RPJosh
/
authelia
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
authelia/internal/configuration/provider_test.go

577 lines
28 KiB
Go
Raw Permalink Normal View History

feat(configuration): replace viper with koanf (#2053) This commit replaces github.com/spf13/viper with github.com/knadh/koanf. Koanf is very similar library to viper, with less dependencies and several quality of life differences. This also allows most config options to be defined by ENV. Lastly it also enables the use of split configuration files which can be configured by setting the --config flag multiple times. Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-08-03 09:55:21 +00:00
package configuration
import (
"fmt"
"os"
"path/filepath"
"runtime"
"sort"
"testing"
fix(configuration): fail to parse large int duration (#5408) Large integers used with the duration common syntax failed to parse if they exceeded the ability to fit into an int32. Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-08 03:30:49 +00:00
"time"
feat(configuration): replace viper with koanf (#2053) This commit replaces github.com/spf13/viper with github.com/knadh/koanf. Koanf is very similar library to viper, with less dependencies and several quality of life differences. This also allows most config options to be defined by ENV. Lastly it also enables the use of split configuration files which can be configured by setting the --config flag multiple times. Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-08-03 09:55:21 +00:00
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
fix: include major in go.mod module directive (#2278) * build: include major in go.mod module directive * fix: xflags * revert: cobra changes * fix: mock doc
2021-08-11 01:04:35 +00:00
"github.com/authelia/authelia/v4/internal/configuration/schema"
"github.com/authelia/authelia/v4/internal/configuration/validator"
"github.com/authelia/authelia/v4/internal/utils"
feat(configuration): replace viper with koanf (#2053) This commit replaces github.com/spf13/viper with github.com/knadh/koanf. Koanf is very similar library to viper, with less dependencies and several quality of life differences. This also allows most config options to be defined by ENV. Lastly it also enables the use of split configuration files which can be configured by setting the --config flag multiple times. Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-08-03 09:55:21 +00:00
)
func TestShouldErrorSecretNotExist(t *testing.T) {
test: use testing tempdir tooling (#4468) This commit replaces `os.MkdirTemp` with `t.TempDir` in tests. The directory created by `t.TempDir` is automatically removed when the test and all its subtests complete. Prior to this commit, temporary directory created using `os.MkdirTemp` needs to be removed manually by calling `os.RemoveAll`, which is omitted in some tests. The error handling boilerplate e.g. defer func() { if err := os.RemoveAll(dir); err != nil { t.Fatal(err) } } is also tedious, but `t.TempDir` handles this for us nicely. Reference: https://pkg.go.dev/testing#T.TempDir Signed-off-by: Eng Zer Jun <engzerjun@gmail.com> Signed-off-by: Eng Zer Jun <engzerjun@gmail.com> Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2022-12-04 09:57:28 +00:00
dir := t.TempDir()
feat(configuration): replace viper with koanf (#2053) This commit replaces github.com/spf13/viper with github.com/knadh/koanf. Koanf is very similar library to viper, with less dependencies and several quality of life differences. This also allows most config options to be defined by ENV. Lastly it also enables the use of split configuration files which can be configured by setting the --config flag multiple times. Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-08-03 09:55:21 +00:00
feat: webauthn (#2707) This implements Webauthn. Old devices can be used to authenticate via the appid compatibility layer which should be automatic. New devices will be registered via Webauthn, and devices which do not support FIDO2 will no longer be able to be registered. At this time it does not fully support multiple devices (backend does, frontend doesn't allow registration of additional devices). Does not support passwordless.
2022-03-03 11:20:43 +00:00
testSetEnv(t, "JWT_SECRET_FILE", filepath.Join(dir, "jwt"))
testSetEnv(t, "DUO_API_SECRET_KEY_FILE", filepath.Join(dir, "duo"))
testSetEnv(t, "SESSION_SECRET_FILE", filepath.Join(dir, "session"))
fix(configuration): secret permission errors panic (#5141) This fixes an issue where attempting to load secrets the process does not have read permissions for would cause panics as well as the bit size check of the OpenID Connect 1.0 private key can potentially panic on malformed private keys. This was caused by us returning values on errors instead of nil's. Fixes #5138 Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-08 06:02:34 +00:00
testSetEnv(t, "AUTHENTICATION_BACKEND_LDAP_PASSWORD_FILE", dir)
feat: webauthn (#2707) This implements Webauthn. Old devices can be used to authenticate via the appid compatibility layer which should be automatic. New devices will be registered via Webauthn, and devices which do not support FIDO2 will no longer be able to be registered. At this time it does not fully support multiple devices (backend does, frontend doesn't allow registration of additional devices). Does not support passwordless.
2022-03-03 11:20:43 +00:00
testSetEnv(t, "NOTIFIER_SMTP_PASSWORD_FILE", filepath.Join(dir, "notifier"))
testSetEnv(t, "SESSION_REDIS_PASSWORD_FILE", filepath.Join(dir, "redis"))
testSetEnv(t, "SESSION_REDIS_HIGH_AVAILABILITY_SENTINEL_PASSWORD_FILE", filepath.Join(dir, "redis-sentinel"))
testSetEnv(t, "STORAGE_MYSQL_PASSWORD_FILE", filepath.Join(dir, "mysql"))
testSetEnv(t, "STORAGE_POSTGRES_PASSWORD_FILE", filepath.Join(dir, "postgres"))
testSetEnv(t, "SERVER_TLS_KEY_FILE", filepath.Join(dir, "tls"))
testSetEnv(t, "IDENTITY_PROVIDERS_OIDC_ISSUER_PRIVATE_KEY_FILE", filepath.Join(dir, "oidc-key"))
testSetEnv(t, "IDENTITY_PROVIDERS_OIDC_HMAC_SECRET_FILE", filepath.Join(dir, "oidc-hmac"))
feat(configuration): replace viper with koanf (#2053) This commit replaces github.com/spf13/viper with github.com/knadh/koanf. Koanf is very similar library to viper, with less dependencies and several quality of life differences. This also allows most config options to be defined by ENV. Lastly it also enables the use of split configuration files which can be configured by setting the --config flag multiple times. Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-08-03 09:55:21 +00:00
val := schema.NewStructValidator()
test: use testing tempdir tooling (#4468) This commit replaces `os.MkdirTemp` with `t.TempDir` in tests. The directory created by `t.TempDir` is automatically removed when the test and all its subtests complete. Prior to this commit, temporary directory created using `os.MkdirTemp` needs to be removed manually by calling `os.RemoveAll`, which is omitted in some tests. The error handling boilerplate e.g. defer func() { if err := os.RemoveAll(dir); err != nil { t.Fatal(err) } } is also tedious, but `t.TempDir` handles this for us nicely. Reference: https://pkg.go.dev/testing#T.TempDir Signed-off-by: Eng Zer Jun <engzerjun@gmail.com> Signed-off-by: Eng Zer Jun <engzerjun@gmail.com> Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2022-12-04 09:57:28 +00:00
_, _, err := Load(val, NewEnvironmentSource(DefaultEnvPrefix, DefaultEnvDelimiter), NewSecretsSource(DefaultEnvPrefix, DefaultEnvDelimiter))
feat(configuration): replace viper with koanf (#2053) This commit replaces github.com/spf13/viper with github.com/knadh/koanf. Koanf is very similar library to viper, with less dependencies and several quality of life differences. This also allows most config options to be defined by ENV. Lastly it also enables the use of split configuration files which can be configured by setting the --config flag multiple times. Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-08-03 09:55:21 +00:00
assert.NoError(t, err)
assert.Len(t, val.Warnings(), 0)
errs := val.Errors()
require.Len(t, errs, 12)
sort.Sort(utils.ErrSliceSortAlphabetical(errs))
errFmt := utils.GetExpectedErrTxt("filenotfound")
fix(configuration): secret permission errors panic (#5141) This fixes an issue where attempting to load secrets the process does not have read permissions for would cause panics as well as the bit size check of the OpenID Connect 1.0 private key can potentially panic on malformed private keys. This was caused by us returning values on errors instead of nil's. Fixes #5138 Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-08 06:02:34 +00:00
errFmtDir := utils.GetExpectedErrTxt("isdir")
feat(configuration): replace viper with koanf (#2053) This commit replaces github.com/spf13/viper with github.com/knadh/koanf. Koanf is very similar library to viper, with less dependencies and several quality of life differences. This also allows most config options to be defined by ENV. Lastly it also enables the use of split configuration files which can be configured by setting the --config flag multiple times. Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-08-03 09:55:21 +00:00
feat(oidc): issuer jwk certificates (#3989) This allows for JWKs to include certificate information, either signed via Global PKI, Enterprise PKI, or self-signed.
