2020-02-06 02:53:02 +00:00
package validator
import (
2022-10-22 08:27:59 +00:00
"crypto/tls"
2020-02-06 02:53:02 +00:00
"testing"
"github.com/stretchr/testify/suite"
2020-04-05 12:37:21 +00:00
2021-08-11 01:04:35 +00:00
"github.com/authelia/authelia/v4/internal/configuration/schema"
2020-02-06 02:53:02 +00:00
)
type StorageSuite struct {
suite . Suite
2022-02-28 03:15:01 +00:00
config schema . StorageConfiguration
validator * schema . StructValidator
2020-02-06 02:53:02 +00:00
}
2021-01-04 10:28:55 +00:00
func ( suite * StorageSuite ) SetupTest ( ) {
suite . validator = schema . NewStructValidator ( )
2022-02-28 03:15:01 +00:00
suite . config . EncryptionKey = testEncryptionKey
suite . config . Local = nil
suite . config . PostgreSQL = nil
suite . config . MySQL = nil
2020-02-06 02:53:02 +00:00
}
2021-01-04 10:28:55 +00:00
func ( suite * StorageSuite ) TestShouldValidateOneStorageIsConfigured ( ) {
2022-02-28 03:15:01 +00:00
suite . config . Local = nil
suite . config . PostgreSQL = nil
suite . config . MySQL = nil
2020-02-06 02:53:02 +00:00
2022-02-28 03:15:01 +00:00
ValidateStorage ( suite . config , suite . validator )
2020-02-06 02:53:02 +00:00
2021-12-02 05:36:03 +00:00
suite . Require ( ) . Len ( suite . validator . Warnings ( ) , 0 )
2021-01-04 10:28:55 +00:00
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
2021-12-02 05:36:03 +00:00
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "storage: configuration for a 'local', 'mysql' or 'postgres' database must be provided" )
2020-02-06 02:53:02 +00:00
}
2021-01-04 10:28:55 +00:00
func ( suite * StorageSuite ) TestShouldValidateLocalPathIsProvided ( ) {
2022-02-28 03:15:01 +00:00
suite . config . Local = & schema . LocalStorageConfiguration {
2021-12-02 05:36:03 +00:00
Path : "" ,
}
2021-01-04 10:28:55 +00:00
2022-02-28 03:15:01 +00:00
ValidateStorage ( suite . config , suite . validator )
2021-01-04 10:28:55 +00:00
2021-12-02 05:36:03 +00:00
suite . Require ( ) . Len ( suite . validator . Warnings ( ) , 0 )
2021-01-04 10:28:55 +00:00
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
2022-02-28 03:15:01 +00:00
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "storage: local: option 'path' is required" )
2020-02-06 02:53:02 +00:00
2021-01-04 10:28:55 +00:00
suite . validator . Clear ( )
2022-02-28 03:15:01 +00:00
suite . config . Local . Path = "/myapth"
2020-02-06 02:53:02 +00:00
2022-02-28 03:15:01 +00:00
ValidateStorage ( suite . config , suite . validator )
2020-02-06 02:53:02 +00:00
2021-12-02 05:36:03 +00:00
suite . Require ( ) . Len ( suite . validator . Warnings ( ) , 0 )
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 0 )
2020-02-06 02:53:02 +00:00
}
2021-12-02 05:36:03 +00:00
func ( suite * StorageSuite ) TestShouldValidateMySQLHostUsernamePasswordAndDatabaseAreProvided ( ) {
2022-02-28 03:15:01 +00:00
suite . config . MySQL = & schema . MySQLStorageConfiguration { }
ValidateStorage ( suite . config , suite . validator )
2020-02-06 02:53:02 +00:00
2021-12-02 05:36:03 +00:00
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 3 )
2022-02-28 03:15:01 +00:00
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "storage: mysql: option 'host' is required" )
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 1 ] , "storage: mysql: option 'username' and 'password' are required" )
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 2 ] , "storage: mysql: option 'database' is required" )
