From f59b71629a7e7a7e887515124a8c3ca93c202e55 Mon Sep 17 00:00:00 2001 From: Ryan Ernst Date: Wed, 10 May 2017 18:00:04 -0700 Subject: [PATCH] Fix user copied in SecurityContext.executeAfterRewritingAuthentication (elastic/x-pack-elasticsearch#1391) Also added a unit test for this method Original commit: elastic/x-pack-elasticsearch@637a865119cfdd4cfb597b6d560a298fa9ec6e08 --- .../xpack/security/SecurityContext.java | 2 +- .../xpack/security/SecurityContextTests.java | 25 +++++++++++++++++++ 2 files changed, 26 insertions(+), 1 deletion(-) diff --git a/plugin/src/main/java/org/elasticsearch/xpack/security/SecurityContext.java b/plugin/src/main/java/org/elasticsearch/xpack/security/SecurityContext.java index 1313fee7b38..7b93a3bb0a5 100644 --- a/plugin/src/main/java/org/elasticsearch/xpack/security/SecurityContext.java +++ b/plugin/src/main/java/org/elasticsearch/xpack/security/SecurityContext.java @@ -102,7 +102,7 @@ public class SecurityContext { final StoredContext original = threadContext.newStoredContext(true); final Authentication authentication = Objects.requireNonNull(getAuthentication()); try (ThreadContext.StoredContext ctx = threadContext.stashContext()) { - setAuthentication(new Authentication(authentication.getUser().authenticatedUser(), authentication.getAuthenticatedBy(), + setAuthentication(new Authentication(authentication.getUser(), authentication.getAuthenticatedBy(), authentication.getLookedUpBy(), version)); consumer.accept(original); } diff --git a/plugin/src/test/java/org/elasticsearch/xpack/security/SecurityContextTests.java b/plugin/src/test/java/org/elasticsearch/xpack/security/SecurityContextTests.java index 44db03fea66..c8ad2069fff 100644 --- a/plugin/src/test/java/org/elasticsearch/xpack/security/SecurityContextTests.java +++ b/plugin/src/test/java/org/elasticsearch/xpack/security/SecurityContextTests.java @@ -10,6 +10,7 @@ import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.common.util.concurrent.ThreadContext.StoredContext; import org.elasticsearch.test.ESTestCase; +import org.elasticsearch.test.VersionUtils; import org.elasticsearch.xpack.security.authc.Authentication; import org.elasticsearch.xpack.security.authc.Authentication.RealmRef; import org.elasticsearch.xpack.security.user.SystemUser; @@ -84,4 +85,28 @@ public class SecurityContextTests extends ESTestCase { originalContext.restore(); assertEquals(original, securityContext.getUser()); } + + public void testExecuteAfterRewritingAuthentication() throws IOException { + User user = new User("test", null, new User("authUser")); + RealmRef authBy = new RealmRef("ldap", "foo", "node1"); + final Authentication original = new Authentication(user, authBy, authBy); + original.writeToContext(threadContext); + + final AtomicReference contextAtomicReference = new AtomicReference<>(); + securityContext.executeAfterRewritingAuthentication(originalCtx -> { + Authentication authentication = securityContext.getAuthentication(); + assertEquals(original.getUser(), authentication.getUser()); + assertEquals(original.getAuthenticatedBy(), authentication.getAuthenticatedBy()); + assertEquals(original.getLookedUpBy(), authentication.getLookedUpBy()); + assertEquals(VersionUtils.getPreviousVersion(), authentication.getVersion()); + contextAtomicReference.set(originalCtx); + }, VersionUtils.getPreviousVersion()); + + final Authentication authAfterExecution = securityContext.getAuthentication(); + assertEquals(original, authAfterExecution); + StoredContext originalContext = contextAtomicReference.get(); + assertNotNull(originalContext); + originalContext.restore(); + assertEquals(original, securityContext.getAuthentication()); + } }