feat(authentication): permit feature detection failures (#4061)

This adds a configuration option which permits the failure of feature detection (control type OIDs and extension OIDs).
2022-10-02 07:44:18 +11:00 · 2022-10-02 07:44:18 +11:00 · 66ea374227
parent 56b6fd615b
commit 66ea374227
9 changed files with 26 additions and 9 deletions
--- a/.github/ISSUE_TEMPLATE/bug-report.yml
+++ b/.github/ISSUE_TEMPLATE/bug-report.yml
@ -26,6 +26,7 @@ body:
      description: What version(s) of Authelia can you reproduce this bug on?
      multiple: true
      options:
+        - v4.36.9
        - v4.36.8
        - v4.36.7
        - v4.36.6
@ -79,6 +80,7 @@ body:
        - Caddy
        - Traefik
        - Envoy
+        - Istio
        - NGINX
        - SWAG
        - NGINX Proxy Manager
--- a/cmd/authelia-gen/templates/web_i18n_index.ts.tmpl
+++ b/cmd/authelia-gen/templates/web_i18n_index.ts.tmpl
@ -9,17 +9,23 @@ import LanguageDetector from "i18next-browser-languagedetector";
 import Backend from "i18next-http-backend";
 import { initReactI18next } from "react-i18next";

+import LocalStorageCustomDetector from "@i18n/detectors/localStorageCustom";
 import { getBasePath } from "@utils/BasePath";

 const basePath = getBasePath();

+const CustomLanguageDetector = new LanguageDetector();
+
+CustomLanguageDetector.addDetector(LocalStorageCustomDetector);
+
 i18n.use(Backend)
-    .use(LanguageDetector)
+    .use(CustomLanguageDetector)
    .use(initReactI18next)
    .init({
        detection: {
-            order: ["querystring", "navigator"],
+            order: ["querystring", "localStorageCustom", "navigator"],
            lookupQuerystring: "lng",
+            lookupLocalStorage: "lng",
        },
        backend: {
            loadPath: basePath + "/locales/{{"{{lng}}"}}/{{"{{ns}}"}}.json",
--- a/cmd/authelia-scripts/cmd/gen.go
+++ b/cmd/authelia-scripts/cmd/gen.go
@ -7,5 +7,5 @@
 package cmd

 const (
-	versionSwaggerUI = "4.14.0"
+	versionSwaggerUI = "4.14.2"
 )
--- a/docs/content/en/blog/pre-release-notes-4.37/index.md
+++ b/docs/content/en/blog/pre-release-notes-4.37/index.md
@ -3,7 +3,7 @@ title: "4.37: Pre-Release Notes"
 description: "Authelia 4.37 is just around the corner. This version has several additional features and improvements to existing features. In this blog post we'll discuss the new features and roughly what it means for users."
 lead: "Pre-Release Notes for 4.37"
 excerpt: "Authelia 4.37 is just around the corner. This version has several additional features and improvements to existing features. In this blog post we'll discuss the new features and roughly what it means for users."
-date: 2022-09-26T05:48:22+10:00
+date: 2022-09-26T06:55:09+10:00
 draft: false
 images: []
 categories: ["News", "Release Notes"]
--- a/docs/data/configkeys.json
+++ b/docs/data/configkeys.json
--- a/internal/authentication/ldap_user_provider_startup.go
+++ b/internal/authentication/ldap_user_provider_startup.go
@ -1,6 +1,7 @@
 package authentication

 import (
+	"fmt"
 	"strings"

 	"github.com/go-ldap/ldap/v3"
@ -54,7 +55,13 @@ func (p *LDAPUserProvider) getServerSupportedFeatures(client LDAPClient) (featur
 		1, 0, false, "(objectClass=*)", []string{ldapSupportedExtensionAttribute, ldapSupportedControlAttribute}, nil)

 	if searchResult, err = client.Search(searchRequest); err != nil {
-		return features, err
+		if p.config.PermitFeatureDetectionFailure {
+			p.log.WithError(err).Warnf("Error occurred during RootDSE search. This may result in reduced functionality.")
+
+			return features, nil
+		}
+
+		return features, fmt.Errorf("error occurred during RootDSE search: %w", err)
 	}

 	if len(searchResult.Entries) != 1 {
--- a/internal/authentication/ldap_user_provider_test.go
+++ b/internal/authentication/ldap_user_provider_test.go
@ -489,7 +489,7 @@ func TestShouldReturnCheckServerSearchError(t *testing.T) {
 	gomock.InOrder(dialURL, connBind, searchOIDs, connClose)

 	err := ldapClient.StartupCheck()
-	assert.EqualError(t, err, "could not perform the search")
+	assert.EqualError(t, err, "error occurred during RootDSE search: could not perform the search")

 	assert.False(t, ldapClient.features.Extensions.PwdModifyExOp)
 }
--- a/internal/configuration/schema/authentication.go
+++ b/internal/configuration/schema/authentication.go
@ -28,6 +28,7 @@ type LDAPAuthenticationBackendConfiguration struct {

 	PermitReferrals               bool `koanf:"permit_referrals"`
 	PermitUnauthenticatedBind     bool `koanf:"permit_unauthenticated_bind"`
+	PermitFeatureDetectionFailure bool `koanf:"permit_feature_detection_failure"`

 	User     string `koanf:"user"`
 	Password string `koanf:"password"`
--- a/internal/configuration/schema/keys.go
+++ b/internal/configuration/schema/keys.go
@ -63,6 +63,7 @@ var Keys = []string{
 	"authentication_backend.ldap.display_name_attribute",
 	"authentication_backend.ldap.permit_referrals",
 	"authentication_backend.ldap.permit_unauthenticated_bind",
+	"authentication_backend.ldap.permit_feature_detection_failure",
 	"authentication_backend.ldap.user",
 	"authentication_backend.ldap.password",
 	"authentication_backend.file.path",