2020-02-06 02:53:02 +00:00
2021-01-04 10:28:55 +00:00
suite . validator . Clear ( )
2022-02-28 03:15:01 +00:00
suite . config . MySQL = & schema . MySQLStorageConfiguration {
2020-02-06 02:53:02 +00:00
SQLStorageConfiguration : schema . SQLStorageConfiguration {
2021-12-02 05:36:03 +00:00
Host : "localhost" ,
Username : "myuser" ,
Password : "pass" ,
Database : "database" ,
} ,
}
2022-02-28 03:15:01 +00:00
ValidateStorage ( suite . config , suite . validator )
2021-12-02 05:36:03 +00:00
suite . Require ( ) . Len ( suite . validator . Warnings ( ) , 0 )
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 0 )
}
2022-10-22 08:27:59 +00:00
func ( suite * StorageSuite ) TestShouldSetDefaultMySQLTLSServerName ( ) {
suite . config . MySQL = & schema . MySQLStorageConfiguration {
SQLStorageConfiguration : schema . SQLStorageConfiguration {
Host : "mysql1" ,
Username : "myuser" ,
Password : "pass" ,
Database : "database" ,
} ,
TLS : & schema . TLSConfig {
MinimumVersion : schema . TLSVersion { Value : tls . VersionTLS12 } ,
} ,
}
ValidateStorage ( suite . config , suite . validator )
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
suite . Assert ( ) . Len ( suite . validator . Errors ( ) , 0 )
suite . Assert ( ) . Equal ( suite . config . MySQL . Host , suite . config . MySQL . TLS . ServerName )
}
func ( suite * StorageSuite ) TestShouldRaiseErrorOnInvalidMySQLTLSVersion ( ) {
suite . config . MySQL = & schema . MySQLStorageConfiguration {
SQLStorageConfiguration : schema . SQLStorageConfiguration {
Host : "db1" ,
Username : "myuser" ,
Password : "pass" ,
Database : "database" ,
} ,
TLS : & schema . TLSConfig {
MinimumVersion : schema . TLSVersion { Value : tls . VersionSSL30 } , //nolint:staticcheck
} ,
}
ValidateStorage ( suite . config , suite . validator )
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "storage: mysql: tls: option 'minimum_version' is invalid: minimum version is TLS1.0 but SSL3.0 was configured" )
}
func ( suite * StorageSuite ) TestShouldRaiseErrorOnInvalidMySQLTLSMinVersionGreaterThanMaximum ( ) {
suite . config . MySQL = & schema . MySQLStorageConfiguration {
SQLStorageConfiguration : schema . SQLStorageConfiguration {
Host : "db1" ,
Username : "myuser" ,
Password : "pass" ,
Database : "database" ,
} ,
TLS : & schema . TLSConfig {
MinimumVersion : schema . TLSVersion { Value : tls . VersionTLS13 } ,
MaximumVersion : schema . TLSVersion { Value : tls . VersionTLS11 } ,
} ,
}
ValidateStorage ( suite . config , suite . validator )
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "storage: mysql: tls: option combination of 'minimum_version' and 'maximum_version' is invalid: minimum version TLS1.3 is greater than the maximum version TLS1.1" )
}
2021-12-02 05:36:03 +00:00
func ( suite * StorageSuite ) TestShouldValidatePostgreSQLHostUsernamePasswordAndDatabaseAreProvided ( ) {
2022-02-28 03:15:01 +00:00
suite . config . PostgreSQL = & schema . PostgreSQLStorageConfiguration { }
suite . config . MySQL = nil
ValidateStorage ( suite . config , suite . validator )
2021-12-02 05:36:03 +00:00
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 3 )
2022-02-28 03:15:01 +00:00
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "storage: postgres: option 'host' is required" )
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 1 ] , "storage: postgres: option 'username' and 'password' are required" )
