[CI] Add goconst linter (#961)
* [CI] Add goconst linter * Implement goconst recommendations * Rename defaultPolicy to denyPolicy * Change order for test constants Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>pull/962/head
parent
310c5dc09b
commit
be0cc72473
|
@ -2,6 +2,9 @@ run:
|
||||||
timeout: 3m
|
timeout: 3m
|
||||||
|
|
||||||
linters-settings:
|
linters-settings:
|
||||||
|
goconst:
|
||||||
|
min-len: 2
|
||||||
|
min-occurrences: 2
|
||||||
gocyclo:
|
gocyclo:
|
||||||
min-complexity: 15
|
min-complexity: 15
|
||||||
godot:
|
godot:
|
||||||
|
@ -11,6 +14,7 @@ linters-settings:
|
||||||
|
|
||||||
linters:
|
linters:
|
||||||
enable:
|
enable:
|
||||||
|
- goconst
|
||||||
- gocyclo
|
- gocyclo
|
||||||
- godot
|
- godot
|
||||||
- gofmt
|
- gofmt
|
||||||
|
|
|
@ -25,7 +25,7 @@ func buildAutheliaBinary() {
|
||||||
func buildFrontend() {
|
func buildFrontend() {
|
||||||
// Install npm dependencies.
|
// Install npm dependencies.
|
||||||
cmd := utils.CommandWithStdout("yarn", "install")
|
cmd := utils.CommandWithStdout("yarn", "install")
|
||||||
cmd.Dir = "web"
|
cmd.Dir = webDirectory
|
||||||
|
|
||||||
if err := cmd.Run(); err != nil {
|
if err := cmd.Run(); err != nil {
|
||||||
log.Fatal(err)
|
log.Fatal(err)
|
||||||
|
@ -33,7 +33,7 @@ func buildFrontend() {
|
||||||
|
|
||||||
// Then build the frontend.
|
// Then build the frontend.
|
||||||
cmd = utils.CommandWithStdout("yarn", "build")
|
cmd = utils.CommandWithStdout("yarn", "build")
|
||||||
cmd.Dir = "web"
|
cmd.Dir = webDirectory
|
||||||
cmd.Env = append(os.Environ(), "INLINE_RUNTIME_CHUNK=false")
|
cmd.Env = append(os.Environ(), "INLINE_RUNTIME_CHUNK=false")
|
||||||
|
|
||||||
if err := cmd.Run(); err != nil {
|
if err := cmd.Run(); err != nil {
|
||||||
|
|
|
@ -53,7 +53,7 @@ func dockerBuildOfficialImage(arch string) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
if arch == "arm32v7" {
|
if arch == "arm32v7" {
|
||||||
if buildkiteQEMU != "true" {
|
if buildkiteQEMU != stringTrue {
|
||||||
err := utils.CommandWithStdout("docker", "run", "--rm", "--privileged", "multiarch/qemu-user-static", "--reset", "-p", "yes").Run()
|
err := utils.CommandWithStdout("docker", "run", "--rm", "--privileged", "multiarch/qemu-user-static", "--reset", "-p", "yes").Run()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
panic(err)
|
panic(err)
|
||||||
|
@ -66,7 +66,7 @@ func dockerBuildOfficialImage(arch string) error {
|
||||||
panic(err)
|
panic(err)
|
||||||
}
|
}
|
||||||
} else if arch == "arm64v8" {
|
} else if arch == "arm64v8" {
|
||||||
if buildkiteQEMU != "true" {
|
if buildkiteQEMU != stringTrue {
|
||||||
err := utils.CommandWithStdout("docker", "run", "--rm", "--privileged", "multiarch/qemu-user-static", "--reset", "-p", "yes").Run()
|
err := utils.CommandWithStdout("docker", "run", "--rm", "--privileged", "multiarch/qemu-user-static", "--reset", "-p", "yes").Run()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
panic(err)
|
panic(err)
|
||||||
|
@ -83,7 +83,7 @@ func dockerBuildOfficialImage(arch string) error {
|
||||||
gitTag := ciTag
|
gitTag := ciTag
|
||||||
if gitTag == "" {
|
if gitTag == "" {
|
||||||
// If commit is not tagged, mark the build has having master tag.
|
// If commit is not tagged, mark the build has having master tag.
|
||||||
gitTag = "master"
|
gitTag = masterTag
|
||||||
}
|
}
|
||||||
|
|
||||||
cmd := utils.Shell("git rev-parse HEAD")
|
cmd := utils.Shell("git rev-parse HEAD")
|
||||||
|
@ -213,13 +213,13 @@ func publishDockerImage(arch string) {
|
||||||
} else {
|
} else {
|
||||||
log.Fatal("Docker image will not be published, the specified tag does not conform to the standard")
|
log.Fatal("Docker image will not be published, the specified tag does not conform to the standard")
|
||||||
}
|
}
|
||||||
} else if ciBranch != "master" && !publicRepo.MatchString(ciBranch) {
|
} else if ciBranch != masterTag && !publicRepo.MatchString(ciBranch) {
|
||||||
login(docker)
|
login(docker)
|
||||||
deploy(docker, ciBranch+"-"+arch)
|
deploy(docker, ciBranch+"-"+arch)
|
||||||
} else if ciBranch != "master" && publicRepo.MatchString(ciBranch) {
|
} else if ciBranch != masterTag && publicRepo.MatchString(ciBranch) {
|
||||||
login(docker)
|
login(docker)
|
||||||
deploy(docker, "PR"+ciPullRequest+"-"+arch)
|
deploy(docker, "PR"+ciPullRequest+"-"+arch)
|
||||||
} else if ciBranch == "master" && ciPullRequest == "false" {
|
} else if ciBranch == masterTag && ciPullRequest == stringFalse {
|
||||||
login(docker)
|
login(docker)
|
||||||
deploy(docker, "master-"+arch)
|
deploy(docker, "master-"+arch)
|
||||||
} else {
|
} else {
|
||||||
|
@ -248,13 +248,13 @@ func publishDockerManifest() {
|
||||||
} else {
|
} else {
|
||||||
log.Fatal("Docker manifest will not be published, the specified tag does not conform to the standard")
|
log.Fatal("Docker manifest will not be published, the specified tag does not conform to the standard")
|
||||||
}
|
}
|
||||||
} else if ciBranch != "master" && !publicRepo.MatchString(ciBranch) {
|
} else if ciBranch != masterTag && !publicRepo.MatchString(ciBranch) {
|
||||||
login(docker)
|
login(docker)
|
||||||
deployManifest(docker, ciBranch, ciBranch+"-amd64", ciBranch+"-arm32v7", ciBranch+"-arm64v8")
|
deployManifest(docker, ciBranch, ciBranch+"-amd64", ciBranch+"-arm32v7", ciBranch+"-arm64v8")
|
||||||
} else if ciBranch != "master" && publicRepo.MatchString(ciBranch) {
|
} else if ciBranch != masterTag && publicRepo.MatchString(ciBranch) {
|
||||||
login(docker)
|
login(docker)
|
||||||
deployManifest(docker, "PR"+ciPullRequest, "PR"+ciPullRequest+"-amd64", "PR"+ciPullRequest+"-arm32v7", "PR"+ciPullRequest+"-arm64v8")
|
deployManifest(docker, "PR"+ciPullRequest, "PR"+ciPullRequest+"-amd64", "PR"+ciPullRequest+"-arm32v7", "PR"+ciPullRequest+"-arm64v8")
|
||||||
} else if ciBranch == "master" && ciPullRequest == "false" {
|
} else if ciBranch == masterTag && ciPullRequest == stringFalse {
|
||||||
login(docker)
|
login(docker)
|
||||||
deployManifest(docker, "master", "master-amd64", "master-arm32v7", "master-arm64v8")
|
deployManifest(docker, "master", "master-amd64", "master-arm32v7", "master-arm64v8")
|
||||||
publishDockerReadme(docker)
|
publishDockerReadme(docker)
|
||||||
|
|
|
@ -17,7 +17,7 @@ func RunUnitTest(cobraCmd *cobra.Command, args []string) {
|
||||||
}
|
}
|
||||||
|
|
||||||
cmd := utils.Shell("yarn test")
|
cmd := utils.Shell("yarn test")
|
||||||
cmd.Dir = "web"
|
cmd.Dir = webDirectory
|
||||||
cmd.Env = append(os.Environ(), "CI=true")
|
cmd.Env = append(os.Environ(), "CI=true")
|
||||||
if err := cmd.Run(); err != nil {
|
if err := cmd.Run(); err != nil {
|
||||||
log.Fatal(err)
|
log.Fatal(err)
|
||||||
|
|
|
@ -8,3 +8,8 @@ var DockerImageName = "authelia/authelia"
|
||||||
|
|
||||||
// IntermediateDockerImageName local name of the docker image.
|
// IntermediateDockerImageName local name of the docker image.
|
||||||
var IntermediateDockerImageName = "authelia:dist"
|
var IntermediateDockerImageName = "authelia:dist"
|
||||||
|
|
||||||
|
const masterTag = "master"
|
||||||
|
const stringFalse = "false"
|
||||||
|
const stringTrue = "true"
|
||||||
|
const webDirectory = "web"
|
|
@ -43,3 +43,7 @@ const (
|
||||||
|
|
||||||
// HashingPossibleSaltCharacters represents valid hashing runes.
|
// HashingPossibleSaltCharacters represents valid hashing runes.
|
||||||
var HashingPossibleSaltCharacters = []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/")
|
var HashingPossibleSaltCharacters = []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/")
|
||||||
|
|
||||||
|
const sha512 = "sha512"
|
||||||
|
|
||||||
|
const testPassword = "my;secure*password"
|
||||||
|
|
|
@ -54,7 +54,7 @@ func NewFileUserProvider(configuration *schema.FileAuthenticationBackendConfigur
|
||||||
// TODO: Remove this. This is only here to temporarily fix the username enumeration security flaw in #949.
|
// TODO: Remove this. This is only here to temporarily fix the username enumeration security flaw in #949.
