2019-04-24 21:52:08 +00:00
|
|
|
package handlers
|
|
|
|
|
|
|
|
import (
|
|
|
|
"fmt"
|
|
|
|
"testing"
|
|
|
|
|
|
|
|
"github.com/golang/mock/gomock"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
|
|
"github.com/stretchr/testify/suite"
|
2023-04-15 05:03:14 +00:00
|
|
|
"github.com/valyala/fasthttp"
|
2020-04-05 12:37:21 +00:00
|
|
|
|
2021-08-11 01:04:35 +00:00
|
|
|
"github.com/authelia/authelia/v4/internal/authentication"
|
|
|
|
"github.com/authelia/authelia/v4/internal/authorization"
|
|
|
|
"github.com/authelia/authelia/v4/internal/configuration/schema"
|
|
|
|
"github.com/authelia/authelia/v4/internal/mocks"
|
2022-03-06 05:47:40 +00:00
|
|
|
"github.com/authelia/authelia/v4/internal/model"
|
2021-11-29 03:09:14 +00:00
|
|
|
"github.com/authelia/authelia/v4/internal/regulation"
|
2019-04-24 21:52:08 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
type FirstFactorSuite struct {
|
|
|
|
suite.Suite
|
|
|
|
|
|
|
|
mock *mocks.MockAutheliaCtx
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *FirstFactorSuite) SetupTest() {
|
|
|
|
s.mock = mocks.NewMockAutheliaCtx(s.T())
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *FirstFactorSuite) TearDownTest() {
|
|
|
|
s.mock.Close()
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *FirstFactorSuite) TestShouldFailIfBodyIsNil() {
|
2022-04-08 04:13:47 +00:00
|
|
|
FirstFactorPOST(nil)(s.mock.Ctx)
|
2019-04-24 21:52:08 +00:00
|
|
|
|
2022-01-31 05:25:15 +00:00
|
|
|
// No body.
|
2021-11-29 03:09:14 +00:00
|
|
|
assert.Equal(s.T(), "Failed to parse 1FA request body: unable to parse body: unexpected end of JSON input", s.mock.Hook.LastEntry().Message)
|
2020-05-05 21:27:38 +00:00
|
|
|
s.mock.Assert401KO(s.T(), "Authentication failed. Check your credentials.")
|
2019-04-24 21:52:08 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func (s *FirstFactorSuite) TestShouldFailIfBodyIsInBadFormat() {
|
2022-01-31 05:25:15 +00:00
|
|
|
// Missing password.
|
2019-04-24 21:52:08 +00:00
|
|
|
s.mock.Ctx.Request.SetBodyString(`{
|
|
|
|
"username": "test"
|
|
|
|
}`)
|
2022-04-08 04:13:47 +00:00
|
|
|
FirstFactorPOST(nil)(s.mock.Ctx)
|
2019-04-24 21:52:08 +00:00
|
|
|
|
2021-11-29 03:09:14 +00:00
|
|
|
assert.Equal(s.T(), "Failed to parse 1FA request body: unable to validate body: password: non zero value required", s.mock.Hook.LastEntry().Message)
|
2020-05-05 21:27:38 +00:00
|
|
|
s.mock.Assert401KO(s.T(), "Authentication failed. Check your credentials.")
|
2019-04-24 21:52:08 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func (s *FirstFactorSuite) TestShouldFailIfUserProviderCheckPasswordFail() {
|
|
|
|
s.mock.UserProviderMock.
|
|
|
|
EXPECT().
|
|
|
|
CheckUserPassword(gomock.Eq("test"), gomock.Eq("hello")).
|
2021-11-29 03:09:14 +00:00
|
|
|
Return(false, fmt.Errorf("failed"))
|
2019-04-24 21:52:08 +00:00
|
|
|
|
2021-12-01 12:11:29 +00:00
|
|
|
s.mock.StorageMock.
|
2019-11-30 14:33:45 +00:00
|
|
|
EXPECT().
