From 25263e758096ed4d0e7a9b44b10a8aae38016615 Mon Sep 17 00:00:00 2001 From: Peter Zhu Date: Fri, 15 Apr 2022 21:31:37 -0400 Subject: [PATCH] Revert "Enforce authentication on api/status route by default (#943)" (#950) This reverts commit 6d6c5b7262887c6e28ac58c1050164a3ed78e90e. Signed-off-by: Peter Zhu --- server/index.ts | 4 ++-- test/jest_integration/basic_auth.test.ts | 12 ------------ 2 files changed, 2 insertions(+), 14 deletions(-) diff --git a/server/index.ts b/server/index.ts index 287b6ebec..a25bca467 100644 --- a/server/index.ts +++ b/server/index.ts @@ -70,14 +70,14 @@ export const configSchema = schema.object({ }), anonymous_auth_enabled: schema.boolean({ defaultValue: false }), unauthenticated_routes: schema.arrayOf(schema.string(), { - defaultValue: ['/api/reporting/stats'], + defaultValue: ['/api/status', '/api/reporting/stats'], }), forbidden_usernames: schema.arrayOf(schema.string(), { defaultValue: [] }), logout_url: schema.string({ defaultValue: '' }), }), basicauth: schema.object({ enabled: schema.boolean({ defaultValue: true }), - unauthenticated_routes: schema.arrayOf(schema.string(), { defaultValue: [] }), + unauthenticated_routes: schema.arrayOf(schema.string(), { defaultValue: ['/api/status'] }), forbidden_usernames: schema.arrayOf(schema.string(), { defaultValue: [] }), header_trumps_session: schema.boolean({ defaultValue: false }), alternative_login: schema.object({ diff --git a/test/jest_integration/basic_auth.test.ts b/test/jest_integration/basic_auth.test.ts index 7589e16e4..75625b7e3 100644 --- a/test/jest_integration/basic_auth.test.ts +++ b/test/jest_integration/basic_auth.test.ts @@ -207,16 +207,4 @@ describe('start OpenSearch Dashboards server', () => { expect(response.status).toEqual(302); }); - - it('enforce authentication on api/status route', async () => { - const response = await osdTestServer.request.get(root, '/api/status'); - expect(response.status).toEqual(401); - }); - - it('can access api/status route with admin credential', async () => { - const response = await osdTestServer.request - .get(root, '/api/status') - .set(AUTHORIZATION_HEADER_NAME, ADMIN_CREDENTIALS); - expect(response.status).toEqual(200); - }); });