2019-04-24 21:52:08 +00:00
package validator
import (
"testing"
"github.com/stretchr/testify/assert"
2019-12-06 08:15:54 +00:00
"github.com/stretchr/testify/require"
2019-04-24 21:52:08 +00:00
"github.com/stretchr/testify/suite"
2020-04-05 12:37:21 +00:00
"github.com/authelia/authelia/internal/configuration/schema"
2019-04-24 21:52:08 +00:00
)
2021-03-22 09:04:09 +00:00
func TestShouldRaiseErrorWhenBothBackendsProvided ( t * testing . T ) {
validator := schema . NewStructValidator ( )
backendConfig := schema . AuthenticationBackendConfiguration { }
2021-04-16 01:44:37 +00:00
backendConfig . LDAP = & schema . LDAPAuthenticationBackendConfiguration { }
2021-03-22 09:04:09 +00:00
backendConfig . File = & schema . FileAuthenticationBackendConfiguration {
Path : "/tmp" ,
}
ValidateAuthenticationBackend ( & backendConfig , validator )
require . Len ( t , validator . Errors ( ) , 1 )
assert . EqualError ( t , validator . Errors ( ) [ 0 ] , "You cannot provide both `ldap` and `file` objects in `authentication_backend`" )
}
func TestShouldRaiseErrorWhenNoBackendProvided ( t * testing . T ) {
2019-04-24 21:52:08 +00:00
validator := schema . NewStructValidator ( )
backendConfig := schema . AuthenticationBackendConfiguration { }
ValidateAuthenticationBackend ( & backendConfig , validator )
2020-11-27 09:59:22 +00:00
require . Len ( t , validator . Errors ( ) , 1 )
2019-04-24 21:52:08 +00:00
assert . EqualError ( t , validator . Errors ( ) [ 0 ] , "Please provide `ldap` or `file` object in `authentication_backend`" )
}
type FileBasedAuthenticationBackend struct {
suite . Suite
configuration schema . AuthenticationBackendConfiguration
validator * schema . StructValidator
}
func ( suite * FileBasedAuthenticationBackend ) SetupTest ( ) {
suite . validator = schema . NewStructValidator ( )
suite . configuration = schema . AuthenticationBackendConfiguration { }
2020-04-11 03:54:18 +00:00
suite . configuration . File = & schema . FileAuthenticationBackendConfiguration { Path : "/a/path" , Password : & schema . PasswordConfiguration {
Algorithm : schema . DefaultPasswordConfiguration . Algorithm ,
Iterations : schema . DefaultPasswordConfiguration . Iterations ,
Parallelism : schema . DefaultPasswordConfiguration . Parallelism ,
Memory : schema . DefaultPasswordConfiguration . Memory ,
KeyLength : schema . DefaultPasswordConfiguration . KeyLength ,
SaltLength : schema . DefaultPasswordConfiguration . SaltLength ,
2020-03-06 01:38:02 +00:00
} }
2020-04-11 03:54:18 +00:00
suite . configuration . File . Password . Algorithm = schema . DefaultPasswordConfiguration . Algorithm
2019-04-24 21:52:08 +00:00
}
func ( suite * FileBasedAuthenticationBackend ) TestShouldValidateCompleteConfiguration ( ) {
ValidateAuthenticationBackend ( & suite . configuration , suite . validator )
2021-01-04 10:28:55 +00:00
suite . Assert ( ) . False ( suite . validator . HasWarnings ( ) )
suite . Assert ( ) . False ( suite . validator . HasErrors ( ) )
2019-04-24 21:52:08 +00:00
}
func ( suite * FileBasedAuthenticationBackend ) TestShouldRaiseErrorWhenNoPathProvided ( ) {
suite . configuration . File . Path = ""
2021-01-04 10:28:55 +00:00
2019-04-24 21:52:08 +00:00
ValidateAuthenticationBackend ( & suite . configuration , suite . validator )
2021-01-04 10:28:55 +00:00
suite . Assert ( ) . False ( suite . validator . HasWarnings ( ) )
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "Please provide a `path` for the users database in `authentication_backend`" )
2019-04-24 21:52:08 +00:00
}
2020-03-06 01:38:02 +00:00
func ( suite * FileBasedAuthenticationBackend ) TestShouldRaiseErrorWhenMemoryNotMoreThanEightTimesParallelism ( ) {
2020-04-11 03:54:18 +00:00
suite . configuration . File . Password . Memory = 8
suite . configuration . File . Password . Parallelism = 2
2021-01-04 10:28:55 +00:00
2020-03-06 01:38:02 +00:00
ValidateAuthenticationBackend ( & suite . configuration , suite . validator )
2021-01-04 10:28:55 +00:00
suite . Assert ( ) . False ( suite . validator . HasWarnings ( ) )
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "Memory for argon2id must be 16 or more (parallelism * 8), you configured memory as 8 and parallelism as 2" )
2020-03-06 01:38:02 +00:00
}
func ( suite * FileBasedAuthenticationBackend ) TestShouldSetDefaultConfigurationWhenBlank ( ) {
2020-04-11 03:54:18 +00:00