|
2022-03-06 05:47:40 +00:00
|
|
|
AppendAuthenticationLog(s.mock.Ctx, gomock.Eq(model.AuthenticationAttempt{
|
2019-11-30 14:33:45 +00:00
|
|
|
Username: "test",
|
|
|
|
Successful: false,
|
2021-11-29 03:09:14 +00:00
|
|
|
Banned: false,
|
2019-11-30 14:33:45 +00:00
|
|
|
Time: s.mock.Clock.Now(),
|
2021-11-29 03:09:14 +00:00
|
|
|
Type: regulation.AuthType1FA,
|
2022-03-06 05:47:40 +00:00
|
|
|
RemoteIP: model.NewNullIPFromString("0.0.0.0"),
|
2019-11-30 14:33:45 +00:00
|
|
|
}))
|
|
|
|
|
2019-04-24 21:52:08 +00:00
|
|
|
s.mock.Ctx.Request.SetBodyString(`{
|
|
|
|
"username": "test",
|
|
|
|
"password": "hello",
|
|
|
|
"keepMeLoggedIn": true
|
|
|
|
}`)
|
2022-04-08 04:13:47 +00:00
|
|
|
FirstFactorPOST(nil)(s.mock.Ctx)
|
2019-04-24 21:52:08 +00:00
|
|
|
|
2021-11-29 03:09:14 +00:00
|
|
|
assert.Equal(s.T(), "Unsuccessful 1FA authentication attempt by user 'test': failed", s.mock.Hook.LastEntry().Message)
|
2020-05-05 21:27:38 +00:00
|
|
|
s.mock.Assert401KO(s.T(), "Authentication failed. Check your credentials.")
|
2019-04-24 21:52:08 +00:00
|
|
|
}
|
|
|
|
|
2021-11-29 03:09:14 +00:00
|
|
|
func (s *FirstFactorSuite) TestShouldCheckAuthenticationIsNotMarkedWhenProviderCheckPasswordError() {
|
|
|
|
s.mock.UserProviderMock.
|
|
|
|
EXPECT().
|
|
|
|
CheckUserPassword(gomock.Eq("test"), gomock.Eq("hello")).
|
|
|
|
Return(false, fmt.Errorf("invalid credentials"))
|
|
|
|
|
2021-12-01 12:11:29 +00:00
|
|
|
s.mock.StorageMock.
|
2021-11-29 03:09:14 +00:00
|
|
|
EXPECT().
|
2022-03-06 05:47:40 +00:00
|
|
|
AppendAuthenticationLog(s.mock.Ctx, gomock.Eq(model.AuthenticationAttempt{
|
2021-11-29 03:09:14 +00:00
|
|
|
Username: "test",
|
|
|
|
Successful: false,
|
|
|
|
Banned: false,
|
|
|
|
Time: s.mock.Clock.Now(),
|
|
|
|
Type: regulation.AuthType1FA,
|
2022-03-06 05:47:40 +00:00
|
|
|
RemoteIP: model.NewNullIPFromString("0.0.0.0"),
|
2021-11-29 03:09:14 +00:00
|
|
|
}))
|
|
|
|
|
|
|
|
s.mock.Ctx.Request.SetBodyString(`{
|
|
|
|
"username": "test",
|
|
|
|
"password": "hello",
|
|
|
|
"keepMeLoggedIn": true
|
|
|
|
}`)
|
|
|
|
|
2022-04-08 04:13:47 +00:00
|
|
|
FirstFactorPOST(nil)(s.mock.Ctx)
|
2021-11-29 03:09:14 +00:00
|
|
|
}
|
|
|
|
|
2019-11-24 20:27:59 +00:00
|
|
|
func (s *FirstFactorSuite) TestShouldCheckAuthenticationIsMarkedWhenInvalidCredentials() {
|
|
|
|
s.mock.UserProviderMock.
|
|
|
|
EXPECT().
|
|
|
|
CheckUserPassword(gomock.Eq("test"), gomock.Eq("hello")).
|
2021-11-29 03:09:14 +00:00
|
|
|
Return(false, nil)
|
2019-11-24 20:27:59 +00:00
|
|
|
|
2021-12-01 12:11:29 +00:00
|
|
|
s.mock.StorageMock.
|
2019-11-24 20:27:59 +00:00
|
|
|
EXPECT().
