diff --git a/internal/authentication/util.go b/internal/authentication/util.go index 80d2ec119..075e45fab 100644 --- a/internal/authentication/util.go +++ b/internal/authentication/util.go @@ -1,15 +1,15 @@ package authentication -// LevelToString returns a string representation of an authentication.Level. -func LevelToString(level Level) string { - switch level { +// String returns a string representation of an authentication.Level. +func (l Level) String() string { + switch l { case NotAuthenticated: return "not_authenticated" case OneFactor: return "one_factor" case TwoFactor: return "two_factor" + default: + return "invalid" } - - return "invalid" } diff --git a/internal/authorization/access_control_rule.go b/internal/authorization/access_control_rule.go index 9d86b80cf..968d4ce28 100644 --- a/internal/authorization/access_control_rule.go +++ b/internal/authorization/access_control_rule.go @@ -26,7 +26,7 @@ func NewAccessControlRule(pos int, rule schema.ACLRule, networksMap map[string][ Methods: schemaMethodsToACL(rule.Methods), Networks: schemaNetworksToACL(rule.Networks, networksMap, networksCacheMap), Subjects: schemaSubjectsToACL(rule.Subjects), - Policy: StringToLevel(rule.Policy), + Policy: NewLevel(rule.Policy), } if len(r.Subjects) != 0 { diff --git a/internal/authorization/authorizer.go b/internal/authorization/authorizer.go index a3546083f..9a27f48db 100644 --- a/internal/authorization/authorizer.go +++ b/internal/authorization/authorizer.go @@ -19,7 +19,7 @@ type Authorizer struct { // NewAuthorizer create an instance of authorizer with a given access control config. func NewAuthorizer(config *schema.Configuration) (authorizer *Authorizer) { authorizer = &Authorizer{ - defaultPolicy: StringToLevel(config.AccessControl.DefaultPolicy), + defaultPolicy: NewLevel(config.AccessControl.DefaultPolicy), rules: NewAccessControlRules(config.AccessControl), config: config, log: logging.Logger(), diff --git a/internal/authorization/authorizer_test.go b/internal/authorization/authorizer_test.go index 495a40f9a..0a829b2bf 100644 --- a/internal/authorization/authorizer_test.go +++ b/internal/authorization/authorizer_test.go @@ -988,12 +988,12 @@ func (s *AuthorizerSuite) TestShouldMatchResourceWithSubjectRules() { } func (s *AuthorizerSuite) TestPolicyToLevel() { - s.Assert().Equal(Bypass, StringToLevel(bypass)) - s.Assert().Equal(OneFactor, StringToLevel(oneFactor)) - s.Assert().Equal(TwoFactor, StringToLevel(twoFactor)) - s.Assert().Equal(Denied, StringToLevel(deny)) + s.Assert().Equal(Bypass, NewLevel(bypass)) + s.Assert().Equal(OneFactor, NewLevel(oneFactor)) + s.Assert().Equal(TwoFactor, NewLevel(twoFactor)) + s.Assert().Equal(Denied, NewLevel(deny)) - s.Assert().Equal(Denied, StringToLevel("whatever")) + s.Assert().Equal(Denied, NewLevel("whatever")) } func TestRunSuite(t *testing.T) { diff --git a/internal/authorization/util.go b/internal/authorization/util.go index 50be55e48..0e8c89d9b 100644 --- a/internal/authorization/util.go +++ b/internal/authorization/util.go @@ -9,8 +9,8 @@ import ( "github.com/authelia/authelia/v4/internal/configuration/schema" ) -// StringToLevel converts a string policy to int authorization level. -func StringToLevel(policy string) Level { +// NewLevel converts a string policy to int authorization level. +func NewLevel(policy string) Level { switch policy { case bypass: return Bypass @@ -25,9 +25,9 @@ func StringToLevel(policy string) Level { return Denied } -// LevelToString converts a int authorization level to string policy. -func LevelToString(level Level) (policy string) { - switch level { +// String returns a policy string representation of an authorization.Level. +func (l Level) String() string { + switch l { case Bypass: return bypass case OneFactor: @@ -36,9 +36,9 @@ func LevelToString(level Level) (policy string) { return twoFactor case Denied: return deny + default: + return deny } - - return deny } func stringSliceToRegexpSlice(strings []string) (regexps []regexp.Regexp, err error) { diff --git a/internal/authorization/util_test.go b/internal/authorization/util_test.go index 39061bc3b..ede91d086 100644 --- a/internal/authorization/util_test.go +++ b/internal/authorization/util_test.go @@ -25,7 +25,7 @@ func TestLevelToString(t *testing.T) { for _, tc := range testCases { t.Run("Expected_"+tc.expected, func(t *testing.T) { - assert.Equal(t, tc.expected, LevelToString(tc.have)) + assert.Equal(t, tc.expected, tc.have.String()) }) } } diff --git a/internal/commands/acl.go b/internal/commands/acl.go index ad6e7d3fc..a78d9e825 100644 --- a/internal/commands/acl.go +++ b/internal/commands/acl.go @@ -171,11 +171,11 @@ func accessControlCheckWriteOutput(object authorization.Object, subject authoriz switch { case appliedPos != 0 && (potentialPos == 0 || (potentialPos > appliedPos)): - fmt.Printf("\nThe policy '%s' from rule #%d will be applied to this request.