2022-10-02 02:07:40 +00:00
// ignore the errors before this as they are checked by the validator.
fix(configuration): secret permission errors panic (#5141) This fixes an issue where attempting to load secrets the process does not have read permissions for would cause panics as well as the bit size check of the OpenID Connect 1.0 private key can potentially panic on malformed private keys. This was caused by us returning values on errors instead of nil's. Fixes #5138 Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-08 06:02:34 +00:00
assert.EqualError(t, errs[0], fmt.Sprintf("secrets: error loading secret path %s into key 'authentication_backend.ldap.password': %s", dir, fmt.Sprintf(errFmtDir, dir)))
assert.EqualError(t, errs[1], fmt.Sprintf("secrets: error loading secret path %s into key 'duo_api.secret_key': file does not exist error occurred: %s", filepath.Join(dir, "duo"), fmt.Sprintf(errFmt, filepath.Join(dir, "duo"))))
assert.EqualError(t, errs[2], fmt.Sprintf("secrets: error loading secret path %s into key 'jwt_secret': file does not exist error occurred: %s", filepath.Join(dir, "jwt"), fmt.Sprintf(errFmt, filepath.Join(dir, "jwt"))))
assert.EqualError(t, errs[3], fmt.Sprintf("secrets: error loading secret path %s into key 'storage.mysql.password': file does not exist error occurred: %s", filepath.Join(dir, "mysql"), fmt.Sprintf(errFmt, filepath.Join(dir, "mysql"))))
assert.EqualError(t, errs[4], fmt.Sprintf("secrets: error loading secret path %s into key 'notifier.smtp.password': file does not exist error occurred: %s", filepath.Join(dir, "notifier"), fmt.Sprintf(errFmt, filepath.Join(dir, "notifier"))))
assert.EqualError(t, errs[5], fmt.Sprintf("secrets: error loading secret path %s into key 'identity_providers.oidc.hmac_secret': file does not exist error occurred: %s", filepath.Join(dir, "oidc-hmac"), fmt.Sprintf(errFmt, filepath.Join(dir, "oidc-hmac"))))
assert.EqualError(t, errs[6], fmt.Sprintf("secrets: error loading secret path %s into key 'identity_providers.oidc.issuer_private_key': file does not exist error occurred: %s", filepath.Join(dir, "oidc-key"), fmt.Sprintf(errFmt, filepath.Join(dir, "oidc-key"))))
assert.EqualError(t, errs[7], fmt.Sprintf("secrets: error loading secret path %s into key 'storage.postgres.password': file does not exist error occurred: %s", filepath.Join(dir, "postgres"), fmt.Sprintf(errFmt, filepath.Join(dir, "postgres"))))
assert.EqualError(t, errs[8], fmt.Sprintf("secrets: error loading secret path %s into key 'session.redis.password': file does not exist error occurred: %s", filepath.Join(dir, "redis"), fmt.Sprintf(errFmt, filepath.Join(dir, "redis"))))
assert.EqualError(t, errs[9], fmt.Sprintf("secrets: error loading secret path %s into key 'session.redis.high_availability.sentinel_password': file does not exist error occurred: %s", filepath.Join(dir, "redis-sentinel"), fmt.Sprintf(errFmt, filepath.Join(dir, "redis-sentinel"))))
assert.EqualError(t, errs[10], fmt.Sprintf("secrets: error loading secret path %s into key 'session.secret': file does not exist error occurred: %s", filepath.Join(dir, "session"), fmt.Sprintf(errFmt, filepath.Join(dir, "session"))))
assert.EqualError(t, errs[11], fmt.Sprintf("secrets: error loading secret path %s into key 'server.tls.key': file does not exist error occurred: %s", filepath.Join(dir, "tls"), fmt.Sprintf(errFmt, filepath.Join(dir, "tls"))))
feat(configuration): replace viper with koanf (#2053) This commit replaces github.com/spf13/viper with github.com/knadh/koanf. Koanf is very similar library to viper, with less dependencies and several quality of life differences. This also allows most config options to be defined by ENV. Lastly it also enables the use of split configuration files which can be configured by setting the --config flag multiple times. Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-08-03 09:55:21 +00:00
}
func TestLoadShouldReturnErrWithoutValidator(t *testing.T) {
_, _, err := Load(nil, NewEnvironmentSource(DefaultEnvPrefix, DefaultEnvDelimiter))
assert.EqualError(t, err, "no validator provided")
}
func TestLoadShouldReturnErrWithoutSources(t *testing.T) {
_, _, err := Load(schema.NewStructValidator())
assert.EqualError(t, err, "no sources provided")
}
func TestShouldHaveNotifier(t *testing.T) {
feat: webauthn (#2707) This implements Webauthn. Old devices can be used to authenticate via the appid compatibility layer which should be automatic. New devices will be registered via Webauthn, and devices which do not support FIDO2 will no longer be able to be registered. At this time it does not fully support multiple devices (backend does, frontend doesn't allow registration of additional devices). Does not support passwordless.
2022-03-03 11:20:43 +00:00
testSetEnv(t, "SESSION_SECRET", "abc")
testSetEnv(t, "STORAGE_MYSQL_PASSWORD", "abc")
testSetEnv(t, "JWT_SECRET", "abc")
testSetEnv(t, "AUTHENTICATION_BACKEND_LDAP_PASSWORD", "abc")
feat(configuration): replace viper with koanf (#2053) This commit replaces github.com/spf13/viper with github.com/knadh/koanf. Koanf is very similar library to viper, with less dependencies and several quality of life differences. This also allows most config options to be defined by ENV. Lastly it also enables the use of split configuration files which can be configured by setting the --config flag multiple times. Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-08-03 09:55:21 +00:00
val := schema.NewStructValidator()
_, config, err := Load(val, NewDefaultSources([]string{"./test_resources/config.yml"}, DefaultEnvPrefix, DefaultEnvDelimiter)...)
assert.NoError(t, err)
assert.Len(t, val.Errors(), 0)
assert.Len(t, val.Warnings(), 0)
assert.NotNil(t, config.Notifier)
}
fix(configuration): fail to parse large int duration (#5408) Large integers used with the duration common syntax failed to parse if they exceeded the ability to fit into an int32. Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-08 03:30:49 +00:00
func TestShouldParseLargeIntegerDurations(t *testing.T) {
val := schema.NewStructValidator()
_, config, err := Load(val, NewDefaultSources([]string{"./test_resources/config.durations.yml"}, DefaultEnvPrefix, DefaultEnvDelimiter)...)
assert.NoError(t, err)
assert.Len(t, val.Errors(), 0)
assert.Len(t, val.Warnings(), 0)
assert.Equal(t, durationMax, config.Regulation.FindTime)
assert.Equal(t, time.Second*1000, config.Regulation.BanTime)
}
feat(configuration): replace viper with koanf (#2053) This commit replaces github.com/spf13/viper with github.com/knadh/koanf. Koanf is very similar library to viper, with less dependencies and several quality of life differences. This also allows most config options to be defined by ENV. Lastly it also enables the use of split configuration files which can be configured by setting the --config flag multiple times. Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-08-03 09:55:21 +00:00
func TestShouldValidateConfigurationWithEnv(t *testing.T) {
feat: webauthn (#2707) This implements Webauthn. Old devices can be used to authenticate via the appid compatibility layer which should be automatic. New devices will be registered via Webauthn, and devices which do not support FIDO2 will no longer be able to be registered. At this time it does not fully support multiple devices (backend does, frontend doesn't allow registration of additional devices). Does not support passwordless.
2022-03-03 11:20:43 +00:00
testSetEnv(t, "SESSION_SECRET", "abc")
testSetEnv(t, "STORAGE_MYSQL_PASSWORD", "abc")
testSetEnv(t, "JWT_SECRET", "abc")
testSetEnv(t, "AUTHENTICATION_BACKEND_LDAP_PASSWORD", "abc")
feat(configuration): replace viper with koanf (#2053) This commit replaces github.com/spf13/viper with github.com/knadh/koanf. Koanf is very similar library to viper, with less dependencies and several quality of life differences. This also allows most config options to be defined by ENV. Lastly it also enables the use of split configuration files which can be configured by setting the --config flag multiple times. Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-08-03 09:55:21 +00:00
val := schema.NewStructValidator()
_, _, err := Load(val, NewDefaultSources([]string{"./test_resources/config.yml"}, DefaultEnvPrefix, DefaultEnvDelimiter)...)
assert.NoError(t, err)
assert.Len(t, val.Errors(), 0)
assert.Len(t, val.Warnings(), 0)
}
feat(configuration): file filters (#4515) This adds experimental file filters which are not guaranteed under our stability policies. These filters take effect after reading the files and before parsing their content.
