2019-04-24 21:52:08 +00:00
package validator
import (
2022-10-21 08:41:33 +00:00
"crypto/tls"
feat(session): add redis sentinel provider (#1768)
* feat(session): add redis sentinel provider
* refactor(session): use int for ports as per go standards
* refactor(configuration): adjust tests and validation
* refactor(configuration): add err format consts
* refactor(configuration): explicitly map redis structs
* refactor(session): merge redis/redis sentinel providers
* refactor(session): add additional checks to redis providers
* feat(session): add redis cluster provider
* fix: update config for new values
* fix: provide nil certpool to affected tests/mocks
* test: add additional tests to cover uncovered code
* docs: expand explanation of host and nodes relation for redis
* ci: add redis-sentinel to suite highavailability, add redis-sentinel quorum
* fix(session): sentinel password
* test: use redis alpine library image for redis sentinel, use expose instead of ports, use redis ip, adjust redis ip range, adjust redis config
* test: make entrypoint.sh executable, fix entrypoint.sh if/elif
* test: add redis failover tests
* test: defer docker start, adjust sleep, attempt logout before login, attempt visit before login and tune timeouts, add additional logging
* test: add sentinel integration test
* test: add secondary node failure to tests, fix password usage, bump test timeout, add sleep
* feat: use sentinel failover cluster
* fix: renamed addrs to sentineladdrs upstream
* test(session): sentinel failover
* test: add redis standard back into testing
* test: move redis standalone test to traefik2
* fix/docs: apply suggestions from code review
2021-03-09 23:03:05 +00:00
"fmt"
2023-01-12 10:57:44 +00:00
"net/url"
2019-04-24 21:52:08 +00:00
"testing"
2023-01-12 10:57:44 +00:00
"time"
2019-04-24 21:52:08 +00:00
"github.com/stretchr/testify/assert"
feat(session): add redis sentinel provider (#1768)
* feat(session): add redis sentinel provider
* refactor(session): use int for ports as per go standards
* refactor(configuration): adjust tests and validation
* refactor(configuration): add err format consts
* refactor(configuration): explicitly map redis structs
* refactor(session): merge redis/redis sentinel providers
* refactor(session): add additional checks to redis providers
* feat(session): add redis cluster provider
* fix: update config for new values
* fix: provide nil certpool to affected tests/mocks
* test: add additional tests to cover uncovered code
* docs: expand explanation of host and nodes relation for redis
* ci: add redis-sentinel to suite highavailability, add redis-sentinel quorum
* fix(session): sentinel password
* test: use redis alpine library image for redis sentinel, use expose instead of ports, use redis ip, adjust redis ip range, adjust redis config
* test: make entrypoint.sh executable, fix entrypoint.sh if/elif
* test: add redis failover tests
* test: defer docker start, adjust sleep, attempt logout before login, attempt visit before login and tune timeouts, add additional logging
* test: add sentinel integration test
* test: add secondary node failure to tests, fix password usage, bump test timeout, add sleep
* feat: use sentinel failover cluster
* fix: renamed addrs to sentineladdrs upstream
* test(session): sentinel failover
* test: add redis standard back into testing
* test: move redis standalone test to traefik2
* fix/docs: apply suggestions from code review
2021-03-09 23:03:05 +00:00
"github.com/stretchr/testify/require"
2020-04-05 12:37:21 +00:00
2021-08-11 01:04:35 +00:00
"github.com/authelia/authelia/v4/internal/configuration/schema"
2019-04-24 21:52:08 +00:00
)
func newDefaultSessionConfig ( ) schema . SessionConfiguration {
config := schema . SessionConfiguration { }
2020-05-02 16:20:40 +00:00
config . Secret = testJWTSecret
2023-01-12 10:57:44 +00:00
config . Domain = exampleDotCom
config . Cookies = [ ] schema . SessionCookieConfiguration { }
2020-05-05 19:35:32 +00:00
2019-04-24 21:52:08 +00:00
return config
}
2022-03-03 11:20:43 +00:00
func TestShouldSetDefaultSessionValues ( t * testing . T ) {
2019-04-24 21:52:08 +00:00
validator := schema . NewStructValidator ( )
config := newDefaultSessionConfig ( )
ValidateSession ( & config , validator )
feat(session): add redis sentinel provider (#1768)
* feat(session): add redis sentinel provider
* refactor(session): use int for ports as per go standards
* refactor(configuration): adjust tests and validation
* refactor(configuration): add err format consts
* refactor(configuration): explicitly map redis structs
* refactor(session): merge redis/redis sentinel providers
* refactor(session): add additional checks to redis providers
* feat(session): add redis cluster provider
* fix: update config for new values
* fix: provide nil certpool to affected tests/mocks
* test: add additional tests to cover uncovered code
* docs: expand explanation of host and nodes relation for redis
* ci: add redis-sentinel to suite highavailability, add redis-sentinel quorum
* fix(session): sentinel password
* test: use redis alpine library image for redis sentinel, use expose instead of ports, use redis ip, adjust redis ip range, adjust redis config
* test: make entrypoint.sh executable, fix entrypoint.sh if/elif
* test: add redis failover tests
* test: defer docker start, adjust sleep, attempt logout before login, attempt visit before login and tune timeouts, add additional logging
* test: add sentinel integration test
* test: add secondary node failure to tests, fix password usage, bump test timeout, add sleep
* feat: use sentinel failover cluster
* fix: renamed addrs to sentineladdrs upstream
* test(session): sentinel failover
* test: add redis standard back into testing
* test: move redis standalone test to traefik2
* fix/docs: apply suggestions from code review
2021-03-09 23:03:05 +00:00
assert . False ( t , validator . HasWarnings ( ) )
assert . False ( t , validator . HasErrors ( ) )
2020-04-05 12:37:21 +00:00
assert . Equal ( t , schema . DefaultSessionConfiguration . Name , config . Name )
assert . Equal ( t , schema . DefaultSessionConfiguration . Inactivity , config . Inactivity )
assert . Equal ( t , schema . DefaultSessionConfiguration . Expiration , config . Expiration )
2023-01-12 10:57:44 +00:00
assert . Equal ( t , schema . DefaultSessionConfiguration . RememberMe , config . RememberMe )
2022-03-03 11:20:43 +00:00
assert . Equal ( t , schema . DefaultSessionConfiguration . SameSite , config . SameSite )
