RPJosh
/
authelia
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

test(authentication): add missing type tests (#5483) 

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
pull/5487/head
James Elliott 2023-05-25 12:26:19 +10:00 committed by GitHub
parent fbbeef3ae8
commit 17db704f4d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 80 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
internal/authentication/const.go
View File

@ -2,20 +2,8 @@ package authentication
import ( import (
"errors" "errors"
)
// Level is the type representing a level of authentication. "golang.org/x/text/encoding/unicode"
type Level int
const (
// NotAuthenticated if the user is not authenticated yet.
NotAuthenticated Level = iota
// OneFactor if the user has passed first factor only.
OneFactor
// TwoFactor if the user has passed two factors.
TwoFactor
) )
const ( const (
@ -109,3 +97,7 @@ const fileAuthenticationMode = 0600
// OWASP recommends to escape some special characters. // OWASP recommends to escape some special characters.
// https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/LDAP_Injection_Prevention_Cheat_Sheet.md // https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/LDAP_Injection_Prevention_Cheat_Sheet.md
const specialLDAPRunes = ",#+<>;\"=" const specialLDAPRunes = ",#+<>;\"="
var (
encodingUTF16LittleEndian = unicode.UTF16(unicode.LittleEndian, unicode.IgnoreBOM)
)

2
internal/authentication/ldap_user_provider.go
View File

@ -215,7 +215,7 @@ func (p *LDAPUserProvider) UpdatePassword(username, password string) (err error)
modifyRequest := ldap.NewModifyRequest(profile.DN, controls) modifyRequest := ldap.NewModifyRequest(profile.DN, controls)
// The password needs to be enclosed in quotes // The password needs to be enclosed in quotes
// https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/6e803168-f140-4d23-b2d3-c3a8ab5917d2 // https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/6e803168-f140-4d23-b2d3-c3a8ab5917d2
pwdEncoded, _ := utf16LittleEndian.NewEncoder().String(fmt.Sprintf("\"%s\"", password)) pwdEncoded, _ := encodingUTF16LittleEndian.NewEncoder().String(fmt.Sprintf("\"%s\"", password))
modifyRequest.Replace(ldapAttributeUnicodePwd, []string{pwdEncoded}) modifyRequest.Replace(ldapAttributeUnicodePwd, []string{pwdEncoded})
err = p.modify(client, modifyRequest) err = p.modify(client, modifyRequest)

10
internal/authentication/ldap_user_provider_test.go
View File

@ -1604,7 +1604,7 @@ func TestShouldUpdateUserPasswordMSAD(t *testing.T) {
[]ldap.Control{&controlMsftServerPolicyHints{ldapOIDControlMsftServerPolicyHints}}, []ldap.Control{&controlMsftServerPolicyHints{ldapOIDControlMsftServerPolicyHints}},
) )
pwdEncoded, _ := utf16LittleEndian.NewEncoder().String(fmt.Sprintf("\"%s\"", "password")) pwdEncoded, _ := encodingUTF16LittleEndian.NewEncoder().String(fmt.Sprintf("\"%s\"", "password"))
modifyRequest.Replace(ldapAttributeUnicodePwd, []string{pwdEncoded}) modifyRequest.Replace(ldapAttributeUnicodePwd, []string{pwdEncoded})
dialURLOIDs := mockFactory.EXPECT(). dialURLOIDs := mockFactory.EXPECT().
@ -1715,7 +1715,7 @@ func TestShouldUpdateUserPasswordMSADWithReferrals(t *testing.T) {
[]ldap.Control{&controlMsftServerPolicyHints{ldapOIDControlMsftServerPolicyHints}}, []ldap.Control{&controlMsftServerPolicyHints{ldapOIDControlMsftServerPolicyHints}},
) )
pwdEncoded, _ := utf16LittleEndian.NewEncoder().String(fmt.Sprintf("\"%s\"", "password")) pwdEncoded, _ := encodingUTF16LittleEndian.NewEncoder().String(fmt.Sprintf("\"%s\"", "password"))
modifyRequest.Replace(ldapAttributeUnicodePwd, []string{pwdEncoded}) modifyRequest.Replace(ldapAttributeUnicodePwd, []string{pwdEncoded})
dialURLOIDs := mockFactory.EXPECT(). dialURLOIDs := mockFactory.EXPECT().
@ -1843,7 +1843,7 @@ func TestShouldUpdateUserPasswordMSADWithReferralsWithReferralConnectErr(t *test
[]ldap.Control{&controlMsftServerPolicyHints{ldapOIDControlMsftServerPolicyHints}}, []ldap.Control{&controlMsftServerPolicyHints{ldapOIDControlMsftServerPolicyHints}},
) )
pwdEncoded, _ := utf16LittleEndian.NewEncoder().String(fmt.Sprintf("\"%s\"", "password")) pwdEncoded, _ := encodingUTF16LittleEndian.NewEncoder().String(fmt.Sprintf("\"%s\"", "password"))
modifyRequest.Replace(ldapAttributeUnicodePwd, []string{pwdEncoded}) modifyRequest.Replace(ldapAttributeUnicodePwd, []string{pwdEncoded})
dialURLOIDs := mockFactory.EXPECT(). dialURLOIDs := mockFactory.EXPECT().
@ -1962,7 +1962,7 @@ func TestShouldUpdateUserPasswordMSADWithReferralsWithReferralModifyErr(t *testi
[]ldap.Control{&controlMsftServerPolicyHints{ldapOIDControlMsftServerPolicyHints}}, []ldap.Control{&controlMsftServerPolicyHints{ldapOIDControlMsftServerPolicyHints}},
) )
pwdEncoded, _ := utf16LittleEndian.NewEncoder().String(fmt.Sprintf("\"%s\"", "password")) pwdEncoded, _ := encodingUTF16LittleEndian.NewEncoder().String(fmt.Sprintf("\"%s\"", "password"))
modifyRequest.Replace(ldapAttributeUnicodePwd, []string{pwdEncoded}) modifyRequest.Replace(ldapAttributeUnicodePwd, []string{pwdEncoded})
dialURLOIDs := mockFactory.EXPECT(). dialURLOIDs := mockFactory.EXPECT().
@ -2094,7 +2094,7 @@ func TestShouldUpdateUserPasswordMSADWithoutReferrals(t *testing.T) {
[]ldap.Control{&controlMsftServerPolicyHints{ldapOIDControlMsftServerPolicyHints}}, []ldap.Control{&controlMsftServerPolicyHints{ldapOIDControlMsftServerPolicyHints}},
) )
pwdEncoded, _ := utf16LittleEndian.NewEncoder().String(fmt.Sprintf("\"%s\"", "password")) pwdEncoded, _ := encodingUTF16LittleEndian.NewEncoder().String(fmt.Sprintf("\"%s\"", "password"))
modifyRequest.Replace(ldapAttributeUnicodePwd, []string{pwdEncoded}) modifyRequest.Replace(ldapAttributeUnicodePwd, []string{pwdEncoded})
dialURLOIDs := mockFactory.EXPECT(). dialURLOIDs := mockFactory.EXPECT().