|
2022-03-06 05:47:40 +00:00
|
|
|
AppendAuthenticationLog(s.mock.Ctx, gomock.Eq(model.AuthenticationAttempt{
|
2019-11-24 20:27:59 +00:00
|
|
|
Username: "test",
|
|
|
|
Successful: false,
|
2021-11-29 03:09:14 +00:00
|
|
|
Banned: false,
|
2019-11-30 14:33:45 +00:00
|
|
|
Time: s.mock.Clock.Now(),
|
2021-11-29 03:09:14 +00:00
|
|
|
Type: regulation.AuthType1FA,
|
2022-03-06 05:47:40 +00:00
|
|
|
RemoteIP: model.NewNullIPFromString("0.0.0.0"),
|
2019-11-24 20:27:59 +00:00
|
|
|
}))
|
|
|
|
|
|
|
|
s.mock.Ctx.Request.SetBodyString(`{
|
|
|
|
"username": "test",
|
|
|
|
"password": "hello",
|
|
|
|
"keepMeLoggedIn": true
|
|
|
|
}`)
|
|
|
|
|
2022-04-08 04:13:47 +00:00
|
|
|
FirstFactorPOST(nil)(s.mock.Ctx)
|
2019-11-24 20:27:59 +00:00
|
|
|
}
|
|
|
|
|
2019-04-24 21:52:08 +00:00
|
|
|
func (s *FirstFactorSuite) TestShouldFailIfUserProviderGetDetailsFail() {
|
|
|
|
s.mock.UserProviderMock.
|
|
|
|
EXPECT().
|
|
|
|
CheckUserPassword(gomock.Eq("test"), gomock.Eq("hello")).
|
|
|
|
Return(true, nil)
|
|
|
|
|
2021-12-01 12:11:29 +00:00
|
|
|
s.mock.StorageMock.
|
2019-04-24 21:52:08 +00:00
|
|
|
EXPECT().
|
2021-11-23 09:45:38 +00:00
|
|
|
AppendAuthenticationLog(s.mock.Ctx, gomock.Any()).
|
2019-04-24 21:52:08 +00:00
|
|
|
Return(nil)
|
|
|
|
|
2019-11-30 14:33:45 +00:00
|
|
|
s.mock.UserProviderMock.
|
|
|
|
EXPECT().
|
|
|
|
GetDetails(gomock.Eq("test")).
|
2021-11-29 03:09:14 +00:00
|
|
|
Return(nil, fmt.Errorf("failed"))
|
2019-11-30 14:33:45 +00:00
|
|
|
|
2019-04-24 21:52:08 +00:00
|
|
|
s.mock.Ctx.Request.SetBodyString(`{
|
|
|
|
"username": "test",
|
|
|
|
"password": "hello",
|
|
|
|
"keepMeLoggedIn": true
|
|
|
|
}`)
|
2022-04-08 04:13:47 +00:00
|
|
|
FirstFactorPOST(nil)(s.mock.Ctx)
|
2019-04-24 21:52:08 +00:00
|
|
|
|
2021-11-29 03:09:14 +00:00
|
|
|
assert.Equal(s.T(), "Could not obtain profile details during 1FA authentication for user 'test': failed", s.mock.Hook.LastEntry().Message)
|
2020-05-05 21:27:38 +00:00
|
|
|
s.mock.Assert401KO(s.T(), "Authentication failed. Check your credentials.")
|
2019-04-24 21:52:08 +00:00
|
|
|
}
|
|
|
|
|
2019-11-30 14:33:45 +00:00
|
|
|
func (s *FirstFactorSuite) TestShouldFailIfAuthenticationMarkFail() {
|
2019-04-24 21:52:08 +00:00
|
|
|
s.mock.UserProviderMock.
|
|
|
|
EXPECT().
|
|
|
|
CheckUserPassword(gomock.Eq("test"), gomock.Eq("hello")).
|
|
|
|
Return(true, nil)
|
|
|
|
|
2021-12-01 12:11:29 +00:00
|
|
|
s.mock.StorageMock.
|
2019-04-24 21:52:08 +00:00
|
|
|
EXPECT().
|
2021-11-23 09:45:38 +00:00
|
|
|
AppendAuthenticationLog(s.mock.Ctx, gomock.Any()).
