Compare commits
19 Commits
docs-jsons
...
master
Author | SHA1 | Date |
---|---|---|
Jonas Letzbor | dd673e0e82 | |
Jonas Letzbor | e9a383be0c | |
Jonas Letzbor | c13e0e12ea | |
renovate[bot] | 2128969afc | |
renovate[bot] | bb1e853b9f | |
renovate[bot] | 0a92f13f15 | |
renovate[bot] | 6af53a66dd | |
renovate[bot] | fb68177b23 | |
renovate[bot] | 035070414b | |
renovate[bot] | 2671151cae | |
renovate[bot] | 41e9c51245 | |
renovate[bot] | 360b672387 | |
renovate[bot] | 0f9a8994c2 | |
renovate[bot] | 231c34ae08 | |
renovate[bot] | 977d490d5e | |
renovate[bot] | 38723ec5c4 | |
James Elliott | 4c328e237d | |
renovate[bot] | aca740fdb7 | |
renovate[bot] | 0f5fae8646 |
|
@ -7,3 +7,4 @@
|
|||
!entrypoint.sh
|
||||
!healthcheck.sh
|
||||
!.healthcheck.env
|
||||
!dist/public_html/
|
|
@ -0,0 +1,95 @@
|
|||
# Ausführen
|
||||
|
||||
Um die Anwendung lokal auszuführen, können die folgenden Befehle verwendet werden.
|
||||
|
||||
```
|
||||
export GOPATH=/tmp
|
||||
source bootstrap.sh
|
||||
authelia-scripts suites setup Standalone
|
||||
```
|
||||
|
||||
Nun sollte der "Haupt-Enpunkt" unter `https://home.example.com:8080` und die API unter `https://authelia.example.com:9091` erreichbar sein. Achtung: es wird ein selbstsigniertes Zertifikat verwendet!
|
||||
Mithilfe der Hot-Reload kann jetzt gecoded werden.
|
||||
|
||||
---
|
||||
|
||||
Nach der Entwicklung kann die Testumgebung durch den folgenden Befehl wieder zurückgesetzt werden.
|
||||
|
||||
```
|
||||
go run ./cmd/authelia-scripts/ suites teardown Standalone
|
||||
```
|
||||
|
||||
## Benutzerdefinierte Zertifikate
|
||||
|
||||
Um ein benutzerdefiniertes Zertifikat für die Ausführung zu verwenden, muss die Datai `public.backend.crt` und `private.bakend.pem` unter [diesem](/internal/suites/common/pki/) Verzeichnis abgeändert werden.
|
||||
Um die Gültigkeit zu testen, kann der folgendende Befehl ausgeführt werden.
|
||||
|
||||
```
|
||||
curl https://auth.rpjosh.de:9091 --connect-to 'auth.rpjosh.de:9091:authelia.example.com:9091'
|
||||
```
|
||||
|
||||
## Externe erreichbarkeit
|
||||
|
||||
Im aktuellen Zustand sind die Endpunkte nur unter den Docker internen IP-Adressen erreichbar. Daher muss noch ein NAT Regel angelegt werden.
|
||||
|
||||
```
|
||||
ip=$(ping -c 1 authelia.example.com | gawk -F'[()]' '/PING/{print $2}')
|
||||
sudo iptables -t nat -A PREROUTING -p tcp --dport 9091 -d 192.168.0.15 -j DNAT --to-destination 192.168.240.50:9091 -m comment --comment "Authelia-Test"
|
||||
sudo iptables -t nat -A PREROUTING -p tcp --dport 9092 -d 192.168.0.15 -j DNAT --to-destination 192.168.240.50:9092 -m comment --comment "Authelia-Test"
|
||||
sudo iptables -t nat -I OUTPUT -p tcp -o lo --dport 9091 -j DNAT --to-destination 192.168.240.50:9091
|
||||
```
|
||||
|
||||
# Customizations
|
||||
|
||||
Für das Starten des *gRPC* Servers müssen die folgenden Abhängigkeiten installiert werden.
|
||||
|
||||
```
|
||||
go get github.com/envoyproxy/go-control-plane
|
||||
go get github.com/envoyproxy/go-control-plane/envoy/config/core/v3
|
||||
go get github.com/gogo/googleapis/google/rpc
|
||||
go get google.golang.org/grpc
|
||||
```
|
||||
|
||||
## Konfiguration ändern
|
||||
|
||||
Wenn die Konfiguration geändert wurde, müssen die Keys zur Validierung wieder erneut gebaut werden.
|
||||
|
||||
```
|
||||
go run ./cmd/authelia-gen code keys
|
||||
```
|
||||
|
||||
## Mocks abgeändert
|
||||
|
||||
Wenn interfaces von den Mocks geändert werden, muss folgendes wieder ausgeführt werden:
|
||||
|
||||
```
|
||||
export PATH=$PATH:$(go env GOPATH)/bin
|
||||
go generate ./...
|
||||
```
|
||||
|
||||
## Bauen
|
||||
|
||||
Um ein Docker Image für authelia zu bauen, müssen die folgenden Befehle ausgeführt werden.
|
||||
|
||||
```sh
|
||||
# Dieser Befehle funktionieren aktuell nicht
|
||||
authelia-scripts docker build
|
||||
authelia-scripts build
|
||||
|
||||
# => Manuell bauen
|
||||
export CC=musl-gcc
|
||||
|
||||
authelia-scripts build
|
||||
cp -r dist/public_html internal/server/
|
||||
go build -buildmode=pie -ldflags "-linkmode=external -s -w" -trimpath -buildmode=pie -o authelia ./cmd/authelia
|
||||
mv authelia authelia-linux-amd64-musl
|
||||
# Build docker image
|
||||
docker build --tag git.rpjosh.de/rpjosh/authelia/authelia:4.38.0-dev .
|
||||
docker push git.rpjosh.de/rpjosh/authelia/authelia:4.38.0-dev
|
||||
# Cleanup
|
||||
rm -rf internal/server/public_html/ ./authelia-linux-amd64-musl
|
||||
```
|
||||
|
||||
# gRCP
|
||||
|
||||
Um einen gRCP Endpunkt nutzen zu können, brauch mein eine *.proto* Datei. Für Envoy sieht diese wie in [dieser Datei](/ext-auth.proto) folgendermaßen aus.
|
|
@ -13,7 +13,7 @@ func newDocsCmd() *cobra.Command {
|
|||
DisableAutoGenTag: true,
|
||||
}
|
||||
|
||||
cmd.AddCommand(newDocsCLICmd(), newDocsDataCmd(), newDocsDateCmd(), newDocsJSONSchemaCmd())
|
||||
cmd.AddCommand(newDocsCLICmd(), newDocsDataCmd(), newDocsDateCmd())
|
||||
|
||||
return cmd
|
||||
}
|
||||
|
|
|
@ -51,12 +51,25 @@ func docsDataMiscRunE(cmd *cobra.Command, args []string) (err error) {
|
|||
data.CSP.TemplateDefault = strings.ReplaceAll(data.CSP.TemplateDefault, "%s", codeCSPNonce)
|
||||
data.CSP.TemplateDevelopment = strings.ReplaceAll(data.CSP.TemplateDevelopment, "%s", codeCSPNonce)
|
||||
|
||||
version, err := readVersion(cmd)
|
||||
if err != nil {
|
||||
var (
|
||||
pathPackageJSON string
|
||||
dataPackageJSON []byte
|
||||
packageJSON PackageJSON
|
||||
)
|
||||
|
||||
if pathPackageJSON, err = getPFlagPath(cmd.Flags(), cmdFlagRoot, cmdFlagWeb, cmdFlagFileWebPackage); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
data.Latest = version.String()
|
||||
if dataPackageJSON, err = os.ReadFile(pathPackageJSON); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if err = json.Unmarshal(dataPackageJSON, &packageJSON); err != nil {
|
||||
return fmt.Errorf("failed to unmarshall package.json: %w", err)
|
||||
}
|
||||
|
||||
data.Latest = packageJSON.Version
|
||||
|
||||
var (
|
||||
outputPath string
|
||||
|
|
|
@ -1,260 +0,0 @@
|
|||
package main
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"reflect"
|
||||
"runtime"
|
||||
"strings"
|
||||
|
||||
"github.com/authelia/jsonschema"
|
||||
"github.com/spf13/cobra"
|
||||
|
||||
"github.com/authelia/authelia/v4/internal/authentication"
|
||||
"github.com/authelia/authelia/v4/internal/configuration/schema"
|
||||
"github.com/authelia/authelia/v4/internal/model"
|
||||
)
|
||||
|
||||
func newDocsJSONSchemaCmd() *cobra.Command {
|
||||
cmd := &cobra.Command{
|
||||
Use: "json-schema",
|
||||
Short: "Generate docs JSON schema",
|
||||
RunE: rootSubCommandsRunE,
|
||||
|
||||
DisableAutoGenTag: true,
|
||||
}
|
||||
|
||||
cmd.AddCommand(newDocsJSONSchemaConfigurationCmd(), newDocsJSONSchemaUserDatabaseCmd())
|
||||
|
||||
return cmd
|
||||
}
|
||||
|
||||
func newDocsJSONSchemaConfigurationCmd() *cobra.Command {
|
||||
cmd := &cobra.Command{
|
||||
Use: "configuration",
|
||||
Short: "Generate docs JSON schema for the configuration",
|
||||
RunE: docsJSONSchemaConfigurationRunE,
|
||||
|
||||
DisableAutoGenTag: true,
|
||||
}
|
||||
|
||||
return cmd
|
||||
}
|
||||
|
||||
func newDocsJSONSchemaUserDatabaseCmd() *cobra.Command {
|
||||
cmd := &cobra.Command{
|
||||
Use: "user-database",
|
||||
Short: "Generate docs JSON schema for the user database",
|
||||
RunE: docsJSONSchemaUserDatabaseRunE,
|
||||
|
||||
DisableAutoGenTag: true,
|
||||
}
|
||||
|
||||
return cmd
|
||||
}
|
||||
|
||||
func docsJSONSchemaConfigurationRunE(cmd *cobra.Command, args []string) (err error) {
|
||||
var version *model.SemanticVersion
|
||||
|
||||
if version, err = readVersion(cmd); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
var (
|
||||
dir, file, schemaDir string
|
||||
)
|
||||
|
||||
if schemaDir, err = getPFlagPath(cmd.Flags(), cmdFlagRoot, cmdFlagDirSchema); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if dir, file, err = getJSONSchemaOutputPath(cmd, cmdFlagDocsStaticJSONSchemaConfiguration); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return docsJSONSchemaGenerateRunE(cmd, args, version, false, schemaDir, "https://schemas.authelia.com/%s/json-schema/configuration.json", &schema.Configuration{}, dir, file)
|
||||
}
|
||||
|
||||
func docsJSONSchemaUserDatabaseRunE(cmd *cobra.Command, args []string) (err error) {
|
||||
var version *model.SemanticVersion
|
||||
|
||||
if version, err = readVersion(cmd); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
var (
|
||||
dir, file, schemaDir string
|
||||
)
|
||||
|
||||
if schemaDir, err = getPFlagPath(cmd.Flags(), cmdFlagRoot, cmdFlagDirAuthentication); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if dir, file, err = getJSONSchemaOutputPath(cmd, cmdFlagDocsStaticJSONSchemaUserDatabase); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return docsJSONSchemaGenerateRunE(cmd, args, version, false, schemaDir, "https://schemas.authelia.com/%s/json-schema/user-database.json", &authentication.FileUserDatabase{}, dir, file)
|
||||
}
|
||||
|
||||
func docsJSONSchemaGenerateRunE(cmd *cobra.Command, _ []string, version *model.SemanticVersion, patch bool, schemaDir, id string, v any, dir, file string) (err error) {
|
||||
r := &jsonschema.Reflector{
|
||||
RequiredFromJSONSchemaTags: true,
|
||||
Mapper: mapper,
|
||||
}
|
||||
|
||||
if runtime.GOOS == windows {
|
||||
mapComments := map[string]string{}
|
||||
|
||||
if err = jsonschema.ExtractGoComments(goModuleBase, schemaDir, mapComments); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if r.CommentMap == nil {
|
||||
r.CommentMap = map[string]string{}
|
||||
}
|
||||
|
||||
for key, comment := range mapComments {
|
||||
r.CommentMap[strings.ReplaceAll(key, `\`, `/`)] = comment
|
||||
}
|
||||
} else {
|
||||
if err = r.AddGoComments(goModuleBase, schemaDir); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
var (
|
||||
latest, next bool
|
||||
)
|
||||
|
||||
latest, _ = cmd.Flags().GetBool(cmdFlagLatest)
|
||||
next, _ = cmd.Flags().GetBool(cmdFlagNext)
|
||||
|
||||
var schemaVersion string
|
||||
|
||||
if patch {
|
||||
schemaVersion = fmt.Sprintf("v%d.%d.%d", version.Major, version.Minor, version.Patch)
|
||||
if next {
|
||||
schemaVersion = fmt.Sprintf("v%d.%d.%d", version.Major, version.Minor+1, 0)
|
||||
}
|
||||
} else {
|
||||
schemaVersion = fmt.Sprintf("v%d.%d", version.Major, version.Minor)
|
||||
if next {
|
||||
schemaVersion = fmt.Sprintf("v%d.%d", version.Major, version.Minor+1)
|
||||
}
|
||||
}
|
||||
|
||||
schema := r.Reflect(v)
|
||||
|
||||
schema.ID = jsonschema.ID(fmt.Sprintf(id, schemaVersion))
|
||||
|
||||
if err = writeJSONSchema(schema, dir, schemaVersion, file); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if latest {
|
||||
if err = writeJSONSchema(schema, dir, "latest", file); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func writeJSONSchema(schema *jsonschema.Schema, dir, version, file string) (err error) {
|
||||
var (
|
||||
data []byte
|
||||
f *os.File
|
||||
)
|
||||
|
||||
if data, err = json.MarshalIndent(schema, "", " "); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if _, err = os.Stat(filepath.Join(dir, version)); err != nil && os.IsNotExist(err) {
|
||||
if err = os.Mkdir(filepath.Join(dir, version), 0755); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
if f, err = os.Create(filepath.Join(dir, version, file)); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if _, err = f.Write(data); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return f.Close()
|
||||
}
|
||||
|
||||
func getJSONSchemaOutputPath(cmd *cobra.Command, flag string) (dir, file string, err error) {
|
||||
if dir, err = getPFlagPath(cmd.Flags(), cmdFlagRoot, cmdFlagDocs, cmdFlagDocsStatic, cmdFlagDocsStaticJSONSchemas); err != nil {
|
||||
return "", "", err
|
||||
}
|
||||
|
||||
if file, err = cmd.Flags().GetString(flag); err != nil {
|
||||
return "", "", err
|
||||
}
|
||||
|
||||
return dir, file, nil
|
||||
}
|
||||
|
||||
func mapper(t reflect.Type) *jsonschema.Schema {
|
||||
switch t.String() {
|
||||
case "regexp.Regexp", "*regexp.Regexp":
|
||||
return &jsonschema.Schema{
|
||||
Type: "string",
|
||||
Format: "regex",
|
||||
}
|
||||
case "time.Duration", "*time.Duration":
|
||||
return &jsonschema.Schema{
|
||||
OneOf: []*jsonschema.Schema{
|
||||
{
|
||||
Type: "string",
|
||||
Pattern: `^\d+\s*(y|M|w|d|h|m|s|ms|((year|month|week|day|hour|minute|second|millisecond)s?))(\s*\d+\s*(y|M|w|d|h|m|s|ms|((year|month|week|day|hour|minute|second|millisecond)s?)))*$`,
|
||||
Comments: "Example comment",
|
||||
},
|
||||
{
|
||||
Type: "integer",
|
||||
Description: "The duration in seconds",
|
||||
},
|
||||
},
|
||||
}
|
||||
case "schema.CryptographicKey":
|
||||
return &jsonschema.Schema{
|
||||
Type: "string",
|
||||
}
|
||||
case "schema.CryptographicPrivateKey":
|
||||
return &jsonschema.Schema{
|
||||
Type: "string",
|
||||
Pattern: `^-{5}(BEGIN ((RSA|EC) )?PRIVATE KEY-{5}\n([a-zA-Z0-9/+]{1,64}\n)+([a-zA-Z0-9/+]{1,64}[=]{0,2})\n-{5}END ((RSA|EC) )?PRIVATE KEY-{5}\n?)+$`,
|
||||
}
|
||||
case "rsa.PrivateKey", "*rsa.PrivateKey", "ecdsa.PrivateKey", "*.ecdsa.PrivateKey":
|
||||
return &jsonschema.Schema{
|
||||
Type: "string",
|
||||
}
|
||||
case "mail.Address", "*mail.Address":
|
||||
return &jsonschema.Schema{
|
||||
OneOf: []*jsonschema.Schema{
|
||||
{
|
||||
Type: "string",
|
||||
Pattern: `^[a-zA-Z0-9.!#$%&'*+/=?^_{|}~-]+@[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)*$`,
|
||||
},
|
||||
{
|
||||
Type: "string",
|
||||
Pattern: `^[^<]+ <[a-zA-Z0-9.!#$%&'*+/=?^_{|}~-]+@[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)*>$`,
|
||||
},
|
||||
},
|
||||
}
|
||||
case "schema.CSPTemplate":
|
||||
return &jsonschema.Schema{
|
||||
Type: "string",
|
||||
Default: buildCSP(codeCSPProductionDefaultSrc, codeCSPValuesCommon, codeCSPValuesProduction),
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
|
@ -32,8 +32,6 @@ func newRootCmd() *cobra.Command {
|
|||
cmd.PersistentFlags().String(cmdFlagBugReport, fileGitHubIssueTemplateBR, "Sets the path of the bug report issue template file")
|
||||
cmd.PersistentFlags().Int(cmdFlagVersions, 5, "the maximum number of minor versions to list in output templates")
|
||||
cmd.PersistentFlags().String(cmdFlagDirLocales, dirLocales, "The locales directory in relation to the root")
|
||||
cmd.PersistentFlags().String(cmdFlagDirSchema, "internal/configuration/schema", "The schema directory in relation to the root")
|
||||
cmd.PersistentFlags().String(cmdFlagDirAuthentication, "internal/authentication", "The authentication directory in relation to the root")
|
||||
cmd.PersistentFlags().String(cmdFlagFileWebI18N, fileWebI18NIndex, "The i18n typescript configuration file in relation to the web directory")
|
||||
cmd.PersistentFlags().String(cmdFlagFileWebPackage, fileWebPackage, "The node package configuration file in relation to the web directory")
|
||||
cmd.PersistentFlags().String(cmdFlagDocsDataLanguages, fileDocsDataLanguages, "The languages docs data file in relation to the docs data folder")
|
||||
|
@ -41,21 +39,16 @@ func newRootCmd() *cobra.Command {
|
|||
cmd.PersistentFlags().String(cmdFlagDocsCLIReference, dirDocsCLIReference, "The directory to store the markdown in")
|
||||
cmd.PersistentFlags().String(cmdFlagDocs, dirDocs, "The directory with the docs")
|
||||
cmd.PersistentFlags().String(cmdFlagDocsContent, dirDocsContent, "The directory with the docs content")
|
||||
cmd.PersistentFlags().String(cmdFlagDocsStatic, dirDocsStatic, "The directory with the docs static files")
|
||||
cmd.PersistentFlags().String(cmdFlagDocsStaticJSONSchemas, dirDocsStaticJSONSchemas, "The directory with the docs static JSONSchema files")
|
||||
cmd.PersistentFlags().String(cmdFlagDocsData, dirDocsData, "The directory with the docs data")
|
||||
cmd.PersistentFlags().String(cmdFlagFileConfigKeys, fileCodeConfigKeys, "Sets the path of the keys file")
|
||||
cmd.PersistentFlags().String(cmdFlagDocsDataKeys, fileDocsDataConfigKeys, "Sets the path of the docs keys file")
|
||||
cmd.PersistentFlags().String(cmdFlagPackageConfigKeys, pkgConfigSchema, "Sets the package name of the keys file")
|
||||
cmd.PersistentFlags().String(cmdFlagFileScriptsGen, fileScriptsGen, "Sets the path of the authelia-scripts gen file")
|
||||
cmd.PersistentFlags().String(cmdFlagDocsStaticJSONSchemaConfiguration, fileDocsStaticJSONSchemasConfiguration, "Sets the path of the configuration JSONSchema")
|
||||
cmd.PersistentFlags().String(cmdFlagDocsStaticJSONSchemaUserDatabase, fileDocsStaticJSONSchemasUserDatabase, "Sets the path of the user database JSONSchema")
|
||||
cmd.PersistentFlags().String(cmdFlagFileServerGenerated, fileServerGenerated, "Sets the path of the server generated file")
|
||||
cmd.PersistentFlags().String(cmdFlagPackageScriptsGen, pkgScriptsGen, "Sets the package name of the authelia-scripts gen file")
|
||||
cmd.PersistentFlags().String(cmdFlagFileConfigCommitLint, fileCICommitLintConfig, "The commit lint javascript configuration file in relation to the root")
|
||||
cmd.PersistentFlags().String(cmdFlagFileDocsCommitMsgGuidelines, fileDocsCommitMessageGuidelines, "The commit message guidelines documentation file in relation to the root")
|
||||
cmd.PersistentFlags().Bool("latest", false, "Enables latest functionality with several generators like the JSON Schema generator")
|
||||
cmd.PersistentFlags().Bool("next", false, "Enables next functionality with several generators like the JSON Schema generator")
|
||||
|
||||
cmd.AddCommand(newCodeCmd(), newDocsCmd(), newGitHubCmd(), newLocalesCmd(), newCommitLintCmd())
|
||||
|
||||
return cmd
|
||||
|
|
|
@ -90,7 +90,7 @@ func TestSortCmds(t *testing.T) {
|
|||
{
|
||||
"ShouldSortDocsCmd",
|
||||
newDocsCmd(),
|
||||
[]string{"cli", "data", "json-schema", "date"},
|
||||
[]string{"cli", "data", "date"},
|
||||
},
|
||||
{
|
||||
"ShouldSortGitHubCmd",
|
||||
|
|
|
@ -20,8 +20,6 @@ const (
|
|||
|
||||
dirDocs = "docs"
|
||||
dirDocsContent = "content"
|
||||
dirDocsStatic = "static"
|
||||
dirDocsStaticJSONSchemas = "schemas"
|
||||
dirDocsData = "data"
|
||||
dirDocsCLIReference = "en/reference/cli"
|
||||
|
||||
|
@ -29,9 +27,6 @@ const (
|
|||
fileDocsDataMisc = "misc.json"
|
||||
fileDocsDataConfigKeys = "configkeys.json"
|
||||
|
||||
fileDocsStaticJSONSchemasConfiguration = "configuration.json"
|
||||
fileDocsStaticJSONSchemasUserDatabase = "user-database.json"
|
||||
|
||||
fileGitHubIssueTemplateFR = ".github/ISSUE_TEMPLATE/feature-request.yml"
|
||||
fileGitHubIssueTemplateBR = ".github/ISSUE_TEMPLATE/bug-report.yml"
|
||||
)
|
||||
|
@ -80,18 +75,12 @@ const (
|
|||
cmdFlagFileWebPackage = "file.web.package"
|
||||
cmdFlagDocs = "dir.docs"
|
||||
cmdFlagDirLocales = "dir.locales"
|
||||
cmdFlagDirSchema = "dir.schema"
|
||||
cmdFlagDirAuthentication = "dir.authentication"
|
||||
cmdFlagDocsCLIReference = "dir.docs.cli-reference"
|
||||
cmdFlagDocsContent = "dir.docs.content"
|
||||
cmdFlagDocsStatic = "dir.docs.static"
|
||||
cmdFlagDocsStaticJSONSchemas = "dir.docs.static.json-schemas"
|
||||
cmdFlagDocsData = "dir.docs.data"
|
||||
cmdFlagDocsDataMisc = "file.docs.data.misc"
|
||||
cmdFlagDocsDataKeys = "file.docs.data.keys"
|
||||
cmdFlagDocsDataLanguages = "file.docs.data.languages"
|
||||
cmdFlagDocsStaticJSONSchemaConfiguration = "file.docs.static.json-schemas.configuration"
|
||||
cmdFlagDocsStaticJSONSchemaUserDatabase = "file.docs.static.json-schemas.user-database"
|
||||
cmdFlagFileConfigKeys = "file.configuration-keys"
|
||||
cmdFlagFileScriptsGen = "file.scripts.gen"
|
||||
cmdFlagFileServerGenerated = "file.server.generated"
|
||||
|
@ -99,8 +88,6 @@ const (
|
|||
cmdFlagFileDocsCommitMsgGuidelines = "file.docs-commit-msg-guidelines"
|
||||
cmdFlagFeatureRequest = "file.feature-request"
|
||||
cmdFlagBugReport = "file.bug-report"
|
||||
cmdFlagLatest = "latest"
|
||||
cmdFlagNext = "next"
|
||||
|
||||
cmdFlagExclude = "exclude"
|
||||
cmdFlagVersions = "versions"
|
||||
|
@ -115,14 +102,6 @@ const (
|
|||
codeCSPNonce = "${NONCE}"
|
||||
)
|
||||
|
||||
const (
|
||||
goModuleBase = "github.com/authelia/authelia/v4"
|
||||
)
|
||||
|
||||
const (
|
||||
windows = "windows"
|
||||
)
|
||||
|
||||
var (
|
||||
codeCSPValuesCommon = []CSPValue{
|
||||
{Name: "default-src", Value: ""},
|
||||
|
|
|
@ -3,22 +3,18 @@ package main
|
|||
import (
|
||||
"crypto/ecdsa"
|
||||
"crypto/rsa"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"net/mail"
|
||||
"net/url"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"reflect"
|
||||
"regexp"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/spf13/cobra"
|
||||
"github.com/spf13/pflag"
|
||||
|
||||
"github.com/authelia/authelia/v4/internal/configuration/schema"
|
||||
"github.com/authelia/authelia/v4/internal/model"
|
||||
)
|
||||
|
||||
func getPFlagPath(flags *pflag.FlagSet, flagNames ...string) (fullPath string, err error) {
|
||||
|
@ -90,28 +86,6 @@ func containsType(needle reflect.Type, haystack []reflect.Type) (contains bool)
|
|||
return false
|
||||
}
|
||||
|
||||
func readVersion(cmd *cobra.Command) (version *model.SemanticVersion, err error) {
|
||||
var (
|
||||
pathPackageJSON string
|
||||
dataPackageJSON []byte
|
||||
packageJSON PackageJSON
|
||||
)
|
||||
|
||||
if pathPackageJSON, err = getPFlagPath(cmd.Flags(), cmdFlagRoot, cmdFlagWeb, cmdFlagFileWebPackage); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if dataPackageJSON, err = os.ReadFile(pathPackageJSON); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if err = json.Unmarshal(dataPackageJSON, &packageJSON); err != nil {
|
||||
return nil, fmt.Errorf("failed to unmarshall package.json: %w", err)
|
||||
}
|
||||
|
||||
return model.NewSemanticVersion(packageJSON.Version)
|
||||
}
|
||||
|
||||
//nolint:gocyclo
|
||||
func readTags(prefix string, t reflect.Type, envSkip bool) (tags []string) {
|
||||
tags = make([]string, 0)
|
||||
|
|
|
@ -62,6 +62,10 @@ server:
|
|||
## This is disabled by default if either /app/.healthcheck.env or /app/healthcheck.sh do not exist.
|
||||
disable_healthcheck: false
|
||||
|
||||
## If a request over the insecure http protocol is received from authelias gRPC endpoint (only for envoy),
|
||||
## the request is by default redirected to the matching https URL (301)
|
||||
disable_autho_https_redirect: false
|
||||
|
||||
## Authelia by default doesn't accept TLS communication on the server port. This section overrides this behaviour.
|
||||
tls:
|
||||
## The path to the DER base64/PEM format private key.
|
||||
|
@ -73,6 +77,17 @@ server:
|
|||
## The list of certificates for client authentication.
|
||||
client_certificates: []
|
||||
|
||||
## Enable the support for gRPC ext authentication for envoy. If TLS is enabled in the above section,
|
||||
## the defined certificates will also be used for the gRPC endpoint
|
||||
grpc:
|
||||
address: 'tcp://:9092'
|
||||
|
||||
# Even if TLS is configured in the server setting (under server.tls), the grcp server won't use TLS
|
||||
disableTLS: false
|
||||
|
||||
# By default the ban is issued for the user. With this options the IP instead of the user will be banned
|
||||
use_ip_for_ban: true
|
||||
|
||||
## Server headers configuration/customization.
|
||||
headers:
|
||||
|
||||
|
|
|
@ -24,16 +24,12 @@ authelia-gen [flags]
|
|||
|
||||
```
|
||||
-C, --cwd string Sets the CWD for git commands
|
||||
--dir.authentication string The authentication directory in relation to the root (default "internal/authentication")
|
||||
--dir.docs string The directory with the docs (default "docs")
|
||||
--dir.docs.cli-reference string The directory to store the markdown in (default "en/reference/cli")
|
||||
--dir.docs.content string The directory with the docs content (default "content")
|
||||
--dir.docs.data string The directory with the docs data (default "data")
|
||||
--dir.docs.static string The directory with the docs static files (default "static")
|
||||
--dir.docs.static.json-schemas string The directory with the docs static JSONSchema files (default "schemas")
|
||||
--dir.locales string The locales directory in relation to the root (default "internal/server/locales")
|
||||
-d, --dir.root string The repository root (default "./")
|
||||
--dir.schema string The schema directory in relation to the root (default "internal/configuration/schema")
|
||||
--dir.web string The repository web directory in relation to the root directory (default "web")
|
||||
-X, --exclude strings Sets the names of excluded generators
|
||||
--file.bug-report string Sets the path of the bug report issue template file (default ".github/ISSUE_TEMPLATE/bug-report.yml")
|
||||
|
@ -43,16 +39,12 @@ authelia-gen [flags]
|
|||
--file.docs.data.keys string Sets the path of the docs keys file (default "configkeys.json")
|
||||
--file.docs.data.languages string The languages docs data file in relation to the docs data folder (default "languages.json")
|
||||
--file.docs.data.misc string The misc docs data file in relation to the docs data folder (default "misc.json")
|
||||
--file.docs.static.json-schemas.configuration string Sets the path of the configuration JSONSchema (default "configuration.json")
|
||||
--file.docs.static.json-schemas.user-database string Sets the path of the user database JSONSchema (default "user-database.json")
|
||||
--file.feature-request string Sets the path of the feature request issue template file (default ".github/ISSUE_TEMPLATE/feature-request.yml")
|
||||
--file.scripts.gen string Sets the path of the authelia-scripts gen file (default "cmd/authelia-scripts/cmd/gen.go")
|
||||
--file.server.generated string Sets the path of the server generated file (default "internal/server/gen.go")
|
||||
--file.web.i18n string The i18n typescript configuration file in relation to the web directory (default "src/i18n/index.ts")
|
||||
--file.web.package string The node package configuration file in relation to the web directory (default "package.json")
|
||||
-h, --help help for authelia-gen
|
||||
--latest Enables latest functionality with several generators like the JSON Schema generator
|
||||
--next Enables next functionality with several generators like the JSON Schema generator
|
||||
--package.configuration.keys string Sets the package name of the keys file (default "schema")
|
||||
--package.scripts.gen string Sets the package name of the authelia-scripts gen file (default "cmd")
|
||||
--versions int the maximum number of minor versions to list in output templates (default 5)
|
||||
|
|
|
@ -30,16 +30,12 @@ authelia-gen code [flags]
|
|||
|
||||
```
|
||||
-C, --cwd string Sets the CWD for git commands
|
||||
--dir.authentication string The authentication directory in relation to the root (default "internal/authentication")
|
||||
--dir.docs string The directory with the docs (default "docs")
|
||||
--dir.docs.cli-reference string The directory to store the markdown in (default "en/reference/cli")
|
||||
--dir.docs.content string The directory with the docs content (default "content")
|
||||
--dir.docs.data string The directory with the docs data (default "data")
|
||||
--dir.docs.static string The directory with the docs static files (default "static")
|
||||
--dir.docs.static.json-schemas string The directory with the docs static JSONSchema files (default "schemas")
|
||||
--dir.locales string The locales directory in relation to the root (default "internal/server/locales")
|
||||
-d, --dir.root string The repository root (default "./")
|
||||
--dir.schema string The schema directory in relation to the root (default "internal/configuration/schema")
|
||||
--dir.web string The repository web directory in relation to the root directory (default "web")
|
||||
-X, --exclude strings Sets the names of excluded generators
|
||||
--file.bug-report string Sets the path of the bug report issue template file (default ".github/ISSUE_TEMPLATE/bug-report.yml")
|
||||
|
@ -49,15 +45,11 @@ authelia-gen code [flags]
|
|||
--file.docs.data.keys string Sets the path of the docs keys file (default "configkeys.json")
|
||||
--file.docs.data.languages string The languages docs data file in relation to the docs data folder (default "languages.json")
|
||||
--file.docs.data.misc string The misc docs data file in relation to the docs data folder (default "misc.json")
|
||||
--file.docs.static.json-schemas.configuration string Sets the path of the configuration JSONSchema (default "configuration.json")
|
||||
--file.docs.static.json-schemas.user-database string Sets the path of the user database JSONSchema (default "user-database.json")
|
||||
--file.feature-request string Sets the path of the feature request issue template file (default ".github/ISSUE_TEMPLATE/feature-request.yml")
|
||||
--file.scripts.gen string Sets the path of the authelia-scripts gen file (default "cmd/authelia-scripts/cmd/gen.go")
|
||||
--file.server.generated string Sets the path of the server generated file (default "internal/server/gen.go")
|
||||
--file.web.i18n string The i18n typescript configuration file in relation to the web directory (default "src/i18n/index.ts")
|
||||
--file.web.package string The node package configuration file in relation to the web directory (default "package.json")
|
||||
--latest Enables latest functionality with several generators like the JSON Schema generator
|
||||
--next Enables next functionality with several generators like the JSON Schema generator
|
||||
--package.configuration.keys string Sets the package name of the keys file (default "schema")
|
||||
--package.scripts.gen string Sets the package name of the authelia-scripts gen file (default "cmd")
|
||||
--versions int the maximum number of minor versions to list in output templates (default 5)
|
||||
|
|
|
@ -30,16 +30,12 @@ authelia-gen code keys [flags]
|
|||
|
||||
```
|
||||
-C, --cwd string Sets the CWD for git commands
|
||||
--dir.authentication string The authentication directory in relation to the root (default "internal/authentication")
|
||||
--dir.docs string The directory with the docs (default "docs")
|
||||
--dir.docs.cli-reference string The directory to store the markdown in (default "en/reference/cli")
|
||||
--dir.docs.content string The directory with the docs content (default "content")
|
||||
--dir.docs.data string The directory with the docs data (default "data")
|
||||
--dir.docs.static string The directory with the docs static files (default "static")
|
||||
--dir.docs.static.json-schemas string The directory with the docs static JSONSchema files (default "schemas")
|
||||
--dir.locales string The locales directory in relation to the root (default "internal/server/locales")
|
||||
-d, --dir.root string The repository root (default "./")
|
||||
--dir.schema string The schema directory in relation to the root (default "internal/configuration/schema")
|
||||
--dir.web string The repository web directory in relation to the root directory (default "web")
|
||||
-X, --exclude strings Sets the names of excluded generators
|
||||
--file.bug-report string Sets the path of the bug report issue template file (default ".github/ISSUE_TEMPLATE/bug-report.yml")
|
||||
|
@ -49,15 +45,11 @@ authelia-gen code keys [flags]
|
|||
--file.docs.data.keys string Sets the path of the docs keys file (default "configkeys.json")
|
||||
--file.docs.data.languages string The languages docs data file in relation to the docs data folder (default "languages.json")
|
||||
--file.docs.data.misc string The misc docs data file in relation to the docs data folder (default "misc.json")
|
||||
--file.docs.static.json-schemas.configuration string Sets the path of the configuration JSONSchema (default "configuration.json")
|
||||
--file.docs.static.json-schemas.user-database string Sets the path of the user database JSONSchema (default "user-database.json")
|
||||
--file.feature-request string Sets the path of the feature request issue template file (default ".github/ISSUE_TEMPLATE/feature-request.yml")
|
||||
--file.scripts.gen string Sets the path of the authelia-scripts gen file (default "cmd/authelia-scripts/cmd/gen.go")
|
||||
--file.server.generated string Sets the path of the server generated file (default "internal/server/gen.go")
|
||||
--file.web.i18n string The i18n typescript configuration file in relation to the web directory (default "src/i18n/index.ts")
|
||||
--file.web.package string The node package configuration file in relation to the web directory (default "package.json")
|
||||
--latest Enables latest functionality with several generators like the JSON Schema generator
|
||||
--next Enables next functionality with several generators like the JSON Schema generator
|
||||
--package.configuration.keys string Sets the package name of the keys file (default "schema")
|
||||
--package.scripts.gen string Sets the package name of the authelia-scripts gen file (default "cmd")
|
||||
--versions int the maximum number of minor versions to list in output templates (default 5)
|
||||
|
|
|
@ -30,16 +30,12 @@ authelia-gen code scripts [flags]
|
|||
|
||||
```
|
||||
-C, --cwd string Sets the CWD for git commands
|
||||
--dir.authentication string The authentication directory in relation to the root (default "internal/authentication")
|
||||
--dir.docs string The directory with the docs (default "docs")
|
||||
--dir.docs.cli-reference string The directory to store the markdown in (default "en/reference/cli")
|
||||
--dir.docs.content string The directory with the docs content (default "content")
|
||||
--dir.docs.data string The directory with the docs data (default "data")
|
||||
--dir.docs.static string The directory with the docs static files (default "static")
|
||||
--dir.docs.static.json-schemas string The directory with the docs static JSONSchema files (default "schemas")
|
||||
--dir.locales string The locales directory in relation to the root (default "internal/server/locales")
|
||||
-d, --dir.root string The repository root (default "./")
|
||||
--dir.schema string The schema directory in relation to the root (default "internal/configuration/schema")
|
||||
--dir.web string The repository web directory in relation to the root directory (default "web")
|
||||
-X, --exclude strings Sets the names of excluded generators
|
||||
--file.bug-report string Sets the path of the bug report issue template file (default ".github/ISSUE_TEMPLATE/bug-report.yml")
|
||||
|
@ -49,15 +45,11 @@ authelia-gen code scripts [flags]
|
|||
--file.docs.data.keys string Sets the path of the docs keys file (default "configkeys.json")
|
||||
--file.docs.data.languages string The languages docs data file in relation to the docs data folder (default "languages.json")
|
||||
--file.docs.data.misc string The misc docs data file in relation to the docs data folder (default "misc.json")
|
||||
--file.docs.static.json-schemas.configuration string Sets the path of the configuration JSONSchema (default "configuration.json")
|
||||
--file.docs.static.json-schemas.user-database string Sets the path of the user database JSONSchema (default "user-database.json")
|
||||
--file.feature-request string Sets the path of the feature request issue template file (default ".github/ISSUE_TEMPLATE/feature-request.yml")
|
||||
--file.scripts.gen string Sets the path of the authelia-scripts gen file (default "cmd/authelia-scripts/cmd/gen.go")
|
||||
--file.server.generated string Sets the path of the server generated file (default "internal/server/gen.go")
|
||||
--file.web.i18n string The i18n typescript configuration file in relation to the web directory (default "src/i18n/index.ts")
|
||||
--file.web.package string The node package configuration file in relation to the web directory (default "package.json")
|
||||
--latest Enables latest functionality with several generators like the JSON Schema generator
|
||||
--next Enables next functionality with several generators like the JSON Schema generator
|
||||
--package.configuration.keys string Sets the package name of the keys file (default "schema")
|
||||
--package.scripts.gen string Sets the package name of the authelia-scripts gen file (default "cmd")
|
||||
--versions int the maximum number of minor versions to list in output templates (default 5)
|
||||
|
|
|
@ -30,16 +30,12 @@ authelia-gen code server [flags]
|
|||
|
||||
```
|
||||
-C, --cwd string Sets the CWD for git commands
|
||||
--dir.authentication string The authentication directory in relation to the root (default "internal/authentication")
|
||||
--dir.docs string The directory with the docs (default "docs")
|
||||
--dir.docs.cli-reference string The directory to store the markdown in (default "en/reference/cli")
|
||||
--dir.docs.content string The directory with the docs content (default "content")
|
||||
--dir.docs.data string The directory with the docs data (default "data")
|
||||
--dir.docs.static string The directory with the docs static files (default "static")
|
||||
--dir.docs.static.json-schemas string The directory with the docs static JSONSchema files (default "schemas")
|
||||
--dir.locales string The locales directory in relation to the root (default "internal/server/locales")
|
||||
-d, --dir.root string The repository root (default "./")
|
||||
--dir.schema string The schema directory in relation to the root (default "internal/configuration/schema")
|
||||
--dir.web string The repository web directory in relation to the root directory (default "web")
|
||||
-X, --exclude strings Sets the names of excluded generators
|
||||
--file.bug-report string Sets the path of the bug report issue template file (default ".github/ISSUE_TEMPLATE/bug-report.yml")
|
||||
|
@ -49,15 +45,11 @@ authelia-gen code server [flags]
|
|||
--file.docs.data.keys string Sets the path of the docs keys file (default "configkeys.json")
|
||||
--file.docs.data.languages string The languages docs data file in relation to the docs data folder (default "languages.json")
|
||||
--file.docs.data.misc string The misc docs data file in relation to the docs data folder (default "misc.json")
|
||||
--file.docs.static.json-schemas.configuration string Sets the path of the configuration JSONSchema (default "configuration.json")
|
||||
--file.docs.static.json-schemas.user-database string Sets the path of the user database JSONSchema (default "user-database.json")
|
||||
--file.feature-request string Sets the path of the feature request issue template file (default ".github/ISSUE_TEMPLATE/feature-request.yml")
|
||||
--file.scripts.gen string Sets the path of the authelia-scripts gen file (default "cmd/authelia-scripts/cmd/gen.go")
|
||||
--file.server.generated string Sets the path of the server generated file (default "internal/server/gen.go")
|
||||
--file.web.i18n string The i18n typescript configuration file in relation to the web directory (default "src/i18n/index.ts")
|
||||
--file.web.package string The node package configuration file in relation to the web directory (default "package.json")
|
||||
--latest Enables latest functionality with several generators like the JSON Schema generator
|
||||
--next Enables next functionality with several generators like the JSON Schema generator
|
||||
--package.configuration.keys string Sets the package name of the keys file (default "schema")
|
||||
--package.scripts.gen string Sets the package name of the authelia-scripts gen file (default "cmd")
|
||||
--versions int the maximum number of minor versions to list in output templates (default 5)
|
||||
|
|
|
@ -30,16 +30,12 @@ authelia-gen commit-lint [flags]
|
|||
|
||||
```
|
||||
-C, --cwd string Sets the CWD for git commands
|
||||
--dir.authentication string The authentication directory in relation to the root (default "internal/authentication")
|
||||
--dir.docs string The directory with the docs (default "docs")
|
||||
--dir.docs.cli-reference string The directory to store the markdown in (default "en/reference/cli")
|
||||
--dir.docs.content string The directory with the docs content (default "content")
|
||||
--dir.docs.data string The directory with the docs data (default "data")
|
||||
--dir.docs.static string The directory with the docs static files (default "static")
|
||||
--dir.docs.static.json-schemas string The directory with the docs static JSONSchema files (default "schemas")
|
||||
--dir.locales string The locales directory in relation to the root (default "internal/server/locales")
|
||||
-d, --dir.root string The repository root (default "./")
|
||||
--dir.schema string The schema directory in relation to the root (default "internal/configuration/schema")
|
||||
--dir.web string The repository web directory in relation to the root directory (default "web")
|
||||
-X, --exclude strings Sets the names of excluded generators
|
||||
--file.bug-report string Sets the path of the bug report issue template file (default ".github/ISSUE_TEMPLATE/bug-report.yml")
|
||||
|
@ -49,15 +45,11 @@ authelia-gen commit-lint [flags]
|
|||
--file.docs.data.keys string Sets the path of the docs keys file (default "configkeys.json")
|
||||
--file.docs.data.languages string The languages docs data file in relation to the docs data folder (default "languages.json")
|
||||
--file.docs.data.misc string The misc docs data file in relation to the docs data folder (default "misc.json")
|
||||
--file.docs.static.json-schemas.configuration string Sets the path of the configuration JSONSchema (default "configuration.json")
|
||||
--file.docs.static.json-schemas.user-database string Sets the path of the user database JSONSchema (default "user-database.json")
|
||||
--file.feature-request string Sets the path of the feature request issue template file (default ".github/ISSUE_TEMPLATE/feature-request.yml")
|
||||
--file.scripts.gen string Sets the path of the authelia-scripts gen file (default "cmd/authelia-scripts/cmd/gen.go")
|
||||
--file.server.generated string Sets the path of the server generated file (default "internal/server/gen.go")
|
||||
--file.web.i18n string The i18n typescript configuration file in relation to the web directory (default "src/i18n/index.ts")
|
||||
--file.web.package string The node package configuration file in relation to the web directory (default "package.json")
|
||||
--latest Enables latest functionality with several generators like the JSON Schema generator
|
||||
--next Enables next functionality with several generators like the JSON Schema generator
|
||||
--package.configuration.keys string Sets the package name of the keys file (default "schema")
|
||||
--package.scripts.gen string Sets the package name of the authelia-scripts gen file (default "cmd")
|
||||
--versions int the maximum number of minor versions to list in output templates (default 5)
|
||||
|
|
|
@ -30,16 +30,12 @@ authelia-gen docs [flags]
|
|||
|
||||
```
|
||||
-C, --cwd string Sets the CWD for git commands
|
||||
--dir.authentication string The authentication directory in relation to the root (default "internal/authentication")
|
||||
--dir.docs string The directory with the docs (default "docs")
|
||||
--dir.docs.cli-reference string The directory to store the markdown in (default "en/reference/cli")
|
||||
--dir.docs.content string The directory with the docs content (default "content")
|
||||
--dir.docs.data string The directory with the docs data (default "data")
|
||||
--dir.docs.static string The directory with the docs static files (default "static")
|
||||
--dir.docs.static.json-schemas string The directory with the docs static JSONSchema files (default "schemas")
|
||||
--dir.locales string The locales directory in relation to the root (default "internal/server/locales")
|
||||
-d, --dir.root string The repository root (default "./")
|
||||
--dir.schema string The schema directory in relation to the root (default "internal/configuration/schema")
|
||||
--dir.web string The repository web directory in relation to the root directory (default "web")
|
||||
-X, --exclude strings Sets the names of excluded generators
|
||||
--file.bug-report string Sets the path of the bug report issue template file (default ".github/ISSUE_TEMPLATE/bug-report.yml")
|
||||
|
@ -49,15 +45,11 @@ authelia-gen docs [flags]
|
|||
--file.docs.data.keys string Sets the path of the docs keys file (default "configkeys.json")
|
||||
--file.docs.data.languages string The languages docs data file in relation to the docs data folder (default "languages.json")
|
||||
--file.docs.data.misc string The misc docs data file in relation to the docs data folder (default "misc.json")
|
||||
--file.docs.static.json-schemas.configuration string Sets the path of the configuration JSONSchema (default "configuration.json")
|
||||
--file.docs.static.json-schemas.user-database string Sets the path of the user database JSONSchema (default "user-database.json")
|
||||
--file.feature-request string Sets the path of the feature request issue template file (default ".github/ISSUE_TEMPLATE/feature-request.yml")
|
||||
--file.scripts.gen string Sets the path of the authelia-scripts gen file (default "cmd/authelia-scripts/cmd/gen.go")
|
||||
--file.server.generated string Sets the path of the server generated file (default "internal/server/gen.go")
|
||||
--file.web.i18n string The i18n typescript configuration file in relation to the web directory (default "src/i18n/index.ts")
|
||||
--file.web.package string The node package configuration file in relation to the web directory (default "package.json")
|
||||
--latest Enables latest functionality with several generators like the JSON Schema generator
|
||||
--next Enables next functionality with several generators like the JSON Schema generator
|
||||
--package.configuration.keys string Sets the package name of the keys file (default "schema")
|
||||
--package.scripts.gen string Sets the package name of the authelia-scripts gen file (default "cmd")
|
||||
--versions int the maximum number of minor versions to list in output templates (default 5)
|
||||
|
@ -69,5 +61,4 @@ authelia-gen docs [flags]
|
|||
* [authelia-gen docs cli](authelia-gen_docs_cli.md) - Generate CLI docs
|
||||
* [authelia-gen docs data](authelia-gen_docs_data.md) - Generate docs data files
|
||||
* [authelia-gen docs date](authelia-gen_docs_date.md) - Generate doc dates
|
||||
* [authelia-gen docs json-schema](authelia-gen_docs_json-schema.md) - Generate docs JSON schema
|
||||
|
||||
|
|
|
@ -30,16 +30,12 @@ authelia-gen docs cli [flags]
|
|||
|
||||
```
|
||||
-C, --cwd string Sets the CWD for git commands
|
||||
--dir.authentication string The authentication directory in relation to the root (default "internal/authentication")
|
||||
--dir.docs string The directory with the docs (default "docs")
|
||||
--dir.docs.cli-reference string The directory to store the markdown in (default "en/reference/cli")
|
||||
--dir.docs.content string The directory with the docs content (default "content")
|
||||
--dir.docs.data string The directory with the docs data (default "data")
|
||||
--dir.docs.static string The directory with the docs static files (default "static")
|
||||
--dir.docs.static.json-schemas string The directory with the docs static JSONSchema files (default "schemas")
|
||||
--dir.locales string The locales directory in relation to the root (default "internal/server/locales")
|
||||
-d, --dir.root string The repository root (default "./")
|
||||
--dir.schema string The schema directory in relation to the root (default "internal/configuration/schema")
|
||||
--dir.web string The repository web directory in relation to the root directory (default "web")
|
||||
-X, --exclude strings Sets the names of excluded generators
|
||||
--file.bug-report string Sets the path of the bug report issue template file (default ".github/ISSUE_TEMPLATE/bug-report.yml")
|
||||
|
@ -49,15 +45,11 @@ authelia-gen docs cli [flags]
|
|||
--file.docs.data.keys string Sets the path of the docs keys file (default "configkeys.json")
|
||||
--file.docs.data.languages string The languages docs data file in relation to the docs data folder (default "languages.json")
|
||||
--file.docs.data.misc string The misc docs data file in relation to the docs data folder (default "misc.json")
|
||||
--file.docs.static.json-schemas.configuration string Sets the path of the configuration JSONSchema (default "configuration.json")
|
||||
--file.docs.static.json-schemas.user-database string Sets the path of the user database JSONSchema (default "user-database.json")
|
||||
--file.feature-request string Sets the path of the feature request issue template file (default ".github/ISSUE_TEMPLATE/feature-request.yml")
|
||||
--file.scripts.gen string Sets the path of the authelia-scripts gen file (default "cmd/authelia-scripts/cmd/gen.go")
|
||||
--file.server.generated string Sets the path of the server generated file (default "internal/server/gen.go")
|
||||
--file.web.i18n string The i18n typescript configuration file in relation to the web directory (default "src/i18n/index.ts")
|
||||
--file.web.package string The node package configuration file in relation to the web directory (default "package.json")
|
||||
--latest Enables latest functionality with several generators like the JSON Schema generator
|
||||
--next Enables next functionality with several generators like the JSON Schema generator
|
||||
--package.configuration.keys string Sets the package name of the keys file (default "schema")
|
||||
--package.scripts.gen string Sets the package name of the authelia-scripts gen file (default "cmd")
|
||||
--versions int the maximum number of minor versions to list in output templates (default 5)
|
||||
|
|
|
@ -30,16 +30,12 @@ authelia-gen docs data [flags]
|
|||
|
||||
```
|
||||
-C, --cwd string Sets the CWD for git commands
|
||||
--dir.authentication string The authentication directory in relation to the root (default "internal/authentication")
|
||||
--dir.docs string The directory with the docs (default "docs")
|
||||
--dir.docs.cli-reference string The directory to store the markdown in (default "en/reference/cli")
|
||||
--dir.docs.content string The directory with the docs content (default "content")
|
||||
--dir.docs.data string The directory with the docs data (default "data")
|
||||
--dir.docs.static string The directory with the docs static files (default "static")
|
||||
--dir.docs.static.json-schemas string The directory with the docs static JSONSchema files (default "schemas")
|
||||
--dir.locales string The locales directory in relation to the root (default "internal/server/locales")
|
||||
-d, --dir.root string The repository root (default "./")
|
||||
--dir.schema string The schema directory in relation to the root (default "internal/configuration/schema")
|
||||
--dir.web string The repository web directory in relation to the root directory (default "web")
|
||||
-X, --exclude strings Sets the names of excluded generators
|
||||
--file.bug-report string Sets the path of the bug report issue template file (default ".github/ISSUE_TEMPLATE/bug-report.yml")
|
||||
|
@ -49,15 +45,11 @@ authelia-gen docs data [flags]
|
|||
--file.docs.data.keys string Sets the path of the docs keys file (default "configkeys.json")
|
||||
--file.docs.data.languages string The languages docs data file in relation to the docs data folder (default "languages.json")
|
||||
--file.docs.data.misc string The misc docs data file in relation to the docs data folder (default "misc.json")
|
||||
--file.docs.static.json-schemas.configuration string Sets the path of the configuration JSONSchema (default "configuration.json")
|
||||
--file.docs.static.json-schemas.user-database string Sets the path of the user database JSONSchema (default "user-database.json")
|
||||
--file.feature-request string Sets the path of the feature request issue template file (default ".github/ISSUE_TEMPLATE/feature-request.yml")
|
||||
--file.scripts.gen string Sets the path of the authelia-scripts gen file (default "cmd/authelia-scripts/cmd/gen.go")
|
||||
--file.server.generated string Sets the path of the server generated file (default "internal/server/gen.go")
|
||||
--file.web.i18n string The i18n typescript configuration file in relation to the web directory (default "src/i18n/index.ts")
|
||||
--file.web.package string The node package configuration file in relation to the web directory (default "package.json")
|
||||
--latest Enables latest functionality with several generators like the JSON Schema generator
|
||||
--next Enables next functionality with several generators like the JSON Schema generator
|
||||
--package.configuration.keys string Sets the package name of the keys file (default "schema")
|
||||
--package.scripts.gen string Sets the package name of the authelia-scripts gen file (default "cmd")
|
||||
--versions int the maximum number of minor versions to list in output templates (default 5)
|
||||
|
|
|
@ -30,16 +30,12 @@ authelia-gen docs data keys [flags]
|
|||
|
||||
```
|
||||
-C, --cwd string Sets the CWD for git commands
|
||||
--dir.authentication string The authentication directory in relation to the root (default "internal/authentication")
|
||||
--dir.docs string The directory with the docs (default "docs")
|
||||
--dir.docs.cli-reference string The directory to store the markdown in (default "en/reference/cli")
|
||||
--dir.docs.content string The directory with the docs content (default "content")
|
||||
--dir.docs.data string The directory with the docs data (default "data")
|
||||
--dir.docs.static string The directory with the docs static files (default "static")
|
||||
--dir.docs.static.json-schemas string The directory with the docs static JSONSchema files (default "schemas")
|
||||
--dir.locales string The locales directory in relation to the root (default "internal/server/locales")
|
||||
-d, --dir.root string The repository root (default "./")
|
||||
--dir.schema string The schema directory in relation to the root (default "internal/configuration/schema")
|
||||
--dir.web string The repository web directory in relation to the root directory (default "web")
|
||||
-X, --exclude strings Sets the names of excluded generators
|
||||
--file.bug-report string Sets the path of the bug report issue template file (default ".github/ISSUE_TEMPLATE/bug-report.yml")
|
||||
|
@ -49,15 +45,11 @@ authelia-gen docs data keys [flags]
|
|||
--file.docs.data.keys string Sets the path of the docs keys file (default "configkeys.json")
|
||||
--file.docs.data.languages string The languages docs data file in relation to the docs data folder (default "languages.json")
|
||||
--file.docs.data.misc string The misc docs data file in relation to the docs data folder (default "misc.json")
|
||||
--file.docs.static.json-schemas.configuration string Sets the path of the configuration JSONSchema (default "configuration.json")
|
||||
--file.docs.static.json-schemas.user-database string Sets the path of the user database JSONSchema (default "user-database.json")
|
||||
--file.feature-request string Sets the path of the feature request issue template file (default ".github/ISSUE_TEMPLATE/feature-request.yml")
|
||||
--file.scripts.gen string Sets the path of the authelia-scripts gen file (default "cmd/authelia-scripts/cmd/gen.go")
|
||||
--file.server.generated string Sets the path of the server generated file (default "internal/server/gen.go")
|
||||
--file.web.i18n string The i18n typescript configuration file in relation to the web directory (default "src/i18n/index.ts")
|
||||
--file.web.package string The node package configuration file in relation to the web directory (default "package.json")
|
||||
--latest Enables latest functionality with several generators like the JSON Schema generator
|
||||
--next Enables next functionality with several generators like the JSON Schema generator
|
||||
--package.configuration.keys string Sets the package name of the keys file (default "schema")
|
||||
--package.scripts.gen string Sets the package name of the authelia-scripts gen file (default "cmd")
|
||||
--versions int the maximum number of minor versions to list in output templates (default 5)
|
||||
|
|
|
@ -30,16 +30,12 @@ authelia-gen docs data misc [flags]
|
|||
|
||||
```
|
||||
-C, --cwd string Sets the CWD for git commands
|
||||
--dir.authentication string The authentication directory in relation to the root (default "internal/authentication")
|
||||
--dir.docs string The directory with the docs (default "docs")
|
||||
--dir.docs.cli-reference string The directory to store the markdown in (default "en/reference/cli")
|
||||
--dir.docs.content string The directory with the docs content (default "content")
|
||||
--dir.docs.data string The directory with the docs data (default "data")
|
||||
--dir.docs.static string The directory with the docs static files (default "static")
|
||||
--dir.docs.static.json-schemas string The directory with the docs static JSONSchema files (default "schemas")
|
||||
--dir.locales string The locales directory in relation to the root (default "internal/server/locales")
|
||||
-d, --dir.root string The repository root (default "./")
|
||||
--dir.schema string The schema directory in relation to the root (default "internal/configuration/schema")
|
||||
--dir.web string The repository web directory in relation to the root directory (default "web")
|
||||
-X, --exclude strings Sets the names of excluded generators
|
||||
--file.bug-report string Sets the path of the bug report issue template file (default ".github/ISSUE_TEMPLATE/bug-report.yml")
|
||||
|
@ -49,15 +45,11 @@ authelia-gen docs data misc [flags]
|
|||
--file.docs.data.keys string Sets the path of the docs keys file (default "configkeys.json")
|
||||
--file.docs.data.languages string The languages docs data file in relation to the docs data folder (default "languages.json")
|
||||
--file.docs.data.misc string The misc docs data file in relation to the docs data folder (default "misc.json")
|
||||
--file.docs.static.json-schemas.configuration string Sets the path of the configuration JSONSchema (default "configuration.json")
|
||||
--file.docs.static.json-schemas.user-database string Sets the path of the user database JSONSchema (default "user-database.json")
|
||||
--file.feature-request string Sets the path of the feature request issue template file (default ".github/ISSUE_TEMPLATE/feature-request.yml")
|
||||
--file.scripts.gen string Sets the path of the authelia-scripts gen file (default "cmd/authelia-scripts/cmd/gen.go")
|
||||
--file.server.generated string Sets the path of the server generated file (default "internal/server/gen.go")
|
||||
--file.web.i18n string The i18n typescript configuration file in relation to the web directory (default "src/i18n/index.ts")
|
||||
--file.web.package string The node package configuration file in relation to the web directory (default "package.json")
|
||||
--latest Enables latest functionality with several generators like the JSON Schema generator
|
||||
--next Enables next functionality with several generators like the JSON Schema generator
|
||||
--package.configuration.keys string Sets the package name of the keys file (default "schema")
|
||||
--package.scripts.gen string Sets the package name of the authelia-scripts gen file (default "cmd")
|
||||
--versions int the maximum number of minor versions to list in output templates (default 5)
|
||||
|
|
|
@ -32,16 +32,12 @@ authelia-gen docs date [flags]
|
|||
|
||||
```
|
||||
-C, --cwd string Sets the CWD for git commands
|
||||
--dir.authentication string The authentication directory in relation to the root (default "internal/authentication")
|
||||
--dir.docs string The directory with the docs (default "docs")
|
||||
--dir.docs.cli-reference string The directory to store the markdown in (default "en/reference/cli")
|
||||
--dir.docs.content string The directory with the docs content (default "content")
|
||||
--dir.docs.data string The directory with the docs data (default "data")
|
||||
--dir.docs.static string The directory with the docs static files (default "static")
|
||||
--dir.docs.static.json-schemas string The directory with the docs static JSONSchema files (default "schemas")
|
||||
--dir.locales string The locales directory in relation to the root (default "internal/server/locales")
|
||||
-d, --dir.root string The repository root (default "./")
|
||||
--dir.schema string The schema directory in relation to the root (default "internal/configuration/schema")
|
||||
--dir.web string The repository web directory in relation to the root directory (default "web")
|
||||
-X, --exclude strings Sets the names of excluded generators
|
||||
--file.bug-report string Sets the path of the bug report issue template file (default ".github/ISSUE_TEMPLATE/bug-report.yml")
|
||||
|
@ -51,15 +47,11 @@ authelia-gen docs date [flags]
|
|||
--file.docs.data.keys string Sets the path of the docs keys file (default "configkeys.json")
|
||||
--file.docs.data.languages string The languages docs data file in relation to the docs data folder (default "languages.json")
|
||||
--file.docs.data.misc string The misc docs data file in relation to the docs data folder (default "misc.json")
|
||||
--file.docs.static.json-schemas.configuration string Sets the path of the configuration JSONSchema (default "configuration.json")
|
||||
--file.docs.static.json-schemas.user-database string Sets the path of the user database JSONSchema (default "user-database.json")
|
||||
--file.feature-request string Sets the path of the feature request issue template file (default ".github/ISSUE_TEMPLATE/feature-request.yml")
|
||||
--file.scripts.gen string Sets the path of the authelia-scripts gen file (default "cmd/authelia-scripts/cmd/gen.go")
|
||||
--file.server.generated string Sets the path of the server generated file (default "internal/server/gen.go")
|
||||
--file.web.i18n string The i18n typescript configuration file in relation to the web directory (default "src/i18n/index.ts")
|
||||
--file.web.package string The node package configuration file in relation to the web directory (default "package.json")
|
||||
--latest Enables latest functionality with several generators like the JSON Schema generator
|
||||
--next Enables next functionality with several generators like the JSON Schema generator
|
||||
--package.configuration.keys string Sets the package name of the keys file (default "schema")
|
||||
--package.scripts.gen string Sets the package name of the authelia-scripts gen file (default "cmd")
|
||||
--versions int the maximum number of minor versions to list in output templates (default 5)
|
||||
|
|
|
@ -30,16 +30,12 @@ authelia-gen github [flags]
|
|||
|
||||
```
|
||||
-C, --cwd string Sets the CWD for git commands
|
||||
--dir.authentication string The authentication directory in relation to the root (default "internal/authentication")
|
||||
--dir.docs string The directory with the docs (default "docs")
|
||||
--dir.docs.cli-reference string The directory to store the markdown in (default "en/reference/cli")
|
||||
--dir.docs.content string The directory with the docs content (default "content")
|
||||
--dir.docs.data string The directory with the docs data (default "data")
|
||||
--dir.docs.static string The directory with the docs static files (default "static")
|
||||
--dir.docs.static.json-schemas string The directory with the docs static JSONSchema files (default "schemas")
|
||||
--dir.locales string The locales directory in relation to the root (default "internal/server/locales")
|
||||
-d, --dir.root string The repository root (default "./")
|
||||
--dir.schema string The schema directory in relation to the root (default "internal/configuration/schema")
|
||||
--dir.web string The repository web directory in relation to the root directory (default "web")
|
||||
-X, --exclude strings Sets the names of excluded generators
|
||||
--file.bug-report string Sets the path of the bug report issue template file (default ".github/ISSUE_TEMPLATE/bug-report.yml")
|
||||
|
@ -49,15 +45,11 @@ authelia-gen github [flags]
|
|||
--file.docs.data.keys string Sets the path of the docs keys file (default "configkeys.json")
|
||||
--file.docs.data.languages string The languages docs data file in relation to the docs data folder (default "languages.json")
|
||||
--file.docs.data.misc string The misc docs data file in relation to the docs data folder (default "misc.json")
|
||||
--file.docs.static.json-schemas.configuration string Sets the path of the configuration JSONSchema (default "configuration.json")
|
||||
--file.docs.static.json-schemas.user-database string Sets the path of the user database JSONSchema (default "user-database.json")
|
||||
--file.feature-request string Sets the path of the feature request issue template file (default ".github/ISSUE_TEMPLATE/feature-request.yml")
|
||||
--file.scripts.gen string Sets the path of the authelia-scripts gen file (default "cmd/authelia-scripts/cmd/gen.go")
|
||||
--file.server.generated string Sets the path of the server generated file (default "internal/server/gen.go")
|
||||
--file.web.i18n string The i18n typescript configuration file in relation to the web directory (default "src/i18n/index.ts")
|
||||
--file.web.package string The node package configuration file in relation to the web directory (default "package.json")
|
||||
--latest Enables latest functionality with several generators like the JSON Schema generator
|
||||
--next Enables next functionality with several generators like the JSON Schema generator
|
||||
--package.configuration.keys string Sets the package name of the keys file (default "schema")
|
||||
--package.scripts.gen string Sets the package name of the authelia-scripts gen file (default "cmd")
|
||||
--versions int the maximum number of minor versions to list in output templates (default 5)
|
||||
|
|
|
@ -30,16 +30,12 @@ authelia-gen github issue-templates [flags]
|
|||
|
||||
```
|
||||
-C, --cwd string Sets the CWD for git commands
|
||||
--dir.authentication string The authentication directory in relation to the root (default "internal/authentication")
|
||||
--dir.docs string The directory with the docs (default "docs")
|
||||
--dir.docs.cli-reference string The directory to store the markdown in (default "en/reference/cli")
|
||||
--dir.docs.content string The directory with the docs content (default "content")
|
||||
--dir.docs.data string The directory with the docs data (default "data")
|
||||
--dir.docs.static string The directory with the docs static files (default "static")
|
||||
--dir.docs.static.json-schemas string The directory with the docs static JSONSchema files (default "schemas")
|
||||
--dir.locales string The locales directory in relation to the root (default "internal/server/locales")
|
||||
-d, --dir.root string The repository root (default "./")
|
||||
--dir.schema string The schema directory in relation to the root (default "internal/configuration/schema")
|
||||
--dir.web string The repository web directory in relation to the root directory (default "web")
|
||||
-X, --exclude strings Sets the names of excluded generators
|
||||
--file.bug-report string Sets the path of the bug report issue template file (default ".github/ISSUE_TEMPLATE/bug-report.yml")
|
||||
|
@ -49,15 +45,11 @@ authelia-gen github issue-templates [flags]
|
|||
--file.docs.data.keys string Sets the path of the docs keys file (default "configkeys.json")
|
||||
--file.docs.data.languages string The languages docs data file in relation to the docs data folder (default "languages.json")
|
||||
--file.docs.data.misc string The misc docs data file in relation to the docs data folder (default "misc.json")
|
||||
--file.docs.static.json-schemas.configuration string Sets the path of the configuration JSONSchema (default "configuration.json")
|
||||
--file.docs.static.json-schemas.user-database string Sets the path of the user database JSONSchema (default "user-database.json")
|
||||
--file.feature-request string Sets the path of the feature request issue template file (default ".github/ISSUE_TEMPLATE/feature-request.yml")
|
||||
--file.scripts.gen string Sets the path of the authelia-scripts gen file (default "cmd/authelia-scripts/cmd/gen.go")
|
||||
--file.server.generated string Sets the path of the server generated file (default "internal/server/gen.go")
|
||||
--file.web.i18n string The i18n typescript configuration file in relation to the web directory (default "src/i18n/index.ts")
|
||||
--file.web.package string The node package configuration file in relation to the web directory (default "package.json")
|
||||
--latest Enables latest functionality with several generators like the JSON Schema generator
|
||||
--next Enables next functionality with several generators like the JSON Schema generator
|
||||
--package.configuration.keys string Sets the package name of the keys file (default "schema")
|
||||
--package.scripts.gen string Sets the package name of the authelia-scripts gen file (default "cmd")
|
||||
--versions int the maximum number of minor versions to list in output templates (default 5)
|
||||
|
|
|
@ -30,16 +30,12 @@ authelia-gen github issue-templates bug-report [flags]
|
|||
|
||||
```
|
||||
-C, --cwd string Sets the CWD for git commands
|
||||
--dir.authentication string The authentication directory in relation to the root (default "internal/authentication")
|
||||
--dir.docs string The directory with the docs (default "docs")
|
||||
--dir.docs.cli-reference string The directory to store the markdown in (default "en/reference/cli")
|
||||
--dir.docs.content string The directory with the docs content (default "content")
|
||||
--dir.docs.data string The directory with the docs data (default "data")
|
||||
--dir.docs.static string The directory with the docs static files (default "static")
|
||||
--dir.docs.static.json-schemas string The directory with the docs static JSONSchema files (default "schemas")
|
||||
--dir.locales string The locales directory in relation to the root (default "internal/server/locales")
|
||||
-d, --dir.root string The repository root (default "./")
|
||||
--dir.schema string The schema directory in relation to the root (default "internal/configuration/schema")
|
||||
--dir.web string The repository web directory in relation to the root directory (default "web")
|
||||
-X, --exclude strings Sets the names of excluded generators
|
||||
--file.bug-report string Sets the path of the bug report issue template file (default ".github/ISSUE_TEMPLATE/bug-report.yml")
|
||||
|
@ -49,15 +45,11 @@ authelia-gen github issue-templates bug-report [flags]
|
|||
--file.docs.data.keys string Sets the path of the docs keys file (default "configkeys.json")
|
||||
--file.docs.data.languages string The languages docs data file in relation to the docs data folder (default "languages.json")
|
||||
--file.docs.data.misc string The misc docs data file in relation to the docs data folder (default "misc.json")
|
||||
--file.docs.static.json-schemas.configuration string Sets the path of the configuration JSONSchema (default "configuration.json")
|
||||
--file.docs.static.json-schemas.user-database string Sets the path of the user database JSONSchema (default "user-database.json")
|
||||
--file.feature-request string Sets the path of the feature request issue template file (default ".github/ISSUE_TEMPLATE/feature-request.yml")
|
||||
--file.scripts.gen string Sets the path of the authelia-scripts gen file (default "cmd/authelia-scripts/cmd/gen.go")
|
||||
--file.server.generated string Sets the path of the server generated file (default "internal/server/gen.go")
|
||||
--file.web.i18n string The i18n typescript configuration file in relation to the web directory (default "src/i18n/index.ts")
|
||||
--file.web.package string The node package configuration file in relation to the web directory (default "package.json")
|
||||
--latest Enables latest functionality with several generators like the JSON Schema generator
|
||||
--next Enables next functionality with several generators like the JSON Schema generator
|
||||
--package.configuration.keys string Sets the package name of the keys file (default "schema")
|
||||
--package.scripts.gen string Sets the package name of the authelia-scripts gen file (default "cmd")
|
||||
--versions int the maximum number of minor versions to list in output templates (default 5)
|
||||
|
|
|
@ -30,16 +30,12 @@ authelia-gen github issue-templates feature-request [flags]
|
|||
|
||||
```
|
||||
-C, --cwd string Sets the CWD for git commands
|
||||
--dir.authentication string The authentication directory in relation to the root (default "internal/authentication")
|
||||
--dir.docs string The directory with the docs (default "docs")
|
||||
--dir.docs.cli-reference string The directory to store the markdown in (default "en/reference/cli")
|
||||
--dir.docs.content string The directory with the docs content (default "content")
|
||||
--dir.docs.data string The directory with the docs data (default "data")
|
||||
--dir.docs.static string The directory with the docs static files (default "static")
|
||||
--dir.docs.static.json-schemas string The directory with the docs static JSONSchema files (default "schemas")
|
||||
--dir.locales string The locales directory in relation to the root (default "internal/server/locales")
|
||||
-d, --dir.root string The repository root (default "./")
|
||||
--dir.schema string The schema directory in relation to the root (default "internal/configuration/schema")
|
||||
--dir.web string The repository web directory in relation to the root directory (default "web")
|
||||
-X, --exclude strings Sets the names of excluded generators
|
||||
--file.bug-report string Sets the path of the bug report issue template file (default ".github/ISSUE_TEMPLATE/bug-report.yml")
|
||||
|
@ -49,15 +45,11 @@ authelia-gen github issue-templates feature-request [flags]
|
|||
--file.docs.data.keys string Sets the path of the docs keys file (default "configkeys.json")
|
||||
--file.docs.data.languages string The languages docs data file in relation to the docs data folder (default "languages.json")
|
||||
--file.docs.data.misc string The misc docs data file in relation to the docs data folder (default "misc.json")
|
||||
--file.docs.static.json-schemas.configuration string Sets the path of the configuration JSONSchema (default "configuration.json")
|
||||
--file.docs.static.json-schemas.user-database string Sets the path of the user database JSONSchema (default "user-database.json")
|
||||
--file.feature-request string Sets the path of the feature request issue template file (default ".github/ISSUE_TEMPLATE/feature-request.yml")
|
||||
--file.scripts.gen string Sets the path of the authelia-scripts gen file (default "cmd/authelia-scripts/cmd/gen.go")
|
||||
--file.server.generated string Sets the path of the server generated file (default "internal/server/gen.go")
|
||||
--file.web.i18n string The i18n typescript configuration file in relation to the web directory (default "src/i18n/index.ts")
|
||||
--file.web.package string The node package configuration file in relation to the web directory (default "package.json")
|
||||
--latest Enables latest functionality with several generators like the JSON Schema generator
|
||||
--next Enables next functionality with several generators like the JSON Schema generator
|
||||
--package.configuration.keys string Sets the package name of the keys file (default "schema")
|
||||
--package.scripts.gen string Sets the package name of the authelia-scripts gen file (default "cmd")
|
||||
--versions int the maximum number of minor versions to list in output templates (default 5)
|
||||
|
|
|
@ -30,16 +30,12 @@ authelia-gen locales [flags]
|
|||
|
||||
```
|
||||
-C, --cwd string Sets the CWD for git commands
|
||||
--dir.authentication string The authentication directory in relation to the root (default "internal/authentication")
|
||||
--dir.docs string The directory with the docs (default "docs")
|
||||
--dir.docs.cli-reference string The directory to store the markdown in (default "en/reference/cli")
|
||||
--dir.docs.content string The directory with the docs content (default "content")
|
||||
--dir.docs.data string The directory with the docs data (default "data")
|
||||
--dir.docs.static string The directory with the docs static files (default "static")
|
||||
--dir.docs.static.json-schemas string The directory with the docs static JSONSchema files (default "schemas")
|
||||
--dir.locales string The locales directory in relation to the root (default "internal/server/locales")
|
||||
-d, --dir.root string The repository root (default "./")
|
||||
--dir.schema string The schema directory in relation to the root (default "internal/configuration/schema")
|
||||
--dir.web string The repository web directory in relation to the root directory (default "web")
|
||||
-X, --exclude strings Sets the names of excluded generators
|
||||
--file.bug-report string Sets the path of the bug report issue template file (default ".github/ISSUE_TEMPLATE/bug-report.yml")
|
||||
|
@ -49,15 +45,11 @@ authelia-gen locales [flags]
|
|||
--file.docs.data.keys string Sets the path of the docs keys file (default "configkeys.json")
|
||||
--file.docs.data.languages string The languages docs data file in relation to the docs data folder (default "languages.json")
|
||||
--file.docs.data.misc string The misc docs data file in relation to the docs data folder (default "misc.json")
|
||||
--file.docs.static.json-schemas.configuration string Sets the path of the configuration JSONSchema (default "configuration.json")
|
||||
--file.docs.static.json-schemas.user-database string Sets the path of the user database JSONSchema (default "user-database.json")
|
||||
--file.feature-request string Sets the path of the feature request issue template file (default ".github/ISSUE_TEMPLATE/feature-request.yml")
|
||||
--file.scripts.gen string Sets the path of the authelia-scripts gen file (default "cmd/authelia-scripts/cmd/gen.go")
|
||||
--file.server.generated string Sets the path of the server generated file (default "internal/server/gen.go")
|
||||
--file.web.i18n string The i18n typescript configuration file in relation to the web directory (default "src/i18n/index.ts")
|
||||
--file.web.package string The node package configuration file in relation to the web directory (default "package.json")
|
||||
--latest Enables latest functionality with several generators like the JSON Schema generator
|
||||
--next Enables next functionality with several generators like the JSON Schema generator
|
||||
--package.configuration.keys string Sets the package name of the keys file (default "schema")
|
||||
--package.scripts.gen string Sets the package name of the authelia-scripts gen file (default "cmd")
|
||||
--versions int the maximum number of minor versions to list in output templates (default 5)
|
||||
|
|
File diff suppressed because one or more lines are too long
File diff suppressed because it is too large
Load Diff
|
@ -1,71 +0,0 @@
|
|||
{
|
||||
"$schema": "https://json-schema.org/draft/2020-12/schema",
|
||||
"$id": "https://schemas.authelia.com/v4.38/json-schema/user-database.json",
|
||||
"$ref": "#/$defs/FileUserDatabase",
|
||||
"$defs": {
|
||||
"FileUserDatabase": {
|
||||
"properties": {
|
||||
"users": {
|
||||
"patternProperties": {
|
||||
".*": {
|
||||
"$ref": "#/$defs/FileUserDatabaseUserDetails"
|
||||
}
|
||||
},
|
||||
"type": "object",
|
||||
"title": "Users",
|
||||
"description": "The dictionary of users"
|
||||
}
|
||||
},
|
||||
"additionalProperties": false,
|
||||
"type": "object",
|
||||
"required": [
|
||||
"users"
|
||||
],
|
||||
"description": "FileUserDatabase is a user details database that is concurrency safe database and can be reloaded."