suite . configuration . File . Password = & schema . PasswordConfiguration { }
2020-03-06 01:38:02 +00:00
2021-01-04 10:28:55 +00:00
suite . Assert ( ) . Equal ( 0 , suite . configuration . File . Password . KeyLength )
suite . Assert ( ) . Equal ( 0 , suite . configuration . File . Password . Iterations )
suite . Assert ( ) . Equal ( 0 , suite . configuration . File . Password . SaltLength )
suite . Assert ( ) . Equal ( "" , suite . configuration . File . Password . Algorithm )
suite . Assert ( ) . Equal ( 0 , suite . configuration . File . Password . Memory )
suite . Assert ( ) . Equal ( 0 , suite . configuration . File . Password . Parallelism )
2020-03-06 01:38:02 +00:00
ValidateAuthenticationBackend ( & suite . configuration , suite . validator )
2021-01-04 10:28:55 +00:00
suite . Assert ( ) . False ( suite . validator . HasWarnings ( ) )
suite . Assert ( ) . False ( suite . validator . HasErrors ( ) )
suite . Assert ( ) . Equal ( schema . DefaultPasswordConfiguration . KeyLength , suite . configuration . File . Password . KeyLength )
suite . Assert ( ) . Equal ( schema . DefaultPasswordConfiguration . Iterations , suite . configuration . File . Password . Iterations )
suite . Assert ( ) . Equal ( schema . DefaultPasswordConfiguration . SaltLength , suite . configuration . File . Password . SaltLength )
suite . Assert ( ) . Equal ( schema . DefaultPasswordConfiguration . Algorithm , suite . configuration . File . Password . Algorithm )
suite . Assert ( ) . Equal ( schema . DefaultPasswordConfiguration . Memory , suite . configuration . File . Password . Memory )
suite . Assert ( ) . Equal ( schema . DefaultPasswordConfiguration . Parallelism , suite . configuration . File . Password . Parallelism )
2020-03-06 01:38:02 +00:00
}
func ( suite * FileBasedAuthenticationBackend ) TestShouldSetDefaultConfigurationWhenOnlySHA512Set ( ) {
2020-04-11 03:54:18 +00:00
suite . configuration . File . Password = & schema . PasswordConfiguration { }
2021-01-04 10:28:55 +00:00
suite . Assert ( ) . Equal ( "" , suite . configuration . File . Password . Algorithm )
2020-04-11 03:54:18 +00:00
suite . configuration . File . Password . Algorithm = "sha512"
2020-03-06 01:38:02 +00:00
ValidateAuthenticationBackend ( & suite . configuration , suite . validator )
2021-01-04 10:28:55 +00:00
suite . Assert ( ) . False ( suite . validator . HasWarnings ( ) )
suite . Assert ( ) . False ( suite . validator . HasErrors ( ) )
suite . Assert ( ) . Equal ( schema . DefaultPasswordSHA512Configuration . KeyLength , suite . configuration . File . Password . KeyLength )
suite . Assert ( ) . Equal ( schema . DefaultPasswordSHA512Configuration . Iterations , suite . configuration . File . Password . Iterations )
suite . Assert ( ) . Equal ( schema . DefaultPasswordSHA512Configuration . SaltLength , suite . configuration . File . Password . SaltLength )
suite . Assert ( ) . Equal ( schema . DefaultPasswordSHA512Configuration . Algorithm , suite . configuration . File . Password . Algorithm )
suite . Assert ( ) . Equal ( schema . DefaultPasswordSHA512Configuration . Memory , suite . configuration . File . Password . Memory )
suite . Assert ( ) . Equal ( schema . DefaultPasswordSHA512Configuration . Parallelism , suite . configuration . File . Password . Parallelism )
2020-03-06 01:38:02 +00:00
}
func ( suite * FileBasedAuthenticationBackend ) TestShouldRaiseErrorWhenKeyLengthTooLow ( ) {
2020-04-11 03:54:18 +00:00
suite . configuration . File . Password . KeyLength = 1
2021-01-04 10:28:55 +00:00
2020-03-06 01:38:02 +00:00
ValidateAuthenticationBackend ( & suite . configuration , suite . validator )
2021-01-04 10:28:55 +00:00
suite . Assert ( ) . False ( suite . validator . HasWarnings ( ) )
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "Key length for argon2id must be 16, you configured 1" )
2020-03-06 01:38:02 +00:00
}
func ( suite * FileBasedAuthenticationBackend ) TestShouldRaiseErrorWhenSaltLengthTooLow ( ) {
2020-04-11 03:54:18 +00:00
suite . configuration . File . Password . SaltLength = - 1
2021-01-04 10:28:55 +00:00
2020-03-06 01:38:02 +00:00
ValidateAuthenticationBackend ( & suite . configuration , suite . validator )
2021-01-04 10:28:55 +00:00
suite . Assert ( ) . False ( suite . validator . HasWarnings ( ) )
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "The salt length must be 2 or more, you configured -1" )
