8000 resolves #26 update to es 1.4 · nibin/elasticsearch-http-basic@49e339e · GitHub
[go: up one dir, main page]
Skip to content

Commit 49e339e

Browse files
author
Ernesto
committed
10000
resolves #26 update to es 1.4
commit elastic/elasticsearch@10af60b changes how transport module is initialized, breaking HttpBasicServerModule for Guice. - updated depenencies - HttpBasicServerModule inherits calls HttpServerModule's configure, which binds an HttpServerTransport Updated integration tests - new abstract class for common functionality, from which all integration tests inherit. - using the HttpRequestBuilder for bulding the request - abstract class HttpBasicServerPluginIntegrationTest sets the host to localhost, Test requests will also have localhost has requestIp, making tests consistent.
1 parent 79df080 commit 49e339e

File tree

7 files changed

+122
-156
lines changed

7 files changed

+122
-156
lines changed

README.md

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11

22
**IMPORTANT NOTICE**: versions 1.0.4 and 1.1.0 are *insecure and should not be used*.
33
They have a bug that allows an attacker to get ip authentication by setting
4-
its ip on the 'Host' header. A fix is provided for now for versions v1.2.0 and
4+
its ip on the 'Host' header. A fix is provided for versions v1.2.0 and
55
v.1.3.0 of the plugin.
66

77
# HTTP Basic auth for ElasticSearch
@@ -18,6 +18,7 @@ There is no way to configure this on a per index basis.
1818

1919
| Http Basic Plugin | elasticsearch |
2020
|------ 10000 -----------------------|-----------------------|
21+
| v1.4.0(1.4 branch) | 1.4.0.Beta1 |
2122
| v1.3.0(master) | 1.3.0 |
2223
| v1.2.0 | 1.2.0 |
2324
| 1.1.0 | 1.0.0 |

pom.xml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -4,16 +4,16 @@
44

55
<groupId>com.asquera.elasticsearch</groupId>
66
<artifactId>elasticsearch-http-basic</artifactId>
7-
<version>1.3.0</version>
7+
<version>1.4.0</version>
88
<packaging>jar</packaging>
99

1010
<name>Basic Authentication Plugin</name>
1111
<url>http://maven.apache.org</url>
1212

1313
<properties>
1414
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
15-
<elasticsearch.version>1.3.0</elasticsearch.version>
16-
<lucene.version>4.9.0</lucene.version>
15+
<elasticsearch.version>1.4.0.Beta1</elasticsearch.version>
16+
<lucene.version>4.10.1</lucene.version>
1717
</properties>
1818

1919
<dependencies>

src/main/java/com/asquera/elasticsearch/plugins/http/HttpBasicServerModule.java

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -7,12 +7,13 @@
77
* @author Florian Gilcher (florian.gilcher@asquera.de)
88
*/
99
public class HttpBasicServerModule extends HttpServerModule {
10-
10+
1111
public HttpBasicServerModule(Settings settings) {
1212
super(settings);
1313
}
14-
14+
1515
@Override protected void configure() {
16+
super.configure();
1617
bind(HttpBasicServer.class).asEagerSingleton();
1718
}
1819
}

src/test/java/com/asquera/elasticsearch/plugins/http/auth/integration/DefaultConfigurationIntegrationTest.java

Lines changed: 4 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -18,33 +18,24 @@
1818
*/
1919
package com.asquera.elasticsearch.plugins.http.auth.integration;
2020

21-
22-
import org.apache.http.impl.client.HttpClients;
23-
import org.elasticsearch.common.settings.ImmutableSettings;
2421
import org.elasticsearch.common.settings.Settings;
2522
import org.elasticsearch.rest.RestStatus;
26-
import org.elasticsearch.test.ElasticsearchIntegrationTest;
2723
import org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope;
2824
import org.elasticsearch.test.ElasticsearchIntegrationTest.Scope;
29-
import org.elasticsearch.test.rest.client.http.HttpRequestBuilder;
3025
import org.elasticsearch.test.rest.client.http.HttpResponse;
3126
import org.junit.Test;
3227

33-
import com.asquera.elasticsearch.plugins.http.HttpBasicServerPlugin;
34-
3528
import static org.hamcrest.Matchers.equalTo;
3629

3730
/**
3831
* Test a rest action that sets special response headers
3932
*/
40-
@ClusterScope(transportClientRatio = 0.0, scope = Scope.SUITE, numDataNodes = 1)
41-
public class DefaultConfigurationIntegrationTest extends ElasticsearchIntegrationTest {
33+
@ClusterScope(scope = Scope.SUITE, numDataNodes = 1)
34+
public class DefaultConfigurationIntegrationTest extends HttpBasicServerPluginIntegrationTest {
4235

