revert: 2fa skip

2022-12-30 23:20:26 +11:00 · 2022-12-30 23:20:26 +11:00 · f2ee86472d
parent 0e2770e72d
commit f2ee86472d
4 changed files with 0 additions and 95 deletions
--- a/internal/handlers/handler_register_webauthn.go
+++ b/internal/handlers/handler_register_webauthn.go
@ -17,9 +17,6 @@ import (
 // WebauthnIdentityStart the handler for initiating the identity validation.
 var WebauthnIdentityStart = middlewares.IdentityVerificationStart(
 	middlewares.IdentityVerificationStartArgs{
 		IdentityVerificationCommonArgs: middlewares.IdentityVerificationCommonArgs{
 			SkipIfAuthLevelTwoFactor: true,
 		},
 		MailTitle:             "Register your key",
 		MailButtonContent:     "Register",
 		TargetEndpoint:        "/webauthn/register",
@ -30,9 +27,6 @@ var WebauthnIdentityStart = middlewares.IdentityVerificationStart(
 // WebauthnIdentityFinish the handler for finishing the identity validation.
 var WebauthnIdentityFinish = middlewares.IdentityVerificationFinish(
 	middlewares.IdentityVerificationFinishArgs{
 		IdentityVerificationCommonArgs: middlewares.IdentityVerificationCommonArgs{
 			SkipIfAuthLevelTwoFactor: true,
 		},
 		ActionClaim:          ActionWebauthnRegistration,
 		IsTokenUserValidFunc: isTokenUserValidFor2FARegistration,
 	}, SecondFactorWebauthnAttestationGET)
--- a/internal/middlewares/identity_verification.go
+++ b/internal/middlewares/identity_verification.go
@ -10,16 +10,10 @@ import (
 	"github.com/golang-jwt/jwt/v4"
 	"github.com/google/uuid"
 	"github.com/authelia/authelia/v4/internal/authentication"
 	"github.com/authelia/authelia/v4/internal/model"
 	"github.com/authelia/authelia/v4/internal/templates"
 )
 // Return true if skip enabled at TwoFactor auth level and user's auth level is 2FA, false otherwise.
 func shouldSkipIdentityVerification(args IdentityVerificationCommonArgs, ctx *AutheliaCtx) bool {
 	return args.SkipIfAuthLevelTwoFactor && ctx.GetSession().AuthenticationLevel >= authentication.TwoFactor
 }
 // IdentityVerificationStart the handler for initiating the identity validation process.
 func IdentityVerificationStart(args IdentityVerificationStartArgs, delayFunc TimingAttackDelayFunc) RequestHandler {
 	if args.IdentityRetrieverFunc == nil {
@ -27,11 +21,6 @@ func IdentityVerificationStart(args IdentityVerificationStartArgs, delayFunc Tim
 	}
 	return func(ctx *AutheliaCtx) {
 		if shouldSkipIdentityVerification(args.IdentityVerificationCommonArgs, ctx) {
 			ctx.ReplyOK()
 			return
 		}
 		requestTime := time.Now()
 		success := false
@ -155,11 +144,6 @@ func identityVerificationValidateToken(ctx *AutheliaCtx) (*jwt.Token, error) {
 // IdentityVerificationFinish the middleware for finishing the identity validation process.
 func IdentityVerificationFinish(args IdentityVerificationFinishArgs, next func(ctx *AutheliaCtx, username string)) RequestHandler {
 	return func(ctx *AutheliaCtx) {
 		if shouldSkipIdentityVerification(args.IdentityVerificationCommonArgs, ctx) {
 			next(ctx, "")
 			return
 		}
 		token, err := identityVerificationValidateToken(ctx)
 		if token == nil || err != nil {
 			return
--- a/internal/middlewares/identity_verification_test.go
+++ b/internal/middlewares/identity_verification_test.go
@ -12,7 +12,6 @@ import (
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/suite"
 	"github.com/authelia/authelia/v4/internal/authentication"
 	"github.com/authelia/authelia/v4/internal/middlewares"
 	"github.com/authelia/authelia/v4/internal/mocks"
 	"github.com/authelia/authelia/v4/internal/model"
@ -38,38 +37,6 @@ func defaultRetriever(ctx *middlewares.AutheliaCtx) (*session.Identity, error) {
 	}, nil
 }
 func TestShouldSkipStartIdentityVerificationIf2FASkipEnabled(t *testing.T) {
 	testCases := []bool{true, false}
 	for _, testCaseSkipEnabled := range testCases {
 		t.Run(fmt.Sprintf("SkipIfAuthLevelTwoFactor=%t", testCaseSkipEnabled), func(t *testing.T) {
 			mock := mocks.NewMockAutheliaCtx(t)
 			defer mock.Close()
 			mock.Ctx.Request.Header.Add("X-Forwarded-Proto", "http")
 			mock.Ctx.Request.Header.Add("X-Forwarded-Host", "host")
 			if testCaseSkipEnabled == false {
 				mock.StorageMock.EXPECT().