|
2019-04-24 21:52:08 +00:00
|
|
|
Return(fmt.Errorf("failed"))
|
|
|
|
|
|
|
|
s.mock.Ctx.Request.SetBodyString(`{
|
|
|
|
"username": "test",
|
|
|
|
"password": "hello",
|
|
|
|
"keepMeLoggedIn": true
|
|
|
|
}`)
|
2022-04-08 04:13:47 +00:00
|
|
|
FirstFactorPOST(nil)(s.mock.Ctx)
|
2019-04-24 21:52:08 +00:00
|
|
|
|
2021-11-29 03:09:14 +00:00
|
|
|
assert.Equal(s.T(), "Unable to mark 1FA authentication attempt by user 'test': failed", s.mock.Hook.LastEntry().Message)
|
2020-05-05 21:27:38 +00:00
|
|
|
s.mock.Assert401KO(s.T(), "Authentication failed. Check your credentials.")
|
2019-04-24 21:52:08 +00:00
|
|
|
}
|
|
|
|
|
2020-01-17 22:48:48 +00:00
|
|
|
func (s *FirstFactorSuite) TestShouldAuthenticateUserWithRememberMeChecked() {
|
2019-04-24 21:52:08 +00:00
|
|
|
s.mock.UserProviderMock.
|
|
|
|
EXPECT().
|
|
|
|
CheckUserPassword(gomock.Eq("test"), gomock.Eq("hello")).
|
|
|
|
Return(true, nil)
|
|
|
|
|
|
|
|
s.mock.UserProviderMock.
|
|
|
|
EXPECT().
|
|
|
|
GetDetails(gomock.Eq("test")).
|
|
|
|
Return(&authentication.UserDetails{
|
2020-03-15 07:10:25 +00:00
|
|
|
Username: "test",
|
|
|
|
Emails: []string{"test@example.com"},
|
|
|
|
Groups: []string{"dev", "admins"},
|
2019-04-24 21:52:08 +00:00
|
|
|
}, nil)
|
|
|
|
|
2021-12-01 12:11:29 +00:00
|
|
|
s.mock.StorageMock.
|
2019-04-24 21:52:08 +00:00
|
|
|
EXPECT().
|
2021-11-23 09:45:38 +00:00
|
|
|
AppendAuthenticationLog(s.mock.Ctx, gomock.Any()).
|
2019-04-24 21:52:08 +00:00
|
|
|
Return(nil)
|
|
|
|
|
|
|
|
s.mock.Ctx.Request.SetBodyString(`{
|
2020-01-17 22:55:02 +00:00
|
|
|
"username": "test",
|
|
|
|
"password": "hello",
|
|
|
|
"keepMeLoggedIn": true
|
|
|
|
}`)
|
2022-04-08 04:13:47 +00:00
|
|
|
FirstFactorPOST(nil)(s.mock.Ctx)
|
2019-04-24 21:52:08 +00:00
|
|
|
|
|
|
|
// Respond with 200.
|
2023-04-15 05:03:14 +00:00
|
|
|
assert.Equal(s.T(), fasthttp.StatusOK, s.mock.Ctx.Response.StatusCode())
|
2019-04-24 21:52:08 +00:00
|
|
|
assert.Equal(s.T(), []byte("{\"status\":\"OK\"}"), s.mock.Ctx.Response.Body())
|
|
|
|
|
2023-01-25 09:36:40 +00:00
|
|
|
userSession, err := s.mock.Ctx.GetSession()
|
|
|
|
s.Assert().NoError(err)
|
|
|
|
|
|
|
|
assert.Equal(s.T(), "test", userSession.Username)
|
|
|
|
assert.Equal(s.T(), true, userSession.KeepMeLoggedIn)
|
|
|
|
assert.Equal(s.T(), authentication.OneFactor, userSession.AuthenticationLevel)
|
|
|
|
assert.Equal(s.T(), []string{"test@example.com"}, userSession.Emails)
|
|
|
|
assert.Equal(s.T(), []string{"dev", "admins"}, userSession.Groups)
|
2020-01-17 22:48:48 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func (s *FirstFactorSuite) TestShouldAuthenticateUserWithRememberMeUnchecked() {
|
|
|
|
s.mock.UserProviderMock.
|
|
|
|
EXPECT().
|
|
|
|
CheckUserPassword(gomock.Eq("test"), gomock.Eq("hello")).
|
|
|
|
Return(true, nil)
|
|
|
|
|
|
|
|
s.mock.UserProviderMock.
