From aa1b40a94d322d665e07359f0d7e8e26ecf62eba Mon Sep 17 00:00:00 2001 From: Jakub Wachowski Date: Fri, 19 Aug 2016 08:45:54 +0200 Subject: [PATCH 1/4] Automatically create default index pattern Change-Id: I50ed1d6abdc1dba93758f22d443a155c0cb37207 --- README.md | 1 + index.js | 1 + package.json | 2 +- server/__tests__/defaultIndexPattern.spec.js | 128 ++++++++++++++++++ server/__tests__/retrieveToken.spec.js | 2 - server/mt/auth/strategy.js | 2 + server/mt/kibana/_create.js | 16 +++ server/mt/kibana/_exists.js | 2 +- .../mt/kibana/defaultIndexPattern/_create.js | 56 ++++++++ .../mt/kibana/defaultIndexPattern/_exists.js | 35 +++++ server/mt/kibana/defaultIndexPattern/index.js | 35 +++++ 11 files changed, 276 insertions(+), 4 deletions(-) create mode 100644 server/__tests__/defaultIndexPattern.spec.js create mode 100644 server/mt/kibana/defaultIndexPattern/_create.js create mode 100644 server/mt/kibana/defaultIndexPattern/_exists.js create mode 100644 server/mt/kibana/defaultIndexPattern/index.js diff --git a/README.md b/README.md index 5502183..125f698 100644 --- a/README.md +++ b/README.md @@ -13,6 +13,7 @@ where keystone_port should be the keystone admin port (default: 35357) not the k fts-keystone.port: ${keystone_port} fts-keystone.url: http://${keystone_host} fts-keystone.enabled: True +fts-keystone.defaultTimeField: '@timestamp' ``` To install the fts-keystone plugin, first the latest release should be downloaded: diff --git a/index.js b/index.js index 8a64363..1d34ccf 100644 --- a/index.js +++ b/index.js @@ -49,6 +49,7 @@ export default (kibana) => { .uri({scheme: ['http', 'https']}) .required(), port : Joi.number().required(), + defaultTimeField: Joi.string().default('@timestamp'), cookie : cookie }).default(); } diff --git a/package.json b/package.json index 20b490b..ff93b9a 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "fts-keystone", - "version": "0.0.2", + "version": "0.0.3", "description": "Keystone authentication & multitenancy support for Kibana 4.4.x", "author": "Fujitsu Enabling Software Technology GmbH", "license": "Apache-2.0", diff --git a/server/__tests__/defaultIndexPattern.spec.js b/server/__tests__/defaultIndexPattern.spec.js new file mode 100644 index 0000000..d2ccbb6 --- /dev/null +++ b/server/__tests__/defaultIndexPattern.spec.js @@ -0,0 +1,128 @@ +/* + * Copyright 2016 FUJITSU LIMITED + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software distributed under the License + * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the License for the specific language governing permissions and limitations under + * the License. + */ + + +const chai = require('chai'); +const sinon = require('sinon'); + +describe('plugins/fts-keystone', () => { + const indexName = '.kibana-testdefaultindex'; + let server; + let userObj; + let configGet; + + + beforeEach(function () { + configGet = sinon.stub(); + configGet.withArgs('pkg.version').returns('4.4.0'); + configGet.withArgs('fts-keystone.defaultTimeField').returns('@timestamp'); + + server = { + log : sinon.stub(), + config: function () { + return { + get: configGet + }; + }, + plugins: { + elasticsearch: { + client: { + indices: {} + } + } + } + }; + + userObj = { + project: { + id: 'abcdef' + } + }; + + }); + + describe('defaultIndexPattern_exists', ()=> { + it('should return false if default pattern does not exist', (done) => { + let exists = require('../mt/kibana/defaultIndexPattern/_exists').default; + + let count = sinon.stub(); + count.returns(Promise.resolve({ count: 0 })); + server.plugins.elasticsearch.client.count = count; + + exists(server, indexName) + .then((resp) => { + chai.assert.equal(resp, false); + chai.assert.isOk(count.calledOnce); + chai.assert.equal(count.args[0][0].index, '.kibana-testdefaultindex'); + chai.assert.equal(count.args[0][0].type, 