2019-04-24 21:52:08 +00:00
}
2023-01-12 10:57:44 +00:00
func TestShouldSetDefaultSessionDomainsValues ( t * testing . T ) {
testCases := [ ] struct {
name string
have schema . SessionConfiguration
expected schema . SessionConfiguration
errs [ ] string
} {
{
"ShouldSetGoodDefaultValues" ,
schema . SessionConfiguration {
SessionCookieCommonConfiguration : schema . SessionCookieCommonConfiguration {
Domain : exampleDotCom , SameSite : "lax" , Expiration : time . Hour , Inactivity : time . Minute , RememberMe : time . Hour * 2 ,
} ,
} ,
schema . SessionConfiguration {
SessionCookieCommonConfiguration : schema . SessionCookieCommonConfiguration {
Name : "authelia_session" , Domain : exampleDotCom , SameSite : "lax" , Expiration : time . Hour , Inactivity : time . Minute , RememberMe : time . Hour * 2 ,
} ,
Cookies : [ ] schema . SessionCookieConfiguration {
{
SessionCookieCommonConfiguration : schema . SessionCookieCommonConfiguration {
Name : "authelia_session" , Domain : exampleDotCom , SameSite : "lax" , Expiration : time . Hour ,
Inactivity : time . Minute , RememberMe : time . Hour * 2 ,
} ,
} ,
} ,
} ,
nil ,
} ,
{
"ShouldNotSetBadDefaultValues" ,
schema . SessionConfiguration {
SessionCookieCommonConfiguration : schema . SessionCookieCommonConfiguration {
SameSite : "BAD VALUE" , Expiration : time . Hour , Inactivity : time . Minute , RememberMe : time . Hour * 2 ,
} ,
Cookies : [ ] schema . SessionCookieConfiguration {
{
SessionCookieCommonConfiguration : schema . SessionCookieCommonConfiguration {
Name : "authelia_session" , Domain : exampleDotCom ,
Expiration : time . Hour , Inactivity : time . Minute , RememberMe : time . Hour * 2 ,
} ,
} ,
} ,
} ,
schema . SessionConfiguration {
SessionCookieCommonConfiguration : schema . SessionCookieCommonConfiguration {
Name : "authelia_session" , SameSite : "BAD VALUE" , Expiration : time . Hour , Inactivity : time . Minute , RememberMe : time . Hour * 2 ,
} ,
Cookies : [ ] schema . SessionCookieConfiguration {
{
SessionCookieCommonConfiguration : schema . SessionCookieCommonConfiguration {
Name : "authelia_session" , Domain : exampleDotCom , SameSite : schema . DefaultSessionConfiguration . SameSite ,
Expiration : time . Hour , Inactivity : time . Minute , RememberMe : time . Hour * 2 ,
} ,
} ,
} ,
} ,
[ ] string {
"session: option 'same_site' must be one of 'none', 'lax', 'strict' but is configured as 'BAD VALUE'" ,
} ,
} ,
{
"ShouldSetDefaultValuesForEachConfig" ,
schema . SessionConfiguration {
SessionCookieCommonConfiguration : schema . SessionCookieCommonConfiguration {
Name : "default_session" , SameSite : "lax" , Expiration : time . Hour , Inactivity : time . Minute ,
RememberMe : schema . RememberMeDisabled ,
} ,
Cookies : [ ] schema . SessionCookieConfiguration {
{
SessionCookieCommonConfiguration : schema . SessionCookieCommonConfiguration {
Domain : exampleDotCom ,
} ,
} ,
{
SessionCookieCommonConfiguration : schema . SessionCookieCommonConfiguration {
Domain : "example2.com" , Name : "authelia_session" , SameSite : "strict" ,
} ,
} ,
} ,
} ,
schema . SessionConfiguration {
SessionCookieCommonConfiguration : schema . SessionCookieCommonConfiguration {
Name : "default_session" , SameSite : "lax" , Expiration : time . Hour , Inactivity : time . Minute ,
RememberMe : schema . RememberMeDisabled , DisableRememberMe : true ,
} ,
Cookies : [ ] schema . SessionCookieConfiguration {
{
SessionCookieCommonConfiguration : schema . SessionCookieCommonConfiguration {
Name : "default_session" , Domain : exampleDotCom , SameSite : "lax" ,
Expiration : time . Hour , Inactivity : time . Minute , RememberMe : schema . RememberMeDisabled , DisableRememberMe : true ,
} ,
} ,
{
SessionCookieCommonConfiguration : schema . SessionCookieCommonConfiguration {
Name : "authelia_session" , Domain : "example2.com" , SameSite : "strict" ,
Expiration : time . Hour , Inactivity : time . Minute , RememberMe : schema . RememberMeDisabled , DisableRememberMe : true ,
} ,
} ,
} ,
} ,
nil ,
} ,
}
validator := schema . NewStructValidator ( )
for _ , tc := range testCases {
t . Run ( tc . name , func ( t * testing . T ) {
validator . Clear ( )
have := tc . have
ValidateSession ( & have , validator )
assert . Len ( t , validator . Warnings ( ) , 0 )
errs := validator . Errors ( )
require . Len ( t , validator . Errors ( ) , len ( tc . errs ) )
for i , err := range errs {
assert . EqualError ( t , err , tc . errs [ i ] )
}
assert . Equal ( t , tc . expected , have )
} )
}
}
2022-03-03 11:20:43 +00:00
func TestShouldSetDefaultSessionValuesWhenNegative ( t * testing . T ) {
2021-04-18 00:02:04 +00:00
validator := schema . NewStructValidator ( )
config := newDefaultSessionConfig ( )
2023-01-12 10:57:44 +00:00
config . Expiration , config . Inactivity , config . RememberMe = - 1 , - 1 , - 2
2022-03-03 11:20:43 +00:00
2021-04-18 00:02:04 +00:00
ValidateSession ( & config , validator )
2022-03-09 22:01:04 +00:00
assert . Len ( t , validator . Warnings ( ) , 0 )
assert . Len ( t , validator . Errors ( ) , 0 )
2022-03-03 11:20:43 +00:00
assert . Equal ( t , schema . DefaultSessionConfiguration . Inactivity , config . Inactivity )
assert . Equal ( t , schema . DefaultSessionConfiguration . Expiration , config . Expiration )
2023-01-12 10:57:44 +00:00
assert . Equal ( t , schema . DefaultSessionConfiguration . RememberMe , config . RememberMe )
2021-04-18 00:02:04 +00:00
}
2022-11-23 23:16:23 +00:00
func TestShouldWarnSessionValuesWhenPotentiallyInvalid ( t * testing . T ) {
validator := schema . NewStructValidator ( )
config := newDefaultSessionConfig ( )
config . Domain = ".example.com"
ValidateSession ( & config , validator )
require . Len ( t , validator . Warnings ( ) , 1 )
assert . Len ( t , validator . Errors ( ) , 0 )
2023-01-12 10:57:44 +00:00
assert . EqualError ( t , validator . Warnings ( ) [ 0 ] , "session: domain config #1 (domain '.example.com'): option 'domain' has a prefix of '.' which is not supported or intended behaviour: you can use this at your own risk but we recommend removing it" )
2022-11-23 23:16:23 +00:00
}
2020-05-18 02:45:47 +00:00
func TestShouldHandleRedisConfigSuccessfully ( t * testing . T ) {
validator := schema . NewStructValidator ( )
config := newDefaultSessionConfig ( )
ValidateSession ( & config , validator )
assert . Len ( t , validator . Errors ( ) , 0 )
validator . Clear ( )
2023-01-12 10:57:44 +00:00
config = newDefaultSessionConfig ( )
2020-05-18 02:45:47 +00:00
// Set redis config because password must be set only when redis is used.