|
||||
},
|
||||
"FileUserDatabaseUserDetails": {
|
||||
"properties": {
|
||||
"password": {
|
||||
"$ref": "#/$defs/PasswordDigest",
|
||||
"title": "Password",
|
||||
"description": "The hashed password for the user"
|
||||
},
|
||||
"displayname": {
|
||||
"type": "string",
|
||||
"title": "Display Name",
|
||||
"description": "The display name for the user"
|
||||
},
|
||||
"email": {
|
||||
"type": "string",
|
||||
"title": "Email",
|
||||
"description": "The email for the user"
|
||||
},
|
||||
"groups": {
|
||||
"items": {
|
||||
"type": "string"
|
||||
},
|
||||
"type": "array",
|
||||
"title": "Groups",
|
||||
"description": "The groups list for the user"
|
||||
},
|
||||
"disabled": {
|
||||
"type": "boolean",
|
||||
"title": "Disabled",
|
||||
"description": "The disabled status for the user",
|
||||
"default": false
|
||||
}
|
||||
},
|
||||
"additionalProperties": false,
|
||||
"type": "object",
|
||||
"required": [
|
||||
"password",
|
||||
"displayname"
|
||||
],
|
||||
"description": "FileUserDatabaseUserDetails is the model of user details in the file database."
|
||||
},
|
||||
"PasswordDigest": {
|
||||
"type": "string",
|
||||
"pattern": "^\\$((argon2(id|i|d)\\$v=19\\$m=\\d+,t=\\d+,p=\\d+|scrypt\\$ln=\\d+,r=\\d+,p=\\d+)\\$[a-zA-Z0-9\\/+]+\\$[a-zA-Z0-9\\/+]+|pbkdf2(-sha(224|256|384|512))?\\$\\d+\\$[a-zA-Z0-9\\/.]+\\$[a-zA-Z0-9\\/.]+|bcrypt-sha256\\$v=2,t=2b,r=\\d+\\$[a-zA-Z0-9\\/.]+\\$[a-zA-Z0-9\\/.]+|2(a|b|y)?\\$\\d+\\$[a-zA-Z0-9.\\/]+|(5|6)\\$rounds=\\d+\\$[a-zA-Z0-9.\\/]+\\$[a-zA-Z0-9.\\/]+|plaintext\\$.+|base64\\$[a-zA-Z0-9.=\\/]+)$"
|
||||
}
|
||||
}
|
||||
}
|
File diff suppressed because it is too large
Load Diff
|
@ -1,71 +0,0 @@
|
|||
{
|
||||
"$schema": "https://json-schema.org/draft/2020-12/schema",
|
||||
"$id": "https://schemas.authelia.com/v4.38/json-schema/user-database.json",
|
||||
"$ref": "#/$defs/FileUserDatabase",
|
||||
"$defs": {
|
||||
"FileUserDatabase": {
|
||||
"properties": {
|
||||
"users": {
|
||||
"patternProperties": {
|
||||
".*": {
|
||||
"$ref": "#/$defs/FileUserDatabaseUserDetails"
|
||||
}
|
||||
},
|
||||
"type": "object",
|
||||
"title": "Users",
|
||||
"description": "The dictionary of users"
|
||||
}
|
||||
},
|
||||
"additionalProperties": false,
|
||||
"type": "object",
|
||||
"required": [
|
||||
"users"
|
||||
],
|
||||
"description": "FileUserDatabase is a user details database that is concurrency safe database and can be reloaded."
|
||||
},
|
||||
"FileUserDatabaseUserDetails": {
|
||||
"properties": {
|
||||
"password": {
|
||||
"$ref": "#/$defs/PasswordDigest",
|
||||
"title": "Password",
|
||||
"description": "The hashed password for the user"
|
||||
},
|
||||
"displayname": {
|
||||
"type": "string",
|
||||
"title": "Display Name",
|
||||
"description": "The display name for the user"
|
||||
},
|
||||
"email": {
|
||||
"type": "string",
|
||||
"title": "Email",
|
||||
"description": "The email for the user"
|
||||
},
|
||||
"groups": {
|
||||
"items": {
|
||||
"type": "string"
|
||||
},
|
||||
"type": "array",
|
||||
"title": "Groups",
|
||||
"description": "The groups list for the user"
|
||||
},
|
||||
"disabled": {
|
||||
"type": "boolean",
|
||||
"title": "Disabled",
|
||||
"description": "The disabled status for the user",
|
||||
"default": false
|
||||
}
|
||||
},
|
||||
"additionalProperties": false,
|
||||
"type": "object",
|
||||
"required": [
|
||||
"password",
|
||||
"displayname"
|
||||
],
|
||||
"description": "FileUserDatabaseUserDetails is the model of user details in the file database."
|
||||
},
|
||||
"PasswordDigest": {
|
||||
"type": "string",
|
||||
"pattern": "^\\$((argon2(id|i|d)\\$v=19\\$m=\\d+,t=\\d+,p=\\d+|scrypt\\$ln=\\d+,r=\\d+,p=\\d+)\\$[a-zA-Z0-9\\/+]+\\$[a-zA-Z0-9\\/+]+|pbkdf2(-sha(224|256|384|512))?\\$\\d+\\$[a-zA-Z0-9\\/.]+\\$[a-zA-Z0-9\\/.]+|bcrypt-sha256\\$v=2,t=2b,r=\\d+\\$[a-zA-Z0-9\\/.]+\\$[a-zA-Z0-9\\/.]+|2(a|b|y)?\\$\\d+\\$[a-zA-Z0-9.\\/]+|(5|6)\\$rounds=\\d+\\$[a-zA-Z0-9.\\/]+\\$[a-zA-Z0-9.\\/]+|plaintext\\$.+|base64\\$[a-zA-Z0-9.=\\/]+)$"
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1,144 @@
|
|||
syntax = "proto3";
|
||||
|
||||
package envoy.service.auth.v3;
|
||||
|
||||
import "envoy/config/core/v3/base.proto";
|
||||
import "envoy/service/auth/v3/attribute_context.proto";
|
||||
import "envoy/type/v3/http_status.proto";
|
||||
|
||||
import "google/protobuf/struct.proto";
|
||||
import "google/rpc/status.proto";
|
||||
|
||||
import "envoy/annotations/deprecation.proto";
|
||||
import "udpa/annotations/status.proto";
|
||||
import "udpa/annotations/versioning.proto";
|
||||
|
||||
option java_package = "io.envoyproxy.envoy.service.auth.v3";
|
||||
option java_outer_classname = "ExternalAuthProto";
|
||||
option java_multiple_files = true;
|
||||
option go_package = "github.com/envoyproxy/go-control-plane/envoy/service/auth/v3;authv3";
|
||||
option (udpa.annotations.file_status).package_version_status = ACTIVE;
|
||||
|
||||
// [#protodoc-title: Authorization service]
|
||||
|
||||
// The authorization service request messages used by external authorization :ref:`network filter
|
||||
// <config_network_filters_ext_authz>` and :ref:`HTTP filter <config_http_filters_ext_authz>`.
|
||||
|
||||
// A generic interface for performing authorization check on incoming
|
||||
// requests to a networked service.
|
||||
service Authorization {
|
||||
// Performs authorization check based on the attributes associated with the
|
||||
// incoming request, and returns status `OK` or not `OK`.
|
||||
rpc Check(CheckRequest) returns (CheckResponse) {
|
||||
}
|
||||
}
|
||||
|
||||
message CheckRequest {
|
||||
option (udpa.annotations.versioning).previous_message_type = "envoy.service.auth.v2.CheckRequest";
|
||||
|
||||
// The request attributes.
|
||||
AttributeContext attributes = 1;
|
||||
}
|
||||
|
||||
// HTTP attributes for a denied response.
|
||||
message DeniedHttpResponse {
|
||||
option (udpa.annotations.versioning).previous_message_type =
|
||||
"envoy.service.auth.v2.DeniedHttpResponse";
|
||||
|
||||
// This field allows the authorization service to send an HTTP response status code to the
|
||||
// downstream client. If not set, Envoy sends ``403 Forbidden`` HTTP status code by default.
|
||||
type.v3.HttpStatus status = 1;
|
||||
|
||||
// This field allows the authorization service to send HTTP response headers
|
||||
// to the downstream client. Note that the :ref:`append field in HeaderValueOption <envoy_v3_api_field_config.core.v3.HeaderValueOption.append>` defaults to
|
||||
// false when used in this message.
|
||||
repeated config.core.v3.HeaderValueOption headers = 2;
|
||||
|
||||
// This field allows the authorization service to send a response body data
|
||||
// to the downstream client.
|
||||
string body = 3;
|
||||
}
|
||||
|
||||
// HTTP attributes for an OK response.
|
||||
// [#next-free-field: 9]
|
||||
message OkHttpResponse {
|
||||
option (udpa.annotations.versioning).previous_message_type =
|
||||
"envoy.service.auth.v2.OkHttpResponse";
|
||||
|
||||
// HTTP entity headers in addition to the original request headers. This allows the authorization
|
||||
// service to append, to add or to override headers from the original request before
|
||||
// dispatching it to the upstream. Note that the :ref:`append field in HeaderValueOption <envoy_v3_api_field_config.core.v3.HeaderValueOption.append>` defaults to
|
||||
// false when used in this message. By setting the ``append`` field to ``true``,
|
||||
// the filter will append the correspondent header value to the matched request header.
|
||||
// By leaving ``append`` as false, the filter will either add a new header, or override an existing
|
||||
// one if there is a match.
|
||||
repeated config.core.v3.HeaderValueOption headers = 2;
|
||||
|
||||
// HTTP entity headers to remove from the original request before dispatching
|
||||
// it to the upstream. This allows the authorization service to act on auth
|
||||
// related headers (like ``Authorization``), process them, and consume them.
|
||||
// Under this model, the upstream will either receive the request (if it's
|
||||
// authorized) or not receive it (if it's not), but will not see headers
|
||||
// containing authorization credentials.
|
||||
//
|
||||
// Pseudo headers (such as ``:authority``, ``:method``, ``:path`` etc), as well as
|
||||
// the header ``Host``, may not be removed as that would make the request
|
||||
// malformed. If mentioned in ``headers_to_remove`` these special headers will
|
||||
// be ignored.
|
||||
//
|
||||
// When using the HTTP service this must instead be set by the HTTP
|
||||
// authorization service as a comma separated list like so:
|
||||
// ``x-envoy-auth-headers-to-remove: one-auth-header, another-auth-header``.
|
||||
repeated string headers_to_remove = 5;
|
||||
|
||||
// This field has been deprecated in favor of :ref:`CheckResponse.dynamic_metadata
|
||||
// <envoy_v3_api_field_service.auth.v3.CheckResponse.dynamic_metadata>`. Until it is removed,
|
||||
// setting this field overrides :ref:`CheckResponse.dynamic_metadata
|
||||
// <envoy_v3_api_field_service.auth.v3.CheckResponse.dynamic_metadata>`.
|
||||
google.protobuf.Struct dynamic_metadata = 3
|
||||
[deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"];
|
||||
|
||||
// This field allows the authorization service to send HTTP response headers
|
||||
// to the downstream client on success. Note that the :ref:`append field in HeaderValueOption <envoy_v3_api_field_config.core.v3.HeaderValueOption.append>`
|
||||
// defaults to false when used in this message.
|
||||
repeated config.core.v3.HeaderValueOption response_headers_to_add = 6;
|
||||
|
||||
// This field allows the authorization service to set (and overwrite) query
|
||||
// string parameters on the original request before it is sent upstream.
|
||||
repeated config.core.v3.QueryParameter query_parameters_to_set = 7;
|
||||
|
||||
// This field allows the authorization service to specify which query parameters
|
||||
// should be removed from the original request before it is sent upstream. Each
|
||||
// element in this list is a case-sensitive query parameter name to be removed.
|
||||
repeated string query_parameters_to_remove = 8;
|
||||
}
|
||||
|
||||
// Intended for gRPC and Network Authorization servers ``only``.
|
||||
message CheckResponse {
|
||||
option (udpa.annotations.versioning).previous_message_type =
|
||||
"envoy.service.auth.v2.CheckResponse";
|
||||
|
||||
// Status ``OK`` allows the request. Any other status indicates the request should be denied, and
|
||||
// for HTTP filter, if not overridden by :ref:`denied HTTP response status <envoy_v3_api_field_service.auth.v3.DeniedHttpResponse.status>`
|
||||
// Envoy sends ``403 Forbidden`` HTTP status code by default.
|
||||
google.rpc.Status status = 1;
|
||||
|
||||
// An message that contains HTTP response attributes. This message is
|
||||
// used when the authorization service needs to send custom responses to the
|
||||
// downstream client or, to modify/add request headers being dispatched to the upstream.
|
||||
oneof http_response {
|
||||
// Supplies http attributes for a denied response.
|
||||
DeniedHttpResponse denied_response = 2;
|
||||
|
||||
// Supplies http attributes for an ok response.
|
||||
OkHttpResponse ok_response = 3;
|
||||
}
|
||||
|
||||
// Optional response metadata that will be emitted as dynamic metadata to be consumed by the next
|
||||
// filter. This metadata lives in a namespace specified by the canonical name of extension filter
|
||||
// that requires it:
|
||||
//
|
||||
// - :ref:`envoy.filters.http.ext_authz <config_http_filters_ext_authz_dynamic_metadata>` for HTTP filter.
|
||||
// - :ref:`envoy.filters.network.ext_authz <config_network_filters_ext_authz_dynamic_metadata>` for network filter.
|
||||
google.protobuf.Struct dynamic_metadata = 4;
|
||||
}
|
|
@ -45,7 +45,7 @@ services:
|
|||
- TZ=Australia/Melbourne
|
||||
|
||||
traefik:
|
||||
image: traefik:v2.10.1
|
||||
image: traefik:v2.10.3
|
||||
container_name: traefik
|
||||
volumes:
|
||||
- ./traefik:/etc/traefik
|
||||
|
|
|
@ -32,7 +32,7 @@ services:
|
|||
- TZ=Australia/Melbourne
|
||||
|
||||
traefik:
|
||||
image: traefik:v2.10.1
|
||||
image: traefik:v2.10.3
|
||||
container_name: traefik
|
||||
volumes:
|
||||
- ./traefik:/etc/traefik
|
||||
|
|
28
go.mod
28
go.mod
|
@ -5,7 +5,6 @@ go 1.20
|
|||
require (
|
||||
github.com/Gurpartap/logrus-stack v0.0.0-20170710170904-89c00d8a28f4
|
||||
github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d
|
||||
github.com/authelia/jsonschema v0.1.4
|
||||
github.com/deckarep/golang-set/v2 v2.3.0
|
||||
github.com/duosecurity/duo_api_golang v0.0.0-20230418202038-096d3306c029
|
||||
github.com/fasthttp/router v1.4.19
|
||||
|
@ -21,7 +20,7 @@ require (
|
|||
github.com/golang/mock v1.6.0
|
||||
github.com/google/uuid v1.3.0
|
||||
github.com/hashicorp/go-retryablehttp v0.7.4
|
||||
github.com/jackc/pgx/v5 v5.4.0
|
||||
github.com/jackc/pgx/v5 v5.4.1
|
||||
github.com/jmoiron/sqlx v1.3.5
|
||||
github.com/knadh/koanf/parsers/yaml v0.1.0
|
||||
github.com/knadh/koanf/providers/confmap v0.1.0
|
||||
|
@ -34,8 +33,8 @@ require (
|
|||
github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826
|
||||
github.com/ory/fosite v0.44.0
|
||||
github.com/ory/herodot v0.10.2
|
||||
github.com/ory/x v0.0.561
|
||||
github.com/otiai10/copy v1.11.0
|
||||
github.com/ory/x v0.0.563
|
||||
github.com/otiai10/copy v1.12.0
|
||||
github.com/pkg/errors v0.9.1
|
||||
github.com/pquerna/otp v1.4.0
|
||||
github.com/prometheus/client_golang v1.16.0
|
||||
|
@ -44,7 +43,7 @@ require (
|
|||
github.com/spf13/pflag v1.0.5
|
||||
github.com/stretchr/testify v1.8.4
|
||||
github.com/trustelem/zxcvbn v1.0.1
|
||||
github.com/valyala/fasthttp v1.47.0
|
||||
github.com/valyala/fasthttp v1.48.0
|
||||
github.com/wneessen/go-mail v0.3.9
|
||||
golang.org/x/net v0.11.0
|
||||
golang.org/x/sync v0.3.0
|
||||
|
@ -60,6 +59,7 @@ require (
|
|||
github.com/beorn7/perks v1.0.1 // indirect
|
||||
github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc // indirect
|
||||
github.com/cespare/xxhash/v2 v2.2.0 // indirect
|
||||
github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4 // indirect
|
||||
github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
|
||||
github.com/cristalhq/jwt/v4 v4.0.2 // indirect
|
||||
github.com/dave/jennifer v1.6.0 // indirect
|
||||
|
@ -69,18 +69,21 @@ require (
|
|||
github.com/dlclark/regexp2 v1.4.0 // indirect
|
||||
github.com/dustin/go-humanize v1.0.0 // indirect
|
||||
github.com/ecordell/optgen v0.0.6 // indirect
|
||||
github.com/envoyproxy/go-control-plane v0.11.1 // indirect
|
||||
github.com/envoyproxy/protoc-gen-validate v1.0.1 // indirect
|
||||
github.com/facebookgo/stack v0.0.0-20160209184415-751773369052 // indirect
|
||||
github.com/fxamacker/cbor/v2 v2.4.0 // indirect
|
||||
github.com/go-crypt/x v0.2.1 // indirect
|
||||
github.com/go-redis/redis/v8 v8.11.5 // indirect
|
||||
github.com/go-webauthn/revoke v0.1.9 // indirect
|
||||
github.com/golang/glog v1.0.0 // indirect
|
||||
github.com/gogo/googleapis v1.4.1 // indirect
|
||||
github.com/gogo/protobuf v1.3.2 // indirect
|
||||
github.com/golang/glog v1.1.0 // indirect
|
||||
github.com/golang/protobuf v1.5.3 // indirect
|
||||
github.com/google/go-tpm v0.3.3 // indirect
|
||||
github.com/gorilla/websocket v1.5.0 // indirect
|
||||
github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
|
||||
github.com/hashicorp/hcl v1.0.0 // indirect
|
||||
github.com/iancoleman/orderedmap v0.2.0 // indirect
|
||||
github.com/inconshreveable/mousetrap v1.1.0 // indirect
|
||||
github.com/jackc/pgpassfile v1.0.0 // indirect
|
||||
github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a // indirect
|
||||
|
@ -99,7 +102,7 @@ require (
|
|||
github.com/pelletier/go-toml/v2 v2.0.6 // indirect
|
||||
github.com/philhofer/fwd v1.1.2 // indirect
|
||||
github.com/pmezard/go-difflib v1.0.0 // indirect
|
||||
github.com/prometheus/client_model v0.3.0 // indirect
|
||||
github.com/prometheus/client_model v0.4.0 // indirect
|
||||
github.com/prometheus/common v0.42.0 // indirect
|
||||
github.com/prometheus/procfs v0.10.1 // indirect
|
||||
github.com/redis/go-redis/v9 v9.0.4 // indirect
|
||||
|
@ -121,12 +124,13 @@ require (
|
|||
github.com/ysmood/leakless v0.8.0 // indirect
|
||||
golang.org/x/crypto v0.10.0 // indirect
|
||||
golang.org/x/mod v0.10.0 // indirect
|
||||
golang.org/x/oauth2 v0.5.0 // indirect
|
||||
golang.org/x/oauth2 v0.7.0 // indirect
|
||||
golang.org/x/sys v0.9.0 // indirect
|
||||
golang.org/x/tools v0.7.0 // indirect
|
||||
golang.org/x/tools v0.8.0 // indirect
|
||||
google.golang.org/appengine v1.6.7 // indirect
|
||||
google.golang.org/genproto v0.0.0-20230403163135-c38d8f061ccd // indirect
|
||||
google.golang.org/grpc v1.54.0 // indirect
|
||||
google.golang.org/genproto v0.0.0-20230526203410-71b5a4ffd15e // indirect
|
||||
google.golang.org/genproto/googleapis/rpc v0.0.0-20230526203410-71b5a4ffd15e // indirect
|
||||
google.golang.org/grpc v1.56.0 // indirect
|
||||
google.golang.org/protobuf v1.30.0 // indirect
|
||||
gopkg.in/ini.v1 v1.67.0 // indirect
|
||||
gopkg.in/yaml.v2 v2.4.0 // indirect
|
||||
|
|
56
go.sum
56
go.sum
|
@ -52,14 +52,6 @@ github.com/andybalholm/brotli v1.0.5/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHG
|
|||
github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
|
||||
github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ=
|
||||
github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
|
||||
github.com/authelia/jsonschema v0.1.1 h1:gxCH8wbKYky29y7uSDe4CF17J1wcJTdVi4EQACmj3D4=
|
||||
github.com/authelia/jsonschema v0.1.1/go.mod h1:v8XIVOs8fPffQr+9HPT2HJxlvD/Miwyss4petlzUOxk=
|
||||
github.com/authelia/jsonschema v0.1.2 h1:Mf6PoYj+nvYoAaaCaQIPcqEPli4a4GaDAzA6Gw/bqac=
|
||||
github.com/authelia/jsonschema v0.1.2/go.mod h1:v8XIVOs8fPffQr+9HPT2HJxlvD/Miwyss4petlzUOxk=
|
||||
github.com/authelia/jsonschema v0.1.3 h1:O4xzeGm81zs7/5oW6p4k12INxUFDpHRd89thIcLirqQ=
|
||||
github.com/authelia/jsonschema v0.1.3/go.mod h1:v8XIVOs8fPffQr+9HPT2HJxlvD/Miwyss4petlzUOxk=
|
||||
github.com/authelia/jsonschema v0.1.4 h1:aSqM2lbZ0yUSRXy+tKe1RsLF1q56aclxSe/TG9y3zk0=
|
||||
github.com/authelia/jsonschema v0.1.4/go.mod h1:v8XIVOs8fPffQr+9HPT2HJxlvD/Miwyss4petlzUOxk=
|
||||
github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
|
||||
github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
|
||||
github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
|
||||
|
@ -80,6 +72,8 @@ github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDk
|
|||
github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
|
||||
github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
|
||||
github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
|
||||
github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4 h1:/inchEIKaYC1Akx+H+gqO04wryn5h75LSazbRlnya1k=
|
||||
github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
|
||||
github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
|
||||
github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
|
||||
github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk=
|
||||
|
@ -121,7 +115,11 @@ github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.m
|
|||
github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
|
||||
github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po=
|
||||
github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
|
||||
github.com/envoyproxy/go-control-plane v0.11.1 h1:wSUXTlLfiAQRWs2F+p+EKOY9rUyis1MyGqJ2DIk5HpM=
|
||||
github.com/envoyproxy/go-control-plane v0.11.1/go.mod h1:uhMcXKCQMEJHiAb0w+YGefQLaTEw+YhGluxZkrTmD0g=
|
||||
github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
|
||||
github.com/envoyproxy/protoc-gen-validate v1.0.1 h1:kt9FtLiooDc0vbwTLhdg3dyNX1K9Qwa1EK9LcD4jVUQ=
|
||||
github.com/envoyproxy/protoc-gen-validate v1.0.1/go.mod h1:0vj8bNkYbSTNS2PIyH87KZaeN4x9zpL9Qt8fQC7d+vs=
|
||||
github.com/facebookgo/stack v0.0.0-20160209184415-751773369052 h1:JWuenKqqX8nojtoVVWjGfOF9635RETekkoH6Cc9SX0A=
|
||||
github.com/facebookgo/stack v0.0.0-20160209184415-751773369052/go.mod h1:UbMTZqLaRiH3MsBH8va0n7s1pQYcu3uTb8G4tygF4Zg=
|
||||
github.com/fasthttp/router v1.4.19 h1:RLE539IU/S4kfb4MP56zgP0TIBU9kEg0ID9GpWO0vqk=
|
||||
|
@ -162,13 +160,19 @@ github.com/go-webauthn/revoke v0.1.9 h1:gSJ1ckA9VaKA2GN4Ukp+kiGTk1/EXtaDb1YE8Rkn
|
|||
github.com/go-webauthn/revoke v0.1.9/go.mod h1:j6WKPnv0HovtEs++paan9g3ar46gm1NarktkXBaPR+w=
|
||||
github.com/go-webauthn/webauthn v0.5.0 h1:Tbmp37AGIhYbQmcy2hEffo3U3cgPClqvxJ7cLUnF7Rc=
|
||||
github.com/go-webauthn/webauthn v0.5.0/go.mod h1:0CBq/jNfPS9l033j4AxMk8K8MluiMsde9uGNSPFLEVE=
|
||||
github.com/gogo/googleapis v1.4.1 h1:1Yx4Myt7BxzvUr5ldGSbwYiZG6t9wGBZ+8/fX3Wvtq0=
|
||||
github.com/gogo/googleapis v1.4.1/go.mod h1:2lpHqI5OcWCtVElxXnPt+s8oJvMpySlOyM6xDCrzib4=
|
||||
github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
|
||||
github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4=
|
||||
github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
|
||||
github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
|
||||
github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg=
|
||||
github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
|
||||
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
|
||||
github.com/golang/glog v1.0.0 h1:nfP3RFugxnNRyKgeWd4oI1nYvXpxrx8ck8ZrcizshdQ=
|
||||
github.com/golang/glog v1.0.0/go.mod h1:EWib/APOK0SL3dFbYqvxE3UYd8E6s1ouQ7iEp/0LWV4=
|
||||
github.com/golang/glog v1.1.0 h1:/d3pCKDPWNnvIWe0vVUpNP32qc8U3PDVxySP/y360qE=
|
||||
github.com/golang/glog v1.1.0/go.mod h1:pfYeQZ3JWZoXTV5sFc986z3HTpwQs9At6P4ImfuP3NQ=
|
||||
github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
|
||||
github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
|
||||
github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
|
||||
|
@ -255,8 +259,6 @@ github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ
|
|||
github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
|
||||
github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
|
||||
github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
|
||||
github.com/iancoleman/orderedmap v0.2.0 h1:sq1N/TFpYH++aViPcaKjys3bDClUEU7s5B+z6jq8pNA=
|
||||
github.com/iancoleman/orderedmap v0.2.0/go.mod h1:N0Wam8K1arqPXNWjMo21EXnBPOPp36vB07FNRdD2geA=
|
||||
github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
|
||||
github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
|
||||
github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
|
||||
|
@ -266,8 +268,8 @@ github.com/jackc/pgpassfile v1.0.0 h1:/6Hmqy13Ss2zCq62VdNG8tM1wchn8zjSGOBJ6icpsI
|
|||
github.com/jackc/pgpassfile v1.0.0/go.mod h1:CEx0iS5ambNFdcRtxPj5JhEz+xB6uRky5eyVu/W2HEg=
|
||||
github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a h1:bbPeKD0xmW/Y25WS6cokEszi5g+S0QxI/d45PkRi7Nk=
|
||||
github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a/go.mod h1:5TJZWKEWniPve33vlWYSoGYefn3gLQRzjfDlhSJ9ZKM=
|
||||
github.com/jackc/pgx/v5 v5.4.0 h1:BSr+GCm4N6QcgIwv0DyTFHK9ugfEFF9DzSbbzxOiXU0=
|
||||
github.com/jackc/pgx/v5 v5.4.0/go.mod h1:q6iHT8uDNXWiFNOlRqJzBTaSH3+2xCXkokxHZC5qWFY=
|
||||
github.com/jackc/pgx/v5 v5.4.1 h1:oKfB/FhuVtit1bBM3zNRRsZ925ZkMN3HXL+LgLUM9lE=
|
||||
github.com/jackc/pgx/v5 v5.4.1/go.mod h1:q6iHT8uDNXWiFNOlRqJzBTaSH3+2xCXkokxHZC5qWFY=
|
||||
github.com/jandelgado/gcov2lcov v1.0.5 h1:rkBt40h0CVK4oCb8Dps950gvfd1rYvQ8+cWa346lVU0=
|
||||
github.com/jandelgado/gcov2lcov v1.0.5/go.mod h1:NnSxK6TMlg1oGDBfGelGbjgorT5/L3cchlbtgFYZSss=
|
||||
github.com/jmoiron/sqlx v1.3.5 h1:vFFPA71p1o5gAeqtEAwLU4dnX2napprKtHr7PYIcN3g=
|
||||
|
@ -277,6 +279,7 @@ github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1
|
|||
github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
|
||||
github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
|
||||
github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q=
|
||||
github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
|
||||
github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
|
||||
github.com/klauspost/compress v1.16.5 h1:IFV2oUNUzZaz+XyusxpLzpzS8Pt5rh0Z16For/djlyI=
|
||||
github.com/klauspost/compress v1.16.5/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE=
|
||||
|
@ -341,10 +344,10 @@ github.com/ory/go-convenience v0.1.0 h1:zouLKfF2GoSGnJwGq+PE/nJAE6dj2Zj5QlTgmMTs
|
|||
github.com/ory/go-convenience v0.1.0/go.mod h1:uEY/a60PL5c12nYz4V5cHY03IBmwIAEm8TWB0yn9KNs=
|
||||
github.com/ory/herodot v0.10.2 h1:gGvNMHgAwWzdP/eo+roSiT5CGssygHSjDU7MSQNlJ4E=
|
||||
github.com/ory/herodot v0.10.2/go.mod h1:MMNmY6MG1uB6fnXYFaHoqdV23DTWctlPsmRCeq/2+wc=
|
||||
github.com/ory/x v0.0.561 h1:SvNDGd6OhvAFl4XiPnYJuLCtR6iLxZJcF1Vzlo1IFTM=
|
||||
github.com/ory/x v0.0.561/go.mod h1:kup4ebSC4SzwU6KPZJ4G60UR3EEsHxJ0apQVflVw5yQ=
|
||||
github.com/otiai10/copy v1.11.0 h1:OKBD80J/mLBrwnzXqGtFCzprFSGioo30JcmR4APsNwc=
|
||||
github.com/otiai10/copy v1.11.0/go.mod h1:rSaLseMUsZFFbsFGc7wCJnnkTAvdc5L6VWxPE4308Ww=
|
||||
github.com/ory/x v0.0.563 h1:T77Bjt6ALMZmUJIsQ5UEkzDBCD+8vxfQlBCU1Y39uDk=
|
||||
github.com/ory/x v0.0.563/go.mod h1:kup4ebSC4SzwU6KPZJ4G60UR3EEsHxJ0apQVflVw5yQ=
|
||||
github.com/otiai10/copy v1.12.0 h1:cLMgSQnXBs1eehF0Wy/FAGsgDTDmAqFR7rQylBb1nDY=
|
||||
github.com/otiai10/copy v1.12.0/go.mod h1:rSaLseMUsZFFbsFGc7wCJnnkTAvdc5L6VWxPE4308Ww=
|
||||
github.com/otiai10/mint v1.5.1 h1:XaPLeE+9vGbuyEHem1JNk3bYc7KKqyI/na0/mLd/Kks=
|
||||
github.com/pborman/uuid v1.2.1 h1:+ZZIw58t/ozdjRaXh/3awHfmWRbzYxJoAdNJxe/3pvw=
|
||||
github.com/pborman/uuid v1.2.1/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k=
|
||||
|
@ -373,6 +376,8 @@ github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:
|
|||
github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
|
||||
github.com/prometheus/client_model v0.3.0 h1:UBgGFHqYdG/TPFD1B1ogZywDqEkwp3fBMvqdiQ7Xew4=
|
||||
github.com/prometheus/client_model v0.3.0/go.mod h1:LDGWKZIo7rky3hgvBe+caln+Dr3dPggB5dvjtD7w9+w=
|
||||
github.com/prometheus/client_model v0.4.0 h1:5lQXD3cAg1OXBf4Wq03gTrXHeaV0TQvGfUooCfx1yqY=
|
||||
github.com/prometheus/client_model v0.4.0/go.mod h1:oMQmHW1/JoDwqLtg57MGgP/Fb1CJEYF2imWWhWtMkYU=
|
||||
github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
|
||||
github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
|
||||
github.com/prometheus/common v0.42.0 h1:EKsfXEYo4JpWMHH5cg+KOUWeuJSov1Id8zGR8eeI1YM=
|
||||
|
@ -446,8 +451,8 @@ github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGr
|
|||
github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0=
|
||||
github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw=
|
||||
github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
|
||||
github.com/valyala/fasthttp v1.47.0 h1:y7moDoxYzMooFpT5aHgNgVOQDrS3qlkfiP9mDtGGK9c=
|
||||
github.com/valyala/fasthttp v1.47.0/go.mod h1:k2zXd82h/7UZc3VOdJ2WaUqt1uZ/XpXAfE9i+HBC3lA=
|
||||
github.com/valyala/fasthttp v1.48.0 h1:oJWvHb9BIZToTQS3MuQ2R3bJZiNSa2KiNdeI8A+79Tc=
|
||||
github.com/valyala/fasthttp v1.48.0/go.mod h1:k2zXd82h/7UZc3VOdJ2WaUqt1uZ/XpXAfE9i+HBC3lA=
|
||||
github.com/wneessen/go-mail v0.3.9 h1:Q4DbCk3htT5DtDWKeMgNXCiHc4bBY/vv/XQPT6XDXzc=
|
||||
github.com/wneessen/go-mail v0.3.9/go.mod h1:zxOlafWCP/r6FEhAaRgH4IC1vg2YXxO0Nar9u0IScZ8=
|
||||
github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
|
||||
|
@ -589,6 +594,10 @@ golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ
|
|||
golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
|
||||
golang.org/x/oauth2 v0.5.0 h1:HuArIo48skDwlrvM3sEdHXElYslAMsf3KwRkkW4MC4s=
|
||||
golang.org/x/oauth2 v0.5.0/go.mod h1:9/XBHVqLaWO3/BRHs5jbpYCnOZVjj5V0ndyaAM7KB4I=
|
||||
golang.org/x/oauth2 v0.6.0 h1:Lh8GPgSKBfWSwFvtuWOfeI3aAAnbXTSutYxJiOJFgIw=
|
||||
golang.org/x/oauth2 v0.6.0/go.mod h1:ycmewcwgD4Rpr3eZJLSB4Kyyljb3qDh40vJ8STE5HKw=
|
||||
golang.org/x/oauth2 v0.7.0 h1:qe6s0zUXlPX80/dITx3440hWZ7GwMwgDDyrSGTPJG/g=
|
||||
golang.org/x/oauth2 v0.7.0/go.mod h1:hPLQkd9LyjfXTiRohC/41GhcFqxisoUQ99sCUOHO9x4=
|
||||
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
|
@ -717,6 +726,7 @@ golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roY
|
|||
golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
|
||||
golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
|
||||
golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
|
||||
golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
|
||||
golang.org/x/tools v0.0.0-20200717024301-6ddee64345a6/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
|
||||
golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
|
||||
golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
|
||||
|
@ -726,6 +736,7 @@ golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4f
|
|||
golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
|
||||
golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
|
||||
golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
|
||||
golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
|
||||
golang.org/x/tools v0.0.0-20210108195828-e2f9c7f1fc8e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
|
||||
golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
|
||||
golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
|
||||
|
@ -734,6 +745,7 @@ golang.org/x/tools v0.4.0/go.mod h1:UE5sM2OK9E/d67R0ANs2xJizIymRP5gJU295PvKXxjQ=
|
|||
golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
|
||||
golang.org/x/tools v0.7.0 h1:W4OVu8VVOaIO0yzWMNdepAulS7YfoS3Zabrm8DOXXU4=
|
||||
golang.org/x/tools v0.7.0/go.mod h1:4pg6aUX35JBAogB10C9AtvVL+qowtN4pT3CGSQex14s=
|
||||
golang.org/x/tools v0.8.0/go.mod h1:JxBZ99ISMI5ViVkT1tr6tdNmXeTrcpVSD3vZ1RsRdN4=
|
||||
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
||||
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
||||
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
||||
|
@ -803,6 +815,10 @@ google.golang.org/genproto v0.0.0-20210108203827-ffc7fda8c3d7/go.mod h1:FWY/as6D
|
|||
google.golang.org/genproto v0.0.0-20210226172003-ab064af71705/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
|
||||
google.golang.org/genproto v0.0.0-20230403163135-c38d8f061ccd h1:sLpv7bNL1AsX3fdnWh9WVh7ejIzXdOc1RRHGeAmeStU=
|
||||
google.golang.org/genproto v0.0.0-20230403163135-c38d8f061ccd/go.mod h1:UUQDJDOlWu4KYeJZffbWgBkS1YFobzKbLVfK69pe0Ak=
|
||||
google.golang.org/genproto v0.0.0-20230526203410-71b5a4ffd15e h1:Ao9GzfUMPH3zjVfzXG5rlWlk+Q8MXWKwWpwVQE1MXfw=
|
||||
google.golang.org/genproto v0.0.0-20230526203410-71b5a4ffd15e/go.mod h1:zqTuNwFlFRsw5zIts5VnzLQxSRqh+CGOTVMlYbY0Eyk=
|
||||
google.golang.org/genproto/googleapis/rpc v0.0.0-20230526203410-71b5a4ffd15e h1:NumxXLPfHSndr3wBBdeKiVHjGVFzi9RX2HwwQke94iY=
|
||||
google.golang.org/genproto/googleapis/rpc v0.0.0-20230526203410-71b5a4ffd15e/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA=
|
||||
google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
|
||||
google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
|
||||
google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
|
||||
|
@ -822,6 +838,10 @@ google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA5
|
|||
google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
|
||||
google.golang.org/grpc v1.54.0 h1:EhTqbhiYeixwWQtAEZAxmV9MGqcjEU2mFx52xCzNyag=
|
||||
google.golang.org/grpc v1.54.0/go.mod h1:PUSEXI6iWghWaB6lXM4knEgpJNu2qUcKfDtNci3EC2g=
|
||||
google.golang.org/grpc v1.55.0 h1:3Oj82/tFSCeUrRTg/5E/7d/W5A1tj6Ky1ABAuZuv5ag=
|
||||
google.golang.org/grpc v1.55.0/go.mod h1:iYEXKGkEBhg1PjZQvoYEVPTDkHo1/bjTnfwTeGONTY8=
|
||||
google.golang.org/grpc v1.56.0 h1:+y7Bs8rtMd07LeXmL3NxcTLn7mUkbKZqEpPhMNkwJEE=
|
||||
google.golang.org/grpc v1.56.0/go.mod h1:I9bI3vqKfayGqPUAwGdOSu7kt6oIJLixfffKrpXqQ9s=
|
||||
google.golang.org/grpc/examples v0.0.0-20210304020650-930c79186c99 h1:qA8rMbz1wQ4DOFfM2ouD29DG9aHWBm6ZOy9BGxiUMmY=
|
||||
google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
|
||||
google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
|
||||
|
|
|
@ -21,20 +21,20 @@ import (
|
|||
|
||||
// FileUserProvider is a provider reading details from a file.
|
||||
type FileUserProvider struct {
|
||||
config *schema.AuthenticationBackendFile
|
||||
config *schema.FileAuthenticationBackend
|
||||
hash algorithm.Hash
|
||||
database FileUserProviderDatabase
|
||||
database FileUserDatabase
|
||||
mutex *sync.Mutex
|
||||
timeoutReload time.Time
|
||||
}
|
||||
|
||||
// NewFileUserProvider creates a new instance of FileUserProvider.
|
||||
func NewFileUserProvider(config *schema.AuthenticationBackendFile) (provider *FileUserProvider) {
|
||||
func NewFileUserProvider(config *schema.FileAuthenticationBackend) (provider *FileUserProvider) {
|
||||
return &FileUserProvider{
|
||||
config: config,
|
||||
mutex: &sync.Mutex{},
|
||||
timeoutReload: time.Now().Add(-1 * time.Second),
|
||||
database: NewFileUserDatabase(config.Path, config.Search.Email, config.Search.CaseInsensitive),
|
||||
database: NewYAMLUserDatabase(config.Path, config.Search.Email, config.Search.CaseInsensitive),
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -66,7 +66,7 @@ func (p *FileUserProvider) Reload() (reloaded bool, err error) {
|
|||
|
||||
// CheckUserPassword checks if provided password matches for the given user.
|
||||
func (p *FileUserProvider) CheckUserPassword(username string, password string) (match bool, err error) {
|
||||
var details FileUserDatabaseUserDetails
|
||||
var details DatabaseUserDetails
|
||||
|
||||
if details, err = p.database.GetUserDetails(username); err != nil {
|
||||
return false, err
|
||||
|
@ -76,12 +76,12 @@ func (p *FileUserProvider) CheckUserPassword(username string, password string) (
|
|||
return false, ErrUserNotFound
|
||||
}
|
||||
|
||||
return details.Password.MatchAdvanced(password)
|
||||
return details.Digest.MatchAdvanced(password)
|
||||
}
|
||||
|
||||
// GetDetails retrieve the groups a user belongs to.
|
||||
func (p *FileUserProvider) GetDetails(username string) (details *UserDetails, err error) {
|
||||
var d FileUserDatabaseUserDetails
|
||||
var d DatabaseUserDetails
|
||||
|
||||
if d, err = p.database.GetUserDetails(username); err != nil {
|
||||
return nil, err
|
||||
|
@ -96,7 +96,7 @@ func (p *FileUserProvider) GetDetails(username string) (details *UserDetails, er
|
|||
|
||||
// UpdatePassword update the password of the given user.
|
||||
func (p *FileUserProvider) UpdatePassword(username string, newPassword string) (err error) {
|
||||
var details FileUserDatabaseUserDetails
|
||||
var details DatabaseUserDetails
|
||||
|
||||
if details, err = p.database.GetUserDetails(username); err != nil {
|
||||
return err
|
||||
|
@ -106,14 +106,10 @@ func (p *FileUserProvider) UpdatePassword(username string, newPassword string) (
|
|||
return ErrUserNotFound
|
||||
}
|
||||
|
||||
var digest algorithm.Digest
|
||||
|
||||
if digest, err = p.hash.Hash(newPassword); err != nil {
|
||||
if details.Digest, err = p.hash.Hash(newPassword); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
details.Password = schema.NewPasswordDigest(digest)
|
||||
|
||||
p.database.SetUserDetails(details.Username, &details)
|
||||
|
||||
p.mutex.Lock()
|
||||
|
@ -142,7 +138,7 @@ func (p *FileUserProvider) StartupCheck() (err error) {
|
|||
}
|
||||
|
||||
if p.database == nil {
|
||||
p.database = NewFileUserDatabase(p.config.Path, p.config.Search.Email, p.config.Search.CaseInsensitive)
|
||||
p.database = NewYAMLUserDatabase(p.config.Path, p.config.Search.Email, p.config.Search.CaseInsensitive)
|
||||
}
|
||||
|
||||
if err = p.database.Load(); err != nil {
|
||||
|
@ -157,7 +153,7 @@ func (p *FileUserProvider) setTimeoutReload(now time.Time) {
|
|||
}
|
||||
|
||||
// NewFileCryptoHashFromConfig returns a crypt.Hash given a valid configuration.
|
||||
func NewFileCryptoHashFromConfig(config schema.AuthenticationBackendFilePassword) (hash algorithm.Hash, err error) {
|
||||
func NewFileCryptoHashFromConfig(config schema.Password) (hash algorithm.Hash, err error) {
|
||||
switch config.Algorithm {
|
||||
case hashArgon2, "":
|
||||
hash, err = argon2.New(
|
||||
|
|
|
@ -10,23 +10,21 @@ import (
|
|||
"github.com/go-crypt/crypt"
|
||||
"github.com/go-crypt/crypt/algorithm"
|
||||
"gopkg.in/yaml.v3"
|
||||
|
||||
"github.com/authelia/authelia/v4/internal/configuration/schema"
|
||||
)
|
||||
|
||||
type FileUserProviderDatabase interface {
|
||||
type FileUserDatabase interface {
|
||||
Save() (err error)
|
||||
Load() (err error)
|
||||
GetUserDetails(username string) (user FileUserDatabaseUserDetails, err error)
|
||||
SetUserDetails(username string, details *FileUserDatabaseUserDetails)
|
||||
GetUserDetails(username string) (user DatabaseUserDetails, err error)
|
||||
SetUserDetails(username string, details *DatabaseUserDetails)
|
||||
}
|
||||
|
||||
// NewFileUserDatabase creates a new FileUserDatabase.
|
||||
func NewFileUserDatabase(filePath string, searchEmail, searchCI bool) (database *FileUserDatabase) {
|
||||
return &FileUserDatabase{
|
||||
// NewYAMLUserDatabase creates a new YAMLUserDatabase.
|
||||
func NewYAMLUserDatabase(filePath string, searchEmail, searchCI bool) (database *YAMLUserDatabase) {
|
||||
return &YAMLUserDatabase{
|
||||
RWMutex: &sync.RWMutex{},
|
||||
Path: filePath,
|
||||
Users: map[string]FileUserDatabaseUserDetails{},
|
||||
Users: map[string]DatabaseUserDetails{},
|
||||
Emails: map[string]string{},
|
||||
Aliases: map[string]string{},
|
||||
SearchEmail: searchEmail,
|
||||
|
@ -34,22 +32,21 @@ func NewFileUserDatabase(filePath string, searchEmail, searchCI bool) (database
|
|||
}
|
||||
}
|
||||
|
||||
// FileUserDatabase is a user details database that is concurrency safe database and can be reloaded.
|
||||
type FileUserDatabase struct {
|
||||
*sync.RWMutex `json:"-"`
|
||||
// YAMLUserDatabase is a user details database that is concurrency safe database and can be reloaded.
|
||||
type YAMLUserDatabase struct {
|
||||
*sync.RWMutex
|
||||
|
||||
Users map[string]FileUserDatabaseUserDetails `json:"users" jsonschema:"required,title=Users" jsonschema_description:"The dictionary of users"`
|
||||
Path string
|
||||
Users map[string]DatabaseUserDetails
|
||||
Emails map[string]string
|
||||
Aliases map[string]string
|
||||
|
||||
Path string `json:"-"`
|
||||
Emails map[string]string `json:"-"`
|
||||
Aliases map[string]string `json:"-"`
|
||||
|
||||
SearchEmail bool `json:"-"`
|
||||
SearchCI bool `json:"-"`
|
||||
SearchEmail bool
|
||||
SearchCI bool
|
||||
}
|
||||
|
||||
// Save the database to disk.
|
||||
func (m *FileUserDatabase) Save() (err error) {
|
||||
func (m *YAMLUserDatabase) Save() (err error) {
|
||||
m.RLock()
|
||||
|
||||
defer m.RUnlock()
|
||||
|
@ -62,8 +59,8 @@ func (m *FileUserDatabase) Save() (err error) {
|
|||
}
|
||||
|
||||
// Load the database from disk.
|
||||
func (m *FileUserDatabase) Load() (err error) {
|
||||
yml := &FileDatabaseModel{Users: map[string]FileDatabaseUserDetailsModel{}}
|
||||
func (m *YAMLUserDatabase) Load() (err error) {
|
||||
yml := &DatabaseModel{Users: map[string]UserDetailsModel{}}
|
||||
|
||||
if err = yml.Read(m.Path); err != nil {
|
||||
return fmt.Errorf("error reading the authentication database: %w", err)
|
||||
|
@ -81,7 +78,7 @@ func (m *FileUserDatabase) Load() (err error) {
|
|||
}
|
||||
|
||||
// LoadAliases performs the loading of alias information from the database.
|
||||
func (m *FileUserDatabase) LoadAliases() (err error) {
|
||||
func (m *YAMLUserDatabase) LoadAliases() (err error) {
|
||||
if m.SearchEmail || m.SearchCI {
|
||||
for k, user := range m.Users {
|
||||
if m.SearchEmail && user.Email != "" {
|
||||
|
@ -101,7 +98,7 @@ func (m *FileUserDatabase) LoadAliases() (err error) {
|
|||
return nil
|
||||
}
|
||||
|
||||
func (m *FileUserDatabase) loadAlias(k string) (err error) {
|
||||
func (m *YAMLUserDatabase) loadAlias(k string) (err error) {
|
||||
u := strings.ToLower(k)
|
||||
|
||||
if u != k {
|
||||
|
@ -123,7 +120,7 @@ func (m *FileUserDatabase) loadAlias(k string) (err error) {
|
|||
return nil
|
||||
}
|
||||
|
||||
func (m *FileUserDatabase) loadAliasEmail(k string, user FileUserDatabaseUserDetails) (err error) {
|
||||
func (m *YAMLUserDatabase) loadAliasEmail(k string, user DatabaseUserDetails) (err error) {
|
||||
e := strings.ToLower(user.Email)
|
||||
|
||||
var duplicates []string
|
||||
|
@ -153,9 +150,9 @@ func (m *FileUserDatabase) loadAliasEmail(k string, user FileUserDatabaseUserDet
|
|||
return nil
|
||||
}
|
||||
|
||||
// GetUserDetails get a FileUserDatabaseUserDetails given a username as a value type where the username must be the users actual
|
||||
// GetUserDetails get a DatabaseUserDetails given a username as a value type where the username must be the users actual
|
||||
// username.
|
||||
func (m *FileUserDatabase) GetUserDetails(username string) (user FileUserDatabaseUserDetails, err error) {
|
||||
func (m *YAMLUserDatabase) GetUserDetails(username string) (user DatabaseUserDetails, err error) {
|
||||
m.RLock()
|
||||
|
||||
defer m.RUnlock()
|
||||
|
@ -181,8 +178,8 @@ func (m *FileUserDatabase) GetUserDetails(username string) (user FileUserDatabas
|
|||
return user, ErrUserNotFound
|
||||
}
|
||||
|
||||
// SetUserDetails sets the FileUserDatabaseUserDetails for a given user.
|
||||
func (m *FileUserDatabase) SetUserDetails(username string, details *FileUserDatabaseUserDetails) {
|
||||
// SetUserDetails sets the DatabaseUserDetails for a given user.
|
||||
func (m *YAMLUserDatabase) SetUserDetails(username string, details *DatabaseUserDetails) {
|
||||
if details == nil {
|
||||
return
|
||||
}
|
||||
|
@ -194,10 +191,10 @@ func (m *FileUserDatabase) SetUserDetails(username string, details *FileUserData
|
|||
m.Unlock()
|
||||
}
|
||||
|
||||
// ToDatabaseModel converts the FileUserDatabase into the FileDatabaseModel for saving.
|
||||
func (m *FileUserDatabase) ToDatabaseModel() (model *FileDatabaseModel) {
|
||||
model = &FileDatabaseModel{
|
||||
Users: map[string]FileDatabaseUserDetailsModel{},
|
||||
// ToDatabaseModel converts the YAMLUserDatabase into the DatabaseModel for saving.
|
||||
func (m *YAMLUserDatabase) ToDatabaseModel() (model *DatabaseModel) {
|
||||
model = &DatabaseModel{
|
||||
Users: map[string]UserDetailsModel{},
|
||||
}
|
||||
|
||||
m.RLock()
|
||||
|
@ -211,18 +208,18 @@ func (m *FileUserDatabase) ToDatabaseModel() (model *FileDatabaseModel) {
|
|||
return model
|
||||
}
|
||||
|
||||
// FileUserDatabaseUserDetails is the model of user details in the file database.
|
||||
type FileUserDatabaseUserDetails struct {
|
||||
Username string `json:"-"`
|
||||
Password *schema.PasswordDigest `json:"password" jsonschema:"required,title=Password" jsonschema_description:"The hashed password for the user"`
|
||||
DisplayName string `json:"displayname" jsonschema:"required,title=Display Name" jsonschema_description:"The display name for the user"`
|
||||
Email string `json:"email" jsonschema:"title=Email" jsonschema_description:"The email for the user"`
|
||||
Groups []string `json:"groups" jsonschema:"title=Groups" jsonschema_description:"The groups list for the user"`
|
||||
Disabled bool `json:"disabled" jsonschema:"default=false,title=Disabled" jsonschema_description:"The disabled status for the user"`
|
||||
// DatabaseUserDetails is the model of user details in the file database.
|
||||
type DatabaseUserDetails struct {
|
||||
Username string
|
||||
Digest algorithm.Digest
|
||||
Disabled bool
|
||||
DisplayName string
|
||||
Email string
|
||||
Groups []string
|
||||
}
|
||||
|
||||
// ToUserDetails converts FileUserDatabaseUserDetails into a *UserDetails given a username.
|
||||
func (m FileUserDatabaseUserDetails) ToUserDetails() (details *UserDetails) {
|
||||
// ToUserDetails converts DatabaseUserDetails into a *UserDetails given a username.
|
||||
func (m DatabaseUserDetails) ToUserDetails() (details *UserDetails) {
|
||||
return &UserDetails{
|
||||
Username: m.Username,
|
||||
DisplayName: m.DisplayName,
|
||||
|
@ -231,26 +228,26 @@ func (m FileUserDatabaseUserDetails) ToUserDetails() (details *UserDetails) {
|
|||
}
|
||||
}
|
||||
|
||||
// ToUserDetailsModel converts FileUserDatabaseUserDetails into a FileDatabaseUserDetailsModel.
|
||||
func (m FileUserDatabaseUserDetails) ToUserDetailsModel() (model FileDatabaseUserDetailsModel) {
|
||||
return FileDatabaseUserDetailsModel{
|
||||
Password: m.Password.Encode(),
|
||||
// ToUserDetailsModel converts DatabaseUserDetails into a UserDetailsModel.
|
||||
func (m DatabaseUserDetails) ToUserDetailsModel() (model UserDetailsModel) {
|
||||
return UserDetailsModel{
|
||||
HashedPassword: m.Digest.Encode(),
|
||||
DisplayName: m.DisplayName,
|
||||
Email: m.Email,
|
||||
Groups: m.Groups,
|
||||
}
|
||||
}
|
||||
|
||||
// FileDatabaseModel is the model of users file database.
|
||||
type FileDatabaseModel struct {
|
||||
Users map[string]FileDatabaseUserDetailsModel `yaml:"users" json:"users" valid:"required" jsonschema:"required,title=Users" jsonschema_description:"The dictionary of users"`
|
||||
// DatabaseModel is the model of users file database.
|
||||
type DatabaseModel struct {
|
||||
Users map[string]UserDetailsModel `yaml:"users" valid:"required"`
|
||||
}
|
||||
|
||||
// ReadToFileUserDatabase reads the FileDatabaseModel into a FileUserDatabase.
|
||||
func (m *FileDatabaseModel) ReadToFileUserDatabase(db *FileUserDatabase) (err error) {
|
||||
users := map[string]FileUserDatabaseUserDetails{}
|
||||
// ReadToFileUserDatabase reads the DatabaseModel into a YAMLUserDatabase.
|
||||
func (m *DatabaseModel) ReadToFileUserDatabase(db *YAMLUserDatabase) (err error) {
|
||||
users := map[string]DatabaseUserDetails{}
|
||||
|
||||
var udm *FileUserDatabaseUserDetails
|
||||
var udm *DatabaseUserDetails
|
||||
|
||||
for user, details := range m.Users {
|
||||
if udm, err = details.ToDatabaseUserDetailsModel(user); err != nil {
|
||||
|
@ -265,8 +262,8 @@ func (m *FileDatabaseModel) ReadToFileUserDatabase(db *FileUserDatabase) (err er
|
|||
return nil
|
||||
}
|
||||
|
||||
// Read a FileDatabaseModel from disk.
|
||||
func (m *FileDatabaseModel) Read(filePath string) (err error) {
|
||||
// Read a DatabaseModel from disk.
|
||||
func (m *DatabaseModel) Read(filePath string) (err error) {
|
||||
var (
|
||||
content []byte
|
||||
ok bool
|
||||
|
@ -295,8 +292,8 @@ func (m *FileDatabaseModel) Read(filePath string) (err error) {
|
|||
return nil
|
||||
}
|
||||
|
||||
// Write a FileDatabaseModel to disk.
|
||||
func (m *FileDatabaseModel) Write(fileName string) (err error) {
|
||||
// Write a DatabaseModel to disk.
|
||||
func (m *DatabaseModel) Write(fileName string) (err error) {
|
||||
var (
|
||||
data []byte
|
||||
)
|
||||
|
@ -308,26 +305,26 @@ func (m *FileDatabaseModel) Write(fileName string) (err error) {
|
|||
return os.WriteFile(fileName, data, fileAuthenticationMode)
|
||||
}
|
||||
|
||||
// FileDatabaseUserDetailsModel is the model of user details in the file database.
|
||||
type FileDatabaseUserDetailsModel struct {
|
||||
Password string `yaml:"password" valid:"required"`
|
||||
// UserDetailsModel is the model of user details in the file database.
|
||||
type UserDetailsModel struct {
|
||||
HashedPassword string `yaml:"password" valid:"required"`
|
||||
DisplayName string `yaml:"displayname" valid:"required"`
|
||||
Email string `yaml:"email"`
|
||||
Groups []string `yaml:"groups"`
|
||||
Disabled bool `yaml:"disabled"`
|
||||
}
|
||||
|
||||
// ToDatabaseUserDetailsModel converts a FileDatabaseUserDetailsModel into a *FileUserDatabaseUserDetails.
|
||||
func (m FileDatabaseUserDetailsModel) ToDatabaseUserDetailsModel(username string) (model *FileUserDatabaseUserDetails, err error) {
|
||||
// ToDatabaseUserDetailsModel converts a UserDetailsModel into a *DatabaseUserDetails.
|
||||
func (m UserDetailsModel) ToDatabaseUserDetailsModel(username string) (model *DatabaseUserDetails, err error) {
|
||||
var d algorithm.Digest
|
||||
|
||||
if d, err = crypt.Decode(m.Password); err != nil {
|
||||
if d, err = crypt.Decode(m.HashedPassword); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return &FileUserDatabaseUserDetails{
|
||||
return &DatabaseUserDetails{
|
||||
Username: username,
|
||||
Password: schema.NewPasswordDigest(d),
|
||||
Digest: d,
|
||||
Disabled: m.Disabled,
|
||||
DisplayName: m.DisplayName,
|
||||
Email: m.Email,
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
// Code generated by MockGen. DO NOT EDIT.
|
||||
// Source: github.com/authelia/authelia/v4/internal/authentication (interfaces: FileUserProviderDatabase)
|
||||
// Source: github.com/authelia/authelia/v4/internal/authentication (interfaces: FileUserDatabase)
|
||||
|
||||
// Package authentication is a generated GoMock package.