|
||||||
// This generates a hash that should be usable to do a fake CheckUserPassword
|
// This generates a hash that should be usable to do a fake CheckUserPassword
|
||||||
algorithm := configuration.Password.Algorithm
|
algorithm := configuration.Password.Algorithm
|
||||||
if configuration.Password.Algorithm == "sha512" {
|
if configuration.Password.Algorithm == sha512 {
|
||||||
algorithm = HashingAlgorithmSHA512
|
algorithm = HashingAlgorithmSHA512
|
||||||
}
|
}
|
||||||
settings := getCryptSettings(utils.RandomString(configuration.Password.SaltLength, HashingPossibleSaltCharacters),
|
settings := getCryptSettings(utils.RandomString(configuration.Password.SaltLength, HashingPossibleSaltCharacters),
|
||||||
|
@ -143,7 +143,7 @@ func (p *FileUserProvider) UpdatePassword(username string, newPassword string) e
|
||||||
var algorithm string
|
var algorithm string
|
||||||
if p.configuration.Password.Algorithm == "argon2id" {
|
if p.configuration.Password.Algorithm == "argon2id" {
|
||||||
algorithm = HashingAlgorithmArgon2id
|
algorithm = HashingAlgorithmArgon2id
|
||||||
} else if p.configuration.Password.Algorithm == "sha512" {
|
} else if p.configuration.Password.Algorithm == sha512 {
|
||||||
algorithm = HashingAlgorithmSHA512
|
algorithm = HashingAlgorithmSHA512
|
||||||
} else {
|
} else {
|
||||||
return errors.New("Invalid algorithm in configuration. It should be `argon2id` or `sha512`")
|
return errors.New("Invalid algorithm in configuration. It should be `argon2id` or `sha512`")
|
||||||
|
|
|
@ -299,7 +299,7 @@ func TestNumberOfRoundsNotInt(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestShouldCheckPasswordArgon2idHashedWithAuthelia(t *testing.T) {
|
func TestShouldCheckPasswordArgon2idHashedWithAuthelia(t *testing.T) {
|
||||||
password := "my;secure*password"
|
password := testPassword
|
||||||
hash, err := HashPassword(password, "", HashingAlgorithmArgon2id, schema.DefaultCIPasswordConfiguration.Iterations,
|
hash, err := HashPassword(password, "", HashingAlgorithmArgon2id, schema.DefaultCIPasswordConfiguration.Iterations,
|
||||||
schema.DefaultCIPasswordConfiguration.Memory*1024, schema.DefaultCIPasswordConfiguration.Parallelism,
|
schema.DefaultCIPasswordConfiguration.Memory*1024, schema.DefaultCIPasswordConfiguration.Parallelism,
|
||||||
schema.DefaultCIPasswordConfiguration.KeyLength, schema.DefaultCIPasswordConfiguration.SaltLength)
|
schema.DefaultCIPasswordConfiguration.KeyLength, schema.DefaultCIPasswordConfiguration.SaltLength)
|
||||||
|
@ -313,7 +313,7 @@ func TestShouldCheckPasswordArgon2idHashedWithAuthelia(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestShouldCheckPasswordSHA512HashedWithAuthelia(t *testing.T) {
|
func TestShouldCheckPasswordSHA512HashedWithAuthelia(t *testing.T) {
|
||||||
password := "my;secure*password"
|
password := testPassword
|
||||||
hash, err := HashPassword(password, "", HashingAlgorithmSHA512, schema.DefaultPasswordSHA512Configuration.Iterations,
|
hash, err := HashPassword(password, "", HashingAlgorithmSHA512, schema.DefaultPasswordSHA512Configuration.Iterations,
|
||||||
0, 0, 0, schema.DefaultPasswordSHA512Configuration.SaltLength)
|
0, 0, 0, schema.DefaultPasswordSHA512Configuration.SaltLength)
|
||||||
|
|
||||||
|
|
|
@ -17,7 +17,7 @@ type ACLRule struct {
|
||||||
|
|
||||||
// IsPolicyValid check if policy is valid.
|
// IsPolicyValid check if policy is valid.
|
||||||
func IsPolicyValid(policy string) bool {
|
func IsPolicyValid(policy string) bool {
|
||||||
return policy == "deny" || policy == "one_factor" || policy == "two_factor" || policy == "bypass"
|
return policy == denyPolicy || policy == "one_factor" || policy == "two_factor" || policy == "bypass"
|
||||||
}
|
}
|
||||||
|
|
||||||
// IsSubjectValid check if a subject is valid.
|
// IsSubjectValid check if a subject is valid.
|
||||||
|
@ -63,7 +63,7 @@ type AccessControlConfiguration struct {
|
||||||
// Validate validate the access control configuration.
|
// Validate validate the access control configuration.
|
||||||
func (acc *AccessControlConfiguration) Validate(validator *StructValidator) {
|
func (acc *AccessControlConfiguration) Validate(validator *StructValidator) {
|
||||||
if acc.DefaultPolicy == "" {
|
if acc.DefaultPolicy == "" {
|
||||||
acc.DefaultPolicy = "deny"
|
acc.DefaultPolicy = denyPolicy
|
||||||
}
|
}
|
||||||
|
|
||||||
if !IsPolicyValid(acc.DefaultPolicy) {
|
if !IsPolicyValid(acc.DefaultPolicy) {
|
||||||
|
|
|
@ -0,0 +1,3 @@
|
||||||
|
package schema
|
||||||
|
|
||||||
|
const denyPolicy = "deny"
|
|
@ -22,14 +22,14 @@ func validateFileAuthenticationBackend(configuration *schema.FileAuthenticationB
|
||||||
configuration.Password.Algorithm = schema.DefaultPasswordConfiguration.Algorithm
|
configuration.Password.Algorithm = schema.DefaultPasswordConfiguration.Algorithm
|
||||||
} else {
|
} else {
|
||||||
configuration.Password.Algorithm = strings.ToLower(configuration.Password.Algorithm)
|
configuration.Password.Algorithm = strings.ToLower(configuration.Password.Algorithm)
|
||||||
if configuration.Password.Algorithm != "argon2id" && configuration.Password.Algorithm != "sha512" {
|
if configuration.Password.Algorithm != argon2id && configuration.Password.Algorithm != sha512 {
|
||||||
validator.Push(fmt.Errorf("Unknown hashing algorithm supplied, valid values are argon2id and sha512, you configured '%s'", configuration.Password.Algorithm))
|
validator.Push(fmt.Errorf("Unknown hashing algorithm supplied, valid values are argon2id and sha512, you configured '%s'", configuration.Password.Algorithm))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Iterations (time)
|
// Iterations (time)
|
||||||
if configuration.Password.Iterations == 0 {
|
if configuration.Password.Iterations == 0 {
|
||||||
if configuration.Password.Algorithm == "argon2id" {
|
if configuration.Password.Algorithm == argon2id {
|
||||||
configuration.Password.Iterations = schema.DefaultPasswordConfiguration.Iterations
|
configuration.Password.Iterations = schema.DefaultPasswordConfiguration.Iterations
|
||||||
} else {
|
} else {
|
||||||
configuration.Password.Iterations = schema.DefaultPasswordSHA512Configuration.Iterations
|
configuration.Password.Iterations = schema.DefaultPasswordSHA512Configuration.Iterations
|
||||||
|
@ -47,7 +47,7 @@ func validateFileAuthenticationBackend(configuration *schema.FileAuthenticationB
|
||||||
validator.Push(fmt.Errorf("The salt length must be 16 or less, you configured %d", configuration.Password.SaltLength))
|
validator.Push(fmt.Errorf("The salt length must be 16 or less, you configured %d", configuration.Password.SaltLength))
|
||||||
}
|
}
|
||||||
|
|
||||||
if configuration.Password.Algorithm == "argon2id" {
|
if configuration.Password.Algorithm == argon2id {
|
||||||
// Parallelism
|
// Parallelism
|
||||||
if configuration.Password.Parallelism == 0 {
|
if configuration.Password.Parallelism == 0 {
|
||||||
configuration.Password.Parallelism = schema.DefaultPasswordConfiguration.Parallelism
|
configuration.Password.Parallelism = schema.DefaultPasswordConfiguration.Parallelism
|
||||||
|
@ -80,14 +80,14 @@ func validateLdapURL(ldapURL string, validator *schema.StructValidator) string {
|
||||||
return ""
|
return ""
|
||||||
}
|
}
|
||||||
|
|
||||||
if !(u.Scheme == "ldap" || u.Scheme == "ldaps") {
|
if !(u.Scheme == schemeLDAP || u.Scheme == schemeLDAPS) {
|
||||||
validator.Push(errors.New("Unknown scheme for ldap url, should be ldap:// or ldaps://"))
|
validator.Push(errors.New("Unknown scheme for ldap url, should be ldap:// or ldaps://"))
|
||||||
return ""
|
return ""
|
||||||
}
|
}
|
||||||
|
|
||||||
if u.Scheme == "ldap" && u.Port() == "" {
|
if u.Scheme == schemeLDAP && u.Port() == "" {
|
||||||
u.Host += ":389"
|
u.Host += ":389"
|
||||||
} else if u.Scheme == "ldaps" && u.Port() == "" {
|
} else if u.Scheme == schemeLDAPS && u.Port() == "" {
|
||||||
u.Host += ":636"
|
u.Host += ":636"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -14,7 +14,7 @@ func newDefaultConfig() schema.Configuration {
|
||||||
config.Host = "127.0.0.1"
|
config.Host = "127.0.0.1"
|
||||||
config.Port = 9090
|
config.Port = 9090
|
||||||
config.LogLevel = "info"
|
config.LogLevel = "info"
|
||||||
config.JWTSecret = "a_secret"
|
config.JWTSecret = testJWTSecret
|
||||||
config.AuthenticationBackend.File = new(schema.FileAuthenticationBackendConfiguration)
|
config.AuthenticationBackend.File = new(schema.FileAuthenticationBackendConfiguration)
|
||||||
config.AuthenticationBackend.File.Path = "/a/path"
|
config.AuthenticationBackend.File.Path = "/a/path"
|
||||||
config.Session = schema.SessionConfiguration{
|
config.Session = schema.SessionConfiguration{
|
||||||
|
@ -104,7 +104,7 @@ func TestShouldAddDefaultAccessControl(t *testing.T) {
|
||||||
func TestShouldRaiseErrorWhenTLSCertWithoutKeyIsProvided(t *testing.T) {
|
func TestShouldRaiseErrorWhenTLSCertWithoutKeyIsProvided(t *testing.T) {