config . Redis = & schema . RedisSessionConfiguration {
Host : "redis.localhost" ,
Port : 6379 ,
Password : "password" ,
}
ValidateSession ( & config , validator )
2023-01-12 10:57:44 +00:00
assert . Len ( t , validator . Warnings ( ) , 0 )
assert . Len ( t , validator . Errors ( ) , 0 )
feat(session): add redis sentinel provider (#1768)
* feat(session): add redis sentinel provider
* refactor(session): use int for ports as per go standards
* refactor(configuration): adjust tests and validation
* refactor(configuration): add err format consts
* refactor(configuration): explicitly map redis structs
* refactor(session): merge redis/redis sentinel providers
* refactor(session): add additional checks to redis providers
* feat(session): add redis cluster provider
* fix: update config for new values
* fix: provide nil certpool to affected tests/mocks
* test: add additional tests to cover uncovered code
* docs: expand explanation of host and nodes relation for redis
* ci: add redis-sentinel to suite highavailability, add redis-sentinel quorum
* fix(session): sentinel password
* test: use redis alpine library image for redis sentinel, use expose instead of ports, use redis ip, adjust redis ip range, adjust redis config
* test: make entrypoint.sh executable, fix entrypoint.sh if/elif
* test: add redis failover tests
* test: defer docker start, adjust sleep, attempt logout before login, attempt visit before login and tune timeouts, add additional logging
* test: add sentinel integration test
* test: add secondary node failure to tests, fix password usage, bump test timeout, add sleep
* feat: use sentinel failover cluster
* fix: renamed addrs to sentineladdrs upstream
* test(session): sentinel failover
* test: add redis standard back into testing
* test: move redis standalone test to traefik2
* fix/docs: apply suggestions from code review
2021-03-09 23:03:05 +00:00
assert . Equal ( t , 8 , config . Redis . MaximumActiveConnections )
}
func TestShouldRaiseErrorWithInvalidRedisPortLow ( t * testing . T ) {
validator := schema . NewStructValidator ( )
config := newDefaultSessionConfig ( )
config . Redis = & schema . RedisSessionConfiguration {
Host : "authelia-port-1" ,
Port : - 1 ,
}
ValidateSession ( & config , validator )
2023-01-12 10:57:44 +00:00
require . Len ( t , validator . Warnings ( ) , 0 )
feat(session): add redis sentinel provider (#1768)
* feat(session): add redis sentinel provider
* refactor(session): use int for ports as per go standards
* refactor(configuration): adjust tests and validation
* refactor(configuration): add err format consts
* refactor(configuration): explicitly map redis structs
* refactor(session): merge redis/redis sentinel providers
* refactor(session): add additional checks to redis providers
* feat(session): add redis cluster provider
* fix: update config for new values
* fix: provide nil certpool to affected tests/mocks
* test: add additional tests to cover uncovered code
* docs: expand explanation of host and nodes relation for redis
* ci: add redis-sentinel to suite highavailability, add redis-sentinel quorum
* fix(session): sentinel password
* test: use redis alpine library image for redis sentinel, use expose instead of ports, use redis ip, adjust redis ip range, adjust redis config
* test: make entrypoint.sh executable, fix entrypoint.sh if/elif
* test: add redis failover tests
* test: defer docker start, adjust sleep, attempt logout before login, attempt visit before login and tune timeouts, add additional logging
* test: add sentinel integration test
* test: add secondary node failure to tests, fix password usage, bump test timeout, add sleep
* feat: use sentinel failover cluster
* fix: renamed addrs to sentineladdrs upstream
* test(session): sentinel failover
* test: add redis standard back into testing
* test: move redis standalone test to traefik2
* fix/docs: apply suggestions from code review
2021-03-09 23:03:05 +00:00
require . Len ( t , validator . Errors ( ) , 1 )
2022-02-28 03:15:01 +00:00
assert . EqualError ( t , validator . Errors ( ) [ 0 ] , fmt . Sprintf ( errFmtSessionRedisPortRange , - 1 ) )
2020-05-18 02:45:47 +00:00
}
feat(session): add redis sentinel provider (#1768)
* feat(session): add redis sentinel provider
* refactor(session): use int for ports as per go standards
* refactor(configuration): adjust tests and validation
* refactor(configuration): add err format consts
* refactor(configuration): explicitly map redis structs
* refactor(session): merge redis/redis sentinel providers
* refactor(session): add additional checks to redis providers
* feat(session): add redis cluster provider
* fix: update config for new values
* fix: provide nil certpool to affected tests/mocks
* test: add additional tests to cover uncovered code
* docs: expand explanation of host and nodes relation for redis
* ci: add redis-sentinel to suite highavailability, add redis-sentinel quorum
* fix(session): sentinel password
* test: use redis alpine library image for redis sentinel, use expose instead of ports, use redis ip, adjust redis ip range, adjust redis config
* test: make entrypoint.sh executable, fix entrypoint.sh if/elif
* test: add redis failover tests
* test: defer docker start, adjust sleep, attempt logout before login, attempt visit before login and tune timeouts, add additional logging
* test: add sentinel integration test
* test: add secondary node failure to tests, fix password usage, bump test timeout, add sleep
* feat: use sentinel failover cluster
* fix: renamed addrs to sentineladdrs upstream
* test(session): sentinel failover
* test: add redis standard back into testing
* test: move redis standalone test to traefik2
* fix/docs: apply suggestions from code review
2021-03-09 23:03:05 +00:00
func TestShouldRaiseErrorWithInvalidRedisPortHigh ( t * testing . T ) {
validator := schema . NewStructValidator ( )
config := newDefaultSessionConfig ( )
config . Redis = & schema . RedisSessionConfiguration {
Host : "authelia-port-1" ,
Port : 65536 ,
}
ValidateSession ( & config , validator )
assert . False ( t , validator . HasWarnings ( ) )
require . Len ( t , validator . Errors ( ) , 1 )
2022-02-28 03:15:01 +00:00
assert . EqualError ( t , validator . Errors ( ) [ 0 ] , fmt . Sprintf ( errFmtSessionRedisPortRange , 65536 ) )
feat(session): add redis sentinel provider (#1768)
* feat(session): add redis sentinel provider
* refactor(session): use int for ports as per go standards
* refactor(configuration): adjust tests and validation
* refactor(configuration): add err format consts
* refactor(configuration): explicitly map redis structs
* refactor(session): merge redis/redis sentinel providers
* refactor(session): add additional checks to redis providers
* feat(session): add redis cluster provider
* fix: update config for new values
* fix: provide nil certpool to affected tests/mocks
* test: add additional tests to cover uncovered code
* docs: expand explanation of host and nodes relation for redis
* ci: add redis-sentinel to suite highavailability, add redis-sentinel quorum
* fix(session): sentinel password
* test: use redis alpine library image for redis sentinel, use expose instead of ports, use redis ip, adjust redis ip range, adjust redis config
* test: make entrypoint.sh executable, fix entrypoint.sh if/elif
* test: add redis failover tests
* test: defer docker start, adjust sleep, attempt logout before login, attempt visit before login and tune timeouts, add additional logging
* test: add sentinel integration test
* test: add secondary node failure to tests, fix password usage, bump test timeout, add sleep
* feat: use sentinel failover cluster
* fix: renamed addrs to sentineladdrs upstream
* test(session): sentinel failover
* test: add redis standard back into testing
* test: move redis standalone test to traefik2
* fix/docs: apply suggestions from code review
2021-03-09 23:03:05 +00:00
}
func TestShouldRaiseErrorWhenRedisIsUsedAndSecretNotSet ( t * testing . T ) {
2019-04-24 21:52:08 +00:00
validator := schema . NewStructValidator ( )
config := newDefaultSessionConfig ( )
config . Secret = ""
ValidateSession ( & config , validator )
2020-03-28 06:10:39 +00:00
assert . Len ( t , validator . Errors ( ) , 0 )
validator . Clear ( )
2023-01-12 10:57:44 +00:00
config = newDefaultSessionConfig ( )
config . Secret = ""
2020-03-28 06:10:39 +00:00
// Set redis config because password must be set only when redis is used.
