feat(authentication): permit feature detection failures (#4061)

This adds a configuration option which permits the failure of feature detection (control type OIDs and extension OIDs).
pull/3789/head
James Elliott 2022-10-02 07:44:18 +11:00 committed by GitHub
parent 56b6fd615b
commit 66ea374227
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 26 additions and 9 deletions

View File

@ -26,6 +26,7 @@ body:
description: What version(s) of Authelia can you reproduce this bug on?
multiple: true
options:
- v4.36.9
- v4.36.8
- v4.36.7
- v4.36.6
@ -79,6 +80,7 @@ body:
- Caddy
- Traefik
- Envoy
- Istio
- NGINX
- SWAG
- NGINX Proxy Manager

View File

@ -9,17 +9,23 @@ import LanguageDetector from "i18next-browser-languagedetector";
import Backend from "i18next-http-backend";
import { initReactI18next } from "react-i18next";
import LocalStorageCustomDetector from "@i18n/detectors/localStorageCustom";
import { getBasePath } from "@utils/BasePath";
const basePath = getBasePath();
const CustomLanguageDetector = new LanguageDetector();
CustomLanguageDetector.addDetector(LocalStorageCustomDetector);
i18n.use(Backend)
.use(LanguageDetector)
.use(CustomLanguageDetector)
.use(initReactI18next)
.init({
detection: {
order: ["querystring", "navigator"],
order: ["querystring", "localStorageCustom", "navigator"],
lookupQuerystring: "lng",
lookupLocalStorage: "lng",
},
backend: {
loadPath: basePath + "/locales/{{"{{lng}}"}}/{{"{{ns}}"}}.json",

View File

@ -7,5 +7,5 @@
package cmd
const (
versionSwaggerUI = "4.14.0"
versionSwaggerUI = "4.14.2"
)

View File

@ -3,7 +3,7 @@ title: "4.37: Pre-Release Notes"
description: "Authelia 4.37 is just around the corner. This version has several additional features and improvements to existing features. In this blog post we'll discuss the new features and roughly what it means for users."
lead: "Pre-Release Notes for 4.37"
excerpt: "Authelia 4.37 is just around the corner. This version has several additional features and improvements to existing features. In this blog post we'll discuss the new features and roughly what it means for users."
date: 2022-09-26T05:48:22+10:00
date: 2022-09-26T06:55:09+10:00
draft: false
images: []
categories: ["News", "Release Notes"]

File diff suppressed because one or more lines are too long

View File

@ -1,6 +1,7 @@
package authentication
import (
"fmt"
"strings"
"github.com/go-ldap/ldap/v3"
@ -54,7 +55,13 @@ func (p *LDAPUserProvider) getServerSupportedFeatures(client LDAPClient) (featur
1, 0, false, "(objectClass=*)", []string{ldapSupportedExtensionAttribute, ldapSupportedControlAttribute}, nil)
if searchResult, err = client.Search(searchRequest); err != nil {
return features, err
if p.config.PermitFeatureDetectionFailure {
p.log.WithError(err).Warnf("Error occurred during RootDSE search. This may result in reduced functionality.")
return features, nil
}
return features, fmt.Errorf("error occurred during RootDSE search: %w", err)
}
if len(searchResult.Entries) != 1 {

View File

@ -489,7 +489,7 @@ func TestShouldReturnCheckServerSearchError(t *testing.T) {
gomock.InOrder(dialURL, connBind, searchOIDs, connClose)
err := ldapClient.StartupCheck()
assert.EqualError(t, err, "could not perform the search")
assert.EqualError(t, err, "error occurred during RootDSE search: could not perform the search")
assert.False(t, ldapClient.features.Extensions.PwdModifyExOp)
}

View File

@ -26,8 +26,9 @@ type LDAPAuthenticationBackendConfiguration struct {
MailAttribute string `koanf:"mail_attribute"`
DisplayNameAttribute string `koanf:"display_name_attribute"`
PermitReferrals bool `koanf:"permit_referrals"`
PermitUnauthenticatedBind bool `koanf:"permit_unauthenticated_bind"`
PermitReferrals bool `koanf:"permit_referrals"`
PermitUnauthenticatedBind bool `koanf:"permit_unauthenticated_bind"`
PermitFeatureDetectionFailure bool `koanf:"permit_feature_detection_failure"`
User string `koanf:"user"`
Password string `koanf:"password"`

View File

@ -63,6 +63,7 @@ var Keys = []string{
"authentication_backend.ldap.display_name_attribute",
"authentication_backend.ldap.permit_referrals",
"authentication_backend.ldap.permit_unauthenticated_bind",
"authentication_backend.ldap.permit_feature_detection_failure",
"authentication_backend.ldap.user",
"authentication_backend.ldap.password",
"authentication_backend.file.path",