Skip to content

Commit

Permalink
[Search] Return empty array when checking api keys for unauthorized u…
Browse files Browse the repository at this point in the history
…ser (elastic#173823)

## Summary

Instead of returning an obnoxious error on every Search page when
fetching an unauthorized user's API keys, we just return an empty array.
  • Loading branch information
sphilipse authored Dec 21, 2023
1 parent 306debf commit 1a0dcf6
Showing 1 changed file with 13 additions and 3 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -54,9 +54,19 @@ export function registerApiKeysRoutes(
const { client } = (await context.core).elasticsearch;
const user = security.authc.getCurrentUser(request);
if (user) {
const apiKeys = await client.asCurrentUser.security.getApiKey({ username: user.username });
const validKeys = apiKeys.api_keys.filter(({ invalidated }) => !invalidated);
return response.ok({ body: { api_keys: validKeys } });
try {
const apiKeys = await client.asCurrentUser.security.getApiKey({
username: user.username,
});
const validKeys = apiKeys.api_keys.filter(({ invalidated }) => !invalidated);
return response.ok({ body: { api_keys: validKeys } });
} catch {
// Ideally we check the error response here for unauthorized user
// Unfortunately the error response is not structured enough for us to filter those
// Always returning an empty array should also be fine, and deals with transient errors

return response.ok({ body: { api_keys: [] } });
}
}
return response.customError({
body: 'Could not retrieve current user, security plugin is not ready',
Expand Down

0 comments on commit 1a0dcf6

Please sign in to comment.