2020-05-18 02:45:47 +00:00
config . Redis = & schema . RedisSessionConfiguration {
Host : "redis.localhost" ,
Port : 6379 ,
}
2020-03-28 06:10:39 +00:00
ValidateSession ( & config , validator )
feat(session): add redis sentinel provider (#1768)
* feat(session): add redis sentinel provider
* refactor(session): use int for ports as per go standards
* refactor(configuration): adjust tests and validation
* refactor(configuration): add err format consts
* refactor(configuration): explicitly map redis structs
* refactor(session): merge redis/redis sentinel providers
* refactor(session): add additional checks to redis providers
* feat(session): add redis cluster provider
* fix: update config for new values
* fix: provide nil certpool to affected tests/mocks
* test: add additional tests to cover uncovered code
* docs: expand explanation of host and nodes relation for redis
* ci: add redis-sentinel to suite highavailability, add redis-sentinel quorum
* fix(session): sentinel password
* test: use redis alpine library image for redis sentinel, use expose instead of ports, use redis ip, adjust redis ip range, adjust redis config
* test: make entrypoint.sh executable, fix entrypoint.sh if/elif
* test: add redis failover tests
* test: defer docker start, adjust sleep, attempt logout before login, attempt visit before login and tune timeouts, add additional logging
* test: add sentinel integration test
* test: add secondary node failure to tests, fix password usage, bump test timeout, add sleep
* feat: use sentinel failover cluster
* fix: renamed addrs to sentineladdrs upstream
* test(session): sentinel failover
* test: add redis standard back into testing
* test: move redis standalone test to traefik2
* fix/docs: apply suggestions from code review
2021-03-09 23:03:05 +00:00
assert . False ( t , validator . HasWarnings ( ) )
2019-04-24 21:52:08 +00:00
assert . Len ( t , validator . Errors ( ) , 1 )
2022-02-28 03:15:01 +00:00
assert . EqualError ( t , validator . Errors ( ) [ 0 ] , fmt . Sprintf ( errFmtSessionSecretRequired , "redis" ) )
2019-04-24 21:52:08 +00:00
}
2020-05-18 02:45:47 +00:00
func TestShouldRaiseErrorWhenRedisHasHostnameButNoPort ( t * testing . T ) {
validator := schema . NewStructValidator ( )
config := newDefaultSessionConfig ( )
ValidateSession ( & config , validator )
assert . Len ( t , validator . Errors ( ) , 0 )
validator . Clear ( )
2023-01-12 10:57:44 +00:00
config = newDefaultSessionConfig ( )
2020-05-18 02:45:47 +00:00
// Set redis config because password must be set only when redis is used.
config . Redis = & schema . RedisSessionConfiguration {
Host : "redis.localhost" ,
Port : 0 ,
}
ValidateSession ( & config , validator )
feat(session): add redis sentinel provider (#1768)
* feat(session): add redis sentinel provider
* refactor(session): use int for ports as per go standards
* refactor(configuration): adjust tests and validation
* refactor(configuration): add err format consts
* refactor(configuration): explicitly map redis structs
* refactor(session): merge redis/redis sentinel providers
* refactor(session): add additional checks to redis providers
* feat(session): add redis cluster provider
* fix: update config for new values
* fix: provide nil certpool to affected tests/mocks
* test: add additional tests to cover uncovered code
* docs: expand explanation of host and nodes relation for redis
* ci: add redis-sentinel to suite highavailability, add redis-sentinel quorum
* fix(session): sentinel password
* test: use redis alpine library image for redis sentinel, use expose instead of ports, use redis ip, adjust redis ip range, adjust redis config
* test: make entrypoint.sh executable, fix entrypoint.sh if/elif
* test: add redis failover tests
* test: defer docker start, adjust sleep, attempt logout before login, attempt visit before login and tune timeouts, add additional logging
* test: add sentinel integration test
* test: add secondary node failure to tests, fix password usage, bump test timeout, add sleep
* feat: use sentinel failover cluster
* fix: renamed addrs to sentineladdrs upstream
* test(session): sentinel failover
* test: add redis standard back into testing
* test: move redis standalone test to traefik2
* fix/docs: apply suggestions from code review
2021-03-09 23:03:05 +00:00
assert . False ( t , validator . HasWarnings ( ) )
2020-05-18 02:45:47 +00:00
assert . Len ( t , validator . Errors ( ) , 1 )
2022-10-22 05:41:27 +00:00
assert . EqualError ( t , validator . Errors ( ) [ 0 ] , "session: redis: option 'port' must be between 1 and 65535 but is configured as '0'" )
2020-05-18 02:45:47 +00:00
}
feat(session): add redis sentinel provider (#1768)
* feat(session): add redis sentinel provider
* refactor(session): use int for ports as per go standards
* refactor(configuration): adjust tests and validation
* refactor(configuration): add err format consts
* refactor(configuration): explicitly map redis structs
* refactor(session): merge redis/redis sentinel providers
* refactor(session): add additional checks to redis providers
* feat(session): add redis cluster provider
* fix: update config for new values
* fix: provide nil certpool to affected tests/mocks
* test: add additional tests to cover uncovered code
* docs: expand explanation of host and nodes relation for redis
* ci: add redis-sentinel to suite highavailability, add redis-sentinel quorum
* fix(session): sentinel password
* test: use redis alpine library image for redis sentinel, use expose instead of ports, use redis ip, adjust redis ip range, adjust redis config
* test: make entrypoint.sh executable, fix entrypoint.sh if/elif
* test: add redis failover tests
* test: defer docker start, adjust sleep, attempt logout before login, attempt visit before login and tune timeouts, add additional logging
* test: add sentinel integration test
* test: add secondary node failure to tests, fix password usage, bump test timeout, add sleep
* feat: use sentinel failover cluster
* fix: renamed addrs to sentineladdrs upstream
* test(session): sentinel failover
* test: add redis standard back into testing
* test: move redis standalone test to traefik2
* fix/docs: apply suggestions from code review
2021-03-09 23:03:05 +00:00
func TestShouldRaiseOneErrorWhenRedisHighAvailabilityHasNodesWithNoHost ( t * testing . T ) {
validator := schema . NewStructValidator ( )
config := newDefaultSessionConfig ( )
config . Redis = & schema . RedisSessionConfiguration {
Host : "redis" ,
Port : 6379 ,
HighAvailability : & schema . RedisHighAvailabilityConfiguration {
SentinelName : "authelia-sentinel" ,
SentinelPassword : "abc123" ,
Nodes : [ ] schema . RedisNode {
{
Port : 26379 ,
} ,
{
Port : 26379 ,
} ,
} ,
} ,
}
ValidateSession ( & config , validator )
errors := validator . Errors ( )
assert . False ( t , validator . HasWarnings ( ) )
require . Len ( t , errors , 1 )
2022-02-28 03:15:01 +00:00
assert . EqualError ( t , errors [ 0 ] , "session: redis: high_availability: option 'nodes': option 'host' is required for each node but one or more nodes are missing this" )
feat(session): add redis sentinel provider (#1768)
* feat(session): add redis sentinel provider
* refactor(session): use int for ports as per go standards
* refactor(configuration): adjust tests and validation
* refactor(configuration): add err format consts
* refactor(configuration): explicitly map redis structs
* refactor(session): merge redis/redis sentinel providers
* refactor(session): add additional checks to redis providers
