2019-04-24 21:52:08 +00:00
|
|
|
package validator
|
|
|
|
|
|
|
|
import (
|
|
|
|
"errors"
|
2020-04-03 23:11:33 +00:00
|
|
|
"fmt"
|
2020-05-18 02:45:47 +00:00
|
|
|
"strings"
|
2020-04-05 12:37:21 +00:00
|
|
|
|
2021-08-11 01:04:35 +00:00
|
|
|
"github.com/authelia/authelia/v4/internal/configuration/schema"
|
|
|
|
"github.com/authelia/authelia/v4/internal/utils"
|
2019-04-24 21:52:08 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
// ValidateSession validates and update session configuration.
|
|
|
|
func ValidateSession(configuration *schema.SessionConfiguration, validator *schema.StructValidator) {
|
|
|
|
if configuration.Name == "" {
|
|
|
|
configuration.Name = schema.DefaultSessionConfiguration.Name
|
|
|
|
}
|
|
|
|
|
2020-05-18 02:45:47 +00:00
|
|
|
if configuration.Redis != nil {
|
feat(session): add redis sentinel provider (#1768)
* feat(session): add redis sentinel provider
* refactor(session): use int for ports as per go standards
* refactor(configuration): adjust tests and validation
* refactor(configuration): add err format consts
* refactor(configuration): explicitly map redis structs
* refactor(session): merge redis/redis sentinel providers
* refactor(session): add additional checks to redis providers
* feat(session): add redis cluster provider
* fix: update config for new values
* fix: provide nil certpool to affected tests/mocks
* test: add additional tests to cover uncovered code
* docs: expand explanation of host and nodes relation for redis
* ci: add redis-sentinel to suite highavailability, add redis-sentinel quorum
* fix(session): sentinel password
* test: use redis alpine library image for redis sentinel, use expose instead of ports, use redis ip, adjust redis ip range, adjust redis config
* test: make entrypoint.sh executable, fix entrypoint.sh if/elif
* test: add redis failover tests
* test: defer docker start, adjust sleep, attempt logout before login, attempt visit before login and tune timeouts, add additional logging
* test: add sentinel integration test
* test: add secondary node failure to tests, fix password usage, bump test timeout, add sleep
* feat: use sentinel failover cluster
* fix: renamed addrs to sentineladdrs upstream
* test(session): sentinel failover
* test: add redis standard back into testing
* test: move redis standalone test to traefik2
* fix/docs: apply suggestions from code review
2021-03-09 23:03:05 +00:00
|
|
|
if configuration.Redis.HighAvailability != nil {
|
|
|
|
if configuration.Redis.HighAvailability.SentinelName != "" {
|
|
|
|
validateRedisSentinel(configuration, validator)
|
|
|
|
} else {
|
|
|
|
validator.Push(fmt.Errorf("Session provider redis is configured for high availability but doesn't have a sentinel_name which is required"))
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
validateRedis(configuration, validator)
|
2020-05-18 02:45:47 +00:00
|
|
|
}
|
2019-04-24 21:52:08 +00:00
|
|
|
}
|
|
|
|
|
feat(session): add redis sentinel provider (#1768)
* feat(session): add redis sentinel provider
* refactor(session): use int for ports as per go standards
* refactor(configuration): adjust tests and validation
* refactor(configuration): add err format consts
* refactor(configuration): explicitly map redis structs
* refactor(session): merge redis/redis sentinel providers
* refactor(session): add additional checks to redis providers
* feat(session): add redis cluster provider
* fix: update config for new values
* fix: provide nil certpool to affected tests/mocks
* test: add additional tests to cover uncovered code
* docs: expand explanation of host and nodes relation for redis
* ci: add redis-sentinel to suite highavailability, add redis-sentinel quorum
* fix(session): sentinel password
* test: use redis alpine library image for redis sentinel, use expose instead of ports, use redis ip, adjust redis ip range, adjust redis config
* test: make entrypoint.sh executable, fix entrypoint.sh if/elif
* test: add redis failover tests
* test: defer docker start, adjust sleep, attempt logout before login, attempt visit before login and tune timeouts, add additional logging
* test: add sentinel integration test
* test: add secondary node failure to tests, fix password usage, bump test timeout, add sleep
* feat: use sentinel failover cluster
* fix: renamed addrs to sentineladdrs upstream
* test(session): sentinel failover
* test: add redis standard back into testing
* test: move redis standalone test to traefik2
* fix/docs: apply suggestions from code review
2021-03-09 23:03:05 +00:00
|
|
|
validateSession(configuration, validator)
|
|
|
|
}
|
|
|
|
|
|
|
|
func validateSession(configuration *schema.SessionConfiguration, validator *schema.StructValidator) {
|
2020-04-05 12:37:21 +00:00
|
|
|
if configuration.Expiration == "" {
|
2022-01-31 05:25:15 +00:00
|
|
|
configuration.Expiration = schema.DefaultSessionConfiguration.Expiration // 1 hour.
