2019-04-24 21:52:08 +00:00
package validator
import (
"fmt"
2021-01-04 10:28:55 +00:00
"os"
2022-02-28 03:15:01 +00:00
"strings"
2019-04-24 21:52:08 +00:00
2021-08-11 01:04:35 +00:00
"github.com/authelia/authelia/v4/internal/configuration/schema"
"github.com/authelia/authelia/v4/internal/utils"
2019-04-24 21:52:08 +00:00
)
2020-04-23 01:11:32 +00:00
// ValidateConfiguration and adapt the configuration read from file.
2022-02-28 03:15:01 +00:00
func ValidateConfiguration ( config * schema . Configuration , validator * schema . StructValidator ) {
var err error
if config . CertificatesDirectory != "" {
var info os . FileInfo
if info , err = os . Stat ( config . CertificatesDirectory ) ; err != nil {
validator . Push ( fmt . Errorf ( "the location 'certificates_directory' could not be inspected: %w" , err ) )
2021-01-04 10:28:55 +00:00
} else if ! info . IsDir ( ) {
2022-02-28 03:15:01 +00:00
validator . Push ( fmt . Errorf ( "the location 'certificates_directory' refers to '%s' is not a directory" , config . CertificatesDirectory ) )
2021-01-04 10:28:55 +00:00
}
}
2022-02-28 03:15:01 +00:00
if config . JWTSecret == "" {
validator . Push ( fmt . Errorf ( "option 'jwt_secret' is required" ) )
2020-04-05 12:37:21 +00:00
}
2022-02-28 03:15:01 +00:00
if config . DefaultRedirectionURL != "" {
if err = utils . IsStringAbsURL ( config . DefaultRedirectionURL ) ; err != nil {
validator . Push ( fmt . Errorf ( "option 'default_redirection_url' is invalid: %s" , strings . ReplaceAll ( err . Error ( ) , "like 'http://' or 'https://'" , "like 'ldap://' or 'ldaps://'" ) ) )
2020-02-01 12:54:50 +00:00
}
}
2022-04-17 23:58:24 +00:00
validateDefault2FAMethod ( config , validator )
2022-02-28 03:15:01 +00:00
ValidateTheme ( config , validator )
2021-01-20 12:07:40 +00:00
2022-02-28 03:15:01 +00:00
ValidateLog ( config , validator )
2021-06-01 04:09:50 +00:00
2022-04-15 23:34:26 +00:00
ValidateDuo ( config , validator )
2022-02-28 03:15:01 +00:00
ValidateTOTP ( config , validator )
2019-04-24 21:52:08 +00:00
2023-04-11 04:40:09 +00:00
ValidateWebAuthn ( config , validator )
2022-03-03 11:20:43 +00:00
2022-02-28 03:15:01 +00:00
ValidateAuthenticationBackend ( & config . AuthenticationBackend , validator )
2020-04-05 12:37:21 +00:00
2022-02-28 03:15:01 +00:00
ValidateAccessControl ( config , validator )
2021-01-04 10:55:23 +00:00
2022-02-28 03:15:01 +00:00
ValidateRules ( config , validator )
2021-01-04 10:55:23 +00:00
2022-02-28 03:15:01 +00:00
ValidateSession ( & config . Session , validator )
2019-04-24 21:52:08 +00:00
2022-02-28 03:15:01 +00:00
ValidateRegulation ( config , validator )
2020-05-05 19:35:32 +00:00
2022-02-28 03:15:01 +00:00
ValidateServer ( config , validator )
2020-04-05 12:37:21 +00:00
2022-06-14 07:20:13 +00:00
ValidateTelemetry ( config , validator )
2022-02-28 03:15:01 +00:00
ValidateStorage ( config . Storage , validator )
2020-04-30 02:03:05 +00:00
2022-04-15 23:34:26 +00:00
ValidateNotifier ( & config . Notifier , validator )
2019-11-16 19:50:58 +00:00
2022-02-28 03:15:01 +00:00
ValidateIdentityProviders ( & config . IdentityProviders , validator )
2021-09-17 04:44:35 +00:00
2022-02-28 03:15:01 +00:00
ValidateNTP ( config , validator )
2022-04-02 22:32:57 +00:00
ValidatePasswordPolicy ( & config . PasswordPolicy , validator )
2023-01-22 08:58:07 +00:00
ValidatePrivacyPolicy ( & config . PrivacyPolicy , validator )
2019-04-24 21:52:08 +00:00
}
2022-04-17 23:58:24 +00:00
func validateDefault2FAMethod ( config * schema . Configuration , validator * schema . StructValidator ) {
if config . Default2FAMethod == "" {
return
}
if ! utils . IsStringInSlice ( config . Default2FAMethod , validDefault2FAMethods ) {
validator . Push ( fmt . Errorf ( errFmtInvalidDefault2FAMethod , config . Default2FAMethod , strings . Join ( validDefault2FAMethods , "', '" ) ) )
return
}
var enabledMethods [ ] string
if ! config . TOTP . Disable {
enabledMethods = append ( enabledMethods , "totp" )
}
2023-04-11 04:40:09 +00:00
if ! config . WebAuthn . Disable {
2022-04-17 23:58:24 +00:00
enabledMethods = append ( enabledMethods , "webauthn" )
}
if ! config . DuoAPI . Disable {
enabledMethods = append ( enabledMethods , "mobile_push" )
}
if ! utils . IsStringInSlice ( config . Default2FAMethod , enabledMethods ) {
validator . Push ( fmt . Errorf ( errFmtInvalidDefault2FAMethodDisabled , config . Default2FAMethod , strings . Join ( enabledMethods , "', '" ) ) )
}
}