|
||||||
validator := schema.NewStructValidator()
|
validator := schema.NewStructValidator()
|
||||||
config := newDefaultConfig()
|
config := newDefaultConfig()
|
||||||
config.TLSCert = "/tmp/cert.pem"
|
config.TLSCert = testTLSCert
|
||||||
|
|
||||||
ValidateConfiguration(&config, validator)
|
ValidateConfiguration(&config, validator)
|
||||||
require.Len(t, validator.Errors(), 1)
|
require.Len(t, validator.Errors(), 1)
|
||||||
|
@ -114,7 +114,7 @@ func TestShouldRaiseErrorWhenTLSCertWithoutKeyIsProvided(t *testing.T) {
|
||||||
func TestShouldRaiseErrorWhenTLSKeyWithoutCertIsProvided(t *testing.T) {
|
func TestShouldRaiseErrorWhenTLSKeyWithoutCertIsProvided(t *testing.T) {
|
||||||
validator := schema.NewStructValidator()
|
validator := schema.NewStructValidator()
|
||||||
config := newDefaultConfig()
|
config := newDefaultConfig()
|
||||||
config.TLSKey = "/tmp/key.pem"
|
config.TLSKey = testTLSKey
|
||||||
|
|
||||||
ValidateConfiguration(&config, validator)
|
ValidateConfiguration(&config, validator)
|
||||||
require.Len(t, validator.Errors(), 1)
|
require.Len(t, validator.Errors(), 1)
|
||||||
|
@ -124,8 +124,8 @@ func TestShouldRaiseErrorWhenTLSKeyWithoutCertIsProvided(t *testing.T) {
|
||||||
func TestShouldNotRaiseErrorWhenBothTLSCertificateAndKeyAreProvided(t *testing.T) {
|
func TestShouldNotRaiseErrorWhenBothTLSCertificateAndKeyAreProvided(t *testing.T) {
|
||||||
validator := schema.NewStructValidator()
|
validator := schema.NewStructValidator()
|
||||||
config := newDefaultConfig()
|
config := newDefaultConfig()
|
||||||
config.TLSCert = "/tmp/cert.pem"
|
config.TLSCert = testTLSCert
|
||||||
config.TLSKey = "/tmp/key.pem"
|
config.TLSKey = testTLSKey
|
||||||
|
|
||||||
ValidateConfiguration(&config, validator)
|
ValidateConfiguration(&config, validator)
|
||||||
require.Len(t, validator.Errors(), 0)
|
require.Len(t, validator.Errors(), 0)
|
||||||
|
|
|
@ -150,3 +150,15 @@ var specificErrorKeys = map[string]string{
|
||||||
"authentication_backend.file.hashing.memory": "config key incorrect: authentication_backend.file.hashing should be authentication_backend.file.password",
|
"authentication_backend.file.hashing.memory": "config key incorrect: authentication_backend.file.hashing should be authentication_backend.file.password",
|
||||||
"authentication_backend.file.hashing.parallelism": "config key incorrect: authentication_backend.file.hashing should be authentication_backend.file.password",
|
"authentication_backend.file.hashing.parallelism": "config key incorrect: authentication_backend.file.hashing should be authentication_backend.file.password",
|
||||||
}
|
}
|
||||||
|
|
||||||
|
const argon2id = "argon2id"
|
||||||
|
const sha512 = "sha512"
|
||||||
|
|
||||||
|
const schemeLDAP = "ldap"
|
||||||
|
const schemeLDAPS = "ldaps"
|
||||||
|
|
||||||
|
const testBadTimer = "-1"
|
||||||
|
const testModeDisabled = "disable"
|
||||||
|
const testJWTSecret = "a_secret"
|
||||||
|
const testTLSCert = "/tmp/cert.pem"
|
||||||
|
const testTLSKey = "/tmp/key.pem"
|
||||||
|
|
|
@ -10,7 +10,7 @@ import (
|
||||||
|
|
||||||
func newDefaultSessionConfig() schema.SessionConfiguration {
|
func newDefaultSessionConfig() schema.SessionConfiguration {
|
||||||
config := schema.SessionConfiguration{}
|
config := schema.SessionConfiguration{}
|
||||||
config.Secret = "a_secret"
|
config.Secret = testJWTSecret
|
||||||
config.Domain = "example.com"
|
config.Domain = "example.com"
|
||||||
return config
|
return config
|
||||||
}
|
}
|
||||||
|
@ -78,8 +78,8 @@ func TestShouldRaiseErrorWhenDomainNotSet(t *testing.T) {
|
||||||
func TestShouldRaiseErrorWhenBadInactivityAndExpirationSet(t *testing.T) {
|
func TestShouldRaiseErrorWhenBadInactivityAndExpirationSet(t *testing.T) {
|
||||||
validator := schema.NewStructValidator()
|
validator := schema.NewStructValidator()
|
||||||
config := newDefaultSessionConfig()
|
config := newDefaultSessionConfig()
|
||||||
config.Inactivity = "-1"
|
config.Inactivity = testBadTimer
|
||||||
config.Expiration = "-1"
|
config.Expiration = testBadTimer
|
||||||
|
|
||||||
ValidateSession(&config, validator)
|
ValidateSession(&config, validator)
|
||||||
|
|
||||||
|
|
|
@ -35,10 +35,10 @@ func validatePostgreSQLConfiguration(configuration *schema.PostgreSQLStorageConf
|
||||||
validateSQLConfiguration(&configuration.SQLStorageConfiguration, validator)
|
validateSQLConfiguration(&configuration.SQLStorageConfiguration, validator)
|
||||||
|
|
||||||
if configuration.SSLMode == "" {
|
if configuration.SSLMode == "" {
|
||||||
configuration.SSLMode = "disable"
|
configuration.SSLMode = testModeDisabled
|
||||||
}
|
}
|
||||||
|
|
||||||
if !(configuration.SSLMode == "disable" || configuration.SSLMode == "require" ||
|
if !(configuration.SSLMode == testModeDisabled || configuration.SSLMode == "require" ||
|
||||||
configuration.SSLMode == "verify-ca" || configuration.SSLMode == "verify-full") {
|
configuration.SSLMode == "verify-ca" || configuration.SSLMode == "verify-full") {
|
||||||
validator.Push(errors.New("SSL mode must be 'disable', 'require', 'verify-ca', or 'verify-full'"))
|
validator.Push(errors.New("SSL mode must be 'disable', 'require', 'verify-ca', or 'verify-full'"))
|
||||||
}
|
}
|
||||||
|
|
|
@ -34,3 +34,9 @@ const unableToRegisterOneTimePasswordMessage = "Unable to set up one-time passwo
|
||||||
const unableToRegisterSecurityKeyMessage = "Unable to register your security key."
|
const unableToRegisterSecurityKeyMessage = "Unable to register your security key."
|
||||||
const unableToResetPasswordMessage = "Unable to reset your password."
|
const unableToResetPasswordMessage = "Unable to reset your password."
|
||||||
const mfaValidationFailedMessage = "Authentication failed, please retry later."
|
const mfaValidationFailedMessage = "Authentication failed, please retry later."
|
||||||
|
|
||||||
|
const testGATrackingID = "ABC"
|
||||||
|
const testInactivity = "10"
|
||||||
|
const testRedirectionURL = "http://redirection.local"
|
||||||
|
const testResultAllow = "allow"
|
||||||
|
const testUsername = "john"
|
||||||
|
|
|
@ -25,7 +25,7 @@ func (s *ConfigurationSuite) TearDownTest() {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *ConfigurationSuite) TestShouldReturnConfiguredGATrackingID() {
|
func (s *ConfigurationSuite) TestShouldReturnConfiguredGATrackingID() {
|
||||||
GATrackingID := "ABC"
|
GATrackingID := testGATrackingID
|
||||||
s.mock.Ctx.Configuration.GoogleAnalyticsTrackingID = GATrackingID
|
s.mock.Ctx.Configuration.GoogleAnalyticsTrackingID = GATrackingID
|
||||||
s.mock.Ctx.Configuration.Session.RememberMeDuration = schema.DefaultSessionConfiguration.RememberMeDuration
|
s.mock.Ctx.Configuration.Session.RememberMeDuration = schema.DefaultSessionConfiguration.RememberMeDuration
|
||||||
|
|
||||||
|
@ -40,7 +40,7 @@ func (s *ConfigurationSuite) TestShouldReturnConfiguredGATrackingID() {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *ConfigurationSuite) TestShouldDisableRememberMe() {
|
func (s *ConfigurationSuite) TestShouldDisableRememberMe() {
|
||||||
GATrackingID := "ABC"
|
GATrackingID := testGATrackingID
|
||||||
s.mock.Ctx.Configuration.GoogleAnalyticsTrackingID = GATrackingID
|
s.mock.Ctx.Configuration.GoogleAnalyticsTrackingID = GATrackingID
|
||||||
s.mock.Ctx.Configuration.Session.RememberMeDuration = "0"
|
s.mock.Ctx.Configuration.Session.RememberMeDuration = "0"
|
||||||
s.mock.Ctx.Providers.SessionProvider = session.NewProvider(
|
s.mock.Ctx.Providers.SessionProvider = session.NewProvider(
|
||||||
|
@ -56,7 +56,7 @@ func (s *ConfigurationSuite) TestShouldDisableRememberMe() {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *ConfigurationSuite) TestShouldDisableResetPassword() {
|
func (s *ConfigurationSuite) TestShouldDisableResetPassword() {
|
||||||
GATrackingID := "ABC"
|
GATrackingID := testGATrackingID
|
||||||
s.mock.Ctx.Configuration.GoogleAnalyticsTrackingID = GATrackingID
|
s.mock.Ctx.Configuration.GoogleAnalyticsTrackingID = GATrackingID
|
||||||
s.mock.Ctx.Configuration.AuthenticationBackend.DisableResetPassword = true
|
s.mock.Ctx.Configuration.AuthenticationBackend.DisableResetPassword = true
|
||||||
expectedBody := ConfigurationBody{
|
expectedBody := ConfigurationBody{
|
||||||
|
|
|
@ -19,7 +19,7 @@ type LogoutSuite struct {
|
||||||
func (s *LogoutSuite) SetupTest() {
|
func (s *LogoutSuite) SetupTest() {
|
||||||
s.mock = mocks.NewMockAutheliaCtx(s.T())
|
s.mock = mocks.NewMockAutheliaCtx(s.T())
|
||||||
userSession := s.mock.Ctx.GetSession()
|
userSession := s.mock.Ctx.GetSession()
|
||||||
userSession.Username = "john"
|
userSession.Username = testUsername
|
||||||
s.mock.Ctx.SaveSession(userSession) //nolint:errcheck // TODO: Legacy code, consider refactoring time permitting.
|
s.mock.Ctx.SaveSession(userSession) //nolint:errcheck // TODO: Legacy code, consider refactoring time permitting.