|
|
|
|
EXPECT().
|
|
|
|
GetDetails(gomock.Eq("test")).
|
|
|
|
Return(&authentication.UserDetails{
|
2020-03-15 07:10:25 +00:00
|
|
|
Username: "test",
|
|
|
|
Emails: []string{"test@example.com"},
|
|
|
|
Groups: []string{"dev", "admins"},
|
2020-01-17 22:48:48 +00:00
|
|
|
}, nil)
|
2019-04-24 21:52:08 +00:00
|
|
|
|
2021-12-01 12:11:29 +00:00
|
|
|
s.mock.StorageMock.
|
2020-01-17 22:48:48 +00:00
|
|
|
EXPECT().
|
2021-11-23 09:45:38 +00:00
|
|
|
AppendAuthenticationLog(s.mock.Ctx, gomock.Any()).
|
2020-01-17 22:48:48 +00:00
|
|
|
Return(nil)
|
|
|
|
|
|
|
|
s.mock.Ctx.Request.SetBodyString(`{
|
2020-01-17 22:55:02 +00:00
|
|
|
"username": "test",
|
|
|
|
"password": "hello",
|
2021-03-05 04:18:31 +00:00
|
|
|
"requestMethod": "GET",
|
2020-01-17 22:55:02 +00:00
|
|
|
"keepMeLoggedIn": false
|
|
|
|
}`)
|
2022-04-08 04:13:47 +00:00
|
|
|
FirstFactorPOST(nil)(s.mock.Ctx)
|
2020-01-17 22:48:48 +00:00
|
|
|
|
|
|
|
// Respond with 200.
|
2023-04-15 05:03:14 +00:00
|
|
|
assert.Equal(s.T(), fasthttp.StatusOK, s.mock.Ctx.Response.StatusCode())
|
2020-01-17 22:48:48 +00:00
|
|
|
assert.Equal(s.T(), []byte("{\"status\":\"OK\"}"), s.mock.Ctx.Response.Body())
|
|
|
|
|
2023-01-25 09:36:40 +00:00
|
|
|
userSession, err := s.mock.Ctx.GetSession()
|
|
|
|
s.Assert().NoError(err)
|
|
|
|
|
|
|
|
assert.Equal(s.T(), "test", userSession.Username)
|
|
|
|
assert.Equal(s.T(), false, userSession.KeepMeLoggedIn)
|
|
|
|
assert.Equal(s.T(), authentication.OneFactor, userSession.AuthenticationLevel)
|
|
|
|
assert.Equal(s.T(), []string{"test@example.com"}, userSession.Emails)
|
|
|
|
assert.Equal(s.T(), []string{"dev", "admins"}, userSession.Groups)
|
2019-04-24 21:52:08 +00:00
|
|
|
}
|
|
|
|
|
2020-03-15 07:10:25 +00:00
|
|
|
func (s *FirstFactorSuite) TestShouldSaveUsernameFromAuthenticationBackendInSession() {
|
|
|
|
s.mock.UserProviderMock.
|
|
|
|
EXPECT().
|
|
|
|
CheckUserPassword(gomock.Eq("test"), gomock.Eq("hello")).
|
|
|
|
Return(true, nil)
|
|
|
|
|
|
|
|
s.mock.UserProviderMock.
|
|
|
|
EXPECT().
|
|
|
|
GetDetails(gomock.Eq("test")).
|
|
|
|
Return(&authentication.UserDetails{
|
|
|
|
// This is the name in authentication backend, in some setups the binding is
|
|
|
|
// case insensitive but the user ID in session must match the user in LDAP
|
|
|
|
// for the other modules of Authelia to be coherent.
|
|
|
|
Username: "Test",
|
|
|
|
Emails: []string{"test@example.com"},
|
|
|
|
Groups: []string{"dev", "admins"},
|
|
|
|
}, nil)
|
|
|
|
|
2021-12-01 12:11:29 +00:00
|
|
|
s.mock.StorageMock.
|
2020-03-15 07:10:25 +00:00
|
|
|
EXPECT().
|
2021-11-23 09:45:38 +00:00
|
|
|
AppendAuthenticationLog(s.mock.Ctx, gomock.Any()).