'index-pattern'); + }) + .then(done); + }); + + it('should return true if default pattern already exists', (done) => { + let patternExists = require('../mt/kibana/defaultIndexPattern/_exists').default; + + let count = sinon.stub(); + count.returns(Promise.resolve({ count: 1 })); + server.plugins.elasticsearch.client.count = count; + + patternExists(server, indexName) + .then((resp) => { + chai.assert.equal(resp, true); + chai.assert.isOk(count.calledOnce); + chai.assert.equal(count.args[0][0].index, '.kibana-testdefaultindex'); + chai.assert.equal(count.args[0][0].type, 'index-pattern'); + }) + .then(done); + }); + }); + + describe('defaultIndexPattern_create', () => { + it('should create pattern with proper value', (done) => { + let createPattern = require('../mt/kibana/defaultIndexPattern/_create').default; + + let create = sinon.stub(); + create.returns(Promise.resolve(true)); + server.plugins.elasticsearch.client.create = create; + + let update = sinon.stub(); + update.returns(Promise.resolve(true)); + server.plugins.elasticsearch.client.update = update; + + let refresh = sinon.stub(); + refresh.returns(Promise.resolve(true)); + server.plugins.elasticsearch.client.indices.refresh = refresh; + + createPattern(server, indexName, userObj) + .then((resp) => { + chai.assert.isOk(create.calledOnce); + chai.assert.equal(create.args[0][0].index, '.kibana-testdefaultindex'); + chai.assert.equal(create.args[0][0].type, 'index-pattern'); + chai.assert.equal(create.args[0][0].id, 'abcdef*'); + chai.assert.equal(create.args[0][0].body.title, 'abcdef*'); + chai.assert.equal(create.args[0][0].body.timeFieldName, '@timestamp'); + + chai.assert.isOk(update.calledOnce); + chai.assert.equal(update.args[0][0].index, '.kibana-testdefaultindex'); + chai.assert.equal(update.args[0][0].type, 'config'); + chai.assert.equal(update.args[0][0].body.doc.defaultIndex, 'abcdef*'); + + chai.assert.isOk(refresh.called); + chai.assert.equal(refresh.args[0][0].index, '.kibana-testdefaultindex'); + }) + .then(done); + }); + }); + +}); diff --git a/server/__tests__/retrieveToken.spec.js b/server/__tests__/retrieveToken.spec.js index dba95ff..7721c5f 100644 --- a/server/__tests__/retrieveToken.spec.js +++ b/server/__tests__/retrieveToken.spec.js @@ -92,8 +92,6 @@ describe('plugins/fts-keystone', ()=> { chai.expect(token).not.to.be.undefined; chai.expect(token).to.be.eql(expectedToken); - console.log(yar.get.callCount); - chai.expect(yar.get.callCount).to.be.eq(2); chai.expect(yar.set.calledOnce).not.to.be.ok; chai.expect( diff --git a/server/mt/auth/strategy.js b/server/mt/auth/strategy.js index d176c67..4871149 100644 --- a/server/mt/auth/strategy.js +++ b/server/mt/auth/strategy.js @@ -16,6 +16,7 @@ import Boom from 'boom'; import Promise from 'bluebird'; import kibanaIndex from '../kibana'; +import defaultIndexPattern from '../kibana/defaultIndexPattern'; import userProjects from '../projects'; import { @@ -40,6 +41,7 @@ export default (server) => { userProjects(server, session, userObj), kibanaIndex(server, userObj) ]) + .then(defaultIndexPattern(server, userObj)) .then(() => { server.log(['status', 'info', 'keystone'], `User ${userObj.user.id} authorized with keystone`); return token; diff --git a/server/mt/kibana/_create.js b/server/mt/kibana/_create.js index e2ae0ea..c563a6b 100644 --- a/server/mt/kibana/_create.js +++ b/server/mt/kibana/_create.js @@ -36,6 +36,22 @@ export default (server, indexName) => { index: 'not_analyzed' } } + }, + 'index-pattern': { + properties: { + title: { + type: 'string' + }, + timeFieldName: { + type: 