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -24,7 +24,7 @@ func (s *HandlerRegisterU2FStep1Suite) SetupTest() {
|
||||||
s.mock = mocks.NewMockAutheliaCtx(s.T())
|
s.mock = mocks.NewMockAutheliaCtx(s.T())
|
||||||
|
|
||||||
userSession := s.mock.Ctx.GetSession()
|
userSession := s.mock.Ctx.GetSession()
|
||||||
userSession.Username = "john"
|
userSession.Username = testUsername
|
||||||
s.mock.Ctx.SaveSession(userSession) //nolint:errcheck // TODO: Legacy code, consider refactoring time permitting.
|
s.mock.Ctx.SaveSession(userSession) //nolint:errcheck // TODO: Legacy code, consider refactoring time permitting.
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -52,7 +52,7 @@ func SecondFactorDuoPost(duoAPI duo.API) middlewares.RequestHandler {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if duoResponse.Response.Result != "allow" {
|
if duoResponse.Response.Result != testResultAllow {
|
||||||
ctx.ReplyUnauthorized()
|
ctx.ReplyUnauthorized()
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
|
@ -24,7 +24,7 @@ type SecondFactorDuoPostSuite struct {
|
||||||
func (s *SecondFactorDuoPostSuite) SetupTest() {
|
func (s *SecondFactorDuoPostSuite) SetupTest() {
|
||||||
s.mock = mocks.NewMockAutheliaCtx(s.T())
|
s.mock = mocks.NewMockAutheliaCtx(s.T())
|
||||||
userSession := s.mock.Ctx.GetSession()
|
userSession := s.mock.Ctx.GetSession()
|
||||||
userSession.Username = "john"
|
userSession.Username = testUsername
|
||||||
s.mock.Ctx.SaveSession(userSession) //nolint:errcheck // TODO: Legacy code, consider refactoring time permitting.
|
s.mock.Ctx.SaveSession(userSession) //nolint:errcheck // TODO: Legacy code, consider refactoring time permitting.
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -43,7 +43,7 @@ func (s *SecondFactorDuoPostSuite) TestShouldCallDuoAPIAndAllowAccess() {
|
||||||
values.Set("pushinfo", "target%20url=https://target.example.com")
|
values.Set("pushinfo", "target%20url=https://target.example.com")
|
||||||
|
|
||||||
response := duo.Response{}
|
response := duo.Response{}
|
||||||
response.Response.Result = "allow"
|
response.Response.Result = testResultAllow
|
||||||
|
|
||||||
duoMock.EXPECT().Call(gomock.Eq(values), s.mock.Ctx).Return(&response, nil)
|
duoMock.EXPECT().Call(gomock.Eq(values), s.mock.Ctx).Return(&response, nil)
|
||||||
|
|
||||||
|
@ -99,11 +99,11 @@ func (s *SecondFactorDuoPostSuite) TestShouldRedirectUserToDefaultURL() {
|
||||||
duoMock := mocks.NewMockAPI(s.mock.Ctrl)
|
duoMock := mocks.NewMockAPI(s.mock.Ctrl)
|
||||||
|
|
||||||
response := duo.Response{}
|
response := duo.Response{}
|
||||||
response.Response.Result = "allow"
|
response.Response.Result = testResultAllow
|
||||||
|
|
||||||
duoMock.EXPECT().Call(gomock.Any(), s.mock.Ctx).Return(&response, nil)
|
duoMock.EXPECT().Call(gomock.Any(), s.mock.Ctx).Return(&response, nil)
|
||||||
|
|
||||||
s.mock.Ctx.Configuration.DefaultRedirectionURL = "http://redirection.local"
|
s.mock.Ctx.Configuration.DefaultRedirectionURL = testRedirectionURL
|
||||||
|
|
||||||
bodyBytes, err := json.Marshal(signDuoRequestBody{})
|
bodyBytes, err := json.Marshal(signDuoRequestBody{})
|
||||||
s.Require().NoError(err)
|
s.Require().NoError(err)
|
||||||
|
@ -111,7 +111,7 @@ func (s *SecondFactorDuoPostSuite) TestShouldRedirectUserToDefaultURL() {
|
||||||
|
|
||||||
SecondFactorDuoPost(duoMock)(s.mock.Ctx)
|
SecondFactorDuoPost(duoMock)(s.mock.Ctx)
|
||||||
s.mock.Assert200OK(s.T(), redirectResponse{
|
s.mock.Assert200OK(s.T(), redirectResponse{
|
||||||
Redirect: "http://redirection.local",
|
Redirect: testRedirectionURL,
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -119,7 +119,7 @@ func (s *SecondFactorDuoPostSuite) TestShouldNotReturnRedirectURL() {
|
||||||
duoMock := mocks.NewMockAPI(s.mock.Ctrl)
|
duoMock := mocks.NewMockAPI(s.mock.Ctrl)
|
||||||
|
|
||||||
response := duo.Response{}
|
response := duo.Response{}
|
||||||
response.Response.Result = "allow"
|
response.Response.Result = testResultAllow
|
||||||
|
|
||||||
duoMock.EXPECT().Call(gomock.Any(), s.mock.Ctx).Return(&response, nil)
|
duoMock.EXPECT().Call(gomock.Any(), s.mock.Ctx).Return(&response, nil)
|
||||||
|
|
||||||
|
@ -135,7 +135,7 @@ func (s *SecondFactorDuoPostSuite) TestShouldRedirectUserToSafeTargetURL() {
|
||||||
duoMock := mocks.NewMockAPI(s.mock.Ctrl)
|
duoMock := mocks.NewMockAPI(s.mock.Ctrl)
|
||||||
|
|
||||||
response := duo.Response{}
|
response := duo.Response{}
|
||||||
response.Response.Result = "allow"
|
response.Response.Result = testResultAllow
|
||||||
|
|
||||||
duoMock.EXPECT().Call(gomock.Any(), s.mock.Ctx).Return(&response, nil)
|
duoMock.EXPECT().Call(gomock.Any(), s.mock.Ctx).Return(&response, nil)
|
||||||
|
|
||||||
|
@ -155,7 +155,7 @@ func (s *SecondFactorDuoPostSuite) TestShouldNotRedirectToUnsafeURL() {
|
||||||
duoMock := mocks.NewMockAPI(s.mock.Ctrl)
|
duoMock := mocks.NewMockAPI(s.mock.Ctrl)
|
||||||
|
|
||||||
response := duo.Response{}
|
response := duo.Response{}
|
||||||
response.Response.Result = "allow"
|
response.Response.Result = testResultAllow
|
||||||
|
|
||||||
duoMock.EXPECT().Call(gomock.Any(), s.mock.Ctx).Return(&response, nil)
|
duoMock.EXPECT().Call(gomock.Any(), s.mock.Ctx).Return(&response, nil)
|
||||||
|
|
||||||
|
@ -173,7 +173,7 @@ func (s *SecondFactorDuoPostSuite) TestShouldRegenerateSessionForPreventingSessi
|
||||||
duoMock := mocks.NewMockAPI(s.mock.Ctrl)
|
duoMock := mocks.NewMockAPI(s.mock.Ctrl)
|
||||||
|
|
||||||
response := duo.Response{}
|
response := duo.Response{}
|
||||||
response.Response.Result = "allow"
|
response.Response.Result = testResultAllow
|
||||||
|
|
||||||
duoMock.EXPECT().Call(gomock.Any(), s.mock.Ctx).Return(&response, nil)
|
duoMock.EXPECT().Call(gomock.Any(), s.mock.Ctx).Return(&response, nil)
|
||||||
|
|
||||||
|
|
|
@ -22,7 +22,7 @@ type HandlerSignTOTPSuite struct {
|
||||||
func (s *HandlerSignTOTPSuite) SetupTest() {
|
func (s *HandlerSignTOTPSuite) SetupTest() {
|
||||||
s.mock = mocks.NewMockAutheliaCtx(s.T())
|
s.mock = mocks.NewMockAutheliaCtx(s.T())
|
||||||
userSession := s.mock.Ctx.GetSession()
|
userSession := s.mock.Ctx.GetSession()
|
||||||
userSession.Username = "john"
|
userSession.Username = testUsername
|
||||||
userSession.U2FChallenge = &u2f.Challenge{}
|
userSession.U2FChallenge = &u2f.Challenge{}
|
||||||
userSession.U2FRegistration = &session.U2FRegistration{}
|
userSession.U2FRegistration = &session.U2FRegistration{}
|
||||||
s.mock.Ctx.SaveSession(userSession) //nolint:errcheck // TODO: Legacy code, consider refactoring time permitting.
|
s.mock.Ctx.SaveSession(userSession) //nolint:errcheck // TODO: Legacy code, consider refactoring time permitting.
|
||||||
|
@ -43,7 +43,7 @@ func (s *HandlerSignTOTPSuite) TestShouldRedirectUserToDefaultURL() {
|
||||||
Verify(gomock.Eq("abc"), gomock.Eq("secret")).