2022-12-21 09:48:14 +00:00
func TestShouldValidateConfigurationWithFilters(t *testing.T) {
testSetEnv(t, "SESSION_SECRET", "abc")
testSetEnv(t, "STORAGE_MYSQL_PASSWORD", "abc")
testSetEnv(t, "JWT_SECRET", "abc")
testSetEnv(t, "AUTHENTICATION_BACKEND_LDAP_PASSWORD", "abc")
test: add test for 2329 expand-env (#4870) This adds a test for https://github.com/authelia/authelia/issues/2329#issuecomment-1414201785
2023-02-02 23:36:38 +00:00
t.Setenv("ABC_CLIENT_SECRET", "$plaintext$example-abc")
t.Setenv("XYZ_CLIENT_SECRET", "$plaintext$example-xyz")
t.Setenv("ANOTHER_CLIENT_SECRET", "$plaintext$example-123")
test: use test machinery to set env vars in tests (#4640) This commit replaces `os.Setenv` with `t.Setenv` in tests. The environment variable is automatically restored to its original value when the test and all its subtests complete. Reference: https://pkg.go.dev/testing#T.Setenv Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
2022-12-25 20:16:05 +00:00
t.Setenv("SERVICES_SERVER", "10.10.10.10")
t.Setenv("ROOT_DOMAIN", "example.org")
feat(configuration): file filters (#4515) This adds experimental file filters which are not guaranteed under our stability policies. These filters take effect after reading the files and before parsing their content.
2022-12-21 09:48:14 +00:00
val := schema.NewStructValidator()
_, config, err := Load(val, NewDefaultSourcesFiltered([]string{"./test_resources/config.filtered.yml"}, NewFileFiltersDefault(), DefaultEnvPrefix, DefaultEnvDelimiter)...)
assert.NoError(t, err)
require.Len(t, val.Errors(), 0)
require.Len(t, val.Warnings(), 0)
assert.Equal(t, "api-123456789.example.org", config.DuoAPI.Hostname)
feat(authentication): suport ldap over unix socket (#5397) This adds support for LDAP unix sockets using the ldapi scheme. In addition it improves all of the address related parsing significantly deprecating old options. Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-07 06:39:17 +00:00
assert.Equal(t, "smtp://10.10.10.10:1025", config.Notifier.SMTP.Address.String())
feat(configuration): file filters (#4515) This adds experimental file filters which are not guaranteed under our stability policies. These filters take effect after reading the files and before parsing their content.
2022-12-21 09:48:14 +00:00
assert.Equal(t, "10.10.10.10", config.Session.Redis.Host)
test: add test for 2329 expand-env (#4870) This adds a test for https://github.com/authelia/authelia/issues/2329#issuecomment-1414201785
2023-02-02 23:36:38 +00:00
require.Len(t, config.IdentityProviders.OIDC.Clients, 3)
assert.Equal(t, "$plaintext$example-abc", config.IdentityProviders.OIDC.Clients[0].Secret.String())
assert.Equal(t, "$plaintext$example-xyz", config.IdentityProviders.OIDC.Clients[1].Secret.String())
assert.Equal(t, "$plaintext$example-123", config.IdentityProviders.OIDC.Clients[2].Secret.String())
feat(configuration): file filters (#4515) This adds experimental file filters which are not guaranteed under our stability policies. These filters take effect after reading the files and before parsing their content.
2022-12-21 09:48:14 +00:00
}
feat(configuration): replace viper with koanf (#2053) This commit replaces github.com/spf13/viper with github.com/knadh/koanf. Koanf is very similar library to viper, with less dependencies and several quality of life differences. This also allows most config options to be defined by ENV. Lastly it also enables the use of split configuration files which can be configured by setting the --config flag multiple times. Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-08-03 09:55:21 +00:00
func TestShouldNotIgnoreInvalidEnvs(t *testing.T) {
feat: webauthn (#2707) This implements Webauthn. Old devices can be used to authenticate via the appid compatibility layer which should be automatic. New devices will be registered via Webauthn, and devices which do not support FIDO2 will no longer be able to be registered. At this time it does not fully support multiple devices (backend does, frontend doesn't allow registration of additional devices). Does not support passwordless.
2022-03-03 11:20:43 +00:00
testSetEnv(t, "SESSION_SECRET", "an env session secret")
testSetEnv(t, "STORAGE_MYSQL_PASSWORD", "an env storage mysql password")
testSetEnv(t, "STORAGE_MYSQL", "a bad env")
testSetEnv(t, "JWT_SECRET", "an env jwt secret")
testSetEnv(t, "AUTHENTICATION_BACKEND_LDAP_PASSWORD", "an env authentication backend ldap password")
feat(authentication): suport ldap over unix socket (#5397) This adds support for LDAP unix sockets using the ldapi scheme. In addition it improves all of the address related parsing significantly deprecating old options. Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-07 06:39:17 +00:00
testSetEnv(t, "AUTHENTICATION_BACKEND_LDAP_ADDRESS", "an env authentication backend ldap password")
feat(configuration): replace viper with koanf (#2053) This commit replaces github.com/spf13/viper with github.com/knadh/koanf. Koanf is very similar library to viper, with less dependencies and several quality of life differences. This also allows most config options to be defined by ENV. Lastly it also enables the use of split configuration files which can be configured by setting the --config flag multiple times. Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-08-03 09:55:21 +00:00
val := schema.NewStructValidator()
keys, _, err := Load(val, NewDefaultSources([]string{"./test_resources/config.yml"}, DefaultEnvPrefix, DefaultEnvDelimiter)...)
assert.NoError(t, err)
validator.ValidateKeys(keys, DefaultEnvPrefix, val)
require.Len(t, val.Warnings(), 1)
feat(authentication): suport ldap over unix socket (#5397) This adds support for LDAP unix sockets using the ldapi scheme. In addition it improves all of the address related parsing significantly deprecating old options. Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-07 06:39:17 +00:00
assert.Len(t, val.Errors(), 1)
feat(configuration): replace viper with koanf (#2053) This commit replaces github.com/spf13/viper with github.com/knadh/koanf. Koanf is very similar library to viper, with less dependencies and several quality of life differences. This also allows most config options to be defined by ENV. Lastly it also enables the use of split configuration files which can be configured by setting the --config flag multiple times. Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-08-03 09:55:21 +00:00
assert.EqualError(t, val.Warnings()[0], fmt.Sprintf("configuration environment variable not expected: %sSTORAGE_MYSQL", DefaultEnvPrefix))
feat(authentication): suport ldap over unix socket (#5397) This adds support for LDAP unix sockets using the ldapi scheme. In addition it improves all of the address related parsing significantly deprecating old options. Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-07 06:39:17 +00:00
assert.EqualError(t, val.Errors()[0], "error occurred during unmarshalling configuration: 1 error(s) decoding:\n\n* error decoding 'authentication_backend.ldap.address': could not decode 'an env authentication backend ldap password' to a *schema.AddressLDAP: could not parse string 'an env authentication backend ldap password' as address: expected format is [<scheme>://]<hostname>[:<port>]: parse \"ldaps://an env authentication backend ldap password\": invalid character \" \" in host name")
feat(configuration): replace viper with koanf (#2053) This commit replaces github.com/spf13/viper with github.com/knadh/koanf. Koanf is very similar library to viper, with less dependencies and several quality of life differences. This also allows most config options to be defined by ENV. Lastly it also enables the use of split configuration files which can be configured by setting the --config flag multiple times. Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-08-03 09:55:21 +00:00
}
func TestShouldValidateAndRaiseErrorsOnNormalConfigurationAndSecret(t *testing.T) {
feat: webauthn (#2707) This implements Webauthn. Old devices can be used to authenticate via the appid compatibility layer which should be automatic. New devices will be registered via Webauthn, and devices which do not support FIDO2 will no longer be able to be registered. At this time it does not fully support multiple devices (backend does, frontend doesn't allow registration of additional devices). Does not support passwordless.
