[Security] Include doc-type in _id for tokens (elastic/x-pack-elasticsearch#1473)

In preparation for the removal of types, new security types like invalidated-tokens are stored in the .security index under the generic "doc" type, with a query filter on `doc_type`. In order to avoid id clashes, we also need to use that doc_type as part of the document id. relates elastic/x-pack-elasticsearch#1300 Original commit: elastic/x-pack-elasticsearch@469724a228
2025-03-24 17:09:48 +00:00 · 2017-06-01 10:48:52 +10:00 · 2017-06-01 10:48:52 +10:00 · fe33d8eba4
commit fe33d8eba4
parent 6484f812c0
2 changed files with 7 additions and 3 deletions
--- a/plugin/src/main/java/org/elasticsearch/xpack/security/authc/TokenService.java
+++ b/plugin/src/main/java/org/elasticsearch/xpack/security/authc/TokenService.java
@ -269,7 +269,7 @@ public final class TokenService extends AbstractComponent {
                        // no need to invalidate - it's already expired
                        listener.onResponse(false);
                    } else {
-                        final String id = userToken.getId();
+                        final String id = getDocumentId(userToken);
                        internalClient.prepareIndex(INDEX_NAME, TYPE, id)
                                .setOpType(OpType.CREATE)
                                .setSource("doc_type", DOC_TYPE, "expiration_time", getExpirationTime().toEpochMilli())
@ -299,6 +299,10 @@ public final class TokenService extends AbstractComponent {
        }
    }

+    private static String getDocumentId(UserToken userToken) {
+        return DOC_TYPE + "_" + userToken.getId();
+    }
+
    private void ensureEnabled() {
        if (enabled == false) {
            throw new IllegalStateException("tokens are not enabled");
@ -311,7 +315,7 @@ public final class TokenService extends AbstractComponent {
     */
    private void checkIfTokenIsRevoked(UserToken userToken, ActionListener<UserToken> listener) {
        if (lifecycleService.isSecurityIndexAvailable()) {
-            internalClient.prepareGet(INDEX_NAME, TYPE, userToken.getId())
+            internalClient.prepareGet(INDEX_NAME, TYPE, getDocumentId(userToken))
                    .execute(new ActionListener<GetResponse>() {

                        @Override
--- a/plugin/src/test/java/org/elasticsearch/xpack/security/authc/TokenServiceTests.java
+++ b/plugin/src/test/java/org/elasticsearch/xpack/security/authc/TokenServiceTests.java
@ -136,7 +136,7 @@ public class TokenServiceTests extends ESTestCase {
        assertNotNull(token);
        doAnswer(invocationOnMock -> {
            GetRequest request = (GetRequest) invocationOnMock.getArguments()[1];
-            assertEquals(token.getId(), request.id());
+            assertEquals(TokenService.DOC_TYPE + "_" + token.getId(), request.id());
            ActionListener<GetResponse> listener = (ActionListener<GetResponse>) invocationOnMock.getArguments()[2];
            GetResponse response = mock(GetResponse.class);
            when(response.isExists()).thenReturn(true);