2020-03-06 01:38:02 +00:00
}
func ( suite * FileBasedAuthenticationBackend ) TestShouldRaiseErrorWhenBadAlgorithmDefined ( ) {
2020-04-11 03:54:18 +00:00
suite . configuration . File . Password . Algorithm = "bogus"
2021-01-04 10:28:55 +00:00
2020-03-06 01:38:02 +00:00
ValidateAuthenticationBackend ( & suite . configuration , suite . validator )
2021-01-04 10:28:55 +00:00
suite . Assert ( ) . False ( suite . validator . HasWarnings ( ) )
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "Unknown hashing algorithm supplied, valid values are argon2id and sha512, you configured 'bogus'" )
2020-03-06 01:38:02 +00:00
}
func ( suite * FileBasedAuthenticationBackend ) TestShouldRaiseErrorWhenIterationsTooLow ( ) {
2020-04-11 03:54:18 +00:00
suite . configuration . File . Password . Iterations = - 1
2021-01-04 10:28:55 +00:00
2020-03-06 01:38:02 +00:00
ValidateAuthenticationBackend ( & suite . configuration , suite . validator )
2021-01-04 10:28:55 +00:00
suite . Assert ( ) . False ( suite . validator . HasWarnings ( ) )
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "The number of iterations specified is invalid, must be 1 or more, you configured -1" )
2020-03-06 01:38:02 +00:00
}
func ( suite * FileBasedAuthenticationBackend ) TestShouldRaiseErrorWhenParallelismTooLow ( ) {
2020-04-11 03:54:18 +00:00
suite . configuration . File . Password . Parallelism = - 1
2021-01-04 10:28:55 +00:00
2020-03-06 01:38:02 +00:00
ValidateAuthenticationBackend ( & suite . configuration , suite . validator )
2021-01-04 10:28:55 +00:00
suite . Assert ( ) . False ( suite . validator . HasWarnings ( ) )
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "Parallelism for argon2id must be 1 or more, you configured -1" )
2020-03-06 01:38:02 +00:00
}
func ( suite * FileBasedAuthenticationBackend ) TestShouldSetDefaultValues ( ) {
2020-04-11 03:54:18 +00:00
suite . configuration . File . Password . Algorithm = ""
suite . configuration . File . Password . Iterations = 0
suite . configuration . File . Password . SaltLength = 0
suite . configuration . File . Password . Memory = 0
suite . configuration . File . Password . Parallelism = 0
2021-01-04 10:28:55 +00:00
2020-03-06 01:38:02 +00:00
ValidateAuthenticationBackend ( & suite . configuration , suite . validator )
2021-01-04 10:28:55 +00:00
suite . Assert ( ) . False ( suite . validator . HasWarnings ( ) )
suite . Assert ( ) . False ( suite . validator . HasErrors ( ) )
suite . Assert ( ) . Equal ( schema . DefaultPasswordConfiguration . Algorithm , suite . configuration . File . Password . Algorithm )
suite . Assert ( ) . Equal ( schema . DefaultPasswordConfiguration . Iterations , suite . configuration . File . Password . Iterations )
suite . Assert ( ) . Equal ( schema . DefaultPasswordConfiguration . SaltLength , suite . configuration . File . Password . SaltLength )
suite . Assert ( ) . Equal ( schema . DefaultPasswordConfiguration . Memory , suite . configuration . File . Password . Memory )
suite . Assert ( ) . Equal ( schema . DefaultPasswordConfiguration . Parallelism , suite . configuration . File . Password . Parallelism )
2020-03-06 01:38:02 +00:00
}
2019-04-24 21:52:08 +00:00
func TestFileBasedAuthenticationBackend ( t * testing . T ) {
suite . Run ( t , new ( FileBasedAuthenticationBackend ) )
}
2021-04-16 01:44:37 +00:00
type LDAPAuthenticationBackendSuite struct {
2019-04-24 21:52:08 +00:00
suite . Suite
configuration schema . AuthenticationBackendConfiguration
validator * schema . StructValidator
}
2021-04-16 01:44:37 +00:00
func ( suite * LDAPAuthenticationBackendSuite ) SetupTest ( ) {
2019-04-24 21:52:08 +00:00
suite . validator = schema . NewStructValidator ( )
suite . configuration = schema . AuthenticationBackendConfiguration { }
2021-04-16 01:44:37 +00:00
suite . configuration . LDAP = & schema . LDAPAuthenticationBackendConfiguration { }
suite . configuration . LDAP . Implementation = schema . LDAPImplementationCustom
suite . configuration . LDAP . URL = testLDAPURL
suite . configuration . LDAP . User = testLDAPUser
suite . configuration . LDAP . Password = testLDAPPassword
suite . configuration . LDAP . BaseDN = testLDAPBaseDN
suite . configuration . LDAP . UsernameAttribute = "uid"
suite . configuration . LDAP . UsersFilter = "({username_attribute}={input})"
suite . configuration . LDAP . GroupsFilter = "(cn={input})"
