 import org.opensearch.transport.TransportRequest;

diff --git a/src/main/java/org/opensearch/security/auditlog/impl/AuditMessage.java b/src/main/java/org/opensearch/security/auditlog/impl/AuditMessage.java
@@ -49,7 +49,6 @@
 import org.opensearch.security.auditlog.config.AuditConfig;
 import org.opensearch.security.dlic.rest.support.Utils;
 import org.opensearch.security.filter.SecurityRequest;
-import org.opensearch.security.filter.SecurityRequestChannel;
 import org.opensearch.security.filter.OpenSearchRequest;
 import org.opensearch.security.securityconf.impl.CType;
 import org.opensearch.security.support.WildcardMatcher;

diff --git a/src/main/java/org/opensearch/security/auth/BackendRegistry.java b/src/main/java/org/opensearch/security/auth/BackendRegistry.java
@@ -287,6 +287,8 @@ public void authenticate(final SecurityRequestChannel request, final ThreadConte
                     if (isTraceEnabled) {
                         log.trace("No 'Authorization' header, send 401 and 'WWW-Authenticate Basic'");
                     }
+                    notifyIpAuthFailureListeners(request, authCredentials);
+                    return;
                 } else {
                     // no reRequest possible
                     if (isTraceEnabled) {
@@ -299,7 +301,7 @@ public void authenticate(final SecurityRequestChannel request, final ThreadConte
                 if (!ac.isComplete()) {
                     // credentials found in request but we need another client challenge
                     if (httpAuthenticator.reRequestAuthentication(request, ac)) {
-                        // auditLog.logFailedLogin(ac.getUsername()+" <incomplete>", request); --noauditlog
+                        notifyIpAuthFailureListeners(request, ac);
                         return;
                     } else {
                         // no reRequest possible

diff --git a/src/main/java/org/opensearch/security/dlic/rest/api/AbstractApiAction.java b/src/main/java/org/opensearch/security/dlic/rest/api/AbstractApiAction.java
@@ -546,6 +546,7 @@ protected final RestChannelConsumer prepareRequest(RestRequest request, NodeClie
             // check if .opendistro_security index has been initialized
             if (!ensureIndexExists()) {
                 internalSeverError(channel, RequestContentValidator.ValidationError.SECURITY_NOT_INITIALIZED.message());
+                return;
             }
 
             // check if request is authorized
@@ -560,6 +561,7 @@ protected final RestChannelConsumer prepareRequest(RestRequest request, NodeClie
                 // for rest request
                 request.params().clear();
                 forbidden(channel, "No permission to access REST API: " + authError);
+                return;
             } else {
                 securityApiDependencies.auditLog().logGrantedPrivileges(userName, securityRequest);
             }

diff --git a/src/main/java/org/opensearch/security/filter/NettyRequest.java b/src/main/java/org/opensearch/security/filter/NettyRequest.java
@@ -63,4 +63,4 @@ public boolean completeWithResponse(int statusCode, Map<String, String> headers,
         // TODO Auto-generated method stub
         throw new UnsupportedOperationException("Unimplemented method 'completeWithResponse'");
     }
-}
+}
diff --git a/src/main/java/org/opensearch/security/filter/OpenSearchRequest.java b/src/main/java/org/opensearch/security/filter/OpenSearchRequest.java
@@ -71,4 +71,4 @@ public Map<String, String> params() {
     public RestRequest breakEncapsulationForRequest() {
         return underlyingRequest;
     }
-}
+}
diff --git a/src/main/java/org/opensearch/security/filter/OpenSearchRequestChannel.java b/src/main/java/org/opensearch/security/filter/OpenSearchRequestChannel.java
@@ -5,7 +5,6 @@
 
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
-import org.opensearch.common.collect.Tuple;
 import org.opensearch.core.rest.RestStatus;
 import org.opensearch.rest.BytesRestResponse;
 import org.opensearch.rest.RestChannel;
@@ -56,4 +55,4 @@ public void markCompleted() {
     public RestChannel breakEncapsulationForChannel() {
         return underlyingChannel;
     }
-}
+}
diff --git a/src/main/java/org/opensearch/security/http/proxy/HTTPExtendedProxyAuthenticator.java b/src/main/java/org/opensearch/security/http/proxy/HTTPExtendedProxyAuthenticator.java
@@ -38,7 +38,6 @@
 import org.opensearch.common.util.concurrent.ThreadContext;
 import org.opensearch.core.common.Strings;
 import org.opensearch.security.filter.SecurityRequest;
-import org.opensearch.security.filter.SecurityRequestChannel;
 import org.opensearch.security.http.HTTPProxyAuthenticator;
 import org.opensearch.security.user.AuthCredentials;
 

diff --git a/src/main/java/org/opensearch/security/rest/SecurityConfigUpdateAction.java b/src/main/java/org/opensearch/security/rest/SecurityConfigUpdateAction.java
@@ -73,8 +73,9 @@ public List<Route> routes() {
 
     @Override
     protected RestChannelConsumer prepareRequest(RestRequest request, NodeClient client) throws IOException {
+        String[] configTypes = request.paramAsStringArrayOrEmptyIfAll("config_types");
+
         return channel -> {
-            String[] configTypes = request.paramAsStringArrayOrEmptyIfAll("config_types");
 
             final SecurityRequestChannel securityRequest = SecurityRequestFactory.from(request, channel);
             SSLRequestHelper.SSLInfo sslInfo = SSLRequestHelper.getSSLInfo(settings, configPath, securityRequest, principalExtractor);