Skip to content

Don't fallback to anonymous for tokens/apikeys#51042

Merged
jkakavas merged 2 commits intoelastic:masterfrom
jkakavas:anon-fallback-token-apikeys
Jan 17, 2020
Merged

Don't fallback to anonymous for tokens/apikeys#51042
jkakavas merged 2 commits intoelastic:masterfrom
jkakavas:anon-fallback-token-apikeys

Conversation

@jkakavas
Copy link
Copy Markdown
Contributor

@jkakavas jkakavas commented Jan 15, 2020

This commit changes our behavior so that when we receive a
request with an invalid/expired/wrong access token or API Key
we do not fallback to authenticating as the anonymous user even if
anonymous access is enabled for Elasticsearch.

Resolves: #50171

@jkakavas
Don't fallback to anonymous for tokens/apikeys
544a1ea 
This commit changes our behavior so that when we receive a
request with an invalid/expired/wrong access token or API Key
we do not fallback to authenticating as the anonymous user even if
anonymous access is enabled for Elasticsearch.

Resolves:  elastic#50171
@jkakavas jkakavas added >bug :Security/Authentication Logging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc) v8.0.0 v7.6.0 labels Jan 15, 2020
@jkakavas jkakavas requested a review from tvernum January 15, 2020 14:08
@elasticmachine
Copy link
Copy Markdown
Collaborator

elasticmachine commented Jan 15, 2020

Pinging @elastic/es-security (:Security/Authentication)

@polyfractal polyfractal added v7.7.0 and removed v7.6.0 labels Jan 15, 2020
@jkakavas
Copy link
Copy Markdown
Contributor Author

jkakavas commented Jan 15, 2020

@polyfractal not sure if this was actually you or a bot 🤖 , but this is a bug fix and still targets 7.6.0 assuming it is merged in time to be included.

@tvernum
Copy link
Copy Markdown
Contributor

tvernum commented Jan 16, 2020

@jkakavas We bulk move every unmerged PR out of a release when it the branch is cut.
It's up to the PR author to relabel back again if needed (the auto update doesn't know whether it should go to the next minor, the next patch, or be marked as a blocker for the current minor).

@jkakavas
Copy link
Copy Markdown
Contributor Author

jkakavas commented Jan 16, 2020

the auto update doesn't know whether it should go to the next minor, the next patch, or be marked as a blocker for the current minor

Makes sense:) I had a suspicion hence the

not sure if this was actually you or a bot

but I thought we run all our bots as @@elasticmachine. TIL

@tvernum
Copy link
Copy Markdown
Contributor

tvernum commented Jan 16, 2020

It's not a bot, just a script.

@tvernum tvernum added the v7.6.0 label Jan 17, 2020
tvernum
tvernum approved these changes Jan 17, 2020
View reviewed changes
Copy link
Copy Markdown
Contributor

@tvernum tvernum left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@jkakavas jkakavas merged commit 722fdd5 into elastic:master Jan 17, 2020
jkakavas added a commit to jkakavas/elasticsearch that referenced this pull request Jan 17, 2020
@jkakavas
Don't fallback to anonymous for tokens/apikeys (elastic#51042)
e12a0bc 
This commit changes our behavior so that when we receive a
request with an invalid/expired/wrong access token or API Key
we do not fallback to authenticating as the anonymous user even if
anonymous access is enabled for Elasticsearch.
jkakavas added a commit to jkakavas/elasticsearch that referenced this pull request Jan 17, 2020
@jkakavas
Don't fallback to anonymous for tokens/apikeys (elastic#51042)
9ef45d3 
This commit changes our behavior so that when we receive a
request with an invalid/expired/wrong access token or API Key
we do not fallback to authenticating as the anonymous user even if
anonymous access is enabled for Elasticsearch.
jkakavas added a commit that referenced this pull request Jan 17, 2020
@jkakavas
Don't fallback to anonymous for tokens/apikeys (#51042) (#51158)
0c3bf45 
This commit changes our behavior so that when we receive a
request with an invalid/expired/wrong access token or API Key
we do not fallback to authenticating as the anonymous user even if
anonymous access is enabled for Elasticsearch.
jkakavas added a commit that referenced this pull request Jan 17, 2020
@jkakavas
Don't fallback to anonymous for tokens/apikeys (#51042) (#51159)
4fc865e 
This commit changes our behavior so that when we receive a
request with an invalid/expired/wrong access token or API Key
we do not fallback to authenticating as the anonymous user even if
anonymous access is enabled for Elasticsearch.
@axw axw mentioned this pull request Jan 21, 2020
Closed
@azasypkin azasypkin mentioned this pull request Jan 21, 2020
Merged
SivagurunathanV pushed a commit to SivagurunathanV/elasticsearch that referenced this pull request Jan 23, 2020
@jkakavas @SivagurunathanV
Don't fallback to anonymous for tokens/apikeys (elastic#51042)
27db4d9 
This commit changes our behavior so that when we receive a
request with an invalid/expired/wrong access token or API Key
we do not fallback to authenticating as the anonymous user even if
anonymous access is enabled for Elasticsearch.
This was referenced Feb 3, 2020
Closed
Closed
@codebrain codebrain mentioned this pull request Apr 1, 2020
Closed
@AkshayGoyal022 AkshayGoyal022 mentioned this pull request May 13, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tvernum tvernum tvernum approved these changes

Assignees

No one assigned

Labels

>bug :Security/Authentication Logging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc) v7.6.0 v7.7.0 v8.0.0-alpha1

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Don't fallback to anonymous user when anonymous access is enabled for invalid access token/api key

5 participants

@jkakavas @elasticmachine @tvernum @jakelandis @polyfractal