Rename authentication method from 'basic_auth' to 'single_factor'
parent
563e2da323
commit
cd0a93f027
|
@ -192,7 +192,7 @@ Check out [config.template.yml] to see how they are defined.
|
|||
|
||||
### Basic Authentication
|
||||
Authelia allows you to customize the authentication method to use for each sub-domain.
|
||||
The supported methods are either "basic_auth" and "two_factor".
|
||||
The supported methods are either "single_factor" and "two_factor".
|
||||
Please see [config.template.yml] to see an example of configuration.
|
||||
|
||||
### Session management with Redis
|
||||
|
|
|
@ -63,7 +63,7 @@ ldap:
|
|||
# Authentication methods
|
||||
#
|
||||
# Authentication methods can be defined per subdomain.
|
||||
# There are currently two available methods: "basic_auth" and "two_factor"
|
||||
# There are currently two available methods: "single_factor" and "two_factor"
|
||||
#
|
||||
# Note: by default a domain uses "two_factor" method.
|
||||
#
|
||||
|
@ -74,7 +74,7 @@ ldap:
|
|||
authentication_methods:
|
||||
default_method: two_factor
|
||||
per_subdomain_methods:
|
||||
basicauth.test.local: basic_auth
|
||||
basicauth.test.local: single_factor
|
||||
|
||||
# Access Control
|
||||
#
|
||||
|
|
|
@ -113,7 +113,7 @@ export interface RegulationConfiguration {
|
|||
ban_time: number;
|
||||
}
|
||||
|
||||
declare type AuthenticationMethod = 'two_factor' | 'basic_auth';
|
||||
declare type AuthenticationMethod = 'two_factor' | 'single_factor';
|
||||
declare type AuthenticationMethodPerSubdomain = { [subdomain: string]: AuthenticationMethod }
|
||||
|
||||
export interface AuthenticationMethodsConfiguration {
|
||||
|
|
|
@ -70,7 +70,7 @@ export default function (vars: ServerVariables) {
|
|||
vars.logger.debug(req, "Mark successful authentication to regulator.");
|
||||
vars.regulator.mark(username, true);
|
||||
|
||||
if (authMethod == "basic_auth") {
|
||||
if (authMethod == "single_factor") {
|
||||
res.send({
|
||||
redirect: redirectUrl
|
||||
});
|
||||
|
|
|
@ -9,23 +9,23 @@ describe("test authentication method calculator", function() {
|
|||
per_subdomain_methods: {}
|
||||
};
|
||||
const options2: AuthenticationMethodsConfiguration = {
|
||||
default_method: "basic_auth",
|
||||
default_method: "single_factor",
|
||||
per_subdomain_methods: {}
|
||||
};
|
||||
const calculator1 = new AuthenticationMethodCalculator(options1);
|
||||
const calculator2 = new AuthenticationMethodCalculator(options2);
|
||||
Assert.equal(calculator1.compute("www.example.com"), "two_factor");
|
||||
Assert.equal(calculator2.compute("www.example.com"), "basic_auth");
|
||||
Assert.equal(calculator2.compute("www.example.com"), "single_factor");
|
||||
});
|
||||
|
||||
it("should return overridden method when sub domain method is defined", function() {
|
||||
const options1: AuthenticationMethodsConfiguration = {
|
||||
default_method: "two_factor",
|
||||
per_subdomain_methods: {
|
||||
"www.example.com": "basic_auth"
|
||||
"www.example.com": "single_factor"
|
||||
}
|
||||
};
|
||||
const calculator1 = new AuthenticationMethodCalculator(options1);
|
||||
Assert.equal(calculator1.compute("www.example.com"), "basic_auth");
|
||||
Assert.equal(calculator1.compute("www.example.com"), "single_factor");
|
||||
});
|
||||
});
|
|
@ -18,7 +18,7 @@ describe("test authentication methods configuration adapter", function () {
|
|||
it("should adapt a configuration when default_method is not defined", function () {
|
||||
const userConfiguration: any = {
|
||||
per_subdomain_methods: {
|
||||
"example.com": "basic_auth"
|
||||
"example.com": "single_factor"
|
||||
}
|
||||
};
|
||||
|
||||
|
@ -26,32 +26,32 @@ describe("test authentication methods configuration adapter", function () {
|
|||
Assert.deepStrictEqual(appConfiguration, {
|
||||
default_method: "two_factor",
|
||||
per_subdomain_methods: {
|
||||
"example.com": "basic_auth"
|
||||
"example.com": "single_factor"
|
||||
}
|
||||
});
|
||||
});
|
||||
|
||||
it("should adapt a configuration when per_subdomain_methods is not defined", function () {
|
||||
const userConfiguration: any = {
|
||||
default_method: "basic_auth"
|
||||
default_method: "single_factor"
|
||||
};
|
||||
|
||||
const appConfiguration = AuthenticationMethodsAdapter.adapt(userConfiguration);
|
||||
Assert.deepStrictEqual(appConfiguration, {
|
||||
default_method: "basic_auth",
|
||||
default_method: "single_factor",
|
||||
per_subdomain_methods: {}
|
||||
});
|
||||
});
|
||||
|
||||
it("should adapt a configuration when per_subdomain_methods has wrong type", function () {
|
||||
const userConfiguration: any = {
|
||||
default_method: "basic_auth",
|
||||
default_method: "single_factor",
|
||||
per_subdomain_methods: []
|
||||
};
|
||||
|
||||
const appConfiguration = AuthenticationMethodsAdapter.adapt(userConfiguration);
|
||||
Assert.deepStrictEqual(appConfiguration, {
|
||||
default_method: "basic_auth",
|
||||
default_method: "single_factor",
|
||||
per_subdomain_methods: {}
|
||||
});
|
||||
});
|
||||
|
|
|
@ -162,7 +162,7 @@ describe("test /verify endpoint", function () {
|
|||
};
|
||||
req.headers["host"] = "redirect.url";
|
||||
mocks.config.authentication_methods.per_subdomain_methods = {
|
||||
"redirect.url": "basic_auth"
|
||||
"redirect.url": "single_factor"
|
||||
};
|
||||
});
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
Feature: User can access certain subdomains with basic auth
|
||||
Feature: User can access certain subdomains with single factor
|
||||
|
||||
@need-registered-user-john
|
||||
Scenario: User is redirected to service after first factor if allowed
|
||||
|
@ -7,7 +7,7 @@ Feature: User can access certain subdomains with basic auth
|
|||
Then I'm redirected to "https://basicauth.test.local:8080/secret.html"
|
||||
|
||||
@need-registered-user-john
|
||||
Scenario: Redirection after first factor fails if basic_auth not allowed. It redirects user to first factor.
|
||||
Scenario: Redirection after first factor fails if single_factor not allowed. It redirects user to first factor.
|
||||
When I visit "https://auth.test.local:8080/?redirect=https%3A%2F%2Fadmin.test.local%3A8080%2Fsecret.html"
|
||||
And I login with user "john" and password "password"
|
||||
Then I'm redirected to "https://auth.test.local:8080/?redirect=https%3A%2F%2Fadmin.test.local%3A8080%2Fsecret.html"
|
Loading…
Reference in New Issue