authelia/internal/configuration/validator/authentication.go

package validator

import (
	"errors"
	"fmt"
	"net/url"
	"strings"

	"github.com/authelia/authelia/internal/configuration/schema"
)

var ldapProtocolPrefix = "ldap://"
var ldapsProtocolPrefix = "ldaps://"

func validateFileAuthenticationBackend(configuration *schema.FileAuthenticationBackendConfiguration, validator *schema.StructValidator) {
	if configuration.Path == "" {
		validator.Push(errors.New("Please provide a `path` for the users database in `authentication_backend`"))
	}
}

func validateLdapURL(ldapURL string, validator *schema.StructValidator) string {
	u, err := url.Parse(ldapURL)

	if err != nil {
		validator.Push(errors.New("Unable to parse URL to ldap server. The scheme is probably missing: ldap:// or ldaps://"))
		return ""
	}

	if !(u.Scheme == "ldap" || u.Scheme == "ldaps") {
		validator.Push(errors.New("Unknown scheme for ldap url, should be ldap:// or ldaps://"))
		return ""
	}

	if u.Scheme == "ldap" && u.Port() == "" {
		u.Host += ":389"
	} else if u.Scheme == "ldaps" && u.Port() == "" {
		u.Host += ":636"
	}

	if !u.IsAbs() {
		validator.Push(fmt.Errorf("URL to LDAP %s is still not absolute, it should be something like ldap://127.0.0.1:389", u.String()))
	}

	return u.String()
}

func validateLdapAuthenticationBackend(configuration *schema.LDAPAuthenticationBackendConfiguration, validator *schema.StructValidator) {
	if configuration.URL == "" {
		validator.Push(errors.New("Please provide a URL to the LDAP server"))
	} else {
		configuration.URL = validateLdapURL(configuration.URL, validator)
	}

	if configuration.User == "" {
		validator.Push(errors.New("Please provide a user name to connect to the LDAP server"))
	}

	if configuration.Password == "" {
		validator.Push(errors.New("Please provide a password to connect to the LDAP server"))
	}

	if configuration.BaseDN == "" {
		validator.Push(errors.New("Please provide a base DN to connect to the LDAP server"))
	}

	if configuration.UsersFilter == "" {
		configuration.UsersFilter = "(cn={0})"
	}

	if !strings.HasPrefix(configuration.UsersFilter, "(") || !strings.HasSuffix(configuration.UsersFilter, ")") {
		validator.Push(errors.New("The users filter should contain enclosing parenthesis. For instance cn={0} should be (cn={0})"))
	}

	if configuration.GroupsFilter == "" {
		configuration.GroupsFilter = "(member={dn})"
	}

	if !strings.HasPrefix(configuration.GroupsFilter, "(") || !strings.HasSuffix(configuration.GroupsFilter, ")") {
		validator.Push(errors.New("The groups filter should contain enclosing parenthesis. For instance cn={0} should be (cn={0})"))
	}

	if configuration.GroupNameAttribute == "" {
		configuration.GroupNameAttribute = "cn"
	}

	if configuration.MailAttribute == "" {
		configuration.MailAttribute = "mail"
	}
}

// ValidateAuthenticationBackend validates and update authentication backend configuration.
func ValidateAuthenticationBackend(configuration *schema.AuthenticationBackendConfiguration, validator *schema.StructValidator) {
	if configuration.Ldap == nil && configuration.File == nil {
		validator.Push(errors.New("Please provide `ldap` or `file` object in `authentication_backend`"))
	}

	if configuration.Ldap != nil && configuration.File != nil {
		validator.Push(errors.New("You cannot provide both `ldap` and `file` objects in `authentication_backend`"))
	}

	if configuration.File != nil {
		validateFileAuthenticationBackend(configuration.File, validator)
	} else if configuration.Ldap != nil {
		validateLdapAuthenticationBackend(configuration.Ldap, validator)
	}
}
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture. 2019-04-24 21:52:08 +00:00			`package validator`

			`import (`
			`"errors"`
Add support for LDAP over TLS. 2019-12-06 08:15:54 +00:00			`"fmt"`
			`"net/url"`
Add a check for enclosing parenthesis in LDAP users and groups filters. 2019-12-08 22:21:55 +00:00			`"strings"`
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture. 2019-04-24 21:52:08 +00:00
Rename org from clems4ever to authelia Also fix references from config.yml to configuration.yml 2019-12-24 02:14:52 +00:00			`"github.com/authelia/authelia/internal/configuration/schema"`
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture. 2019-04-24 21:52:08 +00:00			`)`

Support ldap:// protocol for ldap url to be backward compatible with v3. 2019-10-29 20:16:38 +00:00			`var ldapProtocolPrefix = "ldap://"`
Add support for LDAP over TLS. 2019-12-06 08:15:54 +00:00			`var ldapsProtocolPrefix = "ldaps://"`
Support ldap:// protocol for ldap url to be backward compatible with v3. 2019-10-29 20:16:38 +00:00
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture. 2019-04-24 21:52:08 +00:00			`func validateFileAuthenticationBackend(configuration schema.FileAuthenticationBackendConfiguration, validator schema.StructValidator) {`
			`if configuration.Path == "" {`
			validator.Push(errors.New("Please provide a `path` for the users database in `authentication_backend`"))
			`}`
			`}`