|
||||
package authentication
|
||||
|
@ -10,7 +10,7 @@ import (
|
|||
gomock "github.com/golang/mock/gomock"
|
||||
)
|
||||
|
||||
// MockFileUserDatabase is a mock of FileUserProviderDatabase interface.
|
||||
// MockFileUserDatabase is a mock of FileUserDatabase interface.
|
||||
type MockFileUserDatabase struct {
|
||||
ctrl *gomock.Controller
|
||||
recorder *MockFileUserDatabaseMockRecorder
|
||||
|
@ -34,10 +34,10 @@ func (m *MockFileUserDatabase) EXPECT() *MockFileUserDatabaseMockRecorder {
|
|||
}
|
||||
|
||||
// GetUserDetails mocks base method.
|
||||
func (m *MockFileUserDatabase) GetUserDetails(arg0 string) (FileUserDatabaseUserDetails, error) {
|
||||
func (m *MockFileUserDatabase) GetUserDetails(arg0 string) (DatabaseUserDetails, error) {
|
||||
m.ctrl.T.Helper()
|
||||
ret := m.ctrl.Call(m, "GetUserDetails", arg0)
|
||||
ret0, _ := ret[0].(FileUserDatabaseUserDetails)
|
||||
ret0, _ := ret[0].(DatabaseUserDetails)
|
||||
ret1, _ := ret[1].(error)
|
||||
return ret0, ret1
|
||||
}
|
||||
|
@ -77,7 +77,7 @@ func (mr *MockFileUserDatabaseMockRecorder) Save() *gomock.Call {
|
|||
}
|
||||
|
||||
// SetUserDetails mocks base method.
|
||||
func (m *MockFileUserDatabase) SetUserDetails(arg0 string, arg1 *FileUserDatabaseUserDetails) {
|
||||
func (m *MockFileUserDatabase) SetUserDetails(arg0 string, arg1 *DatabaseUserDetails) {
|
||||
m.ctrl.T.Helper()
|
||||
m.ctrl.Call(m, "SetUserDetails", arg0, arg1)
|
||||
}
|
||||
|
|
|
@ -10,7 +10,7 @@ import (
|
|||
)
|
||||
|
||||
func TestDatabaseModel_Read(t *testing.T) {
|
||||
model := &FileDatabaseModel{}
|
||||
model := &DatabaseModel{}
|
||||
|
||||
dir := t.TempDir()
|
||||
|
||||
|
|
|
@ -49,7 +49,7 @@ func TestShouldErrorFailCreateDB(t *testing.T) {
|
|||
|
||||
f := filepath.Join(dir, "x", "users.yml")
|
||||
|
||||
provider := NewFileUserProvider(&schema.AuthenticationBackendFile{Path: f, Password: schema.DefaultPasswordConfig})
|
||||
provider := NewFileUserProvider(&schema.FileAuthenticationBackend{Path: f, Password: schema.DefaultPasswordConfig})
|
||||
|
||||
require.NotNil(t, provider)
|
||||
|
||||
|
@ -70,7 +70,7 @@ func TestShouldErrorBadPasswordConfig(t *testing.T) {
|
|||
|
||||
require.NoError(t, os.WriteFile(f, UserDatabaseContent, 0600))
|
||||
|
||||
provider := NewFileUserProvider(&schema.AuthenticationBackendFile{Path: f})
|
||||
provider := NewFileUserProvider(&schema.FileAuthenticationBackend{Path: f})
|
||||
|
||||
require.NotNil(t, provider)
|
||||
|
||||
|
@ -85,7 +85,7 @@ func TestShouldNotPanicOnNilDB(t *testing.T) {
|
|||
assert.NoError(t, os.WriteFile(f, UserDatabaseContent, 0600))
|
||||
|
||||
provider := &FileUserProvider{
|
||||
config: &schema.AuthenticationBackendFile{Path: f, Password: schema.DefaultPasswordConfig},
|
||||
config: &schema.FileAuthenticationBackend{Path: f, Password: schema.DefaultPasswordConfig},
|
||||
mutex: &sync.Mutex{},
|
||||
timeoutReload: time.Now().Add(-1 * time.Second),
|
||||
}
|
||||
|
@ -130,7 +130,7 @@ func TestShouldReloadDatabase(t *testing.T) {
|
|||
|
||||
provider.config.Path = p
|
||||
|
||||
provider.database = NewFileUserDatabase(p, provider.config.Search.Email, provider.config.Search.CaseInsensitive)
|
||||
provider.database = NewYAMLUserDatabase(p, provider.config.Search.Email, provider.config.Search.CaseInsensitive)
|
||||
},
|
||||
false,
|
||||
"",
|
||||
|
@ -141,7 +141,7 @@ func TestShouldReloadDatabase(t *testing.T) {
|
|||
|
||||
for _, tc := range testCases {
|
||||
t.Run(tc.name, func(t *testing.T) {
|
||||
provider := NewFileUserProvider(&schema.AuthenticationBackendFile{
|
||||
provider := NewFileUserProvider(&schema.FileAuthenticationBackend{
|
||||
Path: path,
|
||||
Password: schema.DefaultPasswordConfig,
|
||||
})
|
||||
|
@ -307,10 +307,10 @@ func TestShouldUpdatePasswordHashingAlgorithmToArgon2id(t *testing.T) {
|
|||
|
||||
assert.NoError(t, provider.StartupCheck())
|
||||
|
||||
db, ok := provider.database.(*FileUserDatabase)
|
||||
db, ok := provider.database.(*YAMLUserDatabase)
|
||||
require.True(t, ok)
|
||||
|
||||
assert.True(t, strings.HasPrefix(db.Users["harry"].Password.Encode(), "$6$"))
|
||||
assert.True(t, strings.HasPrefix(db.Users["harry"].Digest.Encode(), "$6$"))
|
||||
err := provider.UpdatePassword("harry", "newpassword")
|
||||
assert.NoError(t, err)
|
||||
|
||||
|
@ -322,7 +322,7 @@ func TestShouldUpdatePasswordHashingAlgorithmToArgon2id(t *testing.T) {
|
|||
ok, err = provider.CheckUserPassword("harry", "newpassword")
|
||||
assert.NoError(t, err)
|
||||
assert.True(t, ok)
|
||||
assert.True(t, strings.HasPrefix(db.Users["harry"].Password.Encode(), "$argon2id$"))
|
||||
assert.True(t, strings.HasPrefix(db.Users["harry"].Digest.Encode(), "$argon2id$"))
|
||||
})
|
||||
}
|
||||
|
||||
|
@ -337,10 +337,10 @@ func TestShouldUpdatePasswordHashingAlgorithmToSHA512(t *testing.T) {
|
|||
|
||||
assert.NoError(t, provider.StartupCheck())
|
||||
|
||||
db, ok := provider.database.(*FileUserDatabase)
|
||||
db, ok := provider.database.(*YAMLUserDatabase)
|
||||
require.True(t, ok)
|
||||
|
||||
assert.True(t, strings.HasPrefix(db.Users["john"].Password.Encode(), "$argon2id$"))
|
||||
assert.True(t, strings.HasPrefix(db.Users["john"].Digest.Encode(), "$argon2id$"))
|
||||
err := provider.UpdatePassword("john", "newpassword")
|
||||
assert.NoError(t, err)
|
||||
|
||||
|
@ -352,7 +352,7 @@ func TestShouldUpdatePasswordHashingAlgorithmToSHA512(t *testing.T) {
|
|||
ok, err = provider.CheckUserPassword("john", "newpassword")
|
||||
assert.NoError(t, err)
|
||||
assert.True(t, ok)
|
||||
assert.True(t, strings.HasPrefix(db.Users["john"].Password.Encode(), "$6$"))
|
||||
assert.True(t, strings.HasPrefix(db.Users["john"].Digest.Encode(), "$6$"))
|
||||
})
|
||||
}
|
||||
|
||||
|
@ -388,7 +388,7 @@ func TestShouldRaiseWhenLoadingDatabaseWithBadSchemaForFirstTime(t *testing.T) {
|
|||
|
||||
provider := NewFileUserProvider(&config)
|
||||
|
||||
assert.EqualError(t, provider.StartupCheck(), "error reading the authentication database: could not validate the schema: users: non zero value required")
|
||||
assert.EqualError(t, provider.StartupCheck(), "error reading the authentication database: could not validate the schema: Users: non zero value required")
|
||||
})
|
||||
}
|
||||
|
||||
|
@ -586,15 +586,15 @@ func TestShouldAllowLookupCI(t *testing.T) {
|
|||
func TestNewFileCryptoHashFromConfig(t *testing.T) {
|
||||
testCases := []struct {
|
||||
name string
|
||||
have schema.AuthenticationBackendFilePassword
|
||||
have schema.Password
|
||||
expected any
|
||||
err string
|
||||
}{
|
||||
{
|
||||
"ShouldCreatePBKDF2",
|
||||
schema.AuthenticationBackendFilePassword{
|
||||
schema.Password{
|
||||
Algorithm: "pbkdf2",
|
||||
PBKDF2: schema.AuthenticationBackendFilePasswordPBKDF2{
|
||||
PBKDF2: schema.PBKDF2Password{
|
||||
Variant: "sha256",
|
||||
Iterations: 100000,
|
||||
SaltLength: 16,
|
||||
|
@ -605,9 +605,9 @@ func TestNewFileCryptoHashFromConfig(t *testing.T) {
|
|||
},
|
||||
{
|
||||
"ShouldCreateSCrypt",
|
||||
schema.AuthenticationBackendFilePassword{
|
||||
schema.Password{
|
||||
Algorithm: "scrypt",
|
||||
SCrypt: schema.AuthenticationBackendFilePasswordSCrypt{
|
||||
SCrypt: schema.SCryptPassword{
|
||||
Iterations: 12,
|
||||
SaltLength: 16,
|
||||
Parallelism: 1,
|
||||
|
@ -620,9 +620,9 @@ func TestNewFileCryptoHashFromConfig(t *testing.T) {
|
|||
},
|
||||
{
|
||||
"ShouldCreateBCrypt",
|
||||
schema.AuthenticationBackendFilePassword{
|
||||
schema.Password{
|
||||
Algorithm: "bcrypt",
|
||||
BCrypt: schema.AuthenticationBackendFilePasswordBCrypt{
|
||||
BCrypt: schema.BCryptPassword{
|
||||
Variant: "standard",
|
||||
Cost: 12,
|
||||
},
|
||||
|
@ -632,7 +632,7 @@ func TestNewFileCryptoHashFromConfig(t *testing.T) {
|
|||
},
|
||||
{
|
||||
"ShouldFailToCreateSCryptInvalidParameter",
|
||||
schema.AuthenticationBackendFilePassword{
|
||||
schema.Password{
|
||||
Algorithm: "scrypt",
|
||||
},
|
||||
nil,
|
||||
|
@ -640,7 +640,7 @@ func TestNewFileCryptoHashFromConfig(t *testing.T) {
|
|||
},
|
||||
{
|
||||
"ShouldFailUnknown",
|
||||
schema.AuthenticationBackendFilePassword{
|
||||
schema.Password{
|
||||
Algorithm: "unknown",
|
||||
},
|
||||
nil,
|
||||
|
@ -688,7 +688,7 @@ func TestHashError(t *testing.T) {
|
|||
|
||||
func TestDatabaseError(t *testing.T) {
|
||||
WithDatabase(t, UserDatabaseContent, func(path string) {
|
||||
db := NewFileUserDatabase(path, false, false)
|
||||
db := NewYAMLUserDatabase(path, false, false)
|
||||
assert.NoError(t, db.Load())
|
||||
|
||||
config := DefaultFileAuthenticationBackendConfiguration
|
||||
|
@ -717,7 +717,7 @@ func TestDatabaseError(t *testing.T) {
|
|||
}
|
||||
|
||||
var (
|
||||
DefaultFileAuthenticationBackendConfiguration = schema.AuthenticationBackendFile{
|
||||
DefaultFileAuthenticationBackendConfiguration = schema.FileAuthenticationBackend{
|
||||
Path: "",
|
||||
Password: schema.DefaultCIPasswordConfig,
|
||||
}
|
||||
|
|
|
@ -18,7 +18,7 @@ import (
|
|||
|
||||
// LDAPUserProvider is a UserProvider that connects to LDAP servers like ActiveDirectory, OpenLDAP, OpenDJ, FreeIPA, etc.
|
||||
type LDAPUserProvider struct {
|
||||
config schema.AuthenticationBackendLDAP
|
||||
config schema.LDAPAuthenticationBackend
|
||||
tlsConfig *tls.Config
|
||||
dialOpts []ldap.DialOpt
|
||||
log *logrus.Logger
|
||||
|
@ -57,7 +57,7 @@ func NewLDAPUserProvider(config schema.AuthenticationBackend, certPool *x509.Cer
|
|||
}
|
||||
|
||||
// NewLDAPUserProviderWithFactory creates a new instance of LDAPUserProvider with the specified LDAPClientFactory.
|
||||
func NewLDAPUserProviderWithFactory(config schema.AuthenticationBackendLDAP, disableResetPassword bool, certPool *x509.CertPool, factory LDAPClientFactory) (provider *LDAPUserProvider) {
|
||||
func NewLDAPUserProviderWithFactory(config schema.LDAPAuthenticationBackend, disableResetPassword bool, certPool *x509.CertPool, factory LDAPClientFactory) (provider *LDAPUserProvider) {
|
||||
if config.TLS == nil {
|
||||
config.TLS = schema.DefaultLDAPAuthenticationBackendConfigurationImplementationCustom.TLS
|
||||
}
|
||||
|
|
|
@ -17,13 +17,13 @@ import (
|
|||
)
|
||||
|
||||
func TestNewLDAPUserProvider(t *testing.T) {
|
||||
provider := NewLDAPUserProvider(schema.AuthenticationBackend{LDAP: &schema.AuthenticationBackendLDAP{}}, nil)
|
||||
provider := NewLDAPUserProvider(schema.AuthenticationBackend{LDAP: &schema.LDAPAuthenticationBackend{}}, nil)
|
||||
|
||||
assert.NotNil(t, provider)
|
||||
}
|
||||
|
||||
func TestNewLDAPUserProviderWithFactoryWithoutFactory(t *testing.T) {
|
||||
provider := NewLDAPUserProviderWithFactory(schema.AuthenticationBackendLDAP{}, false, nil, nil)
|
||||
provider := NewLDAPUserProviderWithFactory(schema.LDAPAuthenticationBackend{}, false, nil, nil)
|
||||
|
||||
assert.NotNil(t, provider)
|
||||
|
||||
|
@ -38,7 +38,7 @@ func TestShouldCreateRawConnectionWhenSchemeIsLDAP(t *testing.T) {
|
|||
mockClient := NewMockLDAPClient(ctrl)
|
||||
|
||||
provider := NewLDAPUserProviderWithFactory(
|
||||
schema.AuthenticationBackendLDAP{
|
||||
schema.LDAPAuthenticationBackend{
|
||||
Address: testLDAPAddress,
|
||||
User: "cn=admin,dc=example,dc=com",
|
||||
Password: "password",
|
||||
|
@ -70,7 +70,7 @@ func TestShouldCreateTLSConnectionWhenSchemeIsLDAPS(t *testing.T) {
|
|||
mockClient := NewMockLDAPClient(ctrl)
|
||||
|
||||
provider := NewLDAPUserProviderWithFactory(
|
||||
schema.AuthenticationBackendLDAP{
|
||||
schema.LDAPAuthenticationBackend{
|
||||
Address: testLDAPSAddress,
|
||||
User: "cn=admin,dc=example,dc=com",
|
||||
Password: "password",
|
||||
|
@ -120,7 +120,7 @@ func TestEscapeSpecialCharsInGroupsFilter(t *testing.T) {
|
|||
mockFactory := NewMockLDAPClientFactory(ctrl)
|
||||
|
||||
provider := NewLDAPUserProviderWithFactory(
|
||||
schema.AuthenticationBackendLDAP{
|
||||
schema.LDAPAuthenticationBackend{
|
||||
Address: testLDAPSAddress,
|
||||
GroupsFilter: "(|(member={dn})(uid={username})(uid={input}))",
|
||||
},
|
||||
|
@ -150,23 +150,23 @@ func TestResolveGroupsFilter(t *testing.T) {
|
|||
|
||||
testCases := []struct {
|
||||
name string
|
||||
have schema.AuthenticationBackendLDAP
|
||||
have schema.LDAPAuthenticationBackend
|
||||
input string
|
||||
profile ldapUserProfile
|
||||
expected string
|
||||
}{
|
||||
{
|
||||
"ShouldResolveEmptyFilter",
|
||||
schema.AuthenticationBackendLDAP{},
|
||||
schema.LDAPAuthenticationBackend{},
|
||||
"",
|
||||
ldapUserProfile{},
|
||||
"",
|
||||
},
|
||||
{
|
||||
"ShouldResolveMemberOfRDNFilter",
|
||||
schema.AuthenticationBackendLDAP{
|
||||
schema.LDAPAuthenticationBackend{
|
||||
GroupsFilter: "(|{memberof:rdn})",
|
||||
Attributes: schema.AuthenticationBackendLDAPAttributes{
|
||||
Attributes: schema.LDAPAuthenticationAttributes{
|
||||
DistinguishedName: "distinguishedName",
|
||||
GroupName: "cn",
|
||||
MemberOf: "memberOf",
|
||||
|
@ -183,9 +183,9 @@ func TestResolveGroupsFilter(t *testing.T) {
|
|||
},
|
||||
{
|
||||
"ShouldResolveMemberOfDNFilter",
|
||||
schema.AuthenticationBackendLDAP{
|
||||
schema.LDAPAuthenticationBackend{
|
||||
GroupsFilter: "(|{memberof:dn})",
|
||||
Attributes: schema.AuthenticationBackendLDAPAttributes{
|
||||
Attributes: schema.LDAPAuthenticationAttributes{
|
||||
DistinguishedName: "distinguishedName",
|
||||
GroupName: "cn",
|
||||
MemberOf: "memberOf",
|
||||
|
@ -246,7 +246,7 @@ func (e *ExtendedSearchRequestMatcher) String() string {
|
|||
func TestShouldCheckLDAPEpochFilters(t *testing.T) {
|
||||
type have struct {
|
||||
users string
|
||||
attr schema.AuthenticationBackendLDAPAttributes
|
||||
attr schema.LDAPAuthenticationAttributes
|
||||
}
|
||||
|
||||
type expected struct {
|
||||
|
@ -302,7 +302,7 @@ func TestShouldCheckLDAPEpochFilters(t *testing.T) {
|
|||
for _, tc := range testCases {
|
||||
t.Run(tc.name, func(t *testing.T) {
|
||||
provider := NewLDAPUserProviderWithFactory(
|
||||
schema.AuthenticationBackendLDAP{
|
||||
schema.LDAPAuthenticationBackend{
|
||||
UsersFilter: tc.have.users,
|
||||
Attributes: tc.have.attr,
|
||||
BaseDN: "dc=example,dc=com",
|
||||
|
@ -326,11 +326,11 @@ func TestShouldCheckLDAPServerExtensions(t *testing.T) {
|
|||
mockClient := NewMockLDAPClient(ctrl)
|
||||
|
||||
provider := NewLDAPUserProviderWithFactory(
|
||||
schema.AuthenticationBackendLDAP{
|
||||
schema.LDAPAuthenticationBackend{
|
||||
Address: testLDAPAddress,
|
||||
User: "cn=admin,dc=example,dc=com",
|
||||
UsersFilter: "(|({username_attribute}={input})({mail_attribute}={input}))",
|
||||
Attributes: schema.AuthenticationBackendLDAPAttributes{
|
||||
Attributes: schema.LDAPAuthenticationAttributes{
|
||||
Username: "uid",
|
||||
Mail: "mail",
|
||||
DisplayName: "displayName",
|
||||
|
@ -394,11 +394,11 @@ func TestShouldNotCheckLDAPServerExtensionsWhenRootDSEReturnsMoreThanOneEntry(t
|
|||
mockClient := NewMockLDAPClient(ctrl)
|
||||
|
||||
provider := NewLDAPUserProviderWithFactory(
|
||||
schema.AuthenticationBackendLDAP{
|
||||
schema.LDAPAuthenticationBackend{
|
||||
Address: testLDAPAddress,
|
||||
User: "cn=admin,dc=example,dc=com",
|
||||
UsersFilter: "(|({username_attribute}={input})({mail_attribute}={input}))",
|
||||
Attributes: schema.AuthenticationBackendLDAPAttributes{
|
||||
Attributes: schema.LDAPAuthenticationAttributes{
|
||||
Username: "uid",
|
||||
Mail: "mail",
|
||||
DisplayName: "displayName",
|
||||
|
@ -463,11 +463,11 @@ func TestShouldCheckLDAPServerControlTypes(t *testing.T) {
|
|||
mockClient := NewMockLDAPClient(ctrl)
|
||||
|
||||
provider := NewLDAPUserProviderWithFactory(
|
||||
schema.AuthenticationBackendLDAP{
|
||||
schema.LDAPAuthenticationBackend{
|
||||
Address: testLDAPAddress,
|
||||
User: "cn=admin,dc=example,dc=com",
|
||||
UsersFilter: "(|({username_attribute}={input})({mail_attribute}={input}))",
|
||||
Attributes: schema.AuthenticationBackendLDAPAttributes{
|
||||
Attributes: schema.LDAPAuthenticationAttributes{
|
||||
Username: "uid",
|
||||
Mail: "mail",
|
||||
DisplayName: "displayName",
|
||||
|
@ -531,11 +531,11 @@ func TestShouldNotEnablePasswdModifyExtensionOrControlTypes(t *testing.T) {
|
|||
mockClient := NewMockLDAPClient(ctrl)
|
||||
|
||||
provider := NewLDAPUserProviderWithFactory(
|
||||
schema.AuthenticationBackendLDAP{
|
||||
schema.LDAPAuthenticationBackend{
|
||||
Address: testLDAPAddress,
|
||||
User: "cn=admin,dc=example,dc=com",
|
||||
UsersFilter: "(|({username_attribute}={input})({mail_attribute}={input}))",
|
||||
Attributes: schema.AuthenticationBackendLDAPAttributes{
|
||||
Attributes: schema.LDAPAuthenticationAttributes{
|
||||
Username: "uid",
|
||||
Mail: "mail",
|
||||
DisplayName: "displayName",
|
||||
|
@ -599,11 +599,11 @@ func TestShouldReturnCheckServerConnectError(t *testing.T) {
|
|||
mockClient := NewMockLDAPClient(ctrl)
|
||||
|
||||
provider := NewLDAPUserProviderWithFactory(
|
||||
schema.AuthenticationBackendLDAP{
|
||||
schema.LDAPAuthenticationBackend{
|
||||
Address: testLDAPAddress,
|
||||
User: "cn=admin,dc=example,dc=com",
|
||||
UsersFilter: "(|({username_attribute}={input})({mail_attribute}={input}))",
|
||||
Attributes: schema.AuthenticationBackendLDAPAttributes{
|
||||
Attributes: schema.LDAPAuthenticationAttributes{
|
||||
Username: "uid",
|
||||
Mail: "mail",
|
||||
DisplayName: "displayName",
|
||||
|
@ -635,11 +635,11 @@ func TestShouldReturnCheckServerSearchError(t *testing.T) {
|
|||
mockClient := NewMockLDAPClient(ctrl)
|
||||
|
||||
provider := NewLDAPUserProviderWithFactory(
|
||||
schema.AuthenticationBackendLDAP{
|
||||
schema.LDAPAuthenticationBackend{
|
||||
Address: testLDAPAddress,
|
||||
User: "cn=admin,dc=example,dc=com",
|
||||
UsersFilter: "(|({username_attribute}={input})({mail_attribute}={input}))",
|
||||
Attributes: schema.AuthenticationBackendLDAPAttributes{
|
||||
Attributes: schema.LDAPAuthenticationAttributes{
|
||||
Username: "uid",
|
||||
Mail: "mail",
|
||||
DisplayName: "displayName",
|
||||
|
@ -683,12 +683,12 @@ func TestShouldPermitRootDSEFailure(t *testing.T) {
|
|||
mockClient := NewMockLDAPClient(ctrl)
|
||||
|
||||
provider := NewLDAPUserProviderWithFactory(
|
||||
schema.AuthenticationBackendLDAP{
|
||||
schema.LDAPAuthenticationBackend{
|
||||
PermitFeatureDetectionFailure: true,
|
||||
Address: testLDAPAddress,
|
||||
User: "cn=admin,dc=example,dc=com",
|
||||
UsersFilter: "(|({username_attribute}={input})({mail_attribute}={input}))",
|
||||
Attributes: schema.AuthenticationBackendLDAPAttributes{
|
||||
Attributes: schema.LDAPAuthenticationAttributes{
|
||||
Username: "uid",
|
||||
Mail: "mail",
|
||||
DisplayName: "displayName",
|
||||
|
@ -747,11 +747,11 @@ func TestShouldEscapeUserInput(t *testing.T) {
|
|||
mockClient := NewMockLDAPClient(ctrl)
|
||||
|
||||
provider := NewLDAPUserProviderWithFactory(
|
||||
schema.AuthenticationBackendLDAP{
|
||||
schema.LDAPAuthenticationBackend{
|
||||
Address: testLDAPAddress,
|
||||
User: "cn=admin,dc=example,dc=com",
|
||||
UsersFilter: "(|({username_attribute}={input})({mail_attribute}={input}))",
|
||||
Attributes: schema.AuthenticationBackendLDAPAttributes{
|
||||
Attributes: schema.LDAPAuthenticationAttributes{
|
||||
Username: "uid",
|
||||
Mail: "mail",
|
||||
DisplayName: "displayName",
|
||||
|
@ -784,11 +784,11 @@ func TestShouldReturnEmailWhenAttributeSameAsUsername(t *testing.T) {
|
|||
mockClient := NewMockLDAPClient(ctrl)
|
||||
|
||||
provider := NewLDAPUserProviderWithFactory(
|
||||
schema.AuthenticationBackendLDAP{
|
||||
schema.LDAPAuthenticationBackend{
|
||||
Address: testLDAPAddress,
|
||||
User: "cn=admin,dc=example,dc=com",
|
||||
Password: "password",
|
||||
Attributes: schema.AuthenticationBackendLDAPAttributes{
|
||||
Attributes: schema.LDAPAuthenticationAttributes{
|
||||
Username: "mail",
|
||||
Mail: "mail",
|
||||
DisplayName: "displayName",
|
||||
|
@ -858,11 +858,11 @@ func TestShouldReturnUsernameAndBlankDisplayNameWhenAttributesTheSame(t *testing
|
|||
mockClient := NewMockLDAPClient(ctrl)
|
||||
|
||||
provider := NewLDAPUserProviderWithFactory(
|
||||
schema.AuthenticationBackendLDAP{
|
||||
schema.LDAPAuthenticationBackend{
|
||||
Address: testLDAPAddress,
|
||||
User: "cn=admin,dc=example,dc=com",
|
||||
Password: "password",
|
||||
Attributes: schema.AuthenticationBackendLDAPAttributes{
|
||||
Attributes: schema.LDAPAuthenticationAttributes{
|
||||
Username: "uid",
|
||||
Mail: "mail",
|
||||
DisplayName: "uid",
|
||||
|
@ -932,11 +932,11 @@ func TestShouldReturnBlankEmailAndDisplayNameWhenAttrsLenZero(t *testing.T) {
|
|||
mockClient := NewMockLDAPClient(ctrl)
|
||||
|
||||
provider := NewLDAPUserProviderWithFactory(
|
||||
schema.AuthenticationBackendLDAP{
|
||||
schema.LDAPAuthenticationBackend{
|
||||
Address: testLDAPAddress,
|
||||
User: "cn=admin,dc=example,dc=com",
|
||||
Password: "password",
|
||||
Attributes: schema.AuthenticationBackendLDAPAttributes{
|
||||
Attributes: schema.LDAPAuthenticationAttributes{
|
||||
Username: "uid",
|
||||
Mail: "mail",
|
||||
DisplayName: "displayName",
|
||||
|
@ -1013,12 +1013,12 @@ func TestShouldCombineUsernameFilterAndUsersFilter(t *testing.T) {
|
|||
mockClient := NewMockLDAPClient(ctrl)
|
||||
|
||||
provider := NewLDAPUserProviderWithFactory(
|
||||
schema.AuthenticationBackendLDAP{
|
||||
schema.LDAPAuthenticationBackend{
|
||||
Address: testLDAPAddress,
|
||||
User: "cn=admin,dc=example,dc=com",
|
||||
UsersFilter: "(&({username_attribute}={input})(&(objectCategory=person)(objectClass=user)))",
|
||||
Password: "password",
|
||||
Attributes: schema.AuthenticationBackendLDAPAttributes{
|
||||
Attributes: schema.LDAPAuthenticationAttributes{
|
||||
Username: "uid",
|
||||
Mail: "mail",
|
||||
DisplayName: "displayName",
|
||||
|
@ -1092,11 +1092,11 @@ func TestShouldNotCrashWhenGroupsAreNotRetrievedFromLDAP(t *testing.T) {
|
|||
mockClient := NewMockLDAPClient(ctrl)
|
||||
|
||||
provider := NewLDAPUserProviderWithFactory(
|
||||
schema.AuthenticationBackendLDAP{
|
||||
schema.LDAPAuthenticationBackend{
|
||||
Address: testLDAPAddress,
|
||||
User: "cn=admin,dc=example,dc=com",
|
||||
Password: "password",
|
||||
Attributes: schema.AuthenticationBackendLDAPAttributes{
|
||||
Attributes: schema.LDAPAuthenticationAttributes{
|
||||
Username: "uid",
|
||||
Mail: "mail",
|
||||
DisplayName: "displayName",
|
||||
|
@ -1169,11 +1169,11 @@ func TestLDAPUserProvider_GetDetails_ShouldReturnOnUserError(t *testing.T) {
|
|||
mockClient := NewMockLDAPClient(ctrl)
|
||||
|
||||
provider := NewLDAPUserProviderWithFactory(
|
||||
schema.AuthenticationBackendLDAP{
|
||||
schema.LDAPAuthenticationBackend{
|
||||
Address: testLDAPAddress,
|
||||
User: "cn=admin,dc=example,dc=com",
|
||||
Password: "password",
|
||||
Attributes: schema.AuthenticationBackendLDAPAttributes{
|
||||
Attributes: schema.LDAPAuthenticationAttributes{
|
||||
Username: "uid",
|
||||
Mail: "mail",
|
||||
DisplayName: "displayName",
|
||||
|
@ -1217,11 +1217,11 @@ func TestLDAPUserProvider_GetDetails_ShouldReturnOnGroupsError(t *testing.T) {
|
|||
mockClient := NewMockLDAPClient(ctrl)
|
||||
|
||||
provider := NewLDAPUserProviderWithFactory(
|
||||
schema.AuthenticationBackendLDAP{
|
||||
schema.LDAPAuthenticationBackend{
|
||||
Address: testLDAPAddress,
|
||||
User: "cn=admin,dc=example,dc=com",
|
||||
Password: "password",
|
||||
Attributes: schema.AuthenticationBackendLDAPAttributes{
|
||||
Attributes: schema.LDAPAuthenticationAttributes{
|
||||
Username: "uid",
|
||||
Mail: "mail",
|
||||
DisplayName: "displayName",
|
||||
|
@ -1290,11 +1290,11 @@ func TestShouldNotCrashWhenEmailsAreNotRetrievedFromLDAP(t *testing.T) {
|
|||
mockClient := NewMockLDAPClient(ctrl)
|
||||
|
||||
provider := NewLDAPUserProviderWithFactory(
|
||||
schema.AuthenticationBackendLDAP{
|
||||
schema.LDAPAuthenticationBackend{
|
||||
Address: testLDAPAddress,
|
||||
User: "cn=admin,dc=example,dc=com",
|
||||
Password: "password",
|
||||
Attributes: schema.AuthenticationBackendLDAPAttributes{
|
||||
Attributes: schema.LDAPAuthenticationAttributes{
|
||||
Username: "uid",
|
||||
DisplayName: "displayName",
|
||||
MemberOf: "memberOf",
|
||||
|
@ -1356,11 +1356,11 @@ func TestShouldUnauthenticatedBind(t *testing.T) {
|
|||
mockClient := NewMockLDAPClient(ctrl)
|
||||
|
||||
provider := NewLDAPUserProviderWithFactory(
|
||||
schema.AuthenticationBackendLDAP{
|
||||
schema.LDAPAuthenticationBackend{
|
||||
Address: testLDAPAddress,
|
||||
User: "cn=admin,dc=example,dc=com",
|
||||
Password: "",
|
||||
Attributes: schema.AuthenticationBackendLDAPAttributes{
|
||||
Attributes: schema.LDAPAuthenticationAttributes{
|
||||
Username: "uid",
|
||||
DisplayName: "displayName",
|
||||
MemberOf: "memberOf",
|
||||
|
@ -1422,11 +1422,11 @@ func TestShouldReturnUsernameFromLDAP(t *testing.T) {
|
|||
mockClient := NewMockLDAPClient(ctrl)
|
||||
|
||||
provider := NewLDAPUserProviderWithFactory(
|
||||
schema.AuthenticationBackendLDAP{
|
||||
schema.LDAPAuthenticationBackend{
|
||||
Address: testLDAPAddress,
|
||||
User: "cn=admin,dc=example,dc=com",
|
||||
Password: "password",
|
||||
Attributes: schema.AuthenticationBackendLDAPAttributes{
|
||||
Attributes: schema.LDAPAuthenticationAttributes{
|
||||
Username: "uid",
|
||||
Mail: "mail",
|
||||
DisplayName: "displayName",
|
||||
|
@ -1498,11 +1498,11 @@ func TestShouldReturnUsernameFromLDAPSearchModeMemberOfRDN(t *testing.T) {
|
|||
mockClient := NewMockLDAPClient(ctrl)
|
||||
|
||||
provider := NewLDAPUserProviderWithFactory(
|
||||
schema.AuthenticationBackendLDAP{
|
||||
schema.LDAPAuthenticationBackend{
|
||||
Address: testLDAPAddress,
|
||||
User: "cn=admin,dc=example,dc=com",
|
||||
Password: "password",
|
||||
Attributes: schema.AuthenticationBackendLDAPAttributes{
|
||||
Attributes: schema.LDAPAuthenticationAttributes{
|
||||
Username: "uid",
|
||||
Mail: "mail",
|
||||
DisplayName: "displayName",
|
||||
|
@ -1588,11 +1588,11 @@ func TestShouldReturnUsernameFromLDAPSearchModeMemberOfDN(t *testing.T) {
|
|||
mockClient := NewMockLDAPClient(ctrl)
|
||||
|
||||
provider := NewLDAPUserProviderWithFactory(
|
||||
schema.AuthenticationBackendLDAP{
|
||||
schema.LDAPAuthenticationBackend{
|
||||
Address: testLDAPAddress,
|
||||
User: "CN=Administrator,CN=Users,DC=example,DC=com",
|
||||
Password: "password",
|
||||
Attributes: schema.AuthenticationBackendLDAPAttributes{
|
||||
Attributes: schema.LDAPAuthenticationAttributes{
|
||||
DistinguishedName: "distinguishedName",
|
||||
Username: "sAMAccountName",
|
||||
Mail: "mail",
|
||||
|
@ -1676,11 +1676,11 @@ func TestShouldReturnErrSearchMemberOf(t *testing.T) {
|
|||
mockClient := NewMockLDAPClient(ctrl)
|
||||
|
||||
provider := NewLDAPUserProviderWithFactory(
|
||||
schema.AuthenticationBackendLDAP{
|
||||
schema.LDAPAuthenticationBackend{
|
||||
Address: testLDAPAddress,
|
||||
User: "CN=Administrator,CN=Users,DC=example,DC=com",
|
||||
Password: "password",
|
||||
Attributes: schema.AuthenticationBackendLDAPAttributes{
|
||||
Attributes: schema.LDAPAuthenticationAttributes{
|
||||
DistinguishedName: "distinguishedName",
|
||||
Username: "sAMAccountName",
|
||||
Mail: "mail",
|
||||
|
@ -1760,11 +1760,11 @@ func TestShouldReturnErrUnknownSearchMode(t *testing.T) {
|
|||
mockClient := NewMockLDAPClient(ctrl)
|
||||
|
||||
provider := NewLDAPUserProviderWithFactory(
|
||||
schema.AuthenticationBackendLDAP{
|
||||
schema.LDAPAuthenticationBackend{
|
||||
Address: testLDAPAddress,
|
||||
User: "CN=Administrator,CN=Users,DC=example,DC=com",
|
||||
Password: "password",
|
||||
Attributes: schema.AuthenticationBackendLDAPAttributes{
|
||||
Attributes: schema.LDAPAuthenticationAttributes{
|
||||
DistinguishedName: "distinguishedName",
|
||||
Username: "sAMAccountName",
|
||||
Mail: "mail",
|
||||
|
@ -1836,11 +1836,11 @@ func TestShouldSkipEmptyAttributesSearchModeMemberOf(t *testing.T) {
|
|||
mockClient := NewMockLDAPClient(ctrl)
|
||||
|
||||
provider := NewLDAPUserProviderWithFactory(
|
||||
schema.AuthenticationBackendLDAP{
|
||||
schema.LDAPAuthenticationBackend{
|
||||
Address: testLDAPAddress,
|
||||
User: "CN=Administrator,CN=Users,DC=example,DC=com",
|
||||
Password: "password",
|
||||
Attributes: schema.AuthenticationBackendLDAPAttributes{
|
||||
Attributes: schema.LDAPAuthenticationAttributes{
|
||||
DistinguishedName: "distinguishedName",
|
||||
Username: "sAMAccountName",
|
||||
Mail: "mail",
|
||||
|
@ -1950,11 +1950,11 @@ func TestShouldSkipEmptyAttributesSearchModeFilter(t *testing.T) {
|
|||
mockClient := NewMockLDAPClient(ctrl)
|
||||
|
||||
provider := NewLDAPUserProviderWithFactory(
|
||||
schema.AuthenticationBackendLDAP{
|
||||
schema.LDAPAuthenticationBackend{
|
||||
Address: testLDAPAddress,
|
||||
User: "CN=Administrator,CN=Users,DC=example,DC=com",
|
||||
Password: "password",
|
||||
Attributes: schema.AuthenticationBackendLDAPAttributes{
|
||||
Attributes: schema.LDAPAuthenticationAttributes{
|
||||
DistinguishedName: "distinguishedName",
|
||||
Username: "sAMAccountName",
|
||||
Mail: "mail",
|
||||
|
@ -2064,11 +2064,11 @@ func TestShouldSkipEmptyGroupsResultMemberOf(t *testing.T) {
|
|||
mockClient := NewMockLDAPClient(ctrl)
|
||||
|
||||
provider := NewLDAPUserProviderWithFactory(
|
||||
schema.AuthenticationBackendLDAP{
|
||||
schema.LDAPAuthenticationBackend{
|
||||
Address: testLDAPAddress,
|
||||
User: "cn=admin,dc=example,dc=com",
|
||||
Password: "password",
|
||||
Attributes: schema.AuthenticationBackendLDAPAttributes{
|
||||
Attributes: schema.LDAPAuthenticationAttributes{
|
||||
Username: "uid",
|
||||
Mail: "mail",
|
||||
DisplayName: "displayName",
|
||||
|
@ -2146,11 +2146,11 @@ func TestShouldReturnUsernameFromLDAPWithReferralsInErrorAndResult(t *testing.T)
|
|||
mockClientReferralAlt := NewMockLDAPClient(ctrl)
|
||||
|
||||
provider := NewLDAPUserProviderWithFactory(
|
||||
schema.AuthenticationBackendLDAP{
|
||||
schema.LDAPAuthenticationBackend{
|
||||
Address: testLDAPAddress,
|
||||
User: "cn=admin,dc=example,dc=com",
|
||||
Password: "password",
|
||||
Attributes: schema.AuthenticationBackendLDAPAttributes{
|
||||
Attributes: schema.LDAPAuthenticationAttributes{
|
||||
Username: "uid",
|
||||
Mail: "mail",
|
||||
DisplayName: "displayName",
|
||||
|
@ -2275,11 +2275,11 @@ func TestShouldReturnUsernameFromLDAPWithReferralsInErrorAndNoResult(t *testing.
|
|||
mockClientReferral := NewMockLDAPClient(ctrl)
|
||||
|
||||
provider := NewLDAPUserProviderWithFactory(
|
||||
schema.AuthenticationBackendLDAP{
|
||||
schema.LDAPAuthenticationBackend{
|
||||
Address: testLDAPAddress,
|
||||
User: "cn=admin,dc=example,dc=com",
|
||||
Password: "password",
|
||||
Attributes: schema.AuthenticationBackendLDAPAttributes{
|
||||
Attributes: schema.LDAPAuthenticationAttributes{
|
||||
Username: "uid",
|
||||
Mail: "mail",
|
||||
DisplayName: "displayName",
|
||||
|
@ -2366,11 +2366,11 @@ func TestShouldReturnDialErrDuringReferralSearchUsernameFromLDAPWithReferralsInE
|
|||
mockClient := NewMockLDAPClient(ctrl)
|
||||
|
||||
provider := NewLDAPUserProviderWithFactory(
|
||||
schema.AuthenticationBackendLDAP{
|
||||
schema.LDAPAuthenticationBackend{
|
||||
Address: testLDAPAddress,
|
||||
User: "cn=admin,dc=example,dc=com",
|
||||
Password: "password",
|
||||
Attributes: schema.AuthenticationBackendLDAPAttributes{
|
||||
Attributes: schema.LDAPAuthenticationAttributes{
|
||||
Username: "uid",
|
||||
Mail: "mail",
|
||||
DisplayName: "displayName",
|
||||
|
@ -2421,11 +2421,11 @@ func TestShouldReturnSearchErrDuringReferralSearchUsernameFromLDAPWithReferralsI
|
|||
mockClientReferral := NewMockLDAPClient(ctrl)
|
||||
|
||||
provider := NewLDAPUserProviderWithFactory(
|
||||
schema.AuthenticationBackendLDAP{
|
||||
schema.LDAPAuthenticationBackend{
|
||||
Address: testLDAPAddress,
|
||||
User: "cn=admin,dc=example,dc=com",
|
||||
Password: "password",
|
||||
Attributes: schema.AuthenticationBackendLDAPAttributes{
|
||||
Attributes: schema.LDAPAuthenticationAttributes{
|
||||
Username: "uid",
|
||||
Mail: "mail",
|
||||
DisplayName: "displayName",
|
||||
|
@ -2485,11 +2485,11 @@ func TestShouldNotReturnUsernameFromLDAPWithReferralsInErrorAndReferralsNotPermi
|
|||
mockClient := NewMockLDAPClient(ctrl)
|
||||
|
||||
provider := NewLDAPUserProviderWithFactory(
|
||||
schema.AuthenticationBackendLDAP{
|
||||
schema.LDAPAuthenticationBackend{
|
||||
Address: testLDAPAddress,
|
||||
User: "cn=admin,dc=example,dc=com",
|
||||
Password: "password",
|
||||
Attributes: schema.AuthenticationBackendLDAPAttributes{
|
||||
Attributes: schema.LDAPAuthenticationAttributes{
|
||||
Username: "uid",
|
||||
Mail: "mail",
|
||||
DisplayName: "displayName",
|
||||
|
@ -2535,11 +2535,11 @@ func TestShouldReturnUsernameFromLDAPWithReferralsErr(t *testing.T) {
|
|||
mockClientReferral := NewMockLDAPClient(ctrl)
|
||||
|
||||
provider := NewLDAPUserProviderWithFactory(
|
||||
schema.AuthenticationBackendLDAP{
|
||||
schema.LDAPAuthenticationBackend{
|
||||
Address: testLDAPAddress,
|
||||
User: "cn=admin,dc=example,dc=com",
|
||||
Password: "password",
|
||||
Attributes: schema.AuthenticationBackendLDAPAttributes{
|
||||
Attributes: schema.LDAPAuthenticationAttributes{
|
||||
Username: "uid",
|
||||
Mail: "mail",
|
||||
DisplayName: "displayName",
|
||||
|
@ -2626,11 +2626,11 @@ func TestShouldNotUpdateUserPasswordConnect(t *testing.T) {
|
|||
mockClient := NewMockLDAPClient(ctrl)
|
||||
|
||||
provider := NewLDAPUserProviderWithFactory(
|
||||
schema.AuthenticationBackendLDAP{
|
||||
schema.LDAPAuthenticationBackend{
|
||||
Address: testLDAPAddress,
|
||||
User: "cn=admin,dc=example,dc=com",
|
||||
Password: "password",
|
||||
Attributes: schema.AuthenticationBackendLDAPAttributes{
|
||||
Attributes: schema.LDAPAuthenticationAttributes{
|
||||
Username: "uid",
|
||||
Mail: "mail",
|
||||
DisplayName: "displayName",
|
||||
|
@ -2696,11 +2696,11 @@ func TestShouldNotUpdateUserPasswordGetDetails(t *testing.T) {
|
|||
mockClient := NewMockLDAPClient(ctrl)
|
||||
|
||||
provider := NewLDAPUserProviderWithFactory(
|
||||
schema.AuthenticationBackendLDAP{
|
||||
schema.LDAPAuthenticationBackend{
|
||||
Address: testLDAPAddress,
|
||||
User: "cn=admin,dc=example,dc=com",
|
||||
Password: "password",
|
||||
Attributes: schema.AuthenticationBackendLDAPAttributes{
|
||||
Attributes: schema.LDAPAuthenticationAttributes{
|
||||
Username: "uid",
|
||||
Mail: "mail",
|
||||
DisplayName: "displayName",
|
||||
|
@ -2776,11 +2776,11 @@ func TestShouldUpdateUserPassword(t *testing.T) {
|
|||
mockClient := NewMockLDAPClient(ctrl)
|
||||
|
||||
provider := NewLDAPUserProviderWithFactory(
|
||||
schema.AuthenticationBackendLDAP{
|
||||
schema.LDAPAuthenticationBackend{
|
||||
Address: testLDAPAddress,
|
||||
User: "cn=admin,dc=example,dc=com",
|
||||
Password: "password",
|
||||
Attributes: schema.AuthenticationBackendLDAPAttributes{
|
||||
Attributes: schema.LDAPAuthenticationAttributes{
|
||||
Username: "uid",
|
||||
Mail: "mail",
|
||||
DisplayName: "displayName",
|
||||
|
@ -2886,12 +2886,12 @@ func TestShouldUpdateUserPasswordMSAD(t *testing.T) {
|
|||
mockClient := NewMockLDAPClient(ctrl)
|
||||
|
||||
provider := NewLDAPUserProviderWithFactory(
|
||||
schema.AuthenticationBackendLDAP{
|
||||
schema.LDAPAuthenticationBackend{
|
||||
Implementation: "activedirectory",
|
||||
Address: testLDAPAddress,
|
||||
User: "cn=admin,dc=example,dc=com",
|
||||
Password: "password",
|
||||
Attributes: schema.AuthenticationBackendLDAPAttributes{
|
||||
Attributes: schema.LDAPAuthenticationAttributes{
|
||||
Username: "uid",
|
||||
Mail: "mail",
|
||||
DisplayName: "displayName",
|
||||
|
@ -2999,12 +2999,12 @@ func TestShouldUpdateUserPasswordMSADWithReferrals(t *testing.T) {
|
|||
mockClientReferral := NewMockLDAPClient(ctrl)
|
||||
|
||||
provider := NewLDAPUserProviderWithFactory(
|
||||
schema.AuthenticationBackendLDAP{
|
||||
schema.LDAPAuthenticationBackend{
|
||||
Implementation: "activedirectory",
|
||||
Address: testLDAPAddress,
|
||||
User: "cn=admin,dc=example,dc=com",
|
||||
Password: "password",
|
||||
Attributes: schema.AuthenticationBackendLDAPAttributes{
|
||||
Attributes: schema.LDAPAuthenticationAttributes{
|
||||
Username: "uid",
|
||||
Mail: "mail",
|
||||
DisplayName: "displayName",
|
||||
|
@ -3130,12 +3130,12 @@ func TestShouldUpdateUserPasswordMSADWithReferralsWithReferralConnectErr(t *test
|
|||
mockClient := NewMockLDAPClient(ctrl)
|
||||
|
||||
provider := NewLDAPUserProviderWithFactory(
|
||||
schema.AuthenticationBackendLDAP{
|
||||
schema.LDAPAuthenticationBackend{
|
||||
Implementation: "activedirectory",
|
||||
Address: testLDAPAddress,
|
||||
User: "cn=admin,dc=example,dc=com",
|
||||
Password: "password",
|
||||
Attributes: schema.AuthenticationBackendLDAPAttributes{
|
||||
Attributes: schema.LDAPAuthenticationAttributes{
|
||||
Username: "uid",
|
||||
Mail: "mail",
|
||||
DisplayName: "displayName",
|
||||
|
@ -3252,12 +3252,12 @@ func TestShouldUpdateUserPasswordMSADWithReferralsWithReferralModifyErr(t *testi
|
|||
mockClientReferral := NewMockLDAPClient(ctrl)
|
||||
|
||||
provider := NewLDAPUserProviderWithFactory(
|
||||
schema.AuthenticationBackendLDAP{
|
||||
schema.LDAPAuthenticationBackend{
|
||||
Implementation: "activedirectory",
|
||||
Address: testLDAPAddress,
|
||||
User: "cn=admin,dc=example,dc=com",
|
||||
Password: "password",
|
||||
Attributes: schema.AuthenticationBackendLDAPAttributes{
|
||||
Attributes: schema.LDAPAuthenticationAttributes{
|
||||
Username: "uid",
|
||||
Mail: "mail",
|
||||
DisplayName: "displayName",
|
||||
|
@ -3387,12 +3387,12 @@ func TestShouldUpdateUserPasswordMSADWithoutReferrals(t *testing.T) {
|
|||
mockClient := NewMockLDAPClient(ctrl)
|
||||
|
||||
provider := NewLDAPUserProviderWithFactory(
|
||||
schema.AuthenticationBackendLDAP{
|
||||
schema.LDAPAuthenticationBackend{
|
||||
Implementation: "activedirectory",
|
||||
Address: testLDAPAddress,
|
||||
User: "cn=admin,dc=example,dc=com",
|
||||
Password: "password",
|
||||
Attributes: schema.AuthenticationBackendLDAPAttributes{
|
||||
Attributes: schema.LDAPAuthenticationAttributes{
|
||||
Username: "uid",
|
||||
Mail: "mail",
|
||||
DisplayName: "displayName",
|
||||
|
@ -3504,11 +3504,11 @@ func TestShouldUpdateUserPasswordPasswdModifyExtension(t *testing.T) {
|
|||
mockClient := NewMockLDAPClient(ctrl)
|
||||
|
||||
provider := NewLDAPUserProviderWithFactory(
|
||||
schema.AuthenticationBackendLDAP{
|
||||
schema.LDAPAuthenticationBackend{
|
||||
Address: testLDAPAddress,
|
||||
User: "cn=admin,dc=example,dc=com",
|
||||
Password: "password",
|
||||
Attributes: schema.AuthenticationBackendLDAPAttributes{
|
||||
Attributes: schema.LDAPAuthenticationAttributes{
|
||||
Username: "uid",
|
||||
Mail: "mail",
|
||||
DisplayName: "displayName",
|
||||
|
@ -3614,11 +3614,11 @@ func TestShouldUpdateUserPasswordPasswdModifyExtensionWithReferrals(t *testing.T
|
|||
mockClientReferral := NewMockLDAPClient(ctrl)
|
||||
|
||||
provider := NewLDAPUserProviderWithFactory(
|
||||
schema.AuthenticationBackendLDAP{
|
||||
schema.LDAPAuthenticationBackend{
|
||||
Address: testLDAPAddress,
|
||||
User: "cn=admin,dc=example,dc=com",
|
||||
Password: "password",
|
||||
Attributes: schema.AuthenticationBackendLDAPAttributes{
|
||||
Attributes: schema.LDAPAuthenticationAttributes{
|
||||
Username: "uid",
|
||||
Mail: "mail",
|
||||
DisplayName: "displayName",
|
||||
|
@ -3744,11 +3744,11 @@ func TestShouldUpdateUserPasswordPasswdModifyExtensionWithoutReferrals(t *testin
|
|||
mockClient := NewMockLDAPClient(ctrl)
|
||||
|
||||
provider := NewLDAPUserProviderWithFactory(
|
||||
schema.AuthenticationBackendLDAP{
|
||||
schema.LDAPAuthenticationBackend{
|
||||
Address: testLDAPAddress,
|
||||
User: "cn=admin,dc=example,dc=com",
|
||||
Password: "password",
|
||||
Attributes: schema.AuthenticationBackendLDAPAttributes{
|
||||
Attributes: schema.LDAPAuthenticationAttributes{
|
||||
Username: "uid",
|
||||
Mail: "mail",
|
||||
DisplayName: "displayName",
|
||||
|
@ -3860,11 +3860,11 @@ func TestShouldUpdateUserPasswordPasswdModifyExtensionWithReferralsReferralConne
|
|||
mockClient := NewMockLDAPClient(ctrl)
|
||||
|
||||
provider := NewLDAPUserProviderWithFactory(
|
||||
schema.AuthenticationBackendLDAP{
|
||||
schema.LDAPAuthenticationBackend{
|
||||
Address: testLDAPAddress,
|
||||
User: "cn=admin,dc=example,dc=com",
|
||||
Password: "password",
|
||||
Attributes: schema.AuthenticationBackendLDAPAttributes{
|
||||
Attributes: schema.LDAPAuthenticationAttributes{
|
||||
Username: "uid",
|
||||
Mail: "mail",
|
||||
DisplayName: "displayName",
|
||||
|
@ -3981,11 +3981,11 @@ func TestShouldUpdateUserPasswordPasswdModifyExtensionWithReferralsReferralPassw
|
|||
mockClientReferral := NewMockLDAPClient(ctrl)
|
||||
|
||||
provider := NewLDAPUserProviderWithFactory(
|
||||
schema.AuthenticationBackendLDAP{
|
||||
schema.LDAPAuthenticationBackend{
|
||||
Address: testLDAPAddress,
|
||||
User: "cn=admin,dc=example,dc=com",
|
||||
Password: "password",
|
||||
Attributes: schema.AuthenticationBackendLDAPAttributes{
|
||||
Attributes: schema.LDAPAuthenticationAttributes{
|
||||
Username: "uid",
|
||||
Mail: "mail",
|
||||
DisplayName: "displayName",
|
||||
|
@ -4115,12 +4115,12 @@ func TestShouldUpdateUserPasswordActiveDirectoryWithServerPolicyHints(t *testing
|
|||
mockClient := NewMockLDAPClient(ctrl)
|
||||
|
||||
provider := NewLDAPUserProviderWithFactory(
|
||||
schema.AuthenticationBackendLDAP{
|
||||
schema.LDAPAuthenticationBackend{
|
||||
Implementation: "activedirectory",
|
||||
Address: testLDAPAddress,
|
||||
User: "cn=admin,dc=example,dc=com",
|
||||
Password: "password",
|
||||
Attributes: schema.AuthenticationBackendLDAPAttributes{
|
||||
Attributes: schema.LDAPAuthenticationAttributes{
|
||||
DistinguishedName: "distinguishedName",
|
||||
Username: "sAMAccountName",
|
||||
Mail: "mail",
|
||||
|
@ -4230,12 +4230,12 @@ func TestShouldUpdateUserPasswordActiveDirectoryWithServerPolicyHintsDeprecated(
|
|||
mockClient := NewMockLDAPClient(ctrl)
|
||||
|
||||
provider := NewLDAPUserProviderWithFactory(
|
||||
schema.AuthenticationBackendLDAP{
|
||||
schema.LDAPAuthenticationBackend{
|
||||
Implementation: "activedirectory",
|
||||
Address: testLDAPAddress,
|
||||
User: "cn=admin,dc=example,dc=com",
|
||||
Password: "password",
|
||||
Attributes: schema.AuthenticationBackendLDAPAttributes{
|
||||
Attributes: schema.LDAPAuthenticationAttributes{
|
||||
DistinguishedName: "distinguishedName",
|
||||
Username: "sAMAccountName",
|
||||
Mail: "mail",
|
||||
|
@ -4345,12 +4345,12 @@ func TestShouldUpdateUserPasswordActiveDirectory(t *testing.T) {
|
|||
mockClient := NewMockLDAPClient(ctrl)
|
||||
|
||||
provider := NewLDAPUserProviderWithFactory(
|
||||
schema.AuthenticationBackendLDAP{
|
||||
schema.LDAPAuthenticationBackend{
|
||||
Implementation: "activedirectory",
|
||||
Address: testLDAPAddress,
|
||||
User: "cn=admin,dc=example,dc=com",
|
||||
Password: "password",
|
||||
Attributes: schema.AuthenticationBackendLDAPAttributes{
|
||||
Attributes: schema.LDAPAuthenticationAttributes{
|
||||
DistinguishedName: "distinguishedName",
|
||||
Username: "sAMAccountName",
|
||||
Mail: "mail",
|
||||
|
@ -4460,12 +4460,12 @@ func TestShouldUpdateUserPasswordBasic(t *testing.T) {
|
|||
mockClient := NewMockLDAPClient(ctrl)
|
||||
|
||||
provider := NewLDAPUserProviderWithFactory(
|
||||
schema.AuthenticationBackendLDAP{
|
||||
schema.LDAPAuthenticationBackend{
|
||||
Implementation: "custom",
|
||||
Address: testLDAPAddress,
|
||||
User: "uid=admin,dc=example,dc=com",
|
||||
Password: "password",
|
||||
Attributes: schema.AuthenticationBackendLDAPAttributes{
|
||||
Attributes: schema.LDAPAuthenticationAttributes{
|
||||
Username: "uid",
|
||||
Mail: "mail",
|
||||
DisplayName: "displayName",
|
||||
|
@ -4571,11 +4571,11 @@ func TestShouldReturnErrorWhenMultipleUsernameAttributes(t *testing.T) {
|
|||
mockClient := NewMockLDAPClient(ctrl)
|
||||
|
||||
provider := NewLDAPUserProviderWithFactory(
|
||||
schema.AuthenticationBackendLDAP{
|
||||
schema.LDAPAuthenticationBackend{
|
||||
Address: testLDAPAddress,
|
||||
User: "cn=admin,dc=example,dc=com",
|
||||
Password: "password",
|
||||
Attributes: schema.AuthenticationBackendLDAPAttributes{
|
||||
Attributes: schema.LDAPAuthenticationAttributes{
|
||||
Username: "uid",
|
||||
Mail: "mail",
|
||||
DisplayName: "displayName",
|
||||
|
@ -4640,11 +4640,11 @@ func TestShouldReturnErrorWhenZeroUsernameAttributes(t *testing.T) {
|
|||
mockClient := NewMockLDAPClient(ctrl)
|
||||
|
||||
provider := NewLDAPUserProviderWithFactory(
|
||||
schema.AuthenticationBackendLDAP{
|
||||
schema.LDAPAuthenticationBackend{
|
||||
Address: testLDAPAddress,
|
||||
User: "cn=admin,dc=example,dc=com",
|
||||
Password: "password",
|
||||
Attributes: schema.AuthenticationBackendLDAPAttributes{
|
||||
Attributes: schema.LDAPAuthenticationAttributes{
|
||||
Username: "uid",
|
||||
Mail: "mail",
|
||||
DisplayName: "displayName",
|
||||
|
@ -4709,11 +4709,11 @@ func TestShouldReturnErrorWhenUsernameAttributeNotReturned(t *testing.T) {
|
|||
mockClient := NewMockLDAPClient(ctrl)
|
||||
|
||||
provider := NewLDAPUserProviderWithFactory(
|
||||
schema.AuthenticationBackendLDAP{
|
||||
schema.LDAPAuthenticationBackend{
|
||||
Address: testLDAPAddress,
|
||||
User: "cn=admin,dc=example,dc=com",
|
||||
Password: "password",
|
||||
Attributes: schema.AuthenticationBackendLDAPAttributes{
|
||||
Attributes: schema.LDAPAuthenticationAttributes{
|
||||
Username: "uid",
|
||||
Mail: "mail",
|
||||
DisplayName: "displayName",
|
||||
|
@ -4774,11 +4774,11 @@ func TestShouldReturnErrorWhenMultipleUsersFound(t *testing.T) {
|
|||
mockClient := NewMockLDAPClient(ctrl)
|
||||
|
||||
provider := NewLDAPUserProviderWithFactory(
|
||||
schema.AuthenticationBackendLDAP{
|
||||
schema.LDAPAuthenticationBackend{
|
||||
Address: testLDAPAddress,
|
||||
User: "cn=admin,dc=example,dc=com",
|
||||
Password: "password",
|
||||
Attributes: schema.AuthenticationBackendLDAPAttributes{
|
||||
Attributes: schema.LDAPAuthenticationAttributes{
|
||||
Username: "uid",
|
||||
Mail: "mail",
|
||||
DisplayName: "displayName",
|
||||
|
@ -4860,11 +4860,11 @@ func TestShouldReturnErrorWhenNoDN(t *testing.T) {
|
|||
mockClient := NewMockLDAPClient(ctrl)
|
||||
|
||||
provider := NewLDAPUserProviderWithFactory(
|
||||
schema.AuthenticationBackendLDAP{
|
||||
schema.LDAPAuthenticationBackend{
|
||||
Address: testLDAPAddress,
|
||||
User: "cn=admin,dc=example,dc=com",
|
||||
Password: "password",
|
||||
Attributes: schema.AuthenticationBackendLDAPAttributes{
|
||||
Attributes: schema.LDAPAuthenticationAttributes{
|
||||
Username: "uid",
|
||||
Mail: "mail",
|
||||
DisplayName: "displayName",
|
||||
|
@ -4929,11 +4929,11 @@ func TestShouldCheckValidUserPassword(t *testing.T) {
|
|||
mockClient := NewMockLDAPClient(ctrl)
|
||||
|
||||
provider := NewLDAPUserProviderWithFactory(
|
||||
schema.AuthenticationBackendLDAP{
|
||||
schema.LDAPAuthenticationBackend{
|
||||
Address: testLDAPAddress,
|
||||
User: "cn=admin,dc=example,dc=com",
|
||||
Password: "password",
|
||||
Attributes: schema.AuthenticationBackendLDAPAttributes{
|
||||
Attributes: schema.LDAPAuthenticationAttributes{
|
||||
Username: "uid",
|
||||
Mail: "mail",
|
||||
DisplayName: "displayName",
|
||||
|
@ -5000,11 +5000,11 @@ func TestShouldNotCheckValidUserPasswordWithConnectError(t *testing.T) {
|
|||
mockClient := NewMockLDAPClient(ctrl)
|
||||
|
||||
provider := NewLDAPUserProviderWithFactory(
|
||||
schema.AuthenticationBackendLDAP{
|
||||
schema.LDAPAuthenticationBackend{
|
||||
Address: testLDAPAddress,
|
||||
User: "cn=admin,dc=example,dc=com",
|
||||
Password: "password",
|
||||
Attributes: schema.AuthenticationBackendLDAPAttributes{
|
||||
Attributes: schema.LDAPAuthenticationAttributes{
|
||||
Username: "uid",
|
||||
Mail: "mail",
|
||||
DisplayName: "displayName",
|
||||
|
@ -5042,11 +5042,11 @@ func TestShouldNotCheckValidUserPasswordWithGetProfileError(t *testing.T) {
|
|||
mockClient := NewMockLDAPClient(ctrl)
|
||||
|
||||
provider := NewLDAPUserProviderWithFactory(
|
||||
schema.AuthenticationBackendLDAP{
|
||||
schema.LDAPAuthenticationBackend{
|
||||
Address: testLDAPAddress,
|
||||
User: "cn=admin,dc=example,dc=com",
|
||||
Password: "password",
|
||||
Attributes: schema.AuthenticationBackendLDAPAttributes{
|
||||
Attributes: schema.LDAPAuthenticationAttributes{
|
||||
Username: "uid",
|
||||
Mail: "mail",
|
||||
DisplayName: "displayName",
|
||||
|
@ -5087,11 +5087,11 @@ func TestShouldCheckInvalidUserPassword(t *testing.T) {
|
|||
mockClient := NewMockLDAPClient(ctrl)
|
||||
|
||||
provider := NewLDAPUserProviderWithFactory(
|
||||
schema.AuthenticationBackendLDAP{
|
||||
schema.LDAPAuthenticationBackend{
|
||||
Address: testLDAPAddress,
|
||||
User: "cn=admin,dc=example,dc=com",
|
||||
Password: "password",
|
||||
Attributes: schema.AuthenticationBackendLDAPAttributes{
|
||||
Attributes: schema.LDAPAuthenticationAttributes{
|
||||
Username: "uid",
|
||||
Mail: "mail",
|
||||
DisplayName: "displayName",
|
||||
|
@ -5158,11 +5158,11 @@ func TestShouldCallStartTLSWhenEnabled(t *testing.T) {
|
|||
mockClient := NewMockLDAPClient(ctrl)
|
||||
|
||||
provider := NewLDAPUserProviderWithFactory(
|
||||
schema.AuthenticationBackendLDAP{
|
||||
schema.LDAPAuthenticationBackend{
|
||||
Address: testLDAPAddress,
|
||||
User: "cn=admin,dc=example,dc=com",
|
||||
Password: "password",
|
||||
Attributes: schema.AuthenticationBackendLDAPAttributes{
|
||||
Attributes: schema.LDAPAuthenticationAttributes{
|
||||
Username: "uid",
|
||||
Mail: "mail",
|
||||
DisplayName: "displayName",
|
||||
|
@ -5237,11 +5237,11 @@ func TestShouldParseDynamicConfiguration(t *testing.T) {
|
|||
mockFactory := NewMockLDAPClientFactory(ctrl)
|
||||
|
||||
provider := NewLDAPUserProviderWithFactory(
|
||||
schema.AuthenticationBackendLDAP{
|
||||
schema.LDAPAuthenticationBackend{
|
||||
Address: testLDAPAddress,
|
||||
User: "cn=admin,dc=example,dc=com",
|
||||
Password: "password",
|
||||
Attributes: schema.AuthenticationBackendLDAPAttributes{
|
||||
Attributes: schema.LDAPAuthenticationAttributes{
|
||||
Username: "uid",
|
||||
Mail: "mail",
|
||||
DisplayName: "displayName",
|
||||
|
@ -5289,11 +5289,11 @@ func TestShouldCallStartTLSWithInsecureSkipVerifyWhenSkipVerifyTrue(t *testing.T
|
|||
mockClient := NewMockLDAPClient(ctrl)
|
||||
|
||||
provider := NewLDAPUserProviderWithFactory(
|
||||
schema.AuthenticationBackendLDAP{
|
||||
schema.LDAPAuthenticationBackend{
|
||||
Address: testLDAPAddress,
|
||||
User: "cn=admin,dc=example,dc=com",
|
||||
Password: "password",
|
||||
Attributes: schema.AuthenticationBackendLDAPAttributes{
|
||||
Attributes: schema.LDAPAuthenticationAttributes{
|
||||
Username: "uid",
|
||||
Mail: "mail",
|
||||
DisplayName: "displayName",
|
||||
|
@ -5304,7 +5304,7 @@ func TestShouldCallStartTLSWithInsecureSkipVerifyWhenSkipVerifyTrue(t *testing.T
|
|||
AdditionalUsersDN: "ou=users",
|
||||
BaseDN: "dc=example,dc=com",
|
||||
StartTLS: true,
|
||||
TLS: &schema.TLS{
|
||||
TLS: &schema.TLSConfig{
|
||||
SkipVerify: true,
|
||||
},
|
||||
},
|
||||
|
@ -5380,11 +5380,11 @@ func TestShouldReturnLDAPSAlreadySecuredWhenStartTLSAttempted(t *testing.T) {
|
|||
mockClient := NewMockLDAPClient(ctrl)
|
||||
|
||||
provider := NewLDAPUserProviderWithFactory(
|
||||
schema.AuthenticationBackendLDAP{
|
||||
schema.LDAPAuthenticationBackend{
|
||||
Address: testLDAPSAddress,
|
||||
User: "cn=admin,dc=example,dc=com",
|
||||
Password: "password",
|
||||
Attributes: schema.AuthenticationBackendLDAPAttributes{
|
||||
Attributes: schema.LDAPAuthenticationAttributes{
|
||||
Username: "uid",
|
||||
Mail: "mail",
|
||||
DisplayName: "displayName",
|
||||
|
@ -5394,7 +5394,7 @@ func TestShouldReturnLDAPSAlreadySecuredWhenStartTLSAttempted(t *testing.T) {
|
|||
AdditionalUsersDN: "ou=users",
|
||||
BaseDN: "dc=example,dc=com",
|
||||
StartTLS: true,
|
||||
TLS: &schema.TLS{
|
||||
TLS: &schema.TLSConfig{
|
||||
SkipVerify: true,
|
||||
},
|
||||
},
|
||||
|
|
|
@ -8,7 +8,7 @@ import (
|
|||
)
|
||||
|
||||
// NewAccessControlQuery creates a new AccessControlQuery rule type.