2019-04-24 21:52:08 +00:00
}
2021-04-16 01:44:37 +00:00
func ( suite * LDAPAuthenticationBackendSuite ) TestShouldValidateCompleteConfiguration ( ) {
2019-04-24 21:52:08 +00:00
ValidateAuthenticationBackend ( & suite . configuration , suite . validator )
2021-01-04 10:28:55 +00:00
suite . Assert ( ) . False ( suite . validator . HasWarnings ( ) )
suite . Assert ( ) . False ( suite . validator . HasErrors ( ) )
2019-04-24 21:52:08 +00:00
}
2021-04-16 01:44:37 +00:00
func ( suite * LDAPAuthenticationBackendSuite ) TestShouldValidateDefaultImplementationAndUsernameAttribute ( ) {
suite . configuration . LDAP . Implementation = ""
suite . configuration . LDAP . UsernameAttribute = ""
2021-03-05 04:18:31 +00:00
ValidateAuthenticationBackend ( & suite . configuration , suite . validator )
2021-04-16 01:44:37 +00:00
suite . Assert ( ) . Equal ( schema . LDAPImplementationCustom , suite . configuration . LDAP . Implementation )
2021-03-05 04:18:31 +00:00
2021-04-16 01:44:37 +00:00
suite . Assert ( ) . Equal ( suite . configuration . LDAP . UsernameAttribute , schema . DefaultLDAPAuthenticationBackendConfiguration . UsernameAttribute )
2021-03-05 04:18:31 +00:00
suite . Assert ( ) . False ( suite . validator . HasWarnings ( ) )
suite . Assert ( ) . False ( suite . validator . HasErrors ( ) )
}
2021-04-16 01:44:37 +00:00
func ( suite * LDAPAuthenticationBackendSuite ) TestShouldRaiseErrorWhenImplementationIsInvalidMSAD ( ) {
suite . configuration . LDAP . Implementation = "masd"
2021-01-04 10:28:55 +00:00
2020-11-27 09:59:22 +00:00
ValidateAuthenticationBackend ( & suite . configuration , suite . validator )
2021-01-04 10:28:55 +00:00
suite . Assert ( ) . False ( suite . validator . HasWarnings ( ) )
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "authentication backend ldap implementation must be blank or one of the following values `custom`, `activedirectory`" )
2020-11-27 09:59:22 +00:00
}
2021-04-16 01:44:37 +00:00
func ( suite * LDAPAuthenticationBackendSuite ) TestShouldRaiseErrorWhenURLNotProvided ( ) {
suite . configuration . LDAP . URL = ""
2019-04-24 21:52:08 +00:00
ValidateAuthenticationBackend ( & suite . configuration , suite . validator )
2021-01-04 10:28:55 +00:00
suite . Assert ( ) . False ( suite . validator . HasWarnings ( ) )
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "Please provide a URL to the LDAP server" )
2019-04-24 21:52:08 +00:00
}
2021-04-16 01:44:37 +00:00
func ( suite * LDAPAuthenticationBackendSuite ) TestShouldRaiseErrorWhenUserNotProvided ( ) {
suite . configuration . LDAP . User = ""
2021-01-04 10:28:55 +00:00
2019-04-24 21:52:08 +00:00
ValidateAuthenticationBackend ( & suite . configuration , suite . validator )
2021-01-04 10:28:55 +00:00
suite . Assert ( ) . False ( suite . validator . HasWarnings ( ) )
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "Please provide a user name to connect to the LDAP server" )
2019-04-24 21:52:08 +00:00
}
2021-04-16 01:44:37 +00:00
func ( suite * LDAPAuthenticationBackendSuite ) TestShouldRaiseErrorWhenPasswordNotProvided ( ) {
suite . configuration . LDAP . Password = ""
2021-01-04 10:28:55 +00:00
2019-04-24 21:52:08 +00:00
ValidateAuthenticationBackend ( & suite . configuration , suite . validator )
2021-01-04 10:28:55 +00:00
suite . Assert ( ) . False ( suite . validator . HasWarnings ( ) )
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "Please provide a password to connect to the LDAP server" )
2019-04-24 21:52:08 +00:00
}
2021-04-16 01:44:37 +00:00
func ( suite * LDAPAuthenticationBackendSuite ) TestShouldRaiseErrorWhenBaseDNNotProvided ( ) {
suite . configuration . LDAP . BaseDN = ""
2021-01-04 10:28:55 +00:00
2019-04-24 21:52:08 +00:00
ValidateAuthenticationBackend ( & suite . configuration , suite . validator )
2021-01-04 10:28:55 +00:00
suite . Assert ( ) . False ( suite . validator . HasWarnings ( ) )
suite . Assert ( ) . Len ( suite . validator . Errors ( ) , 1 )
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "Please provide a base DN to connect to the LDAP server" )
2019-04-24 21:52:08 +00:00
}
2021-04-16 01:44:37 +00:00
func ( suite * LDAPAuthenticationBackendSuite ) TestShouldRaiseOnEmptyGroupsFilter ( ) {
suite . configuration . LDAP . GroupsFilter = ""
2021-01-04 10:28:55 +00:00
2019-04-24 21:52:08 +00:00