Add support for LDAP over TLS. 2019-12-06 08:15:54 +00:00			`func validateLdapURL(ldapURL string, validator *schema.StructValidator) string {`
			`u, err := url.Parse(ldapURL)`

			`if err != nil {`
			`validator.Push(errors.New("Unable to parse URL to ldap server. The scheme is probably missing: ldap:// or ldaps://"))`
			`return ""`
Support ldap:// protocol for ldap url to be backward compatible with v3. 2019-10-29 20:16:38 +00:00			`}`

Add support for LDAP over TLS. 2019-12-06 08:15:54 +00:00			`if !(u.Scheme == "ldap" \|\| u.Scheme == "ldaps") {`
			`validator.Push(errors.New("Unknown scheme for ldap url, should be ldap:// or ldaps://"))`
			`return ""`
			`}`
Support ldap:// protocol for ldap url to be backward compatible with v3. 2019-10-29 20:16:38 +00:00
Add support for LDAP over TLS. 2019-12-06 08:15:54 +00:00			`if u.Scheme == "ldap" && u.Port() == "" {`
			`u.Host += ":389"`
			`} else if u.Scheme == "ldaps" && u.Port() == "" {`
			`u.Host += ":636"`
Support ldap:// protocol for ldap url to be backward compatible with v3. 2019-10-29 20:16:38 +00:00			`}`
Add support for LDAP over TLS. 2019-12-06 08:15:54 +00:00
			`if !u.IsAbs() {`
			`validator.Push(fmt.Errorf("URL to LDAP %s is still not absolute, it should be something like ldap://127.0.0.1:389", u.String()))`
			`}`

			`return u.String()`
Support ldap:// protocol for ldap url to be backward compatible with v3. 2019-10-29 20:16:38 +00:00			`}`

Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture. 2019-04-24 21:52:08 +00:00			`func validateLdapAuthenticationBackend(configuration schema.LDAPAuthenticationBackendConfiguration, validator schema.StructValidator) {`
			`if configuration.URL == "" {`
			`validator.Push(errors.New("Please provide a URL to the LDAP server"))`
Support ldap:// protocol for ldap url to be backward compatible with v3. 2019-10-29 20:16:38 +00:00			`} else {`
			`configuration.URL = validateLdapURL(configuration.URL, validator)`
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture. 2019-04-24 21:52:08 +00:00			`}`

			`if configuration.User == "" {`
			`validator.Push(errors.New("Please provide a user name to connect to the LDAP server"))`
			`}`

			`if configuration.Password == "" {`
			`validator.Push(errors.New("Please provide a password to connect to the LDAP server"))`
			`}`

			`if configuration.BaseDN == "" {`
			`validator.Push(errors.New("Please provide a base DN to connect to the LDAP server"))`
			`}`

			`if configuration.UsersFilter == "" {`
Support ldap:// protocol for ldap url to be backward compatible with v3. 2019-10-29 20:16:38 +00:00			`configuration.UsersFilter = "(cn={0})"`
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture. 2019-04-24 21:52:08 +00:00			`}`

Add a check for enclosing parenthesis in LDAP users and groups filters. 2019-12-08 22:21:55 +00:00			`if !strings.HasPrefix(configuration.UsersFilter, "(") \|\| !strings.HasSuffix(configuration.UsersFilter, ")") {`
			`validator.Push(errors.New("The users filter should contain enclosing parenthesis. For instance cn={0} should be (cn={0})"))`
			`}`

Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture. 2019-04-24 21:52:08 +00:00			`if configuration.GroupsFilter == "" {`
Support ldap:// protocol for ldap url to be backward compatible with v3. 2019-10-29 20:16:38 +00:00			`configuration.GroupsFilter = "(member={dn})"`
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture. 2019-04-24 21:52:08 +00:00			`}`

Add a check for enclosing parenthesis in LDAP users and groups filters. 2019-12-08 22:21:55 +00:00			`if !strings.HasPrefix(configuration.GroupsFilter, "(") \|\| !strings.HasSuffix(configuration.GroupsFilter, ")") {`
			`validator.Push(errors.New("The groups filter should contain enclosing parenthesis. For instance cn={0} should be (cn={0})"))`
			`}`

Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture. 2019-04-24 21:52:08 +00:00			`if configuration.GroupNameAttribute == "" {`
			`configuration.GroupNameAttribute = "cn"`
			`}`

			`if configuration.MailAttribute == "" {`
			`configuration.MailAttribute = "mail"`
			`}`
			`}`

			`// ValidateAuthenticationBackend validates and update authentication backend configuration.`
			`func ValidateAuthenticationBackend(configuration schema.AuthenticationBackendConfiguration, validator schema.StructValidator) {`
			`if configuration.Ldap == nil && configuration.File == nil {`
			validator.Push(errors.New("Please provide `ldap` or `file` object in `authentication_backend`"))
			`}`

			`if configuration.Ldap != nil && configuration.File != nil {`
			validator.Push(errors.New("You cannot provide both `ldap` and `file` objects in `authentication_backend`"))
			`}`

			`if configuration.File != nil {`
			`validateFileAuthenticationBackend(configuration.File, validator)`
			`} else if configuration.Ldap != nil {`
			`validateLdapAuthenticationBackend(configuration.Ldap, validator)`
			`}`
			`}`