|
2020-04-05 12:37:21 +00:00
|
|
|
} else if _, err := utils.ParseDurationString(configuration.Expiration); err != nil {
|
2020-04-09 01:05:17 +00:00
|
|
|
validator.Push(fmt.Errorf("Error occurred parsing session expiration string: %s", err))
|
2020-04-03 23:11:33 +00:00
|
|
|
}
|
|
|
|
|
2020-04-05 12:37:21 +00:00
|
|
|
if configuration.Inactivity == "" {
|
2022-01-31 05:25:15 +00:00
|
|
|
configuration.Inactivity = schema.DefaultSessionConfiguration.Inactivity // 5 min.
|
2020-04-05 12:37:21 +00:00
|
|
|
} else if _, err := utils.ParseDurationString(configuration.Inactivity); err != nil {
|
2020-04-09 01:05:17 +00:00
|
|
|
validator.Push(fmt.Errorf("Error occurred parsing session inactivity string: %s", err))
|
2020-04-03 23:11:33 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if configuration.RememberMeDuration == "" {
|
2022-01-31 05:25:15 +00:00
|
|
|
configuration.RememberMeDuration = schema.DefaultSessionConfiguration.RememberMeDuration // 1 month.
|
2020-04-05 12:37:21 +00:00
|
|
|
} else if _, err := utils.ParseDurationString(configuration.RememberMeDuration); err != nil {
|
2020-04-09 01:05:17 +00:00
|
|
|
validator.Push(fmt.Errorf("Error occurred parsing session remember_me_duration string: %s", err))
|
2019-04-24 21:52:08 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if configuration.Domain == "" {
|
|
|
|
validator.Push(errors.New("Set domain of the session object"))
|
|
|
|
}
|
2020-06-07 15:47:02 +00:00
|
|
|
|
|
|
|
if strings.Contains(configuration.Domain, "*") {
|
|
|
|
validator.Push(errors.New("The domain of the session must be the root domain you're protecting instead of a wildcard domain"))
|
|
|
|
}
|
2021-04-18 00:02:04 +00:00
|
|
|
|
|
|
|
if configuration.SameSite == "" {
|
|
|
|
configuration.SameSite = schema.DefaultSessionConfiguration.SameSite
|
|
|
|
} else if configuration.SameSite != "none" && configuration.SameSite != "lax" && configuration.SameSite != "strict" {
|
|
|
|
validator.Push(errors.New("session same_site is configured incorrectly, must be one of 'none', 'lax', or 'strict'"))
|
|
|
|
}
|
2019-04-24 21:52:08 +00:00
|
|
|
}
|
feat(session): add redis sentinel provider (#1768)
* feat(session): add redis sentinel provider
* refactor(session): use int for ports as per go standards
* refactor(configuration): adjust tests and validation
* refactor(configuration): add err format consts
* refactor(configuration): explicitly map redis structs
* refactor(session): merge redis/redis sentinel providers
* refactor(session): add additional checks to redis providers
* feat(session): add redis cluster provider
* fix: update config for new values
* fix: provide nil certpool to affected tests/mocks
* test: add additional tests to cover uncovered code
* docs: expand explanation of host and nodes relation for redis
* ci: add redis-sentinel to suite highavailability, add redis-sentinel quorum
* fix(session): sentinel password
* test: use redis alpine library image for redis sentinel, use expose instead of ports, use redis ip, adjust redis ip range, adjust redis config