|
2020-03-15 07:10:25 +00:00
|
|
|
Return(nil)
|
|
|
|
|
|
|
|
s.mock.Ctx.Request.SetBodyString(`{
|
|
|
|
"username": "test",
|
|
|
|
"password": "hello",
|
2021-03-05 04:18:31 +00:00
|
|
|
"requestMethod": "GET",
|
2020-03-15 07:10:25 +00:00
|
|
|
"keepMeLoggedIn": true
|
|
|
|
}`)
|
2022-04-08 04:13:47 +00:00
|
|
|
FirstFactorPOST(nil)(s.mock.Ctx)
|
2020-03-15 07:10:25 +00:00
|
|
|
|
|
|
|
// Respond with 200.
|
2023-04-15 05:03:14 +00:00
|
|
|
assert.Equal(s.T(), fasthttp.StatusOK, s.mock.Ctx.Response.StatusCode())
|
2020-03-15 07:10:25 +00:00
|
|
|
assert.Equal(s.T(), []byte("{\"status\":\"OK\"}"), s.mock.Ctx.Response.Body())
|
|
|
|
|
2023-01-25 09:36:40 +00:00
|
|
|
userSession, err := s.mock.Ctx.GetSession()
|
|
|
|
s.Assert().NoError(err)
|
|
|
|
|
|
|
|
assert.Equal(s.T(), "Test", userSession.Username)
|
|
|
|
assert.Equal(s.T(), true, userSession.KeepMeLoggedIn)
|
|
|
|
assert.Equal(s.T(), authentication.OneFactor, userSession.AuthenticationLevel)
|
|
|
|
assert.Equal(s.T(), []string{"test@example.com"}, userSession.Emails)
|
|
|
|
assert.Equal(s.T(), []string{"dev", "admins"}, userSession.Groups)
|
2020-03-15 07:10:25 +00:00
|
|
|
}
|
|
|
|
|
2020-02-04 21:18:02 +00:00
|
|
|
type FirstFactorRedirectionSuite struct {
|
|
|
|
suite.Suite
|
|
|
|
|
|
|
|
mock *mocks.MockAutheliaCtx
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *FirstFactorRedirectionSuite) SetupTest() {
|
|
|
|
s.mock = mocks.NewMockAutheliaCtx(s.T())
|
|
|
|
s.mock.Ctx.Configuration.DefaultRedirectionURL = "https://default.local"
|
2023-01-25 09:36:40 +00:00
|
|
|
s.mock.Ctx.Configuration.AccessControl.DefaultPolicy = testBypass
|
2023-01-26 02:23:47 +00:00
|
|
|
s.mock.Ctx.Configuration.AccessControl.Rules = []schema.AccessControlRule{
|
2020-04-09 01:05:17 +00:00
|
|
|
{
|
2020-04-16 00:18:11 +00:00
|
|
|
Domains: []string{"default.local"},
|
|
|
|
Policy: "one_factor",
|
2020-03-06 00:31:09 +00:00
|
|
|
},
|
|
|
|
}
|
2021-06-18 01:38:01 +00:00
|
|
|
s.mock.Ctx.Providers.Authorizer = authorization.NewAuthorizer(&s.mock.Ctx.Configuration)
|
2020-02-04 21:18:02 +00:00
|
|
|
|
|
|
|
s.mock.UserProviderMock.
|
|
|
|
EXPECT().
|
|
|
|
CheckUserPassword(gomock.Eq("test"), gomock.Eq("hello")).
|
|
|
|
Return(true, nil)
|
|
|
|
|
|
|
|
s.mock.UserProviderMock.
|
|
|
|
EXPECT().
|
|
|
|
GetDetails(gomock.Eq("test")).
|
|
|
|
Return(&authentication.UserDetails{
|
2020-03-15 07:10:25 +00:00
|
|
|
Username: "test",
|
|
|
|
Emails: []string{"test@example.com"},
|
|
|
|
Groups: []string{"dev", "admins"},
|
2020-02-04 21:18:02 +00:00
|
|
|
}, nil)
|
|
|
|
|
2021-12-01 12:11:29 +00:00
|
|
|
s.mock.StorageMock.
|
2020-02-04 21:18:02 +00:00
|
|
|
EXPECT().
|
2021-11-23 09:45:38 +00:00
|
|
|
AppendAuthenticationLog(s.mock.Ctx, gomock.Any()).