ValidateAuthenticationBackend ( & suite . configuration , suite . validator )
2021-01-04 10:28:55 +00:00
suite . Assert ( ) . False ( suite . validator . HasWarnings ( ) )
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "Please provide a groups filter with `groups_filter` attribute" )
2020-03-15 12:10:13 +00:00
}
2021-04-16 01:44:37 +00:00
func ( suite * LDAPAuthenticationBackendSuite ) TestShouldRaiseOnEmptyUsersFilter ( ) {
suite . configuration . LDAP . UsersFilter = ""
2021-01-04 10:28:55 +00:00
2020-03-15 12:10:13 +00:00
ValidateAuthenticationBackend ( & suite . configuration , suite . validator )
2021-01-04 10:28:55 +00:00
suite . Assert ( ) . False ( suite . validator . HasWarnings ( ) )
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "Please provide a users filter with `users_filter` attribute" )
2019-04-24 21:52:08 +00:00
}
2021-04-16 01:44:37 +00:00
func ( suite * LDAPAuthenticationBackendSuite ) TestShouldNotRaiseOnEmptyUsernameAttribute ( ) {
suite . configuration . LDAP . UsernameAttribute = ""
2021-01-04 10:28:55 +00:00
2019-04-24 21:52:08 +00:00
ValidateAuthenticationBackend ( & suite . configuration , suite . validator )
2021-01-04 10:28:55 +00:00
suite . Assert ( ) . False ( suite . validator . HasWarnings ( ) )
suite . Assert ( ) . False ( suite . validator . HasErrors ( ) )
2019-04-24 21:52:08 +00:00
}
2021-04-16 01:44:37 +00:00
func ( suite * LDAPAuthenticationBackendSuite ) TestShouldRaiseOnBadRefreshInterval ( ) {
2020-05-04 19:39:25 +00:00
suite . configuration . RefreshInterval = "blah"
2021-01-04 10:28:55 +00:00
2020-05-04 19:39:25 +00:00
ValidateAuthenticationBackend ( & suite . configuration , suite . validator )
2021-01-04 10:28:55 +00:00
suite . Assert ( ) . False ( suite . validator . HasWarnings ( ) )
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
2021-07-03 22:08:24 +00:00
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "Auth Backend `refresh_interval` is configured to 'blah' but it must be either a duration notation or one of 'disable', or 'always'. Error from parser: could not convert the input string of blah into a duration" )
2020-05-04 19:39:25 +00:00
}
2021-04-16 01:44:37 +00:00
func ( suite * LDAPAuthenticationBackendSuite ) TestShouldSetDefaultImplementation ( ) {
2020-11-27 09:59:22 +00:00
ValidateAuthenticationBackend ( & suite . configuration , suite . validator )
2021-01-04 10:28:55 +00:00
suite . Assert ( ) . False ( suite . validator . HasWarnings ( ) )
suite . Assert ( ) . False ( suite . validator . HasErrors ( ) )
2021-04-16 01:44:37 +00:00
suite . Assert ( ) . Equal ( schema . LDAPImplementationCustom , suite . configuration . LDAP . Implementation )
2020-11-27 09:59:22 +00:00
}
2021-04-16 01:44:37 +00:00
func ( suite * LDAPAuthenticationBackendSuite ) TestShouldRaiseErrorOnBadFilterPlaceholders ( ) {
suite . configuration . LDAP . UsersFilter = "(&({username_attribute}={0})(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2))"
suite . configuration . LDAP . GroupsFilter = "(&(member={0})(objectClass=group)(objectCategory=group))"
ValidateAuthenticationBackend ( & suite . configuration , suite . validator )
suite . Assert ( ) . False ( suite . validator . HasWarnings ( ) )
suite . Assert ( ) . True ( suite . validator . HasErrors ( ) )
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 2 )
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "authentication backend ldap users filter must " +
"not contain removed placeholders, {0} has been replaced with {input}" )
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 1 ] , "authentication backend ldap groups filter must " +
"not contain removed placeholders, " +
"{0} has been replaced with {input} and {1} has been replaced with {username}" )
}
func ( suite * LDAPAuthenticationBackendSuite ) TestShouldSetDefaultGroupNameAttribute ( ) {
2019-04-24 21:52:08 +00:00
ValidateAuthenticationBackend ( & suite . configuration , suite . validator )
2021-01-04 10:28:55 +00:00
suite . Assert ( ) . False ( suite . validator . HasWarnings ( ) )
suite . Assert ( ) . False ( suite . validator . HasErrors ( ) )
2021-04-16 01:44:37 +00:00
suite . Assert ( ) . Equal ( "cn" , suite . configuration . LDAP . GroupNameAttribute )
2019-04-24 21:52:08 +00:00
}
2021-04-16 01:44:37 +00:00
func ( suite * LDAPAuthenticationBackendSuite ) TestShouldSetDefaultMailAttribute ( ) {