|
Verify(gomock.Eq("abc"), gomock.Eq("secret")).
|
||||||
Return(true, nil)
|
Return(true, nil)
|
||||||
|
|
||||||
s.mock.Ctx.Configuration.DefaultRedirectionURL = "http://redirection.local"
|
s.mock.Ctx.Configuration.DefaultRedirectionURL = testRedirectionURL
|
||||||
|
|
||||||
bodyBytes, err := json.Marshal(signTOTPRequestBody{
|
bodyBytes, err := json.Marshal(signTOTPRequestBody{
|
||||||
Token: "abc",
|
Token: "abc",
|
||||||
|
@ -53,7 +53,7 @@ func (s *HandlerSignTOTPSuite) TestShouldRedirectUserToDefaultURL() {
|
||||||
|
|
||||||
SecondFactorTOTPPost(verifier)(s.mock.Ctx)
|
SecondFactorTOTPPost(verifier)(s.mock.Ctx)
|
||||||
s.mock.Assert200OK(s.T(), redirectResponse{
|
s.mock.Assert200OK(s.T(), redirectResponse{
|
||||||
Redirect: "http://redirection.local",
|
Redirect: testRedirectionURL,
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -22,7 +22,7 @@ type HandlerSignU2FStep2Suite struct {
|
||||||
func (s *HandlerSignU2FStep2Suite) SetupTest() {
|
func (s *HandlerSignU2FStep2Suite) SetupTest() {
|
||||||
s.mock = mocks.NewMockAutheliaCtx(s.T())
|
s.mock = mocks.NewMockAutheliaCtx(s.T())
|
||||||
userSession := s.mock.Ctx.GetSession()
|
userSession := s.mock.Ctx.GetSession()
|
||||||
userSession.Username = "john"
|
userSession.Username = testUsername
|
||||||
userSession.U2FChallenge = &u2f.Challenge{}
|
userSession.U2FChallenge = &u2f.Challenge{}
|
||||||
userSession.U2FRegistration = &session.U2FRegistration{}
|
userSession.U2FRegistration = &session.U2FRegistration{}
|
||||||
s.mock.Ctx.SaveSession(userSession) //nolint:errcheck // TODO: Legacy code, consider refactoring time permitting.
|
s.mock.Ctx.SaveSession(userSession) //nolint:errcheck // TODO: Legacy code, consider refactoring time permitting.
|
||||||
|
@ -39,7 +39,7 @@ func (s *HandlerSignU2FStep2Suite) TestShouldRedirectUserToDefaultURL() {
|
||||||
Verify(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).
|
Verify(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).
|
||||||
Return(nil)
|
Return(nil)
|
||||||
|
|
||||||
s.mock.Ctx.Configuration.DefaultRedirectionURL = "http://redirection.local"
|
s.mock.Ctx.Configuration.DefaultRedirectionURL = testRedirectionURL
|
||||||
|
|
||||||
bodyBytes, err := json.Marshal(signU2FRequestBody{
|
bodyBytes, err := json.Marshal(signU2FRequestBody{
|
||||||
SignResponse: u2f.SignResponse{},
|
SignResponse: u2f.SignResponse{},
|
||||||
|
@ -49,7 +49,7 @@ func (s *HandlerSignU2FStep2Suite) TestShouldRedirectUserToDefaultURL() {
|
||||||
|
|
||||||
SecondFactorU2FSignPost(u2fVerifier)(s.mock.Ctx)
|
SecondFactorU2FSignPost(u2fVerifier)(s.mock.Ctx)
|
||||||
s.mock.Assert200OK(s.T(), redirectResponse{
|
s.mock.Assert200OK(s.T(), redirectResponse{
|
||||||
Redirect: "http://redirection.local",
|
Redirect: testRedirectionURL,
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -22,7 +22,7 @@ func (s *FetchSuite) SetupTest() {
|
||||||
s.mock = mocks.NewMockAutheliaCtx(s.T())
|
s.mock = mocks.NewMockAutheliaCtx(s.T())
|
||||||
// Set the initial user session.
|
// Set the initial user session.
|
||||||
userSession := s.mock.Ctx.GetSession()
|
userSession := s.mock.Ctx.GetSession()
|
||||||
userSession.Username = "john"
|
userSession.Username = testUsername
|
||||||
userSession.AuthenticationLevel = 1
|
userSession.AuthenticationLevel = 1
|
||||||
s.mock.Ctx.SaveSession(userSession) //nolint:errcheck // TODO: Legacy code, consider refactoring time permitting.
|
s.mock.Ctx.SaveSession(userSession) //nolint:errcheck // TODO: Legacy code, consider refactoring time permitting.
|
||||||
}
|
}
|
||||||
|
@ -90,7 +90,7 @@ func TestMethodSetToU2F(t *testing.T) {
|
||||||
mock := mocks.NewMockAutheliaCtx(t)
|
mock := mocks.NewMockAutheliaCtx(t)
|
||||||
// Set the initial user session.
|
// Set the initial user session.
|
||||||
userSession := mock.Ctx.GetSession()
|
userSession := mock.Ctx.GetSession()
|
||||||
userSession.Username = "john"
|
userSession.Username = testUsername
|
||||||
userSession.AuthenticationLevel = 1
|
userSession.AuthenticationLevel = 1
|
||||||
mock.Ctx.SaveSession(userSession) //nolint:errcheck // TODO: Legacy code, consider refactoring time permitting.
|
mock.Ctx.SaveSession(userSession) //nolint:errcheck // TODO: Legacy code, consider refactoring time permitting.
|
||||||
|
|
||||||
|
@ -168,7 +168,7 @@ func (s *SaveSuite) SetupTest() {
|
||||||
s.mock = mocks.NewMockAutheliaCtx(s.T())
|
s.mock = mocks.NewMockAutheliaCtx(s.T())
|
||||||
// Set the initial user session.
|
// Set the initial user session.
|
||||||
userSession := s.mock.Ctx.GetSession()
|
userSession := s.mock.Ctx.GetSession()
|
||||||
userSession.Username = "john"
|
userSession.Username = testUsername
|
||||||
userSession.AuthenticationLevel = 1
|
userSession.AuthenticationLevel = 1
|
||||||
s.mock.Ctx.SaveSession(userSession) //nolint:errcheck // TODO: Legacy code, consider refactoring time permitting.
|
s.mock.Ctx.SaveSession(userSession) //nolint:errcheck // TODO: Legacy code, consider refactoring time permitting.
|
||||||
}
|
}
|
||||||
|
|
|
@ -176,7 +176,7 @@ func TestShouldCheckAuthorizationMatching(t *testing.T) {
|
||||||
|
|
||||||
username := ""
|
username := ""
|
||||||
if rule.AuthLevel > authentication.NotAuthenticated {
|
if rule.AuthLevel > authentication.NotAuthenticated {
|
||||||
username = "john"
|
username = testUsername
|
||||||
}
|
}
|
||||||
|
|
||||||
matching := isTargetURLAuthorized(authorizer, *url, username, []string{}, net.ParseIP("127.0.0.1"), rule.AuthLevel)
|
matching := isTargetURLAuthorized(authorizer, *url, username, []string{}, net.ParseIP("127.0.0.1"), rule.AuthLevel)
|
||||||
|
@ -472,13 +472,13 @@ func TestShouldDestroySessionWhenInactiveForTooLong(t *testing.T) {
|
||||||
clock.Set(time.Now())
|
clock.Set(time.Now())
|
||||||
past := clock.Now().Add(-1 * time.Hour)
|
past := clock.Now().Add(-1 * time.Hour)
|
||||||
|
|
||||||
mock.Ctx.Configuration.Session.Inactivity = "10"
|
mock.Ctx.Configuration.Session.Inactivity = testInactivity
|
||||||
// Reload the session provider since the configuration is indirect.
|
// Reload the session provider since the configuration is indirect.
|
||||||
mock.Ctx.Providers.SessionProvider = session.NewProvider(mock.Ctx.Configuration.Session)
|
mock.Ctx.Providers.SessionProvider = session.NewProvider(mock.Ctx.Configuration.Session)
|
||||||
assert.Equal(t, time.Second*10, mock.Ctx.Providers.SessionProvider.Inactivity)
|
assert.Equal(t, time.Second*10, mock.Ctx.Providers.SessionProvider.Inactivity)
|
||||||
|
|
||||||
userSession := mock.Ctx.GetSession()
|
userSession := mock.Ctx.GetSession()
|
||||||
userSession.Username = "john"
|
userSession.Username = testUsername
|
||||||
userSession.AuthenticationLevel = authentication.TwoFactor
|
userSession.AuthenticationLevel = authentication.TwoFactor
|
||||||
userSession.LastActivity = past.Unix()
|
userSession.LastActivity = past.Unix()
|
||||||
mock.Ctx.SaveSession(userSession) //nolint:errcheck // TODO: Legacy code, consider refactoring time permitting.
|
mock.Ctx.SaveSession(userSession) //nolint:errcheck // TODO: Legacy code, consider refactoring time permitting.
|
||||||
|
@ -509,7 +509,7 @@ func TestShouldDestroySessionWhenInactiveForTooLongUsingDurationNotation(t *test
|
||||||
assert.Equal(t, time.Second*10, mock.Ctx.Providers.SessionProvider.Inactivity)
|
assert.Equal(t, time.Second*10, mock.Ctx.Providers.SessionProvider.Inactivity)
|
||||||
|
|
||||||
userSession := mock.Ctx.GetSession()
|
userSession := mock.Ctx.GetSession()
|
||||||
userSession.Username = "john"
|
userSession.Username = testUsername
|
||||||
userSession.AuthenticationLevel = authentication.TwoFactor
|
userSession.AuthenticationLevel = authentication.TwoFactor
|
||||||
userSession.LastActivity = clock.Now().Add(-1 * time.Hour).Unix()
|
userSession.LastActivity = clock.Now().Add(-1 * time.Hour).Unix()
|
||||||
mock.Ctx.SaveSession(userSession) //nolint:errcheck // TODO: Legacy code, consider refactoring time permitting.
|
mock.Ctx.SaveSession(userSession) //nolint:errcheck // TODO: Legacy code, consider refactoring time permitting.
