refactor(configuration): ensure all keys are validated (#3208)

This ensures keys that exist in slices are validated.

internal/configuration/koanf_util.go

@@ -0,0 +1,36 @@
+package configuration
+
+import (
+	"fmt"
+
+	"github.com/knadh/koanf"
+
+	"github.com/authelia/authelia/v4/internal/utils"
+)
+
+func getAllKoanfKeys(ko *koanf.Koanf) (keys []string) {
+	keys = ko.Keys()
+
+	for key, value := range ko.All() {
+		slc, ok := value.([]interface{})
+		if !ok {
+			continue
+		}
+
+		for _, item := range slc {
+			m, mok := item.(map[string]interface{})
+			if !mok {
+				continue
+			}
+
+			for k := range m {
+				full := fmt.Sprintf("%s[].%s", key, k)
+				if !utils.IsStringInSlice(full, keys) {
+					keys = append(keys, full)
+				}
+			}
+		}
+	}
+
+	return keys
+}

internal/configuration/provider.go

@@ -36,7 +36,7 @@ func LoadAdvanced(val *schema.StructValidator, path string, result interface{},
 
 	unmarshal(ko, val, path, result)
 
-	return ko.Keys(), nil
+	return getAllKoanfKeys(ko), nil
 }
 
 func unmarshal(ko *koanf.Koanf, val *schema.StructValidator, path string, o interface{}) {

internal/suites/OIDC/configuration.yml

@@ -91,7 +91,7 @@ identity_providers:
     clients:
       - id: oidc-tester-app
         secret: foobar
-        policy: two_factor
+        authorization_policy: two_factor
         redirect_uris:
           - https://oidc.example.com:8080/oauth2/callback
       # This client is used for testing purpose. As of now, the app must be protected by ACLs

internal/suites/OIDCTraefik/configuration.yml

@@ -93,7 +93,7 @@ identity_providers:
     clients:
       - id: oidc-tester-app
         secret: foobar
-        policy: two_factor
+        authorization_policy: two_factor
         redirect_uris:
           - https://oidc.example.com:8080/oauth2/callback
       # This client is used for testing purpose. As of now, the app must be protected by ACLs