|
2020-02-04 21:18:02 +00:00
|
|
|
Return(nil)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *FirstFactorRedirectionSuite) TearDownTest() {
|
|
|
|
s.mock.Close()
|
|
|
|
}
|
|
|
|
|
2020-03-06 00:31:09 +00:00
|
|
|
// When:
|
2022-08-07 01:24:00 +00:00
|
|
|
//
|
|
|
|
// 1/ the target url is unknown
|
|
|
|
// 2/ two_factor is disabled (no policy is set to two_factor)
|
|
|
|
// 3/ default_redirect_url is provided
|
|
|
|
//
|
2020-03-06 00:31:09 +00:00
|
|
|
// Then:
|
2022-08-07 01:24:00 +00:00
|
|
|
//
|
|
|
|
// the user should be redirected to the default url.
|
2020-03-06 00:31:09 +00:00
|
|
|
func (s *FirstFactorRedirectionSuite) TestShouldRedirectToDefaultURLWhenNoTargetURLProvidedAndTwoFactorDisabled() {
|
2020-02-04 21:18:02 +00:00
|
|
|
s.mock.Ctx.Request.SetBodyString(`{
|
|
|
|
"username": "test",
|
|
|
|
"password": "hello",
|
2021-03-05 04:18:31 +00:00
|
|
|
"requestMethod": "GET",
|
2020-02-04 21:18:02 +00:00
|
|
|
"keepMeLoggedIn": false
|
|
|
|
}`)
|
2022-04-08 04:13:47 +00:00
|
|
|
FirstFactorPOST(nil)(s.mock.Ctx)
|
2020-02-04 21:18:02 +00:00
|
|
|
|
|
|
|
// Respond with 200.
|
2020-03-06 00:31:09 +00:00
|
|
|
s.mock.Assert200OK(s.T(), redirectResponse{Redirect: "https://default.local"})
|
2020-02-04 21:18:02 +00:00
|
|
|
}
|
|
|
|
|
2020-03-06 00:31:09 +00:00
|
|
|
// When:
|
2022-08-07 01:24:00 +00:00
|
|
|
//
|
|
|
|
// 1/ the target url is unsafe
|
|
|
|
// 2/ two_factor is disabled (no policy is set to two_factor)
|
|
|
|
// 3/ default_redirect_url is provided
|
|
|
|
//
|
2020-03-06 00:31:09 +00:00
|
|
|
// Then:
|
2022-08-07 01:24:00 +00:00
|
|
|
//
|
|
|
|
// the user should be redirected to the default url.
|
2020-03-06 00:31:09 +00:00
|
|
|
func (s *FirstFactorRedirectionSuite) TestShouldRedirectToDefaultURLWhenURLIsUnsafeAndTwoFactorDisabled() {
|
2020-02-04 21:18:02 +00:00
|
|
|
s.mock.Ctx.Request.SetBodyString(`{
|
|
|
|
"username": "test",
|
|
|
|
"password": "hello",
|
2021-03-05 04:18:31 +00:00
|
|
|
"requestMethod": "GET",
|
2020-02-04 21:18:02 +00:00
|
|
|
"keepMeLoggedIn": false,
|
|
|
|
"targetURL": "http://notsafe.local"
|
|
|
|
}`)
|
2020-05-04 19:39:25 +00:00
|
|
|
|
2022-04-08 04:13:47 +00:00
|
|
|
FirstFactorPOST(nil)(s.mock.Ctx)
|
2020-02-04 21:18:02 +00:00
|
|
|
|
|
|
|
// Respond with 200.
|
2020-03-06 00:31:09 +00:00
|
|
|
s.mock.Assert200OK(s.T(), redirectResponse{Redirect: "https://default.local"})
|
|
|
|
}
|
|
|
|
|
|
|
|
// When:
|
2022-08-07 01:24:00 +00:00
|
|
|
//
|
|
|
|
// 1/ two_factor is enabled (default policy)
|
|
|
|
//
|
2020-03-06 00:31:09 +00:00
|
|
|
// Then:
|
2022-08-07 01:24:00 +00:00
|
|
|
//
|
|
|
|
// the user should receive 200 without redirection URL.