2022-03-03 11:20:43 +00:00
testSetEnv(t, "SESSION_SECRET", "an env session secret")
testSetEnv(t, "SESSION_SECRET_FILE", "./test_resources/example_secret")
testSetEnv(t, "STORAGE_MYSQL_PASSWORD", "an env storage mysql password")
testSetEnv(t, "JWT_SECRET_FILE", "./test_resources/example_secret")
testSetEnv(t, "AUTHENTICATION_BACKEND_LDAP_PASSWORD", "an env authentication backend ldap password")
testSetEnv(t, "STORAGE_ENCRYPTION_KEY", "a_very_bad_encryption_key")
feat(configuration): replace viper with koanf (#2053) This commit replaces github.com/spf13/viper with github.com/knadh/koanf. Koanf is very similar library to viper, with less dependencies and several quality of life differences. This also allows most config options to be defined by ENV. Lastly it also enables the use of split configuration files which can be configured by setting the --config flag multiple times. Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-08-03 09:55:21 +00:00
val := schema.NewStructValidator()
_, config, err := Load(val, NewDefaultSources([]string{"./test_resources/config.yml"}, DefaultEnvPrefix, DefaultEnvDelimiter)...)
assert.NoError(t, err)
require.Len(t, val.Errors(), 1)
assert.Len(t, val.Warnings(), 0)
assert.EqualError(t, val.Errors()[0], "secrets: error loading secret into key 'session.secret': it's already defined in other configuration sources")
assert.Equal(t, "example_secret value", config.JWTSecret)
assert.Equal(t, "example_secret value", config.Session.Secret)
assert.Equal(t, "an env storage mysql password", config.Storage.MySQL.Password)
assert.Equal(t, "an env authentication backend ldap password", config.AuthenticationBackend.LDAP.Password)
feat(storage): encrypted secret values (#2588) This adds an AES-GCM 256bit encryption layer for storage for sensitive items. This is only TOTP secrets for the time being but this may be expanded later. This will require a configuration change as per https://www.authelia.com/docs/configuration/migration.html#4330. Closes #682
2021-11-25 01:56:58 +00:00
assert.Equal(t, "a_very_bad_encryption_key", config.Storage.EncryptionKey)
feat(configuration): replace viper with koanf (#2053) This commit replaces github.com/spf13/viper with github.com/knadh/koanf. Koanf is very similar library to viper, with less dependencies and several quality of life differences. This also allows most config options to be defined by ENV. Lastly it also enables the use of split configuration files which can be configured by setting the --config flag multiple times. Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-08-03 09:55:21 +00:00
}
func TestShouldRaiseIOErrOnUnreadableFile(t *testing.T) {
if runtime.GOOS == constWindows {
t.Skip("skipping test due to being on windows")
}
test: use testing tempdir tooling (#4468) This commit replaces `os.MkdirTemp` with `t.TempDir` in tests. The directory created by `t.TempDir` is automatically removed when the test and all its subtests complete. Prior to this commit, temporary directory created using `os.MkdirTemp` needs to be removed manually by calling `os.RemoveAll`, which is omitted in some tests. The error handling boilerplate e.g. defer func() { if err := os.RemoveAll(dir); err != nil { t.Fatal(err) } } is also tedious, but `t.TempDir` handles this for us nicely. Reference: https://pkg.go.dev/testing#T.TempDir Signed-off-by: Eng Zer Jun <engzerjun@gmail.com> Signed-off-by: Eng Zer Jun <engzerjun@gmail.com> Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2022-12-04 09:57:28 +00:00
dir := t.TempDir()
feat(configuration): replace viper with koanf (#2053) This commit replaces github.com/spf13/viper with github.com/knadh/koanf. Koanf is very similar library to viper, with less dependencies and several quality of life differences. This also allows most config options to be defined by ENV. Lastly it also enables the use of split configuration files which can be configured by setting the --config flag multiple times. Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-08-03 09:55:21 +00:00
assert.NoError(t, os.WriteFile(filepath.Join(dir, "myconf.yml"), []byte("server:\n port: 9091\n"), 0000))
cfg := filepath.Join(dir, "myconf.yml")
val := schema.NewStructValidator()
feat(configuration): load config from directory (#4616) This allows specifying paths to a combination of files and directories with the --config option provided none of the specified file paths reside directly inside one of the specified directory paths. The directory paths are not recursive, and load .yml and .yaml files at this time.
2022-12-22 06:34:20 +00:00
_, _, err := Load(val, NewFileSource(cfg))
feat(configuration): replace viper with koanf (#2053) This commit replaces github.com/spf13/viper with github.com/knadh/koanf. Koanf is very similar library to viper, with less dependencies and several quality of life differences. This also allows most config options to be defined by ENV. Lastly it also enables the use of split configuration files which can be configured by setting the --config flag multiple times. Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-08-03 09:55:21 +00:00
assert.NoError(t, err)
require.Len(t, val.Errors(), 1)
assert.Len(t, val.Warnings(), 0)
feat(configuration): load config from directory (#4616) This allows specifying paths to a combination of files and directories with the --config option provided none of the specified file paths reside directly inside one of the specified directory paths. The directory paths are not recursive, and load .yml and .yaml files at this time.
2022-12-22 06:34:20 +00:00
assert.EqualError(t, val.Errors()[0], fmt.Sprintf("failed to load configuration from file path(%s) source: open %s: permission denied", cfg, cfg))
feat(configuration): replace viper with koanf (#2053) This commit replaces github.com/spf13/viper with github.com/knadh/koanf. Koanf is very similar library to viper, with less dependencies and several quality of life differences. This also allows most config options to be defined by ENV. Lastly it also enables the use of split configuration files which can be configured by setting the --config flag multiple times. Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-08-03 09:55:21 +00:00
}
func TestShouldValidateConfigurationWithEnvSecrets(t *testing.T) {
feat: webauthn (#2707) This implements Webauthn. Old devices can be used to authenticate via the appid compatibility layer which should be automatic. New devices will be registered via Webauthn, and devices which do not support FIDO2 will no longer be able to be registered. At this time it does not fully support multiple devices (backend does, frontend doesn't allow registration of additional devices). Does not support passwordless.
2022-03-03 11:20:43 +00:00
testSetEnv(t, "SESSION_SECRET_FILE", "./test_resources/example_secret")
testSetEnv(t, "STORAGE_MYSQL_PASSWORD_FILE", "./test_resources/example_secret")
testSetEnv(t, "JWT_SECRET_FILE", "./test_resources/example_secret")
testSetEnv(t, "AUTHENTICATION_BACKEND_LDAP_PASSWORD_FILE", "./test_resources/example_secret")
testSetEnv(t, "STORAGE_ENCRYPTION_KEY_FILE", "./test_resources/example_secret")
feat(configuration): replace viper with koanf (#2053) This commit replaces github.com/spf13/viper with github.com/knadh/koanf. Koanf is very similar library to viper, with less dependencies and several quality of life differences. This also allows most config options to be defined by ENV. Lastly it also enables the use of split configuration files which can be configured by setting the --config flag multiple times. Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-08-03 09:55:21 +00:00
val := schema.NewStructValidator()
_, config, err := Load(val, NewDefaultSources([]string{"./test_resources/config.yml"}, DefaultEnvPrefix, DefaultEnvDelimiter)...)
assert.NoError(t, err)
assert.Len(t, val.Errors(), 0)
assert.Len(t, val.Warnings(), 0)
assert.Equal(t, "example_secret value", config.JWTSecret)
assert.Equal(t, "example_secret value", config.Session.Secret)
assert.Equal(t, "example_secret value", config.AuthenticationBackend.LDAP.Password)
assert.Equal(t, "example_secret value", config.Storage.MySQL.Password)
feat(storage): encrypted secret values (#2588) This adds an AES-GCM 256bit encryption layer for storage for sensitive items. This is only TOTP secrets for the time being but this may be expanded later. This will require a configuration change as per https://www.authelia.com/docs/configuration/migration.html#4330. Closes #682
2021-11-25 01:56:58 +00:00
assert.Equal(t, "example_secret value", config.Storage.EncryptionKey)
feat(configuration): replace viper with koanf (#2053) This commit replaces github.com/spf13/viper with github.com/knadh/koanf. Koanf is very similar library to viper, with less dependencies and several quality of life differences. This also allows most config options to be defined by ENV. Lastly it also enables the use of split configuration files which can be configured by setting the --config flag multiple times. Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-08-03 09:55:21 +00:00
}
feat(oidc): provide cors config including options handlers (#3005) This adjusts the CORS headers appropriately for OpenID Connect. This includes responding to OPTIONS requests appropriately. Currently this is only configured to operate when the Origin scheme is HTTPS; but can easily be expanded in the future to include additional Origins.
