From 42ff44b9754e45c634962f33dcde9072928063c0 Mon Sep 17 00:00:00 2001 From: Yang Wang Date: Wed, 31 Mar 2021 21:25:26 +1100 Subject: [PATCH] [Test] Service Accounts - Remove colon from invalid token name generator (#71099) The colon character is interpreted as the separate between token name and token secret. So if a token name contains a colon, it is in theory invalid. But the parser takes only the part before the colon as the token name and thus consider it as a valid token name. Subsequent authentication will still fail. But for tests, this generates a different exception and fails the expectation. This PR removes the colon char from being used to generate invalid token names for simplicity. --- .../xpack/security/authc/service/ServiceAccountToken.java | 5 +++++ .../security/authc/service/ServiceAccountTokenTests.java | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/service/ServiceAccountToken.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/service/ServiceAccountToken.java index eba40ecd1a4db..0157de7dde954 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/service/ServiceAccountToken.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/service/ServiceAccountToken.java @@ -130,6 +130,11 @@ public void close() { secret.close(); } + @Override + public String toString() { + return getQualifiedName(); + } + @Override public boolean equals(Object o) { if (this == o) diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/service/ServiceAccountTokenTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/service/ServiceAccountTokenTests.java index f98b3ff9e0460..a0d63abcc5f08 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/service/ServiceAccountTokenTests.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/service/ServiceAccountTokenTests.java @@ -33,7 +33,7 @@ public class ServiceAccountTokenTests extends ESTestCase { ); private static final Set INVALID_TOKEN_NAME_CHARS = Set.of( - '!', '"', '#', '$', '%', '&', '\'', '(', ')', '*', '+', ',', '.', '/', ':', ';', '<', '=', '>', '?', '@', '[', + '!', '"', '#', '$', '%', '&', '\'', '(', ')', '*', '+', ',', '.', '/', ';', '<', '=', '>', '?', '@', '[', '\\', ']', '^', '`', '{', '|', '}', '~', ' ', '\t', '\n', '\r'); public void testIsValidTokenName() {