'string' + }, + notExpandable: { + type: 'boolean' + }, + intervalName: { + type: 'string' + } + } } } } diff --git a/server/mt/kibana/_exists.js b/server/mt/kibana/_exists.js index f16a989..947e5c9 100644 --- a/server/mt/kibana/_exists.js +++ b/server/mt/kibana/_exists.js @@ -31,7 +31,7 @@ export function exists(server, indexName, status) { waitForActiveShards: 1 }; if (status) { - opts.status = status; + opts.waitForStatus = status; } return es.cluster.health(opts); } diff --git a/server/mt/kibana/defaultIndexPattern/_create.js b/server/mt/kibana/defaultIndexPattern/_create.js new file mode 100644 index 0000000..c9c830e --- /dev/null +++ b/server/mt/kibana/defaultIndexPattern/_create.js @@ -0,0 +1,56 @@ +/* + * Copyright 2016 FUJITSU LIMITED + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software distributed under the License + * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the License for the specific language governing permissions and limitations under + * the License. + */ + +import Promise from 'bluebird'; + +export default (server, indexName, userObj) => { + server.log(['status', 'info', 'keystone'], `Creating default index pattern for ${indexName}`); + + const client = server.plugins.elasticsearch.client; + const pattern = `${userObj.project.id}*`; + + return client.create({ + index: indexName, + type : 'index-pattern', + body : { + title: pattern, + timeFieldName : server.config().get('fts-keystone.defaultTimeField') + }, + id : pattern + }) + .then(() => { + return client.update({ + index: indexName, + type: 'config', + id: server.config().get('pkg.version'), + body: { + doc: { + defaultIndex: pattern + } + } + }); + }) + .then(() => { + return client.indices.refresh({ + index: indexName, + force: true + }); + }) + .then((response) => { + return Promise.resolve(response); + }) + .catch((err)=> { + throw new Error(`Unable to setup index pattern, error is ${err}`); + }); +}; diff --git a/server/mt/kibana/defaultIndexPattern/_exists.js b/server/mt/kibana/defaultIndexPattern/_exists.js new file mode 100644 index 0000000..7145c57 --- /dev/null +++ b/server/mt/kibana/defaultIndexPattern/_exists.js @@ -0,0 +1,35 @@ +/* + * Copyright 2016 FUJITSU LIMITED + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software distributed under the License + * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the License for the specific language governing permissions and limitations under + * the License. + */ + +export default (server, indexName) => { + const client = server.plugins.elasticsearch.client; + const options = { + index: indexName, + type : 'index-pattern', + ignoreUnavailable: true + }; + + server.log(['status', 'debug', 'keystone'], + `Checking if default index pattern for ${indexName} exists...`); + + return client + .count(options) + .then((resp) => { + return resp.count > 0; + }) + .catch((err)=> { + throw new Error(`Getting index-pattern for ${indexName} failed, error is ${err}`); + }); + +}; diff --git a/server/mt/kibana/defaultIndexPattern/index.js b/server/mt/kibana/defaultIndexPattern/index.js new file mode 100644 index 0000000..f8be5cf --- /dev/null +++ b/server/mt/kibana/defaultIndexPattern/index.js @@ -0,0 +1,35 @@ +/* + * Copyright 2016 FUJITSU LIMITED + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software distributed under the License + * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the License for the specific language governing permissions and limitations under + * the License. + */ + +import Promise from 'bluebird'; +import defaultIndexExists from './_exists'; +import createDefaultIndex from './_create'; +import kibanaIndex from '../kibanaIndex'; + +export default (server, userObj) => { + return () => { + const indexName = kibanaIndex(server, userObj); + return defaultIndexExists(server, indexName) + .then((exists) => { + if (!exists) { + server.log(['status', 'warning', 'keystone'], + `Default index pattern for ${indexName} does not exist`); + return createDefaultIndex(server, indexName, userObj); + } + server.log(['status', 'debug', 'keystone'], + `Default index pattern for ${indexName} already exists`); + return Promise.resolve(); + }); + }; +}; From d6af474bfa1edf3d1920f1549b4e80b9fa4d55d6 Mon Sep 17 00:00:00 2001 From: Jakub Wachowski Date: Mon, 17 Oct 2016 14:57:18 +0200 Subject: [PATCH 2/4] Force Kibana to reload when user re-logs There was an invalid reference to reload.markup. Changed to use RELOAD_MARKUP from const.js Bug-Id: 13131 Change-Id: I808cda7dc3cfa46c52dff3fd7c34f69459bd5638 --- server/const.js | 5 +++++ server/mt/auth/_authenticate.js | 6 +----- server/mt/auth/verify.js | 6 +++--- 3 files changed, 9 insertions(+), 8 deletions(-) diff --git a/server/const.js b/server/const.js index 81850f9..a5f769a 100644 --- a/server/const.js +++ b/server/const.js @@ -20,3 +20,8 @@ export const SESSION_PROJECTS_KEY = `fts-keystone-projects-${NOW_TIME}`; export const SESSION_TOKEN_CHANGED = `fts-keystone-token-changed-${NOW_TIME}`; export const TOKEN_CHANGED_VALUE = Symbol('token-changed'); + +export const RELOAD_MARKUP = ` + + reloading... + `; diff --git a/server/mt/auth/_authenticate.js b/server/mt/auth/_authenticate.js index 2569694..c95f0a8 100644 --- a/server/mt/auth/_authenticate.js +++ b/server/mt/auth/_authenticate.js @@ -15,14 +15,10 @@ import Boom from 'boom'; import Joi from 'joi'; -import { SESSION_USER_KEY } from '../../const'; +import { SESSION_USER_KEY, RELOAD_MARKUP } from '../../const'; import lookupToken from './token'; import RELOAD from './reload'; -const RELOAD_MARKUP = ` - -reloading... -`; const NOOP = ()=> { }; const SCHEMA = { diff --git a/server/mt/auth/verify.js b/server/mt/auth/verify.js index 055da34..6632f2d 100644 --- a/server/mt/auth/verify.js +++ b/server/mt/auth/verify.js @@ -18,9 +18,9 @@ import { SESSION_PROJECTS_KEY, SESSION_USER_KEY, SESSION_TOKEN_CHANGED, - TOKEN_CHANGED_VALUE + TOKEN_CHANGED_VALUE, + RELOAD_MARKUP } from '../../const'; -import reload from './reload'; export default () => { return (request, reply) => { @@ -34,7 +34,7 @@ export default () => { 'Detected that token has been changed, replaying the request' ); session.clear(SESSION_TOKEN_CHANGED); - return reply(reload.markup).type('text/html'); + return reply(RELOAD_MARKUP).type('text/html'); } else if (userObj) { let expiresAt = new Date(userObj.expires_at).valueOf(); let now = new Date().valueOf(); From 4d13e5d03b7152826221a1076a3e22786747eadb Mon Sep 17 00:00:00 2001 From: Jakub Wachowski Date: Mon, 24 Oct 2016 15:56:49 +0200 Subject: [PATCH 3/4] Fix problems with multitenancy This commit fixes the following problems: - Kibana is not auto-detected by monasca-agent (Bug-Id: 13118) - Kibana renders error page when token expires - Keystone-token can be 'stolen' due to sharing of default session in Kibana - Some endpoints were not secured Related change for monasca-ui: https://review.openstack.org/#/c/387269/ Bug-Id: 13118 Change-Id: I2a363ebabcf593469943f7d071a92a680344ec73 --- package.json | 2 +- server/__tests__/retrieveToken.spec.js | 38 +++++++++++++++++------- server/mt/auth/token/index.js | 8 +++++ server/mt/auth/verify.js | 2 +- server/mt/index.js | 2 +- server/mt/routing/routes/kibana_index.js | 2 +- server/mt/routing/routes/mget.js | 2 +- server/mt/routing/routes/paths.js | 10 +++++-- 8 files changed, 48 insertions(+), 18 deletions(-) diff --git a/package.json b/package.json index ff93b9a..2db9f31 