diff --git a/package.json b/package.json index 64e72ee59cb5c..0c574dd2966c8 100644 --- a/package.json +++ b/package.json @@ -637,6 +637,7 @@ "@types/testing-library__jest-dom": "^5.9.5", "@types/testing-library__react-hooks": "^4.0.0", "@types/tinycolor2": "^1.4.1", + "@types/tough-cookie": "^4.0.1", "@types/type-detect": "^4.0.1", "@types/use-resize-observer": "^6.0.0", "@types/uuid": "^3.4.4", @@ -828,6 +829,7 @@ "terminal-link": "^2.1.1", "terser": "^5.7.1", "terser-webpack-plugin": "^2.1.2", + "tough-cookie": "^4.0.0", "ts-loader": "^7.0.5", "ts-morph": "^9.1.0", "tsd": "^0.13.1", diff --git a/src/core/server/http/cookie_session_storage.test.ts b/src/core/server/http/cookie_session_storage.test.ts index 22d747ff577ae..ad05d37c81e99 100644 --- a/src/core/server/http/cookie_session_storage.test.ts +++ b/src/core/server/http/cookie_session_storage.test.ts @@ -6,7 +6,7 @@ * Side Public License, v 1. */ -import request from 'request'; +import { parse as parseCookie } from 'tough-cookie'; import supertest from 'supertest'; import { REPO_ROOT } from '@kbn/dev-utils'; import { ByteSizeValue } from '@kbn/config-schema'; @@ -103,7 +103,7 @@ interface Storage { } function retrieveSessionCookie(cookies: string) { - const sessionCookie = request.cookie(cookies); + const sessionCookie = parseCookie(cookies); if (!sessionCookie) { throw new Error('session cookie expected to be defined'); } diff --git a/src/core/server/http/integration_tests/lifecycle.test.ts b/src/core/server/http/integration_tests/lifecycle.test.ts index e883cd59c8c77..098dfbebfa7b5 100644 --- a/src/core/server/http/integration_tests/lifecycle.test.ts +++ b/src/core/server/http/integration_tests/lifecycle.test.ts @@ -7,7 +7,7 @@ */ import supertest from 'supertest'; -import request from 'request'; +import { parse as parseCookie } from 'tough-cookie'; import { schema } from '@kbn/config-schema'; import { ensureRawRequest } from '../router'; @@ -827,7 +827,7 @@ describe('Auth', () => { const cookies = response.header['set-cookie']; expect(cookies).toHaveLength(1); - const sessionCookie = request.cookie(cookies[0]); + const sessionCookie = parseCookie(cookies[0]); if (!sessionCookie) { throw new Error('session cookie expected to be defined'); } diff --git a/x-pack/test/api_integration/apis/security/basic_login.js b/x-pack/test/api_integration/apis/security/basic_login.js index e42ba6cb8a055..ea8971d620231 100644 --- a/x-pack/test/api_integration/apis/security/basic_login.js +++ b/x-pack/test/api_integration/apis/security/basic_login.js @@ -6,7 +6,7 @@ */ import expect from '@kbn/expect'; -import request from 'request'; +import { parse as parseCookie } from 'tough-cookie'; export default function ({ getService }) { const supertest = getService('supertestWithoutAuth'); @@ -86,7 +86,7 @@ export default function ({ getService }) { const cookies = loginResponse.headers['set-cookie']; expect(cookies).to.have.length(1); - const sessionCookie = request.cookie(cookies[0]); + const sessionCookie = parseCookie(cookies[0]); expect(sessionCookie.key).to.be('sid'); expect(sessionCookie.value).to.not.be.empty(); expect(sessionCookie.path).to.be('/'); @@ -167,7 +167,7 @@ export default function ({ getService }) { }) .expect(200); - sessionCookie = request.cookie(loginResponse.headers['set-cookie'][0]); + sessionCookie = parseCookie(loginResponse.headers['set-cookie'][0]); }); it('should allow access to the API', async () => { @@ -207,7 +207,7 @@ export default function ({ getService }) { .expect(200); expect(apiResponseOne.headers['set-cookie']).to.not.be(undefined); - const sessionCookieOne = request.cookie(apiResponseOne.headers['set-cookie'][0]); + const sessionCookieOne = parseCookie(apiResponseOne.headers['set-cookie'][0]); expect(sessionCookieOne.value).to.not.be.empty(); expect(sessionCookieOne.value).to.not.equal(sessionCookie.value); @@ -219,7 +219,7 @@ export default function ({ getService }) { .expect(200); expect(apiResponseTwo.headers['set-cookie']).to.not.be(undefined); - const sessionCookieTwo = request.cookie(apiResponseTwo.headers['set-cookie'][0]); + const sessionCookieTwo = parseCookie(apiResponseTwo.headers['set-cookie'][0]); expect(sessionCookieTwo.value).to.not.be.empty(); expect(sessionCookieTwo.value).to.not.equal(sessionCookieOne.value); @@ -256,7 +256,7 @@ export default function ({ getService }) { const cookies = logoutResponse.headers['set-cookie']; expect(cookies).to.have.length(1); - const logoutCookie = request.cookie(cookies[0]); + const logoutCookie = parseCookie(cookies[0]); expect(logoutCookie.key).to.be('sid'); expect(logoutCookie.value).to.be.empty(); expect(logoutCookie.path).to.be('/'); diff --git a/x-pack/test/api_integration/apis/security/change_password.ts b/x-pack/test/api_integration/apis/security/change_password.ts index 25e320e270e0f..555f2692c3359 100644 --- a/x-pack/test/api_integration/apis/security/change_password.ts +++ b/x-pack/test/api_integration/apis/security/change_password.ts @@ -5,7 +5,7 @@ * 2.0. */ -import { Cookie, cookie } from 'request'; +import { parse as parseCookie, Cookie } from 'tough-cookie'; import { FtrProviderContext } from '../../ftr_provider_context'; export default function ({ getService }: FtrProviderContext) { @@ -30,7 +30,7 @@ export default function ({ getService }: FtrProviderContext) { params: { username: mockUserName, password: mockUserPassword }, }) .expect(200); - sessionCookie = cookie(loginResponse.headers['set-cookie'][0])!; + sessionCookie = parseCookie(loginResponse.headers['set-cookie'][0])!; }); afterEach(async () => await security.user.delete(mockUserName)); @@ -93,7 +93,7 @@ export default function ({ getService }: FtrProviderContext) { .send({ password: mockUserPassword, newPassword }) .expect(204); - const newSessionCookie = cookie(passwordChangeResponse.headers['set-cookie'][0])!; + const newSessionCookie = parseCookie(passwordChangeResponse.headers['set-cookie'][0])!; // Old cookie is still valid (since it's still the same user and cookie doesn't store password). await supertest diff --git a/x-pack/test/security_api_integration/tests/anonymous/login.ts b/x-pack/test/security_api_integration/tests/anonymous/login.ts index 05f3adf2b8cb6..7a9dc60d04d14 100644 --- a/x-pack/test/security_api_integration/tests/anonymous/login.ts +++ b/x-pack/test/security_api_integration/tests/anonymous/login.ts @@ -6,7 +6,7 @@ */ import expect from '@kbn/expect'; -import request, { Cookie } from 'request'; +import { parse as parseCookie, Cookie } from 'tough-cookie'; import { adminTestUser } from '@kbn/test'; import { FtrProviderContext } from '../../ftr_provider_context'; @@ -71,7 +71,7 @@ export default function ({ getService }: FtrProviderContext) { const cookies = response.headers['set-cookie']; expect(cookies).to.have.length(1); - const cookie = request.cookie(cookies[0])!; + const cookie = parseCookie(cookies[0])!; checkCookieIsSet(cookie); const { body: user } = await supertest @@ -93,7 +93,7 @@ export default function ({ getService }: FtrProviderContext) { const cookies = response.headers['set-cookie']; expect(cookies).to.have.length(1); - const sessionCookie = request.cookie(cookies[0])!; + const sessionCookie = parseCookie(cookies[0])!; checkCookieIsSet(sessionCookie); const { body: user } = await supertest @@ -133,7 +133,7 @@ export default function ({ getService }: FtrProviderContext) { const cookies = response.headers['set-cookie']; expect(cookies).to.have.length(1); - sessionCookie = request.cookie(cookies[0])!; + sessionCookie = parseCookie(cookies[0])!; checkCookieIsSet(sessionCookie); }); @@ -181,7 +181,7 @@ export default function ({ getService }: FtrProviderContext) { let cookies = response.headers['set-cookie']; expect(cookies).to.have.length(1); - const sessionCookie = request.cookie(cookies[0])!; + const sessionCookie = parseCookie(cookies[0])!; checkCookieIsSet(sessionCookie); // And then log user out. @@ -192,7 +192,7 @@ export default function ({ getService }: FtrProviderContext) { cookies = logoutResponse.headers['set-cookie']; expect(cookies).to.have.length(1); - checkCookieIsCleared(request.cookie(cookies[0])!); + checkCookieIsCleared(parseCookie(cookies[0])!); expect(logoutResponse.headers.location).to.be('/security/logged_out?msg=LOGGED_OUT'); @@ -206,7 +206,7 @@ export default function ({ getService }: FtrProviderContext) { // If Kibana detects cookie with invalid token it tries to clear it. cookies = apiResponse.headers['set-cookie']; expect(cookies).to.have.length(1); - checkCookieIsCleared(request.cookie(cookies[0])!); + checkCookieIsCleared(parseCookie(cookies[0])!); }); it('should redirect to home page if session cookie is not provided', async () => { diff --git a/x-pack/test/security_api_integration/tests/kerberos/kerberos_login.ts b/x-pack/test/security_api_integration/tests/kerberos/kerberos_login.ts index 08780fdd0397d..bdd79f2731961 100644 --- a/x-pack/test/security_api_integration/tests/kerberos/kerberos_login.ts +++ b/x-pack/test/security_api_integration/tests/kerberos/kerberos_login.ts @@ -6,7 +6,7 @@ */ import expect from '@kbn/expect'; -import request, { Cookie } from 'request'; +import { parse as parseCookie, Cookie } from 'tough-cookie'; import { delay } from 'bluebird'; import { adminTestUser } from '@kbn/test'; import { FtrProviderContext } from '../../ftr_provider_context'; @@ -73,7 +73,7 @@ export default function ({ getService }: FtrProviderContext) { const cookies = response.headers['set-cookie']; expect(cookies).to.have.length(1); - const cookie = request.cookie(cookies[0])!; + const cookie = parseCookie(cookies[0])!; checkCookieIsSet(cookie); const { body: user } = await supertest @@ -129,7 +129,7 @@ export default function ({ getService }: FtrProviderContext) { const cookies = response.headers['set-cookie']; expect(cookies).to.have.length(1); - const sessionCookie = request.cookie(cookies[0])!; + const sessionCookie = parseCookie(cookies[0])!; checkCookieIsSet(sessionCookie); const isAnonymousAccessEnabled = (config.get( @@ -193,7 +193,7 @@ export default function ({ getService }: FtrProviderContext) { const cookies = response.headers['set-cookie']; expect(cookies).to.have.length(1); - sessionCookie = request.cookie(cookies[0])!; + sessionCookie = parseCookie(cookies[0])!; checkCookieIsSet(sessionCookie); }); @@ -205,7 +205,7 @@ export default function ({ getService }: FtrProviderContext) { .expect(200); expect(apiResponseOne.headers['set-cookie']).to.not.be(undefined); - const sessionCookieOne = request.cookie(apiResponseOne.headers['set-cookie'][0])!; + const sessionCookieOne = parseCookie(apiResponseOne.headers['set-cookie'][0])!; checkCookieIsSet(sessionCookieOne); expect(sessionCookieOne.value).to.not.equal(sessionCookie.value); @@ -217,7 +217,7 @@ export default function ({ getService }: FtrProviderContext) { .expect(200); expect(apiResponseTwo.headers['set-cookie']).to.not.be(undefined); - const sessionCookieTwo = request.cookie(apiResponseTwo.headers['set-cookie'][0])!; + const sessionCookieTwo = parseCookie(apiResponseTwo.headers['set-cookie'][0])!; checkCookieIsSet(sessionCookieTwo); expect(sessionCookieTwo.value).to.not.equal(sessionCookieOne.value); @@ -257,7 +257,7 @@ export default function ({ getService }: FtrProviderContext) { let cookies = response.headers['set-cookie']; expect(cookies).to.have.length(1); - const sessionCookie = request.cookie(cookies[0])!; + const sessionCookie = parseCookie(cookies[0])!; checkCookieIsSet(sessionCookie); // And then log user out. @@ -268,7 +268,7 @@ export default function ({ getService }: FtrProviderContext) { cookies = logoutResponse.headers['set-cookie']; expect(cookies).to.have.length(1); - checkCookieIsCleared(request.cookie(cookies[0])!); + checkCookieIsCleared(parseCookie(cookies[0])!); expect(logoutResponse.headers.location).to.be('/security/logged_out?msg=LOGGED_OUT'); @@ -283,7 +283,7 @@ export default function ({ getService }: FtrProviderContext) { // If Kibana detects cookie with invalid token it tries to clear it. cookies = apiResponse.headers['set-cookie']; expect(cookies).to.have.length(1); - checkCookieIsCleared(request.cookie(cookies[0])!); + checkCookieIsCleared(parseCookie(cookies[0])!); // Request with a session cookie that is linked to an invalidated/non-existent session is treated the same as // request without any session cookie at all. @@ -310,7 +310,7 @@ export default function ({ getService }: FtrProviderContext) { const cookies = response.headers['set-cookie']; expect(cookies).to.have.length(1); - sessionCookie = request.cookie(cookies[0])!; + sessionCookie = parseCookie(cookies[0])!; checkCookieIsSet(sessionCookie); }); @@ -332,7 +332,7 @@ export default function ({ getService }: FtrProviderContext) { const cookies = apiResponse.headers['set-cookie']; expect(cookies).to.have.length(1); - const refreshedCookie = request.cookie(cookies[0])!; + const refreshedCookie = parseCookie(cookies[0])!; checkCookieIsSet(refreshedCookie); // The first new cookie with fresh pair of access and refresh tokens should work. @@ -362,7 +362,7 @@ export default function ({ getService }: FtrProviderContext) { const cookies = nonAjaxResponse.headers['set-cookie']; expect(cookies).to.have.length(1); - const refreshedCookie = request.cookie(cookies[0])!; + const refreshedCookie = parseCookie(cookies[0])!; checkCookieIsSet(refreshedCookie); // The first new cookie with fresh pair of access and refresh tokens should work. @@ -388,7 +388,7 @@ export default function ({ getService }: FtrProviderContext) { const cookies = response.headers['set-cookie']; expect(cookies).to.have.length(1); - sessionCookie = request.cookie(cookies[0])!; + sessionCookie = parseCookie(cookies[0])!; checkCookieIsSet(sessionCookie); // Let's delete tokens from `.security-tokens` index directly to simulate the case when @@ -411,7 +411,7 @@ export default function ({ getService }: FtrProviderContext) { const cookies = apiResponse.headers['set-cookie']; expect(cookies).to.have.length(1); - checkCookieIsCleared(request.cookie(cookies[0])!); + checkCookieIsCleared(parseCookie(cookies[0])!); expect(apiResponse.headers['www-authenticate']).to.be('Negotiate'); }); @@ -424,7 +424,7 @@ export default function ({ getService }: FtrProviderContext) { const cookies = nonAjaxResponse.headers['set-cookie']; expect(cookies).to.have.length(1); - checkCookieIsCleared(request.cookie(cookies[0])!); + checkCookieIsCleared(parseCookie(cookies[0])!); expect(nonAjaxResponse.headers['www-authenticate']).to.be('Negotiate'); }); diff --git a/x-pack/test/security_api_integration/tests/login_selector/basic_functionality.ts b/x-pack/test/security_api_integration/tests/login_selector/basic_functionality.ts index 69b3542b74bfe..4c6db9ef258bb 100644 --- a/x-pack/test/security_api_integration/tests/login_selector/basic_functionality.ts +++ b/x-pack/test/security_api_integration/tests/login_selector/basic_functionality.ts @@ -5,7 +5,7 @@ * 2.0. */ -import request, { Cookie } from 'request'; +import { parse as parseCookie, Cookie } from 'tough-cookie'; import { readFileSync } from 'fs'; import { resolve } from 'path'; import url from 'url'; @@ -96,7 +96,7 @@ export default function ({ getService }: FtrProviderContext) { // The cookie that includes some state of the in-progress authentication, that doesn't allow // to fully authenticate user yet. - const intermediateAuthCookie = request.cookie(handshakeResponse.headers['set-cookie'][0])!; + const intermediateAuthCookie = parseCookie(handshakeResponse.headers['set-cookie'][0])!; // When login page is accessed directly. await supertest @@ -145,7 +145,7 @@ export default function ({ getService }: FtrProviderContext) { expect(cookies).to.have.length(1); await checkSessionCookie( - request.cookie(cookies[0])!, + parseCookie(cookies[0])!, 'a@b.c', { type: 'saml', name: providerName }, { name: providerName, type: 'saml' }, @@ -178,7 +178,7 @@ export default function ({ getService }: FtrProviderContext) { expect(cookies).to.have.length(1); await checkSessionCookie( - request.cookie(cookies[0])!, + parseCookie(cookies[0])!, 'a@b.c', { type: 'saml', name: providerName }, { name: providerName, type: 'saml' }, @@ -208,7 +208,7 @@ export default function ({ getService }: FtrProviderContext) { expect(cookies).to.have.length(1); await