|
||||
func NewAccessControlQuery(config [][]schema.AccessControlRuleQuery) (rules []AccessControlQuery) {
|
||||
func NewAccessControlQuery(config [][]schema.ACLQueryRule) (rules []AccessControlQuery) {
|
||||
if len(config) == 0 {
|
||||
return nil
|
||||
}
|
||||
|
@ -47,8 +47,8 @@ func (acq AccessControlQuery) IsMatch(object Object) (isMatch bool) {
|
|||
return true
|
||||
}
|
||||
|
||||
// NewAccessControlQueryObjectMatcher creates a new ObjectMatcher rule type from a schema.AccessControlRuleQuery.
|
||||
func NewAccessControlQueryObjectMatcher(rule schema.AccessControlRuleQuery) (matcher ObjectMatcher, err error) {
|
||||
// NewAccessControlQueryObjectMatcher creates a new ObjectMatcher rule type from a schema.ACLQueryRule.
|
||||
func NewAccessControlQueryObjectMatcher(rule schema.ACLQueryRule) (matcher ObjectMatcher, err error) {
|
||||
switch rule.Operator {
|
||||
case operatorPresent, operatorAbsent:
|
||||
return &AccessControlQueryMatcherPresent{key: rule.Key, present: rule.Operator == operatorPresent}, nil
|
||||
|
|
|
@ -11,13 +11,13 @@ import (
|
|||
func TestNewAccessControlQuery(t *testing.T) {
|
||||
testCases := []struct {
|
||||
name string
|
||||
have [][]schema.AccessControlRuleQuery
|
||||
have [][]schema.ACLQueryRule
|
||||
expected []AccessControlQuery
|
||||
matches [][]Object
|
||||
}{
|
||||
{
|
||||
"ShouldSkipInvalidTypeEqual",
|
||||
[][]schema.AccessControlRuleQuery{
|
||||
[][]schema.ACLQueryRule{
|
||||
{
|
||||
{Operator: operatorEqual, Key: "example", Value: 1},
|
||||
},
|
||||
|
@ -27,7 +27,7 @@ func TestNewAccessControlQuery(t *testing.T) {
|
|||
},
|
||||
{
|
||||
"ShouldSkipInvalidTypePattern",
|
||||
[][]schema.AccessControlRuleQuery{
|
||||
[][]schema.ACLQueryRule{
|
||||
{
|
||||
{Operator: operatorPattern, Key: "example", Value: 1},
|
||||
},
|
||||
|
@ -37,7 +37,7 @@ func TestNewAccessControlQuery(t *testing.T) {
|
|||
},
|
||||
{
|
||||
"ShouldSkipInvalidOperator",
|
||||
[][]schema.AccessControlRuleQuery{
|
||||
[][]schema.ACLQueryRule{
|
||||
{
|
||||
{Operator: "nop", Key: "example", Value: 1},
|
||||
},
|
||||
|
|
|
@ -7,8 +7,8 @@ import (
|
|||
"github.com/authelia/authelia/v4/internal/utils"
|
||||
)
|
||||
|
||||
// NewAccessControlRules converts a schema.AccessControl into an AccessControlRule slice.
|
||||
func NewAccessControlRules(config schema.AccessControl) (rules []*AccessControlRule) {
|
||||
// NewAccessControlRules converts a schema.AccessControlConfiguration into an AccessControlRule slice.
|
||||
func NewAccessControlRules(config schema.AccessControlConfiguration) (rules []*AccessControlRule) {
|
||||
networksMap, networksCacheMap := parseSchemaNetworks(config.Networks)
|
||||
|
||||
for i, schemaRule := range config.Rules {
|
||||
|
@ -19,7 +19,7 @@ func NewAccessControlRules(config schema.AccessControl) (rules []*AccessControlR
|
|||
}
|
||||
|
||||
// NewAccessControlRule parses a schema ACL and generates an internal ACL.
|
||||
func NewAccessControlRule(pos int, rule schema.AccessControlRule, networksMap map[string][]*net.IPNet, networksCacheMap map[string]*net.IPNet) *AccessControlRule {
|
||||
func NewAccessControlRule(pos int, rule schema.ACLRule, networksMap map[string][]*net.IPNet, networksCacheMap map[string]*net.IPNet) *AccessControlRule {
|
||||
r := &AccessControlRule{
|
||||
Position: pos,
|
||||
Query: NewAccessControlQuery(rule.Query),
|
||||
|
|
|
@ -22,7 +22,7 @@ type AuthorizerTester struct {
|
|||
*Authorizer
|
||||
}
|
||||
|
||||
func NewAuthorizerTester(config schema.AccessControl) *AuthorizerTester {
|
||||
func NewAuthorizerTester(config schema.AccessControlConfiguration) *AuthorizerTester {
|
||||
fullConfig := &schema.Configuration{
|
||||
AccessControl: config,
|
||||
}
|
||||
|
@ -51,7 +51,7 @@ func (s *AuthorizerTester) GetRuleMatchResults(subject Subject, requestURI, meth
|
|||
}
|
||||
|
||||
type AuthorizerTesterBuilder struct {
|
||||
config schema.AccessControl
|
||||
config schema.AccessControlConfiguration
|
||||
}
|
||||
|
||||
func NewAuthorizerBuilder() *AuthorizerTesterBuilder {
|
||||
|
@ -63,7 +63,7 @@ func (b *AuthorizerTesterBuilder) WithDefaultPolicy(policy string) *AuthorizerTe
|
|||
return b
|
||||
}
|
||||
|
||||
func (b *AuthorizerTesterBuilder) WithRule(rule schema.AccessControlRule) *AuthorizerTesterBuilder {
|
||||
func (b *AuthorizerTesterBuilder) WithRule(rule schema.ACLRule) *AuthorizerTesterBuilder {
|
||||
b.config.Rules = append(b.config.Rules, rule)
|
||||
return b
|
||||
}
|
||||
|
@ -133,7 +133,7 @@ func (s *AuthorizerSuite) TestShouldCheckDefaultDeniedConfig() {
|
|||
func (s *AuthorizerSuite) TestShouldCheckMultiDomainRule() {
|
||||
tester := NewAuthorizerBuilder().
|
||||
WithDefaultPolicy(deny).
|
||||
WithRule(schema.AccessControlRule{
|
||||
WithRule(schema.ACLRule{
|
||||
Domains: []string{"*.example.com"},
|
||||
Policy: bypass,
|
||||
}).
|
||||
|
@ -150,11 +150,11 @@ func (s *AuthorizerSuite) TestShouldCheckMultiDomainRule() {
|
|||
func (s *AuthorizerSuite) TestShouldCheckDynamicDomainRules() {
|
||||
tester := NewAuthorizerBuilder().
|
||||
WithDefaultPolicy(deny).
|
||||
WithRule(schema.AccessControlRule{
|
||||
WithRule(schema.ACLRule{
|
||||
Domains: []string{"{user}.example.com"},
|
||||
Policy: oneFactor,
|
||||
}).
|
||||
WithRule(schema.AccessControlRule{
|
||||
WithRule(schema.ACLRule{
|
||||
Domains: []string{"{group}.example.com"},
|
||||
Policy: oneFactor,
|
||||
}).
|
||||
|
@ -169,7 +169,7 @@ func (s *AuthorizerSuite) TestShouldCheckDynamicDomainRules() {
|
|||
func (s *AuthorizerSuite) TestShouldCheckMultipleDomainRule() {
|
||||
tester := NewAuthorizerBuilder().
|
||||
WithDefaultPolicy(deny).
|
||||
WithRule(schema.AccessControlRule{
|
||||
WithRule(schema.ACLRule{
|
||||
Domains: []string{"*.example.com", "other.com"},
|
||||
Policy: bypass,
|
||||
}).
|
||||
|
@ -189,15 +189,15 @@ func (s *AuthorizerSuite) TestShouldCheckMultipleDomainRule() {
|
|||
func (s *AuthorizerSuite) TestShouldCheckFactorsPolicy() {
|
||||
tester := NewAuthorizerBuilder().
|
||||
WithDefaultPolicy(deny).
|
||||
WithRule(schema.AccessControlRule{
|
||||
WithRule(schema.ACLRule{
|
||||
Domains: []string{"single.example.com"},
|
||||
Policy: oneFactor,
|
||||
}).
|
||||
WithRule(schema.AccessControlRule{
|
||||
WithRule(schema.ACLRule{
|
||||
Domains: []string{"protected.example.com"},
|
||||
Policy: twoFactor,
|
||||
}).
|
||||
WithRule(schema.AccessControlRule{
|
||||
WithRule(schema.ACLRule{
|
||||
Domains: []string{"public.example.com"},
|
||||
Policy: bypass,
|
||||
}).
|
||||
|
@ -212,9 +212,9 @@ func (s *AuthorizerSuite) TestShouldCheckFactorsPolicy() {
|
|||
func (s *AuthorizerSuite) TestShouldCheckQueryPolicy() {
|
||||
tester := NewAuthorizerBuilder().
|
||||
WithDefaultPolicy(deny).
|
||||
WithRule(schema.AccessControlRule{
|
||||
WithRule(schema.ACLRule{
|
||||
Domains: []string{"one.example.com"},
|
||||
Query: [][]schema.AccessControlRuleQuery{
|
||||
Query: [][]schema.ACLQueryRule{
|
||||
{
|
||||
{
|
||||
Operator: operatorEqual,
|
||||
|
@ -235,9 +235,9 @@ func (s *AuthorizerSuite) TestShouldCheckQueryPolicy() {
|
|||
},
|
||||
Policy: oneFactor,
|
||||
}).
|
||||
WithRule(schema.AccessControlRule{
|
||||
WithRule(schema.ACLRule{
|
||||
Domains: []string{"two.example.com"},
|
||||
Query: [][]schema.AccessControlRuleQuery{
|
||||
Query: [][]schema.ACLQueryRule{
|
||||
{
|
||||
{
|
||||
Operator: operatorEqual,
|
||||
|
@ -255,9 +255,9 @@ func (s *AuthorizerSuite) TestShouldCheckQueryPolicy() {
|
|||
},
|
||||
Policy: twoFactor,
|
||||
}).
|
||||
WithRule(schema.AccessControlRule{
|
||||
WithRule(schema.ACLRule{
|
||||
Domains: []string{"three.example.com"},
|
||||
Query: [][]schema.AccessControlRuleQuery{
|
||||
Query: [][]schema.ACLQueryRule{
|
||||
{
|
||||
{
|
||||
Operator: operatorNotEqual,
|
||||
|
@ -273,9 +273,9 @@ func (s *AuthorizerSuite) TestShouldCheckQueryPolicy() {
|
|||
},
|
||||
Policy: twoFactor,
|
||||
}).
|
||||
WithRule(schema.AccessControlRule{
|
||||
WithRule(schema.ACLRule{
|
||||
Domains: []string{"four.example.com"},
|
||||
Query: [][]schema.AccessControlRuleQuery{
|
||||
Query: [][]schema.ACLQueryRule{
|
||||
{
|
||||
{
|
||||
Operator: operatorPattern,
|
||||
|
@ -286,9 +286,9 @@ func (s *AuthorizerSuite) TestShouldCheckQueryPolicy() {
|
|||
},
|
||||
Policy: twoFactor,
|
||||
}).
|
||||
WithRule(schema.AccessControlRule{
|
||||
WithRule(schema.ACLRule{
|
||||
Domains: []string{"five.example.com"},
|
||||
Query: [][]schema.AccessControlRuleQuery{
|
||||
Query: [][]schema.ACLQueryRule{
|
||||
{
|
||||
{
|
||||
Operator: operatorNotPattern,
|
||||
|
@ -335,16 +335,16 @@ func (s *AuthorizerSuite) TestShouldCheckQueryPolicy() {
|
|||
func (s *AuthorizerSuite) TestShouldCheckRulePrecedence() {
|
||||
tester := NewAuthorizerBuilder().
|
||||
WithDefaultPolicy(deny).
|
||||
WithRule(schema.AccessControlRule{
|
||||
WithRule(schema.ACLRule{
|
||||
Domains: []string{"protected.example.com"},
|
||||
Policy: bypass,
|
||||
Subjects: [][]string{{"user:john"}},
|
||||
}).
|
||||
WithRule(schema.AccessControlRule{
|
||||
WithRule(schema.ACLRule{
|
||||
Domains: []string{"protected.example.com"},
|
||||
Policy: oneFactor,
|
||||
}).
|
||||
WithRule(schema.AccessControlRule{
|
||||
WithRule(schema.ACLRule{
|
||||
Domains: []string{"*.example.com"},
|
||||
Policy: twoFactor,
|
||||
}).
|
||||
|
@ -357,24 +357,24 @@ func (s *AuthorizerSuite) TestShouldCheckRulePrecedence() {
|
|||
|
||||
func (s *AuthorizerSuite) TestShouldCheckDomainMatching() {
|
||||
tester := NewAuthorizerBuilder().
|
||||
WithRule(schema.AccessControlRule{
|
||||
WithRule(schema.ACLRule{
|
||||
Domains: []string{"public.example.com"},
|
||||
Policy: bypass,
|
||||
}).
|
||||
WithRule(schema.AccessControlRule{
|
||||
WithRule(schema.ACLRule{
|
||||
Domains: []string{"one-factor.example.com"},
|
||||
Policy: oneFactor,
|
||||
}).
|
||||
WithRule(schema.AccessControlRule{
|
||||
WithRule(schema.ACLRule{
|
||||
Domains: []string{"two-factor.example.com"},
|
||||
Policy: twoFactor,
|
||||
}).
|
||||
WithRule(schema.AccessControlRule{
|
||||
WithRule(schema.ACLRule{
|
||||
Domains: []string{"*.example.com"},
|
||||
Policy: oneFactor,
|
||||
Subjects: [][]string{{"group:admins"}},
|
||||
}).
|
||||
WithRule(schema.AccessControlRule{
|
||||
WithRule(schema.ACLRule{
|
||||
Domains: []string{"*.example.com"},
|
||||
Policy: twoFactor,
|
||||
}).
|
||||
|
@ -466,23 +466,23 @@ func (s *AuthorizerSuite) TestShouldCheckDomainRegexMatching() {
|
|||
}
|
||||
|
||||
tester := NewAuthorizerBuilder().
|
||||
WithRule(schema.AccessControlRule{
|
||||
WithRule(schema.ACLRule{
|
||||
DomainsRegex: createSliceRegexRule(s.T(), []string{`^.*\.example.com$`}),
|
||||
Policy: bypass,
|
||||
}).
|
||||
WithRule(schema.AccessControlRule{
|
||||
WithRule(schema.ACLRule{
|
||||
DomainsRegex: createSliceRegexRule(s.T(), []string{`^.*\.example2.com$`}),
|
||||
Policy: oneFactor,
|
||||
}).
|
||||
WithRule(schema.AccessControlRule{
|
||||
WithRule(schema.ACLRule{
|
||||
DomainsRegex: createSliceRegexRule(s.T(), []string{`^(?P<User>[a-zA-Z0-9]+)\.regex.com$`}),
|
||||
Policy: oneFactor,
|
||||
}).
|
||||
WithRule(schema.AccessControlRule{
|
||||
WithRule(schema.ACLRule{
|
||||
DomainsRegex: createSliceRegexRule(s.T(), []string{`^group-(?P<Group>[a-zA-Z0-9]+)\.regex.com$`}),
|
||||
Policy: twoFactor,
|
||||
}).
|
||||
WithRule(schema.AccessControlRule{
|
||||
WithRule(schema.ACLRule{
|
||||
DomainsRegex: createSliceRegexRule(s.T(), []string{`^.*\.(one|two).com$`}),
|
||||
Policy: twoFactor,
|
||||
}).
|
||||
|
@ -548,17 +548,17 @@ func (s *AuthorizerSuite) TestShouldCheckResourceSubjectMatching() {
|
|||
}
|
||||
|
||||
tester := NewAuthorizerBuilder().
|
||||
WithRule(schema.AccessControlRule{
|
||||
WithRule(schema.ACLRule{
|
||||
Domains: []string{"id.example.com"},
|
||||
Policy: oneFactor,
|
||||
Resources: createSliceRegexRule(s.T(), []string{`^/(?P<User>[a-zA-Z0-9]+)/personal(/|/.*)?$`, `^/(?P<Group>[a-zA-Z0-9]+)/group(/|/.*)?$`}),
|
||||
}).
|
||||
WithRule(schema.AccessControlRule{
|
||||
WithRule(schema.ACLRule{
|
||||
Domains: []string{"id.example.com"},
|
||||
Policy: deny,
|
||||
Resources: createSliceRegexRule(s.T(), []string{`^/([a-zA-Z0-9]+)/personal(/|/.*)?$`, `^/([a-zA-Z0-9]+)/group(/|/.*)?$`}),
|
||||
}).
|
||||
WithRule(schema.AccessControlRule{
|
||||
WithRule(schema.ACLRule{
|
||||
Domains: []string{"id.example.com"},
|
||||
Policy: bypass,
|
||||
}).
|
||||
|
@ -629,7 +629,7 @@ func (s *AuthorizerSuite) TestShouldCheckResourceSubjectMatching() {
|
|||
func (s *AuthorizerSuite) TestShouldCheckUserMatching() {
|
||||
tester := NewAuthorizerBuilder().
|
||||
WithDefaultPolicy(deny).
|
||||
WithRule(schema.AccessControlRule{
|
||||
WithRule(schema.ACLRule{
|
||||
Domains: []string{"protected.example.com"},
|
||||
Policy: oneFactor,
|
||||
Subjects: [][]string{{"user:john"}},
|
||||
|
@ -643,7 +643,7 @@ func (s *AuthorizerSuite) TestShouldCheckUserMatching() {
|
|||
func (s *AuthorizerSuite) TestShouldCheckGroupMatching() {
|
||||
tester := NewAuthorizerBuilder().
|
||||
WithDefaultPolicy(deny).
|
||||
WithRule(schema.AccessControlRule{
|
||||
WithRule(schema.ACLRule{
|
||||
Domains: []string{"protected.example.com"},
|
||||
Policy: oneFactor,
|
||||
Subjects: [][]string{{"group:admins"}},
|
||||
|
@ -657,7 +657,7 @@ func (s *AuthorizerSuite) TestShouldCheckGroupMatching() {
|
|||
func (s *AuthorizerSuite) TestShouldCheckSubjectsMatching() {
|
||||
tester := NewAuthorizerBuilder().
|
||||
WithDefaultPolicy(deny).
|
||||
WithRule(schema.AccessControlRule{
|
||||
WithRule(schema.ACLRule{
|
||||
Domains: []string{"protected.example.com"},
|
||||
Policy: oneFactor,
|
||||
Subjects: [][]string{{"group:admins"}, {"user:bob"}},
|
||||
|
@ -673,7 +673,7 @@ func (s *AuthorizerSuite) TestShouldCheckSubjectsMatching() {
|
|||
func (s *AuthorizerSuite) TestShouldCheckMultipleSubjectsMatching() {
|
||||
tester := NewAuthorizerBuilder().
|
||||
WithDefaultPolicy(deny).
|
||||
WithRule(schema.AccessControlRule{
|
||||
WithRule(schema.ACLRule{
|
||||
Domains: []string{"protected.example.com"},
|
||||
Policy: oneFactor,
|
||||
Subjects: [][]string{{"group:admins", "user:bob"}, {"group:admins", "group:dev"}},
|
||||
|
@ -688,27 +688,27 @@ func (s *AuthorizerSuite) TestShouldCheckMultipleSubjectsMatching() {
|
|||
func (s *AuthorizerSuite) TestShouldCheckIPMatching() {
|
||||
tester := NewAuthorizerBuilder().
|
||||
WithDefaultPolicy(deny).
|
||||
WithRule(schema.AccessControlRule{
|
||||
WithRule(schema.ACLRule{
|
||||
Domains: []string{"protected.example.com"},
|
||||
Policy: bypass,
|
||||
Networks: []string{"192.168.1.8", "10.0.0.8"},
|
||||
}).
|
||||
WithRule(schema.AccessControlRule{
|
||||
WithRule(schema.ACLRule{
|
||||
Domains: []string{"protected.example.com"},
|
||||
Policy: oneFactor,
|
||||
Networks: []string{"10.0.0.7"},
|
||||
}).
|
||||
WithRule(schema.AccessControlRule{
|
||||
WithRule(schema.ACLRule{
|
||||
Domains: []string{"net.example.com"},
|
||||
Policy: twoFactor,
|
||||
Networks: []string{"10.0.0.0/8"},
|
||||
}).
|
||||
WithRule(schema.AccessControlRule{
|
||||
WithRule(schema.ACLRule{
|
||||
Domains: []string{"ipv6.example.com"},
|
||||
Policy: twoFactor,
|
||||
Networks: []string{"fec0::1/64"},
|
||||
}).
|
||||
WithRule(schema.AccessControlRule{
|
||||
WithRule(schema.ACLRule{
|
||||
Domains: []string{"ipv6-alt.example.com"},
|
||||
Policy: twoFactor,
|
||||
Networks: []string{"fec0::1"},
|
||||
|
@ -732,17 +732,17 @@ func (s *AuthorizerSuite) TestShouldCheckIPMatching() {
|
|||
func (s *AuthorizerSuite) TestShouldCheckMethodMatching() {
|
||||
tester := NewAuthorizerBuilder().
|
||||
WithDefaultPolicy(deny).
|
||||
WithRule(schema.AccessControlRule{
|
||||
WithRule(schema.ACLRule{
|
||||
Domains: []string{"protected.example.com"},
|
||||
Policy: bypass,
|
||||
Methods: []string{fasthttp.MethodOptions, fasthttp.MethodHead, fasthttp.MethodGet, fasthttp.MethodConnect, fasthttp.MethodTrace},
|
||||
}).
|
||||
WithRule(schema.AccessControlRule{
|
||||
WithRule(schema.ACLRule{
|
||||
Domains: []string{"protected.example.com"},
|
||||
Policy: oneFactor,
|
||||
Methods: []string{fasthttp.MethodPut, fasthttp.MethodPatch, fasthttp.MethodPost},
|
||||
}).
|
||||
WithRule(schema.AccessControlRule{
|
||||
WithRule(schema.ACLRule{
|
||||
Domains: []string{"protected.example.com"},
|
||||
Policy: twoFactor,
|
||||
Methods: []string{fasthttp.MethodDelete},
|
||||
|
@ -773,27 +773,27 @@ func (s *AuthorizerSuite) TestShouldCheckResourceMatching() {
|
|||
|
||||
tester := NewAuthorizerBuilder().
|
||||
WithDefaultPolicy(deny).
|
||||
WithRule(schema.AccessControlRule{
|
||||
WithRule(schema.ACLRule{
|
||||
Domains: []string{"resource.example.com"},
|
||||
Policy: bypass,
|
||||
Resources: createSliceRegexRule(s.T(), []string{"^/case/[a-z]+$", "^/$"}),
|
||||
}).
|
||||
WithRule(schema.AccessControlRule{
|
||||
WithRule(schema.ACLRule{
|
||||
Domains: []string{"resource.example.com"},
|
||||
Policy: bypass,
|
||||
Resources: createSliceRegexRule(s.T(), []string{"^/bypass/.*$", "^/$", "embedded"}),
|
||||
}).
|
||||
WithRule(schema.AccessControlRule{
|
||||
WithRule(schema.ACLRule{
|
||||
Domains: []string{"resource.example.com"},
|
||||
Policy: oneFactor,
|
||||
Resources: createSliceRegexRule(s.T(), []string{"^/one_factor/.*$"}),
|
||||
}).
|
||||
WithRule(schema.AccessControlRule{
|
||||
WithRule(schema.ACLRule{
|
||||
Domains: []string{"resource.example.com"},
|
||||
Policy: twoFactor,
|
||||
Resources: createSliceRegexRule(s.T(), []string{"^/a/longer/rule/.*$"}),
|
||||
}).
|
||||
WithRule(schema.AccessControlRule{
|
||||
WithRule(schema.ACLRule{
|
||||
Domains: []string{"resource.example.com"},
|
||||
Policy: twoFactor,
|
||||
Resources: createSliceRegexRule(s.T(), []string{"^/an/exact/path/$"}),
|
||||
|
@ -833,15 +833,15 @@ func (s *AuthorizerSuite) TestShouldCheckResourceMatching() {
|
|||
// This test assures that rules without domains (not allowed by schema validator at this time) will pass validation correctly.
|
||||
func (s *AuthorizerSuite) TestShouldMatchAnyDomainIfBlank() {
|
||||
tester := NewAuthorizerBuilder().
|
||||
WithRule(schema.AccessControlRule{
|
||||
WithRule(schema.ACLRule{
|
||||
Policy: bypass,
|
||||
Methods: []string{fasthttp.MethodOptions, fasthttp.MethodHead, fasthttp.MethodGet, fasthttp.MethodConnect, fasthttp.MethodTrace},
|
||||
}).
|
||||
WithRule(schema.AccessControlRule{
|
||||
WithRule(schema.ACLRule{
|
||||
Policy: oneFactor,
|
||||
Methods: []string{fasthttp.MethodPut, fasthttp.MethodPatch},
|
||||
}).
|
||||
WithRule(schema.AccessControlRule{
|
||||
WithRule(schema.ACLRule{
|
||||
Policy: twoFactor,
|
||||
Methods: []string{fasthttp.MethodDelete},
|
||||
}).
|
||||
|
@ -875,37 +875,37 @@ func (s *AuthorizerSuite) TestShouldMatchResourceWithSubjectRules() {
|
|||
|
||||
tester := NewAuthorizerBuilder().
|
||||
WithDefaultPolicy(deny).
|
||||
WithRule(schema.AccessControlRule{
|
||||
WithRule(schema.ACLRule{
|
||||
Domains: []string{"public.example.com"},
|
||||
Resources: createSliceRegexRule(s.T(), []string{"^/admin/.*$"}),
|
||||
Subjects: [][]string{{"group:admins"}},
|
||||
Policy: oneFactor,
|
||||
}).
|
||||
WithRule(schema.AccessControlRule{
|
||||
WithRule(schema.ACLRule{
|
||||
Domains: []string{"public.example.com"},
|
||||
Resources: createSliceRegexRule(s.T(), []string{"^/admin/.*$"}),
|
||||
Policy: deny,
|
||||
}).
|
||||
WithRule(schema.AccessControlRule{
|
||||
WithRule(schema.ACLRule{
|
||||
Domains: []string{"public.example.com"},
|
||||
Policy: bypass,
|
||||
}).
|
||||
WithRule(schema.AccessControlRule{
|
||||
WithRule(schema.ACLRule{
|
||||
Domains: []string{"public2.example.com"},
|
||||
Resources: createSliceRegexRule(s.T(), []string{"^/admin/.*$"}),
|
||||
Subjects: [][]string{{"group:admins"}},
|
||||
Policy: bypass,
|
||||
}).
|
||||
WithRule(schema.AccessControlRule{
|
||||
WithRule(schema.ACLRule{
|
||||
Domains: []string{"public2.example.com"},
|
||||
Resources: createSliceRegexRule(s.T(), []string{"^/admin/.*$"}),
|
||||
Policy: deny,
|
||||
}).
|
||||
WithRule(schema.AccessControlRule{
|
||||
WithRule(schema.ACLRule{
|
||||
Domains: []string{"public2.example.com"},
|
||||
Policy: bypass,
|
||||
}).
|
||||
WithRule(schema.AccessControlRule{
|
||||
WithRule(schema.ACLRule{
|
||||
Domains: []string{"private.example.com"},
|
||||
Subjects: [][]string{{"group:admins"}},
|
||||
Policy: twoFactor,
|
||||
|
@ -1004,9 +1004,9 @@ func TestRunSuite(t *testing.T) {
|
|||
|
||||
func TestNewAuthorizer(t *testing.T) {
|
||||
config := &schema.Configuration{
|
||||
AccessControl: schema.AccessControl{
|
||||
AccessControl: schema.AccessControlConfiguration{
|
||||
DefaultPolicy: deny,
|
||||
Rules: []schema.AccessControlRule{
|
||||
Rules: []schema.ACLRule{
|
||||
{
|
||||
Domains: []string{"example.com"},
|
||||
Policy: twoFactor,
|
||||
|
@ -1039,9 +1039,9 @@ func TestNewAuthorizer(t *testing.T) {
|
|||
|
||||
func TestAuthorizerIsSecondFactorEnabledRuleWithNoOIDC(t *testing.T) {
|
||||
config := &schema.Configuration{
|
||||
AccessControl: schema.AccessControl{
|
||||
AccessControl: schema.AccessControlConfiguration{
|
||||
DefaultPolicy: deny,
|
||||
Rules: []schema.AccessControlRule{
|
||||
Rules: []schema.ACLRule{
|
||||
{
|
||||
Domains: []string{"example.com"},
|
||||
Policy: oneFactor,
|
||||
|
@ -1060,9 +1060,9 @@ func TestAuthorizerIsSecondFactorEnabledRuleWithNoOIDC(t *testing.T) {
|
|||
|
||||
func TestAuthorizerIsSecondFactorEnabledRuleWithOIDC(t *testing.T) {
|
||||
config := &schema.Configuration{
|
||||
AccessControl: schema.AccessControl{
|
||||
AccessControl: schema.AccessControlConfiguration{
|
||||
DefaultPolicy: deny,
|
||||
Rules: []schema.AccessControlRule{
|
||||
Rules: []schema.ACLRule{
|
||||
{
|
||||
Domains: []string{"example.com"},
|
||||
Policy: oneFactor,
|
||||
|
@ -1070,8 +1070,8 @@ func TestAuthorizerIsSecondFactorEnabledRuleWithOIDC(t *testing.T) {
|
|||
},
|
||||
},
|
||||
IdentityProviders: schema.IdentityProviders{
|
||||
OIDC: &schema.IdentityProvidersOpenIDConnect{
|
||||
Clients: []schema.IdentityProvidersOpenIDConnectClient{
|
||||
OIDC: &schema.OpenIDConnect{
|
||||
Clients: []schema.OpenIDConnectClient{
|
||||
{
|
||||
Policy: oneFactor,
|
||||
},
|
||||
|
|
|
@ -138,7 +138,7 @@ func schemaNetworksToACL(networkRules []string, networksMap map[string][]*net.IP
|
|||
return networks
|
||||
}
|
||||
|
||||
func parseSchemaNetworks(schemaNetworks []schema.AccessControlNetwork) (networksMap map[string][]*net.IPNet, networksCacheMap map[string]*net.IPNet) {
|
||||
func parseSchemaNetworks(schemaNetworks []schema.ACLNetwork) (networksMap map[string][]*net.IPNet, networksCacheMap map[string]*net.IPNet) {
|
||||
// These maps store pointers to the net.IPNet values so we can reuse them efficiently.
|
||||
// The networksMap contains the named networks as keys, the networksCacheMap contains the CIDR notations as keys.
|
||||
networksMap = map[string][]*net.IPNet{}
|
||||
|
|
|
@ -60,7 +60,7 @@ func TestShouldSplitDomainCorrectly(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestShouldParseRuleNetworks(t *testing.T) {
|
||||
schemaNetworks := []schema.AccessControlNetwork{
|
||||
schemaNetworks := []schema.ACLNetwork{
|
||||
{
|
||||
Name: "desktop",
|
||||
Networks: []string{
|
||||
|
@ -105,7 +105,7 @@ func TestShouldParseRuleNetworks(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestShouldParseACLNetworks(t *testing.T) {
|
||||
schemaNetworks := []schema.AccessControlNetwork{
|
||||
schemaNetworks := []schema.ACLNetwork{
|
||||
{
|
||||
Name: "test",
|
||||
Networks: []string{
|
||||
|
|
|
@ -16,6 +16,7 @@ import (
|
|||
"github.com/sirupsen/logrus"
|
||||
"github.com/valyala/fasthttp"
|
||||
"golang.org/x/sync/errgroup"
|
||||
"google.golang.org/grpc"
|
||||
|
||||
"github.com/authelia/authelia/v4/internal/authentication"
|
||||
"github.com/authelia/authelia/v4/internal/server"
|
||||
|
@ -33,6 +34,17 @@ func NewServerService(name string, server *fasthttp.Server, listener net.Listene
|
|||
}
|
||||
}
|
||||
|
||||
// NewGRCPServerService creates a new ServerService with the appropriate logger etc.
|
||||
func NewGRCPServerService(name string, server *grpc.Server, listener net.Listener, isTLS bool, log *logrus.Logger) (service *GRCPServerService) {
|
||||
return &GRCPServerService{
|
||||
name: name,
|
||||
server: server,
|
||||
listener: listener,
|
||||
isTLS: isTLS,
|
||||
log: log.WithFields(map[string]any{logFieldService: serviceTypeServer, serviceTypeServer: name}),
|
||||
}
|
||||
}
|
||||
|
||||
// NewFileWatcherService creates a new FileWatcherService with the appropriate logger etc.
|
||||
func NewFileWatcherService(name, path string, reload ProviderReload, log *logrus.Logger) (service *FileWatcherService, err error) {
|
||||
if path == "" {
|
||||
|
@ -161,6 +173,54 @@ func (service *ServerService) Log() *logrus.Entry {
|
|||
return service.log
|
||||
}
|
||||
|
||||
// GRCPServerService is a Service which runs a gRCP server.
|
||||
type GRCPServerService struct {
|
||||
name string
|
||||
server *grpc.Server
|
||||
isTLS bool
|
||||
listener net.Listener
|
||||
log *logrus.Entry
|
||||
}
|
||||
|
||||
// ServiceType returns the service type for this service, which is always 'server'.
|
||||
func (service *GRCPServerService) ServiceType() string {
|
||||
return serviceTypeServer
|
||||
}
|
||||
|
||||
// ServiceName returns the individual name for this service.
|
||||
func (service *GRCPServerService) ServiceName() string {
|
||||
return service.name
|
||||
}
|
||||
|
||||
// Run the ServerService.
|
||||
func (service *GRCPServerService) Run() (err error) {
|
||||
defer func() {
|
||||
if r := recover(); r != nil {
|
||||
service.log.WithError(recoverErr(r)).Error("Critical error caught (recovered)")
|
||||
}
|
||||
}()
|
||||
|
||||
service.log.Infof(fmtLogServerListening, connectionType(service.isTLS), service.listener.Addr().String())
|
||||
|
||||
if err = service.server.Serve(service.listener); err != nil {
|
||||
service.log.WithError(err).Error("Error returned attempting to serve requests")
|
||||
|
||||
return err
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// Shutdown the ServerService.
|
||||
func (service *GRCPServerService) Shutdown() {
|
||||
service.server.Stop()
|
||||
}
|
||||
|
||||
// Log returns the *logrus.Entry of the ServerService.
|
||||
func (service *GRCPServerService) Log() *logrus.Entry {
|
||||
return service.log
|
||||
}
|
||||
|
||||
// FileWatcherService is a Service that watches files for changes.
|
||||
type FileWatcherService struct {
|
||||
name string
|
||||
|
@ -272,6 +332,19 @@ func svcSvrMetricsFunc(ctx *CmdCtx) (service Service) {
|
|||
return service
|
||||
}
|
||||
|
||||
func svcSvrGRPCFunc(ctx *CmdCtx) (service Service) {
|
||||
switch svr, listener, isTLS, err := server.CreateGRPCServer(ctx.config, ctx.providers); {
|
||||
case err != nil:
|
||||
ctx.log.WithError(err).Fatal("Create Server Service (gRPC) returned error")
|
||||
case svr != nil && listener != nil:
|
||||
service = NewGRCPServerService("gRCP", svr, listener, isTLS, ctx.log)
|
||||
default:
|
||||
ctx.log.Debug("Create Server Service (gRPC) skipped")
|
||||
}
|
||||
|
||||
return service
|
||||
}
|
||||
|
||||
func svcWatcherUsersFunc(ctx *CmdCtx) (service Service) {
|
||||
var err error
|
||||
|
||||
|
@ -312,7 +385,7 @@ func servicesRun(ctx *CmdCtx) {
|
|||
)
|
||||
|
||||
for _, serviceFunc := range []func(ctx *CmdCtx) Service{
|
||||
svcSvrMainFunc, svcSvrMetricsFunc,
|
||||
svcSvrMainFunc, svcSvrGRPCFunc, svcSvrMetricsFunc,
|
||||
svcWatcherUsersFunc,
|
||||
} {
|
||||
if service := serviceFunc(ctx); service != nil {
|
||||
|
|
|
@ -490,7 +490,7 @@ func StringToCryptoPrivateKeyHookFunc() mapstructure.DecodeHookFuncType {
|
|||
return data, nil
|
||||
}
|
||||
|
||||
field, _ := reflect.TypeOf(schema.TLS{}).FieldByName("PrivateKey")
|
||||
field, _ := reflect.TypeOf(schema.TLSConfig{}).FieldByName("PrivateKey")
|
||||
expectedType := field.Type
|
||||
|
||||
if t != expectedType {
|
||||
|
|
|
@ -1,44 +1,43 @@
|
|||
package schema
|
||||
|
||||
// AccessControl represents the configuration related to ACLs.
|
||||
type AccessControl struct {
|
||||
// The default policy if no other policy matches the request.
|
||||
DefaultPolicy string `koanf:"default_policy" json:"default_policy" jsonschema:"default=deny,enum=deny,enum=one_factor,enum=two_factor,title=Default Authorization Policy" jsonschema_description:"The default policy applied to all authorization requests. Not relevant to OpenID Connect."`
|
||||
import (
|
||||
"regexp"
|
||||
)
|
||||
|
||||
// Represents a list of named network groups.
|
||||
Networks []AccessControlNetwork `koanf:"networks" json:"networks" jsonschema:"title=Named Networks" jsonschema_description:"The list of named networks which can be reused in any ACL rule"`
|
||||
|
||||
// The ACL rules list.
|
||||
Rules []AccessControlRule `koanf:"rules" json:"rules" jsonschema:"title=Rules List" jsonschema_description:"The list of ACL rules to enumerate for requests"`
|
||||
// AccessControlConfiguration represents the configuration related to ACLs.
|
||||
type AccessControlConfiguration struct {
|
||||
DefaultPolicy string `koanf:"default_policy"`
|
||||
Networks []ACLNetwork `koanf:"networks"`
|
||||
Rules []ACLRule `koanf:"rules"`
|
||||
}
|
||||
|
||||
// AccessControlNetwork represents one ACL network group entry.
|
||||
type AccessControlNetwork struct {
|
||||
Name string `koanf:"name" json:"name" jsonschema:"required,title=Network Name" jsonschema_description:"The name of this network to be used in the networks section of the rules section"`
|
||||
Networks AccessControlNetworkNetworks `koanf:"networks" json:"networks" jsonschema:"required,title=Networks" jsonschema_description:"The remote IP's or network ranges in CIDR notation that this rule applies to"`
|
||||
// ACLNetwork represents one ACL network group entry.
|
||||
type ACLNetwork struct {
|
||||
Name string `koanf:"name"`
|
||||
Networks []string `koanf:"networks"`
|
||||
}
|
||||
|
||||
// AccessControlRule represents one ACL rule entry.
|
||||
type AccessControlRule struct {
|
||||
Domains AccessControlRuleDomains `koanf:"domain" json:"domain" jsonschema:"oneof_required=Domain,uniqueItems,title=Domain Literals" jsonschema_description:"The literal domains to match the domain against that this rule applies to"`
|
||||
DomainsRegex AccessControlRuleRegex `koanf:"domain_regex" json:"domain_regex" jsonschema:"oneof_required=Domain Regex,title=Domain Regex Patterns" jsonschema_description:"The regex patterns to match the domain against that this rule applies to"`
|
||||
Policy string `koanf:"policy" json:"policy" jsonschema:"required,enum=bypass,enum=deny,enum=one_factor,enum=two_factor,title=Rule Policy" jsonschema_description:"The policy this rule applies when all criteria match"`
|
||||
Subjects AccessControlRuleSubjects `koanf:"subject" json:"subject" jsonschema:"title=AccessControlRuleSubjects" jsonschema_description:"The users or groups that this rule applies to"`
|
||||
Networks AccessControlRuleNetworks `koanf:"networks" json:"networks" jsonschema:"title=Networks" jsonschema_description:"The remote IP's, network ranges in CIDR notation, or network names that this rule applies to"`
|
||||
Resources AccessControlRuleRegex `koanf:"resources" json:"resources" jsonschema:"title=Resources or Paths" jsonschema_description:"The regex patterns to match the resource paths that this rule applies to"`
|
||||
Methods AccessControlRuleMethods `koanf:"methods" json:"methods" jsonschema:"enum=GET,enum=HEAD,enum=POST,enum=PUT,enum=DELETE,enum=CONNECT,enum=OPTIONS,enum=TRACE,enum=PATCH,enum=PROPFIND,enum=PROPPATCH,enum=MKCOL,enum=COPY,enum=MOVE,enum=LOCK,enum=UNLOCK" jsonschema_description:"The list of request methods this rule applies to"`
|
||||
Query [][]AccessControlRuleQuery `koanf:"query" json:"query" jsonschema:"title=Query Rules" jsonschema_description:"The list of query parameter rules this rule applies to"`
|
||||
// ACLRule represents one ACL rule entry.
|
||||
type ACLRule struct {
|
||||
Domains []string `koanf:"domain"`
|
||||
DomainsRegex []regexp.Regexp `koanf:"domain_regex"`
|
||||
Policy string `koanf:"policy"`
|
||||
Subjects [][]string `koanf:"subject"`
|
||||
Networks []string `koanf:"networks"`
|
||||
Resources []regexp.Regexp `koanf:"resources"`
|
||||
Methods []string `koanf:"methods"`
|
||||
Query [][]ACLQueryRule `koanf:"query"`
|
||||
}
|
||||
|
||||
// AccessControlRuleQuery represents the ACL query criteria.
|
||||
type AccessControlRuleQuery struct {
|
||||
Operator string `koanf:"operator" json:"operator" jsonschema:"enum=equal,enum=not equal,enum=present,enum=absent,enum=pattern,enum=not pattern,title=Operator" jsonschema_description:"The list of query parameter rules this rule applies to"`
|
||||
Key string `koanf:"key" json:"key" jsonschema:"required,title=Key" jsonschema_description:"The Query Parameter key this rule applies to"`
|
||||
Value any `koanf:"value" json:"value" jsonschema:"title=Value" jsonschema_description:"The Query Parameter value for this rule"`
|
||||
// ACLQueryRule represents the ACL query criteria.
|
||||
type ACLQueryRule struct {
|
||||
Operator string `koanf:"operator"`
|
||||
Key string `koanf:"key"`
|
||||
Value any `koanf:"value"`
|
||||
}
|
||||
|
||||
// DefaultACLNetwork represents the default configuration related to access control network group configuration.
|
||||
var DefaultACLNetwork = []AccessControlNetwork{
|
||||
var DefaultACLNetwork = []ACLNetwork{
|
||||
{
|
||||
Name: "localhost",
|
||||
Networks: []string{"127.0.0.1"},
|
||||
|
@ -50,7 +49,7 @@ var DefaultACLNetwork = []AccessControlNetwork{
|
|||
}
|
||||
|
||||
// DefaultACLRule represents the default configuration related to access control rule configuration.
|
||||
var DefaultACLRule = []AccessControlRule{
|
||||
var DefaultACLRule = []ACLRule{
|
||||
{
|
||||
Domains: []string{"public.example.com"},
|
||||
Policy: "bypass",
|
||||
|
|
|
@ -8,143 +8,132 @@ import (
|
|||
|
||||
// AuthenticationBackend represents the configuration related to the authentication backend.
|
||||
type AuthenticationBackend struct {
|
||||
PasswordReset AuthenticationBackendPasswordReset `koanf:"password_reset" json:"password_reset" jsonschema:"title=Password Reset" jsonschema_description:"Allows configuration of the password reset behaviour"`
|
||||
PasswordReset PasswordResetAuthenticationBackend `koanf:"password_reset"`
|
||||
|
||||
RefreshInterval string `koanf:"refresh_interval" json:"refresh_interval" jsonschema:"title=Refresh Interval" jsonschema_description:"How frequently the user details are refreshed from the backend"`
|
||||
RefreshInterval string `koanf:"refresh_interval"`
|
||||
|
||||
// The file authentication backend configuration.
|
||||
File *AuthenticationBackendFile `koanf:"file" json:"file" jsonschema:"title=File Backend" jsonschema_description:"The file authentication backend configuration"`
|
||||
LDAP *AuthenticationBackendLDAP `koanf:"ldap" json:"ldap" jsonschema:"title=LDAP Backend" jsonschema_description:"The LDAP authentication backend configuration"`
|
||||
File *FileAuthenticationBackend `koanf:"file"`
|
||||
LDAP *LDAPAuthenticationBackend `koanf:"ldap"`
|
||||
}
|
||||
|
||||
// AuthenticationBackendPasswordReset represents the configuration related to password reset functionality.
|
||||
type AuthenticationBackendPasswordReset struct {
|
||||
Disable bool `koanf:"disable" json:"disable" jsonschema:"default=false,title=Disable" jsonschema_description:"Disables the Password Reset option"`
|
||||
CustomURL url.URL `koanf:"custom_url" json:"custom_url" jsonschema:"Custom URL" jsonschema_description:"Disables the internal Password Reset option and instead redirects users to this specified URL"`
|
||||
// PasswordResetAuthenticationBackend represents the configuration related to password reset functionality.
|
||||
type PasswordResetAuthenticationBackend struct {
|
||||
Disable bool `koanf:"disable"`
|
||||
CustomURL url.URL `koanf:"custom_url"`
|
||||
}
|
||||
|
||||
// AuthenticationBackendFile represents the configuration related to file-based backend.
|
||||
type AuthenticationBackendFile struct {
|
||||
Path string `koanf:"path" json:"path" jsonschema:"title=Path" jsonschema_description:"The file path to the user database"`
|
||||
Watch bool `koanf:"watch" json:"watch" jsonschema:"default=false,title=Watch" jsonschema_description:"Enables watching the file for external changes and dynamically reloading the database"`
|
||||
// FileAuthenticationBackend represents the configuration related to file-based backend.
|
||||
type FileAuthenticationBackend struct {
|
||||
Path string `koanf:"path"`
|
||||
Watch bool `koanf:"watch"`
|
||||
Password Password `koanf:"password"`
|
||||
|
||||
Password AuthenticationBackendFilePassword `koanf:"password" json:"password" jsonschema:"title=Password Options" jsonschema_description:"Allows configuration of the password hashing options when the user passwords are changed directly by Authelia"`
|
||||
|
||||
Search AuthenticationBackendFileSearch `koanf:"search" json:"search" jsonschema:"title=Search" jsonschema_description:"Configures the user searching behaviour"`
|
||||
Search FileSearchAuthenticationBackend `koanf:"search"`
|
||||
}
|
||||
|
||||
// AuthenticationBackendFileSearch represents the configuration related to file-based backend searching.
|
||||
type AuthenticationBackendFileSearch struct {
|
||||
Email bool `koanf:"email" json:"email" jsonschema:"default=false,title=Email Searching" jsonschema_description:"Allows users to either use their username or their configured email as a username"`
|
||||
CaseInsensitive bool `koanf:"case_insensitive" json:"case_insensitive" jsonschema:"default=false,title=Case Insensitive Searching" jsonschema_description:"Allows usernames to be any case during the search"`
|
||||
// FileSearchAuthenticationBackend represents the configuration related to file-based backend searching.
|
||||
type FileSearchAuthenticationBackend struct {
|
||||
Email bool `koanf:"email"`
|
||||
CaseInsensitive bool `koanf:"case_insensitive"`
|
||||
}
|
||||
|
||||
// AuthenticationBackendFilePassword represents the configuration related to password hashing.
|
||||
type AuthenticationBackendFilePassword struct {
|
||||
Algorithm string `koanf:"algorithm" json:"algorithm" jsonschema:"default=argon2,enum=argon2,enum=sha2crypt,enum=pbkdf2,enum=bcrypt,enum=scrypt,title=Algorithm" jsonschema_description:"The password hashing algorithm to use"`
|
||||
// Password represents the configuration related to password hashing.
|
||||
type Password struct {
|
||||
Algorithm string `koanf:"algorithm"`
|
||||
|
||||
Argon2 AuthenticationBackendFilePasswordArgon2 `koanf:"argon2" json:"argon2" jsonschema:"title=Argon2" jsonschema_description:"Configure the Argon2 password hashing parameters"`
|
||||
SHA2Crypt AuthenticationBackendFilePasswordSHA2Crypt `koanf:"sha2crypt" json:"sha2crypt" jsonschema:"title=SHA2Crypt" jsonschema_description:"Configure the SHA2Crypt password hashing parameters"`
|
||||
PBKDF2 AuthenticationBackendFilePasswordPBKDF2 `koanf:"pbkdf2" json:"pbkdf2" jsonschema:"title=PBKDF2" jsonschema_description:"Configure the PBKDF2 password hashing parameters"`
|
||||
BCrypt AuthenticationBackendFilePasswordBCrypt `koanf:"bcrypt" json:"bcrypt" jsonschema:"title=BCrypt" jsonschema_description:"Configure the BCrypt password hashing parameters"`
|
||||
SCrypt AuthenticationBackendFilePasswordSCrypt `koanf:"scrypt" json:"scrypt" jsonschema:"title=SCrypt" jsonschema_description:"Configure the SCrypt password hashing parameters"`
|
||||
Argon2 Argon2Password `koanf:"argon2"`
|
||||
SHA2Crypt SHA2CryptPassword `koanf:"sha2crypt"`
|
||||
PBKDF2 PBKDF2Password `koanf:"pbkdf2"`
|
||||
BCrypt BCryptPassword `koanf:"bcrypt"`
|
||||
SCrypt SCryptPassword `koanf:"scrypt"`
|
||||
|
||||
// Deprecated: Use individual password options instead.
|
||||
Iterations int `koanf:"iterations" json:"iterations" jsonschema:"deprecated"`
|
||||
|
||||
// Deprecated: Use individual password options instead.
|
||||
Memory int `koanf:"memory" json:"memory" jsonschema:"deprecated"`
|
||||
|
||||
// Deprecated: Use individual password options instead.
|
||||
Parallelism int `koanf:"parallelism" json:"parallelism" jsonschema:"deprecated"`
|
||||
|
||||
// Deprecated: Use individual password options instead.
|
||||
KeyLength int `koanf:"key_length" json:"key_length" jsonschema:"deprecated"`
|
||||
|
||||
// Deprecated: Use individual password options instead.
|
||||
SaltLength int `koanf:"salt_length" json:"salt_length" jsonschema:"deprecated"`
|
||||
Iterations int `koanf:"iterations"`
|
||||
Memory int `koanf:"memory"`
|
||||
Parallelism int `koanf:"parallelism"`
|
||||
KeyLength int `koanf:"key_length"`
|
||||
SaltLength int `koanf:"salt_length"`
|
||||
}
|
||||
|
||||
// AuthenticationBackendFilePasswordArgon2 represents the argon2 hashing settings.
|
||||
type AuthenticationBackendFilePasswordArgon2 struct {
|
||||
Variant string `koanf:"variant" json:"variant" jsonschema:"default=argon2id,enum=argon2id,enum=argon2i,enum=argon2d,title=Variant" jsonschema_description:"The Argon2 variant to be used"`
|
||||
Iterations int `koanf:"iterations" json:"iterations" jsonschema:"default=3,title=Iterations" jsonschema_description:"The number of Argon2 iterations (parameter t) to be used"`
|
||||
Memory int `koanf:"memory" json:"memory" jsonschema:"default=65536,minimum=8,maximum=4294967295,title=Memory" jsonschema_description:"The Argon2 amount of memory in kibibytes (parameter m) to be used"`
|
||||
Parallelism int `koanf:"parallelism" json:"parallelism" jsonschema:"default=4,minimum=1,maximum=16777215,title=Parallelism" jsonschema_description:"The Argon2 degree of parallelism (parameter p) to be used"`
|
||||
KeyLength int `koanf:"key_length" json:"key_length" jsonschema:"default=32,minimum=4,maximum=2147483647,title=Key Length" jsonschema_description:"The Argon2 key output length"`
|
||||
SaltLength int `koanf:"salt_length" json:"salt_length" jsonschema:"default=16,minimum=1,maximum=2147483647,title=Salt Length" jsonschema_description:"The Argon2 salt length"`
|
||||
// Argon2Password represents the argon2 hashing settings.
|
||||
type Argon2Password struct {
|
||||
Variant string `koanf:"variant"`
|
||||
Iterations int `koanf:"iterations"`
|
||||
Memory int `koanf:"memory"`
|
||||
Parallelism int `koanf:"parallelism"`
|
||||
KeyLength int `koanf:"key_length"`
|
||||
SaltLength int `koanf:"salt_length"`
|
||||
}
|
||||
|
||||
// AuthenticationBackendFilePasswordSHA2Crypt represents the sha2crypt hashing settings.
|
||||
type AuthenticationBackendFilePasswordSHA2Crypt struct {
|
||||
Variant string `koanf:"variant" json:"variant" jsonschema:"default=sha512,enum=sha256,enum=sha512,title=Variant" jsonschema_description:"The SHA2Crypt variant to be used"`
|
||||
Iterations int `koanf:"iterations" json:"iterations" jsonschema:"default=50000,minimum=1000,maximum=999999999,title=Iterations" jsonschema_description:"The SHA2Crypt iterations (parameter rounds) to be used"`
|
||||
SaltLength int `koanf:"salt_length" json:"salt_length" jsonschema:"default=16,minimum=1,maximum=16,title=Salt Length" jsonschema_description:"The SHA2Crypt salt length to be used"`
|
||||
// SHA2CryptPassword represents the sha2crypt hashing settings.
|
||||
type SHA2CryptPassword struct {
|
||||
Variant string `koanf:"variant"`
|
||||
Iterations int `koanf:"iterations"`
|
||||
SaltLength int `koanf:"salt_length"`
|
||||
}
|
||||
|
||||
// AuthenticationBackendFilePasswordPBKDF2 represents the PBKDF2 hashing settings.
|
||||
type AuthenticationBackendFilePasswordPBKDF2 struct {
|
||||
Variant string `koanf:"variant" json:"variant" jsonschema:"default=sha512,enum=sha1,enum=sha224,enum=sha256,enum=sha384,enum=sha512,title=Variant" jsonschema_description:"The PBKDF2 variant to be used"`
|
||||
Iterations int `koanf:"iterations" json:"iterations" jsonschema:"default=310000,minimum=100000,maximum=2147483647,title=Iterations" jsonschema_description:"The PBKDF2 iterations to be used"`
|
||||
SaltLength int `koanf:"salt_length" json:"salt_length" jsonschema:"default=16,minimum=8,maximum=2147483647,title=Salt Length" jsonschema_description:"The PBKDF2 salt length to be used"`
|
||||
// PBKDF2Password represents the PBKDF2 hashing settings.
|
||||
type PBKDF2Password struct {
|
||||
Variant string `koanf:"variant"`
|
||||
Iterations int `koanf:"iterations"`
|
||||
SaltLength int `koanf:"salt_length"`
|
||||
}
|
||||
|
||||
// AuthenticationBackendFilePasswordBCrypt represents the bcrypt hashing settings.
|
||||
type AuthenticationBackendFilePasswordBCrypt struct {
|
||||
Variant string `koanf:"variant" json:"variant" jsonschema:"default=standard,enum=standard,enum=sha256,title=Variant" jsonschema_description:"The BCrypt variant to be used"`
|
||||
Cost int `koanf:"cost" json:"cost" jsonschema:"default=12,minimum=10,maximum=31,title=Cost" jsonschema_description:"The BCrypt cost to be used"`
|
||||
// BCryptPassword represents the bcrypt hashing settings.
|
||||
type BCryptPassword struct {
|
||||
Variant string `koanf:"variant"`
|
||||
Cost int `koanf:"cost"`
|
||||
}
|
||||
|
||||
// AuthenticationBackendFilePasswordSCrypt represents the scrypt hashing settings.
|
||||
type AuthenticationBackendFilePasswordSCrypt struct {
|
||||
Iterations int `koanf:"iterations" json:"iterations" jsonschema:"default=16,minimum=1,maximum=58,title=Iterations" jsonschema_description:"The SCrypt iterations to be used"`
|
||||
BlockSize int `koanf:"block_size" json:"block_size" jsonschema:"default=8,minimum=1,maximum=36028797018963967,title=Key Length" jsonschema_description:"The SCrypt block size to be used"`
|
||||
Parallelism int `koanf:"parallelism" json:"parallelism" jsonschema:"default=1,minimum=1,maximum=1073741823,title=Key Length" jsonschema_description:"The SCrypt parallelism factor to be used"`
|
||||
KeyLength int `koanf:"key_length" json:"key_length" jsonschema:"default=32,minimum=1,maximum=137438953440,title=Key Length" jsonschema_description:"The SCrypt key length to be used"`
|
||||
SaltLength int `koanf:"salt_length" json:"salt_length" jsonschema:"default=16,minimum=8,maximum=1024,title=Salt Length" jsonschema_description:"The SCrypt salt length to be used"`
|
||||
// SCryptPassword represents the scrypt hashing settings.
|
||||
type SCryptPassword struct {
|
||||
Iterations int `koanf:"iterations"`
|
||||
BlockSize int `koanf:"block_size"`
|
||||
Parallelism int `koanf:"parallelism"`
|
||||
KeyLength int `koanf:"key_length"`
|
||||
SaltLength int `koanf:"salt_length"`
|
||||
}
|
||||
|
||||
// AuthenticationBackendLDAP represents the configuration related to LDAP server.
|
||||
type AuthenticationBackendLDAP struct {
|
||||
Address *AddressLDAP `koanf:"address" json:"address" jsonschema:"title=Address" jsonschema_description:"The address of the LDAP directory server"`
|
||||
Implementation string `koanf:"implementation" json:"implementation" jsonschema:"default=custom,enum=custom,enum=activedirectory,enum=rfc2307bis,enum=freeipa,enum=lldap,enum=glauth,title=Implementation" jsonschema_description:"The implementation which mostly decides the default values"`
|
||||
Timeout time.Duration `koanf:"timeout" json:"timeout" jsonschema:"default=5 seconds,title=Timeout" jsonschema_description:"The LDAP directory server connection timeout"`
|
||||
StartTLS bool `koanf:"start_tls" json:"start_tls" jsonschema:"default=false,title=StartTLS" jsonschema_description:"Enables the use of StartTLS"`
|
||||
TLS *TLS `koanf:"tls" json:"tls" jsonschema:"title=TLS" jsonschema_description:"The LDAP directory server TLS connection properties"`
|
||||
// LDAPAuthenticationBackend represents the configuration related to LDAP server.
|
||||
type LDAPAuthenticationBackend struct {
|
||||
Address *AddressLDAP `koanf:"address"`
|
||||
Implementation string `koanf:"implementation"`
|
||||
Timeout time.Duration `koanf:"timeout"`
|
||||
StartTLS bool `koanf:"start_tls"`
|
||||
TLS *TLSConfig `koanf:"tls"`
|
||||
|
||||
BaseDN string `koanf:"base_dn" json:"base_dn" jsonschema:"title=Base DN" jsonschema_description:"The base for all directory server operations"`
|
||||
BaseDN string `koanf:"base_dn"`
|
||||
|
||||
AdditionalUsersDN string `koanf:"additional_users_dn" json:"additional_users_dn" jsonschema:"title=Additional User Base" jsonschema_description:"The base in addition to the Base DN for all directory server operations for users"`
|
||||
UsersFilter string `koanf:"users_filter" json:"users_filter" jsonschema:"title=Users Filter" jsonschema_description:"The LDAP filter used to search for user objects"`
|
||||
AdditionalUsersDN string `koanf:"additional_users_dn"`
|
||||
UsersFilter string `koanf:"users_filter"`
|
||||
|
||||
AdditionalGroupsDN string `koanf:"additional_groups_dn" json:"additional_groups_dn" jsonschema:"title=Additional Group Base" jsonschema_description:"The base in addition to the Base DN for all directory server operations for groups"`
|
||||
GroupsFilter string `koanf:"groups_filter" json:"groups_filter" jsonschema:"title=Groups Filter" jsonschema_description:"The LDAP filter used to search for group objects"`
|
||||
AdditionalGroupsDN string `koanf:"additional_groups_dn"`
|
||||
GroupsFilter string `koanf:"groups_filter"`
|
||||
GroupSearchMode string `koanf:"group_search_mode"`
|
||||
|
||||
Attributes AuthenticationBackendLDAPAttributes `koanf:"attributes" json:"attributes"`
|
||||
Attributes LDAPAuthenticationAttributes `koanf:"attributes"`
|
||||
|
||||
PermitReferrals bool `koanf:"permit_referrals" json:"permit_referrals" jsonschema:"default=false,title=Permit Referrals" jsonschema_description:"Enables chasing LDAP referrals"`
|
||||
PermitUnauthenticatedBind bool `koanf:"permit_unauthenticated_bind" json:"permit_unauthenticated_bind" jsonschema:"default=false,title=Permit Unauthenticated Bind" jsonschema_description:"Enables omission of the password to perform an unauthenticated bind"`
|
||||
PermitFeatureDetectionFailure bool `koanf:"permit_feature_detection_failure" json:"permit_feature_detection_failure" jsonschema:"default=false,title=Permit Feature Detection Failure" jsonschema_description:"Enables failures when detecting directory server features using the Root DSE lookup"`
|
||||
PermitReferrals bool `koanf:"permit_referrals"`
|
||||
PermitUnauthenticatedBind bool `koanf:"permit_unauthenticated_bind"`
|
||||
PermitFeatureDetectionFailure bool `koanf:"permit_feature_detection_failure"`
|
||||
|
||||
User string `koanf:"user" json:"user" jsonschema:"title=User" jsonschema_description:"The user distinguished name for LDAP binding"`
|
||||
Password string `koanf:"password" json:"password" jsonschema:"title=Password" jsonschema_description:"The password for LDAP authenticated binding"`
|
||||
User string `koanf:"user"`
|
||||
Password string `koanf:"password"`
|
||||
}
|
||||
|
||||
// AuthenticationBackendLDAPAttributes represents the configuration related to LDAP server attributes.
|
||||
type AuthenticationBackendLDAPAttributes struct {
|
||||
DistinguishedName string `koanf:"distinguished_name" json:"distinguished_name" jsonschema:"title=Attribute: Distinguished Name" jsonschema_description:"The directory server attribute which contains the distinguished name for all objects"`
|
||||
Username string `koanf:"username" json:"username" jsonschema:"title=Attribute: User Username" jsonschema_description:"The directory server attribute which contains the username for all users"`
|
||||
DisplayName string `koanf:"display_name" json:"display_name" jsonschema:"title=Attribute: User Display Name" jsonschema_description:"The directory server attribute which contains the display name for all users"`
|
||||
Mail string `koanf:"mail" json:"mail" jsonschema:"title=Attribute: User Mail" jsonschema_description:"The directory server attribute which contains the mail address for all users and groups"`
|
||||
MemberOf string `koanf:"member_of" jsonschema:"title=Attribute: Member Of" jsonschema_description:"The directory server attribute which contains the objects that an object is a member of"`
|
||||
GroupName string `koanf:"group_name" json:"group_name" jsonschema:"title=Attribute: Group Name" jsonschema_description:"The directory server attribute which contains the group name for all groups"`
|
||||
// LDAPAuthenticationAttributes represents the configuration related to LDAP server attributes.
|
||||
type LDAPAuthenticationAttributes struct {
|
||||
DistinguishedName string `koanf:"distinguished_name"`
|
||||
Username string `koanf:"username"`
|
||||
DisplayName string `koanf:"display_name"`
|
||||
Mail string `koanf:"mail"`
|
||||
MemberOf string `koanf:"member_of"`
|
||||
GroupName string `koanf:"group_name"`
|
||||
}
|
||||
|
||||
// DefaultPasswordConfig represents the default configuration related to Argon2id hashing.
|
||||
var DefaultPasswordConfig = AuthenticationBackendFilePassword{
|
||||
var DefaultPasswordConfig = Password{
|
||||
Algorithm: argon2,
|
||||
Argon2: AuthenticationBackendFilePasswordArgon2{
|
||||
Argon2: Argon2Password{
|
||||
Variant: argon2id,
|
||||
Iterations: 3,
|
||||
Memory: 64 * 1024,
|
||||
|
@ -152,21 +141,21 @@ var DefaultPasswordConfig = AuthenticationBackendFilePassword{
|
|||
KeyLength: 32,
|
||||
SaltLength: 16,
|
||||
},
|
||||
SHA2Crypt: AuthenticationBackendFilePasswordSHA2Crypt{
|
||||
SHA2Crypt: SHA2CryptPassword{
|
||||
Variant: sha512,
|
||||
Iterations: 50000,
|
||||
SaltLength: 16,
|
||||
},
|
||||
PBKDF2: AuthenticationBackendFilePasswordPBKDF2{
|
||||
PBKDF2: PBKDF2Password{
|
||||
Variant: sha512,
|
||||
Iterations: 310000,
|
||||
SaltLength: 16,
|
||||
},
|
||||
BCrypt: AuthenticationBackendFilePasswordBCrypt{
|
||||
BCrypt: BCryptPassword{
|
||||
Variant: "standard",
|
||||
Cost: 12,
|
||||
},
|
||||
SCrypt: AuthenticationBackendFilePasswordSCrypt{
|
||||
SCrypt: SCryptPassword{
|
||||
Iterations: 16,
|
||||
BlockSize: 8,
|
||||
Parallelism: 1,
|
||||
|
@ -176,16 +165,16 @@ var DefaultPasswordConfig = AuthenticationBackendFilePassword{
|
|||
}
|
||||
|
||||
// DefaultCIPasswordConfig represents the default configuration related to Argon2id hashing for CI.
|
||||
var DefaultCIPasswordConfig = AuthenticationBackendFilePassword{
|
||||
var DefaultCIPasswordConfig = Password{
|
||||
Algorithm: argon2,
|
||||
Argon2: AuthenticationBackendFilePasswordArgon2{
|
||||
Argon2: Argon2Password{
|
||||
Iterations: 3,
|
||||
Memory: 64,
|
||||
Parallelism: 4,
|
||||
KeyLength: 32,
|
||||
SaltLength: 16,
|
||||
},
|
||||
SHA2Crypt: AuthenticationBackendFilePasswordSHA2Crypt{
|
||||
SHA2Crypt: SHA2CryptPassword{
|
||||
Variant: sha512,
|
||||
Iterations: 50000,
|
||||
SaltLength: 16,
|
||||
|
@ -193,26 +182,26 @@ var DefaultCIPasswordConfig = AuthenticationBackendFilePassword{
|
|||
}
|
||||
|
||||
// DefaultLDAPAuthenticationBackendConfigurationImplementationCustom represents the default LDAP config.
|
||||
var DefaultLDAPAuthenticationBackendConfigurationImplementationCustom = AuthenticationBackendLDAP{
|
||||
var DefaultLDAPAuthenticationBackendConfigurationImplementationCustom = LDAPAuthenticationBackend{
|
||||
GroupSearchMode: ldapGroupSearchModeFilter,
|
||||
Attributes: AuthenticationBackendLDAPAttributes{
|
||||
Attributes: LDAPAuthenticationAttributes{
|
||||
Username: ldapAttrUserID,
|
||||
DisplayName: ldapAttrDisplayName,
|
||||
Mail: ldapAttrMail,
|
||||
GroupName: ldapAttrCommonName,
|
||||
},
|
||||
Timeout: time.Second * 5,
|
||||
TLS: &TLS{
|
||||
TLS: &TLSConfig{
|
||||
MinimumVersion: TLSVersion{tls.VersionTLS12},
|
||||
},
|
||||
}
|
||||
|
||||
// DefaultLDAPAuthenticationBackendConfigurationImplementationActiveDirectory represents the default LDAP config for the LDAPImplementationActiveDirectory Implementation.