4336
@Override
4437
protected Settings nodeSettings(int nodeOrdinal) {
45-
return ImmutableSettings.settingsBuilder()
46-
.put("plugin.types", HttpBasicServerPlugin.class.getName())
47-
.build();
38+
return builderWithPlugin().build();
4839
}
4940

5041
@Test
@@ -54,12 +45,8 @@ public void testHealthCheck() throws Exception {
5445
}
5546

5647
@Test
57-
public void localhostClientIsAuthenticated() throws Exception {
48+
public void localhostClientIsIpAuthenticated() throws Exception {
5849
HttpResponse response = httpClient().path("/_status").execute();
5950
assertThat(response.getStatusCode(), equalTo(RestStatus.OK.getStatus()));
6051
}
61-
62-
public static HttpRequestBuilder httpClient() {
63-
return new HttpRequestBuilder(HttpClients.createDefault()).host("localhost").port(9200);
64-
}
6552
}

src/test/java/com/asquera/elasticsearch/plugins/http/auth/integration/EmptyWhitelistIntegrationTest.java

Lines changed: 14 additions & 64 deletions
Original file line numberDiff line numberDiff line change
@@ -18,98 +18,48 @@
1818
*/
1919
package com.asquera.elasticsearch.plugins.http.auth.integration;
2020

21-
import org.apache.http.client.methods.CloseableHttpResponse;
22-
import org.apache.http.client.methods.HttpUriRequest;
23-
import org.apache.http.impl.client.CloseableHttpClient;
24-
import org.apache.http.impl.client.HttpClients;
25-
import org.elasticsearch.common.settings.ImmutableSettings;
2621
import org.elasticsearch.common.settings.Settings;
2722
import org.elasticsearch.common.Base64;
2823
import org.elasticsearch.rest.RestStatus;
29-
import org.elasticsearch.test.ElasticsearchIntegrationTest;
3024
import org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope;
31-
import org.elasticsearch.test.rest.client.http.HttpGetWithEntity;
3225
import org.elasticsearch.test.rest.client.http.HttpRequestBuilder;
3326
import org.elasticsearch.test.rest.client.http.HttpResponse;
3427
import org.junit.Test;
3528

36-
import com.asquera.elasticsearch.plugins.http.HttpBasicServerPlugin;
37-
38-
import java.net.URI;
39-
import java.net.URISyntaxException;
40-
4129
import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope;
4230
import static org.hamcrest.Matchers.equalTo;
4331

4432
/**
4533
* Test a rest action that sets special response headers
4634
*/
4735
@ClusterScope(transportClientRatio = 0.0, scope = Scope.SUITE, numDataNodes = 1)
48-
public class EmptyWhitelistIntegrationTest extends ElasticsearchIntegrationTest {
36+
public class EmptyWhitelistIntegrationTest extends HttpBasicServerPluginIntegrationTest {
4937

5038
@Override
5139
protected Settings nodeSettings(int nodeOrdinal) {
52-
return ImmutableSettings.settingsBuilder().putArray("http.basic.ipwhitelist", "unkown")
53-
.put("plugin.types", HttpBasicServerPlugin.class.getName())
40+
return builderWithPlugin().
41+
putArray("http.basic.ipwhitelist", "unkown")
5442
.build();
5543
}
5644

45+
// TODO put the set credentials ussing Setter
5746
@Test
58-
public void testHealthCheck() throws Exception {
59-
HttpResponse response = httpClient().path("/").execute();
60-
assertThat(response.getStatusCode(), equalTo(RestStatus.OK.getStatus()));
61-
}
62-
63-
@Test
64-
public void localhostClientIsNotIpAuthenticated() throws Exception {
47+
public void clientIpAuthenticationFails() throws Exception {
6548
HttpResponse response = httpClient().path("/_status").execute();
6649
assertThat(response.getStatusCode(), equalTo(RestStatus.UNAUTHORIZED.getStatus()));
6750
}
68-
69-
@Test
70-
public void localhostClientIsBasicAuthenticated() throws Exception {
71-
HttpUriRequest request = httpRequest();
72-
String credentials = "admin:admin_pw";
73-
request.setHeader("Authorization", "Basic " + Base64.encodeBytes(credentials.getBytes()));
74-
CloseableHttpResponse response = closeableHttpClient().execute(request);
75-
assertThat(response.getStatusLine().getStatusCode(), equalTo(RestStatus.OK.getStatus()));
76-
}
77-
7851