29
internal/authentication/types.go
View File

@ -6,7 +6,6 @@ import (
"time" "time"
"github.com/go-ldap/ldap/v3" "github.com/go-ldap/ldap/v3"
"golang.org/x/text/encoding/unicode"
) )
// LDAPClientFactory an interface of factory of LDAP clients. // LDAPClientFactory an interface of factory of LDAP clients.
@ -103,4 +102,30 @@ type LDAPSupportedControlTypes struct {
MsftPwdPolHintsDeprecated bool MsftPwdPolHintsDeprecated bool
} }
var utf16LittleEndian = unicode.UTF16(unicode.LittleEndian, unicode.IgnoreBOM) // Level is the type representing a level of authentication.
type Level int
const (
// NotAuthenticated if the user is not authenticated yet.
NotAuthenticated Level = iota
// OneFactor if the user has passed first factor only.
OneFactor
// TwoFactor if the user has passed two factors.
TwoFactor
)
// String returns a string representation of an authentication.Level.
func (l Level) String() string {
switch l {
case NotAuthenticated:
return "not_authenticated"
case OneFactor:
return "one_factor"
case TwoFactor:
return "two_factor"
default:
return "invalid"
}
}

42
internal/authentication/types_test.go 100644
View File

@ -0,0 +1,42 @@
package authentication
import (
"net/mail"
"testing"
"github.com/stretchr/testify/assert"
)
func TestUserDetails_Addresses(t *testing.T) {
details := &UserDetails{}
assert.Equal(t, []mail.Address(nil), details.Addresses())
details = &UserDetails{
DisplayName: "Example",
Emails: []string{"abc@123.com"},
}
assert.Equal(t, []mail.Address{{Name: "Example", Address: "abc@123.com"}}, details.Addresses())
details = &UserDetails{
DisplayName: "Example",
Emails: []string{"abc@123.com", "two@apple.com"},
}
assert.Equal(t, []mail.Address{{Name: "Example", Address: "abc@123.com"}, {Name: "Example", Address: "two@apple.com"}}, details.Addresses())
details = &UserDetails{
DisplayName: "",
Emails: []string{"abc@123.com"},
}
assert.Equal(t, []mail.Address{{Address: "abc@123.com"}}, details.Addresses())
}
func TestLevel_String(t *testing.T) {
assert.Equal(t, "one_factor", OneFactor.String())
assert.Equal(t, "two_factor", TwoFactor.String())
assert.Equal(t, "not_authenticated", NotAuthenticated.String())
assert.Equal(t, "invalid", Level(-1).String())
}

15
internal/authentication/util.go
View File

@ -1,15 +0,0 @@
package authentication
// String returns a string representation of an authentication.Level.
func (l Level) String() string {
switch l {
case NotAuthenticated:
return "not_authenticated"
case OneFactor:
return "one_factor"
case TwoFactor:
return "two_factor"
default:
return "invalid"
}
}