2022-04-07 00:58:51 +00:00
func TestShouldLoadURLList(t *testing.T) {
val := schema.NewStructValidator()
keys, config, err := Load(val, NewDefaultSources([]string{"./test_resources/config_oidc.yml"}, DefaultEnvPrefix, DefaultEnvDelimiter)...)
assert.NoError(t, err)
validator.ValidateKeys(keys, DefaultEnvPrefix, val)
assert.Len(t, val.Errors(), 0)
assert.Len(t, val.Warnings(), 0)
require.Len(t, config.IdentityProviders.OIDC.CORS.AllowedOrigins, 2)
assert.Equal(t, "https://google.com", config.IdentityProviders.OIDC.CORS.AllowedOrigins[0].String())
assert.Equal(t, "https://example.com", config.IdentityProviders.OIDC.CORS.AllowedOrigins[1].String())
}
feat(authentication): ldap memberof group search (#5418) Introduces the concept of group search mode into the LDAP configuration. This also adds the filter and memberof search modes. The full description of these is included in the docs but the filter mode is the same mode as previous which is also the default and recommended value. The memberof mode should only be used by users who are aware of how the concept works as per the docs. Closes #2161 Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-06-18 04:40:38 +00:00
func TestShouldDisableOIDCEntropy(t *testing.T) {
val := schema.NewStructValidator()
keys, config, err := Load(val, NewDefaultSources([]string{"./test_resources/config_oidc_disable_entropy.yml"}, DefaultEnvPrefix, DefaultEnvDelimiter)...)
assert.NoError(t, err)
validator.ValidateKeys(keys, DefaultEnvPrefix, val)
assert.Len(t, val.Errors(), 0)
assert.Len(t, val.Warnings(), 0)
assert.Equal(t, -1, config.IdentityProviders.OIDC.MinimumParameterEntropy)
validator.ValidateIdentityProviders(&config.IdentityProviders, val)
assert.Len(t, val.Errors(), 1)
require.Len(t, val.Warnings(), 2)
assert.EqualError(t, val.Warnings()[0], "identity_providers: oidc: option 'minimum_parameter_entropy' is disabled which is considered unsafe and insecure")
assert.Equal(t, -1, config.IdentityProviders.OIDC.MinimumParameterEntropy)
}
feat(oidc): implicit consent (#4080) This adds multiple consent modes to OpenID Connect clients. Specifically it allows configuration of a new consent mode called implicit which never asks for user consent.
2022-10-20 02:16:36 +00:00
func TestShouldConfigureConsent(t *testing.T) {
val := schema.NewStructValidator()
keys, config, err := Load(val, NewDefaultSources([]string{"./test_resources/config_oidc.yml"}, DefaultEnvPrefix, DefaultEnvDelimiter)...)
assert.NoError(t, err)
validator.ValidateKeys(keys, DefaultEnvPrefix, val)
assert.Len(t, val.Errors(), 0)
assert.Len(t, val.Warnings(), 0)
require.Len(t, config.IdentityProviders.OIDC.Clients, 1)
assert.Equal(t, config.IdentityProviders.OIDC.Clients[0].ConsentMode, "explicit")
feat(oidc): private_key_jwt client auth (#5280) This adds support for the private_key_jwt client authentication method. Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com> Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2023-05-15 00:32:10 +00:00
assert.Equal(t, "none", config.IdentityProviders.OIDC.Clients[0].UserinfoSigningAlg)
feat(oidc): implicit consent (#4080) This adds multiple consent modes to OpenID Connect clients. Specifically it allows configuration of a new consent mode called implicit which never asks for user consent.
2022-10-20 02:16:36 +00:00
}
feat(configuration): replace viper with koanf (#2053) This commit replaces github.com/spf13/viper with github.com/knadh/koanf. Koanf is very similar library to viper, with less dependencies and several quality of life differences. This also allows most config options to be defined by ENV. Lastly it also enables the use of split configuration files which can be configured by setting the --config flag multiple times. Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-08-03 09:55:21 +00:00
func TestShouldValidateAndRaiseErrorsOnBadConfiguration(t *testing.T) {
feat: webauthn (#2707) This implements Webauthn. Old devices can be used to authenticate via the appid compatibility layer which should be automatic. New devices will be registered via Webauthn, and devices which do not support FIDO2 will no longer be able to be registered. At this time it does not fully support multiple devices (backend does, frontend doesn't allow registration of additional devices). Does not support passwordless.
2022-03-03 11:20:43 +00:00
testSetEnv(t, "SESSION_SECRET", "abc")
testSetEnv(t, "STORAGE_MYSQL_PASSWORD", "abc")
testSetEnv(t, "JWT_SECRET", "abc")
testSetEnv(t, "AUTHENTICATION_BACKEND_LDAP_PASSWORD", "abc")
feat(configuration): replace viper with koanf (#2053) This commit replaces github.com/spf13/viper with github.com/knadh/koanf. Koanf is very similar library to viper, with less dependencies and several quality of life differences. This also allows most config options to be defined by ENV. Lastly it also enables the use of split configuration files which can be configured by setting the --config flag multiple times. Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-08-03 09:55:21 +00:00
val := schema.NewStructValidator()
feat(configuration): automatically map old keys (#3199) This performs automatic remapping of deprecated configuration keys in most situations.
2022-06-28 03:15:50 +00:00
keys, c, err := Load(val, NewDefaultSources([]string{"./test_resources/config_bad_keys.yml"}, DefaultEnvPrefix, DefaultEnvDelimiter)...)
feat(configuration): replace viper with koanf (#2053) This commit replaces github.com/spf13/viper with github.com/knadh/koanf. Koanf is very similar library to viper, with less dependencies and several quality of life differences. This also allows most config options to be defined by ENV. Lastly it also enables the use of split configuration files which can be configured by setting the --config flag multiple times. Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-08-03 09:55:21 +00:00
assert.NoError(t, err)
validator.ValidateKeys(keys, DefaultEnvPrefix, val)
feat(configuration): automatically map old keys (#3199) This performs automatic remapping of deprecated configuration keys in most situations.
2022-06-28 03:15:50 +00:00
require.Len(t, val.Errors(), 1)
require.Len(t, val.Warnings(), 1)
feat(configuration): replace viper with koanf (#2053) This commit replaces github.com/spf13/viper with github.com/knadh/koanf. Koanf is very similar library to viper, with less dependencies and several quality of life differences. This also allows most config options to be defined by ENV. Lastly it also enables the use of split configuration files which can be configured by setting the --config flag multiple times. Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-08-03 09:55:21 +00:00
assert.EqualError(t, val.Errors()[0], "configuration key not expected: loggy_file")
feat(configuration): automatically map old keys (#3199) This performs automatic remapping of deprecated configuration keys in most situations.
2022-06-28 03:15:50 +00:00
assert.EqualError(t, val.Warnings()[0], "configuration key 'logs_level' is deprecated in 4.7.0 and has been replaced by 'log.level': this has been automatically mapped for you but you will need to adjust your configuration to remove this message")
assert.Equal(t, "debug", c.Log.Level)
feat(configuration): replace viper with koanf (#2053) This commit replaces github.com/spf13/viper with github.com/knadh/koanf. Koanf is very similar library to viper, with less dependencies and several quality of life differences. This also allows most config options to be defined by ENV. Lastly it also enables the use of split configuration files which can be configured by setting the --config flag multiple times. Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-08-03 09:55:21 +00:00
}
feat(authentication): suport ldap over unix socket (#5397) This adds support for LDAP unix sockets using the ldapi scheme. In addition it improves all of the address related parsing significantly deprecating old options. Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-07 06:39:17 +00:00
func TestShouldValidateDeprecatedEnvNames(t *testing.T) {
testSetEnv(t, "AUTHENTICATION_BACKEND_LDAP_URL", "ldap://from-env")
val := schema.NewStructValidator()
keys, c, err := Load(val, NewDefaultSources([]string{"./test_resources/config.yml"}, DefaultEnvPrefix, DefaultEnvDelimiter)...)