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 2 ] , "storage: postgres: option 'database' is required" )
2021-12-02 05:36:03 +00:00
suite . validator . Clear ( )
2022-02-28 03:15:01 +00:00
suite . config . PostgreSQL = & schema . PostgreSQLStorageConfiguration {
2021-12-02 05:36:03 +00:00
SQLStorageConfiguration : schema . SQLStorageConfiguration {
Host : "postgre" ,
2020-02-06 02:53:02 +00:00
Username : "myuser" ,
Password : "pass" ,
Database : "database" ,
} ,
}
2022-02-28 03:15:01 +00:00
ValidateStorage ( suite . config , suite . validator )
2020-02-06 02:53:02 +00:00
2021-12-02 05:36:03 +00:00
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
suite . Assert ( ) . Len ( suite . validator . Errors ( ) , 0 )
2020-02-06 02:53:02 +00:00
}
2022-10-22 08:27:59 +00:00
func ( suite * StorageSuite ) TestShouldValidatePostgresSchemaDefault ( ) {
2022-02-28 03:15:01 +00:00
suite . config . PostgreSQL = & schema . PostgreSQLStorageConfiguration {
2020-02-06 02:53:02 +00:00
SQLStorageConfiguration : schema . SQLStorageConfiguration {
2021-12-02 05:36:03 +00:00
Host : "db1" ,
2020-02-06 02:53:02 +00:00
Username : "myuser" ,
Password : "pass" ,
Database : "database" ,
} ,
}
2022-02-28 03:15:01 +00:00
ValidateStorage ( suite . config , suite . validator )
2021-01-04 10:28:55 +00:00
2021-12-02 05:36:03 +00:00
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
suite . Assert ( ) . Len ( suite . validator . Errors ( ) , 0 )
2021-01-04 10:28:55 +00:00
2022-10-22 08:27:59 +00:00
suite . Assert ( ) . Nil ( suite . config . PostgreSQL . SSL )
suite . Assert ( ) . Nil ( suite . config . PostgreSQL . TLS )
2022-02-28 03:15:01 +00:00
suite . Assert ( ) . Equal ( "public" , suite . config . PostgreSQL . Schema )
2021-12-03 06:29:55 +00:00
}
2022-10-22 08:27:59 +00:00
func ( suite * StorageSuite ) TestShouldValidatePostgresTLSDefaults ( ) {
suite . config . PostgreSQL = & schema . PostgreSQLStorageConfiguration {
SQLStorageConfiguration : schema . SQLStorageConfiguration {
Host : "db1" ,
Username : "myuser" ,
Password : "pass" ,
Database : "database" ,
} ,
TLS : & schema . TLSConfig { } ,
}
ValidateStorage ( suite . config , suite . validator )
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
suite . Assert ( ) . Len ( suite . validator . Errors ( ) , 0 )
suite . Assert ( ) . Nil ( suite . config . PostgreSQL . SSL )
suite . Require ( ) . NotNil ( suite . config . PostgreSQL . TLS )
suite . Assert ( ) . Equal ( uint16 ( tls . VersionTLS12 ) , suite . config . PostgreSQL . TLS . MinimumVersion . Value )
}
func ( suite * StorageSuite ) TestShouldSetDefaultPostgreSQLTLSServerName ( ) {
suite . config . PostgreSQL = & schema . PostgreSQLStorageConfiguration {
SQLStorageConfiguration : schema . SQLStorageConfiguration {
Host : "mysql1" ,
Username : "myuser" ,
Password : "pass" ,
Database : "database" ,
} ,
TLS : & schema . TLSConfig {
MinimumVersion : schema . TLSVersion { Value : tls . VersionTLS12 } ,
} ,
}
ValidateStorage ( suite . config , suite . validator )
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
suite . Assert ( ) . Len ( suite . validator . Errors ( ) , 0 )
suite . Assert ( ) . Equal ( suite . config . PostgreSQL . Host , suite . config . PostgreSQL . TLS . ServerName )
}
func ( suite * StorageSuite ) TestShouldRaiseErrorOnInvalidPostgreSQLTLSVersion ( ) {
