I am trying to implement a kibana plugin to protect kibana. If a user hasn't logged in, then the page will be redirected to the login page. But the issue is that the page is always redirected to the login page, even the user has logged in sucessfully.
The code is something like below,
File 1: route.js.
......
server.route({
method: 'POST',
path: '/auth/login',
handler: {
async: async (request, reply) => {
if (request.payload.username === 'admin' && request.payload.password === 'changeme') {
var credentials = {"username": request.payload.username, "password": request.payload.password};
let myCookie = {
username: request.payload.username,
credentials: credentials
};
myCookie.expiryTime = Date.now() + 3600000;
request.cookieAuth.set(myCookie);
return replay({
username: request.payload.username
})
}
else {
return reply(Boom.unauthorized('Invalid username or password'));
}
}
},
config: {
validate: {
payload: {
username: Joi.string().required(),
password: Joi.string().required()
}
},
auth: false
}
});
......
File 2: auth.js. It seems that the "server.auth.test" always fails, so the page is always redirected to the login page. Can anyone point out what's the root cause? Thanks.
......
const cookieConfig = {
password: 'fake_password_12345_to_protect_cookie',
cookie: 'example_cookie',
isSecure: true,
validateFunc: pluginRoot('server/session/validate')(server),
ttl: 60 * 60 * 1000
};
server.auth.strategy('access_control_cookie', 'cookie', false, cookieConfig);
server.auth.scheme('access_control_scheme', (server, options) => ({
authenticate: (request, reply) => {
server.auth.test('access_control_cookie', request, (error, credentials) => {
if (error) {
const nextUrl = encodeURIComponent(request.url.path);
return reply.redirect(`${basePath}/login?nextUrl=${nextUrl}`);
}
reply.continue({credentials});
});
}
}));
server.auth.strategy('access_control', 'access_control_scheme', true);
......
File 3: validate.js
......
export default function (server) {
return function validate(request, session, callback) {
try {
if (!session.expiryTime || session.expiryTime < Date.now()) {
return callback(new InvalidSessionError('Session expired.'), false);
}
if (session.credentials.username === 'admin' && session.credentials.password === 'password') {
let extendedSession = {};
assign(extendedSession, session);
extendedSession.expiryTime = Date.now() + 3600000;
request.cookieAuth.set(session);
return callback(null, true, user);
}
else {
return callback(new InvalidSessionError('Invalid session.', error), false);
}
} catch (error) {
return callback(new InvalidSessionError('Invalid session', error), false);
}
};
};
......