How to access 'request.auth.session.user' in all html files and make it available in all html files


(Sunny Sachan) #1

Hi Team,

What I am trying to accomplish is I am setting 'request.auth.session.user' in my plugins init server file after the user is successfully login, but I am not able to figure out how to access this user object from all html files.

Actually I want to display the username in each and every kibana page please suggest how to do the same.

below are the versions i am using.
node version: 6.12.2
kibana version: 6.2
elastic version: 6.2.1
hapi-auth-cookie version: 3.1.0
template-kibana-plugin version 7.0.1
hapi version: 14.2.0

below is my example server code file.

export default function (server) {
const basePath = server.config().get('server.basePath');

const users = {
admin: {
id: 'admin',
password: 'adminhcl',
name: 'admin'
},
client: {
id: 'client',
password: 'client',
name: 'client'
}
};

const login = function (request, reply) {

if (request.auth.isAuthenticated) {
  return reply.redirect('/', { user: request.auth.username });
}

var message;
var username;
var password;

if (request.method === 'post') {
  username = request.payload.username;
  password = request.payload.password;
} else if (request.method === 'get') {
  username = request.query.username;
  password = request.query.password;
}
var checked = username && users[username].password === password;

if (username || password) {

  if (!checked) {
    message = 'Invalid username or password';
  }
} else if (request.method === 'post') {
  message = 'Missing username or password';
}
if (!checked) {
  return reply('<!DOCTYPE html><html><head><title>Login Required</title>'
      + '<link rel="stylesheet" href="commons.style.css">'
      + '<link rel="stylesheet" href="kibana.style.css">'
      +'<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">'
      +'<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>'
      +'<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>'
      + '</head><body>'
      + '<center><div class="container" style="width: 20%;margin-left: auto;margin-right:auto;margin-top: 10%; background-color: #005f7f; border-radius: 25px;">'
      + '<h1><img width="100%" height="100%" src="HCL.jpg"></h1>'
      + (message ? '<h3>' + message + '</h3><br/>' : '')
      + '<form id="login-form" class="ng-valid ng-dirty ng-valid-parse" method="get" action=example>'
      + '<div class="form-group inner-addon left-addon">'
      + '  <input type="text" style="margin-bottom:8px;font-size: 1.25em;height: auto;" name="username" placeholder="Username" class="form-control" required>'
      + '  <input type="password" style="font-size: 1.25em;height: auto;" name="password" placeholder="Password" class="form-control" required><br/>'
      + '<input type="submit" value="Login" class="btn btn-primary">' 
      + '</div><div style="width:200px;margin-left:auto;margin-right:auto;">'
      + '</div></form></div></center></body></html>');
}

var uuid = 1;
const sid = String(++uuid);
request.server.app.cache.set(sid, { username: username }, 0, (err) => {

  if (err) {
    reply(err);
  }

  request.auth.session.set({ sid: sid });
  request.auth.session.user=username;
  return reply.redirect('/');
});

};

const logout = function (request, reply) {
request.auth.session.clear();
return reply.redirect('/');
};

server.register(require('hapi-auth-cookie'), (err) => {

if (err) {
  throw err;
}

const cache = server.cache({ segment: 'sessions', expiresIn: 3 * 24 * 60 * 60 * 1000 });
server.app.cache = cache;

server.auth.strategy('session', 'cookie', true, {
  password: 'secret' + "RJMIgyv5P8gxiylnd7z5vrHj3a91ILBe",
  cookie: 'sid',
  redirectTo: `${basePath}/plugins/my-plugin/example`,
  isSecure: false,
  validateFunc: function (request, session, callback) {

    cache.get(session.sid, (err, cached) => {

      if (err) {
        return callback(err, false);
      }

      if (!cached) {
        return callback(null, false);
      }

      return callback(null, true, cached.username);
    });
  }
});

server.route([
  {
    method: ['GET', 'POST'],
    path: '/plugins/my-plugin/example',
    config: {
      handler: login,
      auth: { mode: 'try' },
      plugins: { 'hapi-auth-cookie': { redirectTo: false } }
    }
  },
  { method: 'GET', path: '/plugins/my-plugin/logout', config: { handler: logout } }
]);

});

}

Now how to make it available to each and every html file of kibana and also how to access from html where no request and reply objects are available.

Many thanks in advance.


(Jon Budzenski) #2

The only pluggable way I can think of is to create an endpoint and perform ajax calls:

  server.route({
    method: 'POST',
    path: '/api/user/settings',

and return user settings.

The app/index file is in core kibana and not modifiable with a plugin, although there may be a hapi hook somewhere. We do the above method with our security plugin.


(Sunny Sachan) #3

Thanks a ton Jon for your perfect solution here. It worked well. :blush:


(system) #4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.