2019-04-24 21:52:08 +00:00
ValidateAuthenticationBackend ( & suite . configuration , suite . validator )
2021-01-04 10:28:55 +00:00
suite . Assert ( ) . False ( suite . validator . HasWarnings ( ) )
suite . Assert ( ) . False ( suite . validator . HasErrors ( ) )
2021-04-16 01:44:37 +00:00
suite . Assert ( ) . Equal ( "mail" , suite . configuration . LDAP . MailAttribute )
2019-04-24 21:52:08 +00:00
}
2021-04-16 01:44:37 +00:00
func ( suite * LDAPAuthenticationBackendSuite ) TestShouldSetDefaultDisplayNameAttribute ( ) {
2020-11-27 09:59:22 +00:00
ValidateAuthenticationBackend ( & suite . configuration , suite . validator )
2021-01-04 10:28:55 +00:00
suite . Assert ( ) . False ( suite . validator . HasWarnings ( ) )
suite . Assert ( ) . False ( suite . validator . HasErrors ( ) )
2021-04-16 01:44:37 +00:00
suite . Assert ( ) . Equal ( "displayname" , suite . configuration . LDAP . DisplayNameAttribute )
2020-11-27 09:59:22 +00:00
}
2021-04-16 01:44:37 +00:00
func ( suite * LDAPAuthenticationBackendSuite ) TestShouldSetDefaultRefreshInterval ( ) {
2020-05-04 19:39:25 +00:00
ValidateAuthenticationBackend ( & suite . configuration , suite . validator )
2021-01-04 10:28:55 +00:00
suite . Assert ( ) . False ( suite . validator . HasWarnings ( ) )
suite . Assert ( ) . False ( suite . validator . HasErrors ( ) )
suite . Assert ( ) . Equal ( "5m" , suite . configuration . RefreshInterval )
2020-05-04 19:39:25 +00:00
}
2021-04-16 01:44:37 +00:00
func ( suite * LDAPAuthenticationBackendSuite ) TestShouldRaiseWhenUsersFilterDoesNotContainEnclosingParenthesis ( ) {
suite . configuration . LDAP . UsersFilter = "{username_attribute}={input}"
2021-01-04 10:28:55 +00:00
2019-12-08 22:21:55 +00:00
ValidateAuthenticationBackend ( & suite . configuration , suite . validator )
2021-01-04 10:28:55 +00:00
suite . Assert ( ) . False ( suite . validator . HasWarnings ( ) )
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "The users filter should contain enclosing parenthesis. For instance {username_attribute}={input} should be ({username_attribute}={input})" )
2019-12-08 22:21:55 +00:00
}
2021-04-16 01:44:37 +00:00
func ( suite * LDAPAuthenticationBackendSuite ) TestShouldRaiseWhenGroupsFilterDoesNotContainEnclosingParenthesis ( ) {
suite . configuration . LDAP . GroupsFilter = "cn={input}"
2021-01-04 10:28:55 +00:00
2020-03-30 22:36:04 +00:00
ValidateAuthenticationBackend ( & suite . configuration , suite . validator )
2021-01-04 10:28:55 +00:00
suite . Assert ( ) . False ( suite . validator . HasWarnings ( ) )
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "The groups filter should contain enclosing parenthesis. For instance cn={input} should be (cn={input})" )
2020-03-30 22:36:04 +00:00
}
2021-04-16 01:44:37 +00:00
func ( suite * LDAPAuthenticationBackendSuite ) TestShouldRaiseWhenUsersFilterDoesNotContainUsernameAttribute ( ) {
suite . configuration . LDAP . UsersFilter = "(&({mail_attribute}={input})(objectClass=person))"
2020-11-27 13:30:27 +00:00
ValidateAuthenticationBackend ( & suite . configuration , suite . validator )
2021-01-04 10:28:55 +00:00
suite . Assert ( ) . False ( suite . validator . HasWarnings ( ) )
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
2021-04-11 11:25:03 +00:00
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "Unable to detect {username_attribute} placeholder in users_filter, your configuration is broken. Please review configuration options listed at https://www.authelia.com/docs/configuration/authentication/ldap.html" )
2020-11-27 13:30:27 +00:00
}
2021-04-16 01:44:37 +00:00
func ( suite * LDAPAuthenticationBackendSuite ) TestShouldHelpDetectNoInputPlaceholder ( ) {
suite . configuration . LDAP . UsersFilter = "(&({username_attribute}={mail_attribute})(objectClass=person))"
2021-01-04 10:28:55 +00:00
2019-12-08 22:21:55 +00:00
ValidateAuthenticationBackend ( & suite . configuration , suite . validator )
2021-01-04 10:28:55 +00:00
suite . Assert ( ) . False ( suite . validator . HasWarnings ( ) )
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
2021-04-11 11:25:03 +00:00
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "Unable to detect {input} placeholder in users_filter, your configuration might be broken. Please review configuration options listed at https://www.authelia.com/docs/configuration/authentication/ldap.html" )