|
||||||
|
@ -531,10 +531,10 @@ func TestShouldKeepSessionWhenUserCheckedRememberMeAndIsInactiveForTooLong(t *te
|
||||||
clock := mocks.TestingClock{}
|
clock := mocks.TestingClock{}
|
||||||
clock.Set(time.Now())
|
clock.Set(time.Now())
|
||||||
|
|
||||||
mock.Ctx.Configuration.Session.Inactivity = "10"
|
mock.Ctx.Configuration.Session.Inactivity = testInactivity
|
||||||
|
|
||||||
userSession := mock.Ctx.GetSession()
|
userSession := mock.Ctx.GetSession()
|
||||||
userSession.Username = "john"
|
userSession.Username = testUsername
|
||||||
userSession.AuthenticationLevel = authentication.TwoFactor
|
userSession.AuthenticationLevel = authentication.TwoFactor
|
||||||
userSession.LastActivity = 0
|
userSession.LastActivity = 0
|
||||||
userSession.KeepMeLoggedIn = true
|
userSession.KeepMeLoggedIn = true
|
||||||
|
@ -560,12 +560,12 @@ func TestShouldKeepSessionWhenInactivityTimeoutHasNotBeenExceeded(t *testing.T)
|
||||||
clock := mocks.TestingClock{}
|
clock := mocks.TestingClock{}
|
||||||
clock.Set(time.Now())
|
clock.Set(time.Now())
|
||||||
|
|
||||||
mock.Ctx.Configuration.Session.Inactivity = "10"
|
mock.Ctx.Configuration.Session.Inactivity = testInactivity
|
||||||
|
|
||||||
past := clock.Now().Add(-1 * time.Hour)
|
past := clock.Now().Add(-1 * time.Hour)
|
||||||
|
|
||||||
userSession := mock.Ctx.GetSession()
|
userSession := mock.Ctx.GetSession()
|
||||||
userSession.Username = "john"
|
userSession.Username = testUsername
|
||||||
userSession.AuthenticationLevel = authentication.TwoFactor
|
userSession.AuthenticationLevel = authentication.TwoFactor
|
||||||
userSession.LastActivity = past.Unix()
|
userSession.LastActivity = past.Unix()
|
||||||
mock.Ctx.SaveSession(userSession) //nolint:errcheck // TODO: Legacy code, consider refactoring time permitting.
|
mock.Ctx.SaveSession(userSession) //nolint:errcheck // TODO: Legacy code, consider refactoring time permitting.
|
||||||
|
@ -592,7 +592,7 @@ func TestShouldRedirectWhenSessionInactiveForTooLongAndRDParamProvided(t *testin
|
||||||
clock := mocks.TestingClock{}
|
clock := mocks.TestingClock{}
|
||||||
clock.Set(time.Now())
|
clock.Set(time.Now())
|
||||||
|
|
||||||
mock.Ctx.Configuration.Session.Inactivity = "10"
|
mock.Ctx.Configuration.Session.Inactivity = testInactivity
|
||||||
// Reload the session provider since the configuration is indirect.
|
// Reload the session provider since the configuration is indirect.
|
||||||
mock.Ctx.Providers.SessionProvider = session.NewProvider(mock.Ctx.Configuration.Session)
|
mock.Ctx.Providers.SessionProvider = session.NewProvider(mock.Ctx.Configuration.Session)
|
||||||
assert.Equal(t, time.Second*10, mock.Ctx.Providers.SessionProvider.Inactivity)
|
assert.Equal(t, time.Second*10, mock.Ctx.Providers.SessionProvider.Inactivity)
|
||||||
|
@ -600,7 +600,7 @@ func TestShouldRedirectWhenSessionInactiveForTooLongAndRDParamProvided(t *testin
|
||||||
past := clock.Now().Add(-1 * time.Hour)
|
past := clock.Now().Add(-1 * time.Hour)
|
||||||
|
|
||||||
userSession := mock.Ctx.GetSession()
|
userSession := mock.Ctx.GetSession()
|
||||||
userSession.Username = "john"
|
userSession.Username = testUsername
|
||||||
userSession.AuthenticationLevel = authentication.TwoFactor
|
userSession.AuthenticationLevel = authentication.TwoFactor
|
||||||
userSession.LastActivity = past.Unix()
|
userSession.LastActivity = past.Unix()
|
||||||
mock.Ctx.SaveSession(userSession) //nolint:errcheck // TODO: Legacy code, consider refactoring time permitting.
|
mock.Ctx.SaveSession(userSession) //nolint:errcheck // TODO: Legacy code, consider refactoring time permitting.
|
||||||
|
@ -626,12 +626,12 @@ func TestShouldUpdateInactivityTimestampEvenWhenHittingForbiddenResources(t *tes
|
||||||
clock := mocks.TestingClock{}
|
clock := mocks.TestingClock{}
|
||||||
clock.Set(time.Now())
|
clock.Set(time.Now())
|
||||||
|
|
||||||
mock.Ctx.Configuration.Session.Inactivity = "10"
|
mock.Ctx.Configuration.Session.Inactivity = testInactivity
|
||||||
|
|
||||||
past := clock.Now().Add(-1 * time.Hour)
|
past := clock.Now().Add(-1 * time.Hour)
|
||||||
|
|
||||||
userSession := mock.Ctx.GetSession()
|
userSession := mock.Ctx.GetSession()
|
||||||
userSession.Username = "john"
|
userSession.Username = testUsername
|
||||||
userSession.AuthenticationLevel = authentication.TwoFactor
|
userSession.AuthenticationLevel = authentication.TwoFactor
|
||||||
userSession.LastActivity = past.Unix()
|
userSession.LastActivity = past.Unix()
|
||||||
mock.Ctx.SaveSession(userSession) //nolint:errcheck // TODO: Legacy code, consider refactoring time permitting.
|
mock.Ctx.SaveSession(userSession) //nolint:errcheck // TODO: Legacy code, consider refactoring time permitting.
|
||||||
|
@ -653,7 +653,7 @@ func TestShouldURLEncodeRedirectionURLParameter(t *testing.T) {
|
||||||
defer mock.Close()
|
defer mock.Close()
|
||||||
|
|
||||||
userSession := mock.Ctx.GetSession()
|
userSession := mock.Ctx.GetSession()
|
||||||
userSession.Username = "john"
|
userSession.Username = testUsername
|
||||||
userSession.AuthenticationLevel = authentication.NotAuthenticated
|
userSession.AuthenticationLevel = authentication.NotAuthenticated
|
||||||
mock.Ctx.SaveSession(userSession) //nolint:errcheck // TODO: Legacy code, consider refactoring time permitting.
|
mock.Ctx.SaveSession(userSession) //nolint:errcheck // TODO: Legacy code, consider refactoring time permitting.
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,5 @@
|
||||||
package middlewares
|
package middlewares
|
||||||
|
|
||||||
// JWTIssuer is.
|
|
||||||
const jwtIssuer = "Authelia"
|
const jwtIssuer = "Authelia"
|
||||||
|
|
||||||
const xForwardedProtoHeader = "X-Forwarded-Proto"
|
const xForwardedProtoHeader = "X-Forwarded-Proto"
|
||||||
|
|
|
@ -15,6 +15,8 @@ import (
|
||||||
"github.com/authelia/authelia/internal/session"
|
"github.com/authelia/authelia/internal/session"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
const testJWTSecret = "abc"
|
||||||
|
|
||||||
func newArgs(retriever func(ctx *middlewares.AutheliaCtx) (*session.Identity, error)) middlewares.IdentityVerificationStartArgs {
|
func newArgs(retriever func(ctx *middlewares.AutheliaCtx) (*session.Identity, error)) middlewares.IdentityVerificationStartArgs {
|
||||||
return middlewares.IdentityVerificationStartArgs{
|
return middlewares.IdentityVerificationStartArgs{
|
||||||
ActionClaim: "Claim",
|
ActionClaim: "Claim",
|
||||||
|
@ -50,7 +52,7 @@ func TestShouldFailIfJWTCannotBeSaved(t *testing.T) {
|
||||||
mock := mocks.NewMockAutheliaCtx(t)
|
mock := mocks.NewMockAutheliaCtx(t)
|
||||||
defer mock.Close()
|
defer mock.Close()
|
||||||
|
|
||||||
mock.Ctx.Configuration.JWTSecret = "abc"
|
mock.Ctx.Configuration.JWTSecret = testJWTSecret
|
||||||
|
|
||||||
mock.StorageProviderMock.EXPECT().
|
mock.StorageProviderMock.EXPECT().
|
||||||
SaveIdentityVerificationToken(gomock.Any()).
|
SaveIdentityVerificationToken(gomock.Any()).
|
||||||
|
@ -67,7 +69,7 @@ func TestShouldFailSendingAnEmail(t *testing.T) {
|
||||||
mock := mocks.NewMockAutheliaCtx(t)
|
mock := mocks.NewMockAutheliaCtx(t)
|
||||||
defer mock.Close()
|
defer mock.Close()
|
||||||
|
|
||||||
mock.Ctx.Configuration.JWTSecret = "abc"
|
mock.Ctx.Configuration.JWTSecret = testJWTSecret
|
||||||
mock.Ctx.Request.Header.Add("X-Forwarded-Proto", "http")
|
mock.Ctx.Request.Header.Add("X-Forwarded-Proto", "http")
|
||||||
mock.Ctx.Request.Header.Add("X-Forwarded-Host", "host")
|
mock.Ctx.Request.Header.Add("X-Forwarded-Host", "host")
|
||||||
|
|
||||||
|
@ -90,7 +92,7 @@ func TestShouldFailWhenXForwardedProtoHeaderIsMissing(t *testing.T) {
|
||||||
mock := mocks.NewMockAutheliaCtx(t)
|
mock := mocks.NewMockAutheliaCtx(t)
|
||||||
defer mock.Close()
|
defer mock.Close()
|
||||||
|
|
||||||
mock.Ctx.Configuration.JWTSecret = "abc"
|
mock.Ctx.Configuration.JWTSecret = testJWTSecret
|
||||||
mock.Ctx.Request.Header.Add("X-Forwarded-Host", "host")
|
mock.Ctx.Request.Header.Add("X-Forwarded-Host", "host")
|
||||||
|
|
||||||
mock.StorageProviderMock.EXPECT().