* feat(session): add redis cluster provider
* fix: update config for new values
* fix: provide nil certpool to affected tests/mocks
* test: add additional tests to cover uncovered code
* docs: expand explanation of host and nodes relation for redis
* ci: add redis-sentinel to suite highavailability, add redis-sentinel quorum
* fix(session): sentinel password
* test: use redis alpine library image for redis sentinel, use expose instead of ports, use redis ip, adjust redis ip range, adjust redis config
* test: make entrypoint.sh executable, fix entrypoint.sh if/elif
* test: add redis failover tests
* test: defer docker start, adjust sleep, attempt logout before login, attempt visit before login and tune timeouts, add additional logging
* test: add sentinel integration test
* test: add secondary node failure to tests, fix password usage, bump test timeout, add sleep
* feat: use sentinel failover cluster
* fix: renamed addrs to sentineladdrs upstream
* test(session): sentinel failover
* test: add redis standard back into testing
* test: move redis standalone test to traefik2
* fix/docs: apply suggestions from code review
2021-03-09 23:03:05 +00:00
}
func TestShouldRaiseOneErrorWhenRedisHighAvailabilityDoesNotHaveSentinelName ( t * testing . T ) {
validator := schema . NewStructValidator ( )
config := newDefaultSessionConfig ( )
config . Redis = & schema . RedisSessionConfiguration {
Host : "redis" ,
Port : 6379 ,
HighAvailability : & schema . RedisHighAvailabilityConfiguration {
SentinelPassword : "abc123" ,
} ,
}
ValidateSession ( & config , validator )
errors := validator . Errors ( )
assert . False ( t , validator . HasWarnings ( ) )
require . Len ( t , errors , 1 )
2022-02-28 03:15:01 +00:00
assert . EqualError ( t , errors [ 0 ] , "session: redis: high_availability: option 'sentinel_name' is required" )
feat(session): add redis sentinel provider (#1768)
* feat(session): add redis sentinel provider
* refactor(session): use int for ports as per go standards
* refactor(configuration): adjust tests and validation
* refactor(configuration): add err format consts
* refactor(configuration): explicitly map redis structs
* refactor(session): merge redis/redis sentinel providers
* refactor(session): add additional checks to redis providers
* feat(session): add redis cluster provider
* fix: update config for new values
* fix: provide nil certpool to affected tests/mocks
* test: add additional tests to cover uncovered code
* docs: expand explanation of host and nodes relation for redis
* ci: add redis-sentinel to suite highavailability, add redis-sentinel quorum
* fix(session): sentinel password
* test: use redis alpine library image for redis sentinel, use expose instead of ports, use redis ip, adjust redis ip range, adjust redis config
* test: make entrypoint.sh executable, fix entrypoint.sh if/elif
* test: add redis failover tests
* test: defer docker start, adjust sleep, attempt logout before login, attempt visit before login and tune timeouts, add additional logging
* test: add sentinel integration test
* test: add secondary node failure to tests, fix password usage, bump test timeout, add sleep
* feat: use sentinel failover cluster
* fix: renamed addrs to sentineladdrs upstream
* test(session): sentinel failover
* test: add redis standard back into testing
* test: move redis standalone test to traefik2
* fix/docs: apply suggestions from code review
2021-03-09 23:03:05 +00:00
}
func TestShouldUpdateDefaultPortWhenRedisSentinelHasNodes ( t * testing . T ) {
validator := schema . NewStructValidator ( )
config := newDefaultSessionConfig ( )
config . Redis = & schema . RedisSessionConfiguration {
Host : "redis" ,
Port : 6379 ,
HighAvailability : & schema . RedisHighAvailabilityConfiguration {
SentinelName : "authelia-sentinel" ,
SentinelPassword : "abc123" ,
Nodes : [ ] schema . RedisNode {
{
Host : "node-1" ,
Port : 333 ,
} ,
{
Host : "node-2" ,
} ,
{
Host : "node-3" ,
} ,
} ,
} ,
}
ValidateSession ( & config , validator )
assert . False ( t , validator . HasWarnings ( ) )
assert . False ( t , validator . HasErrors ( ) )
assert . Equal ( t , 333 , config . Redis . HighAvailability . Nodes [ 0 ] . Port )
assert . Equal ( t , 26379 , config . Redis . HighAvailability . Nodes [ 1 ] . Port )
assert . Equal ( t , 26379 , config . Redis . HighAvailability . Nodes [ 2 ] . Port )
}
func TestShouldRaiseErrorsWhenRedisSentinelOptionsIncorrectlyConfigured ( t * testing . T ) {
validator := schema . NewStructValidator ( )
config := newDefaultSessionConfig ( )
config . Secret = ""
config . Redis = & schema . RedisSessionConfiguration {
Port : 65536 ,
HighAvailability : & schema . RedisHighAvailabilityConfiguration {
SentinelName : "sentinel" ,
SentinelPassword : "abc123" ,
Nodes : [ ] schema . RedisNode {
{
Host : "node1" ,
Port : 26379 ,
} ,
} ,
RouteByLatency : true ,
RouteRandomly : true ,
} ,
}
ValidateSession ( & config , validator )
errors := validator . Errors ( )
assert . False ( t , validator . HasWarnings ( ) )
require . Len ( t , errors , 2 )
2022-02-28 03:15:01 +00:00
assert . EqualError ( t , errors [ 0 ] , fmt . Sprintf ( errFmtSessionRedisPortRange , 65536 ) )
assert . EqualError ( t , errors [ 1 ] , fmt . Sprintf ( errFmtSessionSecretRequired , "redis" ) )
feat(session): add redis sentinel provider (#1768)
* feat(session): add redis sentinel provider
* refactor(session): use int for ports as per go standards
* refactor(configuration): adjust tests and validation
* refactor(configuration): add err format consts
* refactor(configuration): explicitly map redis structs
* refactor(session): merge redis/redis sentinel providers
* refactor(session): add additional checks to redis providers
* feat(session): add redis cluster provider
* fix: update config for new values
* fix: provide nil certpool to affected tests/mocks
* test: add additional tests to cover uncovered code
* docs: expand explanation of host and nodes relation for redis
* ci: add redis-sentinel to suite highavailability, add redis-sentinel quorum
* fix(session): sentinel password
* test: use redis alpine library image for redis sentinel, use expose instead of ports, use redis ip, adjust redis ip range, adjust redis config
* test: make entrypoint.sh executable, fix entrypoint.sh if/elif
* test: add redis failover tests
* test: defer docker start, adjust sleep, attempt logout before login, attempt visit before login and tune timeouts, add additional logging
* test: add sentinel integration test
* test: add secondary node failure to tests, fix password usage, bump test timeout, add sleep
* feat: use sentinel failover cluster
* fix: renamed addrs to sentineladdrs upstream
* test(session): sentinel failover
* test: add redis standard back into testing
* test: move redis standalone test to traefik2
* fix/docs: apply suggestions from code review
2021-03-09 23:03:05 +00:00
validator . Clear ( )
2023-01-12 10:57:44 +00:00
config = newDefaultSessionConfig ( )
config . Secret = ""
config . Redis = & schema . RedisSessionConfiguration {
Port : - 1 ,
HighAvailability : & schema . RedisHighAvailabilityConfiguration {
SentinelName : "sentinel" ,
SentinelPassword : "abc123" ,
Nodes : [ ] schema . RedisNode {
{
Host : "node1" ,
Port : 26379 ,
} ,
} ,
RouteByLatency : true ,
RouteRandomly : true ,
} ,
}
feat(session): add redis sentinel provider (#1768)
* feat(session): add redis sentinel provider
* refactor(session): use int for ports as per go standards
* refactor(configuration): adjust tests and validation
* refactor(configuration): add err format consts