|
||||
var DefaultLDAPAuthenticationBackendConfigurationImplementationActiveDirectory = AuthenticationBackendLDAP{
|
||||
var DefaultLDAPAuthenticationBackendConfigurationImplementationActiveDirectory = LDAPAuthenticationBackend{
|
||||
UsersFilter: "(&(|({username_attribute}={input})({mail_attribute}={input}))(sAMAccountType=805306368)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(!(pwdLastSet=0))(|(!(accountExpires=*))(accountExpires=0)(accountExpires>={date-time:microsoft-nt})))",
|
||||
GroupsFilter: "(&(member={dn})(|(sAMAccountType=268435456)(sAMAccountType=536870912)))",
|
||||
GroupSearchMode: ldapGroupSearchModeFilter,
|
||||
Attributes: AuthenticationBackendLDAPAttributes{
|
||||
Attributes: LDAPAuthenticationAttributes{
|
||||
DistinguishedName: ldapAttrDistinguishedName,
|
||||
Username: ldapAttrSAMAccountName,
|
||||
DisplayName: ldapAttrDisplayName,
|
||||
|
@ -221,17 +210,17 @@ var DefaultLDAPAuthenticationBackendConfigurationImplementationActiveDirectory =
|
|||
GroupName: ldapAttrCommonName,
|
||||
},
|
||||
Timeout: time.Second * 5,
|
||||
TLS: &TLS{
|
||||
TLS: &TLSConfig{
|
||||
MinimumVersion: TLSVersion{tls.VersionTLS12},
|
||||
},
|
||||
}
|
||||
|
||||
// DefaultLDAPAuthenticationBackendConfigurationImplementationRFC2307bis represents the default LDAP config for the LDAPImplementationRFC2307bis Implementation.
|
||||
var DefaultLDAPAuthenticationBackendConfigurationImplementationRFC2307bis = AuthenticationBackendLDAP{
|
||||
var DefaultLDAPAuthenticationBackendConfigurationImplementationRFC2307bis = LDAPAuthenticationBackend{
|
||||
UsersFilter: "(&(|({username_attribute}={input})({mail_attribute}={input}))(|(objectClass=inetOrgPerson)(objectClass=organizationalPerson)))",
|
||||
GroupsFilter: "(&(|(member={dn})(uniqueMember={dn}))(|(objectClass=groupOfNames)(objectClass=groupOfUniqueNames)(objectClass=groupOfMembers))(!(pwdReset=TRUE)))",
|
||||
GroupSearchMode: ldapGroupSearchModeFilter,
|
||||
Attributes: AuthenticationBackendLDAPAttributes{
|
||||
Attributes: LDAPAuthenticationAttributes{
|
||||
Username: ldapAttrUserID,
|
||||
DisplayName: ldapAttrDisplayName,
|
||||
Mail: ldapAttrMail,
|
||||
|
@ -239,17 +228,17 @@ var DefaultLDAPAuthenticationBackendConfigurationImplementationRFC2307bis = Auth
|
|||
GroupName: ldapAttrCommonName,
|
||||
},
|
||||
Timeout: time.Second * 5,
|
||||
TLS: &TLS{
|
||||
TLS: &TLSConfig{
|
||||
MinimumVersion: TLSVersion{tls.VersionTLS12},
|
||||
},
|
||||
}
|
||||
|
||||
// DefaultLDAPAuthenticationBackendConfigurationImplementationFreeIPA represents the default LDAP config for the LDAPImplementationFreeIPA Implementation.
|
||||
var DefaultLDAPAuthenticationBackendConfigurationImplementationFreeIPA = AuthenticationBackendLDAP{
|
||||
var DefaultLDAPAuthenticationBackendConfigurationImplementationFreeIPA = LDAPAuthenticationBackend{
|
||||
UsersFilter: "(&(|({username_attribute}={input})({mail_attribute}={input}))(objectClass=person)(!(nsAccountLock=TRUE))(krbPasswordExpiration>={date-time:generalized})(|(!(krbPrincipalExpiration=*))(krbPrincipalExpiration>={date-time:generalized})))",
|
||||
GroupsFilter: "(&(member={dn})(objectClass=groupOfNames))",
|
||||
GroupSearchMode: ldapGroupSearchModeFilter,
|
||||
Attributes: AuthenticationBackendLDAPAttributes{
|
||||
Attributes: LDAPAuthenticationAttributes{
|
||||
Username: ldapAttrUserID,
|
||||
DisplayName: ldapAttrDisplayName,
|
||||
Mail: ldapAttrMail,
|
||||
|
@ -257,19 +246,19 @@ var DefaultLDAPAuthenticationBackendConfigurationImplementationFreeIPA = Authent
|
|||
GroupName: ldapAttrCommonName,
|
||||
},
|
||||
Timeout: time.Second * 5,
|
||||
TLS: &TLS{
|
||||
TLS: &TLSConfig{
|
||||
MinimumVersion: TLSVersion{tls.VersionTLS12},
|
||||
},
|
||||
}
|
||||
|
||||
// DefaultLDAPAuthenticationBackendConfigurationImplementationLLDAP represents the default LDAP config for the LDAPImplementationLLDAP Implementation.
|
||||
var DefaultLDAPAuthenticationBackendConfigurationImplementationLLDAP = AuthenticationBackendLDAP{
|
||||
var DefaultLDAPAuthenticationBackendConfigurationImplementationLLDAP = LDAPAuthenticationBackend{
|
||||
AdditionalUsersDN: "OU=people",
|
||||
AdditionalGroupsDN: "OU=groups",
|
||||
UsersFilter: "(&(|({username_attribute}={input})({mail_attribute}={input}))(objectClass=person))",
|
||||
GroupsFilter: "(&(member={dn})(objectClass=groupOfUniqueNames))",
|
||||
GroupSearchMode: ldapGroupSearchModeFilter,
|
||||
Attributes: AuthenticationBackendLDAPAttributes{
|
||||
Attributes: LDAPAuthenticationAttributes{
|
||||
Username: ldapAttrUserID,
|
||||
DisplayName: ldapAttrCommonName,
|
||||
Mail: ldapAttrMail,
|
||||
|
@ -277,17 +266,17 @@ var DefaultLDAPAuthenticationBackendConfigurationImplementationLLDAP = Authentic
|
|||
GroupName: ldapAttrCommonName,
|
||||
},
|
||||
Timeout: time.Second * 5,
|
||||
TLS: &TLS{
|
||||
TLS: &TLSConfig{
|
||||
MinimumVersion: TLSVersion{tls.VersionTLS12},
|
||||
},
|
||||
}
|
||||
|
||||
// DefaultLDAPAuthenticationBackendConfigurationImplementationGLAuth represents the default LDAP config for the LDAPImplementationGLAuth Implementation.
|
||||
var DefaultLDAPAuthenticationBackendConfigurationImplementationGLAuth = AuthenticationBackendLDAP{
|
||||
var DefaultLDAPAuthenticationBackendConfigurationImplementationGLAuth = LDAPAuthenticationBackend{
|
||||
UsersFilter: "(&(|({username_attribute}={input})({mail_attribute}={input}))(objectClass=posixAccount)(!(accountStatus=inactive)))",
|
||||
GroupsFilter: "(&(uniqueMember={dn})(objectClass=posixGroup))",
|
||||
GroupSearchMode: ldapGroupSearchModeFilter,
|
||||
Attributes: AuthenticationBackendLDAPAttributes{
|
||||
Attributes: LDAPAuthenticationAttributes{
|
||||
Username: ldapAttrCommonName,
|
||||
DisplayName: ldapAttrDescription,
|
||||
Mail: ldapAttrMail,
|
||||
|
@ -295,7 +284,7 @@ var DefaultLDAPAuthenticationBackendConfigurationImplementationGLAuth = Authenti
|
|||
GroupName: ldapAttrCommonName,
|
||||
},
|
||||
Timeout: time.Second * 5,
|
||||
TLS: &TLS{
|
||||
TLS: &TLSConfig{
|
||||
MinimumVersion: TLSVersion{tls.VersionTLS12},
|
||||
},
|
||||
}
|
||||
|
|
|
@ -2,26 +2,26 @@ package schema
|
|||
|
||||
// Configuration object extracted from YAML configuration file.
|
||||
type Configuration struct {
|
||||
Theme string `koanf:"theme" json:"theme" jsonschema:"default=light,enum=auto,enum=light,enum=dark,enum=grey,title=Theme Name" jsonschema_description:"The name of the theme to apply to the web UI"`
|
||||
CertificatesDirectory string `koanf:"certificates_directory" json:"certificates_directory" jsonschema:"title=Certificates Directory Path" jsonschema_description:"The path to a directory which is used to determine the certificates that are trusted"`
|
||||
JWTSecret string `koanf:"jwt_secret" json:"jwt_secret" jsonschema:"title=Secret Key for JWT's" jsonschema_description:"Used for signing HS256 JWT's for identity verification"`
|
||||
DefaultRedirectionURL string `koanf:"default_redirection_url" json:"default_redirection_url" jsonschema:"title=The default redirection URL" jsonschema_description:"Used to redirect users when they visit the portal directly"`
|
||||
Default2FAMethod string `koanf:"default_2fa_method" json:"default_2fa_method" jsonschema:"enum=totp,enum=webauthn,enum=mobile_push,title=Default 2FA method" jsonschema_description:"When a user logs in for the first time this is the 2FA method configured for them"`
|
||||
Theme string `koanf:"theme"`
|
||||
CertificatesDirectory string `koanf:"certificates_directory"`
|
||||
JWTSecret string `koanf:"jwt_secret"`
|
||||
DefaultRedirectionURL string `koanf:"default_redirection_url"`
|
||||
Default2FAMethod string `koanf:"default_2fa_method"`
|
||||
|
||||
Log Log `koanf:"log" json:"log" jsonschema:"title=Log" jsonschema_description:"Logging Configuration"`
|
||||
IdentityProviders IdentityProviders `koanf:"identity_providers" json:"identity_providers" jsonschema:"title=Identity Providers" jsonschema_description:"Identity Providers Configuration"`
|
||||
AuthenticationBackend AuthenticationBackend `koanf:"authentication_backend" json:"authentication_backend" jsonschema:"title=Authentication Backend" jsonschema_description:"Authentication Backend Configuration"`
|
||||
Session Session `koanf:"session" json:"session" jsonschema:"title=Session" jsonschema_description:"Session Configuration"`
|
||||
TOTP TOTP `koanf:"totp" json:"totp" jsonschema:"title=TOTP" jsonschema_description:"Time-based One Time Password Configuration"`
|
||||
DuoAPI DuoAPI `koanf:"duo_api" json:"duo_api" jsonschema:"title=Duo API" jsonschema_description:"Duo API Configuration"`
|
||||
AccessControl AccessControl `koanf:"access_control" json:"access_control" jsonschema:"title=Access Control" jsonschema_description:"Access Control Configuration"`
|
||||
NTP NTP `koanf:"ntp" json:"ntp" jsonschema:"title=NTP" jsonschema_description:"Network Time Protocol Configuration"`
|
||||
Regulation Regulation `koanf:"regulation" json:"regulation" jsonschema:"title=Regulation" jsonschema_description:"Regulation Configuration"`
|
||||
Storage Storage `koanf:"storage" json:"storage" jsonschema:"title=Storage" jsonschema_description:"Storage Configuration"`
|
||||
Notifier Notifier `koanf:"notifier" json:"notifier" jsonschema:"title=Notifier" jsonschema_description:"Notifier Configuration"`
|
||||
Server Server `koanf:"server" json:"server" jsonschema:"title=Server" jsonschema_description:"Server Configuration"`
|
||||
Telemetry Telemetry `koanf:"telemetry" json:"telemetry" jsonschema:"title=Telemetry" jsonschema_description:"Telemetry Configuration"`
|
||||
WebAuthn WebAuthn `koanf:"webauthn" json:"webauthn" jsonschema:"title=WebAuthn" jsonschema_description:"WebAuthn Configuration"`
|
||||
PasswordPolicy PasswordPolicy `koanf:"password_policy" json:"password_policy" jsonschema:"title=Password Policy" jsonschema_description:"Password Policy Configuration"`
|
||||
PrivacyPolicy PrivacyPolicy `koanf:"privacy_policy" json:"privacy_policy" jsonschema:"title=Privacy Policy" jsonschema_description:"Privacy Policy Configuration"`
|
||||
Log LogConfiguration `koanf:"log"`
|
||||
IdentityProviders IdentityProviders `koanf:"identity_providers"`
|
||||
AuthenticationBackend AuthenticationBackend `koanf:"authentication_backend"`
|
||||
Session SessionConfiguration `koanf:"session"`
|
||||
TOTP TOTPConfiguration `koanf:"totp"`
|
||||
DuoAPI DuoAPIConfiguration `koanf:"duo_api"`
|
||||
AccessControl AccessControlConfiguration `koanf:"access_control"`
|
||||
NTP NTPConfiguration `koanf:"ntp"`
|
||||
Regulation RegulationConfiguration `koanf:"regulation"`
|
||||
Storage StorageConfiguration `koanf:"storage"`
|
||||
Notifier NotifierConfiguration `koanf:"notifier"`
|
||||
Server ServerConfiguration `koanf:"server"`
|
||||
Telemetry TelemetryConfig `koanf:"telemetry"`
|
||||
WebAuthn WebAuthnConfiguration `koanf:"webauthn"`
|
||||
PasswordPolicy PasswordPolicyConfiguration `koanf:"password_policy"`
|
||||
PrivacyPolicy PrivacyPolicy `koanf:"privacy_policy"`
|
||||
}
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
package schema
|
||||
|
||||
// DuoAPI represents the configuration related to Duo API.
|
||||
type DuoAPI struct {
|
||||
Disable bool `koanf:"disable" json:"disable" jsonschema:"default=false,title=Disable" jsonschema_description:"Disable the Duo API integration"`
|
||||
Hostname string `koanf:"hostname" json:"hostname" jsonschema:"format=hostname,title=Hostname" jsonschema_description:"The Hostname provided by your Duo API dashboard"`
|
||||
IntegrationKey string `koanf:"integration_key" json:"integration_key" jsonschema:"title=Integration Key" jsonschema_description:"The Integration Key provided by your Duo API dashboard"`
|
||||
SecretKey string `koanf:"secret_key" json:"secret_key" jsonschema:"title=Secret Key" jsonschema_description:"The Secret Key provided by your Duo API dashboard"`
|
||||
EnableSelfEnrollment bool `koanf:"enable_self_enrollment" json:"enable_self_enrollment" jsonschema:"default=false,title=Enable Self Enrollment" jsonschema_description:"Enable the Self Enrollment flow"`
|
||||
// DuoAPIConfiguration represents the configuration related to Duo API.
|
||||
type DuoAPIConfiguration struct {
|
||||
Disable bool `koanf:"disable"`
|
||||
Hostname string `koanf:"hostname"`
|
||||
IntegrationKey string `koanf:"integration_key"`
|
||||
SecretKey string `koanf:"secret_key"`
|
||||
EnableSelfEnrollment bool `koanf:"enable_self_enrollment"`
|
||||
}
|
||||
|
|
|
@ -8,34 +8,34 @@ import (
|
|||
|
||||
// IdentityProviders represents the Identity Providers configuration for Authelia.
|
||||
type IdentityProviders struct {
|
||||
OIDC *IdentityProvidersOpenIDConnect `koanf:"oidc" json:"oidc"`
|
||||
OIDC *OpenIDConnect `koanf:"oidc"`
|
||||
}
|
||||
|
||||
// IdentityProvidersOpenIDConnect represents the configuration for OpenID Connect 1.0.
|
||||
type IdentityProvidersOpenIDConnect struct {
|
||||
HMACSecret string `koanf:"hmac_secret" json:"hmac_secret" jsonschema:"title=HMAC Secret" jsonschema_description:"The HMAC Secret used to sign Access Tokens"`
|
||||
IssuerPrivateKeys []JWK `koanf:"issuer_private_keys" json:"issuer_private_keys" jsonschema:"title=Issuer Private Keys" jsonschema_description:"The Private Keys used to sign ID Tokens"`
|
||||
// OpenIDConnect configuration for OpenID Connect 1.0.
|
||||
type OpenIDConnect struct {
|
||||
HMACSecret string `koanf:"hmac_secret"`
|
||||
IssuerPrivateKeys []JWK `koanf:"issuer_private_keys"`
|
||||
|
||||
IssuerCertificateChain X509CertificateChain `koanf:"issuer_certificate_chain" json:"issuer_certificate_chain" jsonschema:"title=Issuer Certificate Chain" jsonschema_description:"The Issuer Certificate Chain with an RSA Public Key used to sign ID Tokens"`
|
||||
IssuerPrivateKey *rsa.PrivateKey `koanf:"issuer_private_key" json:"issuer_private_key" jsonschema:"title=Issuer Private Key" jsonschema_description:"The Issuer Private Key with an RSA Private Key used to sign ID Tokens"`
|
||||
IssuerCertificateChain X509CertificateChain `koanf:"issuer_certificate_chain"`
|
||||
IssuerPrivateKey *rsa.PrivateKey `koanf:"issuer_private_key"`
|
||||
|
||||
AccessTokenLifespan time.Duration `koanf:"access_token_lifespan" json:"access_token_lifespan" jsonschema:"default=60 minutes,title=Access Token Lifespan" jsonschema_description:"The duration an Access Token is valid for"`
|
||||
AuthorizeCodeLifespan time.Duration `koanf:"authorize_code_lifespan" json:"authorize_code_lifespan" jsonschema:"default=1 minute,title=Authorize Code Lifespan" jsonschema_description:"The duration an Authorization Code is valid for"`
|
||||
IDTokenLifespan time.Duration `koanf:"id_token_lifespan" json:"id_token_lifespan" jsonschema:"default=60 minutes,title=ID Token Lifespan" jsonschema_description:"The duration an ID Token is valid for"`
|
||||
RefreshTokenLifespan time.Duration `koanf:"refresh_token_lifespan" json:"refresh_token_lifespan" jsonschema:"default=90 minutes,title=Refresh Token Lifespan" jsonschema_description:"The duration a Refresh Token is valid for"`
|
||||
AccessTokenLifespan time.Duration `koanf:"access_token_lifespan"`
|
||||
AuthorizeCodeLifespan time.Duration `koanf:"authorize_code_lifespan"`
|
||||
IDTokenLifespan time.Duration `koanf:"id_token_lifespan"`
|
||||
RefreshTokenLifespan time.Duration `koanf:"refresh_token_lifespan"`
|
||||
|
||||
EnableClientDebugMessages bool `koanf:"enable_client_debug_messages" json:"enable_client_debug_messages" jsonschema:"default=false,title=Enable Client Debug Messages" jsonschema_description:"Enables additional debug messages for clients"`
|
||||
MinimumParameterEntropy int `koanf:"minimum_parameter_entropy" json:"minimum_parameter_entropy" jsonschema:"default=8,minimum=-1,title=Minimum Parameter Entropy" jsonschema_description:"The minimum entropy of the nonce parameter"`
|
||||
EnableClientDebugMessages bool `koanf:"enable_client_debug_messages"`
|
||||
MinimumParameterEntropy int `koanf:"minimum_parameter_entropy"`
|
||||
|
||||
EnforcePKCE string `koanf:"enforce_pkce" json:"enforce_pkce" jsonschema:"default=public_clients_only,enum=public_clients_only,enum=never,enum=always,title=Enforce PKCE" jsonschema_description:"Controls enforcement of the use of Proof Key for Code Exchange on all clients"`
|
||||
EnablePKCEPlainChallenge bool `koanf:"enable_pkce_plain_challenge" json:"enable_pkce_plain_challenge" jsonschema:"default=false,title=Enable PKCE Plain Challenge" jsonschema_description:"Enables use of the discouraged plain Proof Key for Code Exchange challenges"`
|
||||
EnforcePKCE string `koanf:"enforce_pkce"`
|
||||
EnablePKCEPlainChallenge bool `koanf:"enable_pkce_plain_challenge"`
|
||||
|
||||
PAR IdentityProvidersOpenIDConnectPAR `koanf:"pushed_authorizations" json:"pushed_authorizations" jsonschema:"title=Pushed Authorizations" jsonschema_description:"Configuration options for Pushed Authorization Requests"`
|
||||
CORS IdentityProvidersOpenIDConnectCORS `koanf:"cors" json:"cors" jsonschema:"title=CORS" jsonschema_description:"Configuration options for Cross-Origin Request Sharing"`
|
||||
PAR OpenIDConnectPAR `koanf:"pushed_authorizations"`
|
||||
CORS OpenIDConnectCORS `koanf:"cors"`
|
||||
|
||||
Clients []IdentityProvidersOpenIDConnectClient `koanf:"clients" json:"clients" jsonschema:"title=Clients" jsonschema_description:"OpenID Connect 1.0 clients registry"`
|
||||
Clients []OpenIDConnectClient `koanf:"clients"`
|
||||
|
||||
Discovery OpenIDConnectDiscovery `json:"-"` // MetaData value. Not configurable by users.
|
||||
Discovery OpenIDConnectDiscovery // MetaData value. Not configurable by users.
|
||||
}
|
||||
|
||||
// OpenIDConnectDiscovery is information discovered during validation reused for the discovery handlers.
|
||||
|
@ -47,68 +47,68 @@ type OpenIDConnectDiscovery struct {
|
|||
RequestObjectSigningAlgs []string
|
||||
}
|
||||
|
||||
// IdentityProvidersOpenIDConnectPAR represents an OpenID Connect 1.0 PAR config.
|
||||
type IdentityProvidersOpenIDConnectPAR struct {
|
||||
Enforce bool `koanf:"enforce" json:"enforce" jsonschema:"default=false,title=Enforce" jsonschema_description:"Enforce the use of PAR for all requests on all clients"`
|
||||
ContextLifespan time.Duration `koanf:"context_lifespan" json:"context_lifespan" jsonschema:"default=5 minutes,title=Context Lifespan" jsonschema_description:"How long a PAR context is valid for"`
|
||||
// OpenIDConnectPAR represents an OpenID Connect 1.0 PAR config.
|
||||
type OpenIDConnectPAR struct {
|
||||
Enforce bool `koanf:"enforce"`
|
||||
ContextLifespan time.Duration `koanf:"context_lifespan"`
|
||||
}
|
||||
|
||||
// IdentityProvidersOpenIDConnectCORS represents an OpenID Connect 1.0 CORS config.
|
||||
type IdentityProvidersOpenIDConnectCORS struct {
|
||||
Endpoints []string `koanf:"endpoints" json:"endpoints" jsonschema:"uniqueItems,enum=authorization,enum=pushed-authorization-request,enum=token,enum=introspection,enum=revocation,enum=userinfo,title=Endpoints" jsonschema_description:"List of endpoints to enable CORS handling for"`
|
||||
AllowedOrigins []url.URL `koanf:"allowed_origins" json:"allowed_origins" jsonschema:"format=uri,title=Allowed Origins" jsonschema_description:"List of arbitrary allowed origins for CORS requests"`
|
||||
// OpenIDConnectCORS represents an OpenID Connect 1.0 CORS config.
|
||||
type OpenIDConnectCORS struct {
|
||||
Endpoints []string `koanf:"endpoints"`
|
||||
AllowedOrigins []url.URL `koanf:"allowed_origins"`
|
||||
|
||||
AllowedOriginsFromClientRedirectURIs bool `koanf:"allowed_origins_from_client_redirect_uris" json:"allowed_origins_from_client_redirect_uris" jsonschema:"default=false,title=Allowed Origins From Client Redirect URIs" jsonschema_description:"Automatically include the redirect URIs from the registered clients"`
|
||||
AllowedOriginsFromClientRedirectURIs bool `koanf:"allowed_origins_from_client_redirect_uris"`
|
||||
}
|
||||
|
||||
// IdentityProvidersOpenIDConnectClient represents a configuration for an OpenID Connect 1.0 client.
|
||||
type IdentityProvidersOpenIDConnectClient struct {
|
||||
ID string `koanf:"id" json:"id" jsonschema:"required,minLength=1,title=ID" jsonschema_description:"The Client ID"`
|
||||
Description string `koanf:"description" json:"description" jsonschema:"title=Description" jsonschema_description:"The Client Description for End-Users"`
|
||||
Secret *PasswordDigest `koanf:"secret" json:"secret" jsonschema:"title=Secret" jsonschema_description:"The Client Secret for Client Authentication"`
|
||||
SectorIdentifier url.URL `koanf:"sector_identifier" json:"sector_identifier" jsonschema:"title=Sector Identifier" jsonschema_description:"The Client Sector Identifier for Privacy Isolation"`
|
||||
Public bool `koanf:"public" json:"public" jsonschema:"default=false,title=Public" jsonschema_description:"Enables the Public Client Type"`
|
||||
// OpenIDConnectClient represents a configuration for an OpenID Connect 1.0 client.
|
||||
type OpenIDConnectClient struct {
|
||||
ID string `koanf:"id"`
|
||||
Description string `koanf:"description"`
|
||||
Secret *PasswordDigest `koanf:"secret"`
|
||||
SectorIdentifier url.URL `koanf:"sector_identifier"`
|
||||
Public bool `koanf:"public"`
|
||||
|
||||
RedirectURIs IdentityProvidersOpenIDConnectClientRedirectURIs `koanf:"redirect_uris" json:"redirect_uris" jsonschema:"required,title=Redirect URIs" jsonschema_description:"List of authorized redirect URIs"`
|
||||
RedirectURIs []string `koanf:"redirect_uris"`
|
||||
|
||||
Audience []string `koanf:"audience" json:"audience" jsonschema:"uniqueItems,title=Audience" jsonschema_description:"List of authorized audiences"`
|
||||
Scopes []string `koanf:"scopes" json:"scopes" jsonschema:"required,enum=openid,enum=offline_access,enum=groups,enum=email,enum=profile,uniqueItems,title=Scopes" jsonschema_description:"The Scopes this client is allowed request and be granted"`
|
||||
GrantTypes []string `koanf:"grant_types" json:"grant_types" jsonschema:"enum=authorization_code,enum=implicit,enum=refresh_token,uniqueItems,title=Grant Types" jsonschema_description:"The Grant Types this client is allowed to use for the protected endpoints"`
|
||||
ResponseTypes []string `koanf:"response_types" json:"response_types" jsonschema:"enum=code,enum=id_token token,enum=id_token,enum=token,enum=code token,enum=code id_token,enum=code id_token token,uniqueItems,title=Response Types" jsonschema_description:"The Response Types the client is authorized to request"`
|
||||
ResponseModes []string `koanf:"response_modes" json:"response_modes" jsonschema:"enum=form_post,enum=query,enum=fragment,uniqueItems,title=Response Modes" jsonschema_description:"The Response Modes this client is authorized request"`
|
||||
Audience []string `koanf:"audience"`
|
||||
Scopes []string `koanf:"scopes"`
|
||||
GrantTypes []string `koanf:"grant_types"`
|
||||
ResponseTypes []string `koanf:"response_types"`
|
||||
ResponseModes []string `koanf:"response_modes"`
|
||||
|
||||
Policy string `koanf:"authorization_policy" json:"authorization_policy" jsonschema:"title=Authorization Policy" jsonschema_description:"The Authorization Policy to apply to this client"`
|
||||
Policy string `koanf:"authorization_policy"`
|
||||
|
||||
ConsentMode string `koanf:"consent_mode" json:"consent_mode" jsonschema:"enum=auto,enum=explicit,enum=implicit,enum=pre-configured,title=Consent Mode" jsonschema_description:"The Consent Mode used for this client"`
|
||||
ConsentPreConfiguredDuration *time.Duration `koanf:"pre_configured_consent_duration" json:"pre_configured_consent_duration" jsonschema:"default=7 days,title=Pre-Configured Consent Duration" jsonschema_description:"The Pre-Configured Consent Duration when using Consent Mode pre-configured for this client"`
|
||||
ConsentMode string `koanf:"consent_mode"`
|
||||
ConsentPreConfiguredDuration *time.Duration `koanf:"pre_configured_consent_duration"`
|
||||
|
||||
EnforcePAR bool `koanf:"enforce_par" json:"enforce_par" jsonschema:"default=false,title=Enforce PAR" jsonschema_description:"Enforces Pushed Authorization Requests for this client"`
|
||||
EnforcePKCE bool `koanf:"enforce_pkce" json:"enforce_pkce" jsonschema:"default=false,title=Enforce PKCE" jsonschema_description:"Enforces Proof Key for Code Exchange for this client"`
|
||||
EnforcePAR bool `koanf:"enforce_par"`
|
||||
EnforcePKCE bool `koanf:"enforce_pkce"`
|
||||
|
||||
PKCEChallengeMethod string `koanf:"pkce_challenge_method" json:"pkce_challenge_method" jsonschema:"enum=plain,enum=S256,title=PKCE Challenge Method" jsonschema_description:"The PKCE Challenge Method enforced on this client"`
|
||||
PKCEChallengeMethod string `koanf:"pkce_challenge_method"`
|
||||
|
||||
IDTokenSigningAlg string `koanf:"id_token_signing_alg" json:"id_token_signing_alg" jsonschema:"eneum=none,enum=RS256,enum=RS384,enum=RS512,enum=ES256,enum=ES384,enum=ES512,enum=PS256,enum=PS384,enum=PS512,title=ID Token Signing Algorithm" jsonschema_description:"The algorithm (JWA) this client uses to sign ID Tokens"`
|
||||
IDTokenSigningKeyID string `koanf:"id_token_signing_key_id" json:"id_token_signing_key_id" jsonschema:"title=ID Token Signing Key ID" jsonschema_description:"The Key ID this client uses to sign ID Tokens (overrides the 'id_token_signing_alg')"`
|
||||
UserinfoSigningAlg string `koanf:"userinfo_signing_alg" json:"userinfo_signing_alg" jsonschema:"enum=none,enum=RS256,enum=RS384,enum=RS512,enum=ES256,enum=ES384,enum=ES512,enum=PS256,enum=PS384,enum=PS512,title=Userinfo Signing Algorithm" jsonschema_description:"The Userinfo Endpoint Signing Algorithm this client uses"`
|
||||
UserinfoSigningKeyID string `koanf:"userinfo_signing_key_id" json:"userinfo_signing_key_id" jsonschema:"title=Userinfo Signing Key ID" jsonschema_description:"The Key ID this client uses to sign the userinfo responses (overrides the 'userinfo_token_signing_alg')"`
|
||||
RequestObjectSigningAlg string `koanf:"request_object_signing_alg" json:"request_object_signing_alg" jsonschema:"enum=RS256,enum=RS384,enum=RS512,enum=ES256,enum=ES384,enum=ES512,enum=PS256,enum=PS384,enum=PS512,title=Request Object Signing Algorithm" jsonschema_description:"The Request Object Signing Algorithm the provider accepts for this client"`
|
||||
TokenEndpointAuthSigningAlg string `koanf:"token_endpoint_auth_signing_alg" json:"token_endpoint_auth_signing_alg" jsonschema:"enum=HS256,enum=HS384,enum=HS512,enum=RS256,enum=RS384,enum=RS512,enum=ES256,enum=ES384,enum=ES512,enum=PS256,enum=PS384,enum=PS512,title=Token Endpoint Auth Signing Algorithm" jsonschema_description:"The Token Endpoint Auth Signing Algorithm the provider accepts for this client"`
|
||||
IDTokenSigningAlg string `koanf:"id_token_signing_alg"`
|
||||
IDTokenSigningKeyID string `koanf:"id_token_signing_key_id"`
|
||||
UserinfoSigningAlg string `koanf:"userinfo_signing_alg"`
|
||||
UserinfoSigningKeyID string `koanf:"userinfo_signing_key_id"`
|
||||
RequestObjectSigningAlg string `koanf:"request_object_signing_alg"`
|
||||
TokenEndpointAuthSigningAlg string `koanf:"token_endpoint_auth_signing_alg"`
|
||||
|
||||
TokenEndpointAuthMethod string `koanf:"token_endpoint_auth_method" json:"token_endpoint_auth_method" jsonschema:"enum=none,enum=client_secret_post,enum=client_secret_basic,enum=private_key_jwt,enum=client_secret_jwt,title=Token Endpoint Auth Method" jsonschema_description:"The Token Endpoint Auth Method enforced by the provider for this client"`
|
||||
TokenEndpointAuthMethod string `koanf:"token_endpoint_auth_method"`
|
||||
|
||||
PublicKeys IdentityProvidersOpenIDConnectClientPublicKeys `koanf:"public_keys" json:"public_keys,omitempty" jsonschema:"title=Public Keys" jsonschema_description:"Public Key options used to validate request objects and the 'private_key_jwt' client authentication method for this client"`
|
||||
PublicKeys OpenIDConnectClientPublicKeys `koanf:"public_keys"`
|
||||
|
||||
Discovery OpenIDConnectDiscovery `json:"-"` // MetaData value. Not configurable by users.
|
||||
Discovery OpenIDConnectDiscovery
|
||||
}
|
||||
|
||||
// IdentityProvidersOpenIDConnectClientPublicKeys represents the Client Public Keys configuration for an OpenID Connect 1.0 client.
|
||||
type IdentityProvidersOpenIDConnectClientPublicKeys struct {
|
||||
URI *url.URL `koanf:"uri" json:"uri" jsonschema:"oneof_required=URI,title=URI" jsonschema_description:"URI of the JWKS endpoint which contains the Public Keys used to validate request objects and the 'private_key_jwt' client authentication method for this client"`
|
||||
Values []JWK `koanf:"values" json:"values" jsonschema:"oneof_required=Values,title=Values" jsonschema_description:"List of arbitrary Public Keys used to validate request objects and the 'private_key_jwt' client authentication method for this client"`
|
||||
// OpenIDConnectClientPublicKeys represents the Client Public Keys configuration for an OpenID Connect 1.0 client.
|
||||
type OpenIDConnectClientPublicKeys struct {
|
||||
URI *url.URL `koanf:"uri"`
|
||||
Values []JWK `koanf:"values"`
|
||||
}
|
||||
|
||||
// DefaultOpenIDConnectConfiguration contains defaults for OIDC.
|
||||
var DefaultOpenIDConnectConfiguration = IdentityProvidersOpenIDConnect{
|
||||
var DefaultOpenIDConnectConfiguration = OpenIDConnect{
|
||||
AccessTokenLifespan: time.Hour,
|
||||
AuthorizeCodeLifespan: time.Minute,
|
||||
IDTokenLifespan: time.Hour,
|
||||
|
@ -119,7 +119,7 @@ var DefaultOpenIDConnectConfiguration = IdentityProvidersOpenIDConnect{
|
|||
var defaultOIDCClientConsentPreConfiguredDuration = time.Hour * 24 * 7
|
||||
|
||||
// DefaultOpenIDConnectClientConfiguration contains defaults for OIDC Clients.
|
||||
var DefaultOpenIDConnectClientConfiguration = IdentityProvidersOpenIDConnectClient{
|
||||
var DefaultOpenIDConnectClientConfiguration = OpenIDConnectClient{
|
||||
Policy: "two_factor",
|
||||
Scopes: []string{"openid", "groups", "profile", "email"},
|
||||
ResponseTypes: []string{"code"},
|
||||
|
|
|
@ -132,21 +132,22 @@ var Keys = []string{
|
|||
"authentication_backend.ldap.permit_feature_detection_failure",
|
||||
"authentication_backend.ldap.user",
|
||||
"authentication_backend.ldap.password",
|
||||
"session.secret",
|
||||
"session.name",
|
||||
"session.domain",
|
||||
"session.same_site",
|
||||
"session.expiration",
|
||||
"session.inactivity",
|
||||
"session.remember_me",
|
||||
"session",
|
||||
"session.secret",
|
||||
"session.cookies",
|
||||
"session.cookies[].name",
|
||||
"session.cookies[].domain",
|
||||
"session.cookies[].same_site",
|
||||
"session.cookies[].expiration",
|
||||
"session.cookies[].inactivity",
|
||||
"session.cookies[].remember_me",
|
||||
"session.cookies[]",
|
||||
"session.cookies[].domain",
|
||||
"session.cookies[].authelia_url",
|
||||
"session.redis.host",
|
||||
"session.redis.port",
|
||||
|
@ -164,12 +165,11 @@ var Keys = []string{
|
|||
"session.redis.high_availability.sentinel_name",
|
||||
"session.redis.high_availability.sentinel_username",
|
||||
"session.redis.high_availability.sentinel_password",
|
||||
"session.redis.high_availability.route_by_latency",
|
||||
"session.redis.high_availability.route_randomly",
|
||||
"session.redis.high_availability.nodes",
|
||||
"session.redis.high_availability.nodes[].host",
|
||||
"session.redis.high_availability.nodes[].port",
|
||||
"session.domain",
|
||||
"session.redis.high_availability.route_by_latency",
|
||||
"session.redis.high_availability.route_randomly",
|
||||
"totp.disable",
|
||||
"totp.issuer",
|
||||
"totp.algorithm",
|
||||
|
@ -264,6 +264,8 @@ var Keys = []string{
|
|||
"server.address",
|
||||
"server.asset_path",
|
||||
"server.disable_healthcheck",
|
||||
"server.disable_autho_https_redirect",
|
||||
"server.use_ip_for_ban",
|
||||
"server.tls.certificate",
|
||||
"server.tls.key",
|
||||
"server.tls.client_certificates",
|
||||
|
@ -274,6 +276,8 @@ var Keys = []string{
|
|||
"server.endpoints.authz.*.implementation",
|
||||
"server.endpoints.authz.*.authn_strategies",
|
||||
"server.endpoints.authz.*.authn_strategies[].name",
|
||||
"server.grpc.address",
|
||||
"server.grpc.disableTLS",
|
||||
"server.buffers.read",
|
||||
"server.buffers.write",
|
||||
"server.timeouts.read",
|
||||
|
|
|
@ -1,15 +1,15 @@
|
|||
package schema
|
||||
|
||||
// Log represents the logging configuration.
|
||||
type Log struct {
|
||||
Level string `koanf:"level" json:"level" jsonschema:"enum=error,enum=warn,enum=info,enum=debug,enum=trace,title=Level" jsonschema_description:"The minimum Level a Log message must be before it's added to the log'"`
|
||||
Format string `koanf:"format" json:"format" jsonschema:"enum=json,enum=text,title=Format" jsonschema_description:"The Format of Log messages"`
|
||||
FilePath string `koanf:"file_path" json:"file_path" jsonschema:"title=File Path" jsonschema_description:"The File Path to save the logs to instead of sending them to stdout"`
|
||||
KeepStdout bool `koanf:"keep_stdout" json:"keep_stdout" jsonschema:"default=false,title=Keep Stdout" jsonschema_description:"Enables keeping stdout when using the File Path option"`
|
||||
// LogConfiguration represents the logging configuration.
|
||||
type LogConfiguration struct {
|
||||
Level string `koanf:"level"`
|
||||
Format string `koanf:"format"`
|
||||
FilePath string `koanf:"file_path"`
|
||||
KeepStdout bool `koanf:"keep_stdout"`
|
||||
}
|
||||
|
||||
// DefaultLoggingConfiguration is the default logging configuration.
|
||||
var DefaultLoggingConfiguration = Log{
|
||||
var DefaultLoggingConfiguration = LogConfiguration{
|
||||
Level: "info",
|
||||
Format: "text",
|
||||
}
|
||||
|
|
|
@ -7,49 +7,49 @@ import (
|
|||
"time"
|
||||
)
|
||||
|
||||
// Notifier represents the configuration of the notifier to use when sending notifications to users.
|
||||
type Notifier struct {
|
||||
DisableStartupCheck bool `koanf:"disable_startup_check" json:"disable_startup_check" jsonschema:"default=false,title=Disable Startup Check" jsonschema_description:"Disables the notifier startup checks"`
|
||||
FileSystem *NotifierFileSystem `koanf:"filesystem" json:"filesystem" jsonschema:"title=File System" jsonschema_description:"The File System notifier"`
|
||||
SMTP *NotifierSMTP `koanf:"smtp" json:"smtp" jsonschema:"title=SMTP" jsonschema_description:"The SMTP notifier"`
|
||||
TemplatePath string `koanf:"template_path" json:"template_path" jsonschema:"title=Template Path" jsonschema_description:"The path for notifier template overrides"`
|
||||
// FileSystemNotifierConfiguration represents the configuration of the notifier writing emails in a file.
|
||||
type FileSystemNotifierConfiguration struct {
|
||||
Filename string `koanf:"filename"`
|
||||
}
|
||||
|
||||
// NotifierFileSystem represents the configuration of the notifier writing emails in a file.
|
||||
type NotifierFileSystem struct {
|
||||
Filename string `koanf:"filename" json:"filename" jsonschema:"title=Filename" jsonschema_description:"The file path of the notifications"`
|
||||
// SMTPNotifierConfiguration represents the configuration of the SMTP server to send emails with.
|
||||
type SMTPNotifierConfiguration struct {
|
||||
Address *AddressSMTP `koanf:"address"`
|
||||
Timeout time.Duration `koanf:"timeout"`
|
||||
Username string `koanf:"username"`
|
||||
Password string `koanf:"password"`
|
||||
Identifier string `koanf:"identifier"`
|
||||
Sender mail.Address `koanf:"sender"`
|
||||
Subject string `koanf:"subject"`
|
||||
StartupCheckAddress mail.Address `koanf:"startup_check_address"`
|
||||
DisableRequireTLS bool `koanf:"disable_require_tls"`
|
||||
DisableHTMLEmails bool `koanf:"disable_html_emails"`
|
||||
DisableStartTLS bool `koanf:"disable_starttls"`
|
||||
TLS *TLSConfig `koanf:"tls"`
|
||||
|
||||
// Deprecated: use address instead.
|
||||
Host string `koanf:"host"`
|
||||
|
||||
// Deprecated: use address instead.
|
||||
Port int `koanf:"port"`
|
||||
}
|
||||
|
||||
// NotifierSMTP represents the configuration of the SMTP server to send emails with.
|
||||
type NotifierSMTP struct {
|
||||
Address *AddressSMTP `koanf:"address" json:"address" jsonschema:"default=smtp://localhost:25,title=Address" jsonschema_description:"The SMTP server address"`
|
||||
Timeout time.Duration `koanf:"timeout" json:"timeout" jsonschema:"default=5 seconds,title=Timeout" jsonschema_description:"The SMTP server connection timeout"`
|
||||
Username string `koanf:"username" json:"username" jsonschema:"title=Username" jsonschema_description:"The username for SMTP authentication"`
|
||||
Password string `koanf:"password" json:"password" jsonschema:"title=Password" jsonschema_description:"The password for SMTP authentication"`
|
||||
Identifier string `koanf:"identifier" json:"identifier" jsonschema:"default=localhost,title=Identifier" jsonschema_description:"The identifier used during the HELO/EHLO command"`
|
||||
Sender mail.Address `koanf:"sender" json:"sender" jsonschema:"title=Sender" jsonschema_description:"The sender used for SMTP"`
|
||||
Subject string `koanf:"subject" json:"subject" jsonschema:"default=[Authelia] {title},title=Subject" jsonschema_description:"The subject format used"`
|
||||
StartupCheckAddress mail.Address `koanf:"startup_check_address" json:"startup_check_address" jsonschema:"default=Authelia Test <test@authelia.com>,title=Startup Check Address" jsonschema_description:"The address used for the recipient in the startup check"`
|
||||
DisableRequireTLS bool `koanf:"disable_require_tls" json:"disable_require_tls" jsonschema:"default=false,title=Disable Require TLS" jsonschema_description:"Disables the requirement to use TLS"`
|
||||
DisableHTMLEmails bool `koanf:"disable_html_emails" json:"disable_html_emails" jsonschema:"default=false,title=Disable HTML Emails" jsonschema_description:"Disables the mixed content type of emails and only sends the plaintext version"`
|
||||
DisableStartTLS bool `koanf:"disable_starttls" json:"disable_starttls" jsonschema:"default=false,title=Disable StartTLS" jsonschema_description:"Disables the opportunistic StartTLS functionality which is useful for bad SMTP servers which advertise support for it but don't actually support it'"`
|
||||
TLS *TLS `koanf:"tls" json:"tls" jsonschema:"title=TLS" jsonschema_description:"The SMTP server TLS connection properties"`
|
||||
|
||||
// Deprecated: use address instead.
|
||||
Host string `koanf:"host" json:"host" jsonschema:"deprecated"`
|
||||
|
||||
// Deprecated: use address instead.
|
||||
Port int `koanf:"port" json:"port" jsonschema:"deprecated"`
|
||||
// NotifierConfiguration represents the configuration of the notifier to use when sending notifications to users.
|
||||
type NotifierConfiguration struct {
|
||||
DisableStartupCheck bool `koanf:"disable_startup_check"`
|
||||
FileSystem *FileSystemNotifierConfiguration `koanf:"filesystem"`
|
||||
SMTP *SMTPNotifierConfiguration `koanf:"smtp"`
|
||||
TemplatePath string `koanf:"template_path"`
|
||||
}
|
||||
|
||||
// DefaultSMTPNotifierConfiguration represents default configuration parameters for the SMTP notifier.
|
||||
var DefaultSMTPNotifierConfiguration = NotifierSMTP{
|
||||
var DefaultSMTPNotifierConfiguration = SMTPNotifierConfiguration{
|
||||
Address: &AddressSMTP{Address{true, false, -1, 25, &url.URL{Scheme: AddressSchemeSMTP, Host: "localhost:25"}}},
|
||||
Timeout: time.Second * 5,
|
||||
Subject: "[Authelia] {title}",
|
||||
Identifier: "localhost",
|
||||
StartupCheckAddress: mail.Address{Name: "Authelia Test", Address: "test@authelia.com"},
|
||||
TLS: &TLS{
|
||||
TLS: &TLSConfig{
|
||||
MinimumVersion: TLSVersion{tls.VersionTLS12},
|
||||
},
|
||||
}
|
||||
|
|
|
@ -5,17 +5,17 @@ import (
|
|||
"time"
|
||||
)
|
||||
|
||||
// NTP represents the configuration related to ntp server.
|
||||
type NTP struct {
|
||||
Address *AddressUDP `koanf:"address" json:"address"`
|
||||
Version int `koanf:"version" json:"version" jsonschema:"enum=3,enum=4,title=NTP Version" jsonschema_description:"The NTP Version to use"`
|
||||
MaximumDesync time.Duration `koanf:"max_desync" json:"max_desync" jsonschema:"default=3 seconds,title=Maximum Desync" jsonschema_description:"The maximum amount of time that the server can be out of sync"`
|
||||
DisableStartupCheck bool `koanf:"disable_startup_check" json:"disable_startup_check" jsonschema:"default=false,title=Disable Startup Check" jsonschema_description:"Disables the NTP Startup Check entirely"`
|
||||
DisableFailure bool `koanf:"disable_failure" json:"disable_failure" jsonschema:"default=false,title=Disable Failure" jsonschema_description:"Disables complete failure whe the Startup Check fails and instead just logs the error"`
|
||||
// NTPConfiguration represents the configuration related to ntp server.
|
||||
type NTPConfiguration struct {
|
||||
Address *AddressUDP `koanf:"address"`
|
||||
Version int `koanf:"version"`
|
||||
MaximumDesync time.Duration `koanf:"max_desync"`
|
||||
DisableStartupCheck bool `koanf:"disable_startup_check"`
|
||||
DisableFailure bool `koanf:"disable_failure"`
|
||||
}
|
||||
|
||||
// DefaultNTPConfiguration represents default configuration parameters for the NTP server.
|
||||
var DefaultNTPConfiguration = NTP{
|
||||
var DefaultNTPConfiguration = NTPConfiguration{
|
||||
Address: &AddressUDP{Address{valid: true, socket: false, port: 123, url: &url.URL{Scheme: AddressSchemeUDP, Host: "time.cloudflare.com:123"}}},
|
||||
Version: 4,
|
||||
MaximumDesync: time.Second * 3,
|
||||
|
|
|
@ -1,35 +1,37 @@
|
|||
package schema
|
||||
|
||||
// PasswordPolicy represents the configuration related to password policy.
|
||||
type PasswordPolicy struct {
|
||||
Standard PasswordPolicyStandard `koanf:"standard" json:"standard" jsonschema:"title=Standard" jsonschema_description:"The standard password policy engine"`
|
||||
ZXCVBN PasswordPolicyZXCVBN `koanf:"zxcvbn" json:"zxcvbn" jsonschema:"title=ZXCVBN" jsonschema_description:"The ZXCVBN password policy engine"`
|
||||
// PasswordPolicyStandardParams represents the configuration related to standard parameters of password policy.
|
||||
type PasswordPolicyStandardParams struct {
|
||||
Enabled bool `koanf:"enabled"`
|
||||
MinLength int `koanf:"min_length"`
|
||||
MaxLength int `koanf:"max_length"`
|
||||
RequireUppercase bool `koanf:"require_uppercase"`
|
||||
RequireLowercase bool `koanf:"require_lowercase"`
|
||||
RequireNumber bool `koanf:"require_number"`
|
||||
RequireSpecial bool `koanf:"require_special"`
|
||||
}
|
||||
|
||||
// PasswordPolicyStandard represents the configuration related to standard parameters of password policy.
|
||||
type PasswordPolicyStandard struct {
|
||||
Enabled bool `koanf:"enabled" json:"enabled" jsonschema:"default=false,title=Enabled" jsonschema_description:"Enables the standard password policy engine"`
|
||||
MinLength int `koanf:"min_length" json:"min_length" jsonschema:"title=Minimum Length" jsonschema_description:"Minimum password length"`
|
||||
MaxLength int `koanf:"max_length" json:"max_length" jsonschema:"default=8,title=Maximum Length" jsonschema_description:"Maximum password length"`
|
||||
RequireUppercase bool `koanf:"require_uppercase" json:"require_uppercase" jsonschema:"default=false,title=Require Uppercase" jsonschema_description:"Require uppercase characters"`
|
||||
RequireLowercase bool `koanf:"require_lowercase" json:"require_lowercase" jsonschema:"default=false,title=Require Lowercase" jsonschema_description:"Require lowercase characters"`
|
||||
RequireNumber bool `koanf:"require_number" json:"require_number" jsonschema:"default=false,title=Require Number" jsonschema_description:"Require numeric characters"`
|
||||
RequireSpecial bool `koanf:"require_special" json:"require_special" jsonschema:"default=false,title=Require Special" jsonschema_description:"Require symbolic characters"`
|
||||
// PasswordPolicyZXCVBNParams represents the configuration related to ZXCVBN parameters of password policy.
|
||||
type PasswordPolicyZXCVBNParams struct {
|
||||
Enabled bool `koanf:"enabled"`
|
||||
MinScore int `koanf:"min_score"`
|
||||
}
|
||||
|
||||
// PasswordPolicyZXCVBN represents the configuration related to ZXCVBN parameters of password policy.
|
||||
type PasswordPolicyZXCVBN struct {
|
||||
Enabled bool `koanf:"enabled" json:"enabled" jsonschema:"default=false,title=Enabled" jsonschema_description:"Enables the ZXCVBN password policy engine"`
|
||||
MinScore int `koanf:"min_score" json:"min_score" jsonschema:"default=3,title=Minimum Score" jsonschema_description:"The minimum ZXCVBN score allowed"`
|
||||
// PasswordPolicyConfiguration represents the configuration related to password policy.
|
||||
type PasswordPolicyConfiguration struct {
|
||||
Standard PasswordPolicyStandardParams `koanf:"standard"`
|
||||
ZXCVBN PasswordPolicyZXCVBNParams `koanf:"zxcvbn"`
|
||||
}
|
||||
|
||||
// DefaultPasswordPolicyConfiguration is the default password policy configuration.
|
||||
var DefaultPasswordPolicyConfiguration = PasswordPolicy{
|
||||
Standard: PasswordPolicyStandard{
|
||||
var DefaultPasswordPolicyConfiguration = PasswordPolicyConfiguration{
|
||||
Standard: PasswordPolicyStandardParams{
|
||||
Enabled: false,
|
||||
MinLength: 8,
|
||||
MaxLength: 0,
|
||||
},
|
||||
ZXCVBN: PasswordPolicyZXCVBN{
|
||||
ZXCVBN: PasswordPolicyZXCVBNParams{
|
||||
Enabled: false,
|
||||
MinScore: 3,
|
||||
},
|
||||
}
|
||||
|
|
|
@ -6,7 +6,7 @@ import (
|
|||
|
||||
// PrivacyPolicy is the privacy policy configuration.
|
||||
type PrivacyPolicy struct {
|
||||
Enabled bool `koanf:"enabled" json:"enabled" jsonschema:"default=false,title=Enabled" jsonschema_description:"Enables the Privacy Policy functionality"`
|
||||
RequireUserAcceptance bool `koanf:"require_user_acceptance" json:"require_user_acceptance" jsonschema:"default=false,title=Require User Acceptance" jsonschema_description:"Enables the requirement for users to accept the policy"`
|
||||
PolicyURL *url.URL `koanf:"policy_url" json:"policy_url" jsonschema:"title=Policy URL" jsonschema_description:"The URL of the privacy policy"`
|
||||
Enabled bool `koanf:"enabled"`
|
||||
RequireUserAcceptance bool `koanf:"require_user_acceptance"`
|
||||
PolicyURL *url.URL `koanf:"policy_url"`
|
||||
}
|
||||
|
|
|
@ -4,15 +4,15 @@ import (
|
|||
"time"
|
||||
)
|
||||
|
||||
// Regulation represents the configuration related to regulation.
|
||||
type Regulation struct {
|
||||
MaxRetries int `koanf:"max_retries" json:"max_retries" jsonschema:"default=3,title=Maximum Retries" jsonschema_description:"The maximum number of failed attempts permitted before banning a user"`
|
||||
FindTime time.Duration `koanf:"find_time" json:"find_time" jsonschema:"default=2 minutes,title=Find Time" jsonschema_description:"The amount of time to consider when determining the number of failed attempts"`
|
||||
BanTime time.Duration `koanf:"ban_time" json:"ban_time" jsonschema:"default=5 minutes,title=Ban Time" jsonschema_description:"The amount of time to ban the user for when it's determined the maximum retries has been exceeded'"`
|
||||
// RegulationConfiguration represents the configuration related to regulation.
|
||||
type RegulationConfiguration struct {
|
||||
MaxRetries int `koanf:"max_retries"`
|
||||
FindTime time.Duration `koanf:"find_time,weak"`
|
||||
BanTime time.Duration `koanf:"ban_time,weak"`
|
||||
}
|
||||
|
||||
// DefaultRegulationConfiguration represents default configuration parameters for the regulator.
|
||||
var DefaultRegulationConfiguration = Regulation{
|
||||
var DefaultRegulationConfiguration = RegulationConfiguration{
|
||||
MaxRetries: 3,
|
||||
FindTime: time.Minute * 2,
|
||||
BanTime: time.Minute * 5,
|
||||
|
|
|
@ -5,63 +5,75 @@ import (
|
|||
"time"
|
||||
)
|
||||
|
||||
// Server represents the configuration of the http server.
|
||||
type Server struct {
|
||||
Address *AddressTCP `koanf:"address" json:"address" jsonschema:"default=tcp://:9091/,title=Address" jsonschema_description:"The address to listen on"`
|
||||
AssetPath string `koanf:"asset_path" json:"asset_path" jsonschema:"title=Asset Path" jsonschema_description:"The directory where the server asset overrides reside"`
|
||||
DisableHealthcheck bool `koanf:"disable_healthcheck" json:"disable_healthcheck" jsonschema:"default=false,title=Disable Healthcheck" jsonschema_description:"Disables the healthcheck functionality"`
|
||||
// ServerConfiguration represents the configuration of the http server.
|
||||
type ServerConfiguration struct {
|
||||
Address *AddressTCP `koanf:"address"`
|
||||
AssetPath string `koanf:"asset_path"`
|
||||
DisableHealthcheck bool `koanf:"disable_healthcheck"`
|
||||
DisableAutoHttpsRedirect bool `koanf:"disable_autho_https_redirect"`
|
||||
UseIPInsteadOfUserForBan bool `koanf:"use_ip_for_ban"`
|
||||
|
||||
TLS ServerTLS `koanf:"tls" json:"tls" jsonschema:"title=TLS" jsonschema_description:"The server TLS configuration"`
|
||||
Headers ServerHeaders `koanf:"headers" json:"headers" jsonschema:"title=Headers" jsonschema_description:"The server headers configuration"`
|
||||
Endpoints ServerEndpoints `koanf:"endpoints" json:"endpoints" jsonschema:"title=Endpoints" jsonschema_description:"The server endpoints configuration"`
|
||||
TLS ServerTLS `koanf:"tls"`
|
||||
Headers ServerHeaders `koanf:"headers"`
|
||||
Endpoints ServerEndpoints `koanf:"endpoints"`
|
||||
GRPC ServerGRPC `koanf:"grpc"`
|
||||
|
||||
Buffers ServerBuffers `koanf:"buffers" json:"buffers" jsonschema:"title=Buffers" jsonschema_description:"The server buffers configuration"`
|
||||
Timeouts ServerTimeouts `koanf:"timeouts" json:"timeouts" jsonschema:"title=Timeouts" jsonschema_description:"The server timeouts configuration"`
|
||||
Buffers ServerBuffers `koanf:"buffers"`
|
||||
Timeouts ServerTimeouts `koanf:"timeouts"`
|
||||
|
||||
// Deprecated: use address instead.
|
||||
Host string `koanf:"host" json:"host" jsonschema:"deprecated"`
|
||||
Host string `koanf:"host"`
|
||||
|
||||
// Deprecated: use address instead.
|
||||
Port int `koanf:"port" json:"port" jsonschema:"deprecated"`
|
||||
Port int `koanf:"port"`
|
||||
|
||||
// Deprecated: use address instead.
|
||||
Path string `koanf:"path" json:"path" jsonschema:"deprecated"`
|
||||
Path string `koanf:"path"`
|
||||
}
|
||||
|
||||
// ServerEndpoints is the endpoints configuration for the HTTP server.
|
||||
type ServerEndpoints struct {
|
||||
EnablePprof bool `koanf:"enable_pprof" json:"enable_pprof" jsonschema:"default=false,title=Enable PProf" jsonschema_description:"Enables the developer specific pprof endpoints which should not be used in production and only used for debugging purposes"`
|
||||
EnableExpvars bool `koanf:"enable_expvars" json:"enable_expvars" jsonschema:"default=false,title=Enable ExpVars" jsonschema_description:"Enables the developer specific ExpVars endpoints which should not be used in production and only used for debugging purposes"`
|
||||
EnablePprof bool `koanf:"enable_pprof"`
|
||||
EnableExpvars bool `koanf:"enable_expvars"`
|
||||
|
||||
Authz map[string]ServerEndpointsAuthz `koanf:"authz" json:"authz" jsonschema:"title=Authz" jsonschema_description:"Configures the Authorization endpoints"`
|
||||
Authz map[string]ServerAuthzEndpoint `koanf:"authz"`
|
||||
}
|
||||
|
||||
// ServerEndpointsAuthz is the Authz endpoints configuration for the HTTP server.
|
||||
type ServerEndpointsAuthz struct {
|
||||
Implementation string `koanf:"implementation" json:"implementation" jsonschema:"enum=ForwardAuth,enum=AuthRequest,enum=ExtAuthz,enum=Legacy,title=Implementation" jsonschema_description:"The specific Authorization implementation to use for this endpoint"`
|
||||
// ServerAuthzEndpoint is the Authz endpoints configuration for the HTTP server.
|
||||
type ServerAuthzEndpoint struct {
|
||||
Implementation string `koanf:"implementation"`
|
||||
|
||||
AuthnStrategies []ServerEndpointsAuthzAuthnStrategy `koanf:"authn_strategies" json:"authn_strategies" jsonschema:"title=Authn Strategies" jsonschema_description:"The specific Authorization strategies to use for this endpoint"`
|
||||
AuthnStrategies []ServerAuthzEndpointAuthnStrategy `koanf:"authn_strategies"`
|
||||
}
|
||||
|
||||
// ServerEndpointsAuthzAuthnStrategy is the Authz endpoints configuration for the HTTP server.
|
||||
type ServerEndpointsAuthzAuthnStrategy struct {
|
||||
Name string `koanf:"name" json:"name" jsonschema:"enum=HeaderAuthorization,enum=HeaderProxyAuthorization,enum=HeaderAuthRequestProxyAuthorization,enum=HeaderLegacy,enum=CookieSession,title=Name" jsonschema_description:"The name of the Authorization strategy to use"`
|
||||
// ServerAuthzEndpointAuthnStrategy is the Authz endpoints configuration for the HTTP server.
|
||||
type ServerAuthzEndpointAuthnStrategy struct {
|
||||
Name string `koanf:"name"`
|
||||
}
|
||||
|
||||
// ServerTLS represents the configuration of the http servers TLS options.
|
||||
type ServerTLS struct {
|
||||
Certificate string `koanf:"certificate" json:"certificate" jsonschema:"title=Certificate" jsonschema_description:"Path to the Certificate"`
|
||||
Key string `koanf:"key" json:"key" jsonschema:"title=Key" jsonschema_description:"Path to the Private Key"`
|
||||
ClientCertificates []string `koanf:"client_certificates" json:"client_certificates" jsonschema:"uniqueItems,title=Client Certificates" jsonschema_description:"Path to the Client Certificates to trust for mTLS"`
|
||||
Certificate string `koanf:"certificate"`
|
||||
Key string `koanf:"key"`
|
||||
ClientCertificates []string `koanf:"client_certificates"`
|
||||
}
|
||||
|
||||
// ServerHeaders represents the customization of the http server headers.
|
||||
type ServerHeaders struct {
|
||||
CSPTemplate CSPTemplate `koanf:"csp_template" json:"csp_template" jsonschema:"title=CSP Template" jsonschema_description:"The Content Security Policy template"`
|
||||
CSPTemplate string `koanf:"csp_template"`
|
||||
}
|
||||
|
||||
// DefaultServerConfiguration represents the default values of the Server.
|
||||
var DefaultServerConfiguration = Server{
|
||||
// ServerGRCP contains configuration options for the gRCP server.
|
||||
type ServerGRPC struct {
|
||||
// Address with port to listen on. If this field is empty, no grcp server
|
||||
// will be spawned.
|
||||
Address *AddressTCP `koanf:"address"`
|
||||
|
||||
DisableTLS bool `koanf:"disableTLS"`
|
||||
}
|
||||
|
||||
// DefaultServerConfiguration represents the default values of the ServerConfiguration.
|
||||
var DefaultServerConfiguration = ServerConfiguration{
|
||||
Address: &AddressTCP{Address{true, false, -1, 9091, &url.URL{Scheme: AddressSchemeTCP, Host: ":9091", Path: "/"}}},
|
||||
Buffers: ServerBuffers{
|
||||
Read: 4096,
|
||||
|
@ -73,13 +85,13 @@ var DefaultServerConfiguration = Server{
|
|||
Idle: time.Second * 30,
|
||||
},
|
||||
Endpoints: ServerEndpoints{
|
||||
Authz: map[string]ServerEndpointsAuthz{
|
||||
Authz: map[string]ServerAuthzEndpoint{
|
||||
"legacy": {
|
||||
Implementation: "Legacy",
|
||||
},
|
||||
"auth-request": {
|
||||
Implementation: "AuthRequest",
|
||||
AuthnStrategies: []ServerEndpointsAuthzAuthnStrategy{
|
||||
AuthnStrategies: []ServerAuthzEndpointAuthnStrategy{
|
||||
{
|
||||
Name: "HeaderAuthRequestProxyAuthorization",
|
||||
},
|
||||
|
@ -90,7 +102,7 @@ var DefaultServerConfiguration = Server{
|
|||
},
|
||||
"forward-auth": {
|
||||
Implementation: "ForwardAuth",
|
||||
AuthnStrategies: []ServerEndpointsAuthzAuthnStrategy{
|
||||
AuthnStrategies: []ServerAuthzEndpointAuthnStrategy{
|
||||
{
|
||||
Name: "HeaderProxyAuthorization",
|
||||
},
|
||||
|
@ -101,7 +113,7 @@ var DefaultServerConfiguration = Server{
|
|||
},
|
||||
"ext-authz": {
|
||||
Implementation: "ExtAuthz",
|
||||
AuthnStrategies: []ServerEndpointsAuthzAuthnStrategy{
|
||||
AuthnStrategies: []ServerAuthzEndpointAuthnStrategy{
|
||||
{
|
||||
Name: "HeaderProxyAuthorization",
|
||||
},
|
||||
|
|
|
@ -6,72 +6,67 @@ import (
|
|||
"time"
|
||||
)
|
||||
|
||||
// Session represents the configuration related to user sessions.
|
||||
type Session struct {
|
||||
SessionCookieCommon `koanf:",squash"`
|
||||
|
||||
Secret string `koanf:"secret" json:"secret" jsonschema:"title=Secret" jsonschema_description:"Secret used to encrypt the session data"`
|
||||
|
||||
Cookies []SessionCookie `koanf:"cookies" json:"cookies" jsonschema:"title=Cookies" jsonschema_description:"List of cookie domain configurations"`
|
||||
|
||||
Redis *SessionRedis `koanf:"redis" json:"redis" jsonschema:"title=Redis" jsonschema_description:"Redis Session Provider configuration"`
|
||||
|
||||
// Deprecated: Use the cookies options instead.
|
||||
Domain string `koanf:"domain" json:"domain" jsonschema:"deprecated"`
|
||||
// RedisNode Represents a Node.
|
||||
type RedisNode struct {
|
||||
Host string `koanf:"host"`
|
||||
Port int `koanf:"port"`
|
||||
}
|
||||
|
||||
type SessionCookieCommon struct {
|
||||
Name string `koanf:"name" json:"name" jsonschema:"default=authelia_session"`
|
||||
SameSite string `koanf:"same_site" json:"same_site" jsonschema:"default=lax,enum=lax,enum=strict,enum=none"`
|
||||
Expiration time.Duration `koanf:"expiration" json:"expiration" jsonschema:"default=1 hour"`
|
||||
Inactivity time.Duration `koanf:"inactivity" json:"inactivity" jsonschema:"default=5 minutes"`
|
||||
RememberMe time.Duration `koanf:"remember_me" json:"remember_me" jsonschema:"default=30 days"`
|
||||
// RedisHighAvailabilityConfiguration holds configuration variables for Redis Cluster/Sentinel.
|
||||
type RedisHighAvailabilityConfiguration struct {
|
||||
SentinelName string `koanf:"sentinel_name"`
|
||||
SentinelUsername string `koanf:"sentinel_username"`
|
||||
SentinelPassword string `koanf:"sentinel_password"`
|
||||
Nodes []RedisNode `koanf:"nodes"`
|
||||
RouteByLatency bool `koanf:"route_by_latency"`
|
||||
RouteRandomly bool `koanf:"route_randomly"`
|
||||
}
|
||||
|
||||
// RedisSessionConfiguration represents the configuration related to redis session store.
|
||||
type RedisSessionConfiguration struct {
|
||||
Host string `koanf:"host"`
|
||||
Port int `koanf:"port"`
|
||||
Username string `koanf:"username"`
|
||||
Password string `koanf:"password"`
|
||||
DatabaseIndex int `koanf:"database_index"`
|
||||
MaximumActiveConnections int `koanf:"maximum_active_connections"`
|
||||
MinimumIdleConnections int `koanf:"minimum_idle_connections"`
|
||||
TLS *TLSConfig `koanf:"tls"`
|
||||
HighAvailability *RedisHighAvailabilityConfiguration `koanf:"high_availability"`
|
||||
}
|
||||
|
||||
// SessionConfiguration represents the configuration related to user sessions.
|
||||
type SessionConfiguration struct {
|
||||
Secret string `koanf:"secret"`
|
||||
|
||||
SessionCookieCommonConfiguration `koanf:",squash"`
|
||||
|
||||
Cookies []SessionCookieConfiguration `koanf:"cookies"`
|
||||
|
||||
Redis *RedisSessionConfiguration `koanf:"redis"`
|
||||
}
|
||||
|
||||
type SessionCookieCommonConfiguration struct {
|
||||
Name string `koanf:"name"`
|
||||
Domain string `koanf:"domain"`
|
||||
SameSite string `koanf:"same_site"`
|
||||
Expiration time.Duration `koanf:"expiration"`
|
||||
Inactivity time.Duration `koanf:"inactivity"`
|
||||
RememberMe time.Duration `koanf:"remember_me"`
|
||||
|
||||
DisableRememberMe bool
|
||||
}
|
||||
|
||||
// SessionCookie represents the configuration for a cookie domain.