 					SaveIdentityVerification(mock.Ctx, gomock.Any()).
 					Return(nil)
 				mock.NotifierMock.EXPECT().
 					Send(gomock.Eq(mail.Address{Address: "john@example.com"}), gomock.Eq("Title"), gomock.Any(), gomock.Any()).
 					Return(nil)
 			}
 			userSession := mock.Ctx.GetSession()
 			userSession.AuthenticationLevel = authentication.TwoFactor
 			assert.NoError(t, mock.Ctx.SaveSession(userSession))
 			args := newArgs(defaultRetriever)
 			args.IdentityVerificationCommonArgs.SkipIfAuthLevelTwoFactor = testCaseSkipEnabled
 			middlewares.IdentityVerificationStart(args, nil)(mock.Ctx)
 			assert.Equal(t, 200, mock.Ctx.Response.StatusCode())
 		})
 	}
 }
 func TestShouldFailStartingProcessIfUserHasNoEmailAddress(t *testing.T) {
 	mock := mocks.NewMockAutheliaCtx(t)
 	defer mock.Close()
@ -307,36 +274,6 @@ func (s *IdentityVerificationFinishProcess) TestShouldReturn200OnFinishComplete(
 	assert.Equal(s.T(), 200, s.mock.Ctx.Response.StatusCode())
 }
 func (s *IdentityVerificationFinishProcess) TestShouldSkipIf2FASkipEnabled() {
 	testCases := []bool{true, false}
 	for _, testCaseSkipEnabled := range testCases {
 		s.Run(fmt.Sprintf("SkipIfAuthLevelTwoFactor=%t", testCaseSkipEnabled), func() {
 			token, verification := createToken(s.mock, "john", "EXP_ACTION",
 				time.Now().Add(1*time.Minute))
 			s.mock.Ctx.Request.SetBodyString(fmt.Sprintf("{\"token\":\"%s\"}", token))
 			if testCaseSkipEnabled == false {
 				s.mock.StorageMock.EXPECT().
 					FindIdentityVerification(s.mock.Ctx, gomock.Eq(verification.JTI.String())).
 					Return(true, nil)
 				s.mock.StorageMock.EXPECT().
 					ConsumeIdentityVerification(s.mock.Ctx, gomock.Eq(verification.JTI.String()), gomock.Eq(model.NewNullIP(s.mock.Ctx.RemoteIP()))).
 					Return(nil)
 			}
 			userSession := s.mock.Ctx.GetSession()
 			userSession.AuthenticationLevel = authentication.TwoFactor
 			assert.NoError(s.T(), s.mock.Ctx.SaveSession(userSession))
 			args := newFinishArgs()
 			args.IdentityVerificationCommonArgs.SkipIfAuthLevelTwoFactor = testCaseSkipEnabled
 			middlewares.IdentityVerificationFinish(args, next)(s.mock.Ctx)
 			assert.Equal(s.T(), 200, s.mock.Ctx.Response.StatusCode())
 		})
 	}
 }
 func TestRunIdentityVerificationFinish(t *testing.T) {
 	s := new(IdentityVerificationFinishProcess)
 	suite.Run(t, s)
--- a/internal/middlewares/types.go
+++ b/internal/middlewares/types.go
@ -70,17 +70,9 @@ type BridgeBuilder struct {
 // Basic represents a middleware applied to a fasthttp.RequestHandler.
 type Basic func(next fasthttp.RequestHandler) (handler fasthttp.RequestHandler)
 // IdentityVerificationCommonArgs contains shared options for both verification start and finish steps.
 type IdentityVerificationCommonArgs struct {
 	// If true, skip identity verification if the user's AuthenticationLevel is TwoFactor. Otherwise, always perform identity verification.
 	SkipIfAuthLevelTwoFactor bool
 }
 // IdentityVerificationStartArgs represent the arguments used to customize the starting phase
 // of the identity verification process.
 type IdentityVerificationStartArgs struct {
 	IdentityVerificationCommonArgs
 	// Email template needs a subject, a title and the content of the button.
 	MailTitle         string
 	MailButtonContent string
@ -102,8 +94,6 @@ type IdentityVerificationStartArgs struct {
 // IdentityVerificationFinishArgs represent the arguments used to customize the finishing phase
 // of the identity verification process.
 type IdentityVerificationFinishArgs struct {
 	IdentityVerificationCommonArgs
 	// The action claim that should be in the token to consider the action legitimate.
 	ActionClaim string