* refactor(configuration): explicitly map redis structs
* refactor(session): merge redis/redis sentinel providers
* refactor(session): add additional checks to redis providers
* feat(session): add redis cluster provider
* fix: update config for new values
* fix: provide nil certpool to affected tests/mocks
* test: add additional tests to cover uncovered code
* docs: expand explanation of host and nodes relation for redis
* ci: add redis-sentinel to suite highavailability, add redis-sentinel quorum
* fix(session): sentinel password
* test: use redis alpine library image for redis sentinel, use expose instead of ports, use redis ip, adjust redis ip range, adjust redis config
* test: make entrypoint.sh executable, fix entrypoint.sh if/elif
* test: add redis failover tests
* test: defer docker start, adjust sleep, attempt logout before login, attempt visit before login and tune timeouts, add additional logging
* test: add sentinel integration test
* test: add secondary node failure to tests, fix password usage, bump test timeout, add sleep
* feat: use sentinel failover cluster
* fix: renamed addrs to sentineladdrs upstream
* test(session): sentinel failover
* test: add redis standard back into testing
* test: move redis standalone test to traefik2
* fix/docs: apply suggestions from code review
2021-03-09 23:03:05 +00:00
ValidateSession ( & config , validator )
errors = validator . Errors ( )
assert . False ( t , validator . HasWarnings ( ) )
require . Len ( t , errors , 2 )
2022-02-28 03:15:01 +00:00
assert . EqualError ( t , errors [ 0 ] , fmt . Sprintf ( errFmtSessionRedisPortRange , - 1 ) )
assert . EqualError ( t , errors [ 1 ] , fmt . Sprintf ( errFmtSessionSecretRequired , "redis" ) )
feat(session): add redis sentinel provider (#1768)
* feat(session): add redis sentinel provider
* refactor(session): use int for ports as per go standards
* refactor(configuration): adjust tests and validation
* refactor(configuration): add err format consts
* refactor(configuration): explicitly map redis structs
* refactor(session): merge redis/redis sentinel providers
* refactor(session): add additional checks to redis providers
* feat(session): add redis cluster provider
* fix: update config for new values
* fix: provide nil certpool to affected tests/mocks
* test: add additional tests to cover uncovered code
* docs: expand explanation of host and nodes relation for redis
* ci: add redis-sentinel to suite highavailability, add redis-sentinel quorum
* fix(session): sentinel password
* test: use redis alpine library image for redis sentinel, use expose instead of ports, use redis ip, adjust redis ip range, adjust redis config
* test: make entrypoint.sh executable, fix entrypoint.sh if/elif
* test: add redis failover tests
* test: defer docker start, adjust sleep, attempt logout before login, attempt visit before login and tune timeouts, add additional logging
* test: add sentinel integration test
* test: add secondary node failure to tests, fix password usage, bump test timeout, add sleep
* feat: use sentinel failover cluster
* fix: renamed addrs to sentineladdrs upstream
* test(session): sentinel failover
* test: add redis standard back into testing
* test: move redis standalone test to traefik2
* fix/docs: apply suggestions from code review
2021-03-09 23:03:05 +00:00
}
func TestShouldNotRaiseErrorsAndSetDefaultPortWhenRedisSentinelPortBlank ( t * testing . T ) {
validator := schema . NewStructValidator ( )
config := newDefaultSessionConfig ( )
config . Redis = & schema . RedisSessionConfiguration {
Host : "mysentinelHost" ,
Port : 0 ,
HighAvailability : & schema . RedisHighAvailabilityConfiguration {
SentinelName : "sentinel" ,
SentinelPassword : "abc123" ,
Nodes : [ ] schema . RedisNode {
{
Host : "node1" ,
Port : 26379 ,
} ,
} ,
RouteByLatency : true ,
RouteRandomly : true ,
} ,
}
ValidateSession ( & config , validator )
assert . False ( t , validator . HasWarnings ( ) )
assert . False ( t , validator . HasErrors ( ) )
assert . Equal ( t , 26379 , config . Redis . Port )
}
func TestShouldRaiseErrorWhenRedisHostAndHighAvailabilityNodesEmpty ( t * testing . T ) {
validator := schema . NewStructValidator ( )
config := newDefaultSessionConfig ( )
config . Redis = & schema . RedisSessionConfiguration {
Port : 26379 ,
HighAvailability : & schema . RedisHighAvailabilityConfiguration {
SentinelName : "sentinel" ,
SentinelPassword : "abc123" ,
RouteByLatency : true ,
RouteRandomly : true ,
} ,
}
ValidateSession ( & config , validator )
assert . False ( t , validator . HasWarnings ( ) )
require . Len ( t , validator . Errors ( ) , 1 )
2022-02-28 03:15:01 +00:00
assert . EqualError ( t , validator . Errors ( ) [ 0 ] , errFmtSessionRedisHostOrNodesRequired )
feat(session): add redis sentinel provider (#1768)
* feat(session): add redis sentinel provider
* refactor(session): use int for ports as per go standards
* refactor(configuration): adjust tests and validation
* refactor(configuration): add err format consts
* refactor(configuration): explicitly map redis structs
* refactor(session): merge redis/redis sentinel providers
* refactor(session): add additional checks to redis providers
* feat(session): add redis cluster provider
* fix: update config for new values
* fix: provide nil certpool to affected tests/mocks
* test: add additional tests to cover uncovered code
* docs: expand explanation of host and nodes relation for redis
* ci: add redis-sentinel to suite highavailability, add redis-sentinel quorum
* fix(session): sentinel password
* test: use redis alpine library image for redis sentinel, use expose instead of ports, use redis ip, adjust redis ip range, adjust redis config
* test: make entrypoint.sh executable, fix entrypoint.sh if/elif
* test: add redis failover tests
* test: defer docker start, adjust sleep, attempt logout before login, attempt visit before login and tune timeouts, add additional logging
* test: add sentinel integration test
* test: add secondary node failure to tests, fix password usage, bump test timeout, add sleep
* feat: use sentinel failover cluster
* fix: renamed addrs to sentineladdrs upstream
* test(session): sentinel failover
* test: add redis standard back into testing
* test: move redis standalone test to traefik2
* fix/docs: apply suggestions from code review
2021-03-09 23:03:05 +00:00
}
func TestShouldRaiseErrorsWhenRedisHostNotSet ( t * testing . T ) {
validator := schema . NewStructValidator ( )
config := newDefaultSessionConfig ( )
config . Redis = & schema . RedisSessionConfiguration {
Port : 6379 ,
}
ValidateSession ( & config , validator )
errors := validator . Errors ( )
assert . False ( t , validator . HasWarnings ( ) )
require . Len ( t , errors , 1 )
2022-02-28 03:15:01 +00:00
assert . EqualError ( t , errors [ 0 ] , errFmtSessionRedisHostRequired )
feat(session): add redis sentinel provider (#1768)
* feat(session): add redis sentinel provider
* refactor(session): use int for ports as per go standards
* refactor(configuration): adjust tests and validation
* refactor(configuration): add err format consts
* refactor(configuration): explicitly map redis structs
* refactor(session): merge redis/redis sentinel providers
* refactor(session): add additional checks to redis providers
* feat(session): add redis cluster provider
* fix: update config for new values
* fix: provide nil certpool to affected tests/mocks
* test: add additional tests to cover uncovered code
* docs: expand explanation of host and nodes relation for redis
