From 1a0dcf60fc3f2a8d498ae68f92db53a8de7fd112 Mon Sep 17 00:00:00 2001 From: Sander Philipse <94373878+sphilipse@users.noreply.github.com> Date: Thu, 21 Dec 2023 14:58:25 +0100 Subject: [PATCH] [Search] Return empty array when checking api keys for unauthorized user (#173823) ## Summary Instead of returning an obnoxious error on every Search page when fetching an unauthorized user's API keys, we just return an empty array. --- .../server/routes/enterprise_search/api_keys.ts | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/x-pack/plugins/enterprise_search/server/routes/enterprise_search/api_keys.ts b/x-pack/plugins/enterprise_search/server/routes/enterprise_search/api_keys.ts index 2262879657ec4..abdac9fb57e0f 100644 --- a/x-pack/plugins/enterprise_search/server/routes/enterprise_search/api_keys.ts +++ b/x-pack/plugins/enterprise_search/server/routes/enterprise_search/api_keys.ts @@ -54,9 +54,19 @@ export function registerApiKeysRoutes( const { client } = (await context.core).elasticsearch; const user = security.authc.getCurrentUser(request); if (user) { - const apiKeys = await client.asCurrentUser.security.getApiKey({ username: user.username }); - const validKeys = apiKeys.api_keys.filter(({ invalidated }) => !invalidated); - return response.ok({ body: { api_keys: validKeys } }); + try { + const apiKeys = await client.asCurrentUser.security.getApiKey({ + username: user.username, + }); + const validKeys = apiKeys.api_keys.filter(({ invalidated }) => !invalidated); + return response.ok({ body: { api_keys: validKeys } }); + } catch { + // Ideally we check the error response here for unauthorized user + // Unfortunately the error response is not structured enough for us to filter those + // Always returning an empty array should also be fine, and deals with transient errors + + return response.ok({ body: { api_keys: [] } }); + } } return response.customError({ body: 'Could not retrieve current user, security plugin is not ready',