From e56690c2df075c02e8cee1853a0261da681494c8 Mon Sep 17 00:00:00 2001 From: James Elliott Date: Sat, 16 Apr 2022 20:48:07 +1000 Subject: [PATCH] refactor(configuration): ensure all keys are validated (#3208) This ensures keys that exist in slices are validated. --- internal/configuration/koanf_util.go | 36 +++++++++++++++++++ internal/configuration/provider.go | 2 +- internal/suites/OIDC/configuration.yml | 2 +- internal/suites/OIDCTraefik/configuration.yml | 2 +- 4 files changed, 39 insertions(+), 3 deletions(-) create mode 100644 internal/configuration/koanf_util.go diff --git a/internal/configuration/koanf_util.go b/internal/configuration/koanf_util.go new file mode 100644 index 000000000..d9e816f0e --- /dev/null +++ b/internal/configuration/koanf_util.go @@ -0,0 +1,36 @@ +package configuration + +import ( + "fmt" + + "github.com/knadh/koanf" + + "github.com/authelia/authelia/v4/internal/utils" +) + +func getAllKoanfKeys(ko *koanf.Koanf) (keys []string) { + keys = ko.Keys() + + for key, value := range ko.All() { + slc, ok := value.([]interface{}) + if !ok { + continue + } + + for _, item := range slc { + m, mok := item.(map[string]interface{}) + if !mok { + continue + } + + for k := range m { + full := fmt.Sprintf("%s[].%s", key, k) + if !utils.IsStringInSlice(full, keys) { + keys = append(keys, full) + } + } + } + } + + return keys +} diff --git a/internal/configuration/provider.go b/internal/configuration/provider.go index 7ea0c5281..529329fd7 100644 --- a/internal/configuration/provider.go +++ b/internal/configuration/provider.go @@ -36,7 +36,7 @@ func LoadAdvanced(val *schema.StructValidator, path string, result interface{}, unmarshal(ko, val, path, result) - return ko.Keys(), nil + return getAllKoanfKeys(ko), nil } func unmarshal(ko *koanf.Koanf, val *schema.StructValidator, path string, o interface{}) { diff --git a/internal/suites/OIDC/configuration.yml b/internal/suites/OIDC/configuration.yml index a68a82a65..b4d137b17 100644 --- a/internal/suites/OIDC/configuration.yml +++ b/internal/suites/OIDC/configuration.yml @@ -91,7 +91,7 @@ identity_providers: clients: - id: oidc-tester-app secret: foobar - policy: two_factor + authorization_policy: two_factor redirect_uris: - https://oidc.example.com:8080/oauth2/callback # This client is used for testing purpose. As of now, the app must be protected by ACLs diff --git a/internal/suites/OIDCTraefik/configuration.yml b/internal/suites/OIDCTraefik/configuration.yml index 11fb3e73d..b26f0c36d 100644 --- a/internal/suites/OIDCTraefik/configuration.yml +++ b/internal/suites/OIDCTraefik/configuration.yml @@ -93,7 +93,7 @@ identity_providers: clients: - id: oidc-tester-app secret: foobar - policy: two_factor + authorization_policy: two_factor redirect_uris: - https://oidc.example.com:8080/oauth2/callback # This client is used for testing purpose. As of now, the app must be protected by ACLs