* ci: add redis-sentinel to suite highavailability, add redis-sentinel quorum
* fix(session): sentinel password
* test: use redis alpine library image for redis sentinel, use expose instead of ports, use redis ip, adjust redis ip range, adjust redis config
* test: make entrypoint.sh executable, fix entrypoint.sh if/elif
* test: add redis failover tests
* test: defer docker start, adjust sleep, attempt logout before login, attempt visit before login and tune timeouts, add additional logging
* test: add sentinel integration test
* test: add secondary node failure to tests, fix password usage, bump test timeout, add sleep
* feat: use sentinel failover cluster
* fix: renamed addrs to sentineladdrs upstream
* test(session): sentinel failover
* test: add redis standard back into testing
* test: move redis standalone test to traefik2
* fix/docs: apply suggestions from code review
2021-03-09 23:03:05 +00:00
}
2022-10-21 08:41:33 +00:00
func TestShouldSetDefaultRedisTLSOptions ( t * testing . T ) {
validator := schema . NewStructValidator ( )
config := newDefaultSessionConfig ( )
config . Redis = & schema . RedisSessionConfiguration {
Host : "redis.local" ,
Port : 6379 ,
TLS : & schema . TLSConfig { } ,
}
ValidateSession ( & config , validator )
assert . Len ( t , validator . Warnings ( ) , 0 )
assert . Len ( t , validator . Errors ( ) , 0 )
assert . Equal ( t , uint16 ( tls . VersionTLS12 ) , config . Redis . TLS . MinimumVersion . Value )
assert . Equal ( t , uint16 ( 0 ) , config . Redis . TLS . MaximumVersion . Value )
assert . Equal ( t , "redis.local" , config . Redis . TLS . ServerName )
}
func TestShouldRaiseErrorOnBadRedisTLSOptionsSSL30 ( t * testing . T ) {
validator := schema . NewStructValidator ( )
config := newDefaultSessionConfig ( )
config . Redis = & schema . RedisSessionConfiguration {
Host : "redis.local" ,
Port : 6379 ,
TLS : & schema . TLSConfig {
MinimumVersion : schema . TLSVersion { Value : tls . VersionSSL30 } , //nolint:staticcheck
} ,
}
ValidateSession ( & config , validator )
assert . Len ( t , validator . Warnings ( ) , 0 )
require . Len ( t , validator . Errors ( ) , 1 )
assert . EqualError ( t , validator . Errors ( ) [ 0 ] , "session: redis: tls: option 'minimum_version' is invalid: minimum version is TLS1.0 but SSL3.0 was configured" )
}
func TestShouldRaiseErrorOnBadRedisTLSOptionsMinVerGreaterThanMax ( t * testing . T ) {
validator := schema . NewStructValidator ( )
config := newDefaultSessionConfig ( )
config . Redis = & schema . RedisSessionConfiguration {
Host : "redis.local" ,
Port : 6379 ,
TLS : & schema . TLSConfig {
MinimumVersion : schema . TLSVersion { Value : tls . VersionTLS13 } ,
MaximumVersion : schema . TLSVersion { Value : tls . VersionTLS10 } ,
} ,
}
ValidateSession ( & config , validator )
assert . Len ( t , validator . Warnings ( ) , 0 )
require . Len ( t , validator . Errors ( ) , 1 )
assert . EqualError ( t , validator . Errors ( ) [ 0 ] , "session: redis: tls: option combination of 'minimum_version' and 'maximum_version' is invalid: minimum version TLS1.3 is greater than the maximum version TLS1.0" )
}
2023-01-12 10:57:44 +00:00
func TestShouldRaiseErrorWhenHaveDuplicatedDomainName ( t * testing . T ) {
validator := schema . NewStructValidator ( )
config := newDefaultSessionConfig ( )
config . Domain = ""
config . Cookies = append ( config . Cookies , schema . SessionCookieConfiguration {
SessionCookieCommonConfiguration : schema . SessionCookieCommonConfiguration {
Domain : exampleDotCom ,
} ,
AutheliaURL : MustParseURL ( "https://login.example.com" ) ,
} )
config . Cookies = append ( config . Cookies , schema . SessionCookieConfiguration {
SessionCookieCommonConfiguration : schema . SessionCookieCommonConfiguration {
Domain : exampleDotCom ,
} ,
AutheliaURL : MustParseURL ( "https://login.example.com" ) ,
} )
ValidateSession ( & config , validator )
assert . False ( t , validator . HasWarnings ( ) )
assert . Len ( t , validator . Errors ( ) , 1 )
assert . EqualError ( t , validator . Errors ( ) [ 0 ] , fmt . Sprintf ( errFmtSessionDomainDuplicate , sessionDomainDescriptor ( 1 , schema . SessionCookieConfiguration { SessionCookieCommonConfiguration : schema . SessionCookieCommonConfiguration { Domain : exampleDotCom } } ) ) )
}
func TestShouldRaiseErrorWhenSubdomainConflicts ( t * testing . T ) {
validator := schema . NewStructValidator ( )
config := newDefaultSessionConfig ( )
config . Domain = ""
config . Cookies = append ( config . Cookies , schema . SessionCookieConfiguration {
SessionCookieCommonConfiguration : schema . SessionCookieCommonConfiguration {
Domain : exampleDotCom ,
} ,
AutheliaURL : MustParseURL ( "https://login.example.com" ) ,
} )
config . Cookies = append ( config . Cookies , schema . SessionCookieConfiguration {
SessionCookieCommonConfiguration : schema . SessionCookieCommonConfiguration {
Domain : "internal.example.com" ,
} ,
AutheliaURL : MustParseURL ( "https://login.internal.example.com" ) ,
} )
ValidateSession ( & config , validator )
feat(session): add redis sentinel provider (#1768)
* feat(session): add redis sentinel provider
* refactor(session): use int for ports as per go standards
* refactor(configuration): adjust tests and validation
* refactor(configuration): add err format consts
* refactor(configuration): explicitly map redis structs
* refactor(session): merge redis/redis sentinel providers
* refactor(session): add additional checks to redis providers
* feat(session): add redis cluster provider
* fix: update config for new values
* fix: provide nil certpool to affected tests/mocks
* test: add additional tests to cover uncovered code
* docs: expand explanation of host and nodes relation for redis
* ci: add redis-sentinel to suite highavailability, add redis-sentinel quorum
* fix(session): sentinel password
* test: use redis alpine library image for redis sentinel, use expose instead of ports, use redis ip, adjust redis ip range, adjust redis config
* test: make entrypoint.sh executable, fix entrypoint.sh if/elif
* test: add redis failover tests
* test: defer docker start, adjust sleep, attempt logout before login, attempt visit before login and tune timeouts, add additional logging
* test: add sentinel integration test
* test: add secondary node failure to tests, fix password usage, bump test timeout, add sleep
* feat: use sentinel failover cluster
* fix: renamed addrs to sentineladdrs upstream
* test(session): sentinel failover
* test: add redis standard back into testing
* test: move redis standalone test to traefik2
* fix/docs: apply suggestions from code review
2021-03-09 23:03:05 +00:00
assert . False ( t , validator . HasWarnings ( ) )
2020-06-07 15:47:02 +00:00
assert . Len ( t , validator . Errors ( ) , 1 )
2023-01-12 10:57:44 +00:00
assert . EqualError ( t , validator . Errors ( ) [ 0 ] , "session: domain config #2 (domain 'internal.example.com'): option 'domain' shares the same cookie domain scope as another configured session domain" )
}
func TestShouldRaiseErrorWhenDomainIsInvalid ( t * testing . T ) {
testCases := [ ] struct {
name string
have string
2023-02-02 05:34:49 +00:00
warnings [ ] string
2023-01-12 10:57:44 +00:00
expected [ ] string
} {
2023-02-02 05:34:49 +00:00
{ "ShouldNotRaiseErrorOnValidDomain" , exampleDotCom , nil , nil } ,
{ "ShouldRaiseErrorOnMissingDomain" , "" , nil , [ ] string { "session: domain config #1 (domain ''): option 'domain' is required" } } ,