assert.NoError(t, err)
validator.ValidateKeys(keys, DefaultEnvPrefix, val)
assert.Len(t, val.Errors(), 0)
require.Len(t, val.Warnings(), 1)
assert.EqualError(t, val.Warnings()[0], "configuration key 'authentication_backend.ldap.url' is deprecated in 4.38.0 and has been replaced by 'authentication_backend.ldap.address': this has not been automatically mapped for you because the replacement key also exists and you will need to adjust your configuration to remove this message")
assert.Equal(t, "ldap://127.0.0.1:389", c.AuthenticationBackend.LDAP.Address.String())
}
func TestShouldValidateDeprecatedEnvNamesWithDeprecatedKeys(t *testing.T) {
testSetEnv(t, "AUTHENTICATION_BACKEND_LDAP_URL", "ldap://from-env")
val := schema.NewStructValidator()
keys, c, err := Load(val, NewDefaultSources([]string{"./test_resources/config.deprecated.yml"}, DefaultEnvPrefix, DefaultEnvDelimiter)...)
assert.NoError(t, err)
validator.ValidateKeys(keys, DefaultEnvPrefix, val)
assert.Len(t, val.Errors(), 0)
warnings := val.Warnings()
refactor: path from address (#5492) Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-30 08:21:19 +00:00
require.Len(t, warnings, 10)
feat(authentication): suport ldap over unix socket (#5397) This adds support for LDAP unix sockets using the ldapi scheme. In addition it improves all of the address related parsing significantly deprecating old options. Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-07 06:39:17 +00:00
sort.Sort(utils.ErrSliceSortAlphabetical(warnings))
assert.EqualError(t, warnings[0], "configuration key 'authentication_backend.ldap.url' is deprecated in 4.38.0 and has been replaced by 'authentication_backend.ldap.address': this has been automatically mapped for you but you will need to adjust your configuration to remove this message")
refactor: path from address (#5492) Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-30 08:21:19 +00:00
assert.EqualError(t, warnings[1], "configuration key 'notifier.smtp.host' is deprecated in 4.38.0 and has been replaced by 'notifier.smtp.address' when combined with the 'notifier.smtp.port' in the format of '[tcp://]<hostname>[:<port>]': this should be automatically mapped for you but you will need to adjust your configuration to remove this message")
assert.EqualError(t, warnings[2], "configuration key 'notifier.smtp.port' is deprecated in 4.38.0 and has been replaced by 'notifier.smtp.address' when combined with the 'notifier.smtp.host' in the format of '[tcp://]<hostname>[:<port>]': this should be automatically mapped for you but you will need to adjust your configuration to remove this message")
assert.EqualError(t, warnings[3], "configuration key 'server.host' is deprecated in 4.38.0 and has been replaced by 'server.address' when combined with the 'server.port' and 'server.path' in the format of '[tcp[(4|6)]://]<hostname>[:<port>][/<path>]' or 'tcp[(4|6)://][hostname]:<port>[/<path>]': this should be automatically mapped for you but you will need to adjust your configuration to remove this message")
assert.EqualError(t, warnings[4], "configuration key 'server.path' is deprecated in 4.38.0 and has been replaced by 'server.address' when combined with the 'server.host' and 'server.port' in the format of '[tcp[(4|6)]://]<hostname>[:<port>][/<path>]' or 'tcp[(4|6)://][hostname]:<port>[/<path>]': this should be automatically mapped for you but you will need to adjust your configuration to remove this message")
assert.EqualError(t, warnings[5], "configuration key 'server.port' is deprecated in 4.38.0 and has been replaced by 'server.address' when combined with the 'server.host' and 'server.path' in the format of '[tcp[(4|6)]://]<hostname>[:<port>][/<path>]' or 'tcp[(4|6)://][hostname]:<port>[/<path>]': this should be automatically mapped for you but you will need to adjust your configuration to remove this message")
assert.EqualError(t, warnings[6], "configuration key 'storage.mysql.host' is deprecated in 4.38.0 and has been replaced by 'storage.mysql.address' when combined with the 'storage.mysql.port' in the format of '[tcp://]<hostname>[:<port>]': this should be automatically mapped for you but you will need to adjust your configuration to remove this message")
assert.EqualError(t, warnings[7], "configuration key 'storage.mysql.port' is deprecated in 4.38.0 and has been replaced by 'storage.mysql.address' when combined with the 'storage.mysql.host' in the format of '[tcp://]<hostname>[:<port>]': this should be automatically mapped for you but you will need to adjust your configuration to remove this message")
assert.EqualError(t, warnings[8], "configuration key 'storage.postgres.host' is deprecated in 4.38.0 and has been replaced by 'storage.postgres.address' when combined with the 'storage.postgres.port' in the format of '[tcp://]<hostname>[:<port>]': this should be automatically mapped for you but you will need to adjust your configuration to remove this message")
assert.EqualError(t, warnings[9], "configuration key 'storage.postgres.port' is deprecated in 4.38.0 and has been replaced by 'storage.postgres.address' when combined with the 'storage.postgres.host' in the format of '[tcp://]<hostname>[:<port>]': this should be automatically mapped for you but you will need to adjust your configuration to remove this message")
feat(authentication): suport ldap over unix socket (#5397) This adds support for LDAP unix sockets using the ldapi scheme. In addition it improves all of the address related parsing significantly deprecating old options. Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-07 06:39:17 +00:00
assert.Equal(t, "ldap://from-env:389", c.AuthenticationBackend.LDAP.Address.String())
}
fix(notifier): force use of sender email in smtp from cmd (#2616) This change addresses an issue with the usage of the full sender configuration option in the MAIL FROM SMTP command. If a user includes a name in the sender this shouldn't be sent in the MAIL FROM command, instead we should extract it and use just the email portion. Fixes #2571
2021-11-30 11:15:21 +00:00
func TestShouldRaiseErrOnInvalidNotifierSMTPSender(t *testing.T) {
val := schema.NewStructValidator()
keys, _, err := Load(val, NewDefaultSources([]string{"./test_resources/config_smtp_sender_invalid.yml"}, DefaultEnvPrefix, DefaultEnvDelimiter)...)
assert.NoError(t, err)
validator.ValidateKeys(keys, DefaultEnvPrefix, val)
require.Len(t, val.Errors(), 1)
assert.Len(t, val.Warnings(), 0)
refactor(configuration): decode_hooks blackbox and better testing (#3097)
2022-04-03 12:44:52 +00:00
assert.EqualError(t, val.Errors()[0], "error occurred during unmarshalling configuration: 1 error(s) decoding:\n\n* error decoding 'notifier.smtp.sender': could not decode 'admin' to a mail.Address (RFC5322): mail: missing '@' or angle-addr")
fix(notifier): force use of sender email in smtp from cmd (#2616) This change addresses an issue with the usage of the full sender configuration option in the MAIL FROM SMTP command. If a user includes a name in the sender this shouldn't be sent in the MAIL FROM command, instead we should extract it and use just the email portion. Fixes #2571
2021-11-30 11:15:21 +00:00
}
func TestShouldHandleErrInvalidatorWhenSMTPSenderBlank(t *testing.T) {
val := schema.NewStructValidator()
keys, config, err := Load(val, NewDefaultSources([]string{"./test_resources/config_smtp_sender_blank.yml"}, DefaultEnvPrefix, DefaultEnvDelimiter)...)
assert.NoError(t, err)
validator.ValidateKeys(keys, DefaultEnvPrefix, val)
assert.Len(t, val.Errors(), 0)
assert.Len(t, val.Warnings(), 0)
assert.Equal(t, "", config.Notifier.SMTP.Sender.Name)
assert.Equal(t, "", config.Notifier.SMTP.Sender.Address)
fix(configuration): mail address decode hook func (#2790) This fixes an issue with the mail address decode hook func which previously would attempt to decode any struct type to a mail address.
2022-01-15 02:01:40 +00:00
refactor(configuration): remove ptr for duoapi and notifier (#3200) This adds to the ongoing effort to remove all pointers to structs in the configuration without breaking backwards compatibility.
2022-04-15 23:34:26 +00:00
validator.ValidateNotifier(&config.Notifier, val)
fix(configuration): mail address decode hook func (#2790) This fixes an issue with the mail address decode hook func which previously would attempt to decode any struct type to a mail address.