\n\n", authorization.LevelToString(applied.Rule.Policy), appliedPos) + fmt.Printf("\nThe policy '%s' from rule #%d will be applied to this request.\n\n", applied.Rule.Policy, appliedPos) case potentialPos != 0 && appliedPos != 0: - fmt.Printf("\nThe policy '%s' from rule #%d will potentially be applied to this request. If not policy '%s' from rule #%d will be.\n\n", authorization.LevelToString(potential.Rule.Policy), potentialPos, authorization.LevelToString(applied.Rule.Policy), appliedPos) + fmt.Printf("\nThe policy '%s' from rule #%d will potentially be applied to this request. If not policy '%s' from rule #%d will be.\n\n", potential.Rule.Policy, potentialPos, applied.Rule.Policy, appliedPos) case potentialPos != 0: - fmt.Printf("\nThe policy '%s' from rule #%d will potentially be applied to this request. Otherwise the policy '%s' from the default policy will be.\n\n", authorization.LevelToString(potential.Rule.Policy), potentialPos, defaultPolicy) + fmt.Printf("\nThe policy '%s' from rule #%d will potentially be applied to this request. Otherwise the policy '%s' from the default policy will be.\n\n", potential.Rule.Policy, potentialPos, defaultPolicy) default: fmt.Printf("\nThe policy '%s' from the default policy will be applied to this request as no rules matched the request.\n\n", defaultPolicy) } diff --git a/internal/handlers/handler_oidc_authorization_consent.go b/internal/handlers/handler_oidc_authorization_consent.go index 9d366cb0b..fef764701 100644 --- a/internal/handlers/handler_oidc_authorization_consent.go +++ b/internal/handlers/handler_oidc_authorization_consent.go @@ -11,8 +11,6 @@ import ( "github.com/google/uuid" "github.com/ory/fosite" - "github.com/authelia/authelia/v4/internal/authentication" - "github.com/authelia/authelia/v4/internal/authorization" "github.com/authelia/authelia/v4/internal/middlewares" "github.com/authelia/authelia/v4/internal/model" "github.com/authelia/authelia/v4/internal/oidc" @@ -132,11 +130,11 @@ func handleOIDCAuthorizationConsentRedirect(ctx *middlewares.AutheliaCtx, issuer location.RawQuery = query.Encode() - ctx.Logger.Debugf(logFmtDbgConsentAuthenticationSufficiency, requester.GetID(), client.GetID(), client.Consent, authentication.LevelToString(userSession.AuthenticationLevel), "sufficient", authorization.LevelToString(client.Policy)) + ctx.Logger.Debugf(logFmtDbgConsentAuthenticationSufficiency, requester.GetID(), client.GetID(), client.Consent, userSession.AuthenticationLevel.String(), "sufficient", client.Policy) } else { location = handleOIDCAuthorizationConsentGetRedirectionURL(issuer, consent, requester) - ctx.Logger.Debugf(logFmtDbgConsentAuthenticationSufficiency, requester.GetID(), client.GetID(), client.Consent, authentication.LevelToString(userSession.AuthenticationLevel), "insufficient", authorization.LevelToString(client.Policy)) + ctx.Logger.Debugf(logFmtDbgConsentAuthenticationSufficiency, requester.GetID(), client.GetID(), client.Consent, userSession.AuthenticationLevel.String(), "insufficient", client.Policy) } ctx.Logger.Debugf(logFmtDbgConsentRedirect, requester.GetID(), client.GetID(), client.Consent, location) diff --git a/internal/oidc/client.go b/internal/oidc/client.go index e256a9380..61bce5590 100644 --- a/internal/oidc/client.go +++ b/internal/oidc/client.go @@ -27,7 +27,7 @@ func NewClient(config schema.OpenIDConnectClientConfiguration) (client *Client) UserinfoSigningAlgorithm: config.UserinfoSigningAlgorithm, - Policy: authorization.StringToLevel(config.Policy), + Policy: authorization.NewLevel(config.Policy), Consent: NewClientConsent(config.ConsentMode, config.ConsentPreConfiguredDuration), } diff --git a/internal/oidc/store.go b/internal/oidc/store.go index 910b7bd4b..91b8b8a11 100644 --- a/internal/oidc/store.go +++ b/internal/oidc/store.go @@ -28,7 +28,7 @@ func NewStore(config *schema.OpenIDConnectConfiguration, provider storage.Provid } for _, client := range config.Clients { - policy := authorization.StringToLevel(client.Policy) + policy := authorization.NewLevel(client.Policy) logger.Debugf("Registering client %s with policy %s (%v)", client.ID, client.Policy, policy) store.clients[client.ID] = NewClient(client)