2019-12-08 22:21:55 +00:00
}
2021-04-16 01:44:37 +00:00
func ( suite * LDAPAuthenticationBackendSuite ) TestShouldAdaptLDAPURL ( ) {
2021-07-15 11:02:03 +00:00
suite . Assert ( ) . Equal ( "" , validateLDAPURLSimple ( loopback , suite . validator ) )
2021-01-04 10:28:55 +00:00
suite . Assert ( ) . False ( suite . validator . HasWarnings ( ) )
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "Unknown scheme for ldap url, should be ldap:// or ldaps://" )
2019-12-06 08:15:54 +00:00
2021-04-16 01:44:37 +00:00
suite . Assert ( ) . Equal ( "" , validateLDAPURLSimple ( "127.0.0.1:636" , suite . validator ) )
2019-12-06 08:15:54 +00:00
2021-01-04 10:28:55 +00:00
suite . Assert ( ) . False ( suite . validator . HasWarnings ( ) )
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 2 )
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 1 ] , "Unable to parse URL to ldap server. The scheme is probably missing: ldap:// or ldaps://" )
2019-12-06 08:15:54 +00:00
2021-04-16 01:44:37 +00:00
suite . Assert ( ) . Equal ( "ldap://127.0.0.1" , validateLDAPURLSimple ( "ldap://127.0.0.1" , suite . validator ) )
suite . Assert ( ) . Equal ( "ldap://127.0.0.1:390" , validateLDAPURLSimple ( "ldap://127.0.0.1:390" , suite . validator ) )
suite . Assert ( ) . Equal ( "ldap://127.0.0.1/abc" , validateLDAPURLSimple ( "ldap://127.0.0.1/abc" , suite . validator ) )
suite . Assert ( ) . Equal ( "ldap://127.0.0.1/abc?test=abc&x=y" , validateLDAPURLSimple ( "ldap://127.0.0.1/abc?test=abc&x=y" , suite . validator ) )
2021-01-04 10:28:55 +00:00
2021-04-16 01:44:37 +00:00
suite . Assert ( ) . Equal ( "ldaps://127.0.0.1:390" , validateLDAPURLSimple ( "ldaps://127.0.0.1:390" , suite . validator ) )
suite . Assert ( ) . Equal ( "ldaps://127.0.0.1" , validateLDAPURLSimple ( "ldaps://127.0.0.1" , suite . validator ) )
2019-12-06 08:15:54 +00:00
}
2021-04-16 01:44:37 +00:00
func ( suite * LDAPAuthenticationBackendSuite ) TestShouldSetDefaultTLSMinimumVersion ( ) {
suite . configuration . LDAP . TLS = & schema . TLSConfig { MinimumVersion : "" }
2020-12-03 05:23:52 +00:00
ValidateAuthenticationBackend ( & suite . configuration , suite . validator )
2021-01-04 10:28:55 +00:00
suite . Assert ( ) . False ( suite . validator . HasWarnings ( ) )
suite . Assert ( ) . False ( suite . validator . HasErrors ( ) )
2021-04-16 01:44:37 +00:00
suite . Assert ( ) . Equal ( schema . DefaultLDAPAuthenticationBackendConfiguration . TLS . MinimumVersion , suite . configuration . LDAP . TLS . MinimumVersion )
2020-12-03 05:23:52 +00:00
}
2021-04-16 01:44:37 +00:00
func ( suite * LDAPAuthenticationBackendSuite ) TestShouldNotAllowInvalidTLSValue ( ) {
suite . configuration . LDAP . TLS = & schema . TLSConfig {
2021-01-04 10:28:55 +00:00
MinimumVersion : "SSL2.0" ,
}
2020-12-03 05:23:52 +00:00
ValidateAuthenticationBackend ( & suite . configuration , suite . validator )
2021-01-04 10:28:55 +00:00
suite . Assert ( ) . False ( suite . validator . HasWarnings ( ) )
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "error occurred validating the LDAP minimum_tls_version key with value SSL2.0: supplied TLS version isn't supported" )
}
2019-04-24 21:52:08 +00:00
func TestLdapAuthenticationBackend ( t * testing . T ) {
2021-04-16 01:44:37 +00:00
suite . Run ( t , new ( LDAPAuthenticationBackendSuite ) )
2019-04-24 21:52:08 +00:00
}
2020-12-03 05:23:52 +00:00
type ActiveDirectoryAuthenticationBackendSuite struct {
suite . Suite
configuration schema . AuthenticationBackendConfiguration
validator * schema . StructValidator
}
func ( suite * ActiveDirectoryAuthenticationBackendSuite ) SetupTest ( ) {
suite . validator = schema . NewStructValidator ( )
suite . configuration = schema . AuthenticationBackendConfiguration { }
2021-04-16 01:44:37 +00:00
suite . configuration . LDAP = & schema . LDAPAuthenticationBackendConfiguration { }
suite . configuration . LDAP . Implementation = schema . LDAPImplementationActiveDirectory
suite . configuration . LDAP . URL = testLDAPURL
suite . configuration . LDAP . User = testLDAPUser
suite . configuration . LDAP . Password = testLDAPPassword
suite . configuration . LDAP . BaseDN = testLDAPBaseDN
suite . configuration . LDAP . TLS = schema . DefaultLDAPAuthenticationBackendConfiguration . TLS
2020-12-03 05:23:52 +00:00
}
func ( suite * ActiveDirectoryAuthenticationBackendSuite ) TestShouldSetActiveDirectoryDefaults ( ) {