2022-01-15 02:01:40 +00:00
require.Len(t, val.Errors(), 1)
assert.Len(t, val.Warnings(), 0)
feat(commands): add access-control check-policy command (#2871) This adds an access-control command that checks the policy enforcement for a given criteria using a configuration file and refactors the configuration validation command to include all configuration sources.
2022-02-28 03:15:01 +00:00
assert.EqualError(t, val.Errors()[0], "notifier: smtp: option 'sender' is required")
fix(configuration): mail address decode hook func (#2790) This fixes an issue with the mail address decode hook func which previously would attempt to decode any struct type to a mail address.
2022-01-15 02:01:40 +00:00
}
func TestShouldDecodeSMTPSenderWithoutName(t *testing.T) {
val := schema.NewStructValidator()
keys, config, err := Load(val, NewDefaultSources([]string{"./test_resources/config.yml"}, DefaultEnvPrefix, DefaultEnvDelimiter)...)
assert.NoError(t, err)
validator.ValidateKeys(keys, DefaultEnvPrefix, val)
assert.Len(t, val.Errors(), 0)
assert.Len(t, val.Warnings(), 0)
assert.Equal(t, "", config.Notifier.SMTP.Sender.Name)
assert.Equal(t, "admin@example.com", config.Notifier.SMTP.Sender.Address)
}
func TestShouldDecodeSMTPSenderWithName(t *testing.T) {
val := schema.NewStructValidator()
keys, config, err := Load(val, NewDefaultSources([]string{"./test_resources/config_alt.yml"}, DefaultEnvPrefix, DefaultEnvDelimiter)...)
assert.NoError(t, err)
validator.ValidateKeys(keys, DefaultEnvPrefix, val)
assert.Len(t, val.Errors(), 0)
assert.Len(t, val.Warnings(), 0)
assert.Equal(t, "Admin", config.Notifier.SMTP.Sender.Name)
assert.Equal(t, "admin@example.com", config.Notifier.SMTP.Sender.Address)
feat(session): multiple session cookie domains (#3754) This adds support to configure multiple session cookie domains. Closes #1198 Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com> Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2023-01-12 10:57:44 +00:00
assert.Equal(t, schema.RememberMeDisabled, config.Session.RememberMe)
fix(notifier): force use of sender email in smtp from cmd (#2616) This change addresses an issue with the usage of the full sender configuration option in the MAIL FROM SMTP command. If a user includes a name in the sender this shouldn't be sent in the MAIL FROM command, instead we should extract it and use just the email portion. Fixes #2571
2021-11-30 11:15:21 +00:00
}
feat(authorization): domain regex match with named groups (#2789) This adds an option to match domains by regex including two special named matching groups. User matches the username of the user, and Group matches the groups a user is a member of. These are both case-insensitive and you can see examples in the docs.
2022-04-01 11:38:49 +00:00
func TestShouldParseRegex(t *testing.T) {
val := schema.NewStructValidator()
keys, config, err := Load(val, NewDefaultSources([]string{"./test_resources/config_domain_regex.yml"}, DefaultEnvPrefix, DefaultEnvDelimiter)...)
assert.NoError(t, err)
validator.ValidateKeys(keys, DefaultEnvPrefix, val)
assert.Len(t, val.Errors(), 0)
assert.Len(t, val.Warnings(), 0)
validator.ValidateRules(config, val)
assert.Len(t, val.Errors(), 0)
assert.Len(t, val.Warnings(), 0)
assert.Len(t, config.AccessControl.Rules[0].DomainsRegex[0].SubexpNames(), 2)
assert.Equal(t, "", config.AccessControl.Rules[0].DomainsRegex[0].SubexpNames()[0])
assert.Equal(t, "", config.AccessControl.Rules[0].DomainsRegex[0].SubexpNames()[1])
assert.Len(t, config.AccessControl.Rules[1].DomainsRegex[0].SubexpNames(), 2)
assert.Equal(t, "", config.AccessControl.Rules[1].DomainsRegex[0].SubexpNames()[0])
assert.Equal(t, "User", config.AccessControl.Rules[1].DomainsRegex[0].SubexpNames()[1])
assert.Len(t, config.AccessControl.Rules[2].DomainsRegex[0].SubexpNames(), 3)
assert.Equal(t, "", config.AccessControl.Rules[2].DomainsRegex[0].SubexpNames()[0])
assert.Equal(t, "User", config.AccessControl.Rules[2].DomainsRegex[0].SubexpNames()[1])
assert.Equal(t, "Group", config.AccessControl.Rules[2].DomainsRegex[0].SubexpNames()[2])
}
func TestShouldErrOnParseInvalidRegex(t *testing.T) {
val := schema.NewStructValidator()
keys, _, err := Load(val, NewDefaultSources([]string{"./test_resources/config_domain_bad_regex.yml"}, DefaultEnvPrefix, DefaultEnvDelimiter)...)
assert.NoError(t, err)
validator.ValidateKeys(keys, DefaultEnvPrefix, val)
require.Len(t, val.Errors(), 1)
assert.Len(t, val.Warnings(), 0)
refactor(configuration): decode_hooks blackbox and better testing (#3097)
2022-04-03 12:44:52 +00:00
assert.EqualError(t, val.Errors()[0], "error occurred during unmarshalling configuration: 1 error(s) decoding:\n\n* error decoding 'access_control.rules[0].domain_regex[0]': could not decode '^\\K(public|public2).example.com$' to a regexp.Regexp: error parsing regexp: invalid escape sequence: `\\K`")
feat(authorization): domain regex match with named groups (#2789) This adds an option to match domains by regex including two special named matching groups. User matches the username of the user, and Group matches the groups a user is a member of. These are both case-insensitive and you can see examples in the docs.
2022-04-01 11:38:49 +00:00
}
feat(configuration): replace viper with koanf (#2053) This commit replaces github.com/spf13/viper with github.com/knadh/koanf. Koanf is very similar library to viper, with less dependencies and several quality of life differences. This also allows most config options to be defined by ENV. Lastly it also enables the use of split configuration files which can be configured by setting the --config flag multiple times. Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-08-03 09:55:21 +00:00
func TestShouldNotReadConfigurationOnFSAccessDenied(t *testing.T) {
if runtime.GOOS == constWindows {
t.Skip("skipping test due to being on windows")
}
test: use testing tempdir tooling (#4468) This commit replaces `os.MkdirTemp` with `t.TempDir` in tests. The directory created by `t.TempDir` is automatically removed when the test and all its subtests complete. Prior to this commit, temporary directory created using `os.MkdirTemp` needs to be removed manually by calling `os.RemoveAll`, which is omitted in some tests. The error handling boilerplate e.g. defer func() { if err := os.RemoveAll(dir); err != nil { t.Fatal(err) } } is also tedious, but `t.TempDir` handles this for us nicely. Reference: https://pkg.go.dev/testing#T.TempDir Signed-off-by: Eng Zer Jun <engzerjun@gmail.com> Signed-off-by: Eng Zer Jun <engzerjun@gmail.com> Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2022-12-04 09:57:28 +00:00
dir := t.TempDir()
feat(configuration): replace viper with koanf (#2053) This commit replaces github.com/spf13/viper with github.com/knadh/koanf. Koanf is very similar library to viper, with less dependencies and several quality of life differences. This also allows most config options to be defined by ENV. Lastly it also enables the use of split configuration files which can be configured by setting the --config flag multiple times. Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-08-03 09:55:21 +00:00
cfg := filepath.Join(dir, "config.yml")
assert.NoError(t, testCreateFile(filepath.Join(dir, "config.yml"), "port: 9091\n", 0000))
val := schema.NewStructValidator()
feat(configuration): load config from directory (#4616) This allows specifying paths to a combination of files and directories with the --config option provided none of the specified file paths reside directly inside one of the specified directory paths. The directory paths are not recursive, and load .yml and .yaml files at this time.
2022-12-22 06:34:20 +00:00
_, _, err := Load(val, NewFileSource(cfg))
feat(configuration): replace viper with koanf (#2053) This commit replaces github.com/spf13/viper with github.com/knadh/koanf. Koanf is very similar library to viper, with less dependencies and several quality of life differences. This also allows most config options to be defined by ENV. Lastly it also enables the use of split configuration files which can be configured by setting the --config flag multiple times. Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-08-03 09:55:21 +00:00
assert.NoError(t, err)
require.Len(t, val.Errors(), 1)
feat(configuration): load config from directory (#4616) This allows specifying paths to a combination of files and directories with the --config option provided none of the specified file paths reside directly inside one of the specified directory paths. The directory paths are not recursive, and load .yml and .yaml files at this time.