* test: make entrypoint.sh executable, fix entrypoint.sh if/elif
* test: add redis failover tests
* test: defer docker start, adjust sleep, attempt logout before login, attempt visit before login and tune timeouts, add additional logging
* test: add sentinel integration test
* test: add secondary node failure to tests, fix password usage, bump test timeout, add sleep
* feat: use sentinel failover cluster
* fix: renamed addrs to sentineladdrs upstream
* test(session): sentinel failover
* test: add redis standard back into testing
* test: move redis standalone test to traefik2
* fix/docs: apply suggestions from code review
2021-03-09 23:03:05 +00:00
|
|
|
|
|
|
|
func validateRedis(configuration *schema.SessionConfiguration, validator *schema.StructValidator) {
|
|
|
|
if configuration.Redis.Host == "" {
|
|
|
|
validator.Push(fmt.Errorf(errFmtSessionRedisHostRequired, "redis"))
|
|
|
|
}
|
|
|
|
|
|
|
|
if configuration.Secret == "" {
|
|
|
|
validator.Push(fmt.Errorf(errFmtSessionSecretRedisProvider, "redis"))
|
|
|
|
}
|
|
|
|
|
|
|
|
if !strings.HasPrefix(configuration.Redis.Host, "/") && configuration.Redis.Port == 0 {
|
|
|
|
validator.Push(errors.New("A redis port different than 0 must be provided"))
|
|
|
|
} else if configuration.Redis.Port < 0 || configuration.Redis.Port > 65535 {
|
|
|
|
validator.Push(fmt.Errorf(errFmtSessionRedisPortRange, "redis"))
|
|
|
|
}
|
|
|
|
|
|
|
|
if configuration.Redis.MaximumActiveConnections <= 0 {
|
|
|
|
configuration.Redis.MaximumActiveConnections = 8
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func validateRedisSentinel(configuration *schema.SessionConfiguration, validator *schema.StructValidator) {
|
|
|
|
if configuration.Redis.Port == 0 {
|
|
|
|
configuration.Redis.Port = 26379
|
|
|
|
} else if configuration.Redis.Port < 0 || configuration.Redis.Port > 65535 {
|
|
|
|
validator.Push(fmt.Errorf(errFmtSessionRedisPortRange, "redis sentinel"))
|
|
|
|
}
|
|
|
|
|
|
|
|
validateHighAvailability(configuration, validator, "redis sentinel")
|
|
|
|
}
|
|
|
|
|
|
|
|
func validateHighAvailability(configuration *schema.SessionConfiguration, validator *schema.StructValidator, provider string) {
|
|
|
|
if configuration.Redis.Host == "" && len(configuration.Redis.HighAvailability.Nodes) == 0 {
|
|
|
|
validator.Push(fmt.Errorf(errFmtSessionRedisHostOrNodesRequired, provider))
|
|
|
|
}
|
|
|
|
|
|
|
|
if configuration.Secret == "" {
|
|
|
|
validator.Push(fmt.Errorf(errFmtSessionSecretRedisProvider, provider))
|
|
|
|
}
|
|
|
|
|
|
|
|
for i, node := range configuration.Redis.HighAvailability.Nodes {
|
|
|
|
if node.Host == "" {
|
|
|
|
validator.Push(fmt.Errorf("The %s nodes require a host set but you have not set the host for one or more nodes", provider))
|
|
|
|
break
|
|
|
|
}
|
|
|
|
|
|
|
|
if node.Port == 0 {
|
|
|
|
if provider == "redis sentinel" {
|
|
|
|
configuration.Redis.HighAvailability.Nodes[i].Port = 26379
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|