RPJosh
/
authelia
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Rename authentication method from 'basic_auth' to 'single_factor'

pull/175/head
Clement Michaud 2017-10-19 00:33:02 +02:00
parent 563e2da323
commit cd0a93f027
8 changed files with 20 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -192,7 +192,7 @@ Check out [config.template.yml] to see how they are defined.
### Basic Authentication ### Basic Authentication
Authelia allows you to customize the authentication method to use for each sub-domain. Authelia allows you to customize the authentication method to use for each sub-domain.
The supported methods are either "basic_auth" and "two_factor". The supported methods are either "single_factor" and "two_factor".
Please see [config.template.yml] to see an example of configuration. Please see [config.template.yml] to see an example of configuration.
### Session management with Redis ### Session management with Redis

4
config.template.yml
View File

@ -63,7 +63,7 @@ ldap:
# Authentication methods # Authentication methods
# #
# Authentication methods can be defined per subdomain. # Authentication methods can be defined per subdomain.
# There are currently two available methods: "basic_auth" and "two_factor" # There are currently two available methods: "single_factor" and "two_factor"
# #
# Note: by default a domain uses "two_factor" method. # Note: by default a domain uses "two_factor" method.
# #
@ -74,7 +74,7 @@ ldap:
authentication_methods: authentication_methods:
default_method: two_factor default_method: two_factor
per_subdomain_methods: per_subdomain_methods:
basicauth.test.local: basic_auth basicauth.test.local: single_factor
# Access Control # Access Control
# #

2
server/src/lib/configuration/Configuration.d.ts vendored
View File

@ -113,7 +113,7 @@ export interface RegulationConfiguration {
ban_time: number; ban_time: number;
} }
declare type AuthenticationMethod = 'two_factor' | 'basic_auth'; declare type AuthenticationMethod = 'two_factor' | 'single_factor';
declare type AuthenticationMethodPerSubdomain = { [subdomain: string]: AuthenticationMethod } declare type AuthenticationMethodPerSubdomain = { [subdomain: string]: AuthenticationMethod }
export interface AuthenticationMethodsConfiguration { export interface AuthenticationMethodsConfiguration {

2
server/src/lib/routes/firstfactor/post.ts
View File

@ -70,7 +70,7 @@ export default function (vars: ServerVariables) {
vars.logger.debug(req, "Mark successful authentication to regulator."); vars.logger.debug(req, "Mark successful authentication to regulator.");
vars.regulator.mark(username, true); vars.regulator.mark(username, true);
if (authMethod == "basic_auth") { if (authMethod == "single_factor") {
res.send({ res.send({
redirect: redirectUrl redirect: redirectUrl
}); });

10
server/test/AuthenticationMethodCalculator.test.ts
View File

@ -9,23 +9,23 @@ describe("test authentication method calculator", function() {
per_subdomain_methods: {} per_subdomain_methods: {}
}; };
const options2: AuthenticationMethodsConfiguration = { const options2: AuthenticationMethodsConfiguration = {
default_method: "basic_auth", default_method: "single_factor",
per_subdomain_methods: {} per_subdomain_methods: {}
}; };
const calculator1 = new AuthenticationMethodCalculator(options1); const calculator1 = new AuthenticationMethodCalculator(options1);
const calculator2 = new AuthenticationMethodCalculator(options2); const calculator2 = new AuthenticationMethodCalculator(options2);
Assert.equal(calculator1.compute("www.example.com"), "two_factor"); Assert.equal(calculator1.compute("www.example.com"), "two_factor");
Assert.equal(calculator2.compute("www.example.com"), "basic_auth"); Assert.equal(calculator2.compute("www.example.com"), "single_factor");
}); });
it("should return overridden method when sub domain method is defined", function() { it("should return overridden method when sub domain method is defined", function() {
const options1: AuthenticationMethodsConfiguration = { const options1: AuthenticationMethodsConfiguration = {
default_method: "two_factor", default_method: "two_factor",
per_subdomain_methods: { per_subdomain_methods: {
"www.example.com": "basic_auth" "www.example.com": "single_factor"
} }
}; };
const calculator1 = new AuthenticationMethodCalculator(options1); const calculator1 = new AuthenticationMethodCalculator(options1);
Assert.equal(calculator1.compute("www.example.com"), "basic_auth"); Assert.equal(calculator1.compute("www.example.com"), "single_factor");
}); });
}); });