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "fts-keystone", - "version": "0.0.3", + "version": "0.0.4", "description": "Keystone authentication & multitenancy support for Kibana 4.4.x", "author": "Fujitsu Enabling Software Technology GmbH", "license": "Apache-2.0", diff --git a/server/__tests__/retrieveToken.spec.js b/server/__tests__/retrieveToken.spec.js index 7721c5f..5c99ec4 100644 --- a/server/__tests__/retrieveToken.spec.js +++ b/server/__tests__/retrieveToken.spec.js @@ -27,13 +27,22 @@ describe('plugins/fts-keystone', ()=> { let server; beforeEach(()=> { + let configGet = sinon.stub(); + configGet.withArgs('fts-keystone.cookie.name').returns('keystone'); server = { - log: sinon.stub() + log: sinon.stub(), + config: function () { + return { + get: configGet + }; + } }; }); it('should return isBoom if session not available', ()=> { - let request = {}; + let request = { + state: {} + }; let errMsg = /Session support is missing/; chai.expect(()=> { @@ -41,14 +50,16 @@ describe('plugins/fts-keystone', ()=> { }).to.throw(errMsg); request = { - yar: undefined + yar: undefined, + state: {} }; chai.expect(()=> { retrieveToken(server, request); }).to.throw(errMsg); request = { - session: null + session: null, + state: {} }; chai.expect(()=> { retrieveToken(server, request); @@ -62,9 +73,11 @@ describe('plugins/fts-keystone', ()=> { 'get': sinon .stub() .withArgs(CONSTANTS.SESSION_TOKEN_KEY) - .returns(undefined) + .returns(undefined), + 'reset': sinon.stub() }, - headers: {} + headers: {}, + state: {} }; let result = retrieveToken(server, request); @@ -82,7 +95,8 @@ describe('plugins/fts-keystone', ()=> { }; let request = { yar : yar, - headers: {} + headers: {}, + state: {} }; let token; @@ -102,7 +116,7 @@ describe('plugins/fts-keystone', ()=> { it('should set token in session if not there and request has it', () => { let expectedToken = 'SOME_RANDOM_TOKEN'; let yar = { - 'reset': sinon.spy(), + 'reset': sinon.stub(), 'set' : sinon.spy(), 'get' : sinon.stub() }; @@ -110,7 +124,8 @@ describe('plugins/fts-keystone', ()=> { yar : yar, headers: { 'x-auth-token': expectedToken - } + }, + state: {} }; let token; @@ -158,14 +173,15 @@ describe('plugins/fts-keystone', ()=> { let token; let request = { yar : yar, - headers: headers + headers: headers, + state: {} }; token = retrieveToken(server, request); chai.expect(token).to.not.be.undefined; chai.expect(token).to.be.eql(RELOAD_SYMBOL); - chai.expect(yar.reset.calledOnce).to.be.ok; + chai.expect(yar.reset.calledTwice).to.be.ok; chai.expect(yar.get.calledOnce).to.be.ok; chai.expect(yar.set.callCount).to.be.eq(2); diff --git a/server/mt/auth/token/index.js b/server/mt/auth/token/index.js index 2bbcdbe..4fdcc72 100644 --- a/server/mt/auth/token/index.js +++ b/server/mt/auth/token/index.js @@ -43,6 +43,14 @@ module.exports = (server, request) => { throw new Error('Session support is missing'); } + // this is a workaround for problem with 'default' session: + // when there is no session cookie present, then yar uses default session, + // as a result many clients use the same session - security risk! + const cookieName = server.config().get('fts-keystone.cookie.name'); + if (!request.state[cookieName]) { + request.yar.reset(); + } + // DEV PURPOSE ONLY // request.yar.set(SESSION_TOKEN_KEY, 'a60e832483c34526a0c2bc3c6f8fa320'); diff --git a/server/mt/auth/verify.js b/server/mt/auth/verify.js index 055da34..7e871cf 100644 --- a/server/mt/auth/verify.js +++ b/server/mt/auth/verify.js @@ -42,7 +42,7 @@ export default () => { if (diff >= 0) { session.reset(); - return reply(Boom.unauthorized('User token has expired')).takeover(); + return reply(Boom.unauthorized('User token has