{ "ShouldRaiseErrorOnDomainWithInvalidChars" , "example!.com" , nil , [ ] string { "session: domain config #1 (domain 'example!.com'): option 'domain' is not a valid cookie domain" } } ,
{ "ShouldRaiseErrorOnDomainWithoutDots" , "localhost" , nil , [ ] string { "session: domain config #1 (domain 'localhost'): option 'domain' is not a valid cookie domain: must have at least a single period" } } ,
{ "ShouldRaiseErrorOnPublicDomainDuckDNS" , "duckdns.org" , nil , [ ] string { "session: domain config #1 (domain 'duckdns.org'): option 'domain' is not a valid cookie domain: the domain is part of the special public suffix list" } } ,
{ "ShouldNotRaiseErrorOnSuffixOfPublicDomainDuckDNS" , "example.duckdns.org" , nil , nil } ,
{ "ShouldRaiseWarningOnDomainWithLeadingDot" , ".example.com" , [ ] string { "session: domain config #1 (domain '.example.com'): option 'domain' has a prefix of '.' which is not supported or intended behaviour: you can use this at your own risk but we recommend removing it" } , nil } ,
{ "ShouldRaiseErrorOnDomainWithLeadingStarDot" , "*.example.com" , nil , [ ] string { "session: domain config #1 (domain '*.example.com'): option 'domain' must be the domain you wish to protect not a wildcard domain but it is configured as '*.example.com'" } } ,
{ "ShouldRaiseErrorOnDomainNotSet" , "" , nil , [ ] string { "session: domain config #1 (domain ''): option 'domain' is required" } } ,
2023-01-12 10:57:44 +00:00
}
for _ , tc := range testCases {
t . Run ( tc . name , func ( t * testing . T ) {
validator := schema . NewStructValidator ( )
config := newDefaultSessionConfig ( )
config . Domain = ""
config . Cookies = [ ] schema . SessionCookieConfiguration {
{
SessionCookieCommonConfiguration : schema . SessionCookieCommonConfiguration {
Domain : tc . have ,
} ,
2023-02-02 05:34:49 +00:00
} ,
2023-01-12 10:57:44 +00:00
}
ValidateSession ( & config , validator )
2023-02-02 05:34:49 +00:00
require . Len ( t , validator . Warnings ( ) , len ( tc . warnings ) )
2023-01-12 10:57:44 +00:00
require . Len ( t , validator . Errors ( ) , len ( tc . expected ) )
2023-02-02 05:34:49 +00:00
for i , expected := range tc . warnings {
assert . EqualError ( t , validator . Warnings ( ) [ i ] , expected )
}
2023-01-12 10:57:44 +00:00
for i , expected := range tc . expected {
assert . EqualError ( t , validator . Errors ( ) [ i ] , expected )
}
} )
}
}
func TestShouldRaiseErrorWhenPortalURLIsInvalid ( t * testing . T ) {
testCases := [ ] struct {
name string
have string
expected [ ] string
} {
{ "ShouldRaiseErrorOnInvalidScope" , "https://example2.com/login" , [ ] string { "session: domain config #1 (domain 'example.com'): option 'authelia_url' does not share a cookie scope with domain 'example.com' with a value of 'https://example2.com/login'" } } ,
{ "ShouldRaiseErrorOnInvalidScheme" , "http://example.com/login" , [ ] string { "session: domain config #1 (domain 'example.com'): option 'authelia_url' does not have a secure scheme with a value of 'http://example.com/login'" } } ,
}
for _ , tc := range testCases {
t . Run ( tc . name , func ( t * testing . T ) {
validator := schema . NewStructValidator ( )
config := newDefaultSessionConfig ( )
config . Domain = ""
config . Cookies = [ ] schema . SessionCookieConfiguration {
{
SessionCookieCommonConfiguration : schema . SessionCookieCommonConfiguration {
Name : "authelia_session" ,
Domain : exampleDotCom ,
} ,
AutheliaURL : MustParseURL ( tc . have ) } ,
}
ValidateSession ( & config , validator )
assert . Len ( t , validator . Warnings ( ) , 0 )
require . Len ( t , validator . Errors ( ) , len ( tc . expected ) )
for i , expected := range tc . expected {
assert . EqualError ( t , validator . Errors ( ) [ i ] , expected )
}
} )
}
2020-06-07 15:47:02 +00:00
}
2021-04-18 00:02:04 +00:00
func TestShouldRaiseErrorWhenSameSiteSetIncorrectly ( t * testing . T ) {
validator := schema . NewStructValidator ( )
config := newDefaultSessionConfig ( )
config . SameSite = "NOne"
ValidateSession ( & config , validator )
assert . False ( t , validator . HasWarnings ( ) )
2023-01-12 10:57:44 +00:00
require . Len ( t , validator . Errors ( ) , 2 )
2022-02-28 03:15:01 +00:00
assert . EqualError ( t , validator . Errors ( ) [ 0 ] , "session: option 'same_site' must be one of 'none', 'lax', 'strict' but is configured as 'NOne'" )
2023-01-12 10:57:44 +00:00
assert . EqualError ( t , validator . Errors ( ) [ 1 ] , "session: domain config #1 (domain 'example.com'): option 'same_site' must be one of 'none', 'lax', 'strict' but is configured as 'NOne'" )
2021-04-18 00:02:04 +00:00
}
func TestShouldNotRaiseErrorWhenSameSiteSetCorrectly ( t * testing . T ) {
validator := schema . NewStructValidator ( )
2023-01-12 10:57:44 +00:00
var config schema . SessionConfiguration
2021-04-18 00:02:04 +00:00
validOptions := [ ] string { "none" , "lax" , "strict" }
for _ , opt := range validOptions {
2023-01-12 10:57:44 +00:00
validator . Clear ( )
config = newDefaultSessionConfig ( )
2021-04-18 00:02:04 +00:00
config . SameSite = opt
ValidateSession ( & config , validator )
2023-01-12 10:57:44 +00:00
assert . Len ( t , validator . Warnings ( ) , 0 )
2021-04-18 00:02:04 +00:00
assert . Len ( t , validator . Errors ( ) , 0 )
}
}
2022-03-09 22:01:04 +00:00
func TestShouldSetDefaultWhenNegativeAndNotOverrideDisabledRememberMe ( t * testing . T ) {
2020-04-03 23:11:33 +00:00
validator := schema . NewStructValidator ( )
config := newDefaultSessionConfig ( )
2022-03-02 06:40:26 +00:00
config . Inactivity = - 1
config . Expiration = - 1
2023-01-12 10:57:44 +00:00
config . RememberMe = schema . RememberMeDisabled
2020-04-03 23:11:33 +00:00
ValidateSession ( & config , validator )
2022-03-02 06:40:26 +00:00
assert . Len ( t , validator . Warnings ( ) , 0 )
assert . Len ( t , validator . Errors ( ) , 0 )
2020-04-03 23:11:33 +00:00
2022-03-02 06:40:26 +00:00
assert . Equal ( t , schema . DefaultSessionConfiguration . Inactivity , config . Inactivity )
assert . Equal ( t , schema . DefaultSessionConfiguration . Expiration , config . Expiration )
2023-01-12 10:57:44 +00:00
assert . Equal ( t , schema . RememberMeDisabled , config . RememberMe )
assert . True ( t , config . DisableRememberMe )
2020-04-03 23:11:33 +00:00
}
func TestShouldSetDefaultRememberMeDuration ( t * testing . T ) {
validator := schema . NewStructValidator ( )
config := newDefaultSessionConfig ( )
ValidateSession ( & config , validator )
2023-01-12 10:57:44 +00:00
assert . Len ( t , validator . Warnings ( ) , 0 )
assert . Len ( t , validator . Errors ( ) , 0 )
assert . Equal ( t , config . RememberMe , schema . DefaultSessionConfiguration . RememberMe )
}
func TestShouldNotAllowLegacyAndModernCookiesConfig ( t * testing . T ) {
validator := schema . NewStructValidator ( )
config := newDefaultSessionConfig ( )
config . Cookies = append ( config . Cookies , schema . SessionCookieConfiguration {
SessionCookieCommonConfiguration : schema . SessionCookieCommonConfiguration {
Name : config . Name ,
Domain : config . Domain ,
SameSite : config . SameSite ,
Expiration : config . Expiration ,
Inactivity : config . Inactivity ,
RememberMe : config . RememberMe ,
} ,
} )
ValidateSession ( & config , validator )
assert . Len ( t , validator . Warnings ( ) , 0 )
require . Len ( t , validator . Errors ( ) , 1 )
assert . EqualError ( t , validator . Errors ( ) [ 0 ] , "session: option 'domain' and option 'cookies' can't be specified at the same time" )
}
func MustParseURL ( uri string ) * url . URL {
u , err := url . ParseRequestURI ( uri )
if err != nil {
panic ( err )
}
return u
2020-04-03 23:11:33 +00:00
}