14
server/test/configuration/adapters/AuthenticationMethodsAdapter.test.ts
View File

@ -18,7 +18,7 @@ describe("test authentication methods configuration adapter", function () {
it("should adapt a configuration when default_method is not defined", function () { it("should adapt a configuration when default_method is not defined", function () {
const userConfiguration: any = { const userConfiguration: any = {
per_subdomain_methods: { per_subdomain_methods: {
"example.com": "basic_auth" "example.com": "single_factor"
} }
}; };
@ -26,34 +26,34 @@ describe("test authentication methods configuration adapter", function () {
Assert.deepStrictEqual(appConfiguration, { Assert.deepStrictEqual(appConfiguration, {
default_method: "two_factor", default_method: "two_factor",
per_subdomain_methods: { per_subdomain_methods: {
"example.com": "basic_auth" "example.com": "single_factor"
} }
}); });
}); });
it("should adapt a configuration when per_subdomain_methods is not defined", function () { it("should adapt a configuration when per_subdomain_methods is not defined", function () {
const userConfiguration: any = { const userConfiguration: any = {
default_method: "basic_auth" default_method: "single_factor"
}; };
const appConfiguration = AuthenticationMethodsAdapter.adapt(userConfiguration); const appConfiguration = AuthenticationMethodsAdapter.adapt(userConfiguration);
Assert.deepStrictEqual(appConfiguration, { Assert.deepStrictEqual(appConfiguration, {
default_method: "basic_auth", default_method: "single_factor",
per_subdomain_methods: {} per_subdomain_methods: {}
}); });
}); });
it("should adapt a configuration when per_subdomain_methods has wrong type", function () { it("should adapt a configuration when per_subdomain_methods has wrong type", function () {
const userConfiguration: any = { const userConfiguration: any = {
default_method: "basic_auth", default_method: "single_factor",
per_subdomain_methods: [] per_subdomain_methods: []
}; };
const appConfiguration = AuthenticationMethodsAdapter.adapt(userConfiguration); const appConfiguration = AuthenticationMethodsAdapter.adapt(userConfiguration);
Assert.deepStrictEqual(appConfiguration, { Assert.deepStrictEqual(appConfiguration, {
default_method: "basic_auth", default_method: "single_factor",
per_subdomain_methods: {} per_subdomain_methods: {}
}); });
}); });
}); });
}); });

2
server/test/routes/verify/get.test.ts
View File

@ -162,7 +162,7 @@ describe("test /verify endpoint", function () {
}; };
req.headers["host"] = "redirect.url"; req.headers["host"] = "redirect.url";
mocks.config.authentication_methods.per_subdomain_methods = { mocks.config.authentication_methods.per_subdomain_methods = {
"redirect.url": "basic_auth" "redirect.url": "single_factor"
}; };
}); });

4
test/features/basic-auth.feature → test/features/single-factor.feature
View File

@ -1,4 +1,4 @@
Feature: User can access certain subdomains with basic auth Feature: User can access certain subdomains with single factor
@need-registered-user-john @need-registered-user-john
Scenario: User is redirected to service after first factor if allowed Scenario: User is redirected to service after first factor if allowed
@ -7,7 +7,7 @@ Feature: User can access certain subdomains with basic auth
Then I'm redirected to "https://basicauth.test.local:8080/secret.html" Then I'm redirected to "https://basicauth.test.local:8080/secret.html"
@need-registered-user-john @need-registered-user-john
Scenario: Redirection after first factor fails if basic_auth not allowed. It redirects user to first factor. Scenario: Redirection after first factor fails if single_factor not allowed. It redirects user to first factor.
When I visit "https://auth.test.local:8080/?redirect=https%3A%2F%2Fadmin.test.local%3A8080%2Fsecret.html" When I visit "https://auth.test.local:8080/?redirect=https%3A%2F%2Fadmin.test.local%3A8080%2Fsecret.html"
And I login with user "john" and password "password" And I login with user "john" and password "password"
Then I'm redirected to "https://auth.test.local:8080/?redirect=https%3A%2F%2Fadmin.test.local%3A8080%2Fsecret.html" Then I'm redirected to "https://auth.test.local:8080/?redirect=https%3A%2F%2Fadmin.test.local%3A8080%2Fsecret.html"