|
mock.StorageProviderMock.EXPECT().
|
||||||
|
@ -108,7 +110,7 @@ func TestShouldFailWhenXForwardedHostHeaderIsMissing(t *testing.T) {
|
||||||
mock := mocks.NewMockAutheliaCtx(t)
|
mock := mocks.NewMockAutheliaCtx(t)
|
||||||
defer mock.Close()
|
defer mock.Close()
|
||||||
|
|
||||||
mock.Ctx.Configuration.JWTSecret = "abc"
|
mock.Ctx.Configuration.JWTSecret = testJWTSecret
|
||||||
mock.Ctx.Request.Header.Add("X-Forwarded-Proto", "http")
|
mock.Ctx.Request.Header.Add("X-Forwarded-Proto", "http")
|
||||||
|
|
||||||
mock.StorageProviderMock.EXPECT().
|
mock.StorageProviderMock.EXPECT().
|
||||||
|
@ -126,7 +128,7 @@ func TestShouldSucceedIdentityVerificationStartProcess(t *testing.T) {
|
||||||
mock := mocks.NewMockAutheliaCtx(t)
|
mock := mocks.NewMockAutheliaCtx(t)
|
||||||
defer mock.Close()
|
defer mock.Close()
|
||||||
|
|
||||||
mock.Ctx.Configuration.JWTSecret = "abc"
|
mock.Ctx.Configuration.JWTSecret = testJWTSecret
|
||||||
mock.Ctx.Request.Header.Add("X-Forwarded-Proto", "http")
|
mock.Ctx.Request.Header.Add("X-Forwarded-Proto", "http")
|
||||||
mock.Ctx.Request.Header.Add("X-Forwarded-Host", "host")
|
mock.Ctx.Request.Header.Add("X-Forwarded-Host", "host")
|
||||||
|
|
||||||
|
@ -154,7 +156,7 @@ type IdentityVerificationFinishProcess struct {
|
||||||
func (s *IdentityVerificationFinishProcess) SetupTest() {
|
func (s *IdentityVerificationFinishProcess) SetupTest() {
|
||||||
s.mock = mocks.NewMockAutheliaCtx(s.T())
|
s.mock = mocks.NewMockAutheliaCtx(s.T())
|
||||||
|
|
||||||
s.mock.Ctx.Configuration.JWTSecret = "abc"
|
s.mock.Ctx.Configuration.JWTSecret = testJWTSecret
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *IdentityVerificationFinishProcess) TearDownTest() {
|
func (s *IdentityVerificationFinishProcess) TearDownTest() {
|
||||||
|
|
|
@ -1,3 +1,8 @@
|
||||||
package session
|
package session
|
||||||
|
|
||||||
const userSessionStorerKey = "UserSession"
|
const userSessionStorerKey = "UserSession"
|
||||||
|
|
||||||
|
const testDomain = "example.com"
|
||||||
|
const testExpiration = "40"
|
||||||
|
const testName = "my_session"
|
||||||
|
const testUsername = "john"
|
||||||
|
|
|
@ -18,13 +18,13 @@ import (
|
||||||
func TestShouldCreateInMemorySessionProvider(t *testing.T) {
|
func TestShouldCreateInMemorySessionProvider(t *testing.T) {
|
||||||
// The redis configuration is not provided so we create a in-memory provider.
|
// The redis configuration is not provided so we create a in-memory provider.
|
||||||
configuration := schema.SessionConfiguration{}
|
configuration := schema.SessionConfiguration{}
|
||||||
configuration.Domain = "example.com"
|
configuration.Domain = testDomain
|
||||||
configuration.Name = "my_session"
|
configuration.Name = testName
|
||||||
configuration.Expiration = "40"
|
configuration.Expiration = testExpiration
|
||||||
providerConfig := NewProviderConfig(configuration)
|
providerConfig := NewProviderConfig(configuration)
|
||||||
|
|
||||||
assert.Equal(t, "my_session", providerConfig.config.CookieName)
|
assert.Equal(t, "my_session", providerConfig.config.CookieName)
|
||||||
assert.Equal(t, "example.com", providerConfig.config.Domain)
|
assert.Equal(t, testDomain, providerConfig.config.Domain)
|
||||||
assert.Equal(t, true, providerConfig.config.Secure)
|
assert.Equal(t, true, providerConfig.config.Secure)
|
||||||
assert.Equal(t, time.Duration(40)*time.Second, providerConfig.config.Expires)
|
assert.Equal(t, time.Duration(40)*time.Second, providerConfig.config.Expires)
|
||||||
assert.True(t, providerConfig.config.IsSecureFunc(nil))
|
assert.True(t, providerConfig.config.IsSecureFunc(nil))
|
||||||
|
@ -36,9 +36,9 @@ func TestShouldCreateInMemorySessionProvider(t *testing.T) {
|
||||||
func TestShouldCreateRedisSessionProvider(t *testing.T) {
|
func TestShouldCreateRedisSessionProvider(t *testing.T) {
|
||||||
// The redis configuration is not provided so we create a in-memory provider.
|
// The redis configuration is not provided so we create a in-memory provider.
|
||||||
configuration := schema.SessionConfiguration{}
|
configuration := schema.SessionConfiguration{}
|
||||||
configuration.Domain = "example.com"
|
configuration.Domain = testDomain
|
||||||
configuration.Name = "my_session"
|
configuration.Name = testName
|
||||||
configuration.Expiration = "40"
|
configuration.Expiration = testExpiration
|
||||||
configuration.Redis = &schema.RedisSessionConfiguration{
|
configuration.Redis = &schema.RedisSessionConfiguration{
|
||||||
Host: "redis.example.com",
|
Host: "redis.example.com",
|
||||||
Port: 6379,
|
Port: 6379,
|
||||||
|
@ -47,7 +47,7 @@ func TestShouldCreateRedisSessionProvider(t *testing.T) {
|
||||||
providerConfig := NewProviderConfig(configuration)
|
providerConfig := NewProviderConfig(configuration)
|
||||||
|
|
||||||
assert.Equal(t, "my_session", providerConfig.config.CookieName)
|
assert.Equal(t, "my_session", providerConfig.config.CookieName)
|
||||||
assert.Equal(t, "example.com", providerConfig.config.Domain)
|
assert.Equal(t, testDomain, providerConfig.config.Domain)
|
||||||
assert.Equal(t, true, providerConfig.config.Secure)
|
assert.Equal(t, true, providerConfig.config.Secure)
|
||||||
assert.Equal(t, time.Duration(40)*time.Second, providerConfig.config.Expires)
|
assert.Equal(t, time.Duration(40)*time.Second, providerConfig.config.Expires)
|
||||||
assert.True(t, providerConfig.config.IsSecureFunc(nil))
|
assert.True(t, providerConfig.config.IsSecureFunc(nil))
|
||||||
|
@ -65,9 +65,9 @@ func TestShouldCreateRedisSessionProvider(t *testing.T) {
|
||||||
|
|
||||||
func TestShouldSetDbNumber(t *testing.T) {
|
func TestShouldSetDbNumber(t *testing.T) {
|
||||||
configuration := schema.SessionConfiguration{}
|
configuration := schema.SessionConfiguration{}
|
||||||
configuration.Domain = "example.com"
|
configuration.Domain = testDomain
|
||||||
configuration.Name = "my_session"
|
configuration.Name = testName
|
||||||
configuration.Expiration = "40"
|
configuration.Expiration = testExpiration
|
||||||
configuration.Redis = &schema.RedisSessionConfiguration{
|
configuration.Redis = &schema.RedisSessionConfiguration{
|
||||||
Host: "redis.example.com",
|
Host: "redis.example.com",
|
||||||
Port: 6379,
|
Port: 6379,
|
||||||
|
|
|
@ -14,9 +14,9 @@ import (
|
||||||
func TestShouldInitializerSession(t *testing.T) {
|
func TestShouldInitializerSession(t *testing.T) {
|
||||||
ctx := &fasthttp.RequestCtx{}
|
ctx := &fasthttp.RequestCtx{}
|
||||||
configuration := schema.SessionConfiguration{}
|
configuration := schema.SessionConfiguration{}
|
||||||
configuration.Domain = "example.com"
|
configuration.Domain = testDomain
|
||||||
configuration.Name = "my_session"
|
configuration.Name = testName
|
||||||
configuration.Expiration = "40"
|
configuration.Expiration = testExpiration
|
||||||
|
|
||||||
provider := NewProvider(configuration)
|
provider := NewProvider(configuration)
|
||||||
session, err := provider.GetSession(ctx)
|
session, err := provider.GetSession(ctx)
|
||||||
|
@ -28,14 +28,14 @@ func TestShouldInitializerSession(t *testing.T) {
|
||||||
func TestShouldUpdateSession(t *testing.T) {
|
func TestShouldUpdateSession(t *testing.T) {
|
||||||
ctx := &fasthttp.RequestCtx{}
|
ctx := &fasthttp.RequestCtx{}
|
||||||
configuration := schema.SessionConfiguration{}
|
configuration := schema.SessionConfiguration{}
|
||||||
configuration.Domain = "example.com"
|
configuration.Domain = testDomain
|
||||||
configuration.Name = "my_session"
|
configuration.Name = testName
|
||||||
configuration.Expiration = "40"
|
configuration.Expiration = testExpiration
|
||||||
|
|
||||||
provider := NewProvider(configuration)
|
provider := NewProvider(configuration)
|
||||||
session, _ := provider.GetSession(ctx)
|
session, _ := provider.GetSession(ctx)
|
||||||
|
|
||||||
session.Username = "john"
|
session.Username = testUsername
|
||||||
session.AuthenticationLevel = authentication.TwoFactor
|
session.AuthenticationLevel = authentication.TwoFactor
|
||||||
|
|
||||||
err := provider.SaveSession(ctx, session)
|
err := provider.SaveSession(ctx, session)
|
||||||
|
@ -45,7 +45,7 @@ func TestShouldUpdateSession(t *testing.T) {
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
assert.Equal(t, UserSession{
|
assert.Equal(t, UserSession{
|
||||||
Username: "john",
|
Username: testUsername,
|
||||||
AuthenticationLevel: authentication.TwoFactor,
|
AuthenticationLevel: authentication.TwoFactor,
|
||||||
}, session)
|
}, session)
|
||||||
}
|
}
|
||||||
|
@ -53,15 +53,15 @@ func TestShouldUpdateSession(t *testing.T) {
|
||||||
func TestShouldDestroySessionAndWipeSessionData(t *testing.T) {
|
func TestShouldDestroySessionAndWipeSessionData(t *testing.T) {
|
||||||
ctx := &fasthttp.RequestCtx{}
|
ctx := &fasthttp.RequestCtx{}
|
||||||
configuration := schema.SessionConfiguration{}
|
configuration := schema.SessionConfiguration{}
|
||||||
configuration.Domain = "example.com"
|
configuration.Domain = testDomain
|
||||||
configuration.Name = "my_session"
|
configuration.Name = testName
|
||||||
configuration.Expiration = "40"
|
configuration.Expiration = testExpiration
|
||||||
|
|
||||||
provider := NewProvider(configuration)
|
provider := NewProvider(configuration)
|
||||||
session, err := provider.GetSession(ctx)
|
session, err := provider.GetSession(ctx)
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
session.Username = "john"
|
session.Username = testUsername
|
||||||
session.AuthenticationLevel = authentication.TwoFactor
|
session.AuthenticationLevel = authentication.TwoFactor
|
||||||
|
|
||||||
err = provider.SaveSession(ctx, session)
|
err = provider.SaveSession(ctx, session)
|
||||||
|
@ -69,7 +69,7 @@ func TestShouldDestroySessionAndWipeSessionData(t *testing.T) {
|
||||||
|
|
||||||
newUserSession, err := provider.GetSession(ctx)
|
newUserSession, err := provider.GetSession(ctx)
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
assert.Equal(t, "john", newUserSession.Username)
|
assert.Equal(t, testUsername, newUserSession.Username)
|
||||||
assert.Equal(t, authentication.TwoFactor, newUserSession.AuthenticationLevel)
|
assert.Equal(t, authentication.TwoFactor, newUserSession.AuthenticationLevel)
|
||||||
|
|
||||||
err = provider.DestroySession(ctx)
|
err = provider.DestroySession(ctx)
|
||||||
|
|
|
@ -40,3 +40,8 @@ var DuoBaseURL = "https://duo.example.com"
|
||||||
|
|
||||||
// AutheliaBaseURL the base URL of Authelia service.