expired')); } else { return reply.continue({ credentials: userObj, diff --git a/server/mt/index.js b/server/mt/index.js index 7c03b3a..8ce8f7b 100644 --- a/server/mt/index.js +++ b/server/mt/index.js @@ -46,7 +46,7 @@ function bindAuthScheme(server) { server.auth.strategy( 'session', 'keystone-token', - true, + false, require('./auth/strategy')(server) ) ]); diff --git a/server/mt/routing/routes/kibana_index.js b/server/mt/routing/routes/kibana_index.js index d1ede83..b72c535 100644 --- a/server/mt/routing/routes/kibana_index.js +++ b/server/mt/routing/routes/kibana_index.js @@ -27,7 +27,7 @@ export default function (server, method, path) { method : method, path : path, config : { - auth : false, + auth : 'session', payload: { output: 'data', parse : false diff --git a/server/mt/routing/routes/mget.js b/server/mt/routing/routes/mget.js index 5dfade5..a18d68c 100644 --- a/server/mt/routing/routes/mget.js +++ b/server/mt/routing/routes/mget.js @@ -26,7 +26,7 @@ export default function (server, method, path) { method : method, path : path, config : { - auth : false, + auth : 'session', payload: { output: 'data', parse : false diff --git a/server/mt/routing/routes/paths.js b/server/mt/routing/routes/paths.js index 4622d22..60e7fc7 100644 --- a/server/mt/routing/routes/paths.js +++ b/server/mt/routing/routes/paths.js @@ -13,6 +13,7 @@ */ import Wreck from 'wreck'; +import Boom from 'boom'; import { SESSION_USER_KEY } from '../../../const'; import { getOpts } from '../_utils'; @@ -20,14 +21,15 @@ import kibanaIndex from '../../kibana/kibanaIndex'; import mapUri from '../_map_uri'; export default function (server, method, path) { - const defaultKibanaIndex = defaultKibanaIndex; + const defaultKibanaIndex = server.config().get('kibana.index'); + const logIndexPostionInUrl = 3; return { method : method, path : path, config : { tags: ['elasticsearch', 'multitenancy'], - auth: false + auth: 'session' }, handler: handler }; @@ -42,7 +44,11 @@ export default function (server, method, path) { if (indexPos > -1) { url[indexPos] = kibanaIndex(server, session[SESSION_USER_KEY]); kibanaIndexRequest = true; + } else if (url.length > logIndexPostionInUrl + && !url[logIndexPostionInUrl].startsWith(session[SESSION_USER_KEY].project.id)) { + return reply(Boom.unauthorized('User does not have access to this resource')); } + url = url.join('/'); const opts = getOpts(server, request, url); From 573613b9f14905c805351a27fad828abac68f635 Mon Sep 17 00:00:00 2001 From: Jakub Wachowski Date: Thu, 24 Nov 2016 10:56:36 +0100 Subject: [PATCH 4/4] Prevent unauthorized access to logs It was possible to read logs of any project knowing only the project id. Related Bug-Id: 13215 Change-Id: I51769cdad76083b93f4b50fa7bbbe0e07684d8d1 --- package.json | 4 ++-- server/mt/routing/routes/default.js | 3 +++ 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/package.json b/package.json index 2db9f31..f27050c 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "fts-keystone", - "version": "0.0.4", - "description": "Keystone authentication & multitenancy support for Kibana 4.4.x", + "version": "0.0.5", + "description": "Keystone authentication & multitenancy support for Kibana 4.5.x", "author": "Fujitsu Enabling Software Technology GmbH", "license": "Apache-2.0", "keywords": [ diff --git a/server/mt/routing/routes/default.js b/server/mt/routing/routes/default.js index 28a937c..df5108d 100644 --- a/server/mt/routing/routes/default.js +++ b/server/mt/routing/routes/default.js @@ -19,6 +19,9 @@ module.exports = function defaultHandler(server, method, path) { return { method : method, path : path, + config : { + auth : 'session' + }, handler: { proxy: { mapUri : (request, done) => {