7952
@Test
80-
public void localhostClientIsBasicAuthenticatedPassingXForward() throws Exception {
81-
HttpUriRequest request = httpRequest();
82-
String credentials = "admin:admin_pw";
83-
request.setHeader("Authorization", "Basic " + Base64.encodeBytes(credentials.getBytes()));
84-
request.setHeader("X-Forwarded-For", "1.1.1.1" );
85-
CloseableHttpResponse response = closeableHttpClient().execute(request);
86-
assertThat(response.getStatusLine().getStatusCode(), equalTo(RestStatus.OK.getStatus()));
87-
}
88-
@Test
89-
public void localhostClientNotBasicAuthenticated() throws Exception {
90-
HttpUriRequest request = httpRequest();
91-
String credentials = "admin:wrong";
92-
request.setHeader("Authorization", "Basic " + Base64.encodeBytes(credentials.getBytes()));
93-
CloseableHttpResponse response = closeableHttpClient().execute(request);
94-
assertThat(response.getStatusLine().getStatusCode(), equalTo(RestStatus.UNAUTHORIZED.getStatus()));
95-
}
96-
97-
public static HttpRequestBuilder httpClient() {
98-
return new HttpRequestBuilder(HttpClients.createDefault()).host("localhost").port(9200);
99-
}
100-
101-
public static HttpUriRequest httpRequest() {
102-
HttpUriRequest httpUriRequest = null;
103-
try {
104-
httpUriRequest = new HttpGetWithEntity(new URI("http", null, "localhost", 9200, "/_status", null, null));
105-
} catch (URISyntaxException e) {
106-
throw new IllegalArgumentException(e);
107-
}
108-
return httpUriRequest;
53+
public void clientGoodCredentialsBasicAuthenticationSuceeds() throws Exception {
54+
HttpResponse response = requestWithCredentials("admin:admin_pw")
55+
.addHeader("X-Forwarded-For", "1.1.1.1" ).execute();
56+
assertThat(response.getStatusCode(), equalTo(RestStatus.OK.getStatus()));
10957
}
11058

111-
public static CloseableHttpClient closeableHttpClient() {
112-
return HttpClients.createDefault();
59+
@Test
60+
public void clientBadCredentialsBasicAuthenticationFails() throws Exception {
61+
HttpResponse response = requestWithCredentials("admin:wrong").execute();
62+
assertThat(response.getStatusCode()
63+
, equalTo(RestStatus.UNAUTHORIZED.getStatus()));
11364
}
114-
11565
}

src/test/java/com/asquera/elasticsearch/plugins/http/auth/integration/HttpBasicServerPluginIntegrationTest.java

Lines changed: 49 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,49 @@
1+
2+
package com.asquera.elasticsearch.plugins.http.auth.integration;
3+
4+
5+
import java.net.InetSocketAddress;
6+
7+
import org.apache.http.impl.client.HttpClients;
8+
import org.elasticsearch.common.transport.InetSocketTransportAddress;
9+
import org.elasticsearch.common.Base64;
10+
import org.elasticsearch.http.HttpServerTransport;
11+
import org.elasticsearch.test.ElasticsearchIntegrationTest;
12+
import org.elasticsearch.test.rest.client.http.HttpRequestBuilder;
13+
import com.asquera.elasticsearch.plugins.http.HttpBasicServerPlugin;
14+
import org.elasticsearch.common.settings.ImmutableSettings.Builder;
15+
import org.elasticsearch.common.settings.ImmutableSettings;
16+
17+
/**
18+
*
19+
* @author Ernesto Miguez (ernesto.miguez@asquera.de)
20+
*/
21+
22+
public abstract class HttpBasicServerPluginIntegrationTest extends
23+
ElasticsearchIntegrationTest {
24+
25+
protected final String localhost = "127.0.0.1";
26+
27+
28+
public static HttpRequestBuilder httpClient() {
29+
HttpServerTransport httpServerTransport = internalCluster().getDataNodeInstance(HttpServerTransport.class);
30+
InetSocketAddress address = ((InetSocketTransportAddress) httpServerTransport.boundAddress().publishAddress()).address();
31+
return new HttpRequestBuilder(HttpClients.createDefault()).host(address.getHostName()).port(address.getPort());
32+
}
33+
/**
34+
*
35+
* @return a Builder with the plugin included and bind_host and publish_host
36+
* set to localhost, from where the client's request ip will be done.
37+
*/
38+
protected Builder builderWithPlugin() {
39+
return ImmutableSettings.settingsBuilder()
40+
.put("network.host", localhost)
41+
.put("plugin.types", HttpBasicServerPlugin.class.getName());
42+
}
43+
44+
protected HttpRequestBuilder requestWithCredentials(String credentials) throws Exception {
45+
return httpClient().path("/_status")
46+
.addHeader("Authorization", "Basic " + Base64.encodeBytes(credentials.getBytes()));
47+
}
48+
49+
}

0 commit comments

Comments
 (0)
0