|
||||
type SessionCookie struct {
|
||||
SessionCookieCommon `koanf:",squash"`
|
||||
// SessionCookieConfiguration represents the configuration for a cookie domain.
|
||||
type SessionCookieConfiguration struct {
|
||||
SessionCookieCommonConfiguration `koanf:",squash"`
|
||||
|
||||
Domain string `koanf:"domain" json:"domain" jsonschema:"format=hostname,title=Domain" jsonschema_description:"The domain for this session cookie"`
|
||||
AutheliaURL *url.URL `koanf:"authelia_url" json:"authelia_url" jsonschema:"format=uri,title=Authelia URL" jsonschema_description:"The Root Authelia URL to redirect users to for this session cookie"`
|
||||
}
|
||||
|
||||
// SessionRedis represents the configuration related to redis session store.
|
||||
type SessionRedis struct {
|
||||
Host string `koanf:"host" json:"host" jsonschema:"title=Host" jsonschema_description:"The redis server host"`
|
||||
Port int `koanf:"port" json:"port" jsonschema:"default=6379,title=Host" jsonschema_description:"The redis server port"`
|
||||
Username string `koanf:"username" json:"username" jsonschema:"title=Username" jsonschema_description:"The redis username"`
|
||||
Password string `koanf:"password" json:"password" jsonschema:"title=Password" jsonschema_description:"The redis password"`
|
||||
DatabaseIndex int `koanf:"database_index" json:"database_index" jsonschema:"default=0,title=Database Index" jsonschema_description:"The redis database index"`
|
||||
MaximumActiveConnections int `koanf:"maximum_active_connections" json:"maximum_active_connections" jsonschema:"default=8,title=Maximum Active Connections" jsonschema_description:"The maximum connections that can be made to redis at one time"`
|
||||
MinimumIdleConnections int `koanf:"minimum_idle_connections" json:"minimum_idle_connections" jsonschema:"title=Minimum Idle Connections" jsonschema_description:"The minimum idle connections that should be open to redis"`
|
||||
TLS *TLS `koanf:"tls" json:"tls"`
|
||||
|
||||
HighAvailability *SessionRedisHighAvailability `koanf:"high_availability" json:"high_availability"`
|
||||
}
|
||||
|
||||
// SessionRedisHighAvailability holds configuration variables for Redis Cluster/Sentinel.
|
||||
type SessionRedisHighAvailability struct {
|
||||
SentinelName string `koanf:"sentinel_name" json:"sentinel_name" jsonschema:"title=Sentinel Name" jsonschema_description:"The name of the sentinel instance"`
|
||||
SentinelUsername string `koanf:"sentinel_username" json:"sentinel_username" jsonschema:"title=Sentinel Username" jsonschema_description:"The username for the sentinel instance"`
|
||||
SentinelPassword string `koanf:"sentinel_password" json:"sentinel_password" jsonschema:"title=Sentinel Username" jsonschema_description:"The username for the sentinel instance"`
|
||||
RouteByLatency bool `koanf:"route_by_latency" json:"route_by_latency" jsonschema:"default=false,title=Route by Latency" jsonschema_description:"Uses the Route by Latency mode"`
|
||||
RouteRandomly bool `koanf:"route_randomly" json:"route_randomly" jsonschema:"default=false,title=Route Randomly" jsonschema_description:"Uses the Route Randomly mode"`
|
||||
|
||||
Nodes []SessionRedisHighAvailabilityNode `koanf:"nodes" json:"nodes" jsonschema:"title=Nodes" jsonschema_description:"The pre-populated list of nodes for the sentinel instance"`
|
||||
}
|
||||
|
||||
// SessionRedisHighAvailabilityNode Represents a Node.
|
||||
type SessionRedisHighAvailabilityNode struct {
|
||||
Host string `koanf:"host" json:"host" jsonschema:"title=Host" jsonschema_description:"The redis sentinel node host"`
|
||||
Port int `koanf:"port" json:"port" jsonschema:"default=26379,title=Port" jsonschema_description:"The redis sentinel node port"`
|
||||
AutheliaURL *url.URL `koanf:"authelia_url"`
|
||||
}
|
||||
|
||||
// DefaultSessionConfiguration is the default session configuration.
|
||||
var DefaultSessionConfiguration = Session{
|
||||
SessionCookieCommon: SessionCookieCommon{
|
||||
var DefaultSessionConfiguration = SessionConfiguration{
|
||||
SessionCookieCommonConfiguration: SessionCookieCommonConfiguration{
|
||||
Name: "authelia_session",
|
||||
Expiration: time.Hour,
|
||||
Inactivity: time.Minute * 5,
|
||||
|
@ -81,18 +76,8 @@ var DefaultSessionConfiguration = Session{
|
|||
}
|
||||
|
||||
// DefaultRedisConfiguration is the default redis configuration.
|
||||
var DefaultRedisConfiguration = SessionRedis{
|
||||
Port: 6379,
|
||||
MaximumActiveConnections: 8,
|
||||
TLS: &TLS{
|
||||
MinimumVersion: TLSVersion{Value: tls.VersionTLS12},
|
||||
},
|
||||
}
|
||||
|
||||
// DefaultRedisHighAvailabilityConfiguration is the default redis configuration.
|
||||
var DefaultRedisHighAvailabilityConfiguration = SessionRedis{
|
||||
Port: 26379,
|
||||
TLS: &TLS{
|
||||
var DefaultRedisConfiguration = RedisSessionConfiguration{
|
||||
TLS: &TLSConfig{
|
||||
MinimumVersion: TLSVersion{Value: tls.VersionTLS12},
|
||||
},
|
||||
}
|
||||
|
|
|
@ -4,36 +4,42 @@ import (
|
|||
"time"
|
||||
)
|
||||
|
||||
// TLS is a representation of the TLS configuration.
|
||||
type TLS struct {
|
||||
MinimumVersion TLSVersion `koanf:"minimum_version" json:"minimum_version" jsonschema:"default=TLS1.2,title=Minimum Version" jsonschema_description:"The minimum TLS version accepted"`
|
||||
MaximumVersion TLSVersion `koanf:"maximum_version" json:"maximum_version" jsonschema:"default=TLS1.3,title=Maximum Version" jsonschema_description:"The maximum TLS version accepted"`
|
||||
// TLSConfig is a representation of the TLS configuration.
|
||||
type TLSConfig struct {
|
||||
MinimumVersion TLSVersion `koanf:"minimum_version"`
|
||||
MaximumVersion TLSVersion `koanf:"maximum_version"`
|
||||
|
||||
SkipVerify bool `koanf:"skip_verify" json:"skip_verify" jsonschema:"default=false,title=Skip Verify" jsonschema_description:"Disable all verification of the TLS properties"`
|
||||
ServerName string `koanf:"server_name" json:"server_name" jsonschema:"format=hostname,title=Server Name" jsonschema_description:"The expected server name to match the certificate against"`
|
||||
SkipVerify bool `koanf:"skip_verify"`
|
||||
ServerName string `koanf:"server_name"`
|
||||
|
||||
PrivateKey CryptographicPrivateKey `koanf:"private_key" json:"private_key" jsonschema:"title=Private Key" jsonschema_description:"The private key"`
|
||||
CertificateChain X509CertificateChain `koanf:"certificate_chain" json:"certificate_chain" jsonschema:"title=Certificate Chain" jsonschema_description:"The certificate chain"`
|
||||
PrivateKey CryptographicPrivateKey `koanf:"private_key"`
|
||||
CertificateChain X509CertificateChain `koanf:"certificate_chain"`
|
||||
}
|
||||
|
||||
// TLSCertificateConfig is a representation of the TLS Certificate configuration.
|
||||
type TLSCertificateConfig struct {
|
||||
Key CryptographicPrivateKey `koanf:"key"`
|
||||
CertificateChain X509CertificateChain `koanf:"certificate_chain"`
|
||||
}
|
||||
|
||||
// ServerTimeouts represents server timeout configurations.
|
||||
type ServerTimeouts struct {
|
||||
Read time.Duration `koanf:"read" json:"read" jsonschema:"default=6 seconds,title=Read" jsonschema_description:"The read timeout"`
|
||||
Write time.Duration `koanf:"write" json:"write" jsonschema:"default=6 seconds,title=Write" jsonschema_description:"The write timeout"`
|
||||
Idle time.Duration `koanf:"idle" json:"idle" jsonschema:"default=30 seconds,title=Idle" jsonschema_description:"The idle timeout"`
|
||||
Read time.Duration `koanf:"read"`
|
||||
Write time.Duration `koanf:"write"`
|
||||
Idle time.Duration `koanf:"idle"`
|
||||
}
|
||||
|
||||
// ServerBuffers represents server buffer configurations.
|
||||
type ServerBuffers struct {
|
||||
Read int `koanf:"read" json:"read" jsonschema:"default=4096,title=Read" jsonschema_description:"The read buffer size"`
|
||||
Write int `koanf:"write" json:"write" jsonschema:"default=4096,title=Write" jsonschema_description:"The write buffer size"`
|
||||
Read int `koanf:"read"`
|
||||
Write int `koanf:"write"`
|
||||
}
|
||||
|
||||
// JWK represents a JWK.
|
||||
type JWK struct {
|
||||
KeyID string `koanf:"key_id" json:"key_id" jsonschema:"maxLength=100,title=Key ID" jsonschema_description:"The ID of this JWK"`
|
||||
Use string `koanf:"use" json:"use" jsonschema:"default=sig,enum=sig,title=Use" jsonschema_description:"The Use of this JWK"`
|
||||
Algorithm string `koanf:"algorithm" json:"algorithm" jsonschema:"enum=HS256,enum=HS384,enum=HS512,enum=RS256,enum=RS384,enum=RS512,enum=ES256,enum=ES384,enum=ES512,enum=PS256,enum=PS384,enum=PS512,title=Algorithm" jsonschema_description:"The Algorithm of this JWK"`
|
||||
Key CryptographicKey `koanf:"key" json:"key" jsonschema_description:"The Private/Public key material of this JWK in Base64 PEM format"`
|
||||
CertificateChain X509CertificateChain `koanf:"certificate_chain" json:"certificate_chain" jsonschema:"title=Certificate Chain" jsonschema_description:"The optional associated certificate which matches the Key public key portion for this JWK"`
|
||||
KeyID string `koanf:"key_id"`
|
||||
Use string `koanf:"use"`
|
||||
Algorithm string `koanf:"algorithm"`
|
||||
Key CryptographicKey `koanf:"key"`
|
||||
CertificateChain X509CertificateChain `koanf:"certificate_chain"`
|
||||
}
|
||||
|
|
|
@ -6,83 +6,82 @@ import (
|
|||
"time"
|
||||
)
|
||||
|
||||
// Storage represents the configuration of the storage backend.
|
||||
type Storage struct {
|
||||
Local *StorageLocal `koanf:"local" json:"local" jsonschema:"title=Local" jsonschema_description:"The Local SQLite3 Storage configuration settings"`
|
||||
MySQL *StorageMySQL `koanf:"mysql" json:"mysql" jsonschema:"title=MySQL" jsonschema_description:"The MySQL/MariaDB Storage configuration settings"`
|
||||
PostgreSQL *StoragePostgreSQL `koanf:"postgres" json:"postgres" jsonschema:"title=PostgreSQL" jsonschema_description:"The PostgreSQL Storage configuration settings"`
|
||||
|
||||
EncryptionKey string `koanf:"encryption_key" json:"encryption_key" jsonschema:"title=Encryption Key" jsonschema_description:"The Storage Encryption Key used to secure security sensitive values in the storage engine"`
|
||||
// LocalStorageConfiguration represents the configuration when using local storage.
|
||||
type LocalStorageConfiguration struct {
|
||||
Path string `koanf:"path"`
|
||||
}
|
||||
|
||||
// StorageLocal represents the configuration when using local storage.
|
||||
type StorageLocal struct {
|
||||
Path string `koanf:"path" json:"path" jsonschema:"title=Path" jsonschema_description:"The Path for the SQLite3 database file"`
|
||||
}
|
||||
|
||||
// StorageSQL represents the configuration of the SQL database.
|
||||
type StorageSQL struct {
|
||||
Address *AddressTCP `koanf:"address" json:"address" jsonschema:"title=Address" jsonschema_description:"The address of the database"`
|
||||
Database string `koanf:"database" json:"database" jsonschema:"title=Database" jsonschema_description:"The database name to use upon a successful connection"`
|
||||
Username string `koanf:"username" json:"username" jsonschema:"title=Username" jsonschema_description:"The username to use to authenticate"`
|
||||
Password string `koanf:"password" json:"password" jsonschema:"title=Password" jsonschema_description:"The password to use to authenticate"`
|
||||
Timeout time.Duration `koanf:"timeout" json:"timeout" jsonschema:"default=5 seconds,title=Timeout" jsonschema_description:"The timeout for the database connection"`
|
||||
// SQLStorageConfiguration represents the configuration of the SQL database.
|
||||
type SQLStorageConfiguration struct {
|
||||
Address *AddressTCP `koanf:"address"`
|
||||
Database string `koanf:"database"`
|
||||
Username string `koanf:"username"`
|
||||
Password string `koanf:"password"`
|
||||
Timeout time.Duration `koanf:"timeout"`
|
||||
|
||||
// Deprecated: use address instead.
|
||||
Host string `koanf:"host" json:"host" jsonschema:"deprecated"`
|
||||
Host string `koanf:"host"`
|
||||
|
||||
// Deprecated: use address instead.
|
||||
Port int `koanf:"port" json:"port" jsonschema:"deprecated"`
|
||||
Port int `koanf:"port"`
|
||||
}
|
||||
|
||||
// StorageMySQL represents the configuration of a MySQL database.
|
||||
type StorageMySQL struct {
|
||||
StorageSQL `koanf:",squash"`
|
||||
// MySQLStorageConfiguration represents the configuration of a MySQL database.
|
||||
type MySQLStorageConfiguration struct {
|
||||
SQLStorageConfiguration `koanf:",squash"`
|
||||
|
||||
TLS *TLS `koanf:"tls" json:"tls"`
|
||||
TLS *TLSConfig `koanf:"tls"`
|
||||
}
|
||||
|
||||
// StoragePostgreSQL represents the configuration of a PostgreSQL database.
|
||||
type StoragePostgreSQL struct {
|
||||
StorageSQL `koanf:",squash"`
|
||||
Schema string `koanf:"schema" json:"schema" jsonschema:"default=public"`
|
||||
// PostgreSQLStorageConfiguration represents the configuration of a PostgreSQL database.
|
||||
type PostgreSQLStorageConfiguration struct {
|
||||
SQLStorageConfiguration `koanf:",squash"`
|
||||
Schema string `koanf:"schema"`
|
||||
|
||||
TLS *TLS `koanf:"tls" json:"tls"`
|
||||
TLS *TLSConfig `koanf:"tls"`
|
||||
|
||||
// Deprecated: Use the TLS configuration instead.
|
||||
SSL *StoragePostgreSQLSSL `koanf:"ssl" json:"ssl" jsonschema:"deprecated"`
|
||||
SSL *PostgreSQLSSLStorageConfiguration `koanf:"ssl"`
|
||||
}
|
||||
|
||||
// StoragePostgreSQLSSL represents the SSL configuration of a PostgreSQL database.
|
||||
type StoragePostgreSQLSSL struct {
|
||||
Mode string `koanf:"mode" json:"mode" jsonschema:"deprecated"`
|
||||
RootCertificate string `koanf:"root_certificate" json:"root_certificate" jsonschema:"deprecated"`
|
||||
Certificate string `koanf:"certificate" json:"certificate" jsonschema:"deprecated"`
|
||||
Key string `koanf:"key" json:"key"`
|
||||
// PostgreSQLSSLStorageConfiguration represents the SSL configuration of a PostgreSQL database.
|
||||
type PostgreSQLSSLStorageConfiguration struct {
|
||||
Mode string `koanf:"mode"`
|
||||
RootCertificate string `koanf:"root_certificate"`
|
||||
Certificate string `koanf:"certificate"`
|
||||
Key string `koanf:"key"`
|
||||
}
|
||||
|
||||
// StorageConfiguration represents the configuration of the storage backend.
|
||||
type StorageConfiguration struct {
|
||||
Local *LocalStorageConfiguration `koanf:"local"`
|
||||
MySQL *MySQLStorageConfiguration `koanf:"mysql"`
|
||||
PostgreSQL *PostgreSQLStorageConfiguration `koanf:"postgres"`
|
||||
|
||||
EncryptionKey string `koanf:"encryption_key"`
|
||||
}
|
||||
|
||||
// DefaultSQLStorageConfiguration represents the default SQL configuration.
|
||||
var DefaultSQLStorageConfiguration = StorageSQL{
|
||||
var DefaultSQLStorageConfiguration = SQLStorageConfiguration{
|
||||
Timeout: 5 * time.Second,
|
||||
}
|
||||
|
||||
// DefaultMySQLStorageConfiguration represents the default MySQL configuration.
|
||||
var DefaultMySQLStorageConfiguration = StorageMySQL{
|
||||
TLS: &TLS{
|
||||
var DefaultMySQLStorageConfiguration = MySQLStorageConfiguration{
|
||||
TLS: &TLSConfig{
|
||||
MinimumVersion: TLSVersion{tls.VersionTLS12},
|
||||
},
|
||||
}
|
||||
|
||||
// DefaultPostgreSQLStorageConfiguration represents the default PostgreSQL configuration.
|
||||
var DefaultPostgreSQLStorageConfiguration = StoragePostgreSQL{
|
||||
StorageSQL: StorageSQL{
|
||||
var DefaultPostgreSQLStorageConfiguration = PostgreSQLStorageConfiguration{
|
||||
SQLStorageConfiguration: SQLStorageConfiguration{
|
||||
Address: &AddressTCP{Address{true, false, -1, 5432, &url.URL{Scheme: AddressSchemeTCP, Host: "localhost:5432"}}},
|
||||
},
|
||||
Schema: "public",
|
||||
TLS: &TLS{
|
||||
TLS: &TLSConfig{
|
||||
MinimumVersion: TLSVersion{tls.VersionTLS12},
|
||||
},
|
||||
SSL: &StoragePostgreSQLSSL{
|
||||
SSL: &PostgreSQLSSLStorageConfiguration{
|
||||
Mode: "disable",
|
||||
},
|
||||
}
|
||||
|
|
|
@ -5,23 +5,22 @@ import (
|
|||
"time"
|
||||
)
|
||||
|
||||
// Telemetry represents the telemetry config.
|
||||
type Telemetry struct {
|
||||
Metrics TelemetryMetrics `koanf:"metrics" json:"metrics" jsonschema:"title=Metrics" jsonschema_description:"The telemetry metrics server configuration"`
|
||||
// TelemetryConfig represents the telemetry config.
|
||||
type TelemetryConfig struct {
|
||||
Metrics TelemetryMetricsConfig `koanf:"metrics"`
|
||||
}
|
||||
|
||||
// TelemetryMetrics represents the telemetry metrics config.
|
||||
type TelemetryMetrics struct {
|
||||
Enabled bool `koanf:"enabled" json:"enabled" jsonschema:"default=false,title=Enabled" jsonschema_description:"Enables the metrics server"`
|
||||
Address *AddressTCP `koanf:"address" json:"address" jsonschema:"default=tcp://:9959/,title=Address" jsonschema_description:"The address for the metrics server to listen on"`
|
||||
|
||||
Buffers ServerBuffers `koanf:"buffers" json:"buffers" jsonschema:"title=Buffers" jsonschema_description:"The server buffers configuration for the metrics server"`
|
||||
Timeouts ServerTimeouts `koanf:"timeouts" json:"timeouts" jsonschema:"title=Timeouts" jsonschema_description:"The server timeouts configuration for the metrics server"`
|
||||
// TelemetryMetricsConfig represents the telemetry metrics config.
|
||||
type TelemetryMetricsConfig struct {
|
||||
Enabled bool `koanf:"enabled"`
|
||||
Address *AddressTCP `koanf:"address"`
|
||||
Buffers ServerBuffers `koanf:"buffers"`
|
||||
Timeouts ServerTimeouts `koanf:"timeouts"`
|
||||
}
|
||||
|
||||
// DefaultTelemetryConfig is the default telemetry configuration.
|
||||
var DefaultTelemetryConfig = Telemetry{
|
||||
Metrics: TelemetryMetrics{
|
||||
var DefaultTelemetryConfig = TelemetryConfig{
|
||||
Metrics: TelemetryMetricsConfig{
|
||||
Address: &AddressTCP{Address{true, false, -1, 9959, &url.URL{Scheme: AddressSchemeTCP, Host: ":9959", Path: "/metrics"}}},
|
||||
Buffers: ServerBuffers{
|
||||
Read: 4096,
|
||||
|
|
|
@ -1,20 +1,20 @@
|
|||
package schema
|
||||
|
||||
// TOTP represents the configuration related to TOTP options.
|
||||
type TOTP struct {
|
||||
Disable bool `koanf:"disable" json:"disable" jsonschema:"default=false,title=Disable" jsonschema_description:"Disables the TOTP 2FA functionality"`
|
||||
Issuer string `koanf:"issuer" json:"issuer" jsonschema:"default=Authelia,title=Issuer" jsonschema_description:"The issuer value for generated TOTP keys"`
|
||||
Algorithm string `koanf:"algorithm" json:"algorithm" jsonschema:"default=SHA1,enum=SHA1,enum=SHA256,enum=SHA512,title=Algorithm" jsonschema_description:"The algorithm value for generated TOTP keys"`
|
||||
Digits uint `koanf:"digits" json:"digits" jsonschema:"default=6,enum=6,enum=8,title=Digits" jsonschema_description:"The digits value for generated TOTP keys"`
|
||||
Period uint `koanf:"period" json:"period" jsonschema:"default=30,title=Period" jsonschema_description:"The period value for generated TOTP keys"`
|
||||
Skew *uint `koanf:"skew" json:"skew" jsonschema:"default=1,title=Skew" jsonschema_description:"The permitted skew for generated TOTP keys"`
|
||||
SecretSize uint `koanf:"secret_size" json:"secret_size" jsonschema:"default=32,minimum=20,title=Secret Size" jsonschema_description:"The secret size for generated TOTP keys"`
|
||||
// TOTPConfiguration represents the configuration related to TOTP options.
|
||||
type TOTPConfiguration struct {
|
||||
Disable bool `koanf:"disable"`
|
||||
Issuer string `koanf:"issuer"`
|
||||
Algorithm string `koanf:"algorithm"`
|
||||
Digits uint `koanf:"digits"`
|
||||
Period uint `koanf:"period"`
|
||||
Skew *uint `koanf:"skew"`
|
||||
SecretSize uint `koanf:"secret_size"`
|
||||
}
|
||||
|
||||
var defaultOtpSkew = uint(1)
|
||||
|
||||
// DefaultTOTPConfiguration represents default configuration parameters for TOTP generation.
|
||||
var DefaultTOTPConfiguration = TOTP{
|
||||
var DefaultTOTPConfiguration = TOTPConfiguration{
|
||||
Issuer: "Authelia",
|
||||
Algorithm: TOTPAlgorithmSHA1,
|
||||
Digits: 6,
|
||||
|
|
|
@ -10,33 +10,18 @@ import (
|
|||
"crypto/x509"
|
||||
"encoding/pem"
|
||||
"fmt"
|
||||
"regexp"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/authelia/jsonschema"
|
||||
"github.com/go-crypt/crypt"
|
||||
"github.com/go-crypt/crypt/algorithm"
|
||||
"github.com/go-crypt/crypt/algorithm/plaintext"
|
||||
"github.com/valyala/fasthttp"
|
||||
"gopkg.in/yaml.v3"
|
||||
)
|
||||
|
||||
var cdecoder algorithm.DecoderRegister
|
||||
|
||||
// DecodePasswordDigest returns a new PasswordDigest if it can be decoded.
|
||||
func DecodePasswordDigest(encodedDigest string) (digest *PasswordDigest, err error) {
|
||||
var d algorithm.Digest
|
||||
|
||||
if d, err = DecodeAlgorithmDigest(encodedDigest); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return NewPasswordDigest(d), nil
|
||||
}
|
||||
|
||||
// DecodeAlgorithmDigest returns a new algorithm.Digest if it can be decoded.
|
||||
func DecodeAlgorithmDigest(encodedDigest string) (digest algorithm.Digest, err error) {
|
||||
if cdecoder == nil {
|
||||
if cdecoder, err = crypt.NewDefaultDecoder(); err != nil {
|
||||
return nil, fmt.Errorf("failed to initialize decoder: %w", err)
|
||||
|
@ -47,12 +32,13 @@ func DecodeAlgorithmDigest(encodedDigest string) (digest algorithm.Digest, err e
|
|||
}
|
||||
}
|
||||
|
||||
return cdecoder.Decode(encodedDigest)
|
||||
}
|
||||
var d algorithm.Digest
|
||||
|
||||
// NewPasswordDigest returns a new *PasswordDigest from an algorithm.Digest.
|
||||
func NewPasswordDigest(digest algorithm.Digest) *PasswordDigest {
|
||||
return &PasswordDigest{Digest: digest}
|
||||
if d, err = cdecoder.Decode(encodedDigest); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return &PasswordDigest{Digest: d}, nil
|
||||
}
|
||||
|
||||
// PasswordDigest is a configuration type for the crypt.Digest.
|
||||
|
@ -60,14 +46,6 @@ type PasswordDigest struct {
|
|||
algorithm.Digest
|
||||
}
|
||||
|
||||
// JSONSchema returns the JSON Schema information for the PasswordDigest type.
|
||||
func (PasswordDigest) JSONSchema() *jsonschema.Schema {
|
||||
return &jsonschema.Schema{
|
||||
Type: "string",
|
||||
Pattern: `^\$((argon2(id|i|d)\$v=19\$m=\d+,t=\d+,p=\d+|scrypt\$ln=\d+,r=\d+,p=\d+)\$[a-zA-Z0-9\/+]+\$[a-zA-Z0-9\/+]+|pbkdf2(-sha(224|256|384|512))?\$\d+\$[a-zA-Z0-9\/.]+\$[a-zA-Z0-9\/.]+|bcrypt-sha256\$v=2,t=2b,r=\d+\$[a-zA-Z0-9\/.]+\$[a-zA-Z0-9\/.]+|2(a|b|y)?\$\d+\$[a-zA-Z0-9.\/]+|(5|6)\$rounds=\d+\$[a-zA-Z0-9.\/]+\$[a-zA-Z0-9.\/]+|plaintext\$.+|base64\$[a-zA-Z0-9.=\/]+)$`,
|
||||
}
|
||||
}
|
||||
|
||||
// IsPlainText returns true if the underlying algorithm.Digest is a *plaintext.Digest.
|
||||
func (d *PasswordDigest) IsPlainText() bool {
|
||||
if d == nil || d.Digest == nil {
|
||||
|
@ -82,20 +60,6 @@ func (d *PasswordDigest) IsPlainText() bool {
|
|||
}
|
||||
}
|
||||
|
||||
func (d *PasswordDigest) UnmarshalYAML(value *yaml.Node) (err error) {
|
||||
digestRaw := ""
|
||||
|
||||
if err = value.Decode(&digestRaw); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if d.Digest, err = DecodeAlgorithmDigest(digestRaw); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// NewX509CertificateChain creates a new *X509CertificateChain from a given string, parsing each PEM block one by one.
|
||||
func NewX509CertificateChain(in string) (chain *X509CertificateChain, err error) {
|
||||
if in == "" {
|
||||
|
@ -166,19 +130,6 @@ type TLSVersion struct {
|
|||
Value uint16
|
||||
}
|
||||
|
||||
// JSONSchema returns the JSON Schema information for the TLSVersion type.
|
||||
func (TLSVersion) JSONSchema() *jsonschema.Schema {
|
||||
return &jsonschema.Schema{
|
||||
Type: "string",
|
||||
Enum: []any{
|
||||
"TLS1.0",
|
||||
"TLS1.1",
|
||||
"TLS1.2",
|
||||
"TLS1.3",
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
// MaxVersion returns the value of this as a MaxVersion value.
|
||||
func (v *TLSVersion) MaxVersion() uint16 {
|
||||
if v.Value == 0 {
|
||||
|
@ -229,14 +180,6 @@ type X509CertificateChain struct {
|
|||
certs []*x509.Certificate
|
||||
}
|
||||
|
||||
// JSONSchema returns the JSON Schema information for the X509CertificateChain type.
|
||||
func (X509CertificateChain) JSONSchema() *jsonschema.Schema {
|
||||
return &jsonschema.Schema{
|
||||
Type: "string",
|
||||
Pattern: `^(-{5}BEGIN CERTIFICATE-{5}\n([a-zA-Z0-9/+]{1,64}\n)+([a-zA-Z0-9/+]{1,64}[=]{0,2})\n-{5}END CERTIFICATE-{5}\n?)+$`,
|
||||
}
|
||||
}
|
||||
|
||||
// Thumbprint returns the Thumbprint for the first certificate.
|
||||
func (c *X509CertificateChain) Thumbprint(hash crypto.Hash) []byte {
|
||||
if len(c.certs) == 0 {
|
||||
|
@ -387,160 +330,3 @@ func (c *X509CertificateChain) Validate() (err error) {
|
|||
|
||||
return nil
|
||||
}
|
||||
|
||||
type AccessControlRuleNetworks []string
|
||||
|
||||
func (AccessControlRuleNetworks) JSONSchema() *jsonschema.Schema {
|
||||
return &jsonschemaWeakStringUniqueSlice
|
||||
}
|
||||
|
||||
type IdentityProvidersOpenIDConnectClientRedirectURIs []string
|
||||
|
||||
func (IdentityProvidersOpenIDConnectClientRedirectURIs) JSONSchema() *jsonschema.Schema {
|
||||
return &jsonschema.Schema{
|
||||
OneOf: []*jsonschema.Schema{
|
||||
&jsonschemaURI,
|
||||
{
|
||||
Type: "array",
|
||||
Items: &jsonschemaURI,
|
||||
UniqueItems: true,
|
||||
},
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
// AccessControlNetworkNetworks represents the ACL AccessControlNetworkNetworks type.
|
||||
type AccessControlNetworkNetworks []string
|
||||
|
||||
func (AccessControlNetworkNetworks) JSONSchema() *jsonschema.Schema {
|
||||
return &jsonschema.Schema{
|
||||
OneOf: []*jsonschema.Schema{
|
||||
&jsonschemaACLNetwork,
|
||||
{
|
||||
Type: "array",
|
||||
Items: &jsonschemaACLNetwork,
|
||||
UniqueItems: true,
|
||||
},
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
type AccessControlRuleDomains []string
|
||||
|
||||
func (AccessControlRuleDomains) JSONSchema() *jsonschema.Schema {
|
||||
return &jsonschemaWeakStringUniqueSlice
|
||||
}
|
||||
|
||||
type AccessControlRuleMethods []string
|
||||
|
||||
func (AccessControlRuleMethods) JSONSchema() *jsonschema.Schema {
|
||||
return &jsonschema.Schema{
|
||||
OneOf: []*jsonschema.Schema{
|
||||
&jsonschemaACLMethod,
|
||||
{
|
||||
Type: "array",
|
||||
Items: &jsonschemaACLMethod,
|
||||
UniqueItems: true,
|
||||
},
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
// AccessControlRuleRegex represents the ACL AccessControlRuleSubjects type.
|
||||
type AccessControlRuleRegex []regexp.Regexp
|
||||
|
||||
func (AccessControlRuleRegex) JSONSchema() *jsonschema.Schema {
|
||||
return &jsonschema.Schema{
|
||||
OneOf: []*jsonschema.Schema{
|
||||
{
|
||||
Type: "string",
|
||||
Format: "regex",
|
||||
},
|
||||
{
|
||||
Type: "array",
|
||||
Items: &jsonschema.Schema{
|
||||
Type: "string",
|
||||
Format: "regex",
|
||||
},
|
||||
UniqueItems: true,
|
||||
},
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
// AccessControlRuleSubjects represents the ACL AccessControlRuleSubjects type.
|
||||
type AccessControlRuleSubjects [][]string
|
||||
|
||||
func (AccessControlRuleSubjects) JSONSchema() *jsonschema.Schema {
|
||||
return &jsonschema.Schema{
|
||||
OneOf: []*jsonschema.Schema{
|
||||
&jsonschemaACLSubject,
|
||||
{
|
||||
Type: "array",
|
||||
Items: &jsonschemaACLSubject,
|
||||
},
|
||||
{
|
||||
Type: "array",
|
||||
Items: &jsonschema.Schema{
|
||||
Type: "array",
|
||||
Items: &jsonschemaACLSubject,
|
||||
},
|
||||
UniqueItems: true,
|
||||
},
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
type CSPTemplate string
|
||||
|
||||
var jsonschemaURI = jsonschema.Schema{
|
||||
Type: "string",
|
||||
Format: "uri",
|
||||
}
|
||||
|
||||
var jsonschemaWeakStringUniqueSlice = jsonschema.Schema{
|
||||
OneOf: []*jsonschema.Schema{
|
||||
{
|
||||
Type: "string",
|
||||
},
|
||||
{
|
||||
Type: "array",
|
||||
Items: &jsonschema.Schema{
|
||||
Type: "string",
|
||||
},
|
||||
UniqueItems: true,
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
var jsonschemaACLNetwork = jsonschema.Schema{
|
||||
Type: "string",
|
||||
Pattern: `((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))(\/([0-2]?[0-9]|3[0-2]))?$)|(^((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))?(\/(12[0-8]|1[0-1][0-9]|[0-9]{1,2}))?$))`,
|
||||
}
|
||||
|
||||
var jsonschemaACLSubject = jsonschema.Schema{
|
||||
Type: "string",
|
||||
Pattern: "^(user|group):.+$",
|
||||
}
|
||||
|
||||
var jsonschemaACLMethod = jsonschema.Schema{
|
||||
Type: "string",
|
||||
Enum: []any{
|
||||
fasthttp.MethodGet,
|
||||
fasthttp.MethodHead,
|
||||
fasthttp.MethodPost,
|
||||
fasthttp.MethodPut,
|
||||
fasthttp.MethodPatch,
|
||||
fasthttp.MethodDelete,
|
||||
fasthttp.MethodTrace,
|
||||
fasthttp.MethodConnect,
|
||||
fasthttp.MethodOptions,
|
||||
"COPY",
|
||||
"LOCK",
|
||||
"MKCOL",
|
||||
"MOVE",
|
||||
"PROPFIND",
|
||||
"PROPPATCH",
|
||||
"UNLOCK",
|
||||
},
|
||||
}
|
||||
|
|
|
@ -6,8 +6,6 @@ import (
|
|||
"net/url"
|
||||
"strconv"
|
||||
"strings"
|
||||
|
||||
"github.com/authelia/jsonschema"
|
||||
)
|
||||
|
||||
// NewAddress returns an *Address and error depending on the ability to parse the string as an Address.
|
||||
|
@ -131,53 +129,21 @@ type AddressTCP struct {
|
|||
Address
|
||||
}
|
||||
|
||||
func (AddressTCP) JSONSchema() *jsonschema.Schema {
|
||||
return &jsonschema.Schema{
|
||||
Type: "string",
|
||||
Format: "uri",
|
||||
Pattern: `^((tcp(4|6)?:\/\/)?([^:\/]*(:\d+)|[^:\/]+(:\d+)?)(\/.*)?|unix:\/\/\/[^?\n]+(\?umask=[0-7]{3,4})?)$`,
|
||||
}
|
||||
}
|
||||
|
||||
// AddressUDP is just a type with an underlying type of Address.
|
||||
type AddressUDP struct {
|
||||
Address
|
||||
}
|
||||
|
||||
func (AddressUDP) JSONSchema() *jsonschema.Schema {
|
||||
return &jsonschema.Schema{
|
||||
Type: "string",
|
||||
Format: "uri",
|
||||
Pattern: `^(udp(4|6)?:\/\/)?([^:\/]*(:\d+)|[^:\/]+(:\d+)?)(\/.*)?$`,
|
||||
}
|
||||
}
|
||||
|
||||
// AddressLDAP is just a type with an underlying type of Address.
|
||||
type AddressLDAP struct {
|
||||
Address
|
||||
}
|
||||
|
||||
func (AddressLDAP) JSONSchema() *jsonschema.Schema {
|
||||
return &jsonschema.Schema{
|
||||
Type: "string",
|
||||
Format: "uri",
|
||||
Pattern: `^((ldaps?:\/\/)?([^:\/]*(:\d+)|[^:\/]+(:\d+)?)?|ldapi:\/\/(\/[^?\n]+)?)$`,
|
||||
}
|
||||
}
|
||||
|
||||
// AddressSMTP is just a type with an underlying type of Address.
|
||||
type AddressSMTP struct {
|
||||
Address
|
||||
}
|
||||
|
||||
func (AddressSMTP) JSONSchema() *jsonschema.Schema {
|
||||
return &jsonschema.Schema{
|
||||
Type: "string",
|
||||
Format: "uri",
|
||||
Pattern: `^((smtp|submissions?):\/\/)?([^:\/]*(:\d+)|[^:\/]+(:\d+)?)?$`,
|
||||
}
|
||||
}
|
||||
|
||||
// Address represents an address.
|
||||
type Address struct {
|
||||
valid bool
|
||||
|
@ -188,15 +154,6 @@ type Address struct {
|
|||
url *url.URL
|
||||
}
|
||||
|
||||
// JSONSchema returns the appropriate jsonsch ema for this type.
|
||||
func (Address) JSONSchema() *jsonschema.Schema {
|
||||
return &jsonschema.Schema{
|
||||
Type: "string",
|
||||
Format: "uri",
|
||||
Pattern: `^((unix:\/\/)?\/[^?\n]+(\?umask=[0-7]{3,4})?|ldapi:\/\/(\/[^?\n]+)?|(((tcp|udp)(4|6)?|ldaps?|smtp|submissions?):\/\/)?[^:\/]*(:\d+)?(\/.*)?)$`,
|
||||
}
|
||||
}
|
||||
|
||||
// Valid returns true if the Address is valid.
|
||||
func (a *Address) Valid() bool {
|
||||
return a.valid
|
||||
|
|
|
@ -6,19 +6,19 @@ import (
|
|||
"github.com/go-webauthn/webauthn/protocol"
|
||||
)
|
||||
|
||||
// WebAuthn represents the webauthn config.
|
||||
type WebAuthn struct {
|
||||
Disable bool `koanf:"disable" json:"disable" jsonschema:"default=false,title=Disable" jsonschema_description:"Disables the WebAuthn 2FA functionality"`
|
||||
DisplayName string `koanf:"display_name" json:"display_name" jsonschema:"default=Authelia,title=Display Name" jsonschema_description:"The display name attribute for the WebAuthn relying party"`
|
||||
// WebAuthnConfiguration represents the webauthn config.
|
||||
type WebAuthnConfiguration struct {
|
||||
Disable bool `koanf:"disable"`
|
||||
DisplayName string `koanf:"display_name"`
|
||||
|
||||
ConveyancePreference protocol.ConveyancePreference `koanf:"attestation_conveyance_preference" json:"attestation_conveyance_preference" jsonschema:"default=indirect,enum=none,enum=indirect,enum=direct,title=Conveyance Preference" jsonschema_description:"The default conveyance preference for all WebAuthn credentials"`
|
||||
UserVerification protocol.UserVerificationRequirement `koanf:"user_verification" json:"user_verification" jsonschema:"default=preferred,enum=discouraged,enum=preferred,enum=required,title=User Verification" jsonschema_description:"The default user verification preference for all WebAuthn credentials"`
|
||||
ConveyancePreference protocol.ConveyancePreference `koanf:"attestation_conveyance_preference"`
|
||||
UserVerification protocol.UserVerificationRequirement `koanf:"user_verification"`
|
||||
|
||||
Timeout time.Duration `koanf:"timeout" json:"timeout" jsonschema:"default=60 seconds,title=Timeout" jsonschema_description:"The default timeout for all WebAuthn ceremonies"`
|
||||
Timeout time.Duration `koanf:"timeout"`
|
||||
}
|
||||
|
||||
// DefaultWebAuthnConfiguration describes the default values for the WebAuthn.
|
||||
var DefaultWebAuthnConfiguration = WebAuthn{
|
||||
// DefaultWebAuthnConfiguration describes the default values for the WebAuthnConfiguration.
|
||||
var DefaultWebAuthnConfiguration = WebAuthnConfiguration{
|
||||
DisplayName: "Authelia",
|
||||
Timeout: time.Second * 60,
|
||||
|
||||
|
|
|
@ -22,7 +22,7 @@ func IsSubjectValid(subject string) (isValid bool) {
|
|||
}
|
||||
|
||||
// IsNetworkGroupValid check if a network group is valid.
|
||||
func IsNetworkGroupValid(config schema.AccessControl, network string) bool {
|
||||
func IsNetworkGroupValid(config schema.AccessControlConfiguration, network string) bool {
|
||||
for _, networks := range config.Networks {
|
||||
if network != networks.Name {
|
||||
continue
|
||||
|
@ -44,7 +44,7 @@ func IsNetworkValid(network string) (isValid bool) {
|
|||
return true
|
||||
}
|
||||
|
||||
func ruleDescriptor(position int, rule schema.AccessControlRule) string {
|
||||
func ruleDescriptor(position int, rule schema.ACLRule) string {
|
||||
if len(rule.Domains) == 0 {
|
||||
return fmt.Sprintf("#%d", position)
|
||||
}
|
||||
|
@ -115,7 +115,7 @@ func ValidateRules(config *schema.Configuration, validator *schema.StructValidat
|
|||
}
|
||||
}
|
||||
|
||||
func validateBypass(rulePosition int, rule schema.AccessControlRule, validator *schema.StructValidator) {
|
||||
func validateBypass(rulePosition int, rule schema.ACLRule, validator *schema.StructValidator) {
|
||||
if len(rule.Subjects) != 0 {
|
||||
validator.Push(fmt.Errorf(errAccessControlRuleBypassPolicyInvalidWithSubjects, ruleDescriptor(rulePosition, rule)))
|
||||
}
|
||||
|
@ -128,7 +128,7 @@ func validateBypass(rulePosition int, rule schema.AccessControlRule, validator *
|
|||
}
|
||||
}
|
||||
|
||||
func validateDomains(rulePosition int, rule schema.AccessControlRule, validator *schema.StructValidator) {
|
||||
func validateDomains(rulePosition int, rule schema.ACLRule, validator *schema.StructValidator) {
|
||||
if len(rule.Domains)+len(rule.DomainsRegex) == 0 {
|
||||
validator.Push(fmt.Errorf(errFmtAccessControlRuleNoDomains, ruleDescriptor(rulePosition, rule)))
|
||||
}
|
||||
|
@ -140,7 +140,7 @@ func validateDomains(rulePosition int, rule schema.AccessControlRule, validator
|
|||
}
|
||||
}
|
||||
|
||||
func validateNetworks(rulePosition int, rule schema.AccessControlRule, config schema.AccessControl, validator *schema.StructValidator) {
|
||||
func validateNetworks(rulePosition int, rule schema.ACLRule, config schema.AccessControlConfiguration, validator *schema.StructValidator) {
|
||||
for _, network := range rule.Networks {
|
||||
if !IsNetworkValid(network) {
|
||||
if !IsNetworkGroupValid(config, network) {
|
||||
|
@ -150,7 +150,7 @@ func validateNetworks(rulePosition int, rule schema.AccessControlRule, config sc
|
|||
}
|
||||
}
|
||||
|
||||
func validateSubjects(rulePosition int, rule schema.AccessControlRule, validator *schema.StructValidator) {
|
||||
func validateSubjects(rulePosition int, rule schema.ACLRule, validator *schema.StructValidator) {
|
||||
for _, subjectRule := range rule.Subjects {
|
||||
for _, subject := range subjectRule {
|
||||
if !IsSubjectValid(subject) {
|
||||
|
@ -160,7 +160,7 @@ func validateSubjects(rulePosition int, rule schema.AccessControlRule, validator
|
|||
}
|
||||
}
|
||||
|
||||
func validateMethods(rulePosition int, rule schema.AccessControlRule, validator *schema.StructValidator) {
|
||||
func validateMethods(rulePosition int, rule schema.ACLRule, validator *schema.StructValidator) {
|
||||
invalid, duplicates := validateList(rule.Methods, validACLHTTPMethodVerbs, true)
|
||||
|
||||
if len(invalid) != 0 {
|
||||
|
@ -173,7 +173,7 @@ func validateMethods(rulePosition int, rule schema.AccessControlRule, validator
|
|||
}
|
||||
|
||||
//nolint:gocyclo
|
||||
func validateQuery(i int, rule schema.AccessControlRule, config *schema.Configuration, validator *schema.StructValidator) {
|
||||
func validateQuery(i int, rule schema.ACLRule, config *schema.Configuration, validator *schema.StructValidator) {
|
||||
for j := 0; j < len(config.AccessControl.Rules[i].Query); j++ {
|
||||
for k := 0; k < len(config.AccessControl.Rules[i].Query[j]); k++ {
|
||||
if config.AccessControl.Rules[i].Query[j][k].Operator == "" {
|
||||
|
|
|
@ -21,7 +21,7 @@ type AccessControl struct {
|
|||
func (suite *AccessControl) SetupTest() {
|
||||
suite.validator = schema.NewStructValidator()
|
||||
suite.config = &schema.Configuration{
|
||||
AccessControl: schema.AccessControl{
|
||||
AccessControl: schema.AccessControlConfiguration{
|
||||
DefaultPolicy: policyDeny,
|
||||
|
||||
Networks: schema.DefaultACLNetwork,
|
||||
|
@ -40,7 +40,7 @@ func (suite *AccessControl) TestShouldValidateCompleteConfiguration() {
|
|||
func (suite *AccessControl) TestShouldValidateEitherDomainsOrDomainsRegex() {
|
||||
domainsRegex := regexp.MustCompile(`^abc.example.com$`)
|
||||
|
||||
suite.config.AccessControl.Rules = []schema.AccessControlRule{
|
||||
suite.config.AccessControl.Rules = []schema.ACLRule{
|
||||
{
|
||||
Domains: []string{"abc.example.com"},
|
||||
Policy: "bypass",
|
||||
|
@ -74,7 +74,7 @@ func (suite *AccessControl) TestShouldRaiseErrorInvalidDefaultPolicy() {
|
|||
}
|
||||
|
||||
func (suite *AccessControl) TestShouldRaiseErrorInvalidNetworkGroupNetwork() {
|
||||
suite.config.AccessControl.Networks = []schema.AccessControlNetwork{
|
||||
suite.config.AccessControl.Networks = []schema.ACLNetwork{
|
||||
{
|
||||
Name: "internal",
|
||||
Networks: []string{"abc.def.ghi.jkl"},
|
||||
|
@ -90,7 +90,7 @@ func (suite *AccessControl) TestShouldRaiseErrorInvalidNetworkGroupNetwork() {
|
|||
}
|
||||
|
||||
func (suite *AccessControl) TestShouldRaiseWarningOnBadDomain() {
|
||||
suite.config.AccessControl.Rules = []schema.AccessControlRule{
|
||||
suite.config.AccessControl.Rules = []schema.ACLRule{
|
||||
{
|
||||
Domains: []string{"*example.com"},
|
||||
Policy: "one_factor",
|
||||
|
@ -106,7 +106,7 @@ func (suite *AccessControl) TestShouldRaiseWarningOnBadDomain() {
|
|||
}
|
||||
|
||||
func (suite *AccessControl) TestShouldRaiseErrorWithNoRulesDefined() {
|
||||
suite.config.AccessControl.Rules = []schema.AccessControlRule{}
|
||||
suite.config.AccessControl.Rules = []schema.ACLRule{}
|
||||
|
||||
ValidateRules(suite.config, suite.validator)
|
||||
|
||||
|
@ -117,7 +117,7 @@ func (suite *AccessControl) TestShouldRaiseErrorWithNoRulesDefined() {
|
|||
}
|
||||
|
||||
func (suite *AccessControl) TestShouldRaiseWarningWithNoRulesDefined() {
|
||||
suite.config.AccessControl.Rules = []schema.AccessControlRule{}
|
||||
suite.config.AccessControl.Rules = []schema.ACLRule{}
|
||||
|
||||
suite.config.AccessControl.DefaultPolicy = policyTwoFactor
|
||||
|
||||
|
@ -130,7 +130,7 @@ func (suite *AccessControl) TestShouldRaiseWarningWithNoRulesDefined() {
|
|||
}
|
||||
|
||||
func (suite *AccessControl) TestShouldRaiseErrorsWithEmptyRules() {
|
||||
suite.config.AccessControl.Rules = []schema.AccessControlRule{
|
||||
suite.config.AccessControl.Rules = []schema.ACLRule{
|
||||
{},
|
||||
{
|
||||
Policy: "wrong",
|
||||
|
@ -149,7 +149,7 @@ func (suite *AccessControl) TestShouldRaiseErrorsWithEmptyRules() {
|
|||
}
|
||||
|
||||
func (suite *AccessControl) TestShouldRaiseErrorInvalidPolicy() {
|
||||
suite.config.AccessControl.Rules = []schema.AccessControlRule{
|
||||
suite.config.AccessControl.Rules = []schema.ACLRule{
|
||||
{
|
||||
Domains: []string{"public.example.com"},
|
||||
Policy: testInvalid,
|
||||
|
@ -165,7 +165,7 @@ func (suite *AccessControl) TestShouldRaiseErrorInvalidPolicy() {
|
|||
}
|
||||
|
||||
func (suite *AccessControl) TestShouldRaiseErrorInvalidNetwork() {
|
||||
suite.config.AccessControl.Rules = []schema.AccessControlRule{
|
||||
suite.config.AccessControl.Rules = []schema.ACLRule{
|
||||
{
|
||||
Domains: []string{"public.example.com"},
|
||||
Policy: "bypass",
|
||||
|
@ -182,7 +182,7 @@ func (suite *AccessControl) TestShouldRaiseErrorInvalidNetwork() {
|
|||
}
|
||||
|
||||
func (suite *AccessControl) TestShouldRaiseErrorInvalidMethod() {
|
||||
suite.config.AccessControl.Rules = []schema.AccessControlRule{
|
||||
suite.config.AccessControl.Rules = []schema.ACLRule{
|
||||
{
|
||||
Domains: []string{"public.example.com"},
|
||||
Policy: "bypass",
|
||||
|
@ -199,7 +199,7 @@ func (suite *AccessControl) TestShouldRaiseErrorInvalidMethod() {
|
|||
}
|
||||
|
||||
func (suite *AccessControl) TestShouldRaiseErrorDuplicateMethod() {
|
||||
suite.config.AccessControl.Rules = []schema.AccessControlRule{
|
||||
suite.config.AccessControl.Rules = []schema.ACLRule{
|
||||
{
|
||||
Domains: []string{"public.example.com"},
|
||||
Policy: "bypass",
|
||||
|
@ -218,7 +218,7 @@ func (suite *AccessControl) TestShouldRaiseErrorDuplicateMethod() {
|
|||
func (suite *AccessControl) TestShouldRaiseErrorInvalidSubject() {
|
||||
domains := []string{"public.example.com"}
|
||||
subjects := [][]string{{testInvalid}}
|
||||
suite.config.AccessControl.Rules = []schema.AccessControlRule{
|
||||
suite.config.AccessControl.Rules = []schema.ACLRule{
|
||||
{
|
||||
Domains: domains,
|
||||
Policy: "bypass",
|
||||
|
@ -236,7 +236,7 @@ func (suite *AccessControl) TestShouldRaiseErrorInvalidSubject() {
|
|||
}
|
||||
|
||||
func (suite *AccessControl) TestShouldRaiseErrorBypassWithSubjectDomainRegexGroup() {
|
||||
suite.config.AccessControl.Rules = []schema.AccessControlRule{
|
||||
suite.config.AccessControl.Rules = []schema.ACLRule{
|
||||
{
|
||||
DomainsRegex: MustCompileRegexps([]string{`^(?P<User>\w+)\.example\.com$`}),
|
||||
Policy: "bypass",
|
||||
|
@ -253,11 +253,11 @@ func (suite *AccessControl) TestShouldRaiseErrorBypassWithSubjectDomainRegexGrou
|
|||
|
||||
func (suite *AccessControl) TestShouldSetQueryDefaults() {
|
||||
domains := []string{"public.example.com"}
|
||||
suite.config.AccessControl.Rules = []schema.AccessControlRule{
|
||||
suite.config.AccessControl.Rules = []schema.ACLRule{
|
||||
{
|
||||
Domains: domains,
|
||||
Policy: "bypass",
|
||||
Query: [][]schema.AccessControlRuleQuery{
|
||||
Query: [][]schema.ACLQueryRule{
|
||||
{
|
||||
{Operator: "", Key: "example"},
|
||||
},
|
||||
|
@ -269,7 +269,7 @@ func (suite *AccessControl) TestShouldSetQueryDefaults() {
|
|||
{
|
||||
Domains: domains,
|
||||
Policy: "bypass",
|
||||
Query: [][]schema.AccessControlRuleQuery{
|
||||
Query: [][]schema.ACLQueryRule{
|
||||
{
|
||||
{Operator: "pattern", Key: "a", Value: "^(x|y|z)$"},
|
||||
},
|
||||
|
@ -296,11 +296,11 @@ func (suite *AccessControl) TestShouldSetQueryDefaults() {
|
|||
|
||||
func (suite *AccessControl) TestShouldErrorOnInvalidRulesQuery() {
|
||||
domains := []string{"public.example.com"}
|
||||
suite.config.AccessControl.Rules = []schema.AccessControlRule{
|
||||
suite.config.AccessControl.Rules = []schema.ACLRule{
|
||||
{
|
||||
Domains: domains,
|
||||
Policy: "bypass",
|
||||
Query: [][]schema.AccessControlRuleQuery{
|
||||
Query: [][]schema.ACLQueryRule{
|
||||
{
|
||||
{Operator: "equal", Key: "example"},
|
||||
},
|
||||
|
@ -309,7 +309,7 @@ func (suite *AccessControl) TestShouldErrorOnInvalidRulesQuery() {
|
|||
{
|
||||
Domains: domains,
|
||||
Policy: "bypass",
|
||||
Query: [][]schema.AccessControlRuleQuery{
|
||||
Query: [][]schema.ACLQueryRule{
|
||||
{
|
||||
{Operator: "present"},
|
||||
},
|
||||
|
@ -318,7 +318,7 @@ func (suite *AccessControl) TestShouldErrorOnInvalidRulesQuery() {
|
|||
{
|
||||
Domains: domains,
|
||||
Policy: "bypass",
|
||||
Query: [][]schema.AccessControlRuleQuery{
|
||||
Query: [][]schema.ACLQueryRule{
|
||||
{
|
||||
{Operator: "present", Key: "a"},
|
||||
},
|
||||
|
@ -327,7 +327,7 @@ func (suite *AccessControl) TestShouldErrorOnInvalidRulesQuery() {
|
|||
{
|
||||
Domains: domains,
|
||||
Policy: "bypass",
|
||||
Query: [][]schema.AccessControlRuleQuery{
|
||||
Query: [][]schema.ACLQueryRule{
|
||||
{
|
||||
{Operator: "absent", Key: "a"},
|
||||
},
|
||||
|
@ -336,7 +336,7 @@ func (suite *AccessControl) TestShouldErrorOnInvalidRulesQuery() {
|
|||
{
|
||||
Domains: domains,
|
||||
Policy: "bypass",
|
||||
Query: [][]schema.AccessControlRuleQuery{
|
||||
Query: [][]schema.ACLQueryRule{
|
||||
{
|
||||
{},
|
||||
},
|
||||
|
@ -345,7 +345,7 @@ func (suite *AccessControl) TestShouldErrorOnInvalidRulesQuery() {
|
|||
{
|
||||
Domains: domains,
|
||||
Policy: "bypass",
|
||||
Query: [][]schema.AccessControlRuleQuery{
|
||||
Query: [][]schema.ACLQueryRule{
|
||||
{
|
||||
{Operator: "not", Key: "a", Value: "a"},
|
||||
},
|
||||
|
@ -354,7 +354,7 @@ func (suite *AccessControl) TestShouldErrorOnInvalidRulesQuery() {
|
|||
{
|
||||
Domains: domains,
|
||||
Policy: "bypass",
|
||||
Query: [][]schema.AccessControlRuleQuery{
|
||||
Query: [][]schema.ACLQueryRule{
|
||||
{
|
||||
{Operator: "pattern", Key: "a", Value: "(bad pattern"},
|
||||
},
|
||||
|
@ -363,7 +363,7 @@ func (suite *AccessControl) TestShouldErrorOnInvalidRulesQuery() {
|
|||
{
|
||||
Domains: domains,
|
||||
Policy: "bypass",
|
||||
Query: [][]schema.AccessControlRuleQuery{
|
||||
Query: [][]schema.ACLQueryRule{
|
||||
{
|
||||
{Operator: "present", Key: "a", Value: "not good"},
|
||||
},
|
||||
|
@ -372,7 +372,7 @@ func (suite *AccessControl) TestShouldErrorOnInvalidRulesQuery() {
|
|||
{
|
||||
Domains: domains,
|
||||
Policy: "bypass",
|
||||
Query: [][]schema.AccessControlRuleQuery{
|
||||
Query: [][]schema.ACLQueryRule{
|
||||
{
|
||||
{Operator: "present", Key: "a", Value: 5},
|
||||
},
|
||||
|
@ -399,7 +399,7 @@ func TestAccessControl(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestShouldReturnCorrectResultsForValidNetworkGroups(t *testing.T) {
|
||||
config := schema.AccessControl{
|
||||
config := schema.AccessControlConfiguration{
|
||||
Networks: schema.DefaultACLNetwork,
|
||||
}
|
||||
|
||||
|
|
|
@ -52,7 +52,7 @@ func ValidateAuthenticationBackend(config *schema.AuthenticationBackend, validat
|
|||
}
|
||||
|
||||
// validateFileAuthenticationBackend validates and updates the file authentication backend configuration.
|
||||
func validateFileAuthenticationBackend(config *schema.AuthenticationBackendFile, validator *schema.StructValidator) {
|
||||
func validateFileAuthenticationBackend(config *schema.FileAuthenticationBackend, validator *schema.StructValidator) {
|
||||
if config.Path == "" {
|
||||
validator.Push(fmt.Errorf(errFmtFileAuthBackendPathNotConfigured))
|
||||
}
|
||||
|
@ -61,7 +61,7 @@ func validateFileAuthenticationBackend(config *schema.AuthenticationBackendFile,
|
|||
}
|
||||
|
||||
// ValidatePasswordConfiguration validates the file auth backend password configuration.
|
||||
func ValidatePasswordConfiguration(config *schema.AuthenticationBackendFilePassword, validator *schema.StructValidator) {
|
||||
func ValidatePasswordConfiguration(config *schema.Password, validator *schema.StructValidator) {
|
||||
validateFileAuthenticationBackendPasswordConfigLegacy(config)
|
||||
|
||||
switch {
|
||||
|
@ -81,7 +81,7 @@ func ValidatePasswordConfiguration(config *schema.AuthenticationBackendFilePassw
|
|||
}
|
||||
|
||||
//nolint:gocyclo // Function is well formed.
|
||||
func validateFileAuthenticationBackendPasswordConfigArgon2(config *schema.AuthenticationBackendFilePassword, validator *schema.StructValidator) {
|
||||
func validateFileAuthenticationBackendPasswordConfigArgon2(config *schema.Password, validator *schema.StructValidator) {
|
||||
switch {
|
||||
case config.Argon2.Variant == "":
|
||||
config.Argon2.Variant = schema.DefaultPasswordConfig.Argon2.Variant
|
||||
|
@ -139,7 +139,7 @@ func validateFileAuthenticationBackendPasswordConfigArgon2(config *schema.Authen
|
|||
}
|
||||
}
|
||||
|
||||
func validateFileAuthenticationBackendPasswordConfigSHA2Crypt(config *schema.AuthenticationBackendFilePassword, validator *schema.StructValidator) {
|
||||
func validateFileAuthenticationBackendPasswordConfigSHA2Crypt(config *schema.Password, validator *schema.StructValidator) {
|
||||
switch {
|
||||
case config.SHA2Crypt.Variant == "":
|
||||
config.SHA2Crypt.Variant = schema.DefaultPasswordConfig.SHA2Crypt.Variant
|
||||
|
@ -168,7 +168,7 @@ func validateFileAuthenticationBackendPasswordConfigSHA2Crypt(config *schema.Aut
|
|||
}
|
||||
}
|
||||
|
||||
func validateFileAuthenticationBackendPasswordConfigPBKDF2(config *schema.AuthenticationBackendFilePassword, validator *schema.StructValidator) {
|
||||
func validateFileAuthenticationBackendPasswordConfigPBKDF2(config *schema.Password, validator *schema.StructValidator) {
|
||||
switch {
|
||||
case config.PBKDF2.Variant == "":
|
||||
config.PBKDF2.Variant = schema.DefaultPasswordConfig.PBKDF2.Variant
|
||||
|
@ -197,7 +197,7 @@ func validateFileAuthenticationBackendPasswordConfigPBKDF2(config *schema.Authen
|
|||
}
|
||||
}
|
||||
|
||||
func validateFileAuthenticationBackendPasswordConfigBCrypt(config *schema.AuthenticationBackendFilePassword, validator *schema.StructValidator) {
|
||||
func validateFileAuthenticationBackendPasswordConfigBCrypt(config *schema.Password, validator *schema.StructValidator) {
|
||||
switch {
|
||||
case config.BCrypt.Variant == "":
|
||||
config.BCrypt.Variant = schema.DefaultPasswordConfig.BCrypt.Variant
|
||||
|
@ -218,7 +218,7 @@ func validateFileAuthenticationBackendPasswordConfigBCrypt(config *schema.Authen
|
|||
}
|
||||
|
||||
//nolint:gocyclo
|
||||
func validateFileAuthenticationBackendPasswordConfigSCrypt(config *schema.AuthenticationBackendFilePassword, validator *schema.StructValidator) {
|
||||
func validateFileAuthenticationBackendPasswordConfigSCrypt(config *schema.Password, validator *schema.StructValidator) {
|
||||
switch {
|
||||
case config.SCrypt.Iterations == 0:
|
||||
config.SCrypt.Iterations = schema.DefaultPasswordConfig.SCrypt.Iterations
|
||||
|
@ -265,8 +265,8 @@ func validateFileAuthenticationBackendPasswordConfigSCrypt(config *schema.Authen
|
|||
}
|
||||
}
|
||||
|
||||
//nolint:gocyclo,staticcheck // Function is clear enough and being used for deprecated functionality mapping.
|
||||
func validateFileAuthenticationBackendPasswordConfigLegacy(config *schema.AuthenticationBackendFilePassword) {
|
||||
//nolint:gocyclo // Function is clear enough.