checkSessionCookie( - request.cookie(cookies[0])!, + parseCookie(cookies[0])!, 'a@b.c', { type: 'saml', name: providerName }, { name: providerName, type: 'saml' }, @@ -231,7 +231,7 @@ export default function ({ getService }: FtrProviderContext) { }) .expect(200); - const basicSessionCookie = request.cookie( + const basicSessionCookie = parseCookie( basicAuthenticationResponse.headers['set-cookie'][0] )!; // Skip auth provider check since this comes from the reserved realm, @@ -263,7 +263,7 @@ export default function ({ getService }: FtrProviderContext) { expect(cookies).to.have.length(1); await checkSessionCookie( - request.cookie(cookies[0])!, + parseCookie(cookies[0])!, 'a@b.c', { type: 'saml', name: providerName }, { name: providerName, type: 'saml' }, @@ -282,7 +282,7 @@ export default function ({ getService }: FtrProviderContext) { }) .expect(302); - const saml1SessionCookie = request.cookie( + const saml1SessionCookie = parseCookie( saml1AuthenticationResponse.headers['set-cookie'][0] )!; await checkSessionCookie( @@ -307,7 +307,7 @@ export default function ({ getService }: FtrProviderContext) { '/security/overwritten_session?next=%2F' ); - const saml2SessionCookie = request.cookie( + const saml2SessionCookie = parseCookie( saml2AuthenticationResponse.headers['set-cookie'][0] )!; await checkSessionCookie( @@ -329,7 +329,7 @@ export default function ({ getService }: FtrProviderContext) { }) .expect(302); - const saml1SessionCookie = request.cookie( + const saml1SessionCookie = parseCookie( saml1AuthenticationResponse.headers['set-cookie'][0] )!; await checkSessionCookie( @@ -356,7 +356,7 @@ export default function ({ getService }: FtrProviderContext) { '/security/overwritten_session?next=%2Fapp%2Fkibana%23%2Fdashboards' ); - const saml2SessionCookie = request.cookie( + const saml2SessionCookie = parseCookie( saml2AuthenticationResponse.headers['set-cookie'][0] )!; await checkSessionCookie( @@ -389,9 +389,7 @@ export default function ({ getService }: FtrProviderContext) { saml1HandshakeResponse.body.location.startsWith(`https://elastic.co/sso/saml`) ).to.be(true); - const saml1HandshakeCookie = request.cookie( - saml1HandshakeResponse.headers['set-cookie'][0] - )!; + const saml1HandshakeCookie = parseCookie(saml1HandshakeResponse.headers['set-cookie'][0])!; // And now try to login with `saml2`. const unauthenticatedResponse = await supertest @@ -446,7 +444,7 @@ export default function ({ getService }: FtrProviderContext) { true ); - const handshakeCookie = request.cookie(handshakeResponse.headers['set-cookie'][0])!; + const handshakeCookie = parseCookie(handshakeResponse.headers['set-cookie'][0])!; const samlRequestId = await getSAMLRequestId(handshakeResponse.body.location); const authenticationResponse = await supertest @@ -471,7 +469,7 @@ export default function ({ getService }: FtrProviderContext) { expect(cookies).to.have.length(1); await checkSessionCookie( - request.cookie(cookies[0])!, + parseCookie(cookies[0])!, 'a@b.c', { type: 'saml', name: providerName }, { name: providerName, type: 'saml' }, @@ -497,9 +495,7 @@ export default function ({ getService }: FtrProviderContext) { saml1HandshakeResponse.body.location.startsWith(`https://elastic.co/sso/saml`) ).to.be(true); - const saml1HandshakeCookie = request.cookie( - saml1HandshakeResponse.headers['set-cookie'][0] - )!; + const saml1HandshakeCookie = parseCookie(saml1HandshakeResponse.headers['set-cookie'][0])!; // And now try to login with `saml2`. const saml2HandshakeResponse = await supertest @@ -518,9 +514,7 @@ export default function ({ getService }: FtrProviderContext) { saml2HandshakeResponse.body.location.startsWith(`https://elastic.co/sso/saml`) ).to.be(true); - const saml2HandshakeCookie = request.cookie( - saml2HandshakeResponse.headers['set-cookie'][0] - )!; + const saml2HandshakeCookie = parseCookie(saml2HandshakeResponse.headers['set-cookie'][0])!; const saml2AuthenticationResponse = await supertest .post('/api/security/saml/callback') @@ -535,7 +529,7 @@ export default function ({ getService }: FtrProviderContext) { '/abc/xyz/handshake?one=two three#/saml2' ); - const saml2SessionCookie = request.cookie( + const saml2SessionCookie = parseCookie( saml2AuthenticationResponse.headers['set-cookie'][0] )!; await checkSessionCookie( @@ -585,7 +579,7 @@ export default function ({ getService }: FtrProviderContext) { expect(cookies).to.have.length(1); await checkSessionCookie( - request.cookie(cookies[0])!, + parseCookie(cookies[0])!, 'tester@TEST.ELASTIC.CO', { type: 'kerberos', name: 'kerberos1' }, { name: 'kerb1', type: 'kerberos' }, @@ -631,7 +625,7 @@ export default function ({ getService }: FtrProviderContext) { expect(cookies).to.have.length(1); await checkSessionCookie( - request.cookie(cookies[0])!, + parseCookie(cookies[0])!, 'tester@TEST.ELASTIC.CO', { type: 'kerberos', name: 'kerberos1' }, { name: 'kerb1', type: 'kerberos' }, @@ -646,7 +640,7 @@ export default function ({ getService }: FtrProviderContext) { .get('/api/security/oidc/initiate_login?iss=https://test-op.elastic.co') .ca(CA_CERT) .expect(302); - const handshakeCookie = request.cookie(handshakeResponse.headers['set-cookie'][0])!; + const handshakeCookie = parseCookie(handshakeResponse.headers['set-cookie'][0])!; // Set the nonce in our mock OIDC Provider so that it can generate the ID Tokens const { state, nonce } = getStateAndNonce(handshakeResponse.headers.location); @@ -670,7 +664,7 @@ export default function ({ getService }: FtrProviderContext) { expect(cookies).to.have.length(1); await checkSessionCookie( - request.cookie(cookies[0])!, + parseCookie(cookies[0])!, 'user2', { type: 'oidc', name: 'oidc1' }, { name: 'oidc1', type: 'oidc' }, @@ -683,7 +677,7 @@ export default function ({ getService }: FtrProviderContext) { .get('/api/security/oidc/initiate_login?iss=https://test-op.elastic.co') .ca(CA_CERT) .expect(302); - const handshakeCookie = request.cookie(handshakeResponse.headers['set-cookie'][0])!; + const handshakeCookie = parseCookie(handshakeResponse.headers['set-cookie'][0])!; const unauthenticatedResponse = await supertest .get('/api/security/oidc/callback?code=code2&state=someothervalue') @@ -725,7 +719,7 @@ export default function ({ getService }: FtrProviderContext) { }) .expect(200); - const handshakeCookie = request.cookie(handshakeResponse.headers['set-cookie'][0])!; + const handshakeCookie = parseCookie(handshakeResponse.headers['set-cookie'][0])!; const redirectURL = url.parse(handshakeResponse.body.location, true /* parseQueryString */); expect( handshakeResponse.body.location.startsWith( @@ -762,7 +756,7 @@ export default function ({ getService }: FtrProviderContext) { expect(cookies).to.have.length(1); await checkSessionCookie( - request.cookie(cookies[0])!, + parseCookie(cookies[0])!, 'user1', { type: 'oidc', name: 'oidc1' }, { name: 'oidc1', type: 'oidc' }, @@ -801,7 +795,7 @@ export default function ({ getService }: FtrProviderContext) { expect(cookies).to.have.length(1); await checkSessionCookie( - request.cookie(cookies[0])!, + parseCookie(cookies[0])!, 'first_client', { type: 'pki', name: 'pki1' }, { name: 'pki1', type: 'pki' }, @@ -839,7 +833,7 @@ export default function ({ getService }: FtrProviderContext) { expect(cookies).to.have.length(1); await checkSessionCookie( - request.cookie(cookies[0])!, + parseCookie(cookies[0])!, 'anonymous_user', { type: 'anonymous', name: 'anonymous1' }, { name: 'native1', type: 'native' }, @@ -864,7 +858,7 @@ export default function ({ getService }: FtrProviderContext) { expect(cookies).to.have.length(1); await checkSessionCookie( - request.cookie(cookies[0])!, + parseCookie(cookies[0])!, 'anonymous_user', { type: 'anonymous', name: 'anonymous1' }, { name: 'native1', type: 'native' }, diff --git a/x-pack/test/security_api_integration/tests/oidc/authorization_code_flow/oidc_auth.ts b/x-pack/test/security_api_integration/tests/oidc/authorization_code_flow/oidc_auth.ts index c0c9ebdf58ff2..330133049f549 100644 --- a/x-pack/test/security_api_integration/tests/oidc/authorization_code_flow/oidc_auth.ts +++ b/x-pack/test/security_api_integration/tests/oidc/authorization_code_flow/oidc_auth.ts @@ -6,7 +6,7 @@ */ import expect from '@kbn/expect'; -import request, { Cookie } from 'request'; +import { parse as parseCookie, Cookie } from 'tough-cookie'; import url from 'url'; import { delay } from 'bluebird'; import { adminTestUser } from '@kbn/test'; @@ -42,7 +42,7 @@ export default function ({ getService }: FtrProviderContext) { const { body: user } = await supertest .get('/internal/security/me') .set('kbn-xsrf', 'xxx') - .set('Cookie', request.cookie(cookies[0])!.cookieString()) + .set('Cookie', parseCookie(cookies[0])!.cookieString()) .expect(200); expect(user.username).to.eql(adminTestUser.username); @@ -73,7 +73,7 @@ export default function ({ getService }: FtrProviderContext) { const cookies = handshakeResponse.headers['set-cookie']; expect(cookies).to.have.length(1); - const handshakeCookie = request.cookie(cookies[0])!; + const handshakeCookie = parseCookie(cookies[0])!; expect(handshakeCookie.key).to.be('sid'); expect(handshakeCookie.value).to.not.be.empty(); expect(handshakeCookie.path).to.be('/'); @@ -103,7 +103,7 @@ export default function ({ getService }: FtrProviderContext) { const cookies = handshakeResponse.headers['set-cookie']; expect(cookies).to.have.length(1); - const handshakeCookie = request.cookie(cookies[0])!; + const handshakeCookie = parseCookie(cookies[0])!; expect(handshakeCookie.key).to.be('sid'); expect(handshakeCookie.value).to.not.be.empty(); expect(handshakeCookie.path).to.be('/'); @@ -131,7 +131,7 @@ export default function ({ getService }: FtrProviderContext) { ) .expect(302); - const handshakeCookie = request.cookie(handshakeResponse.headers['set-cookie'][0])!; + const handshakeCookie = parseCookie(handshakeResponse.headers['set-cookie'][0])!; await supertest .get('/internal/security/me') .set('kbn-xsrf', 'xxx') @@ -160,7 +160,7 @@ export default function ({ getService }: FtrProviderContext) { ) .expect(302); - handshakeCookie = request.cookie(handshakeResponse.headers['set-cookie'][0])!; + handshakeCookie = parseCookie(handshakeResponse.headers['set-cookie'][0])!; stateAndNonce = getStateAndNonce(handshakeResponse.headers.location); // Set the nonce in our mock OIDC Provider so that it can generate the ID Tokens await supertest @@ -207,7 +207,7 @@ export default function ({ getService }: FtrProviderContext) { const cookies = oidcAuthenticationResponse.headers['set-cookie']; expect(cookies).to.have.length(1); - const sessionCookie = request.cookie(cookies[0])!; + const sessionCookie = parseCookie(cookies[0])!; expect(sessionCookie.key).to.be('sid'); expect(sessionCookie.value).to.not.be.empty(); expect(sessionCookie.path).to.be('/'); @@ -243,7 +243,7 @@ export default function ({ getService }: FtrProviderContext) { const handshakeResponse = await supertest .get('/api/security/oidc/initiate_login?iss=https://test-op.elastic.co') .expect(302); - const handshakeCookie = request.cookie(handshakeResponse.headers['set-cookie'][0])!; + const handshakeCookie = parseCookie(handshakeResponse.headers['set-cookie'][0])!; const stateAndNonce = getStateAndNonce(handshakeResponse.headers.location); // Set the nonce in our mock OIDC Provider so that it can generate the ID Tokens @@ -260,7 +260,7 @@ export default function ({ getService }: FtrProviderContext) { const cookies = oidcAuthenticationResponse.headers['set-cookie']; expect(cookies).to.have.length(1); - const sessionCookie = request.cookie(cookies[0])!; + const sessionCookie = parseCookie(cookies[0])!; expect(sessionCookie.key).to.be('sid'); expect(sessionCookie.value).to.not.be.empty(); expect(sessionCookie.path).to.be('/'); @@ -302,7 +302,7 @@ export default function ({ getService }: FtrProviderContext) { ) .expect(302); - sessionCookie = request.cookie(handshakeResponse.headers['set-cookie'][0])!; + sessionCookie = parseCookie(handshakeResponse.headers['set-cookie'][0])!; stateAndNonce = getStateAndNonce(handshakeResponse.headers.location); // Set the nonce in our mock OIDC Provider so that it can generate the ID Tokens await supertest @@ -316,7 +316,7 @@ export default function ({ getService }: FtrProviderContext) { .set('Cookie', sessionCookie.cookieString()) .expect(302); - sessionCookie = request.cookie(oidcAuthenticationResponse.headers['set-cookie'][0])!; + sessionCookie = parseCookie(oidcAuthenticationResponse.headers['set-cookie'][0])!; }); it('should extend cookie on every successful non-system API call', async () => { @@ -327,7 +327,7 @@ export default function ({ getService }: FtrProviderContext) { .expect(200); expect(apiResponseOne.headers['set-cookie']).to.not.be(undefined); - const sessionCookieOne = request.cookie(apiResponseOne.headers['set-cookie'][0])!; + const sessionCookieOne = parseCookie(apiResponseOne.headers['set-cookie'][0])!; expect(sessionCookieOne.value).to.not.be.empty(); expect(sessionCookieOne.value).to.not.equal(sessionCookie.value); @@ -339,7 +339,7 @@ export default function ({ getService }: FtrProviderContext) { .expect(200); expect(apiResponseTwo.headers['set-cookie']).to.not.be(undefined); - const sessionCookieTwo = request.cookie(apiResponseTwo.headers['set-cookie'][0])!; + const sessionCookieTwo = parseCookie(apiResponseTwo.headers['set-cookie'][0])!; expect(sessionCookieTwo.value).to.not.be.empty(); expect(sessionCookieTwo.value).to.not.equal(sessionCookieOne.value); @@ -378,7 +378,7 @@ export default function ({ getService }: FtrProviderContext) { ) .expect(302); - const handshakeCookie = request.cookie(handshakeResponse.headers['set-cookie'][0])!; + const handshakeCookie = parseCookie(handshakeResponse.headers['set-cookie'][0])!; const stateAndNonce = getStateAndNonce(handshakeResponse.headers.location); // Set the nonce in our mock OIDC Provider so that it can generate the ID Tokens await supertest @@ -395,7 +395,7 @@ export default function ({ getService }: FtrProviderContext) { const cookies = oidcAuthenticationResponse.headers['set-cookie']; expect(cookies).to.have.length(1); - sessionCookie = request.cookie(cookies[0])!; + sessionCookie = parseCookie(cookies[0])!; }); it('should redirect to home page if session cookie is not provided', async () => { @@ -414,7 +414,7 @@ export default function ({ getService }: FtrProviderContext) { const cookies = logoutResponse.headers['set-cookie']; expect(cookies).to.have.length(1); - const logoutCookie = request.cookie(cookies[0])!; + const logoutCookie = parseCookie(cookies[0])!; expect(logoutCookie.key).to.be('sid'); expect(logoutCookie.value).to.be.empty(); expect(logoutCookie.path).to.be('/'); @@ -461,7 +461,7 @@ export default function ({ getService }: FtrProviderContext) { ) .expect(302); - const handshakeCookie = request.cookie(handshakeResponse.headers['set-cookie'][0])!; + const handshakeCookie = parseCookie(handshakeResponse.headers['set-cookie'][0])!; const stateAndNonce = getStateAndNonce(handshakeResponse.headers.location); // Set the nonce in our mock OIDC Provider so that it can generate the ID Tokens await supertest @@ -478,7 +478,7 @@ export default function ({ getService }: FtrProviderContext) { const cookies = oidcAuthenticationResponse.headers['set-cookie']; expect(cookies).to.have.length(1); - sessionCookie = request.cookie(cookies[0])!; + sessionCookie = parseCookie(cookies[0])!; }); const expectNewSessionCookie = (cookie: Cookie) => { @@ -507,7 +507,7 @@ export default function ({ getService }: FtrProviderContext) { const firstResponseCookies = firstResponse.headers['set-cookie']; expect(firstResponseCookies).to.have.length(1); - const firstNewCookie = request.cookie(firstResponseCookies[0])!; + const firstNewCookie = parseCookie(firstResponseCookies[0])!; expectNewSessionCookie(firstNewCookie); // Request with old cookie should reuse the same refresh token if within 60 seconds. @@ -521,7 +521,7 @@ export default function ({ getService }: FtrProviderContext) { const secondResponseCookies = secondResponse.headers['set-cookie']; expect(secondResponseCookies).to.have.length(1); - const secondNewCookie = request.cookie(secondResponseCookies[0])!; + const secondNewCookie = parseCookie(secondResponseCookies[0])!; expectNewSessionCookie(secondNewCookie); expect(firstNewCookie.value).not.to.eql(secondNewCookie.value); @@ -552,7 +552,7 @@ export default function ({ getService }: FtrProviderContext) { ) .expect(302); - const handshakeCookie = request.cookie(handshakeResponse.headers['set-cookie'][0])!; + const handshakeCookie = parseCookie(handshakeResponse.headers['set-cookie'][0])!; const stateAndNonce = getStateAndNonce(handshakeResponse.headers.location); // Set the nonce in our mock OIDC Provider so that it can generate the ID Tokens await supertest @@ -569,7 +569,7 @@ export default function ({ getService }: FtrProviderContext) { const cookies = oidcAuthenticationResponse.headers['set-cookie']; expect(cookies).to.have.length(1); - sessionCookie = request.cookie(cookies[0])!; + sessionCookie = parseCookie(cookies[0])!; }); it('should properly set cookie and start new OIDC handshake', async function () { @@ -593,7 +593,7 @@ export default function ({ getService }: FtrProviderContext) { const cookies = handshakeResponse.headers['set-cookie']; expect(cookies).to.have.length(1); - const handshakeCookie = request.cookie(cookies[0])!; + const handshakeCookie = parseCookie(cookies[0])!; expect(handshakeCookie.key).to.be('sid'); expect(handshakeCookie.value).to.not.be.empty(); expect(handshakeCookie.path).to.be('/'); diff --git a/x-pack/test/security_api_integration/tests/oidc/implicit_flow/oidc_auth.ts b/x-pack/test/security_api_integration/tests/oidc/implicit_flow/oidc_auth.ts index b3a04747125e2..258969a73a53d 100644 --- a/x-pack/test/security_api_integration/tests/oidc/implicit_flow/oidc_auth.ts +++ b/x-pack/test/security_api_integration/tests/oidc/implicit_flow/oidc_auth.ts @@ -7,7 +7,7 @@ import expect from '@kbn/expect'; import { JSDOM } from 'jsdom'; -import request, { Cookie } from 'request'; +import { parse as parseCookie, Cookie } from 'tough-cookie'; import { format as formatURL } from 'url'; import { createTokens, getStateAndNonce } from '../../../fixtures/oidc/oidc_tools'; import { FtrProviderContext } from '../../../ftr_provider_context'; @@ -33,7 +33,7 @@ export default function ({ getService }: FtrProviderContext) { }) .expect(200); - handshakeCookie = request.cookie(handshakeResponse.headers['set-cookie'][0])!; + handshakeCookie = parseCookie(handshakeResponse.headers['set-cookie'][0])!; stateAndNonce = getStateAndNonce(handshakeResponse.body.location); }); @@ -137,7 +137,7 @@ export default function ({ getService }: FtrProviderContext) { const cookies = oidcAuthenticationResponse.headers['set-cookie']; expect(cookies).to.have.length(1); - const sessionCookie = request.cookie(cookies[0])!; + const sessionCookie = parseCookie(cookies[0])!; expect(sessionCookie.key).to.be('sid'); expect(sessionCookie.value).to.not.be.empty(); expect(sessionCookie.path).to.be('/'); diff --git a/x-pack/test/security_api_integration/tests/pki/pki_auth.ts b/x-pack/test/security_api_integration/tests/pki/pki_auth.ts index 2150553267a78..f857e5c149be4 100644 --- a/x-pack/test/security_api_integration/tests/pki/pki_auth.ts +++ b/x-pack/test/security_api_integration/tests/pki/pki_auth.ts @@ -6,7 +6,7 @@ */ import expect from '@kbn/expect'; -import request, { Cookie } from 'request'; +import { parse as parseCookie, Cookie } from 'tough-cookie'; import { delay } from 'bluebird'; import { readFileSync } from 'fs'; import { resolve } from 'path'; @@ -95,7 +95,7 @@ export default function ({ getService }: FtrProviderContext) { const cookies = response.headers['set-cookie']; expect(cookies).to.have.length(1); - const cookie = request.cookie(cookies[0])!; + const cookie = parseCookie(cookies[0])!; checkCookieIsSet(cookie); const { body: user } = await supertest @@ -132,7 +132,7 @@ export default function ({ getService }: FtrProviderContext) { const cookies = response.headers['set-cookie']; expect(cookies).to.have.length(1); - const sessionCookie = request.cookie(cookies[0])!; + const sessionCookie = parseCookie(cookies[0])!; checkCookieIsSet(sessionCookie); // Cookie should be accepted. @@ -170,7 +170,7 @@ export default function ({ getService }: FtrProviderContext) { const cookies = response.headers['set-cookie']; expect(cookies).to.have.length(1); - const sessionCookie = request.cookie(cookies[0])!; + const sessionCookie = parseCookie(cookies[0])!; checkCookieIsSet(sessionCookie); response = await supertest @@ -196,7 +196,7 @@ export default function ({ getService }: FtrProviderContext) { authentication_type: 'realm', }); - checkCookieIsSet(request.cookie(response.headers['set-cookie'][0])!); + checkCookieIsSet(parseCookie(response.headers['set-cookie'][0])!); }); it('should reject valid cookie if used with untrusted certificate', async () => { @@ -209,7 +209,7 @@ export default function ({ getService }: FtrProviderContext) { const cookies = response.headers['set-cookie']; expect(cookies).to.have.length(1); - const sessionCookie = request.cookie(cookies[0])!; + const sessionCookie = parseCookie(cookies[0])!; checkCookieIsSet(sessionCookie); await supertest @@ -233,7 +233,7 @@ export default function ({ getService }: FtrProviderContext) { const cookies = response.headers['set-cookie']; expect(cookies).to.have.length(1); - sessionCookie = request.cookie(cookies[0])!; + sessionCookie = parseCookie(cookies[0])!; checkCookieIsSet(sessionCookie); }); @@ -247,7 +247,7 @@ export default function ({ getService }: FtrProviderContext) { .expect(200); expect(apiResponseOne.headers['set-cookie']).to.not.be(undefined); - const sessionCookieOne = request.cookie(apiResponseOne.headers['set-cookie'][0])!; + const sessionCookieOne = parseCookie(apiResponseOne.headers['set-cookie'][0])!; checkCookieIsSet(sessionCookieOne); expect(sessionCookieOne.value).to.not.equal(sessionCookie.value); @@ -261,7 +261,7 @@ export default function ({ getService }: FtrProviderContext) { .expect(200); expect(apiResponseTwo.headers['set-cookie']).to.not.be(undefined); - const sessionCookieTwo = request.cookie(apiResponseTwo.headers['set-cookie'][0])!; + const sessionCookieTwo = parseCookie(apiResponseTwo.headers['set-cookie'][0])!; checkCookieIsSet(sessionCookieTwo); expect(sessionCookieTwo.value).to.not.equal(sessionCookieOne.value); @@ -306,7 +306,7 @@ export default function ({ getService }: FtrProviderContext) { let cookies = response.headers['set-cookie']; expect(cookies).to.have.length(1); - const sessionCookie = request.cookie(cookies[0])!; + const sessionCookie = parseCookie(cookies[0])!; checkCookieIsSet(sessionCookie); // And then log user out. @@ -319,7 +319,7 @@ export default function ({ getService }: FtrProviderContext) { cookies = logoutResponse.headers['set-cookie']; expect(cookies).to.have.length(1); - checkCookieIsCleared(request.cookie(cookies[0])!); + checkCookieIsCleared(parseCookie(cookies[0])!); expect(logoutResponse.headers.location).to.be('/security/logged_out?msg=LOGGED_OUT'); }); @@ -349,7 +349,7 @@ export default function ({ getService }: FtrProviderContext) { const cookies = response.headers['set-cookie']; expect(cookies).to.have.length(1); - sessionCookie = request.cookie(cookies[0])!; + sessionCookie = parseCookie(cookies[0])!; checkCookieIsSet(sessionCookie); }); @@ -373,7 +373,7 @@ export default function ({ getService }: FtrProviderContext) { const cookies = apiResponse.headers['set-cookie']; expect(cookies).to.have.length(1); - const refreshedCookie = request.cookie(cookies[0])!; + const refreshedCookie = parseCookie(cookies[0])!; checkCookieIsSet(refreshedCookie); }); @@ -396,7 +396,7 @@ export default function ({ getService }: FtrProviderContext) { const cookies = nonAjaxResponse.headers['set-cookie']; expect(cookies).to.have.length(1); - const refreshedCookie = request.cookie(cookies[0])!; + const refreshedCookie = parseCookie(cookies[0])!; checkCookieIsSet(refreshedCookie); }); }); diff --git a/x-pack/test/security_api_integration/tests/saml/saml_login.ts b/x-pack/test/security_api_integration/tests/saml/saml_login.ts index a246dd4c5675a..d78a7b1040455 100644 --- a/x-pack/test/security_api_integration/tests/saml/saml_login.ts +++ b/x-pack/test/security_api_integration/tests/saml/saml_login.ts @@ -9,7 +9,7 @@ import { stringify } from 'query-string'; import url from 'url'; import { delay } from 'bluebird'; import expect from '@kbn/expect'; -import request, { Cookie } from 'request'; +import { parse as parseCookie, Cookie } from 'tough-cookie'; import { adminTestUser } from '@kbn/test'; import { getLogoutRequest, @@ -97,13 +97,13 @@ export default function ({ getService }: FtrProviderContext) { const { body: user } = await supertest .get('/internal/security/me') .set('kbn-xsrf', 'xxx') - .set('Cookie', request.cookie(cookies[0])!.cookieString()) + .set('Cookie', parseCookie(cookies[0])!.cookieString()) .expect(200); expect(user.username).to.eql(adminTestUser.username); expect(user.authentication_provider).to.eql({ type: 'basic', name: 'basic' }); expect(user.authentication_type).to.be('realm'); - // Do not assert on the `authentication_realm`, as the value differes for on-prem vs cloud + // Do not assert on the `authentication_realm`, as the value differs for on-prem vs cloud }); describe('initiating handshake', () => { @@ -128,7 +128,7 @@ export default function ({ getService }: FtrProviderContext) { const cookies = handshakeResponse.headers['set-cookie']; expect(cookies).to.have.length(1); - const handshakeCookie = request.cookie(cookies[0])!; + const handshakeCookie = parseCookie(cookies[0])!; expect(handshakeCookie.key).to.be('sid'); expect(handshakeCookie.value).to.not.be.empty(); expect(handshakeCookie.path).to.be('/'); @@ -149,7 +149,7 @@ export default function ({ getService }: FtrProviderContext) { ) .expect(302); - const handshakeCookie = request.cookie(handshakeResponse.headers['set-cookie'][0])!; + const handshakeCookie = parseCookie(handshakeResponse.headers['set-cookie'][0])!; await supertest .get('/internal/security/me') .set('kbn-xsrf', 'xxx') @@ -178,7 +178,7 @@ export default function ({ getService }: FtrProviderContext) { ) .expect(302); - handshakeCookie = request.cookie(handshakeResponse.headers['set-cookie'][0])!; + handshakeCookie = parseCookie(handshakeResponse.headers['set-cookie'][0])!; samlRequestId = await getSAMLRequestId(handshakeResponse.headers.location); }); @@ -209,7 +209,7 @@ export default function ({ getService }: FtrProviderContext) { const cookies = samlAuthenticationResponse.headers['set-cookie']; expect(cookies).to.have.length(1); - await checkSessionCookie(request.cookie(cookies[0])!); + await checkSessionCookie(parseCookie(cookies[0])!); }); it('should succeed in case of IdP initiated login', async () => { @@ -225,7 +225,7 @@ export default function ({ getService }: FtrProviderContext) { const cookies = samlAuthenticationResponse.headers['set-cookie']; expect(cookies).to.have.length(1); - await checkSessionCookie(request.cookie(cookies[0])!); + await checkSessionCookie(parseCookie(cookies[0])!); }); it('should fail if SAML response is not valid', async () => { @@ -254,7 +254,7 @@ export default function ({ getService }: FtrProviderContext) { .send({ SAMLResponse: await createSAMLResponse() }) .expect(302); - sessionCookie = request.cookie(samlAuthenticationResponse.headers['set-cookie'][0])!; + sessionCookie = parseCookie(samlAuthenticationResponse.headers['set-cookie'][0])!; }); it('should extend cookie on every successful non-system API call', async () => { @@ -265,7 +265,7 @@ export default function ({ getService }: FtrProviderContext) { .expect(200); expect(apiResponseOne.headers['set-cookie']).to.not.be(undefined); - const sessionCookieOne = request.cookie(apiResponseOne.headers['set-cookie'][0])!; + const sessionCookieOne = parseCookie(apiResponseOne.headers['set-cookie'][0])!; expect(sessionCookieOne.value).to.not.be.empty(); expect(sessionCookieOne.value).to.not.equal(sessionCookie.value); @@ -277,7 +277,7 @@ export default function ({ getService }: FtrProviderContext) { .expect(200); expect(apiResponseTwo.headers['set-cookie']).to.not.be(undefined); - const sessionCookieTwo = request.cookie(apiResponseTwo.headers['set-cookie'][0])!; + const sessionCookieTwo = parseCookie(apiResponseTwo.headers['set-cookie'][0])!; expect(sessionCookieTwo.value).to.not.be.empty(); expect(sessionCookieTwo.value).to.not.equal(sessionCookieOne.value); @@ -317,7 +317,7 @@ export default function ({ getService }: FtrProviderContext) { ) .expect(302); - const handshakeCookie = request.cookie(handshakeResponse.headers['set-cookie'][0])!; + const handshakeCookie = parseCookie(handshakeResponse.headers['set-cookie'][0])!; const samlRequestId = await getSAMLRequestId(handshakeResponse.headers.location); idpSessionIndex = String(randomness.naturalNumber()); @@ -332,7 +332,7 @@ export default function ({ getService }: FtrProviderContext) { }) .expect(302); - sessionCookie = request.cookie(samlAuthenticationResponse.headers['set-cookie'][0])!; + sessionCookie = parseCookie(samlAuthenticationResponse.headers['set-cookie'][0])!; }); it('should redirect to IdP with SAML request to complete logout', async () => { @@ -344,7 +344,7 @@ export default function ({ getService }: FtrProviderContext) { const cookies = logoutResponse.headers['set-cookie']; expect(cookies).to.have.length(1); - const logoutCookie = request.cookie(cookies[0])!; + const logoutCookie = parseCookie(cookies[0])!; expect(logoutCookie.key).to.be('sid'); expect(logoutCookie.value).to.be.empty(); expect(logoutCookie.path).to.be('/'); @@ -395,7 +395,7 @@ export default function ({ getService }: FtrProviderContext) { const cookies = logoutResponse.headers['set-cookie']; expect(cookies).to.have.length(1); - const logoutCookie = request.cookie(cookies[0])!; + const logoutCookie = parseCookie(cookies[0])!; expect(logoutCookie.key).to.be('sid'); expect(logoutCookie.value).to.be.empty(); expect(logoutCookie.path).to.be('/'); @@ -455,7 +455,7 @@ export default function ({ getService }: FtrProviderContext) { ) .expect(302); - const handshakeCookie = request.cookie(handshakeResponse.headers['set-cookie'][0])!; + const handshakeCookie = parseCookie(handshakeResponse.headers['set-cookie'][0])!; const samlRequestId = await getSAMLRequestId(handshakeResponse.headers.location); const samlAuthenticationResponse = await supertest @@ -464,7 +464,7 @@ export default function ({ getService }: FtrProviderContext) { .send({ SAMLResponse: await createSAMLResponse({ inResponseTo: samlRequestId }) }) .expect(302); - sessionCookie = request.cookie(samlAuthenticationResponse.headers['set-cookie'][0])!; + sessionCookie = parseCookie(samlAuthenticationResponse.headers['set-cookie'][0])!; // Access token expiration is set to 15s for API integration tests. // Let's wait for 20s to make sure token expires. @@ -491,7 +491,7 @@ export default function ({ getService }: FtrProviderContext) { const firstResponseCookies = firstResponse.headers['set-cookie']; expect(firstResponseCookies).to.have.length(1); - const firstNewCookie = request.cookie(firstResponseCookies[0])!; + const firstNewCookie = parseCookie(firstResponseCookies[0])!; expectNewSessionCookie(firstNewCookie); // Request with old cookie should reuse the same refresh token if within 60 seconds. @@ -505,7 +505,7 @@ export default function ({ getService }: FtrProviderContext) { const secondResponseCookies = secondResponse.headers['set-cookie']; expect(secondResponseCookies).to.have.length(1); - const secondNewCookie = request.cookie(secondResponseCookies[0])!; + const secondNewCookie = parseCookie(secondResponseCookies[0])!; expectNewSessionCookie(secondNewCookie); expect(firstNewCookie.value).not.to.eql(secondNewCookie.value); @@ -549,7 +549,7 @@ export default function ({ getService }: FtrProviderContext) { ) .expect(302); - const handshakeCookie = request.cookie(handshakeResponse.headers['set-cookie'][0])!; + const handshakeCookie = parseCookie(handshakeResponse.headers['set-cookie'][0])!; const samlRequestId = await getSAMLRequestId(handshakeResponse.headers.location); const samlAuthenticationResponse = await supertest @@ -558,7 +558,7 @@ export default function ({ getService }: FtrProviderContext) { .send({ SAMLResponse: await createSAMLResponse({ inResponseTo: samlRequestId }) }) .expect(302); - sessionCookie = request.cookie(samlAuthenticationResponse.headers['set-cookie'][0])!; + sessionCookie = parseCookie(samlAuthenticationResponse.headers['set-cookie'][0])!; // Let's delete tokens from `.security` index directly to simulate the case when // Elasticsearch automatically removes access/refresh token document from the index @@ -580,7 +580,7 @@ export default function ({ getService }: FtrProviderContext) { const cookies = handshakeResponse.headers['set-cookie']; expect(cookies).to.have.length(1); - const handshakeCookie = request.cookie(cookies[0])!; + const handshakeCookie = parseCookie(cookies[0])!; expect(handshakeCookie.key).to.be('sid'); expect(handshakeCookie.value).to.be.empty(); expect(handshakeCookie.path).to.be('/'); @@ -602,7 +602,7 @@ export default function ({ getService }: FtrProviderContext) { const cookies = handshakeResponse.headers['set-cookie']; expect(cookies).to.have.length(1); - const handshakeCookie = request.cookie(cookies[0])!; + const handshakeCookie = parseCookie(cookies[0])!; expect(handshakeCookie.key).to.be('sid'); expect(handshakeCookie.value).to.not.be.empty(); expect(handshakeCookie.path).to.be('/'); @@ -662,7 +662,7 @@ export default function ({ getService }: FtrProviderContext) { ) .expect(302); - const handshakeCookie = request.cookie(handshakeResponse.headers['set-cookie'][0])!; + const handshakeCookie = parseCookie(handshakeResponse.headers['set-cookie'][0])!; const samlRequestId = await getSAMLRequestId(handshakeResponse.headers.location); const samlAuthenticationResponse = await supertest @@ -676,9 +676,7 @@ export default function ({ getService }: FtrProviderContext) { }) .expect(302); - existingSessionCookie = request.cookie( - samlAuthenticationResponse.headers['set-cookie'][0] - )!; + existingSessionCookie = parseCookie(samlAuthenticationResponse.headers['set-cookie'][0])!; }); for (const [description, setup] of testScenarios) { @@ -693,7 +691,7 @@ export default function ({ getService }: FtrProviderContext) { expect(samlAuthenticationResponse.headers.location).to.be('/'); - const newSessionCookie = request.cookie( + const newSessionCookie = parseCookie( samlAuthenticationResponse.headers['set-cookie'][0] )!; expect(newSessionCookie.value).to.not.be.empty(); @@ -724,7 +722,7 @@ export default function ({ getService }: FtrProviderContext) { '/security/overwritten_session?next=%2F' ); - const newSessionCookie = request.cookie( + const newSessionCookie = parseCookie( samlAuthenticationResponse.headers['set-cookie'][0] )!; expect(newSessionCookie.value).to.not.be.empty(); diff --git a/x-pack/test/security_api_integration/tests/session_idle/cleanup.ts b/x-pack/test/security_api_integration/tests/session_idle/cleanup.ts index bb46beef41449..ec016ad80e567 100644 --- a/x-pack/test/security_api_integration/tests/session_idle/cleanup.ts +++ b/x-pack/test/security_api_integration/tests/session_idle/cleanup.ts @@ -5,7 +5,7 @@ * 2.0. */ -import request, { Cookie } from 'request'; +import { parse as parseCookie, Cookie } from 'tough-cookie'; import { delay } from 'bluebird'; import expect from '@kbn/expect'; import { adminTestUser } from '@kbn/test'; @@ -38,7 +38,7 @@ export default function ({ getService }: FtrProviderContext) { expect(apiResponse.body.authentication_provider).to.eql(provider); return Array.isArray(apiResponse.headers['set-cookie']) - ? request.cookie(apiResponse.headers['set-cookie'][0])! + ? parseCookie(apiResponse.headers['set-cookie'][0])! : undefined; } @@ -59,7 +59,7 @@ export default function ({ getService }: FtrProviderContext) { const authenticationResponse = await supertest .post('/api/security/saml/callback') .set('kbn-xsrf', 'xxx') - .set('Cookie', request.cookie(handshakeResponse.headers['set-cookie'][0])!.cookieString()) + .set('Cookie', parseCookie(handshakeResponse.headers['set-cookie'][0])!.cookieString()) .send({ SAMLResponse: await getSAMLResponse({ destination: `http://localhost:${kibanaServerConfig.port}/api/security/saml/callback`, @@ -69,7 +69,7 @@ export default function ({ getService }: FtrProviderContext) { }) .expect(302); - const cookie = request.cookie(authenticationResponse.headers['set-cookie'][0])!; + const cookie = parseCookie(authenticationResponse.headers['set-cookie'][0])!; await checkSessionCookie(cookie, 'a@b.c', { type: 'saml', name: providerName }); return cookie; } @@ -94,7 +94,7 @@ export default function ({ getService }: FtrProviderContext) { }) .expect(200); - const sessionCookie = request.cookie(response.headers['set-cookie'][0])!; + const sessionCookie = parseCookie(response.headers['set-cookie'][0])!; await checkSessionCookie(sessionCookie, basicUsername, { type: 'basic', name: 'basic1' }); expect(await getNumberOfSessionDocuments()).to.be(1); @@ -136,7 +136,7 @@ export default function ({ getService }: FtrProviderContext) { }) .expect(200); - const basicSessionCookie = request.cookie(response.headers['set-cookie'][0])!; + const basicSessionCookie = parseCookie(response.headers['set-cookie'][0])!; await checkSessionCookie(basicSessionCookie, basicUsername, { type: 'basic', name: 'basic1', @@ -186,7 +186,7 @@ export default function ({ getService }: FtrProviderContext) { }) .expect(200); - let sessionCookie = request.cookie(response.headers['set-cookie'][0])!; + let sessionCookie = parseCookie(response.headers['set-cookie'][0])!; await checkSessionCookie(sessionCookie, basicUsername, { type: 'basic', name: 'basic1' }); expect(await getNumberOfSessionDocuments()).to.be(1); diff --git a/x-pack/test/security_api_integration/tests/session_idle/extension.ts b/x-pack/test/security_api_integration/tests/session_idle/extension.ts index 84ab8ce42c13e..62c7a50456388 100644 --- a/x-pack/test/security_api_integration/tests/session_idle/extension.ts +++ b/x-pack/test/security_api_integration/tests/session_idle/extension.ts @@ -5,7 +5,7 @@ * 2.0. */ -import { Cookie, cookie } from 'request'; +import { parse as parseCookie, Cookie } from 'tough-cookie'; import expect from '@kbn/expect'; import { FtrProviderContext } from '../../ftr_provider_context'; @@ -22,7 +22,7 @@ export default function ({ getService }: FtrProviderContext) { const saveCookie = async (response: any) => { // save the response cookie, and pass back the result - sessionCookie = cookie(response.headers['set-cookie'][0])!; + sessionCookie = parseCookie(response.headers['set-cookie'][0])!; return response; }; const getSessionInfo = async () => diff --git a/x-pack/test/security_api_integration/tests/session_invalidate/invalidate.ts b/x-pack/test/security_api_integration/tests/session_invalidate/invalidate.ts index 60605c88ce45e..c8149cfca8a11 100644 --- a/x-pack/test/security_api_integration/tests/session_invalidate/invalidate.ts +++ b/x-pack/test/security_api_integration/tests/session_invalidate/invalidate.ts @@ -5,7 +5,7 @@ * 2.0. */ -import request, { Cookie } from 'request'; +import { parse as parseCookie, Cookie } from 'tough-cookie'; import expect from '@kbn/expect'; import { adminTestUser } from '@kbn/test'; import type { AuthenticationProvider } from '../../../../plugins/security/common/model'; @@ -37,7 +37,7 @@ export default function ({ getService }: FtrProviderContext) { expect(apiResponse.body.authentication_provider).to.eql(provider); return Array.isArray(apiResponse.headers['set-cookie']) - ? request.cookie(apiResponse.headers['set-cookie'][0])! + ? parseCookie(apiResponse.headers['set-cookie'][0])! : undefined; } @@ -51,7 +51,7 @@ export default function ({ getService }: FtrProviderContext) { const authenticationResponse = await supertest .post('/api/security/saml/callback') .set('kbn-xsrf', 'xxx') - .set('Cookie', request.cookie(handshakeResponse.headers['set-cookie'][0])!.cookieString()) + .set('Cookie', parseCookie(handshakeResponse.headers['set-cookie'][0])!.cookieString()) .send({ SAMLResponse: await getSAMLResponse({ destination: `http://localhost:${kibanaServerConfig.port}/api/security/saml/callback`, @@ -61,7 +61,7 @@ export default function ({ getService }: FtrProviderContext) { }) .expect(302); - const cookie = request.cookie(authenticationResponse.headers['set-cookie'][0])!; + const cookie = parseCookie(authenticationResponse.headers['set-cookie'][0])!; await checkSessionCookie(cookie, 'a@b.c', { type: 'saml', name: 'saml1' }); return cookie; } @@ -78,7 +78,7 @@ export default function ({ getService }: FtrProviderContext) { }) .expect(200); - const cookie = request.cookie(authenticationResponse.headers['set-cookie'][0])!; + const cookie = parseCookie(authenticationResponse.headers['set-cookie'][0])!; await checkSessionCookie(cookie, credentials.username, { type: 'basic', name: 'basic1' }); return cookie; } diff --git a/x-pack/test/security_api_integration/tests/session_lifespan/cleanup.ts b/x-pack/test/security_api_integration/tests/session_lifespan/cleanup.ts index 0b17f037dfbd9..f2ee5600261c2 100644 --- a/x-pack/test/security_api_integration/tests/session_lifespan/cleanup.ts +++ b/x-pack/test/security_api_integration/tests/session_lifespan/cleanup.ts @@ -5,7 +5,7 @@ * 2.0. */ -import request, { Cookie } from 'request'; +import { parse as parseCookie, Cookie } from 'tough-cookie'; import { delay } from 'bluebird'; import expect from '@kbn/expect'; import { adminTestUser } from '@kbn/test'; @@ -54,7 +54,7 @@ export default function ({ getService }: FtrProviderContext) { const authenticationResponse = await supertest .post('/api/security/saml/callback') .set('kbn-xsrf', 'xxx') - .set('Cookie', request.cookie(handshakeResponse.headers['set-cookie'][0])!.cookieString()) + .set('Cookie', parseCookie(handshakeResponse.headers['set-cookie'][0])!.cookieString()) .send({ SAMLResponse: await getSAMLResponse({ destination: `http://localhost:${kibanaServerConfig.port}/api/security/saml/callback`, @@ -64,7 +64,7 @@ export default function ({ getService }: FtrProviderContext) { }) .expect(302); - const cookie = request.cookie(authenticationResponse.headers['set-cookie'][0])!; + const cookie = parseCookie(authenticationResponse.headers['set-cookie'][0])!; await checkSessionCookie(cookie, 'a@b.c', { type: 'saml', name: providerName }); return cookie; } @@ -89,7 +89,7 @@ export default function ({ getService }: FtrProviderContext) { }) .expect(200); - const sessionCookie = request.cookie(response.headers['set-cookie'][0])!; + const sessionCookie = parseCookie(response.headers['set-cookie'][0])!; await checkSessionCookie(sessionCookie, basicUsername, { type: 'basic', name: 'basic1', @@ -132,7 +132,7 @@ export default function ({ getService }: FtrProviderContext) { params: { username: basicUsername, password: basicPassword }, }) .expect(200); - const basicSessionCookie = request.cookie(response.headers['set-cookie'][0])!; + const basicSessionCookie = parseCookie(response.headers['set-cookie'][0])!; await checkSessionCookie(basicSessionCookie, basicUsername, { type: 'basic', name: 'basic1', diff --git a/x-pack/test/security_api_integration/tests/token/login.ts b/x-pack/test/security_api_integration/tests/token/login.ts index 609a66a8206c6..25e7bb3251687 100644 --- a/x-pack/test/security_api_integration/tests/token/login.ts +++ b/x-pack/test/security_api_integration/tests/token/login.ts @@ -5,7 +5,7 @@ * 2.0. */ -import request from 'request'; +import { parse as parseCookie } from 'tough-cookie'; import { FtrProviderContext } from '../../ftr_provider_context'; export default function ({ getService }: FtrProviderContext) { @@ -15,7 +15,7 @@ export default function ({ getService }: FtrProviderContext) { const cookie = (response.headers['set-cookie'] || []).find((header) => header.startsWith('sid=') ); - return cookie ? request.cookie(cookie) : undefined; + return cookie ? parseCookie(cookie) : undefined; } describe('login', () => { diff --git a/x-pack/test/security_api_integration/tests/token/logout.ts b/x-pack/test/security_api_integration/tests/token/logout.ts index 856d84cd98115..1a2385e434ca4 100644 --- a/x-pack/test/security_api_integration/tests/token/logout.ts +++ b/x-pack/test/security_api_integration/tests/token/logout.ts @@ -5,7 +5,7 @@ * 2.0. */ -import request from 'request'; +import { parse as parseCookie } from 'tough-cookie'; import { FtrProviderContext } from '../../ftr_provider_context'; export default function ({ getService }: FtrProviderContext) { @@ -15,7 +15,7 @@ export default function ({ getService }: FtrProviderContext) { const cookie = (response.headers['set-cookie'] || []).find((header) => header.startsWith('sid=') ); - return cookie ? request.cookie(cookie) : undefined; + return cookie ? parseCookie(cookie) : undefined; } async function createSessionCookie() { diff --git a/x-pack/test/security_api_integration/tests/token/session.ts b/x-pack/test/security_api_integration/tests/token/session.ts index ae521efba605f..b8319ec8f7af1 100644 --- a/x-pack/test/security_api_integration/tests/token/session.ts +++ b/x-pack/test/security_api_integration/tests/token/session.ts @@ -5,7 +5,7 @@ * 2.0. */ -import request, { Cookie } from 'request'; +import { parse as parseCookie, Cookie } from 'tough-cookie'; import expect from '@kbn/expect'; import { FtrProviderContext } from '../../ftr_provider_context'; @@ -18,7 +18,7 @@ export default function ({ getService }: FtrProviderContext) { const cookie = (response.headers['set-cookie'] || []).find((header) => header.startsWith('sid=') ); - return cookie ? request.cookie(cookie) : undefined; + return cookie ? parseCookie(cookie) : undefined; } async function createSessionCookie() { @@ -157,7 +157,7 @@ export default function ({ getService }: FtrProviderContext) { const cookies = response.headers['set-cookie']; expect(cookies).to.have.length(1); - const cookie = request.cookie(cookies[0])!; + const cookie = parseCookie(cookies[0])!; expect(cookie.key).to.be('sid'); expect(cookie.value).to.be.empty(); expect(cookie.path).to.be('/'); diff --git a/yarn.lock b/yarn.lock index 3ce7adb678f50..b0a44e6aa66c7 100644 --- a/yarn.lock +++ b/yarn.lock @@ -6198,10 +6198,10 @@ dependencies: "@types/geojson" "*" -"@types/tough-cookie@*": - version "2.3.5" - resolved "https://registry.yarnpkg.com/@types/tough-cookie/-/tough-cookie-2.3.5.tgz#9da44ed75571999b65c37b60c9b2b88db54c585d" - integrity sha512-SCcK7mvGi3+ZNz833RRjFIxrn4gI1PPR3NtuIS+6vMkvmsGjosqTJwRt5bAEFLRz+wtJMWv8+uOnZf2hi2QXTg== +"@types/tough-cookie@^4.0.1", "@types/tough-cookie@*": + version "4.0.1" + resolved "https://registry.yarnpkg.com/@types/tough-cookie/-/tough-cookie-4.0.1.tgz#8f80dd965ad81f3e1bc26d6f5c727e132721ff40" + integrity sha512-Y0K95ThC3esLEYD6ZuqNek29lNX2EM1qxV8y2FTLUB0ff5wWrk7az+mLrnNFUnaXcgKye22+sFBRXOgpPILZNg== "@types/type-detect@^4.0.1": version "4.0.1" @@ -22537,7 +22537,7 @@ pseudomap@^1.0.2: resolved "https://registry.yarnpkg.com/pseudomap/-/pseudomap-1.0.2.tgz#f052a28da70e618917ef0a8ac34c1ae5a68286b3" integrity sha1-8FKijacOYYkX7wqKw0wa5aaChrM= -psl@^1.1.28: +psl@^1.1.28, psl@^1.1.33: version "1.4.0" resolved "https://registry.yarnpkg.com/psl/-/psl-1.4.0.tgz#5dd26156cdb69fa1fdb8ab1991667d3f80ced7c2" integrity sha512-HZzqCGPecFLyoRj5HLfuDSKYTJkAfB5thKBIkRHtGjWwY7p1dAyveIbXIq4tO0KYfDF2tHqPUgY9SDnGm00uFw== @@ -27241,6 +27241,15 @@ tough-cookie@^3.0.1: psl "^1.1.28" punycode "^2.1.1" +tough-cookie@^4.0.0: + version "4.0.0" + resolved "https://registry.yarnpkg.com/tough-cookie/-/tough-cookie-4.0.0.tgz#d822234eeca882f991f0f908824ad2622ddbece4" + integrity sha512-tHdtEpQCMrc1YLrMaqXXcj6AxhYi/xgit6mZu1+EDWUn+qhUf8wMQoFIy9NXuq23zAwtcB0t/MjACGR18pcRbg== + dependencies: + psl "^1.1.33" + punycode "^2.1.1" + universalify "^0.1.2" + tr46@^1.0.1: version "1.0.1" resolved "https://registry.yarnpkg.com/tr46/-/tr46-1.0.1.tgz#a8b13fd6bfd2489519674ccde55ba3693b706d09" @@ -27983,7 +27992,7 @@ universal-user-agent@^6.0.0: resolved "https://registry.yarnpkg.com/universal-user-agent/-/universal-user-agent-6.0.0.tgz#3381f8503b251c0d9cd21bc1de939ec9df5480ee" integrity sha512-isyNax3wXoKaulPDZWHQqbmIx1k2tb9fb3GGDBRxCscfYV2Ch7WxPArBsFEG8s/safwXTT7H4QGhaIkTp9447w== -universalify@^0.1.0: +universalify@^0.1.0, universalify@^0.1.2: version "0.1.2" resolved "https://registry.yarnpkg.com/universalify/-/universalify-0.1.2.tgz#b646f69be3942dabcecc9d6639c80dc105efaa66" integrity sha512-rBJeI5CXAlmy1pV+617WB9J63U6XcazHHF2f2dbJix4XzpUF0RS3Zbj0FGIOCAva5P/d/GBOYaACQ1w+0azUkg==