suite . config . PostgreSQL = & schema . PostgreSQLStorageConfiguration {
SQLStorageConfiguration : schema . SQLStorageConfiguration {
Host : "db1" ,
Username : "myuser" ,
Password : "pass" ,
Database : "database" ,
} ,
TLS : & schema . TLSConfig {
MinimumVersion : schema . TLSVersion { Value : tls . VersionSSL30 } , //nolint:staticcheck
} ,
}
ValidateStorage ( suite . config , suite . validator )
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "storage: postgres: tls: option 'minimum_version' is invalid: minimum version is TLS1.0 but SSL3.0 was configured" )
}
func ( suite * StorageSuite ) TestShouldRaiseErrorOnInvalidPostgreSQLMinVersionGreaterThanMaximum ( ) {
suite . config . PostgreSQL = & schema . PostgreSQLStorageConfiguration {
SQLStorageConfiguration : schema . SQLStorageConfiguration {
Host : "db1" ,
Username : "myuser" ,
Password : "pass" ,
Database : "database" ,
} ,
TLS : & schema . TLSConfig {
MinimumVersion : schema . TLSVersion { Value : tls . VersionTLS13 } ,
MaximumVersion : schema . TLSVersion { Value : tls . VersionTLS11 } ,
} ,
}
ValidateStorage ( suite . config , suite . validator )
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "storage: postgres: tls: option combination of 'minimum_version' and 'maximum_version' is invalid: minimum version TLS1.3 is greater than the maximum version TLS1.1" )
}
func ( suite * StorageSuite ) TestShouldValidatePostgresSSLDefaults ( ) {
suite . config . PostgreSQL = & schema . PostgreSQLStorageConfiguration {
SQLStorageConfiguration : schema . SQLStorageConfiguration {
Host : "db1" ,
Username : "myuser" ,
Password : "pass" ,
Database : "database" ,
} ,
SSL : & schema . PostgreSQLSSLStorageConfiguration { } ,
}
ValidateStorage ( suite . config , suite . validator )
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 1 )
suite . Assert ( ) . Len ( suite . validator . Errors ( ) , 0 )
suite . Assert ( ) . NotNil ( suite . config . PostgreSQL . SSL )
suite . Require ( ) . Nil ( suite . config . PostgreSQL . TLS )
suite . Assert ( ) . Equal ( schema . DefaultPostgreSQLStorageConfiguration . SSL . Mode , suite . config . PostgreSQL . SSL . Mode )
}
func ( suite * StorageSuite ) TestShouldRaiseErrorOnTLSAndLegacySSL ( ) {
suite . config . PostgreSQL = & schema . PostgreSQLStorageConfiguration {
SQLStorageConfiguration : schema . SQLStorageConfiguration {
Host : "db1" ,
Username : "myuser" ,
Password : "pass" ,
Database : "database" ,
} ,
SSL : & schema . PostgreSQLSSLStorageConfiguration { } ,
TLS : & schema . TLSConfig { } ,
}
ValidateStorage ( suite . config , suite . validator )
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "storage: postgres: can't define both 'tls' and 'ssl' configuration options" )
}
2021-12-03 06:29:55 +00:00
func ( suite * StorageSuite ) TestShouldValidatePostgresDefaultsDontOverrideConfiguration ( ) {
2022-02-28 03:15:01 +00:00
suite . config . PostgreSQL = & schema . PostgreSQLStorageConfiguration {
2021-12-03 06:29:55 +00:00
SQLStorageConfiguration : schema . SQLStorageConfiguration {
Host : "db1" ,
Username : "myuser" ,
Password : "pass" ,
Database : "database" ,
} ,
Schema : "authelia" ,
2022-10-22 08:27:59 +00:00
SSL : & schema . PostgreSQLSSLStorageConfiguration {
2021-12-03 06:29:55 +00:00
Mode : "require" ,
} ,
}
2022-02-28 03:15:01 +00:00
ValidateStorage ( suite . config , suite . validator )
2021-12-03 06:29:55 +00:00