|
||||
func validateFileAuthenticationBackendPasswordConfigLegacy(config *schema.Password) {
|
||||
switch config.Algorithm {
|
||||
case hashLegacySHA512:
|
||||
config.Algorithm = hashSHA2Crypt
|
||||
|
@ -325,7 +325,7 @@ func validateLDAPAuthenticationBackend(config *schema.AuthenticationBackend, val
|
|||
defaultTLS.ServerName = validateLDAPAuthenticationAddress(config.LDAP, validator)
|
||||
|
||||
if config.LDAP.TLS == nil {
|
||||
config.LDAP.TLS = &schema.TLS{}
|
||||
config.LDAP.TLS = &schema.TLSConfig{}
|
||||
}
|
||||
|
||||
if err := ValidateTLSConfig(config.LDAP.TLS, defaultTLS); err != nil {
|
||||
|
@ -347,8 +347,8 @@ func validateLDAPAuthenticationBackend(config *schema.AuthenticationBackend, val
|
|||
validateLDAPRequiredParameters(config, validator)
|
||||
}
|
||||
|
||||
func validateLDAPAuthenticationBackendImplementation(config *schema.AuthenticationBackend, validator *schema.StructValidator) *schema.TLS {
|
||||
var implementation *schema.AuthenticationBackendLDAP
|
||||
func validateLDAPAuthenticationBackendImplementation(config *schema.AuthenticationBackend, validator *schema.StructValidator) *schema.TLSConfig {
|
||||
var implementation *schema.LDAPAuthenticationBackend
|
||||
|
||||
switch config.LDAP.Implementation {
|
||||
case schema.LDAPImplementationCustom:
|
||||
|
@ -367,14 +367,14 @@ func validateLDAPAuthenticationBackendImplementation(config *schema.Authenticati
|
|||
validator.Push(fmt.Errorf(errFmtLDAPAuthBackendOptionMustBeOneOf, "implementation", strJoinOr(validLDAPImplementations), config.LDAP.Implementation))
|
||||
}
|
||||
|
||||
tlsconfig := &schema.TLS{}
|
||||
tlsconfig := &schema.TLSConfig{}
|
||||
|
||||
if implementation != nil {
|
||||
if config.LDAP.Timeout == 0 {
|
||||
config.LDAP.Timeout = implementation.Timeout
|
||||
}
|
||||
|
||||
tlsconfig = &schema.TLS{
|
||||
tlsconfig = &schema.TLSConfig{
|
||||
MinimumVersion: implementation.TLS.MinimumVersion,
|
||||
MaximumVersion: implementation.TLS.MaximumVersion,
|
||||
}
|
||||
|
@ -389,7 +389,7 @@ func ldapImplementationShouldSetStr(config, implementation string) bool {
|
|||
return config == "" && implementation != ""
|
||||
}
|
||||
|
||||
func setDefaultImplementationLDAPAuthenticationBackendProfileAttributes(config *schema.AuthenticationBackendLDAP, implementation *schema.AuthenticationBackendLDAP) {
|
||||
func setDefaultImplementationLDAPAuthenticationBackendProfileAttributes(config *schema.LDAPAuthenticationBackend, implementation *schema.LDAPAuthenticationBackend) {
|
||||
if ldapImplementationShouldSetStr(config.AdditionalUsersDN, implementation.AdditionalUsersDN) {
|
||||
config.AdditionalUsersDN = implementation.AdditionalUsersDN
|
||||
}
|
||||
|
@ -435,7 +435,7 @@ func setDefaultImplementationLDAPAuthenticationBackendProfileAttributes(config *
|
|||
}
|
||||
}
|
||||
|
||||
func validateLDAPAuthenticationAddress(config *schema.AuthenticationBackendLDAP, validator *schema.StructValidator) (hostname string) {
|
||||
func validateLDAPAuthenticationAddress(config *schema.LDAPAuthenticationBackend, validator *schema.StructValidator) (hostname string) {
|
||||
if config.Address == nil {
|
||||
validator.Push(fmt.Errorf(errFmtLDAPAuthBackendMissingOption, "address"))
|
||||
|
||||
|
|
|
@ -17,8 +17,8 @@ func TestShouldRaiseErrorWhenBothBackendsProvided(t *testing.T) {
|
|||
validator := schema.NewStructValidator()
|
||||
backendConfig := schema.AuthenticationBackend{}
|
||||
|
||||
backendConfig.LDAP = &schema.AuthenticationBackendLDAP{}
|
||||
backendConfig.File = &schema.AuthenticationBackendFile{
|
||||
backendConfig.LDAP = &schema.LDAPAuthenticationBackend{}
|
||||
backendConfig.File = &schema.FileAuthenticationBackend{
|
||||
Path: "/tmp",
|
||||
}
|
||||
|
||||
|
@ -55,7 +55,7 @@ func (suite *FileBasedAuthenticationBackend) SetupTest() {
|
|||
|
||||
suite.validator = schema.NewStructValidator()
|
||||
suite.config = schema.AuthenticationBackend{}
|
||||
suite.config.File = &schema.AuthenticationBackendFile{Path: "/a/path", Password: password}
|
||||
suite.config.File = &schema.FileAuthenticationBackend{Path: "/a/path", Password: password}
|
||||
}
|
||||
|
||||
func (suite *FileBasedAuthenticationBackend) TestShouldValidateCompleteConfiguration() {
|
||||
|
@ -77,33 +77,33 @@ func (suite *FileBasedAuthenticationBackend) TestShouldRaiseErrorWhenNoPathProvi
|
|||
}
|
||||
|
||||
func (suite *FileBasedAuthenticationBackend) TestShouldSetDefaultConfigurationWhenBlank() {
|
||||
suite.config.File.Password = schema.AuthenticationBackendFilePassword{}
|
||||
suite.config.File.Password = schema.Password{}
|
||||
|
||||
suite.Equal(0, suite.config.File.Password.KeyLength)
|
||||
suite.Equal(0, suite.config.File.Password.Iterations)
|
||||
suite.Equal(0, suite.config.File.Password.SaltLength)
|
||||
suite.Equal("", suite.config.File.Password.Algorithm)
|
||||
suite.Equal(0, suite.config.File.Password.KeyLength) //nolint:staticcheck
|
||||
suite.Equal(0, suite.config.File.Password.Iterations) //nolint:staticcheck
|
||||
suite.Equal(0, suite.config.File.Password.SaltLength) //nolint:staticcheck
|
||||
suite.Equal(0, suite.config.File.Password.Memory) //nolint:staticcheck
|
||||
suite.Equal(0, suite.config.File.Password.Parallelism) //nolint:staticcheck
|
||||
suite.Equal(0, suite.config.File.Password.Memory)
|
||||
suite.Equal(0, suite.config.File.Password.Parallelism)
|
||||
|
||||
ValidateAuthenticationBackend(&suite.config, suite.validator)
|
||||
|
||||
suite.Len(suite.validator.Warnings(), 0)
|
||||
suite.Len(suite.validator.Errors(), 0)
|
||||
|
||||
suite.Equal(schema.DefaultPasswordConfig.KeyLength, suite.config.File.Password.KeyLength)
|
||||
suite.Equal(schema.DefaultPasswordConfig.Iterations, suite.config.File.Password.Iterations)
|
||||
suite.Equal(schema.DefaultPasswordConfig.SaltLength, suite.config.File.Password.SaltLength)
|
||||
suite.Equal(schema.DefaultPasswordConfig.Algorithm, suite.config.File.Password.Algorithm)
|
||||
suite.Equal(schema.DefaultPasswordConfig.KeyLength, suite.config.File.Password.KeyLength) //nolint:staticcheck
|
||||
suite.Equal(schema.DefaultPasswordConfig.Iterations, suite.config.File.Password.Iterations) //nolint:staticcheck
|
||||
suite.Equal(schema.DefaultPasswordConfig.SaltLength, suite.config.File.Password.SaltLength) //nolint:staticcheck
|
||||
suite.Equal(schema.DefaultPasswordConfig.Memory, suite.config.File.Password.Memory) //nolint:staticcheck
|
||||
suite.Equal(schema.DefaultPasswordConfig.Parallelism, suite.config.File.Password.Parallelism) //nolint:staticcheck
|
||||
suite.Equal(schema.DefaultPasswordConfig.Memory, suite.config.File.Password.Memory)
|
||||
suite.Equal(schema.DefaultPasswordConfig.Parallelism, suite.config.File.Password.Parallelism)
|
||||
}
|
||||
|
||||
func (suite *FileBasedAuthenticationBackend) TestShouldMigrateLegacyConfigurationSHA512() {
|
||||
suite.config.File.Password = schema.AuthenticationBackendFilePassword{}
|
||||
suite.config.File.Password = schema.Password{}
|
||||
suite.Equal("", suite.config.File.Password.Algorithm)
|
||||
|
||||
suite.config.File.Password = schema.AuthenticationBackendFilePassword{
|
||||
suite.config.File.Password = schema.Password{
|
||||
Algorithm: digestSHA512,
|
||||
Iterations: 1000000,
|
||||
SaltLength: 8,
|
||||
|
@ -121,14 +121,14 @@ func (suite *FileBasedAuthenticationBackend) TestShouldMigrateLegacyConfiguratio
|
|||
}
|
||||
|
||||
func (suite *FileBasedAuthenticationBackend) TestShouldMigrateLegacyConfigurationSHA512ButNotOverride() {
|
||||
suite.config.File.Password = schema.AuthenticationBackendFilePassword{}
|
||||
suite.config.File.Password = schema.Password{}
|
||||
suite.Equal("", suite.config.File.Password.Algorithm)
|
||||
|
||||
suite.config.File.Password = schema.AuthenticationBackendFilePassword{
|
||||
suite.config.File.Password = schema.Password{
|
||||
Algorithm: digestSHA512,
|
||||
Iterations: 1000000,
|
||||
SaltLength: 8,
|
||||
SHA2Crypt: schema.AuthenticationBackendFilePasswordSHA2Crypt{
|
||||
SHA2Crypt: schema.SHA2CryptPassword{
|
||||
Variant: digestSHA256,
|
||||
Iterations: 50000,
|
||||
SaltLength: 12,
|
||||
|
@ -147,10 +147,10 @@ func (suite *FileBasedAuthenticationBackend) TestShouldMigrateLegacyConfiguratio
|
|||
}
|
||||
|
||||
func (suite *FileBasedAuthenticationBackend) TestShouldMigrateLegacyConfigurationSHA512Alt() {
|
||||
suite.config.File.Password = schema.AuthenticationBackendFilePassword{}
|
||||
suite.config.File.Password = schema.Password{}
|
||||
suite.Equal("", suite.config.File.Password.Algorithm)
|
||||
|
||||
suite.config.File.Password = schema.AuthenticationBackendFilePassword{
|
||||
suite.config.File.Password = schema.Password{
|
||||
Algorithm: digestSHA512,
|
||||
Iterations: 1000000,
|
||||
SaltLength: 64,
|
||||
|
@ -168,10 +168,10 @@ func (suite *FileBasedAuthenticationBackend) TestShouldMigrateLegacyConfiguratio
|
|||
}
|
||||
|
||||
func (suite *FileBasedAuthenticationBackend) TestShouldMigrateLegacyConfigurationArgon2() {
|
||||
suite.config.File.Password = schema.AuthenticationBackendFilePassword{}
|
||||
suite.config.File.Password = schema.Password{}
|
||||
suite.Equal("", suite.config.File.Password.Algorithm)
|
||||
|
||||
suite.config.File.Password = schema.AuthenticationBackendFilePassword{
|
||||
suite.config.File.Password = schema.Password{
|
||||
Algorithm: "argon2id",
|
||||
Iterations: 4,
|
||||
Memory: 1024,
|
||||
|
@ -195,17 +195,17 @@ func (suite *FileBasedAuthenticationBackend) TestShouldMigrateLegacyConfiguratio
|
|||
}
|
||||
|
||||
func (suite *FileBasedAuthenticationBackend) TestShouldMigrateLegacyConfigurationArgon2ButNotOverride() {
|
||||
suite.config.File.Password = schema.AuthenticationBackendFilePassword{}
|
||||
suite.config.File.Password = schema.Password{}
|
||||
suite.Equal("", suite.config.File.Password.Algorithm)
|
||||
|
||||
suite.config.File.Password = schema.AuthenticationBackendFilePassword{
|
||||
suite.config.File.Password = schema.Password{
|
||||
Algorithm: "argon2id",
|
||||
Iterations: 4,
|
||||
Memory: 1024,
|
||||
Parallelism: 4,
|
||||
KeyLength: 64,
|
||||
SaltLength: 64,
|
||||
Argon2: schema.AuthenticationBackendFilePasswordArgon2{
|
||||
Argon2: schema.Argon2Password{
|
||||
Variant: "argon2d",
|
||||
Iterations: 1,
|
||||
Memory: 2048,
|
||||
|
@ -230,7 +230,7 @@ func (suite *FileBasedAuthenticationBackend) TestShouldMigrateLegacyConfiguratio
|
|||
}
|
||||
|
||||
func (suite *FileBasedAuthenticationBackend) TestShouldMigrateLegacyConfigurationWhenOnlySHA512Set() {
|
||||
suite.config.File.Password = schema.AuthenticationBackendFilePassword{}
|
||||
suite.config.File.Password = schema.Password{}
|
||||
suite.Equal("", suite.config.File.Password.Algorithm)
|
||||
suite.config.File.Password.Algorithm = digestSHA512
|
||||
|
||||
|
@ -246,7 +246,7 @@ func (suite *FileBasedAuthenticationBackend) TestShouldMigrateLegacyConfiguratio
|
|||
}
|
||||
|
||||
func (suite *FileBasedAuthenticationBackend) TestShouldRaiseErrorOnInvalidArgon2Variant() {
|
||||
suite.config.File.Password = schema.AuthenticationBackendFilePassword{}
|
||||
suite.config.File.Password = schema.Password{}
|
||||
suite.Equal("", suite.config.File.Password.Algorithm)
|
||||
suite.config.File.Password.Algorithm = "argon2"
|
||||
suite.config.File.Password.Argon2.Variant = testInvalid
|
||||
|
@ -260,7 +260,7 @@ func (suite *FileBasedAuthenticationBackend) TestShouldRaiseErrorOnInvalidArgon2
|
|||
}
|
||||
|
||||
func (suite *FileBasedAuthenticationBackend) TestShouldRaiseErrorOnInvalidSHA2CryptVariant() {
|
||||
suite.config.File.Password = schema.AuthenticationBackendFilePassword{}
|
||||
suite.config.File.Password = schema.Password{}
|
||||
suite.Equal("", suite.config.File.Password.Algorithm)
|
||||
suite.config.File.Password.Algorithm = hashSHA2Crypt
|
||||
suite.config.File.Password.SHA2Crypt.Variant = testInvalid
|
||||
|
@ -274,7 +274,7 @@ func (suite *FileBasedAuthenticationBackend) TestShouldRaiseErrorOnInvalidSHA2Cr
|
|||
}
|
||||
|
||||
func (suite *FileBasedAuthenticationBackend) TestShouldRaiseErrorOnInvalidSHA2CryptSaltLength() {
|
||||
suite.config.File.Password = schema.AuthenticationBackendFilePassword{}
|
||||
suite.config.File.Password = schema.Password{}
|
||||
suite.Equal("", suite.config.File.Password.Algorithm)
|
||||
suite.config.File.Password.Algorithm = hashSHA2Crypt
|
||||
suite.config.File.Password.SHA2Crypt.SaltLength = 40
|
||||
|
@ -288,7 +288,7 @@ func (suite *FileBasedAuthenticationBackend) TestShouldRaiseErrorOnInvalidSHA2Cr
|
|||
}
|
||||
|
||||
func (suite *FileBasedAuthenticationBackend) TestShouldRaiseErrorOnInvalidPBKDF2Variant() {
|
||||
suite.config.File.Password = schema.AuthenticationBackendFilePassword{}
|
||||
suite.config.File.Password = schema.Password{}
|
||||
suite.Equal("", suite.config.File.Password.Algorithm)
|
||||
suite.config.File.Password.Algorithm = "pbkdf2"
|
||||
suite.config.File.Password.PBKDF2.Variant = testInvalid
|
||||
|
@ -302,7 +302,7 @@ func (suite *FileBasedAuthenticationBackend) TestShouldRaiseErrorOnInvalidPBKDF2
|
|||
}
|
||||
|
||||
func (suite *FileBasedAuthenticationBackend) TestShouldRaiseErrorOnInvalidBCryptVariant() {
|
||||
suite.config.File.Password = schema.AuthenticationBackendFilePassword{}
|
||||
suite.config.File.Password = schema.Password{}
|
||||
suite.Equal("", suite.config.File.Password.Algorithm)
|
||||
suite.config.File.Password.Algorithm = "bcrypt"
|
||||
suite.config.File.Password.BCrypt.Variant = testInvalid
|
||||
|
@ -502,10 +502,10 @@ func (suite *FileBasedAuthenticationBackend) TestShouldRaiseErrorWhenBadAlgorith
|
|||
|
||||
func (suite *FileBasedAuthenticationBackend) TestShouldSetDefaultValues() {
|
||||
suite.config.File.Password.Algorithm = ""
|
||||
suite.config.File.Password.Iterations = 0 //nolint:staticcheck
|
||||
suite.config.File.Password.SaltLength = 0 //nolint:staticcheck
|
||||
suite.config.File.Password.Memory = 0 //nolint:staticcheck
|
||||
suite.config.File.Password.Parallelism = 0 //nolint:staticcheck
|
||||
suite.config.File.Password.Iterations = 0
|
||||
suite.config.File.Password.SaltLength = 0
|
||||
suite.config.File.Password.Memory = 0
|
||||
suite.config.File.Password.Parallelism = 0
|
||||
|
||||
ValidateAuthenticationBackend(&suite.config, suite.validator)
|
||||
|
||||
|
@ -513,10 +513,10 @@ func (suite *FileBasedAuthenticationBackend) TestShouldSetDefaultValues() {
|
|||
suite.Len(suite.validator.Errors(), 0)
|
||||
|
||||
suite.Equal(schema.DefaultPasswordConfig.Algorithm, suite.config.File.Password.Algorithm)
|
||||
suite.Equal(schema.DefaultPasswordConfig.Iterations, suite.config.File.Password.Iterations) //nolint:staticcheck
|
||||
suite.Equal(schema.DefaultPasswordConfig.SaltLength, suite.config.File.Password.SaltLength) //nolint:staticcheck
|
||||
suite.Equal(schema.DefaultPasswordConfig.Memory, suite.config.File.Password.Memory) //nolint:staticcheck
|
||||
suite.Equal(schema.DefaultPasswordConfig.Parallelism, suite.config.File.Password.Parallelism) //nolint:staticcheck
|
||||
suite.Equal(schema.DefaultPasswordConfig.Iterations, suite.config.File.Password.Iterations)
|
||||
suite.Equal(schema.DefaultPasswordConfig.SaltLength, suite.config.File.Password.SaltLength)
|
||||
suite.Equal(schema.DefaultPasswordConfig.Memory, suite.config.File.Password.Memory)
|
||||
suite.Equal(schema.DefaultPasswordConfig.Parallelism, suite.config.File.Password.Parallelism)
|
||||
}
|
||||
|
||||
func (suite *FileBasedAuthenticationBackend) TestShouldRaiseErrorWhenResetURLIsInvalid() {
|
||||
|
@ -571,7 +571,7 @@ type LDAPAuthenticationBackendSuite struct {
|
|||
func (suite *LDAPAuthenticationBackendSuite) SetupTest() {
|
||||
suite.validator = schema.NewStructValidator()
|
||||
suite.config = schema.AuthenticationBackend{}
|
||||
suite.config.LDAP = &schema.AuthenticationBackendLDAP{}
|
||||
suite.config.LDAP = &schema.LDAPAuthenticationBackend{}
|
||||
suite.config.LDAP.Implementation = schema.LDAPImplementationCustom
|
||||
suite.config.LDAP.Address = &schema.AddressLDAP{Address: *testLDAPAddress}
|
||||
suite.config.LDAP.User = testLDAPUser
|
||||
|
@ -867,7 +867,7 @@ func (suite *LDAPAuthenticationBackendSuite) TestShouldHelpDetectNoInputPlacehol
|
|||
}
|
||||
|
||||
func (suite *LDAPAuthenticationBackendSuite) TestShouldSetDefaultTLSMinimumVersion() {
|
||||
suite.config.LDAP.TLS = &schema.TLS{MinimumVersion: schema.TLSVersion{}}
|
||||
suite.config.LDAP.TLS = &schema.TLSConfig{MinimumVersion: schema.TLSVersion{}}
|
||||
|
||||
ValidateAuthenticationBackend(&suite.config, suite.validator)
|
||||
|
||||
|
@ -878,7 +878,7 @@ func (suite *LDAPAuthenticationBackendSuite) TestShouldSetDefaultTLSMinimumVersi
|
|||
}
|
||||
|
||||
func (suite *LDAPAuthenticationBackendSuite) TestShouldNotAllowSSL30() {
|
||||
suite.config.LDAP.TLS = &schema.TLS{
|
||||
suite.config.LDAP.TLS = &schema.TLSConfig{
|
||||
MinimumVersion: schema.TLSVersion{Value: tls.VersionSSL30}, //nolint:staticcheck
|
||||
}
|
||||
|
||||
|
@ -949,7 +949,7 @@ func (suite *LDAPAuthenticationBackendSuite) TestShouldErrorOnMissingMemberOfRDN
|
|||
}
|
||||
|
||||
func (suite *LDAPAuthenticationBackendSuite) TestShouldNotAllowTLSVerMinGreaterThanVerMax() {
|
||||
suite.config.LDAP.TLS = &schema.TLS{
|
||||
suite.config.LDAP.TLS = &schema.TLSConfig{
|
||||
MinimumVersion: schema.TLSVersion{Value: tls.VersionTLS13},
|
||||
MaximumVersion: schema.TLSVersion{Value: tls.VersionTLS12},
|
||||
}
|
||||
|
@ -973,7 +973,7 @@ type ActiveDirectoryAuthenticationBackendSuite struct {
|
|||
func (suite *ActiveDirectoryAuthenticationBackendSuite) SetupTest() {
|
||||
suite.validator = schema.NewStructValidator()
|
||||
suite.config = schema.AuthenticationBackend{}
|
||||
suite.config.LDAP = &schema.AuthenticationBackendLDAP{}
|
||||
suite.config.LDAP = &schema.LDAPAuthenticationBackend{}
|
||||
suite.config.LDAP.Implementation = schema.LDAPImplementationActiveDirectory
|
||||
suite.config.LDAP.Address = &schema.AddressLDAP{Address: *testLDAPAddress}
|
||||
suite.config.LDAP.User = testLDAPUser
|
||||
|
@ -1034,7 +1034,7 @@ type RFC2307bisAuthenticationBackendSuite struct {
|
|||
func (suite *RFC2307bisAuthenticationBackendSuite) SetupTest() {
|
||||
suite.validator = schema.NewStructValidator()
|
||||
suite.config = schema.AuthenticationBackend{}
|
||||
suite.config.LDAP = &schema.AuthenticationBackendLDAP{}
|
||||
suite.config.LDAP = &schema.LDAPAuthenticationBackend{}
|
||||
suite.config.LDAP.Implementation = schema.LDAPImplementationRFC2307bis
|
||||
suite.config.LDAP.Address = &schema.AddressLDAP{Address: *testLDAPAddress}
|
||||
suite.config.LDAP.User = testLDAPUser
|
||||
|
@ -1085,7 +1085,7 @@ type FreeIPAAuthenticationBackendSuite struct {
|
|||
func (suite *FreeIPAAuthenticationBackendSuite) SetupTest() {
|
||||
suite.validator = schema.NewStructValidator()
|
||||
suite.config = schema.AuthenticationBackend{}
|
||||
suite.config.LDAP = &schema.AuthenticationBackendLDAP{}
|
||||
suite.config.LDAP = &schema.LDAPAuthenticationBackend{}
|
||||
suite.config.LDAP.Implementation = schema.LDAPImplementationFreeIPA
|
||||
suite.config.LDAP.Address = &schema.AddressLDAP{Address: *testLDAPAddress}
|
||||
suite.config.LDAP.User = testLDAPUser
|
||||
|
@ -1136,7 +1136,7 @@ type LLDAPAuthenticationBackendSuite struct {
|
|||
func (suite *LLDAPAuthenticationBackendSuite) SetupTest() {
|
||||
suite.validator = schema.NewStructValidator()
|
||||
suite.config = schema.AuthenticationBackend{}
|
||||
suite.config.LDAP = &schema.AuthenticationBackendLDAP{}
|
||||
suite.config.LDAP = &schema.LDAPAuthenticationBackend{}
|
||||
suite.config.LDAP.Implementation = schema.LDAPImplementationLLDAP
|
||||
suite.config.LDAP.Address = &schema.AddressLDAP{Address: *testLDAPAddress}
|
||||
suite.config.LDAP.User = testLDAPUser
|
||||
|
@ -1187,7 +1187,7 @@ type GLAuthAuthenticationBackendSuite struct {
|
|||
func (suite *GLAuthAuthenticationBackendSuite) SetupTest() {
|
||||
suite.validator = schema.NewStructValidator()
|
||||
suite.config = schema.AuthenticationBackend{}
|
||||
suite.config.LDAP = &schema.AuthenticationBackendLDAP{}
|
||||
suite.config.LDAP = &schema.LDAPAuthenticationBackend{}
|
||||
suite.config.LDAP.Implementation = schema.LDAPImplementationGLAuth
|
||||
suite.config.LDAP.Address = &schema.AddressLDAP{Address: *testLDAPAddress}
|
||||
suite.config.LDAP.User = testLDAPUser
|
||||
|
@ -1237,7 +1237,7 @@ type LDAPImplementationSuite struct {
|
|||
validator *schema.StructValidator
|
||||
}
|
||||
|
||||
func (suite *LDAPImplementationSuite) EqualImplementationDefaults(expected schema.AuthenticationBackendLDAP) {
|
||||
func (suite *LDAPImplementationSuite) EqualImplementationDefaults(expected schema.LDAPAuthenticationBackend) {
|
||||
suite.Equal(expected.Timeout, suite.config.LDAP.Timeout)
|
||||
suite.Equal(expected.AdditionalUsersDN, suite.config.LDAP.AdditionalUsersDN)
|
||||
suite.Equal(expected.AdditionalGroupsDN, suite.config.LDAP.AdditionalGroupsDN)
|
||||
|
@ -1253,7 +1253,7 @@ func (suite *LDAPImplementationSuite) EqualImplementationDefaults(expected schem
|
|||
suite.Equal(expected.Attributes.GroupName, suite.config.LDAP.Attributes.GroupName)
|
||||
}
|
||||
|
||||
func (suite *LDAPImplementationSuite) NotEqualImplementationDefaults(expected schema.AuthenticationBackendLDAP) {
|
||||
func (suite *LDAPImplementationSuite) NotEqualImplementationDefaults(expected schema.LDAPAuthenticationBackend) {
|
||||
suite.NotEqual(expected.Timeout, suite.config.LDAP.Timeout)
|
||||
suite.NotEqual(expected.UsersFilter, suite.config.LDAP.UsersFilter)
|
||||
suite.NotEqual(expected.GroupsFilter, suite.config.LDAP.GroupsFilter)
|
||||
|
|
|
@ -17,29 +17,29 @@ func newDefaultConfig() schema.Configuration {
|
|||
config.Log.Level = "info"
|
||||
config.Log.Format = "text"
|
||||
config.JWTSecret = testJWTSecret
|
||||
config.AuthenticationBackend.File = &schema.AuthenticationBackendFile{
|
||||
config.AuthenticationBackend.File = &schema.FileAuthenticationBackend{
|
||||
Path: "/a/path",
|
||||
}
|
||||
config.AccessControl = schema.AccessControl{
|
||||
config.AccessControl = schema.AccessControlConfiguration{
|
||||
DefaultPolicy: "two_factor",
|
||||
}
|
||||
config.Session = schema.Session{
|
||||
config.Session = schema.SessionConfiguration{
|
||||
Secret: "secret",
|
||||
Cookies: []schema.SessionCookie{
|
||||
Cookies: []schema.SessionCookieConfiguration{
|
||||
{
|
||||
SessionCookieCommon: schema.SessionCookieCommon{
|
||||
SessionCookieCommonConfiguration: schema.SessionCookieCommonConfiguration{
|
||||
Name: "authelia_session",
|
||||
},
|
||||
Domain: exampleDotCom,
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
config.Storage.EncryptionKey = testEncryptionKey
|
||||
config.Storage.Local = &schema.StorageLocal{
|
||||
config.Storage.Local = &schema.LocalStorageConfiguration{
|
||||
Path: "abc",
|
||||
}
|
||||
config.Notifier = schema.Notifier{
|
||||
FileSystem: &schema.NotifierFileSystem{
|
||||
config.Notifier = schema.NotifierConfiguration{
|
||||
FileSystem: &schema.FileSystemNotifierConfiguration{
|
||||
Filename: "/tmp/file",
|
||||
},
|
||||
}
|
||||
|
@ -69,7 +69,7 @@ func TestShouldAddDefaultAccessControl(t *testing.T) {
|
|||
config := newDefaultConfig()
|
||||
|
||||
config.AccessControl.DefaultPolicy = ""
|
||||
config.AccessControl.Rules = []schema.AccessControlRule{
|
||||
config.AccessControl.Rules = []schema.ACLRule{
|
||||
{
|
||||
Policy: "bypass",
|
||||
Domains: []string{
|
||||
|
@ -179,7 +179,7 @@ func TestValidateDefault2FAMethod(t *testing.T) {
|
|||
desc: "ShouldAllowConfiguredMethodTOTP",
|
||||
have: &schema.Configuration{
|
||||
Default2FAMethod: "totp",
|
||||
DuoAPI: schema.DuoAPI{
|
||||
DuoAPI: schema.DuoAPIConfiguration{
|
||||
SecretKey: "a key",
|
||||
IntegrationKey: "another key",
|
||||
Hostname: "none",
|
||||
|
@ -190,7 +190,7 @@ func TestValidateDefault2FAMethod(t *testing.T) {
|
|||
desc: "ShouldAllowConfiguredMethodWebAuthn",
|
||||
have: &schema.Configuration{
|
||||
Default2FAMethod: "webauthn",
|
||||
DuoAPI: schema.DuoAPI{
|
||||
DuoAPI: schema.DuoAPIConfiguration{
|
||||
SecretKey: "a key",
|
||||
IntegrationKey: "another key",
|
||||
Hostname: "none",
|
||||
|
@ -201,7 +201,7 @@ func TestValidateDefault2FAMethod(t *testing.T) {
|
|||
desc: "ShouldAllowConfiguredMethodMobilePush",
|
||||
have: &schema.Configuration{
|
||||
Default2FAMethod: "mobile_push",
|
||||
DuoAPI: schema.DuoAPI{
|
||||
DuoAPI: schema.DuoAPIConfiguration{
|
||||
SecretKey: "a key",
|
||||
IntegrationKey: "another key",
|
||||
Hostname: "none",
|
||||
|
@ -212,12 +212,12 @@ func TestValidateDefault2FAMethod(t *testing.T) {
|
|||
desc: "ShouldNotAllowDisabledMethodTOTP",
|
||||
have: &schema.Configuration{
|
||||
Default2FAMethod: "totp",
|
||||
DuoAPI: schema.DuoAPI{
|
||||
DuoAPI: schema.DuoAPIConfiguration{
|
||||
SecretKey: "a key",
|
||||
IntegrationKey: "another key",
|
||||
Hostname: "none",
|
||||
},
|
||||
TOTP: schema.TOTP{Disable: true},
|
||||
TOTP: schema.TOTPConfiguration{Disable: true},
|
||||
},
|
||||
expectedErrs: []string{
|
||||
"option 'default_2fa_method' must be one of the enabled options 'webauthn' or 'mobile_push' but it's configured as 'totp'",
|
||||
|
@ -227,12 +227,12 @@ func TestValidateDefault2FAMethod(t *testing.T) {
|
|||
desc: "ShouldNotAllowDisabledMethodWebAuthn",
|
||||
have: &schema.Configuration{
|
||||
Default2FAMethod: "webauthn",
|
||||
DuoAPI: schema.DuoAPI{
|
||||
DuoAPI: schema.DuoAPIConfiguration{
|
||||
SecretKey: "a key",
|
||||
IntegrationKey: "another key",
|
||||
Hostname: "none",
|
||||
},
|
||||
WebAuthn: schema.WebAuthn{Disable: true},
|
||||
WebAuthn: schema.WebAuthnConfiguration{Disable: true},
|
||||
},
|
||||
expectedErrs: []string{
|
||||
"option 'default_2fa_method' must be one of the enabled options 'totp' or 'mobile_push' but it's configured as 'webauthn'",
|
||||
|
@ -242,7 +242,7 @@ func TestValidateDefault2FAMethod(t *testing.T) {
|
|||
desc: "ShouldNotAllowDisabledMethodMobilePush",
|
||||
have: &schema.Configuration{
|
||||
Default2FAMethod: "mobile_push",
|
||||
DuoAPI: schema.DuoAPI{Disable: true},
|
||||
DuoAPI: schema.DuoAPIConfiguration{Disable: true},
|
||||
},
|
||||
expectedErrs: []string{
|
||||
"option 'default_2fa_method' must be one of the enabled options 'totp' or 'webauthn' but it's configured as 'mobile_push'",
|
||||
|
|
|
@ -14,27 +14,27 @@ func TestValidateDuo(t *testing.T) {
|
|||
testCases := []struct {
|
||||
desc string
|
||||
have *schema.Configuration
|
||||
expected schema.DuoAPI
|
||||
expected schema.DuoAPIConfiguration
|
||||
errs []string
|
||||
}{
|
||||
{
|
||||
desc: "ShouldDisableDuo",
|
||||
have: &schema.Configuration{},
|
||||
expected: schema.DuoAPI{Disable: true},
|
||||
expected: schema.DuoAPIConfiguration{Disable: true},
|
||||
},
|
||||
{
|
||||
desc: "ShouldDisableDuoConfigured",
|
||||
have: &schema.Configuration{DuoAPI: schema.DuoAPI{Disable: true, Hostname: "example.com"}},
|
||||
expected: schema.DuoAPI{Disable: true, Hostname: "example.com"},
|
||||
have: &schema.Configuration{DuoAPI: schema.DuoAPIConfiguration{Disable: true, Hostname: "example.com"}},
|
||||
expected: schema.DuoAPIConfiguration{Disable: true, Hostname: "example.com"},
|
||||
},
|
||||
{
|
||||
desc: "ShouldNotDisableDuo",
|
||||
have: &schema.Configuration{DuoAPI: schema.DuoAPI{
|
||||
have: &schema.Configuration{DuoAPI: schema.DuoAPIConfiguration{
|
||||
Hostname: "test",
|
||||
IntegrationKey: "test",
|
||||
SecretKey: "test",
|
||||
}},
|
||||
expected: schema.DuoAPI{
|
||||
expected: schema.DuoAPIConfiguration{
|
||||
Hostname: "test",
|
||||
IntegrationKey: "test",
|
||||
SecretKey: "test",
|
||||
|
@ -42,11 +42,11 @@ func TestValidateDuo(t *testing.T) {
|
|||
},
|
||||
{
|
||||
desc: "ShouldDetectMissingSecretKey",
|
||||
have: &schema.Configuration{DuoAPI: schema.DuoAPI{
|
||||
have: &schema.Configuration{DuoAPI: schema.DuoAPIConfiguration{
|
||||
Hostname: "test",
|
||||
IntegrationKey: "test",
|
||||
}},
|
||||
expected: schema.DuoAPI{
|
||||
expected: schema.DuoAPIConfiguration{
|
||||
Hostname: "test",
|
||||
IntegrationKey: "test",
|
||||
},
|
||||
|
@ -56,11 +56,11 @@ func TestValidateDuo(t *testing.T) {
|
|||
},
|
||||
{
|
||||
desc: "ShouldDetectMissingIntegrationKey",
|
||||
have: &schema.Configuration{DuoAPI: schema.DuoAPI{
|
||||
have: &schema.Configuration{DuoAPI: schema.DuoAPIConfiguration{
|
||||
Hostname: "test",
|
||||
SecretKey: "test",
|
||||
}},
|
||||
expected: schema.DuoAPI{
|
||||
expected: schema.DuoAPIConfiguration{
|
||||
Hostname: "test",
|
||||
SecretKey: "test",
|
||||
},
|
||||
|
@ -70,11 +70,11 @@ func TestValidateDuo(t *testing.T) {
|
|||
},
|
||||
{
|
||||
desc: "ShouldDetectMissingHostname",
|
||||
have: &schema.Configuration{DuoAPI: schema.DuoAPI{
|
||||
have: &schema.Configuration{DuoAPI: schema.DuoAPIConfiguration{
|
||||
IntegrationKey: "test",
|
||||
SecretKey: "test",
|
||||
}},
|
||||
expected: schema.DuoAPI{
|
||||
expected: schema.DuoAPIConfiguration{
|
||||
IntegrationKey: "test",
|
||||
SecretKey: "test",
|
||||
},
|
||||
|
|
|
@ -22,7 +22,7 @@ func ValidateIdentityProviders(config *schema.IdentityProviders, val *schema.Str
|
|||
validateOIDC(config.OIDC, val)
|
||||
}
|
||||
|
||||
func validateOIDC(config *schema.IdentityProvidersOpenIDConnect, val *schema.StructValidator) {
|
||||
func validateOIDC(config *schema.OpenIDConnect, val *schema.StructValidator) {
|
||||
if config == nil {
|
||||
return
|
||||
}
|
||||
|
@ -58,7 +58,7 @@ func validateOIDC(config *schema.IdentityProvidersOpenIDConnect, val *schema.Str
|
|||
}
|
||||
}
|
||||
|
||||
func validateOIDCIssuer(config *schema.IdentityProvidersOpenIDConnect, val *schema.StructValidator) {
|
||||
func validateOIDCIssuer(config *schema.OpenIDConnect, val *schema.StructValidator) {
|
||||
switch {
|
||||
case config.IssuerPrivateKey != nil:
|
||||
validateOIDCIssuerPrivateKey(config)
|
||||
|
@ -71,7 +71,7 @@ func validateOIDCIssuer(config *schema.IdentityProvidersOpenIDConnect, val *sche
|
|||
}
|
||||
}
|
||||
|
||||
func validateOIDCIssuerPrivateKey(config *schema.IdentityProvidersOpenIDConnect) {
|
||||
func validateOIDCIssuerPrivateKey(config *schema.OpenIDConnect) {
|
||||
config.IssuerPrivateKeys = append([]schema.JWK{{
|
||||
Algorithm: oidc.SigningAlgRSAUsingSHA256,
|
||||
Use: oidc.KeyUseSignature,
|
||||
|
@ -80,7 +80,7 @@ func validateOIDCIssuerPrivateKey(config *schema.IdentityProvidersOpenIDConnect)
|
|||
}}, config.IssuerPrivateKeys...)
|
||||
}
|
||||
|
||||
func validateOIDCIssuerPrivateKeys(config *schema.IdentityProvidersOpenIDConnect, val *schema.StructValidator) {
|
||||
func validateOIDCIssuerPrivateKeys(config *schema.OpenIDConnect, val *schema.StructValidator) {
|
||||
var (
|
||||
props *JWKProperties
|
||||
err error
|
||||
|
@ -132,7 +132,7 @@ func validateOIDCIssuerPrivateKeys(config *schema.IdentityProvidersOpenIDConnect
|
|||
}
|
||||
}
|
||||
|
||||
func validateOIDCIssuerPrivateKeysUseAlg(i int, props *JWKProperties, config *schema.IdentityProvidersOpenIDConnect, val *schema.StructValidator) {
|
||||
func validateOIDCIssuerPrivateKeysUseAlg(i int, props *JWKProperties, config *schema.OpenIDConnect, val *schema.StructValidator) {
|
||||
switch config.IssuerPrivateKeys[i].Use {
|
||||
case "":
|
||||
config.IssuerPrivateKeys[i].Use = props.Use
|
||||
|
@ -164,7 +164,7 @@ func validateOIDCIssuerPrivateKeysUseAlg(i int, props *JWKProperties, config *sc
|
|||
}
|
||||
}
|
||||
|
||||
func validateOIDCIssuerPrivateKeyPair(i int, config *schema.IdentityProvidersOpenIDConnect, val *schema.StructValidator) {
|
||||
func validateOIDCIssuerPrivateKeyPair(i int, config *schema.OpenIDConnect, val *schema.StructValidator) {
|
||||
var (
|
||||
checkEqualKey bool
|
||||
err error
|
||||
|
@ -196,7 +196,7 @@ func validateOIDCIssuerPrivateKeyPair(i int, config *schema.IdentityProvidersOpe
|
|||
}
|
||||
}
|
||||
|
||||
func setOIDCDefaults(config *schema.IdentityProvidersOpenIDConnect) {
|
||||
func setOIDCDefaults(config *schema.OpenIDConnect) {
|
||||
if config.AccessTokenLifespan == time.Duration(0) {
|
||||
config.AccessTokenLifespan = schema.DefaultOpenIDConnectConfiguration.AccessTokenLifespan
|
||||
}
|
||||
|
@ -218,7 +218,7 @@ func setOIDCDefaults(config *schema.IdentityProvidersOpenIDConnect) {
|
|||
}
|
||||
}
|
||||
|
||||
func validateOIDCOptionsCORS(config *schema.IdentityProvidersOpenIDConnect, validator *schema.StructValidator) {
|
||||
func validateOIDCOptionsCORS(config *schema.OpenIDConnect, validator *schema.StructValidator) {
|
||||
validateOIDCOptionsCORSAllowedOrigins(config, validator)
|
||||
|
||||
if config.CORS.AllowedOriginsFromClientRedirectURIs {
|
||||
|
@ -228,7 +228,7 @@ func validateOIDCOptionsCORS(config *schema.IdentityProvidersOpenIDConnect, vali
|
|||
validateOIDCOptionsCORSEndpoints(config, validator)
|
||||
}
|
||||
|
||||
func validateOIDCOptionsCORSAllowedOrigins(config *schema.IdentityProvidersOpenIDConnect, val *schema.StructValidator) {
|
||||
func validateOIDCOptionsCORSAllowedOrigins(config *schema.OpenIDConnect, val *schema.StructValidator) {
|
||||
for _, origin := range config.CORS.AllowedOrigins {
|
||||
if origin.String() == "*" {
|
||||
if len(config.CORS.AllowedOrigins) != 1 {
|
||||
|
@ -252,7 +252,7 @@ func validateOIDCOptionsCORSAllowedOrigins(config *schema.IdentityProvidersOpenI
|
|||
}
|
||||
}
|
||||
|
||||
func validateOIDCOptionsCORSAllowedOriginsFromClientRedirectURIs(config *schema.IdentityProvidersOpenIDConnect) {
|
||||
func validateOIDCOptionsCORSAllowedOriginsFromClientRedirectURIs(config *schema.OpenIDConnect) {
|
||||
for _, client := range config.Clients {
|
||||
for _, redirectURI := range client.RedirectURIs {
|
||||
uri, err := url.ParseRequestURI(redirectURI)
|
||||
|
@ -269,7 +269,7 @@ func validateOIDCOptionsCORSAllowedOriginsFromClientRedirectURIs(config *schema.
|
|||
}
|
||||
}
|
||||
|
||||
func validateOIDCOptionsCORSEndpoints(config *schema.IdentityProvidersOpenIDConnect, val *schema.StructValidator) {
|
||||
func validateOIDCOptionsCORSEndpoints(config *schema.OpenIDConnect, val *schema.StructValidator) {
|
||||
for _, endpoint := range config.CORS.Endpoints {
|
||||
if !utils.IsStringInSlice(endpoint, validOIDCCORSEndpoints) {
|
||||
val.Push(fmt.Errorf(errFmtOIDCCORSInvalidEndpoint, endpoint, strJoinOr(validOIDCCORSEndpoints)))
|
||||
|
@ -277,7 +277,7 @@ func validateOIDCOptionsCORSEndpoints(config *schema.IdentityProvidersOpenIDConn
|
|||
}
|
||||
}
|
||||
|
||||
func validateOIDCClients(config *schema.IdentityProvidersOpenIDConnect, val *schema.StructValidator) {
|
||||
func validateOIDCClients(config *schema.OpenIDConnect, val *schema.StructValidator) {
|
||||
var (
|
||||
errDeprecated bool
|
||||
|
||||
|
@ -319,7 +319,7 @@ func validateOIDCClients(config *schema.IdentityProvidersOpenIDConnect, val *sch
|
|||
}
|
||||
}
|
||||
|
||||
func validateOIDCClient(c int, config *schema.IdentityProvidersOpenIDConnect, val *schema.StructValidator, errDeprecatedFunc func()) {
|
||||
func validateOIDCClient(c int, config *schema.OpenIDConnect, val *schema.StructValidator, errDeprecatedFunc func()) {
|
||||
if config.Clients[c].Public {
|
||||
if config.Clients[c].Secret != nil {
|
||||
val.Push(fmt.Errorf(errFmtOIDCClientPublicInvalidSecret, config.Clients[c].ID))
|
||||
|
@ -369,7 +369,7 @@ func validateOIDCClient(c int, config *schema.IdentityProvidersOpenIDConnect, va
|
|||
validateOIDCClientTokenEndpointAuth(c, config, val)
|
||||
}
|
||||
|
||||
func validateOIDCClientPublicKeys(c int, config *schema.IdentityProvidersOpenIDConnect, val *schema.StructValidator) {
|
||||
func validateOIDCClientPublicKeys(c int, config *schema.OpenIDConnect, val *schema.StructValidator) {
|
||||
switch {
|
||||
case config.Clients[c].PublicKeys.URI != nil && len(config.Clients[c].PublicKeys.Values) != 0:
|
||||
val.Push(fmt.Errorf(errFmtOIDCClientPublicKeysBothURIAndValuesConfigured, config.Clients[c].ID))
|
||||
|
@ -382,7 +382,7 @@ func validateOIDCClientPublicKeys(c int, config *schema.IdentityProvidersOpenIDC
|
|||
}
|
||||
}
|
||||
|
||||
func validateOIDCClientJSONWebKeysList(c int, config *schema.IdentityProvidersOpenIDConnect, val *schema.StructValidator) {
|
||||
func validateOIDCClientJSONWebKeysList(c int, config *schema.OpenIDConnect, val *schema.StructValidator) {
|
||||
var (
|
||||
props *JWKProperties
|
||||
err error
|
||||
|
@ -440,7 +440,7 @@ func validateOIDCClientJSONWebKeysList(c int, config *schema.IdentityProvidersOp
|
|||
}
|
||||
}
|
||||
|
||||
func validateOIDCClientJSONWebKeysListKeyUseAlg(c, i int, props *JWKProperties, config *schema.IdentityProvidersOpenIDConnect, val *schema.StructValidator) {
|
||||
func validateOIDCClientJSONWebKeysListKeyUseAlg(c, i int, props *JWKProperties, config *schema.OpenIDConnect, val *schema.StructValidator) {
|
||||
switch config.Clients[c].PublicKeys.Values[i].Use {
|
||||
case "":
|
||||
config.Clients[c].PublicKeys.Values[i].Use = props.Use
|
||||
|
@ -470,7 +470,7 @@ func validateOIDCClientJSONWebKeysListKeyUseAlg(c, i int, props *JWKProperties,
|
|||
}
|
||||
}
|
||||
|
||||
func validateOIDCClientSectorIdentifier(c int, config *schema.IdentityProvidersOpenIDConnect, val *schema.StructValidator) {
|
||||
func validateOIDCClientSectorIdentifier(c int, config *schema.OpenIDConnect, val *schema.StructValidator) {
|
||||
if config.Clients[c].SectorIdentifier.String() != "" {
|
||||
if utils.IsURLHostComponent(config.Clients[c].SectorIdentifier) || utils.IsURLHostComponentWithPort(config.Clients[c].SectorIdentifier) {
|
||||
return
|
||||
|
@ -506,7 +506,7 @@ func validateOIDCClientSectorIdentifier(c int, config *schema.IdentityProvidersO
|
|||
}
|
||||
}
|
||||
|
||||
func validateOIDCClientConsentMode(c int, config *schema.IdentityProvidersOpenIDConnect, val *schema.StructValidator) {
|
||||
func validateOIDCClientConsentMode(c int, config *schema.OpenIDConnect, val *schema.StructValidator) {
|
||||
switch {
|
||||
case utils.IsStringInSlice(config.Clients[c].ConsentMode, []string{"", auto}):
|
||||
if config.Clients[c].ConsentPreConfiguredDuration != nil {
|
||||
|
@ -525,7 +525,7 @@ func validateOIDCClientConsentMode(c int, config *schema.IdentityProvidersOpenID
|
|||
}
|
||||
}
|
||||
|
||||
func validateOIDCClientScopes(c int, config *schema.IdentityProvidersOpenIDConnect, val *schema.StructValidator, errDeprecatedFunc func()) {
|
||||
func validateOIDCClientScopes(c int, config *schema.OpenIDConnect, val *schema.StructValidator, errDeprecatedFunc func()) {
|
||||
if len(config.Clients[c].Scopes) == 0 {
|
||||
config.Clients[c].Scopes = schema.DefaultOpenIDConnectClientConfiguration.Scopes
|
||||
}
|
||||
|
@ -558,7 +558,7 @@ func validateOIDCClientScopes(c int, config *schema.IdentityProvidersOpenIDConne
|
|||
}
|
||||
}
|
||||
|
||||
func validateOIDCClientResponseTypes(c int, config *schema.IdentityProvidersOpenIDConnect, val *schema.StructValidator, errDeprecatedFunc func()) {
|
||||
func validateOIDCClientResponseTypes(c int, config *schema.OpenIDConnect, val *schema.StructValidator, errDeprecatedFunc func()) {
|
||||
if len(config.Clients[c].ResponseTypes) == 0 {
|
||||
config.Clients[c].ResponseTypes = schema.DefaultOpenIDConnectClientConfiguration.ResponseTypes
|
||||
}
|
||||
|
@ -576,7 +576,7 @@ func validateOIDCClientResponseTypes(c int, config *schema.IdentityProvidersOpen
|
|||
}
|
||||
}
|
||||
|
||||
func validateOIDCClientResponseModes(c int, config *schema.IdentityProvidersOpenIDConnect, val *schema.StructValidator, errDeprecatedFunc func()) {
|
||||
func validateOIDCClientResponseModes(c int, config *schema.OpenIDConnect, val *schema.StructValidator, errDeprecatedFunc func()) {
|
||||
if len(config.Clients[c].ResponseModes) == 0 {
|
||||
config.Clients[c].ResponseModes = schema.DefaultOpenIDConnectClientConfiguration.ResponseModes
|
||||
|
||||
|
@ -608,7 +608,7 @@ func validateOIDCClientResponseModes(c int, config *schema.IdentityProvidersOpen
|
|||
}
|
||||
}
|
||||
|
||||
func validateOIDCClientGrantTypes(c int, config *schema.IdentityProvidersOpenIDConnect, val *schema.StructValidator, errDeprecatedFunc func()) {
|
||||
func validateOIDCClientGrantTypes(c int, config *schema.OpenIDConnect, val *schema.StructValidator, errDeprecatedFunc func()) {
|
||||
if len(config.Clients[c].GrantTypes) == 0 {
|
||||
validateOIDCClientGrantTypesSetDefaults(c, config)
|
||||
}
|
||||
|
@ -628,7 +628,7 @@ func validateOIDCClientGrantTypes(c int, config *schema.IdentityProvidersOpenIDC
|
|||
}
|
||||
}
|
||||
|
||||
func validateOIDCClientGrantTypesSetDefaults(c int, config *schema.IdentityProvidersOpenIDConnect) {
|
||||
func validateOIDCClientGrantTypesSetDefaults(c int, config *schema.OpenIDConnect) {
|
||||
for _, responseType := range config.Clients[c].ResponseTypes {
|
||||
switch responseType {
|
||||
case oidc.ResponseTypeAuthorizationCodeFlow:
|
||||
|
@ -651,7 +651,7 @@ func validateOIDCClientGrantTypesSetDefaults(c int, config *schema.IdentityProvi
|
|||
}
|
||||
}
|
||||
|
||||
func validateOIDCClientGrantTypesCheckRelated(c int, config *schema.IdentityProvidersOpenIDConnect, val *schema.StructValidator, errDeprecatedFunc func()) {
|
||||
func validateOIDCClientGrantTypesCheckRelated(c int, config *schema.OpenIDConnect, val *schema.StructValidator, errDeprecatedFunc func()) {
|
||||
for _, grantType := range config.Clients[c].GrantTypes {
|
||||
switch grantType {
|
||||
case oidc.GrantTypeImplicit:
|
||||
|
@ -686,7 +686,7 @@ func validateOIDCClientGrantTypesCheckRelated(c int, config *schema.IdentityProv
|
|||
}
|
||||
}
|
||||
|
||||
func validateOIDCClientRedirectURIs(c int, config *schema.IdentityProvidersOpenIDConnect, val *schema.StructValidator, errDeprecatedFunc func()) {
|
||||
func validateOIDCClientRedirectURIs(c int, config *schema.OpenIDConnect, val *schema.StructValidator, errDeprecatedFunc func()) {
|
||||
var (
|
||||
parsedRedirectURI *url.URL
|
||||
err error
|
||||
|
@ -723,7 +723,7 @@ func validateOIDCClientRedirectURIs(c int, config *schema.IdentityProvidersOpenI
|
|||
}
|
||||
}
|
||||
|
||||
func validateOIDCClientTokenEndpointAuth(c int, config *schema.IdentityProvidersOpenIDConnect, val *schema.StructValidator) {
|
||||
func validateOIDCClientTokenEndpointAuth(c int, config *schema.OpenIDConnect, val *schema.StructValidator) {
|
||||
implcit := len(config.Clients[c].ResponseTypes) != 0 && utils.IsStringSliceContainsAll(config.Clients[c].ResponseTypes, validOIDCClientResponseTypesImplicitFlow)
|
||||
|
||||
switch {
|
||||
|
@ -750,7 +750,7 @@ func validateOIDCClientTokenEndpointAuth(c int, config *schema.IdentityProviders
|
|||
}
|
||||
}
|
||||
|
||||
func validateOIDCClientTokenEndpointAuthClientSecretJWT(c int, config *schema.IdentityProvidersOpenIDConnect, val *schema.StructValidator) {
|
||||
func validateOIDCClientTokenEndpointAuthClientSecretJWT(c int, config *schema.OpenIDConnect, val *schema.StructValidator) {
|
||||
switch {
|
||||
case config.Clients[c].TokenEndpointAuthSigningAlg == "":
|
||||
config.Clients[c].TokenEndpointAuthSigningAlg = oidc.SigningAlgHMACUsingSHA256
|
||||
|
@ -759,7 +759,7 @@ func validateOIDCClientTokenEndpointAuthClientSecretJWT(c int, config *schema.Id
|
|||
}
|
||||
}
|
||||
|
||||
func validateOIDCClientTokenEndpointAuthPublicKeyJWT(config schema.IdentityProvidersOpenIDConnectClient, val *schema.StructValidator) {
|
||||
func validateOIDCClientTokenEndpointAuthPublicKeyJWT(config schema.OpenIDConnectClient, val *schema.StructValidator) {
|
||||
switch {
|
||||
case config.TokenEndpointAuthSigningAlg == "":
|
||||
val.Push(fmt.Errorf(errFmtOIDCClientInvalidTokenEndpointAuthSigAlgMissingPrivateKeyJWT, config.ID))
|
||||
|
@ -776,7 +776,7 @@ func validateOIDCClientTokenEndpointAuthPublicKeyJWT(config schema.IdentityProvi
|
|||
}
|
||||
}
|
||||
|
||||
func validateOIDDClientSigningAlgs(c int, config *schema.IdentityProvidersOpenIDConnect, val *schema.StructValidator) {
|
||||
func validateOIDDClientSigningAlgs(c int, config *schema.OpenIDConnect, val *schema.StructValidator) {
|
||||
switch config.Clients[c].UserinfoSigningKeyID {
|
||||
case "":
|
||||
if config.Clients[c].UserinfoSigningAlg == "" {
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -28,7 +28,7 @@ func TestShouldSetDefaultLoggingValues(t *testing.T) {
|
|||
|
||||
func TestShouldRaiseErrorOnInvalidLoggingLevel(t *testing.T) {
|
||||
config := &schema.Configuration{
|
||||
Log: schema.Log{
|
||||
Log: schema.LogConfiguration{
|
||||
Level: "TRACE",
|
||||
},
|
||||
}
|
||||
|
|
|
@ -8,7 +8,7 @@ import (
|
|||
)
|
||||
|
||||
// ValidateNotifier validates and update notifier configuration.
|
||||
func ValidateNotifier(config *schema.Notifier, validator *schema.StructValidator) {
|
||||
func ValidateNotifier(config *schema.NotifierConfiguration, validator *schema.StructValidator) {
|
||||
if config.SMTP == nil && config.FileSystem == nil {
|
||||
validator.Push(fmt.Errorf(errFmtNotifierNotConfigured))
|
||||
|
||||
|
@ -32,7 +32,7 @@ func ValidateNotifier(config *schema.Notifier, validator *schema.StructValidator
|
|||
validateNotifierTemplates(config, validator)
|
||||
}
|
||||
|
||||
func validateNotifierTemplates(config *schema.Notifier, validator *schema.StructValidator) {
|
||||
func validateNotifierTemplates(config *schema.NotifierConfiguration, validator *schema.StructValidator) {
|
||||
if config.TemplatePath == "" {
|
||||
return
|
||||
}
|
||||
|
@ -47,7 +47,7 @@ func validateNotifierTemplates(config *schema.Notifier, validator *schema.Struct
|
|||
}
|
||||
}
|
||||
|
||||
func validateSMTPNotifier(config *schema.NotifierSMTP, validator *schema.StructValidator) {
|
||||
func validateSMTPNotifier(config *schema.SMTPNotifierConfiguration, validator *schema.StructValidator) {
|
||||
validateSMTPNotifierAddress(config, validator)
|
||||
|
||||
if config.StartupCheckAddress.Address == "" {
|
||||
|
@ -71,10 +71,10 @@ func validateSMTPNotifier(config *schema.NotifierSMTP, validator *schema.StructV
|
|||
}
|
||||
|
||||
if config.TLS == nil {
|
||||
config.TLS = &schema.TLS{}
|
||||
config.TLS = &schema.TLSConfig{}
|
||||
}
|
||||
|
||||
configDefaultTLS := &schema.TLS{
|
||||
configDefaultTLS := &schema.TLSConfig{
|
||||
MinimumVersion: schema.DefaultSMTPNotifierConfiguration.TLS.MinimumVersion,
|
||||
MaximumVersion: schema.DefaultSMTPNotifierConfiguration.TLS.MaximumVersion,
|
||||
}
|
||||
|
@ -92,7 +92,7 @@ func validateSMTPNotifier(config *schema.NotifierSMTP, validator *schema.StructV
|
|||
}
|
||||
}
|
||||
|
||||
func validateSMTPNotifierAddress(config *schema.NotifierSMTP, validator *schema.StructValidator) {
|
||||
func validateSMTPNotifierAddress(config *schema.SMTPNotifierConfiguration, validator *schema.StructValidator) {
|
||||
if config.Address == nil {
|
||||
if config.Host == "" && config.Port == 0 { //nolint:staticcheck
|
||||
validator.Push(fmt.Errorf(errFmtNotifierSMTPNotConfigured, "address"))
|
||||
|
|
|
@ -16,13 +16,13 @@ import (
|
|||
|
||||
type NotifierSuite struct {
|
||||
suite.Suite
|
||||
config schema.Notifier
|
||||
config schema.NotifierConfiguration
|
||||
validator *schema.StructValidator
|
||||
}
|
||||
|
||||
func (suite *NotifierSuite) SetupTest() {
|
||||
suite.validator = schema.NewStructValidator()
|
||||
suite.config.SMTP = &schema.NotifierSMTP{
|
||||
suite.config.SMTP = &schema.SMTPNotifierConfiguration{
|
||||
Address: &schema.AddressSMTP{Address: schema.NewAddressFromNetworkValues(schema.AddressSchemeSMTP, exampleDotCom, 25)},
|
||||
Username: "john",
|
||||
Password: "password",
|
||||
|
@ -57,7 +57,7 @@ func (suite *NotifierSuite) TestShouldEnsureEitherSMTPOrFilesystemIsProvided() {
|
|||
|
||||
suite.Len(suite.validator.Errors(), 0)
|
||||
|
||||
suite.config.FileSystem = &schema.NotifierFileSystem{
|
||||
suite.config.FileSystem = &schema.FileSystemNotifierConfiguration{
|
||||
Filename: "test",
|
||||
}
|
||||
|
||||
|
@ -147,7 +147,7 @@ func (suite *NotifierSuite) TestSMTPShouldDefaultStartupCheckAddress() {
|
|||
|
||||
func (suite *NotifierSuite) TestSMTPShouldDefaultTLSServerNameToHost() {
|
||||
suite.config.SMTP.Address.SetHostname("google.com")
|
||||
suite.config.SMTP.TLS = &schema.TLS{
|
||||
suite.config.SMTP.TLS = &schema.TLSConfig{
|
||||
MinimumVersion: schema.TLSVersion{Value: tls.VersionTLS11},
|
||||
}
|
||||
|
||||
|
@ -162,7 +162,7 @@ func (suite *NotifierSuite) TestSMTPShouldDefaultTLSServerNameToHost() {
|
|||
}
|
||||
|
||||
func (suite *NotifierSuite) TestSMTPShouldErrorOnSSL30() {
|
||||
suite.config.SMTP.TLS = &schema.TLS{
|
||||
suite.config.SMTP.TLS = &schema.TLSConfig{
|
||||
MinimumVersion: schema.TLSVersion{Value: tls.VersionSSL30}, //nolint:staticcheck
|
||||
}
|
||||
|
||||
|
@ -175,7 +175,7 @@ func (suite *NotifierSuite) TestSMTPShouldErrorOnSSL30() {
|
|||
}
|
||||
|
||||
func (suite *NotifierSuite) TestSMTPShouldErrorOnTLSMinVerGreaterThanMaxVer() {
|
||||
suite.config.SMTP.TLS = &schema.TLS{
|
||||
suite.config.SMTP.TLS = &schema.TLSConfig{
|
||||
MinimumVersion: schema.TLSVersion{Value: tls.VersionTLS13},
|
||||
MaximumVersion: schema.TLSVersion{Value: tls.VersionTLS10},
|
||||
}
|
||||
|
@ -262,7 +262,7 @@ File Tests.
|
|||
*/
|
||||
func (suite *NotifierSuite) TestFileShouldEnsureFilenameIsProvided() {
|
||||
suite.config.SMTP = nil
|
||||
suite.config.FileSystem = &schema.NotifierFileSystem{
|
||||
suite.config.FileSystem = &schema.FileSystemNotifierConfiguration{
|
||||
Filename: "test",
|
||||
}
|
||||
ValidateNotifier(&suite.config, suite.validator)
|
||||
|
@ -287,7 +287,7 @@ func TestNotifierSuite(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestNotifierMiscMissingTemplateTests(t *testing.T) {
|
||||
config := &schema.Notifier{
|
||||
config := &schema.NotifierConfiguration{
|
||||
TemplatePath: string([]byte{0x0, 0x1}),
|
||||
}
|
||||
|
||||
|
|
|
@ -11,7 +11,7 @@ import (
|
|||
|
||||
func newDefaultNTPConfig() schema.Configuration {
|
||||
return schema.Configuration{
|
||||
NTP: schema.NTP{},
|
||||
NTP: schema.NTPConfiguration{},
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -8,7 +8,7 @@ import (
|
|||
)
|
||||
|
||||
// ValidatePasswordPolicy validates and updates the Password Policy configuration.
|
||||
func ValidatePasswordPolicy(config *schema.PasswordPolicy, validator *schema.StructValidator) {
|
||||
func ValidatePasswordPolicy(config *schema.PasswordPolicyConfiguration, validator *schema.StructValidator) {
|
||||
if !utils.IsBoolCountLessThanN(1, true, config.Standard.Enabled, config.ZXCVBN.Enabled) {
|
||||
validator.Push(fmt.Errorf(errPasswordPolicyMultipleDefined))
|
||||
}
|
||||
|
|
|
@ -13,26 +13,26 @@ import (
|
|||
func TestValidatePasswordPolicy(t *testing.T) {
|
||||
testCases := []struct {
|
||||
desc string
|
||||
have, expected *schema.PasswordPolicy
|
||||
have, expected *schema.PasswordPolicyConfiguration
|
||||
expectedErrs []string
|
||||
}{
|
||||
{
|
||||
desc: "ShouldRaiseErrorsWhenMisconfigured",
|
||||
have: &schema.PasswordPolicy{
|
||||
Standard: schema.PasswordPolicyStandard{
|
||||
have: &schema.PasswordPolicyConfiguration{
|
||||
Standard: schema.PasswordPolicyStandardParams{
|
||||
Enabled: true,
|
||||
MinLength: -1,
|
||||
},
|
||||
ZXCVBN: schema.PasswordPolicyZXCVBN{
|
||||
ZXCVBN: schema.PasswordPolicyZXCVBNParams{
|
||||
Enabled: true,
|
||||
},
|
||||
},
|
||||
expected: &schema.PasswordPolicy{
|
||||
Standard: schema.PasswordPolicyStandard{
|
||||
expected: &schema.PasswordPolicyConfiguration{
|
||||
Standard: schema.PasswordPolicyStandardParams{
|
||||
Enabled: true,
|
||||
MinLength: -1,
|
||||
},
|
||||
ZXCVBN: schema.PasswordPolicyZXCVBN{
|
||||
ZXCVBN: schema.PasswordPolicyZXCVBNParams{
|
||||
Enabled: true,
|
||||
MinScore: 3,
|
||||
},
|
||||
|
@ -44,14 +44,14 @@ func TestValidatePasswordPolicy(t *testing.T) {
|
|||
},
|
||||
{
|
||||
desc: "ShouldNotRaiseErrorsStandard",
|
||||
have: &schema.PasswordPolicy{
|
||||
Standard: schema.PasswordPolicyStandard{
|
||||
have: &schema.PasswordPolicyConfiguration{
|
||||
Standard: schema.PasswordPolicyStandardParams{
|
||||
Enabled: true,
|
||||
MinLength: 8,
|
||||
},
|
||||
},
|
||||
expected: &schema.PasswordPolicy{
|
||||
Standard: schema.PasswordPolicyStandard{
|
||||
expected: &schema.PasswordPolicyConfiguration{
|
||||
Standard: schema.PasswordPolicyStandardParams{
|
||||
Enabled: true,
|
||||
MinLength: 8,
|
||||
},
|
||||
|
@ -59,13 +59,13 @@ func TestValidatePasswordPolicy(t *testing.T) {
|
|||
},
|
||||
{
|
||||
desc: "ShouldNotRaiseErrorsZXCVBN",
|
||||
have: &schema.PasswordPolicy{
|
||||
ZXCVBN: schema.PasswordPolicyZXCVBN{
|
||||
have: &schema.PasswordPolicyConfiguration{
|
||||
ZXCVBN: schema.PasswordPolicyZXCVBNParams{
|
||||
Enabled: true,
|
||||
},
|
||||
},
|
||||
expected: &schema.PasswordPolicy{
|
||||
ZXCVBN: schema.PasswordPolicyZXCVBN{
|
||||
expected: &schema.PasswordPolicyConfiguration{
|
||||
ZXCVBN: schema.PasswordPolicyZXCVBNParams{
|
||||
Enabled: true,
|
||||
MinScore: 3,
|
||||
},
|
||||
|
@ -73,14 +73,14 @@ func TestValidatePasswordPolicy(t *testing.T) {
|
|||
},
|
||||
{
|
||||
desc: "ShouldSetDefaultstandard",
|
||||
have: &schema.PasswordPolicy{
|
||||
Standard: schema.PasswordPolicyStandard{
|
||||
have: &schema.PasswordPolicyConfiguration{
|
||||
Standard: schema.PasswordPolicyStandardParams{
|
||||
Enabled: true,
|
||||
MinLength: 0,
|
||||
},
|
||||
},
|
||||
expected: &schema.PasswordPolicy{
|
||||
Standard: schema.PasswordPolicyStandard{
|
||||
expected: &schema.PasswordPolicyConfiguration{
|
||||
Standard: schema.PasswordPolicyStandardParams{
|
||||
Enabled: true,
|
||||
MinLength: 8,
|
||||
},
|
||||
|
@ -88,14 +88,14 @@ func TestValidatePasswordPolicy(t *testing.T) {
|
|||
},
|
||||
{
|
||||
desc: "ShouldRaiseErrorsZXCVBNTooLow",
|
||||
have: &schema.PasswordPolicy{
|
||||
ZXCVBN: schema.PasswordPolicyZXCVBN{
|
||||
have: &schema.PasswordPolicyConfiguration{
|
||||
ZXCVBN: schema.PasswordPolicyZXCVBNParams{
|
||||
Enabled: true,
|
||||
MinScore: -1,
|
||||
},
|
||||
},
|
||||
expected: &schema.PasswordPolicy{
|
||||
ZXCVBN: schema.PasswordPolicyZXCVBN{
|
||||
expected: &schema.PasswordPolicyConfiguration{
|
||||
ZXCVBN: schema.PasswordPolicyZXCVBNParams{
|
||||
Enabled: true,
|
||||
MinScore: -1,
|
||||
},
|
||||
|
@ -106,14 +106,14 @@ func TestValidatePasswordPolicy(t *testing.T) {
|
|||
},
|
||||
{
|
||||
desc: "ShouldRaiseErrorsZXCVBNTooHigh",
|
||||
have: &schema.PasswordPolicy{
|
||||
ZXCVBN: schema.PasswordPolicyZXCVBN{
|
||||
have: &schema.PasswordPolicyConfiguration{
|
||||
ZXCVBN: schema.PasswordPolicyZXCVBNParams{
|
||||
Enabled: true,
|
||||
MinScore: 5,
|
||||
},
|
||||
},
|
||||
expected: &schema.PasswordPolicy{
|
||||
ZXCVBN: schema.PasswordPolicyZXCVBN{
|
||||
expected: &schema.PasswordPolicyConfiguration{
|
||||
ZXCVBN: schema.PasswordPolicyZXCVBNParams{
|
||||
Enabled: true,
|
||||
MinScore: 5,
|
||||
},
|
||||
|
|
|
@ -11,7 +11,7 @@ import (
|
|||
|
||||
func newDefaultRegulationConfig() schema.Configuration {
|
||||
config := schema.Configuration{
|
||||
Regulation: schema.Regulation{},
|
||||
Regulation: schema.RegulationConfiguration{},
|
||||
}
|
||||
|
||||
return config
|
||||
|
|
|
@ -182,7 +182,7 @@ func ValidateServerEndpoints(config *schema.Configuration, validator *schema.Str
|
|||
}
|
||||
}
|
||||
|
||||
func validateServerEndpointsAuthzEndpoint(config *schema.Configuration, name string, endpoint schema.ServerEndpointsAuthz, validator *schema.StructValidator) {
|
||||
func validateServerEndpointsAuthzEndpoint(config *schema.Configuration, name string, endpoint schema.ServerAuthzEndpoint, validator *schema.StructValidator) {
|
||||
if name == legacy {
|
||||
switch endpoint.Implementation {
|
||||
case authzImplementationLegacy:
|
||||
|
@ -207,7 +207,7 @@ func validateServerEndpointsAuthzEndpoint(config *schema.Configuration, name str
|
|||
}
|
||||
}
|
||||
|
||||
func validateServerEndpointsAuthzStrategies(name string, strategies []schema.ServerEndpointsAuthzAuthnStrategy, validator *schema.StructValidator) {
|
||||
func validateServerEndpointsAuthzStrategies(name string, strategies []schema.ServerAuthzEndpointAuthnStrategy, validator *schema.StructValidator) {
|
||||
names := make([]string, len(strategies))
|
||||
|
||||
for _, strategy := range strategies {
|
||||
|
|
|
@ -40,12 +40,12 @@ func TestShouldSetDefaultServerValues(t *testing.T) {
|
|||
func TestShouldSetDefaultServerValuesWithLegacyAddress(t *testing.T) {
|
||||
testCases := []struct {
|
||||
name string
|
||||
have schema.Server
|
||||
have schema.ServerConfiguration
|
||||
expected schema.Address
|
||||
}{
|
||||
{
|
||||
"ShouldParseAll",
|
||||
schema.Server{
|
||||
schema.ServerConfiguration{
|
||||
Host: "abc",
|
||||
Port: 123,
|
||||
Path: "subpath",
|
||||
|
@ -54,7 +54,7 @@ func TestShouldSetDefaultServerValuesWithLegacyAddress(t *testing.T) {
|
|||
},
|
||||
{
|
||||
"ShouldParseHostAndPort",
|
||||
schema.Server{
|
||||
schema.ServerConfiguration{
|
||||
Host: "abc",
|
||||
Port: 123,
|
||||
},
|
||||
|
@ -62,7 +62,7 @@ func TestShouldSetDefaultServerValuesWithLegacyAddress(t *testing.T) {
|
|||
},
|
||||
{
|
||||
"ShouldParseHostAndPath",
|
||||
schema.Server{
|
||||
schema.ServerConfiguration{
|
||||
Host: "abc",
|
||||
Path: "subpath",
|
||||
},
|
||||
|
@ -70,7 +70,7 @@ func TestShouldSetDefaultServerValuesWithLegacyAddress(t *testing.T) {
|
|||
},
|
||||
{
|
||||
"ShouldParsePortAndPath",
|
||||
schema.Server{
|
||||
schema.ServerConfiguration{
|
||||
Port: 123,
|
||||
Path: "subpath",
|
||||
},
|
||||
|
@ -78,21 +78,21 @@ func TestShouldSetDefaultServerValuesWithLegacyAddress(t *testing.T) {
|
|||
},
|
||||
{
|
||||
"ShouldParseHost",
|
||||
schema.Server{
|
||||
schema.ServerConfiguration{
|
||||
Host: "abc",
|
||||
},
|
||||
MustParseAddress("tcp://abc:9091/"),
|
||||
},
|
||||
{
|
||||
"ShouldParsePort",
|
||||
schema.Server{
|
||||
schema.ServerConfiguration{
|
||||
Port: 123,
|
||||
},
|
||||
MustParseAddress("tcp://:123/"),
|
||||
},
|
||||
{
|
||||
"ShouldParsePath",
|
||||
schema.Server{
|
||||
schema.ServerConfiguration{
|
||||
Path: "subpath",
|
||||
},
|
||||
MustParseAddress("tcp://:9091/subpath"),
|
||||
|
@ -131,7 +131,7 @@ func TestShouldSetDefaultConfig(t *testing.T) {
|
|||
|
||||
func TestValidateSeverAddress(t *testing.T) {
|
||||
config := &schema.Configuration{
|
||||
Server: schema.Server{
|
||||
Server: schema.ServerConfiguration{
|
||||
Address: &schema.AddressTCP{Address: MustParseAddress("tcp://:9091/path/")},
|
||||
},
|
||||
}
|
||||
|
@ -161,7 +161,7 @@ func TestValidateServerShouldCorrectlyIdentifyValidAddressSchemes(t *testing.T)
|
|||
}
|
||||
|
||||
have := &schema.Configuration{
|
||||
Server: schema.Server{
|
||||
Server: schema.ServerConfiguration{
|
||||
Buffers: schema.ServerBuffers{
|
||||
Read: -1,
|
||||
Write: -1,
|
||||
|
@ -204,7 +204,7 @@ func TestValidateServerShouldCorrectlyIdentifyValidAddressSchemes(t *testing.T)
|
|||
func TestShouldDefaultOnNegativeValues(t *testing.T) {
|
||||
validator := schema.NewStructValidator()
|
||||
config := &schema.Configuration{
|
||||
Server: schema.Server{
|
||||
Server: schema.ServerConfiguration{
|
||||
Buffers: schema.ServerBuffers{
|
||||
Read: -1,
|
||||
Write: -1,
|
||||
|
@ -232,7 +232,7 @@ func TestShouldDefaultOnNegativeValues(t *testing.T) {
|
|||
func TestShouldRaiseOnNonAlphanumericCharsInPath(t *testing.T) {
|
||||
validator := schema.NewStructValidator()
|
||||
config := &schema.Configuration{
|
||||
Server: schema.Server{
|
||||
Server: schema.ServerConfiguration{
|
||||
Path: "app le",
|
||||
},
|
||||
}
|
||||
|
@ -247,7 +247,7 @@ func TestShouldRaiseOnNonAlphanumericCharsInPath(t *testing.T) {
|
|||
func TestShouldRaiseOnForwardSlashInPath(t *testing.T) {
|
||||
validator := schema.NewStructValidator()
|
||||
config := &schema.Configuration{
|
||||
Server: schema.Server{
|
||||
Server: schema.ServerConfiguration{
|
||||
Path: "app/le",
|
||||
},
|
||||
}
|
||||
|
@ -420,7 +420,7 @@ func TestShouldNotUpdateConfig(t *testing.T) {
|
|||
|
||||
func TestServerEndpointsDevelShouldWarn(t *testing.T) {
|
||||
config := &schema.Configuration{
|
||||
Server: schema.Server{
|
||||
Server: schema.ServerConfiguration{
|
||||
Endpoints: schema.ServerEndpoints{
|
||||
EnablePprof: true,
|
||||
EnableExpvars: true,
|
||||
|
@ -442,14 +442,14 @@ func TestServerEndpointsDevelShouldWarn(t *testing.T) {
|
|||
func TestServerAuthzEndpointErrors(t *testing.T) {
|
||||
testCases := []struct {
|
||||
name string
|
||||
have map[string]schema.ServerEndpointsAuthz
|
||||
have map[string]schema.ServerAuthzEndpoint
|
||||
errs []string
|
||||
}{
|
||||
{"ShouldAllowDefaultEndpoints", schema.DefaultServerConfiguration.Endpoints.Authz, nil},
|
||||
{"ShouldAllowSetDefaultEndpoints", nil, nil},
|
||||
{
|
||||
"ShouldErrorOnInvalidEndpointImplementations",
|
||||
map[string]schema.ServerEndpointsAuthz{
|
||||
map[string]schema.ServerAuthzEndpoint{
|
||||
"example": {Implementation: "zero"},
|
||||
},
|
||||
[]string{
|
||||
|
@ -458,7 +458,7 @@ func TestServerAuthzEndpointErrors(t *testing.T) {
|
|||
},
|
||||
{
|
||||
"ShouldErrorOnInvalidEndpointImplementationLegacy",
|
||||
map[string]schema.ServerEndpointsAuthz{
|
||||
map[string]schema.ServerAuthzEndpoint{
|
||||
"legacy": {Implementation: "zero"},
|
||||
},
|
||||
[]string{
|
||||
|
@ -467,15 +467,15 @@ func TestServerAuthzEndpointErrors(t *testing.T) {
|
|||
},
|
||||
{
|
||||
"ShouldErrorOnInvalidEndpointLegacyImplementation",
|
||||
map[string]schema.ServerEndpointsAuthz{
|
||||
map[string]schema.ServerAuthzEndpoint{
|
||||
"legacy": {Implementation: "ExtAuthz"},
|
||||
},
|
||||
[]string{"server: endpoints: authz: legacy: option 'implementation' is invalid: the endpoint with the name 'legacy' must use the 'Legacy' implementation"},
|
||||
},
|
||||
{
|
||||
"ShouldErrorOnInvalidAuthnStrategies",
|
||||
map[string]schema.ServerEndpointsAuthz{
|
||||
"example": {Implementation: "ExtAuthz", AuthnStrategies: []schema.ServerEndpointsAuthzAuthnStrategy{{Name: "bad-name"}}},
|
||||
map[string]schema.ServerAuthzEndpoint{
|
||||
"example": {Implementation: "ExtAuthz", AuthnStrategies: []schema.ServerAuthzEndpointAuthnStrategy{{Name: "bad-name"}}},
|
||||
},
|
||||
[]string{
|
||||
"server: endpoints: authz: example: authn_strategies: option 'name' must be one of 'CookieSession', 'HeaderAuthorization', 'HeaderProxyAuthorization', 'HeaderAuthRequestProxyAuthorization', or 'HeaderLegacy' but it's configured as 'bad-name'",
|
||||
|
@ -483,14 +483,14 @@ func TestServerAuthzEndpointErrors(t *testing.T) {
|
|||
},
|
||||
{
|
||||
"ShouldErrorOnDuplicateName",
|
||||
map[string]schema.ServerEndpointsAuthz{
|
||||
"example": {Implementation: "ExtAuthz", AuthnStrategies: []schema.ServerEndpointsAuthzAuthnStrategy{{Name: "CookieSession"}, {Name: "CookieSession"}}},
|
||||
map[string]schema.ServerAuthzEndpoint{
|
||||
"example": {Implementation: "ExtAuthz", AuthnStrategies: []schema.ServerAuthzEndpointAuthnStrategy{{Name: "CookieSession"}, {Name: "CookieSession"}}},
|
||||
},
|
||||
[]string{"server: endpoints: authz: example: authn_strategies: duplicate strategy name detected with name 'CookieSession'"},
|
||||
},
|
||||
{
|
||||
"ShouldErrorOnInvalidChars",
|
||||
map[string]schema.ServerEndpointsAuthz{
|
||||
map[string]schema.ServerAuthzEndpoint{
|
||||
"/abc": {Implementation: "ForwardAuth"},
|
||||
"/abc/": {Implementation: "ForwardAuth"},
|
||||
"abc/": {Implementation: "ForwardAuth"},
|
||||
|
@ -515,7 +515,7 @@ func TestServerAuthzEndpointErrors(t *testing.T) {
|
|||
},
|
||||
{
|
||||
"ShouldErrorOnEndpointsWithDuplicatePrefix",
|
||||
map[string]schema.ServerEndpointsAuthz{
|
||||
map[string]schema.ServerAuthzEndpoint{
|
||||
"apple": {Implementation: "ForwardAuth"},
|
||||
"apple/abc": {Implementation: "ForwardAuth"},
|
||||
"pear/abc": {Implementation: "ExtAuthz"},
|
||||
|
@ -568,7 +568,7 @@ func TestServerAuthzEndpointErrors(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestServerAuthzEndpointLegacyAsImplementationLegacyWhenBlank(t *testing.T) {
|
||||
have := map[string]schema.ServerEndpointsAuthz{
|
||||
have := map[string]schema.ServerAuthzEndpoint{
|
||||
"legacy": {},
|
||||
}
|
||||
|
||||
|
|
|
@ -10,7 +10,7 @@ import (
|
|||
)
|
||||
|
||||
// ValidateSession validates and update session configuration.
