fix(configuration): remember me duration disabled impossible (#2997)

This fixes an issue not properly resolved by db6dd32151.

internal/configuration/provider_test.go

@@ -295,6 +295,7 @@ func TestShouldDecodeSMTPSenderWithName(t *testing.T) {
 
 	assert.Equal(t, "Admin", config.Notifier.SMTP.Sender.Name)
 	assert.Equal(t, "admin@example.com", config.Notifier.SMTP.Sender.Address)
+	assert.Equal(t, schema.RememberMeDisabled, config.Session.RememberMeDuration)
 }
 
 func TestShouldNotReadConfigurationOnFSAccessDenied(t *testing.T) {

internal/configuration/schema/const.go

@@ -9,20 +9,24 @@ const argon2id = "argon2id"
 // ProfileRefreshDisabled represents a value for refresh_interval that disables the check entirely.
 const ProfileRefreshDisabled = "disable"
 
-// ProfileRefreshAlways represents a value for refresh_interval that's the same as 0ms.
-const ProfileRefreshAlways = "always"
+const (
+	// ProfileRefreshAlways represents a value for refresh_interval that's the same as 0ms.
+	ProfileRefreshAlways = "always"
 
-// RefreshIntervalDefault represents the default value of refresh_interval.
-const RefreshIntervalDefault = "5m"
+	// RefreshIntervalDefault represents the default value of refresh_interval.
+	RefreshIntervalDefault = "5m"
 
-// RefreshIntervalAlways represents the duration value refresh interval should have if set to always.
-const RefreshIntervalAlways = 0 * time.Millisecond
+	// RefreshIntervalAlways represents the duration value refresh interval should have if set to always.
+	RefreshIntervalAlways = 0 * time.Millisecond
+)
 
-// LDAPImplementationCustom is the string for the custom LDAP implementation.
-const LDAPImplementationCustom = "custom"
+const (
+	// LDAPImplementationCustom is the string for the custom LDAP implementation.
+	LDAPImplementationCustom = "custom"
 
-// LDAPImplementationActiveDirectory is the string for the Active Directory LDAP implementation.
-const LDAPImplementationActiveDirectory = "activedirectory"
+	// LDAPImplementationActiveDirectory is the string for the Active Directory LDAP implementation.
+	LDAPImplementationActiveDirectory = "activedirectory"
+)
 
 // TOTP Algorithm.
 const (
@@ -31,6 +35,11 @@ const (
 	TOTPAlgorithmSHA512 = "SHA512"
 )
 
+const (
+	// RememberMeDisabled represents the duration for a disabled remember me session configuration.
+	RememberMeDisabled = time.Second * -1
+)
+
 var (
 	// TOTPPossibleAlgorithms is a list of valid TOTP Algorithms.
 	TOTPPossibleAlgorithms = []string{TOTPAlgorithmSHA1, TOTPAlgorithmSHA256, TOTPAlgorithmSHA512}

internal/configuration/test_resources/config_alt.yml

@@ -97,6 +97,7 @@ session:
   name: authelia_session
   expiration: 3600000  # 1 hour
   inactivity: 300000  # 5 minutes
+  remember_me_duration: -1
   domain: example.com
   redis:
     host: 127.0.0.1

internal/configuration/validator/session.go

@@ -35,7 +35,7 @@ func validateSession(config *schema.SessionConfiguration, validator *schema.Stru
 		config.Inactivity = schema.DefaultSessionConfiguration.Inactivity // 5 min.
 	}
 
-	if config.RememberMeDuration <= 0 && config.RememberMeDuration != -1 {
+	if config.RememberMeDuration <= 0 && config.RememberMeDuration != schema.RememberMeDisabled {
 		config.RememberMeDuration = schema.DefaultSessionConfiguration.RememberMeDuration // 1 month.
 	}
 

internal/configuration/validator/session_test.go

@@ -3,7 +3,6 @@ package validator
 import (
 	"fmt"
 	"testing"
-	"time"
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -412,7 +411,7 @@ func TestShouldSetDefaultWhenNegativeAndNotOverrideDisabledRememberMe(t *testing
 	config := newDefaultSessionConfig()
 	config.Inactivity = -1
 	config.Expiration = -1
-	config.RememberMeDuration = -1
+	config.RememberMeDuration = schema.RememberMeDisabled
 
 	ValidateSession(&config, validator)
 
@@ -421,7 +420,7 @@ func TestShouldSetDefaultWhenNegativeAndNotOverrideDisabledRememberMe(t *testing
 
 	assert.Equal(t, schema.DefaultSessionConfiguration.Inactivity, config.Inactivity)
 	assert.Equal(t, schema.DefaultSessionConfiguration.Expiration, config.Expiration)
-	assert.Equal(t, time.Duration(-1), config.RememberMeDuration)
+	assert.Equal(t, schema.RememberMeDisabled, config.RememberMeDuration)
 }
 
 func TestShouldSetDefaultRememberMeDuration(t *testing.T) {

internal/handlers/handler_firstfactor.go

@@ -4,6 +4,7 @@ import (
 	"errors"
 	"time"
 
+	"github.com/authelia/authelia/v4/internal/configuration/schema"
 	"github.com/authelia/authelia/v4/internal/middlewares"
 	"github.com/authelia/authelia/v4/internal/regulation"
 	"github.com/authelia/authelia/v4/internal/session"
@@ -92,7 +93,7 @@ func FirstFactorPost(delayFunc middlewares.TimingAttackDelayFunc) middlewares.Re
 		}
 
 		// Check if bodyJSON.KeepMeLoggedIn can be deref'd and derive the value based on the configuration and JSON data.
-		keepMeLoggedIn := ctx.Providers.SessionProvider.RememberMe != -1 && bodyJSON.KeepMeLoggedIn != nil && *bodyJSON.KeepMeLoggedIn
+		keepMeLoggedIn := ctx.Providers.SessionProvider.RememberMe != schema.RememberMeDisabled && bodyJSON.KeepMeLoggedIn != nil && *bodyJSON.KeepMeLoggedIn
 
 		// Set the cookie to expire if remember me is enabled and the user has asked us to.
 		if keepMeLoggedIn {

internal/server/server.go

@@ -28,7 +28,7 @@ var assets embed.FS
 
 func registerRoutes(configuration schema.Configuration, providers middlewares.Providers) fasthttp.RequestHandler {
 	autheliaMiddleware := middlewares.AutheliaMiddleware(configuration, providers)
-	rememberMe := strconv.FormatBool(configuration.Session.RememberMeDuration != -1)
+	rememberMe := strconv.FormatBool(configuration.Session.RememberMeDuration != schema.RememberMeDisabled)
 	resetPassword := strconv.FormatBool(!configuration.AuthenticationBackend.DisableResetPassword)
 
 	duoSelfEnrollment := f