2022-12-22 06:34:20 +00:00
assert.EqualError(t, val.Errors()[0], fmt.Sprintf("failed to load configuration from file path(%s) source: open %s: permission denied", cfg, cfg))
feat(configuration): replace viper with koanf (#2053) This commit replaces github.com/spf13/viper with github.com/knadh/koanf. Koanf is very similar library to viper, with less dependencies and several quality of life differences. This also allows most config options to be defined by ENV. Lastly it also enables the use of split configuration files which can be configured by setting the --config flag multiple times. Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-08-03 09:55:21 +00:00
}
feat(configuration): load config from directory (#4616) This allows specifying paths to a combination of files and directories with the --config option provided none of the specified file paths reside directly inside one of the specified directory paths. The directory paths are not recursive, and load .yml and .yaml files at this time.
2022-12-22 06:34:20 +00:00
func TestShouldLoadDirectoryConfiguration(t *testing.T) {
test: use testing tempdir tooling (#4468) This commit replaces `os.MkdirTemp` with `t.TempDir` in tests. The directory created by `t.TempDir` is automatically removed when the test and all its subtests complete. Prior to this commit, temporary directory created using `os.MkdirTemp` needs to be removed manually by calling `os.RemoveAll`, which is omitted in some tests. The error handling boilerplate e.g. defer func() { if err := os.RemoveAll(dir); err != nil { t.Fatal(err) } } is also tedious, but `t.TempDir` handles this for us nicely. Reference: https://pkg.go.dev/testing#T.TempDir Signed-off-by: Eng Zer Jun <engzerjun@gmail.com> Signed-off-by: Eng Zer Jun <engzerjun@gmail.com> Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2022-12-04 09:57:28 +00:00
dir := t.TempDir()
feat(configuration): replace viper with koanf (#2053) This commit replaces github.com/spf13/viper with github.com/knadh/koanf. Koanf is very similar library to viper, with less dependencies and several quality of life differences. This also allows most config options to be defined by ENV. Lastly it also enables the use of split configuration files which can be configured by setting the --config flag multiple times. Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-08-03 09:55:21 +00:00
test(configuration): add additional coverage (#4779)
2023-04-13 11:15:28 +00:00
cfg := filepath.Join(dir, "myconf.yml")
assert.NoError(t, testCreateFile(cfg, "server:\n port: 9091\n", 0700))
feat(configuration): replace viper with koanf (#2053) This commit replaces github.com/spf13/viper with github.com/knadh/koanf. Koanf is very similar library to viper, with less dependencies and several quality of life differences. This also allows most config options to be defined by ENV. Lastly it also enables the use of split configuration files which can be configured by setting the --config flag multiple times. Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-08-03 09:55:21 +00:00
val := schema.NewStructValidator()
feat(configuration): load config from directory (#4616) This allows specifying paths to a combination of files and directories with the --config option provided none of the specified file paths reside directly inside one of the specified directory paths. The directory paths are not recursive, and load .yml and .yaml files at this time.
2022-12-22 06:34:20 +00:00
_, _, err := Load(val, NewFileSource(dir))
feat(configuration): replace viper with koanf (#2053) This commit replaces github.com/spf13/viper with github.com/knadh/koanf. Koanf is very similar library to viper, with less dependencies and several quality of life differences. This also allows most config options to be defined by ENV. Lastly it also enables the use of split configuration files which can be configured by setting the --config flag multiple times. Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-08-03 09:55:21 +00:00
assert.NoError(t, err)
feat(configuration): load config from directory (#4616) This allows specifying paths to a combination of files and directories with the --config option provided none of the specified file paths reside directly inside one of the specified directory paths. The directory paths are not recursive, and load .yml and .yaml files at this time.
2022-12-22 06:34:20 +00:00
assert.Len(t, val.Errors(), 0)
feat(server): listen on unix sockets (#5038) This allows listening on unix sockets. Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-07 05:48:26 +00:00
require.Len(t, val.Warnings(), 1)
refactor: path from address (#5492) Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-30 08:21:19 +00:00
assert.EqualError(t, val.Warnings()[0], "configuration key 'server.port' is deprecated in 4.38.0 and has been replaced by 'server.address' when combined with the 'server.host' and 'server.path' in the format of '[tcp[(4|6)]://]<hostname>[:<port>][/<path>]' or 'tcp[(4|6)://][hostname]:<port>[/<path>]': this should be automatically mapped for you but you will need to adjust your configuration to remove this message")
feat(configuration): replace viper with koanf (#2053) This commit replaces github.com/spf13/viper with github.com/knadh/koanf. Koanf is very similar library to viper, with less dependencies and several quality of life differences. This also allows most config options to be defined by ENV. Lastly it also enables the use of split configuration files which can be configured by setting the --config flag multiple times. Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-08-03 09:55:21 +00:00
}
feat: webauthn (#2707) This implements Webauthn. Old devices can be used to authenticate via the appid compatibility layer which should be automatic. New devices will be registered via Webauthn, and devices which do not support FIDO2 will no longer be able to be registered. At this time it does not fully support multiple devices (backend does, frontend doesn't allow registration of additional devices). Does not support passwordless.
2022-03-03 11:20:43 +00:00
func testSetEnv(t *testing.T, key, value string) {
test: use test machinery to set env vars in tests (#4640) This commit replaces `os.Setenv` with `t.Setenv` in tests. The environment variable is automatically restored to its original value when the test and all its subtests complete. Reference: https://pkg.go.dev/testing#T.Setenv Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
2022-12-25 20:16:05 +00:00
t.Setenv(DefaultEnvPrefix+key, value)
feat(configuration): replace viper with koanf (#2053) This commit replaces github.com/spf13/viper with github.com/knadh/koanf. Koanf is very similar library to viper, with less dependencies and several quality of life differences. This also allows most config options to be defined by ENV. Lastly it also enables the use of split configuration files which can be configured by setting the --config flag multiple times. Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-08-03 09:55:21 +00:00
}
func testCreateFile(path, value string, perm os.FileMode) (err error) {
return os.WriteFile(path, []byte(value), perm)
}
test(configuration): add additional coverage (#4779)
2023-04-13 11:15:28 +00:00
func TestShouldErrorOnNoPath(t *testing.T) {
val := schema.NewStructValidator()
_, _, err := Load(val, NewFileSource(""))
assert.NoError(t, err)
assert.Len(t, val.Errors(), 1)
assert.ErrorContains(t, val.Errors()[0], "invalid file path source configuration")
}
func TestShouldErrorOnInvalidPath(t *testing.T) {
dir := t.TempDir()
cfg := filepath.Join(dir, "invalid-folder/config")
val := schema.NewStructValidator()
_, _, err := Load(val, NewFileSource(cfg))
assert.NoError(t, err)
assert.Len(t, val.Errors(), 1)
assert.ErrorContains(t, val.Errors()[0], fmt.Sprintf("stat %s: no such file or directory", cfg))
}
func TestShouldErrorOnDirFSPermissionDenied(t *testing.T) {
if runtime.GOOS == constWindows {
t.Skip("skipping test due to being on windows")
}
dir := t.TempDir()
err := os.Chmod(dir, 0200)
assert.NoError(t, err)
val := schema.NewStructValidator()
_, _, err = Load(val, NewFileSource(dir))
assert.NoError(t, err)
assert.Len(t, val.Errors(), 1)
assert.ErrorContains(t, val.Errors()[0], fmt.Sprintf("open %s: permission denied", dir))
}
func TestShouldSkipDirOnLoad(t *testing.T) {
dir := t.TempDir()
path := filepath.Join(dir, "some-dir")
err := os.Mkdir(path, 0700)
assert.NoError(t, err)
val := schema.NewStructValidator()
_, _, err = Load(val, NewFileSource(dir))
assert.NoError(t, err)
assert.Len(t, val.Errors(), 0)
assert.Len(t, val.Warnings(), 0)
}
func TestShouldFailIfYmlIsInvalid(t *testing.T) {
dir := t.TempDir()
cfg := filepath.Join(dir, "myconf.yml")
assert.NoError(t, testCreateFile(cfg, "an invalid contend\n", 0700))
val := schema.NewStructValidator()
_, _, err := Load(val, NewFileSource(dir))
assert.NoError(t, err)
assert.Len(t, val.Errors(), 1)
assert.ErrorContains(t, val.Errors()[0], "unmarshal errors")
}