2022-10-22 08:27:59 +00:00
suite . Require ( ) . Len ( suite . validator . Warnings ( ) , 1 )
2021-12-03 06:29:55 +00:00
suite . Assert ( ) . Len ( suite . validator . Errors ( ) , 0 )
2022-02-28 03:15:01 +00:00
suite . Assert ( ) . Equal ( "require" , suite . config . PostgreSQL . SSL . Mode )
suite . Assert ( ) . Equal ( "authelia" , suite . config . PostgreSQL . Schema )
2022-10-22 08:27:59 +00:00
suite . Assert ( ) . EqualError ( suite . validator . Warnings ( ) [ 0 ] , "storage: postgres: ssl: the ssl configuration options are deprecated and we recommend the tls options instead" )
2020-02-06 02:53:02 +00:00
}
2021-01-04 10:28:55 +00:00
func ( suite * StorageSuite ) TestShouldValidatePostgresSSLModeMustBeValid ( ) {
2022-02-28 03:15:01 +00:00
suite . config . PostgreSQL = & schema . PostgreSQLStorageConfiguration {
2020-02-06 02:53:02 +00:00
SQLStorageConfiguration : schema . SQLStorageConfiguration {
2021-12-02 05:36:03 +00:00
Host : "db2" ,
2020-02-06 02:53:02 +00:00
Username : "myuser" ,
Password : "pass" ,
Database : "database" ,
} ,
2022-10-22 08:27:59 +00:00
SSL : & schema . PostgreSQLSSLStorageConfiguration {
2021-12-02 05:36:03 +00:00
Mode : "unknown" ,
} ,
2020-02-06 02:53:02 +00:00
}
2022-02-28 03:15:01 +00:00
ValidateStorage ( suite . config , suite . validator )
2021-01-04 10:28:55 +00:00
2022-10-22 08:27:59 +00:00
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 1 )
2021-01-04 10:28:55 +00:00
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
2023-04-13 10:58:18 +00:00
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "storage: postgres: ssl: option 'mode' must be one of 'disable', 'require', 'verify-ca', or 'verify-full' but it's configured as 'unknown'" )
2021-12-02 05:36:03 +00:00
}
2021-11-25 01:56:58 +00:00
func ( suite * StorageSuite ) TestShouldRaiseErrorOnNoEncryptionKey ( ) {
2022-02-28 03:15:01 +00:00
suite . config . EncryptionKey = ""
suite . config . Local = & schema . LocalStorageConfiguration {
2021-12-02 05:36:03 +00:00
Path : "/this/is/a/path" ,
}
2021-11-25 01:56:58 +00:00
2022-02-28 03:15:01 +00:00
ValidateStorage ( suite . config , suite . validator )
2021-11-25 01:56:58 +00:00
2021-12-02 05:36:03 +00:00
suite . Require ( ) . Len ( suite . validator . Warnings ( ) , 0 )
2021-11-25 01:56:58 +00:00
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
2022-06-28 07:13:47 +00:00
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "storage: option 'encryption_key' is required" )
2021-11-25 01:56:58 +00:00
}
func ( suite * StorageSuite ) TestShouldRaiseErrorOnShortEncryptionKey ( ) {
2022-02-28 03:15:01 +00:00
suite . config . EncryptionKey = "abc"
suite . config . Local = & schema . LocalStorageConfiguration {
2021-12-02 05:36:03 +00:00
Path : "/this/is/a/path" ,
}
2021-11-25 01:56:58 +00:00
2022-02-28 03:15:01 +00:00
ValidateStorage ( suite . config , suite . validator )
2021-11-25 01:56:58 +00:00
2021-12-02 05:36:03 +00:00
suite . Require ( ) . Len ( suite . validator . Warnings ( ) , 0 )
2021-11-25 01:56:58 +00:00
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
2022-02-28 03:15:01 +00:00
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "storage: option 'encryption_key' must be 20 characters or longer" )
2021-11-25 01:56:58 +00:00
}
2020-02-06 02:53:02 +00:00
func TestShouldRunStorageSuite ( t * testing . T ) {
suite . Run ( t , new ( StorageSuite ) )
}