|
// AutheliaBaseURL the base URL of Authelia service.
|
||||||
var AutheliaBaseURL = "https://authelia.example.com:9091"
|
var AutheliaBaseURL = "https://authelia.example.com:9091"
|
||||||
|
|
||||||
|
const stringTrue = "true"
|
||||||
|
|
||||||
|
const testUsername = "john"
|
||||||
|
const testPassword = "password"
|
|
@ -18,7 +18,7 @@ type DockerEnvironment struct {
|
||||||
|
|
||||||
// NewDockerEnvironment create a new docker environment.
|
// NewDockerEnvironment create a new docker environment.
|
||||||
func NewDockerEnvironment(files []string) *DockerEnvironment {
|
func NewDockerEnvironment(files []string) *DockerEnvironment {
|
||||||
if os.Getenv("CI") == "true" {
|
if os.Getenv("CI") == stringTrue {
|
||||||
for i := range files {
|
for i := range files {
|
||||||
files[i] = strings.ReplaceAll(files[i], "{}", "dist")
|
files[i] = strings.ReplaceAll(files[i], "{}", "dist")
|
||||||
}
|
}
|
||||||
|
|
|
@ -63,7 +63,7 @@ func waitUntilAutheliaIsReady(dockerEnvironment *DockerEnvironment) error {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
if os.Getenv("CI") != "true" {
|
if os.Getenv("CI") != stringTrue {
|
||||||
if err := waitUntilAutheliaFrontendIsReady(dockerEnvironment); err != nil {
|
if err := waitUntilAutheliaFrontendIsReady(dockerEnvironment); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
|
@ -51,8 +51,8 @@ func (s *TwoFactorSuite) TestShouldAuthorizeSecretAfterTwoFactor() {
|
||||||
ctx, cancel := context.WithTimeout(context.Background(), 15*time.Second)
|
ctx, cancel := context.WithTimeout(context.Background(), 15*time.Second)
|
||||||
defer cancel()
|
defer cancel()
|
||||||
|
|
||||||
username := "john"
|
username := testUsername
|
||||||
password := "password"
|
password := testPassword
|
||||||
|
|
||||||
// Login one factor
|
// Login one factor
|
||||||
s.doLoginOneFactor(ctx, s.T(), username, password, false, "")
|
s.doLoginOneFactor(ctx, s.T(), username, password, false, "")
|
||||||
|
@ -68,7 +68,7 @@ func (s *TwoFactorSuite) TestShouldAuthorizeSecretAfterTwoFactor() {
|
||||||
|
|
||||||
// Login again with 1FA & 2FA
|
// Login again with 1FA & 2FA
|
||||||
targetURL := fmt.Sprintf("%s/secret.html", AdminBaseURL)
|
targetURL := fmt.Sprintf("%s/secret.html", AdminBaseURL)
|
||||||
s.doLoginTwoFactor(ctx, s.T(), "john", "password", false, secret, targetURL)
|
s.doLoginTwoFactor(ctx, s.T(), testUsername, testPassword, false, secret, targetURL)
|
||||||
|
|
||||||
// And check if the user is redirected to the secret.
|
// And check if the user is redirected to the secret.
|
||||||
s.verifySecretAuthorized(ctx, s.T())
|
s.verifySecretAuthorized(ctx, s.T())
|
||||||
|
@ -87,10 +87,10 @@ func (s *TwoFactorSuite) TestShouldFailTwoFactor() {
|
||||||
defer cancel()
|
defer cancel()
|
||||||
|
|
||||||
// Register TOTP secret and logout.
|
// Register TOTP secret and logout.
|
||||||
s.doRegisterThenLogout(ctx, s.T(), "john", "password")
|
s.doRegisterThenLogout(ctx, s.T(), testUsername, testPassword)
|
||||||
|
|
||||||
wrongPasscode := "123456"
|
wrongPasscode := "123456"
|
||||||
s.doLoginOneFactor(ctx, s.T(), "john", "password", false, "")
|
s.doLoginOneFactor(ctx, s.T(), testUsername, testPassword, false, "")
|
||||||
s.verifyIsSecondFactorPage(ctx, s.T())
|
s.verifyIsSecondFactorPage(ctx, s.T())
|
||||||
s.doEnterOTP(ctx, s.T(), wrongPasscode)
|
s.doEnterOTP(ctx, s.T(), wrongPasscode)
|
||||||
|
|
||||||
|
|
|
@ -44,7 +44,7 @@ func init() {
|
||||||
}
|
}
|
||||||
|
|
||||||
log.Debug("Building authelia:dist image or use cache if already built...")
|
log.Debug("Building authelia:dist image or use cache if already built...")
|
||||||
if os.Getenv("CI") != "true" {
|
if os.Getenv("CI") != stringTrue {
|
||||||
if err := utils.Shell("authelia-scripts docker build").Run(); err != nil {
|
if err := utils.Shell("authelia-scripts docker build").Run(); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
|
@ -24,3 +24,5 @@ const Year = Day * 365
|
||||||
|
|
||||||
// Month is an int based representation of the time unit.
|
// Month is an int based representation of the time unit.
|
||||||
const Month = Year / 12
|
const Month = Year / 12
|
||||||
|
|
||||||
|
const testStringInput = "abcdefghijkl"
|
||||||
|
|
|
@ -7,7 +7,7 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestShouldSplitIntoEvenStringsOfFour(t *testing.T) {
|
func TestShouldSplitIntoEvenStringsOfFour(t *testing.T) {
|
||||||
input := "abcdefghijkl"
|
input := testStringInput
|
||||||
arrayOfStrings := SliceString(input, 4)
|
arrayOfStrings := SliceString(input, 4)
|
||||||
assert.Equal(t, len(arrayOfStrings), 3)
|
assert.Equal(t, len(arrayOfStrings), 3)
|
||||||
assert.Equal(t, "abcd", arrayOfStrings[0])
|
assert.Equal(t, "abcd", arrayOfStrings[0])
|
||||||
|
@ -16,7 +16,7 @@ func TestShouldSplitIntoEvenStringsOfFour(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestShouldSplitIntoEvenStringsOfOne(t *testing.T) {
|
func TestShouldSplitIntoEvenStringsOfOne(t *testing.T) {
|
||||||
input := "abcdefghijkl"
|
input := testStringInput
|
||||||
arrayOfStrings := SliceString(input, 1)
|
arrayOfStrings := SliceString(input, 1)
|
||||||
assert.Equal(t, 12, len(arrayOfStrings))
|
assert.Equal(t, 12, len(arrayOfStrings))
|
||||||
assert.Equal(t, "a", arrayOfStrings[0])
|
assert.Equal(t, "a", arrayOfStrings[0])
|
||||||
|
@ -27,7 +27,7 @@ func TestShouldSplitIntoEvenStringsOfOne(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestShouldSplitIntoUnevenStringsOfFour(t *testing.T) {
|
func TestShouldSplitIntoUnevenStringsOfFour(t *testing.T) {
|
||||||
input := "abcdefghijklm"
|
input := testStringInput + "m"
|
||||||
arrayOfStrings := SliceString(input, 4)
|
arrayOfStrings := SliceString(input, 4)
|
||||||
assert.Equal(t, len(arrayOfStrings), 4)
|
assert.Equal(t, len(arrayOfStrings), 4)
|
||||||
assert.Equal(t, "abcd", arrayOfStrings[0])
|
assert.Equal(t, "abcd", arrayOfStrings[0])
|
||||||
|
|
Loading…
Reference in New Issue