mirror of
https://github.com/honeymoose/OpenSearch.git
synced 2025-02-15 17:35:41 +00:00
eeb964c886
This change makes the default role check the authenticating realm when authorizing a request for the current user (or run as user) where the user is trying to change their own password. We need to do this, otherwise we open up the potential of a user in one realm changing the password of a user in another realm. As part of this work, the authentication service has been refactored and simplified. A new object, Authentication, is now returned when authenticating. Currently, this object contains the user, authenticating realm information, and if it is a run as request the information of the realm that looked up the user. Closes elastic/elasticsearch#2089 Original commit: elastic/x-pack-elasticsearch@3fd9c37a16