|
2020-03-06 00:31:09 +00:00
|
|
|
func (s *FirstFactorRedirectionSuite) TestShouldReply200WhenNoTargetURLProvidedAndTwoFactorEnabled() {
|
2021-06-18 01:38:01 +00:00
|
|
|
s.mock.Ctx.Providers.Authorizer = authorization.NewAuthorizer(&schema.Configuration{
|
2023-01-26 02:23:47 +00:00
|
|
|
AccessControl: schema.AccessControl{
|
2021-06-18 01:38:01 +00:00
|
|
|
DefaultPolicy: "two_factor",
|
|
|
|
},
|
2020-03-06 00:31:09 +00:00
|
|
|
})
|
|
|
|
s.mock.Ctx.Request.SetBodyString(`{
|
|
|
|
"username": "test",
|
|
|
|
"password": "hello",
|
2021-03-05 04:18:31 +00:00
|
|
|
"requestMethod": "GET",
|
2020-03-06 00:31:09 +00:00
|
|
|
"keepMeLoggedIn": false
|
|
|
|
}`)
|
2020-05-04 19:39:25 +00:00
|
|
|
|
2022-04-08 04:13:47 +00:00
|
|
|
FirstFactorPOST(nil)(s.mock.Ctx)
|
2020-03-06 00:31:09 +00:00
|
|
|
|
|
|
|
// Respond with 200.
|
|
|
|
s.mock.Assert200OK(s.T(), nil)
|
|
|
|
}
|
|
|
|
|
|
|
|
// When:
|
2022-08-07 01:24:00 +00:00
|
|
|
//
|
|
|
|
// 1/ two_factor is enabled (some rule)
|
|
|
|
//
|
2020-03-06 00:31:09 +00:00
|
|
|
// Then:
|
2022-08-07 01:24:00 +00:00
|
|
|
//
|
|
|
|
// the user should receive 200 without redirection URL.
|
2020-03-06 00:31:09 +00:00
|
|
|
func (s *FirstFactorRedirectionSuite) TestShouldReply200WhenUnsafeTargetURLProvidedAndTwoFactorEnabled() {
|
2021-06-18 01:38:01 +00:00
|
|
|
s.mock.Ctx.Providers.Authorizer = authorization.NewAuthorizer(&schema.Configuration{
|
2023-01-26 02:23:47 +00:00
|
|
|
AccessControl: schema.AccessControl{
|
2021-06-18 01:38:01 +00:00
|
|
|
DefaultPolicy: "one_factor",
|
2023-01-26 02:23:47 +00:00
|
|
|
Rules: []schema.AccessControlRule{
|
2021-06-18 01:38:01 +00:00
|
|
|
{
|
|
|
|
Domains: []string{"test.example.com"},
|
|
|
|
Policy: "one_factor",
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Domains: []string{"example.com"},
|
|
|
|
Policy: "two_factor",
|
|
|
|
},
|
2020-03-06 00:31:09 +00:00
|
|
|
},
|
2021-06-18 01:38:01 +00:00
|
|
|
}})
|
2020-03-06 00:31:09 +00:00
|
|
|
s.mock.Ctx.Request.SetBodyString(`{
|
|
|
|
"username": "test",
|
|
|
|
"password": "hello",
|
2021-03-05 04:18:31 +00:00
|
|
|
"requestMethod": "GET",
|
2020-03-06 00:31:09 +00:00
|
|
|
"keepMeLoggedIn": false
|
|
|
|
}`)
|
2020-05-04 19:39:25 +00:00
|
|
|
|
2022-04-08 04:13:47 +00:00
|
|
|
FirstFactorPOST(nil)(s.mock.Ctx)
|
2020-03-06 00:31:09 +00:00
|
|
|
|
|
|
|
// Respond with 200.
|
|
|
|
s.mock.Assert200OK(s.T(), nil)
|
2020-02-04 21:18:02 +00:00
|
|
|
}
|
|
|
|
|
2019-04-24 21:52:08 +00:00
|
|
|
func TestFirstFactorSuite(t *testing.T) {
|
2020-02-04 21:18:02 +00:00
|
|
|
suite.Run(t, new(FirstFactorSuite))
|
|
|
|
suite.Run(t, new(FirstFactorRedirectionSuite))
|
2019-04-24 21:52:08 +00:00
|
|
|
}
|