ValidateAuthenticationBackend ( & suite . configuration , suite . validator )
2021-01-04 10:28:55 +00:00
suite . Assert ( ) . False ( suite . validator . HasWarnings ( ) )
suite . Assert ( ) . False ( suite . validator . HasErrors ( ) )
2020-12-03 05:23:52 +00:00
2021-01-04 10:28:55 +00:00
suite . Assert ( ) . Equal (
2021-04-16 01:44:37 +00:00
suite . configuration . LDAP . UsersFilter ,
2020-12-03 05:23:52 +00:00
schema . DefaultLDAPAuthenticationBackendImplementationActiveDirectoryConfiguration . UsersFilter )
2021-01-04 10:28:55 +00:00
suite . Assert ( ) . Equal (
2021-04-16 01:44:37 +00:00
suite . configuration . LDAP . UsernameAttribute ,
2020-12-03 05:23:52 +00:00
schema . DefaultLDAPAuthenticationBackendImplementationActiveDirectoryConfiguration . UsernameAttribute )
2021-01-04 10:28:55 +00:00
suite . Assert ( ) . Equal (
2021-04-16 01:44:37 +00:00
suite . configuration . LDAP . DisplayNameAttribute ,
2020-12-03 05:23:52 +00:00
schema . DefaultLDAPAuthenticationBackendImplementationActiveDirectoryConfiguration . DisplayNameAttribute )
2021-01-04 10:28:55 +00:00
suite . Assert ( ) . Equal (
2021-04-16 01:44:37 +00:00
suite . configuration . LDAP . MailAttribute ,
2020-12-03 05:23:52 +00:00
schema . DefaultLDAPAuthenticationBackendImplementationActiveDirectoryConfiguration . MailAttribute )
2021-01-04 10:28:55 +00:00
suite . Assert ( ) . Equal (
2021-04-16 01:44:37 +00:00
suite . configuration . LDAP . GroupsFilter ,
2020-12-03 05:23:52 +00:00
schema . DefaultLDAPAuthenticationBackendImplementationActiveDirectoryConfiguration . GroupsFilter )
2021-01-04 10:28:55 +00:00
suite . Assert ( ) . Equal (
2021-04-16 01:44:37 +00:00
suite . configuration . LDAP . GroupNameAttribute ,
2020-12-03 05:23:52 +00:00
schema . DefaultLDAPAuthenticationBackendImplementationActiveDirectoryConfiguration . GroupNameAttribute )
}
func ( suite * ActiveDirectoryAuthenticationBackendSuite ) TestShouldOnlySetDefaultsIfNotManuallyConfigured ( ) {
2021-04-16 01:44:37 +00:00
suite . configuration . LDAP . UsersFilter = "(&({username_attribute}={input})(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2))"
suite . configuration . LDAP . UsernameAttribute = "cn"
suite . configuration . LDAP . MailAttribute = "userPrincipalName"
suite . configuration . LDAP . DisplayNameAttribute = "name"
suite . configuration . LDAP . GroupsFilter = "(&(member={dn})(objectClass=group)(objectCategory=group))"
suite . configuration . LDAP . GroupNameAttribute = "distinguishedName"
2020-12-03 05:23:52 +00:00
ValidateAuthenticationBackend ( & suite . configuration , suite . validator )
2021-01-04 10:28:55 +00:00
suite . Assert ( ) . NotEqual (
2021-04-16 01:44:37 +00:00
suite . configuration . LDAP . UsersFilter ,
2020-12-03 05:23:52 +00:00
schema . DefaultLDAPAuthenticationBackendImplementationActiveDirectoryConfiguration . UsersFilter )
2021-01-04 10:28:55 +00:00
suite . Assert ( ) . NotEqual (
2021-04-16 01:44:37 +00:00
suite . configuration . LDAP . UsernameAttribute ,
2020-12-03 05:23:52 +00:00
schema . DefaultLDAPAuthenticationBackendImplementationActiveDirectoryConfiguration . UsernameAttribute )
2021-01-04 10:28:55 +00:00
suite . Assert ( ) . NotEqual (
2021-04-16 01:44:37 +00:00
suite . configuration . LDAP . DisplayNameAttribute ,
2020-12-03 05:23:52 +00:00
schema . DefaultLDAPAuthenticationBackendImplementationActiveDirectoryConfiguration . DisplayNameAttribute )
2021-01-04 10:28:55 +00:00
suite . Assert ( ) . NotEqual (
2021-04-16 01:44:37 +00:00
suite . configuration . LDAP . MailAttribute ,
2020-12-03 05:23:52 +00:00
schema . DefaultLDAPAuthenticationBackendImplementationActiveDirectoryConfiguration . MailAttribute )
2021-01-04 10:28:55 +00:00
suite . Assert ( ) . NotEqual (
2021-04-16 01:44:37 +00:00
suite . configuration . LDAP . GroupsFilter ,
2020-12-03 05:23:52 +00:00
schema . DefaultLDAPAuthenticationBackendImplementationActiveDirectoryConfiguration . GroupsFilter )
2021-01-04 10:28:55 +00:00
suite . Assert ( ) . NotEqual (
2021-04-16 01:44:37 +00:00
suite . configuration . LDAP . GroupNameAttribute ,
2020-12-03 05:23:52 +00:00
schema . DefaultLDAPAuthenticationBackendImplementationActiveDirectoryConfiguration . GroupNameAttribute )
}
func TestActiveDirectoryAuthenticationBackend ( t * testing . T ) {
suite . Run ( t , new ( ActiveDirectoryAuthenticationBackendSuite ) )
}