|
||||
func ValidateSession(config *schema.Session, validator *schema.StructValidator) {
|
||||
func ValidateSession(config *schema.SessionConfiguration, validator *schema.StructValidator) {
|
||||
if config.Name == "" {
|
||||
config.Name = schema.DefaultSessionConfiguration.Name
|
||||
}
|
||||
|
@ -26,7 +26,7 @@ func ValidateSession(config *schema.Session, validator *schema.StructValidator)
|
|||
validateSession(config, validator)
|
||||
}
|
||||
|
||||
func validateSession(config *schema.Session, validator *schema.StructValidator) {
|
||||
func validateSession(config *schema.SessionConfiguration, validator *schema.StructValidator) {
|
||||
if config.Expiration <= 0 {
|
||||
config.Expiration = schema.DefaultSessionConfiguration.Expiration // 1 hour.
|
||||
}
|
||||
|
@ -51,27 +51,27 @@ func validateSession(config *schema.Session, validator *schema.StructValidator)
|
|||
cookies := len(config.Cookies)
|
||||
|
||||
switch {
|
||||
case cookies == 0 && config.Domain != "": //nolint:staticcheck
|
||||
case cookies == 0 && config.Domain != "":
|
||||
// Add legacy configuration to the domains list.
|
||||
config.Cookies = append(config.Cookies, schema.SessionCookie{
|
||||
SessionCookieCommon: schema.SessionCookieCommon{
|
||||
config.Cookies = append(config.Cookies, schema.SessionCookieConfiguration{
|
||||
SessionCookieCommonConfiguration: schema.SessionCookieCommonConfiguration{
|
||||
Name: config.Name,
|
||||
Domain: config.Domain,
|
||||
SameSite: config.SameSite,
|
||||
Expiration: config.Expiration,
|
||||
Inactivity: config.Inactivity,
|
||||
RememberMe: config.RememberMe,
|
||||
DisableRememberMe: config.DisableRememberMe,
|
||||
},
|
||||
Domain: config.Domain, //nolint:staticcheck
|
||||
})
|
||||
case cookies != 0 && config.Domain != "": //nolint:staticcheck
|
||||
case cookies != 0 && config.Domain != "":
|
||||
validator.Push(fmt.Errorf(errFmtSessionLegacyAndWarning))
|
||||
}
|
||||
|
||||
validateSessionCookieDomains(config, validator)
|
||||
}
|
||||
|
||||
func validateSessionCookieDomains(config *schema.Session, validator *schema.StructValidator) {
|
||||
func validateSessionCookieDomains(config *schema.SessionConfiguration, validator *schema.StructValidator) {
|
||||
if len(config.Cookies) == 0 {
|
||||
validator.Push(fmt.Errorf(errFmtSessionOptionRequired, "cookies"))
|
||||
}
|
||||
|
@ -85,7 +85,7 @@ func validateSessionCookieDomains(config *schema.Session, validator *schema.Stru
|
|||
|
||||
validateSessionCookieName(i, config)
|
||||
|
||||
validateSessionCookiesAutheliaURL(i, config, validator)
|
||||
validateSessionSafeRedirection(i, config, validator)
|
||||
|
||||
validateSessionExpiration(i, config)
|
||||
|
||||
|
@ -98,7 +98,7 @@ func validateSessionCookieDomains(config *schema.Session, validator *schema.Stru
|
|||
}
|
||||
|
||||
// validateSessionDomainName returns error if the domain name is invalid.
|
||||
func validateSessionDomainName(i int, config *schema.Session, validator *schema.StructValidator) {
|
||||
func validateSessionDomainName(i int, config *schema.SessionConfiguration, validator *schema.StructValidator) {
|
||||
var d = config.Cookies[i]
|
||||
|
||||
switch {
|
||||
|
@ -123,13 +123,13 @@ func validateSessionDomainName(i int, config *schema.Session, validator *schema.
|
|||
}
|
||||
}
|
||||
|
||||
func validateSessionCookieName(i int, config *schema.Session) {
|
||||
func validateSessionCookieName(i int, config *schema.SessionConfiguration) {
|
||||
if config.Cookies[i].Name == "" {
|
||||
config.Cookies[i].Name = config.Name
|
||||
}
|
||||
}
|
||||
|
||||
func validateSessionExpiration(i int, config *schema.Session) {
|
||||
func validateSessionExpiration(i int, config *schema.SessionConfiguration) {
|
||||
if config.Cookies[i].Expiration <= 0 {
|
||||
config.Cookies[i].Expiration = config.Expiration
|
||||
}
|
||||
|
@ -140,7 +140,7 @@ func validateSessionExpiration(i int, config *schema.Session) {
|
|||
}
|
||||
|
||||
// validateSessionUniqueCookieDomain Check the current domains do not share a root domain with previous domains.
|
||||
func validateSessionUniqueCookieDomain(i int, config *schema.Session, domains []string, validator *schema.StructValidator) {
|
||||
func validateSessionUniqueCookieDomain(i int, config *schema.SessionConfiguration, domains []string, validator *schema.StructValidator) {
|
||||
var d = config.Cookies[i]
|
||||
if utils.IsStringInSliceF(d.Domain, domains, utils.HasDomainSuffix) {
|
||||
if utils.IsStringInSlice(d.Domain, domains) {
|
||||
|
@ -151,8 +151,8 @@ func validateSessionUniqueCookieDomain(i int, config *schema.Session, domains []
|
|||
}
|
||||
}
|
||||
|
||||
// validateSessionCookiesAutheliaURL validates the AutheliaURL.
|
||||
func validateSessionCookiesAutheliaURL(index int, config *schema.Session, validator *schema.StructValidator) {
|
||||
// validateSessionSafeRedirection validates that AutheliaURL is safe for redirection.
|
||||
func validateSessionSafeRedirection(index int, config *schema.SessionConfiguration, validator *schema.StructValidator) {
|
||||
var d = config.Cookies[index]
|
||||
|
||||
if d.AutheliaURL != nil && d.Domain != "" && !utils.IsURISafeRedirection(d.AutheliaURL, d.Domain) {
|
||||
|
@ -164,7 +164,7 @@ func validateSessionCookiesAutheliaURL(index int, config *schema.Session, valida
|
|||
}
|
||||
}
|
||||
|
||||
func validateSessionRememberMe(i int, config *schema.Session) {
|
||||
func validateSessionRememberMe(i int, config *schema.SessionConfiguration) {
|
||||
if config.Cookies[i].RememberMe <= 0 && config.Cookies[i].RememberMe != schema.RememberMeDisabled {
|
||||
config.Cookies[i].RememberMe = config.RememberMe
|
||||
}
|
||||
|
@ -174,7 +174,7 @@ func validateSessionRememberMe(i int, config *schema.Session) {
|
|||
}
|
||||
}
|
||||
|
||||
func validateSessionSameSite(i int, config *schema.Session, validator *schema.StructValidator) {
|
||||
func validateSessionSameSite(i int, config *schema.SessionConfiguration, validator *schema.StructValidator) {
|
||||
if config.Cookies[i].SameSite == "" {
|
||||
if utils.IsStringInSlice(config.SameSite, validSessionSameSiteValues) {
|
||||
config.Cookies[i].SameSite = config.SameSite
|
||||
|
@ -186,17 +186,17 @@ func validateSessionSameSite(i int, config *schema.Session, validator *schema.St
|
|||
}
|
||||
}
|
||||
|
||||
func sessionDomainDescriptor(position int, domain schema.SessionCookie) string {
|
||||
func sessionDomainDescriptor(position int, domain schema.SessionCookieConfiguration) string {
|
||||
return fmt.Sprintf("#%d (domain '%s')", position+1, domain.Domain)
|
||||
}
|
||||
|
||||
func validateRedisCommon(config *schema.Session, validator *schema.StructValidator) {
|
||||
func validateRedisCommon(config *schema.SessionConfiguration, validator *schema.StructValidator) {
|
||||
if config.Secret == "" {
|
||||
validator.Push(fmt.Errorf(errFmtSessionSecretRequired, "redis"))
|
||||
}
|
||||
|
||||
if config.Redis.TLS != nil {
|
||||
configDefaultTLS := &schema.TLS{
|
||||
configDefaultTLS := &schema.TLSConfig{
|
||||
ServerName: config.Redis.Host,
|
||||
MinimumVersion: schema.DefaultRedisConfiguration.TLS.MinimumVersion,
|
||||
MaximumVersion: schema.DefaultRedisConfiguration.TLS.MaximumVersion,
|
||||
|
@ -208,7 +208,7 @@ func validateRedisCommon(config *schema.Session, validator *schema.StructValidat
|
|||
}
|
||||
}
|
||||
|
||||
func validateRedis(config *schema.Session, validator *schema.StructValidator) {
|
||||
func validateRedis(config *schema.SessionConfiguration, validator *schema.StructValidator) {
|
||||
if config.Redis.Host == "" {
|
||||
validator.Push(fmt.Errorf(errFmtSessionRedisHostRequired))
|
||||
}
|
||||
|
@ -220,11 +220,11 @@ func validateRedis(config *schema.Session, validator *schema.StructValidator) {
|
|||
}
|
||||
|
||||
if config.Redis.MaximumActiveConnections <= 0 {
|
||||
config.Redis.MaximumActiveConnections = schema.DefaultRedisConfiguration.MaximumActiveConnections
|
||||
config.Redis.MaximumActiveConnections = 8
|
||||
}
|
||||
}
|
||||
|
||||
func validateRedisSentinel(config *schema.Session, validator *schema.StructValidator) {
|
||||
func validateRedisSentinel(config *schema.SessionConfiguration, validator *schema.StructValidator) {
|
||||
if config.Redis.HighAvailability.SentinelName == "" {
|
||||
validator.Push(fmt.Errorf(errFmtSessionRedisSentinelMissingName))
|
||||
}
|
||||
|
|
|
@ -13,11 +13,11 @@ import (
|
|||
"github.com/authelia/authelia/v4/internal/configuration/schema"
|
||||
)
|
||||
|
||||
func newDefaultSessionConfig() schema.Session {
|
||||
config := schema.Session{}
|
||||
func newDefaultSessionConfig() schema.SessionConfiguration {
|
||||
config := schema.SessionConfiguration{}
|
||||
config.Secret = testJWTSecret
|
||||
config.Domain = exampleDotCom //nolint:staticcheck
|
||||
config.Cookies = []schema.SessionCookie{}
|
||||
config.Domain = exampleDotCom
|
||||
config.Cookies = []schema.SessionCookieConfiguration{}
|
||||
|
||||
return config
|
||||
}
|
||||
|
@ -40,30 +40,27 @@ func TestShouldSetDefaultSessionValues(t *testing.T) {
|
|||
func TestShouldSetDefaultSessionDomainsValues(t *testing.T) {
|
||||
testCases := []struct {
|
||||
name string
|
||||
have schema.Session
|
||||
expected schema.Session
|
||||
have schema.SessionConfiguration
|
||||
expected schema.SessionConfiguration
|
||||
errs []string
|
||||
}{
|
||||
{
|
||||
"ShouldSetGoodDefaultValues",
|
||||
schema.Session{
|
||||
SessionCookieCommon: schema.SessionCookieCommon{
|
||||
SameSite: "lax", Expiration: time.Hour, Inactivity: time.Minute, RememberMe: time.Hour * 2,
|
||||
schema.SessionConfiguration{
|
||||
SessionCookieCommonConfiguration: schema.SessionCookieCommonConfiguration{
|
||||
Domain: exampleDotCom, SameSite: "lax", Expiration: time.Hour, Inactivity: time.Minute, RememberMe: time.Hour * 2,
|
||||
},
|
||||
Domain: exampleDotCom,
|
||||
},
|
||||
schema.Session{
|
||||
SessionCookieCommon: schema.SessionCookieCommon{
|
||||
Name: "authelia_session", SameSite: "lax", Expiration: time.Hour, Inactivity: time.Minute, RememberMe: time.Hour * 2,
|
||||
schema.SessionConfiguration{
|
||||
SessionCookieCommonConfiguration: schema.SessionCookieCommonConfiguration{
|
||||
Name: "authelia_session", Domain: exampleDotCom, SameSite: "lax", Expiration: time.Hour, Inactivity: time.Minute, RememberMe: time.Hour * 2,
|
||||
},
|
||||
Domain: exampleDotCom,
|
||||
Cookies: []schema.SessionCookie{
|
||||
Cookies: []schema.SessionCookieConfiguration{
|
||||
{
|
||||
SessionCookieCommon: schema.SessionCookieCommon{
|
||||
Name: "authelia_session", SameSite: "lax", Expiration: time.Hour,
|
||||
SessionCookieCommonConfiguration: schema.SessionCookieCommonConfiguration{
|
||||
Name: "authelia_session", Domain: exampleDotCom, SameSite: "lax", Expiration: time.Hour,
|
||||
Inactivity: time.Minute, RememberMe: time.Hour * 2,
|
||||
},
|
||||
Domain: exampleDotCom,
|
||||
},
|
||||
},
|
||||
},
|
||||
|
@ -71,31 +68,29 @@ func TestShouldSetDefaultSessionDomainsValues(t *testing.T) {
|
|||
},
|
||||
{
|
||||
"ShouldNotSetBadDefaultValues",
|
||||
schema.Session{
|
||||
SessionCookieCommon: schema.SessionCookieCommon{
|
||||
schema.SessionConfiguration{
|
||||
SessionCookieCommonConfiguration: schema.SessionCookieCommonConfiguration{
|
||||
SameSite: "BAD VALUE", Expiration: time.Hour, Inactivity: time.Minute, RememberMe: time.Hour * 2,
|
||||
},
|
||||
Cookies: []schema.SessionCookie{
|
||||
Cookies: []schema.SessionCookieConfiguration{
|
||||
{
|
||||
SessionCookieCommon: schema.SessionCookieCommon{
|
||||
Name: "authelia_session",
|
||||
SessionCookieCommonConfiguration: schema.SessionCookieCommonConfiguration{
|
||||
Name: "authelia_session", Domain: exampleDotCom,
|
||||
Expiration: time.Hour, Inactivity: time.Minute, RememberMe: time.Hour * 2,
|
||||
},
|
||||
Domain: exampleDotCom,
|
||||
},
|
||||
},
|
||||
},
|
||||
schema.Session{
|
||||
SessionCookieCommon: schema.SessionCookieCommon{
|
||||
schema.SessionConfiguration{
|
||||
SessionCookieCommonConfiguration: schema.SessionCookieCommonConfiguration{
|
||||
Name: "authelia_session", SameSite: "BAD VALUE", Expiration: time.Hour, Inactivity: time.Minute, RememberMe: time.Hour * 2,
|
||||
},
|
||||
Cookies: []schema.SessionCookie{
|
||||
Cookies: []schema.SessionCookieConfiguration{
|
||||
{
|
||||
SessionCookieCommon: schema.SessionCookieCommon{
|
||||
Name: "authelia_session", SameSite: schema.DefaultSessionConfiguration.SameSite,
|
||||
SessionCookieCommonConfiguration: schema.SessionCookieCommonConfiguration{
|
||||
Name: "authelia_session", Domain: exampleDotCom, SameSite: schema.DefaultSessionConfiguration.SameSite,
|
||||
Expiration: time.Hour, Inactivity: time.Minute, RememberMe: time.Hour * 2,
|
||||
},
|
||||
Domain: exampleDotCom,
|
||||
},
|
||||
},
|
||||
},
|
||||
|
@ -105,42 +100,41 @@ func TestShouldSetDefaultSessionDomainsValues(t *testing.T) {
|
|||
},
|
||||
{
|
||||
"ShouldSetDefaultValuesForEachConfig",
|
||||
schema.Session{
|
||||
SessionCookieCommon: schema.SessionCookieCommon{
|
||||
schema.SessionConfiguration{
|
||||
SessionCookieCommonConfiguration: schema.SessionCookieCommonConfiguration{
|
||||
Name: "default_session", SameSite: "lax", Expiration: time.Hour, Inactivity: time.Minute,
|
||||
RememberMe: schema.RememberMeDisabled,
|
||||
},
|
||||
Cookies: []schema.SessionCookie{
|
||||
Cookies: []schema.SessionCookieConfiguration{
|
||||
{
|
||||
SessionCookieCommonConfiguration: schema.SessionCookieCommonConfiguration{
|
||||
Domain: exampleDotCom,
|
||||
},
|
||||
},
|
||||
{
|
||||
SessionCookieCommon: schema.SessionCookieCommon{
|
||||
Name: "authelia_session", SameSite: "strict",
|
||||
},
|
||||
Domain: "example2.com",
|
||||
SessionCookieCommonConfiguration: schema.SessionCookieCommonConfiguration{
|
||||
Domain: "example2.com", Name: "authelia_session", SameSite: "strict",
|
||||
},
|
||||
},
|
||||
},
|
||||
schema.Session{
|
||||
SessionCookieCommon: schema.SessionCookieCommon{
|
||||
},
|
||||
schema.SessionConfiguration{
|
||||
SessionCookieCommonConfiguration: schema.SessionCookieCommonConfiguration{
|
||||
Name: "default_session", SameSite: "lax", Expiration: time.Hour, Inactivity: time.Minute,
|
||||
RememberMe: schema.RememberMeDisabled, DisableRememberMe: true,
|
||||
},
|
||||
Cookies: []schema.SessionCookie{
|
||||
Cookies: []schema.SessionCookieConfiguration{
|
||||
{
|
||||
SessionCookieCommon: schema.SessionCookieCommon{
|
||||
Name: "default_session", SameSite: "lax",
|
||||
SessionCookieCommonConfiguration: schema.SessionCookieCommonConfiguration{
|
||||
Name: "default_session", Domain: exampleDotCom, SameSite: "lax",
|
||||
Expiration: time.Hour, Inactivity: time.Minute, RememberMe: schema.RememberMeDisabled, DisableRememberMe: true,
|
||||
},
|
||||
Domain: exampleDotCom,
|
||||
},
|
||||
{
|
||||
SessionCookieCommon: schema.SessionCookieCommon{
|
||||
Name: "authelia_session", SameSite: "strict",
|
||||
SessionCookieCommonConfiguration: schema.SessionCookieCommonConfiguration{
|
||||
Name: "authelia_session", Domain: "example2.com", SameSite: "strict",
|
||||
Expiration: time.Hour, Inactivity: time.Minute, RememberMe: schema.RememberMeDisabled, DisableRememberMe: true,
|
||||
},
|
||||
Domain: "example2.com",
|
||||
},
|
||||
},
|
||||
},
|
||||
|
@ -148,18 +142,17 @@ func TestShouldSetDefaultSessionDomainsValues(t *testing.T) {
|
|||
},
|
||||
{
|
||||
"ShouldErrorOnEmptyConfig",
|
||||
schema.Session{
|
||||
SessionCookieCommon: schema.SessionCookieCommon{
|
||||
Name: "", SameSite: "",
|
||||
schema.SessionConfiguration{
|
||||
SessionCookieCommonConfiguration: schema.SessionCookieCommonConfiguration{
|
||||
Name: "", SameSite: "", Domain: "",
|
||||
},
|
||||
Domain: "",
|
||||
Cookies: []schema.SessionCookie{},
|
||||
Cookies: []schema.SessionCookieConfiguration{},
|
||||
},
|
||||
schema.Session{
|
||||
SessionCookieCommon: schema.SessionCookieCommon{
|
||||
schema.SessionConfiguration{
|
||||
SessionCookieCommonConfiguration: schema.SessionCookieCommonConfiguration{
|
||||
Name: "authelia_session", SameSite: "lax", Expiration: time.Hour, Inactivity: time.Minute * 5, RememberMe: time.Hour * 24 * 30,
|
||||
},
|
||||
Cookies: []schema.SessionCookie{},
|
||||
Cookies: []schema.SessionCookieConfiguration{},
|
||||
},
|
||||
[]string{
|
||||
"session: option 'cookies' is required",
|
||||
|
@ -210,7 +203,7 @@ func TestShouldWarnSessionValuesWhenPotentiallyInvalid(t *testing.T) {
|
|||
validator := schema.NewStructValidator()
|
||||
config := newDefaultSessionConfig()
|
||||
|
||||
config.Domain = ".example.com" //nolint:staticcheck
|
||||
config.Domain = ".example.com"
|
||||
|
||||
ValidateSession(&config, validator)
|
||||
|
||||
|
@ -232,7 +225,7 @@ func TestShouldHandleRedisConfigSuccessfully(t *testing.T) {
|
|||
config = newDefaultSessionConfig()
|
||||
|
||||
// Set redis config because password must be set only when redis is used.
|
||||
config.Redis = &schema.SessionRedis{
|
||||
config.Redis = &schema.RedisSessionConfiguration{
|
||||
Host: "redis.localhost",
|
||||
Port: 6379,
|
||||
Password: "password",
|
||||
|
@ -250,7 +243,7 @@ func TestShouldRaiseErrorWithInvalidRedisPortLow(t *testing.T) {
|
|||
validator := schema.NewStructValidator()
|
||||
config := newDefaultSessionConfig()
|
||||
|
||||
config.Redis = &schema.SessionRedis{
|
||||
config.Redis = &schema.RedisSessionConfiguration{
|
||||
Host: "authelia-port-1",
|
||||
Port: -1,
|
||||
}
|
||||
|
@ -267,7 +260,7 @@ func TestShouldRaiseErrorWithInvalidRedisPortHigh(t *testing.T) {
|
|||
validator := schema.NewStructValidator()
|
||||
config := newDefaultSessionConfig()
|
||||
|
||||
config.Redis = &schema.SessionRedis{
|
||||
config.Redis = &schema.RedisSessionConfiguration{
|
||||
Host: "authelia-port-1",
|
||||
Port: 65536,
|
||||
}
|
||||
|
@ -294,7 +287,7 @@ func TestShouldRaiseErrorWhenRedisIsUsedAndSecretNotSet(t *testing.T) {
|
|||
config.Secret = ""
|
||||
|
||||
// Set redis config because password must be set only when redis is used.
|
||||
config.Redis = &schema.SessionRedis{
|
||||
config.Redis = &schema.RedisSessionConfiguration{
|
||||
Host: "redis.localhost",
|
||||
Port: 6379,
|
||||
}
|
||||
|
@ -318,7 +311,7 @@ func TestShouldRaiseErrorWhenRedisHasHostnameButNoPort(t *testing.T) {
|
|||
config = newDefaultSessionConfig()
|
||||
|
||||
// Set redis config because password must be set only when redis is used.
|
||||
config.Redis = &schema.SessionRedis{
|
||||
config.Redis = &schema.RedisSessionConfiguration{
|
||||
Host: "redis.localhost",
|
||||
Port: 0,
|
||||
}
|
||||
|
@ -334,13 +327,13 @@ func TestShouldRaiseOneErrorWhenRedisHighAvailabilityHasNodesWithNoHost(t *testi
|
|||
validator := schema.NewStructValidator()
|
||||
config := newDefaultSessionConfig()
|
||||
|
||||
config.Redis = &schema.SessionRedis{
|
||||
config.Redis = &schema.RedisSessionConfiguration{
|
||||
Host: "redis",
|
||||
Port: 6379,
|
||||
HighAvailability: &schema.SessionRedisHighAvailability{
|
||||
HighAvailability: &schema.RedisHighAvailabilityConfiguration{
|
||||
SentinelName: "authelia-sentinel",
|
||||
SentinelPassword: "abc123",
|
||||
Nodes: []schema.SessionRedisHighAvailabilityNode{
|
||||
Nodes: []schema.RedisNode{
|
||||
{
|
||||
Port: 26379,
|
||||
},
|
||||
|
@ -365,10 +358,10 @@ func TestShouldRaiseOneErrorWhenRedisHighAvailabilityDoesNotHaveSentinelName(t *
|
|||
validator := schema.NewStructValidator()
|
||||
config := newDefaultSessionConfig()
|
||||
|
||||
config.Redis = &schema.SessionRedis{
|
||||
config.Redis = &schema.RedisSessionConfiguration{
|
||||
Host: "redis",
|
||||
Port: 6379,
|
||||
HighAvailability: &schema.SessionRedisHighAvailability{
|
||||
HighAvailability: &schema.RedisHighAvailabilityConfiguration{
|
||||
SentinelPassword: "abc123",
|
||||
},
|
||||
}
|
||||
|
@ -387,13 +380,13 @@ func TestShouldUpdateDefaultPortWhenRedisSentinelHasNodes(t *testing.T) {
|
|||
validator := schema.NewStructValidator()
|
||||
config := newDefaultSessionConfig()
|
||||
|
||||
config.Redis = &schema.SessionRedis{
|
||||
config.Redis = &schema.RedisSessionConfiguration{
|
||||
Host: "redis",
|
||||
Port: 6379,
|
||||
HighAvailability: &schema.SessionRedisHighAvailability{
|
||||
HighAvailability: &schema.RedisHighAvailabilityConfiguration{
|
||||
SentinelName: "authelia-sentinel",
|
||||
SentinelPassword: "abc123",
|
||||
Nodes: []schema.SessionRedisHighAvailabilityNode{
|
||||
Nodes: []schema.RedisNode{
|
||||
{
|
||||
Host: "node-1",
|
||||
Port: 333,
|
||||
|
@ -423,12 +416,12 @@ func TestShouldRaiseErrorsWhenRedisSentinelOptionsIncorrectlyConfigured(t *testi
|
|||
config := newDefaultSessionConfig()
|
||||
|
||||
config.Secret = ""
|
||||
config.Redis = &schema.SessionRedis{
|
||||
config.Redis = &schema.RedisSessionConfiguration{
|
||||
Port: 65536,
|
||||
HighAvailability: &schema.SessionRedisHighAvailability{
|
||||
HighAvailability: &schema.RedisHighAvailabilityConfiguration{
|
||||
SentinelName: "sentinel",
|
||||
SentinelPassword: "abc123",
|
||||
Nodes: []schema.SessionRedisHighAvailabilityNode{
|
||||
Nodes: []schema.RedisNode{
|
||||
{
|
||||
Host: "node1",
|
||||
Port: 26379,
|
||||
|
@ -454,12 +447,12 @@ func TestShouldRaiseErrorsWhenRedisSentinelOptionsIncorrectlyConfigured(t *testi
|
|||
config = newDefaultSessionConfig()
|
||||
|
||||
config.Secret = ""
|
||||
config.Redis = &schema.SessionRedis{
|
||||
config.Redis = &schema.RedisSessionConfiguration{
|
||||
Port: -1,
|
||||
HighAvailability: &schema.SessionRedisHighAvailability{
|
||||
HighAvailability: &schema.RedisHighAvailabilityConfiguration{
|
||||
SentinelName: "sentinel",
|
||||
SentinelPassword: "abc123",
|
||||
Nodes: []schema.SessionRedisHighAvailabilityNode{
|
||||
Nodes: []schema.RedisNode{
|
||||
{
|
||||
Host: "node1",
|
||||
Port: 26379,
|
||||
|
@ -485,13 +478,13 @@ func TestShouldNotRaiseErrorsAndSetDefaultPortWhenRedisSentinelPortBlank(t *test
|
|||
validator := schema.NewStructValidator()
|
||||
config := newDefaultSessionConfig()
|
||||
|
||||
config.Redis = &schema.SessionRedis{
|
||||
config.Redis = &schema.RedisSessionConfiguration{
|
||||
Host: "mysentinelHost",
|
||||
Port: 0,
|
||||
HighAvailability: &schema.SessionRedisHighAvailability{
|
||||
HighAvailability: &schema.RedisHighAvailabilityConfiguration{
|
||||
SentinelName: "sentinel",
|
||||
SentinelPassword: "abc123",
|
||||
Nodes: []schema.SessionRedisHighAvailabilityNode{
|
||||
Nodes: []schema.RedisNode{
|
||||
{
|
||||
Host: "node1",
|
||||
Port: 26379,
|
||||
|
@ -514,9 +507,9 @@ func TestShouldRaiseErrorWhenRedisHostAndHighAvailabilityNodesEmpty(t *testing.T
|
|||
validator := schema.NewStructValidator()
|
||||
config := newDefaultSessionConfig()
|
||||
|
||||
config.Redis = &schema.SessionRedis{
|
||||
config.Redis = &schema.RedisSessionConfiguration{
|
||||
Port: 26379,
|
||||
HighAvailability: &schema.SessionRedisHighAvailability{
|
||||
HighAvailability: &schema.RedisHighAvailabilityConfiguration{
|
||||
SentinelName: "sentinel",
|
||||
SentinelPassword: "abc123",
|
||||
RouteByLatency: true,
|
||||
|
@ -536,7 +529,7 @@ func TestShouldRaiseErrorsWhenRedisHostNotSet(t *testing.T) {
|
|||
validator := schema.NewStructValidator()
|
||||
config := newDefaultSessionConfig()
|
||||
|
||||
config.Redis = &schema.SessionRedis{
|
||||
config.Redis = &schema.RedisSessionConfiguration{
|
||||
Port: 6379,
|
||||
}
|
||||
|
||||
|
@ -554,10 +547,10 @@ func TestShouldSetDefaultRedisTLSOptions(t *testing.T) {
|
|||
validator := schema.NewStructValidator()
|
||||
config := newDefaultSessionConfig()
|
||||
|
||||
config.Redis = &schema.SessionRedis{
|
||||
config.Redis = &schema.RedisSessionConfiguration{
|
||||
Host: "redis.local",
|
||||
Port: 6379,
|
||||
TLS: &schema.TLS{},
|
||||
TLS: &schema.TLSConfig{},
|
||||
}
|
||||
|
||||
ValidateSession(&config, validator)
|
||||
|
@ -574,10 +567,10 @@ func TestShouldRaiseErrorOnBadRedisTLSOptionsSSL30(t *testing.T) {
|
|||
validator := schema.NewStructValidator()
|
||||
config := newDefaultSessionConfig()
|
||||
|
||||
config.Redis = &schema.SessionRedis{
|
||||
config.Redis = &schema.RedisSessionConfiguration{
|
||||
Host: "redis.local",
|
||||
Port: 6379,
|
||||
TLS: &schema.TLS{
|
||||
TLS: &schema.TLSConfig{
|
||||
MinimumVersion: schema.TLSVersion{Value: tls.VersionSSL30}, //nolint:staticcheck
|
||||
},
|
||||
}
|
||||
|
@ -594,10 +587,10 @@ func TestShouldRaiseErrorOnBadRedisTLSOptionsMinVerGreaterThanMax(t *testing.T)
|
|||
validator := schema.NewStructValidator()
|
||||
config := newDefaultSessionConfig()
|
||||
|
||||
config.Redis = &schema.SessionRedis{
|
||||
config.Redis = &schema.RedisSessionConfiguration{
|
||||
Host: "redis.local",
|
||||
Port: 6379,
|
||||
TLS: &schema.TLS{
|
||||
TLS: &schema.TLSConfig{
|
||||
MinimumVersion: schema.TLSVersion{Value: tls.VersionTLS13},
|
||||
MaximumVersion: schema.TLSVersion{Value: tls.VersionTLS10},
|
||||
},
|
||||
|
@ -614,32 +607,40 @@ func TestShouldRaiseErrorOnBadRedisTLSOptionsMinVerGreaterThanMax(t *testing.T)
|
|||
func TestShouldRaiseErrorWhenHaveDuplicatedDomainName(t *testing.T) {
|
||||
validator := schema.NewStructValidator()
|
||||
config := newDefaultSessionConfig()
|
||||
config.Domain = "" //nolint:staticcheck
|
||||
config.Cookies = append(config.Cookies, schema.SessionCookie{
|
||||
config.Domain = ""
|
||||
config.Cookies = append(config.Cookies, schema.SessionCookieConfiguration{
|
||||
SessionCookieCommonConfiguration: schema.SessionCookieCommonConfiguration{
|
||||
Domain: exampleDotCom,
|
||||
},
|
||||
AutheliaURL: MustParseURL("https://login.example.com"),
|
||||
})
|
||||
config.Cookies = append(config.Cookies, schema.SessionCookie{
|
||||
config.Cookies = append(config.Cookies, schema.SessionCookieConfiguration{
|
||||
SessionCookieCommonConfiguration: schema.SessionCookieCommonConfiguration{
|
||||
Domain: exampleDotCom,
|
||||
},
|
||||
AutheliaURL: MustParseURL("https://login.example.com"),
|
||||
})
|
||||
|
||||
ValidateSession(&config, validator)
|
||||
assert.False(t, validator.HasWarnings())
|
||||
assert.Len(t, validator.Errors(), 1)
|
||||
assert.EqualError(t, validator.Errors()[0], fmt.Sprintf(errFmtSessionDomainDuplicate, sessionDomainDescriptor(1, schema.SessionCookie{Domain: exampleDotCom})))
|
||||
assert.EqualError(t, validator.Errors()[0], fmt.Sprintf(errFmtSessionDomainDuplicate, sessionDomainDescriptor(1, schema.SessionCookieConfiguration{SessionCookieCommonConfiguration: schema.SessionCookieCommonConfiguration{Domain: exampleDotCom}})))
|
||||
}
|
||||
|
||||
func TestShouldRaiseErrorWhenSubdomainConflicts(t *testing.T) {
|
||||
validator := schema.NewStructValidator()
|
||||
config := newDefaultSessionConfig()
|
||||
config.Domain = "" //nolint:staticcheck
|
||||
config.Cookies = append(config.Cookies, schema.SessionCookie{
|
||||
config.Domain = ""
|
||||
config.Cookies = append(config.Cookies, schema.SessionCookieConfiguration{
|
||||
SessionCookieCommonConfiguration: schema.SessionCookieCommonConfiguration{
|
||||
Domain: exampleDotCom,
|
||||
},
|
||||
AutheliaURL: MustParseURL("https://login.example.com"),
|
||||
})
|
||||
config.Cookies = append(config.Cookies, schema.SessionCookie{
|
||||
config.Cookies = append(config.Cookies, schema.SessionCookieConfiguration{
|
||||
SessionCookieCommonConfiguration: schema.SessionCookieCommonConfiguration{
|
||||
Domain: "internal.example.com",
|
||||
},
|
||||
AutheliaURL: MustParseURL("https://login.internal.example.com"),
|
||||
})
|
||||
|
||||
|
@ -671,12 +672,14 @@ func TestShouldRaiseErrorWhenDomainIsInvalid(t *testing.T) {
|
|||
t.Run(tc.name, func(t *testing.T) {
|
||||
validator := schema.NewStructValidator()
|
||||
config := newDefaultSessionConfig()
|
||||
config.Domain = "" //nolint:staticcheck
|
||||
config.Domain = ""
|
||||
|
||||
config.Cookies = []schema.SessionCookie{
|
||||
config.Cookies = []schema.SessionCookieConfiguration{
|
||||
{
|
||||
SessionCookieCommonConfiguration: schema.SessionCookieCommonConfiguration{
|
||||
Domain: tc.have,
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
ValidateSession(&config, validator)
|
||||
|
@ -709,13 +712,13 @@ func TestShouldRaiseErrorWhenPortalURLIsInvalid(t *testing.T) {
|
|||
t.Run(tc.name, func(t *testing.T) {
|
||||
validator := schema.NewStructValidator()
|
||||
config := newDefaultSessionConfig()
|
||||
config.Domain = "" //nolint:staticcheck
|
||||
config.Cookies = []schema.SessionCookie{
|
||||
config.Domain = ""
|
||||
config.Cookies = []schema.SessionCookieConfiguration{
|
||||
{
|
||||
SessionCookieCommon: schema.SessionCookieCommon{
|
||||
SessionCookieCommonConfiguration: schema.SessionCookieCommonConfiguration{
|
||||
Name: "authelia_session",
|
||||
},
|
||||
Domain: exampleDotCom,
|
||||
},
|
||||
AutheliaURL: MustParseURL(tc.have)},
|
||||
}
|
||||
|
||||
|
@ -748,7 +751,7 @@ func TestShouldRaiseErrorWhenSameSiteSetIncorrectly(t *testing.T) {
|
|||
func TestShouldNotRaiseErrorWhenSameSiteSetCorrectly(t *testing.T) {
|
||||
validator := schema.NewStructValidator()
|
||||
|
||||
var config schema.Session
|
||||
var config schema.SessionConfiguration
|
||||
|
||||
validOptions := []string{"none", "lax", "strict"}
|
||||
|
||||
|
@ -799,15 +802,15 @@ func TestShouldNotAllowLegacyAndModernCookiesConfig(t *testing.T) {
|
|||
validator := schema.NewStructValidator()
|
||||
config := newDefaultSessionConfig()
|
||||
|
||||
config.Cookies = append(config.Cookies, schema.SessionCookie{
|
||||
SessionCookieCommon: schema.SessionCookieCommon{
|
||||
config.Cookies = append(config.Cookies, schema.SessionCookieConfiguration{
|
||||
SessionCookieCommonConfiguration: schema.SessionCookieCommonConfiguration{
|
||||
Name: config.Name,
|
||||
Domain: config.Domain,
|
||||
SameSite: config.SameSite,
|
||||
Expiration: config.Expiration,
|
||||
Inactivity: config.Inactivity,
|
||||
RememberMe: config.RememberMe,
|
||||
},
|
||||
Domain: config.Domain, //nolint:staticcheck
|
||||
})
|
||||
|
||||
ValidateSession(&config, validator)
|
||||
|
|
|
@ -8,8 +8,8 @@ import (
|
|||
"github.com/authelia/authelia/v4/internal/configuration/schema"
|
||||
)
|
||||
|
||||
// ValidateTLSConfig sets the default values and validates a schema.TLS.
|
||||
func ValidateTLSConfig(config *schema.TLS, configDefault *schema.TLS) (err error) {
|
||||
// ValidateTLSConfig sets the default values and validates a schema.TLSConfig.
|
||||
func ValidateTLSConfig(config *schema.TLSConfig, configDefault *schema.TLSConfig) (err error) {
|
||||
if configDefault == nil {
|
||||
return errors.New("must provide configDefault")
|
||||
}
|
||||
|
|
|
@ -10,16 +10,16 @@ import (
|
|||
|
||||
func TestValidateTLSConfig(t *testing.T) {
|
||||
var (
|
||||
config, configDefault *schema.TLS
|
||||
config, configDefault *schema.TLSConfig
|
||||
)
|
||||
|
||||
assert.EqualError(t, ValidateTLSConfig(config, configDefault), "must provide configDefault")
|
||||
|
||||
configDefault = &schema.TLS{}
|
||||
configDefault = &schema.TLSConfig{}
|
||||
|
||||
assert.NoError(t, ValidateTLSConfig(config, configDefault))
|
||||
|
||||
config = &schema.TLS{}
|
||||
config = &schema.TLSConfig{}
|
||||
|
||||
assert.NoError(t, ValidateTLSConfig(config, configDefault))
|
||||
|
||||
|
|
|
@ -9,7 +9,7 @@ import (
|
|||
)
|
||||
|
||||
// ValidateStorage validates storage configuration.
|
||||
func ValidateStorage(config schema.Storage, validator *schema.StructValidator) {
|
||||
func ValidateStorage(config schema.StorageConfiguration, validator *schema.StructValidator) {
|
||||
if config.Local == nil && config.MySQL == nil && config.PostgreSQL == nil {
|
||||
validator.Push(errors.New(errStrStorage))
|
||||
}
|
||||
|
@ -30,7 +30,7 @@ func ValidateStorage(config schema.Storage, validator *schema.StructValidator) {
|
|||
}
|
||||
}
|
||||
|
||||
func validateSQLConfiguration(config *schema.StorageSQL, validator *schema.StructValidator, provider string) {
|
||||
func validateSQLConfiguration(config *schema.SQLStorageConfiguration, validator *schema.StructValidator, provider string) {
|
||||
if config.Address == nil {
|
||||
if config.Host == "" { //nolint:staticcheck
|
||||
validator.Push(fmt.Errorf(errFmtStorageOptionMustBeProvided, provider, "address"))
|
||||
|
@ -69,11 +69,11 @@ func validateSQLConfiguration(config *schema.StorageSQL, validator *schema.Struc
|
|||
}
|
||||
}
|
||||
|
||||
func validateMySQLConfiguration(config *schema.StorageMySQL, validator *schema.StructValidator) {
|
||||
validateSQLConfiguration(&config.StorageSQL, validator, "mysql")
|
||||
func validateMySQLConfiguration(config *schema.MySQLStorageConfiguration, validator *schema.StructValidator) {
|
||||
validateSQLConfiguration(&config.SQLStorageConfiguration, validator, "mysql")
|
||||
|
||||
if config.TLS != nil {
|
||||
configDefaultTLS := &schema.TLS{
|
||||
configDefaultTLS := &schema.TLSConfig{
|
||||
MinimumVersion: schema.DefaultMySQLStorageConfiguration.TLS.MinimumVersion,
|
||||
MaximumVersion: schema.DefaultMySQLStorageConfiguration.TLS.MaximumVersion,
|
||||
}
|
||||
|
@ -88,18 +88,18 @@ func validateMySQLConfiguration(config *schema.StorageMySQL, validator *schema.S
|
|||
}
|
||||
}
|
||||
|
||||
func validatePostgreSQLConfiguration(config *schema.StoragePostgreSQL, validator *schema.StructValidator) {
|
||||
validateSQLConfiguration(&config.StorageSQL, validator, "postgres")
|
||||
func validatePostgreSQLConfiguration(config *schema.PostgreSQLStorageConfiguration, validator *schema.StructValidator) {
|
||||
validateSQLConfiguration(&config.SQLStorageConfiguration, validator, "postgres")
|
||||
|
||||
if config.Schema == "" {
|
||||
config.Schema = schema.DefaultPostgreSQLStorageConfiguration.Schema
|
||||
}
|
||||
|
||||
switch {
|
||||
case config.TLS != nil && config.SSL != nil: //nolint:staticcheck
|
||||
case config.TLS != nil && config.SSL != nil:
|
||||
validator.Push(fmt.Errorf(errFmtStoragePostgreSQLInvalidSSLAndTLSConfig))
|
||||
case config.TLS != nil:
|
||||
configDefaultTLS := &schema.TLS{
|
||||
configDefaultTLS := &schema.TLSConfig{
|
||||
ServerName: config.Address.Hostname(),
|
||||
MinimumVersion: schema.DefaultPostgreSQLStorageConfiguration.TLS.MinimumVersion,
|
||||
MaximumVersion: schema.DefaultPostgreSQLStorageConfiguration.TLS.MaximumVersion,
|
||||
|
@ -108,19 +108,19 @@ func validatePostgreSQLConfiguration(config *schema.StoragePostgreSQL, validator
|
|||
if err := ValidateTLSConfig(config.TLS, configDefaultTLS); err != nil {
|
||||
validator.Push(fmt.Errorf(errFmtStorageTLSConfigInvalid, "postgres", err))
|
||||
}
|
||||
case config.SSL != nil: //nolint:staticcheck
|
||||
case config.SSL != nil:
|
||||
validator.PushWarning(fmt.Errorf(warnFmtStoragePostgreSQLInvalidSSLDeprecated))
|
||||
|
||||
switch {
|
||||
case config.SSL.Mode == "": //nolint:staticcheck
|
||||
config.SSL.Mode = schema.DefaultPostgreSQLStorageConfiguration.SSL.Mode //nolint:staticcheck
|
||||
case !utils.IsStringInSlice(config.SSL.Mode, validStoragePostgreSQLSSLModes): //nolint:staticcheck
|
||||
validator.Push(fmt.Errorf(errFmtStoragePostgreSQLInvalidSSLMode, strJoinOr(validStoragePostgreSQLSSLModes), config.SSL.Mode)) //nolint:staticcheck
|
||||
case config.SSL.Mode == "":
|
||||
config.SSL.Mode = schema.DefaultPostgreSQLStorageConfiguration.SSL.Mode
|
||||
case !utils.IsStringInSlice(config.SSL.Mode, validStoragePostgreSQLSSLModes):
|
||||
validator.Push(fmt.Errorf(errFmtStoragePostgreSQLInvalidSSLMode, strJoinOr(validStoragePostgreSQLSSLModes), config.SSL.Mode))
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func validateLocalStorageConfiguration(config *schema.StorageLocal, validator *schema.StructValidator) {
|
||||
func validateLocalStorageConfiguration(config *schema.LocalStorageConfiguration, validator *schema.StructValidator) {
|
||||
if config.Path == "" {
|
||||
validator.Push(fmt.Errorf(errFmtStorageOptionMustBeProvided, "local", "path"))
|
||||
}
|
||||
|
|
|
@ -11,7 +11,7 @@ import (
|
|||
|
||||
type StorageSuite struct {
|
||||
suite.Suite
|
||||
config schema.Storage
|
||||
config schema.StorageConfiguration
|
||||
validator *schema.StructValidator
|
||||
}
|
||||
|
||||
|
@ -36,7 +36,7 @@ func (suite *StorageSuite) TestShouldValidateOneStorageIsConfigured() {
|
|||
}
|
||||
|
||||
func (suite *StorageSuite) TestShouldValidateLocalPathIsProvided() {
|
||||
suite.config.Local = &schema.StorageLocal{
|
||||
suite.config.Local = &schema.LocalStorageConfiguration{
|
||||
Path: "",
|
||||
}
|
||||
|
||||
|
@ -57,7 +57,7 @@ func (suite *StorageSuite) TestShouldValidateLocalPathIsProvided() {
|
|||
}
|
||||
|
||||
func (suite *StorageSuite) TestShouldValidateMySQLHostUsernamePasswordAndDatabaseAreProvided() {
|
||||
suite.config.MySQL = &schema.StorageMySQL{}
|
||||
suite.config.MySQL = &schema.MySQLStorageConfiguration{}
|
||||
ValidateStorage(suite.config, suite.validator)
|
||||
|
||||
suite.Require().Len(suite.validator.Errors(), 3)
|
||||
|
@ -66,8 +66,8 @@ func (suite *StorageSuite) TestShouldValidateMySQLHostUsernamePasswordAndDatabas
|
|||
suite.Assert().EqualError(suite.validator.Errors()[2], "storage: mysql: option 'database' is required")
|
||||
|
||||
suite.validator.Clear()
|
||||
suite.config.MySQL = &schema.StorageMySQL{
|
||||
StorageSQL: schema.StorageSQL{
|
||||
suite.config.MySQL = &schema.MySQLStorageConfiguration{
|
||||
SQLStorageConfiguration: schema.SQLStorageConfiguration{
|
||||
Host: "localhost",
|
||||
Username: "myuser",
|
||||
Password: "pass",
|
||||
|
@ -81,14 +81,14 @@ func (suite *StorageSuite) TestShouldValidateMySQLHostUsernamePasswordAndDatabas
|
|||
}
|
||||
|
||||
func (suite *StorageSuite) TestShouldSetDefaultMySQLTLSServerName() {
|
||||
suite.config.MySQL = &schema.StorageMySQL{
|
||||
StorageSQL: schema.StorageSQL{
|
||||
suite.config.MySQL = &schema.MySQLStorageConfiguration{
|
||||
SQLStorageConfiguration: schema.SQLStorageConfiguration{
|
||||
Address: &schema.AddressTCP{Address: MustParseAddress("tcp://mysql:1234")},
|
||||
Username: "myuser",
|
||||
Password: "pass",
|
||||
Database: "database",
|
||||
},
|
||||
TLS: &schema.TLS{
|
||||
TLS: &schema.TLSConfig{
|
||||
MinimumVersion: schema.TLSVersion{Value: tls.VersionTLS12},
|
||||
},
|
||||
}
|
||||
|
@ -103,14 +103,14 @@ func (suite *StorageSuite) TestShouldSetDefaultMySQLTLSServerName() {
|
|||
}
|
||||
|
||||
func (suite *StorageSuite) TestShouldRaiseErrorOnInvalidMySQLTLSVersion() {
|
||||
suite.config.MySQL = &schema.StorageMySQL{
|
||||
StorageSQL: schema.StorageSQL{
|
||||
suite.config.MySQL = &schema.MySQLStorageConfiguration{
|
||||
SQLStorageConfiguration: schema.SQLStorageConfiguration{
|
||||
Host: "db1",
|
||||
Username: "myuser",
|
||||
Password: "pass",
|
||||
Database: "database",
|
||||
},
|
||||
TLS: &schema.TLS{
|
||||
TLS: &schema.TLSConfig{
|
||||
MinimumVersion: schema.TLSVersion{Value: tls.VersionSSL30}, //nolint:staticcheck
|
||||
},
|
||||
}
|
||||
|
@ -124,14 +124,14 @@ func (suite *StorageSuite) TestShouldRaiseErrorOnInvalidMySQLTLSVersion() {
|
|||
}
|
||||
|
||||
func (suite *StorageSuite) TestShouldRaiseErrorOnInvalidMySQLTLSMinVersionGreaterThanMaximum() {
|
||||
suite.config.MySQL = &schema.StorageMySQL{
|
||||
StorageSQL: schema.StorageSQL{
|
||||
suite.config.MySQL = &schema.MySQLStorageConfiguration{
|
||||
SQLStorageConfiguration: schema.SQLStorageConfiguration{
|
||||
Host: "db1",
|
||||
Username: "myuser",
|
||||
Password: "pass",
|
||||
Database: "database",
|
||||
},
|
||||
TLS: &schema.TLS{
|
||||
TLS: &schema.TLSConfig{
|
||||
MinimumVersion: schema.TLSVersion{Value: tls.VersionTLS13},
|
||||
MaximumVersion: schema.TLSVersion{Value: tls.VersionTLS11},
|
||||
},
|
||||
|
@ -146,7 +146,7 @@ func (suite *StorageSuite) TestShouldRaiseErrorOnInvalidMySQLTLSMinVersionGreate
|
|||
}
|
||||
|
||||
func (suite *StorageSuite) TestShouldValidatePostgreSQLHostUsernamePasswordAndDatabaseAreProvided() {
|
||||
suite.config.PostgreSQL = &schema.StoragePostgreSQL{}
|
||||
suite.config.PostgreSQL = &schema.PostgreSQLStorageConfiguration{}
|
||||
suite.config.MySQL = nil
|
||||
ValidateStorage(suite.config, suite.validator)
|
||||
|
||||
|
@ -156,8 +156,8 @@ func (suite *StorageSuite) TestShouldValidatePostgreSQLHostUsernamePasswordAndDa
|
|||
suite.Assert().EqualError(suite.validator.Errors()[2], "storage: postgres: option 'database' is required")
|
||||
|
||||
suite.validator.Clear()
|
||||
suite.config.PostgreSQL = &schema.StoragePostgreSQL{
|
||||
StorageSQL: schema.StorageSQL{
|
||||
suite.config.PostgreSQL = &schema.PostgreSQLStorageConfiguration{
|
||||
SQLStorageConfiguration: schema.SQLStorageConfiguration{
|
||||
Host: "postgre",
|
||||
Username: "myuser",
|
||||
Password: "pass",
|
||||
|
@ -171,8 +171,8 @@ func (suite *StorageSuite) TestShouldValidatePostgreSQLHostUsernamePasswordAndDa
|
|||
}
|
||||
|
||||
func (suite *StorageSuite) TestShouldValidatePostgresSchemaDefault() {
|
||||
suite.config.PostgreSQL = &schema.StoragePostgreSQL{
|
||||
StorageSQL: schema.StorageSQL{
|
||||
suite.config.PostgreSQL = &schema.PostgreSQLStorageConfiguration{
|
||||
SQLStorageConfiguration: schema.SQLStorageConfiguration{
|
||||
Host: "db1",
|
||||
Username: "myuser",
|
||||
Password: "pass",
|
||||
|
@ -185,21 +185,21 @@ func (suite *StorageSuite) TestShouldValidatePostgresSchemaDefault() {
|
|||
suite.Assert().Len(suite.validator.Warnings(), 0)
|
||||
suite.Assert().Len(suite.validator.Errors(), 0)
|
||||
|
||||
suite.Assert().Nil(suite.config.PostgreSQL.SSL) //nolint:staticcheck
|
||||
suite.Assert().Nil(suite.config.PostgreSQL.SSL)
|
||||
suite.Assert().Nil(suite.config.PostgreSQL.TLS)
|
||||
|
||||
suite.Assert().Equal("public", suite.config.PostgreSQL.Schema)
|
||||
}
|
||||
|
||||
func (suite *StorageSuite) TestShouldValidatePostgresTLSDefaults() {
|
||||
suite.config.PostgreSQL = &schema.StoragePostgreSQL{
|
||||
StorageSQL: schema.StorageSQL{
|
||||
suite.config.PostgreSQL = &schema.PostgreSQLStorageConfiguration{
|
||||
SQLStorageConfiguration: schema.SQLStorageConfiguration{
|
||||
Host: "db1",
|
||||
Username: "myuser",
|
||||
Password: "pass",
|
||||
Database: "database",
|
||||
},
|
||||
TLS: &schema.TLS{},
|
||||
TLS: &schema.TLSConfig{},
|
||||
}
|
||||
|
||||
ValidateStorage(suite.config, suite.validator)
|
||||
|
@ -207,21 +207,21 @@ func (suite *StorageSuite) TestShouldValidatePostgresTLSDefaults() {
|
|||
suite.Assert().Len(suite.validator.Warnings(), 0)
|
||||
suite.Assert().Len(suite.validator.Errors(), 0)
|
||||
|
||||
suite.Assert().Nil(suite.config.PostgreSQL.SSL) //nolint:staticcheck
|
||||
suite.Assert().Nil(suite.config.PostgreSQL.SSL)
|
||||
suite.Require().NotNil(suite.config.PostgreSQL.TLS)
|
||||
|
||||
suite.Assert().Equal(uint16(tls.VersionTLS12), suite.config.PostgreSQL.TLS.MinimumVersion.Value)
|
||||
}
|
||||
|
||||
func (suite *StorageSuite) TestShouldSetDefaultPostgreSQLTLSServerName() {
|
||||
suite.config.PostgreSQL = &schema.StoragePostgreSQL{
|
||||
StorageSQL: schema.StorageSQL{
|
||||
suite.config.PostgreSQL = &schema.PostgreSQLStorageConfiguration{
|
||||
SQLStorageConfiguration: schema.SQLStorageConfiguration{
|
||||
Host: "mysql1",
|
||||
Username: "myuser",
|
||||
Password: "pass",
|
||||
Database: "database",
|
||||
},
|
||||
TLS: &schema.TLS{
|
||||
TLS: &schema.TLSConfig{
|
||||
MinimumVersion: schema.TLSVersion{Value: tls.VersionTLS12},
|
||||
},
|
||||
}
|
||||
|
@ -235,14 +235,14 @@ func (suite *StorageSuite) TestShouldSetDefaultPostgreSQLTLSServerName() {
|
|||
}
|
||||
|
||||
func (suite *StorageSuite) TestShouldRaiseErrorOnInvalidPostgreSQLTLSVersion() {
|
||||
suite.config.PostgreSQL = &schema.StoragePostgreSQL{
|
||||
StorageSQL: schema.StorageSQL{
|
||||
suite.config.PostgreSQL = &schema.PostgreSQLStorageConfiguration{
|
||||
SQLStorageConfiguration: schema.SQLStorageConfiguration{
|
||||
Host: "db1",
|
||||
Username: "myuser",
|
||||
Password: "pass",
|
||||
Database: "database",
|
||||
},
|
||||
TLS: &schema.TLS{
|
||||
TLS: &schema.TLSConfig{
|
||||
MinimumVersion: schema.TLSVersion{Value: tls.VersionSSL30}, //nolint:staticcheck
|
||||
},
|
||||
}
|
||||
|
@ -256,14 +256,14 @@ func (suite *StorageSuite) TestShouldRaiseErrorOnInvalidPostgreSQLTLSVersion() {
|
|||
}
|
||||
|
||||
func (suite *StorageSuite) TestShouldRaiseErrorOnInvalidPostgreSQLMinVersionGreaterThanMaximum() {
|
||||
suite.config.PostgreSQL = &schema.StoragePostgreSQL{
|
||||
StorageSQL: schema.StorageSQL{
|
||||
suite.config.PostgreSQL = &schema.PostgreSQLStorageConfiguration{
|
||||
SQLStorageConfiguration: schema.SQLStorageConfiguration{
|
||||
Host: "db1",
|
||||
Username: "myuser",
|
||||
Password: "pass",
|
||||
Database: "database",
|
||||
},
|
||||
TLS: &schema.TLS{
|
||||
TLS: &schema.TLSConfig{
|
||||
MinimumVersion: schema.TLSVersion{Value: tls.VersionTLS13},
|
||||
MaximumVersion: schema.TLSVersion{Value: tls.VersionTLS11},
|
||||
},
|
||||
|
@ -278,14 +278,14 @@ func (suite *StorageSuite) TestShouldRaiseErrorOnInvalidPostgreSQLMinVersionGrea
|
|||
}
|
||||
|
||||
func (suite *StorageSuite) TestShouldValidatePostgresSSLDefaults() {
|
||||
suite.config.PostgreSQL = &schema.StoragePostgreSQL{
|
||||
StorageSQL: schema.StorageSQL{
|
||||
suite.config.PostgreSQL = &schema.PostgreSQLStorageConfiguration{
|
||||
SQLStorageConfiguration: schema.SQLStorageConfiguration{
|
||||
Host: "db1",
|
||||
Username: "myuser",
|
||||
Password: "pass",
|
||||
Database: "database",
|
||||
},
|
||||
SSL: &schema.StoragePostgreSQLSSL{},
|
||||
SSL: &schema.PostgreSQLSSLStorageConfiguration{},
|
||||
}
|
||||
|
||||
ValidateStorage(suite.config, suite.validator)
|
||||
|
@ -293,22 +293,22 @@ func (suite *StorageSuite) TestShouldValidatePostgresSSLDefaults() {
|
|||
suite.Assert().Len(suite.validator.Warnings(), 1)
|
||||
suite.Assert().Len(suite.validator.Errors(), 0)
|
||||
|
||||
suite.Assert().NotNil(suite.config.PostgreSQL.SSL) //nolint:staticcheck
|
||||
suite.Assert().NotNil(suite.config.PostgreSQL.SSL)
|
||||
suite.Require().Nil(suite.config.PostgreSQL.TLS)
|
||||
|
||||
suite.Assert().Equal(schema.DefaultPostgreSQLStorageConfiguration.SSL.Mode, suite.config.PostgreSQL.SSL.Mode) //nolint:staticcheck
|
||||
suite.Assert().Equal(schema.DefaultPostgreSQLStorageConfiguration.SSL.Mode, suite.config.PostgreSQL.SSL.Mode)
|
||||
}
|
||||
|
||||
func (suite *StorageSuite) TestShouldRaiseErrorOnTLSAndLegacySSL() {
|
||||
suite.config.PostgreSQL = &schema.StoragePostgreSQL{
|
||||
StorageSQL: schema.StorageSQL{
|
||||
suite.config.PostgreSQL = &schema.PostgreSQLStorageConfiguration{
|
||||
SQLStorageConfiguration: schema.SQLStorageConfiguration{
|
||||
Host: "db1",
|
||||
Username: "myuser",
|
||||
Password: "pass",
|
||||
Database: "database",
|
||||
},
|
||||
SSL: &schema.StoragePostgreSQLSSL{},
|
||||
TLS: &schema.TLS{},
|
||||
SSL: &schema.PostgreSQLSSLStorageConfiguration{},
|
||||
TLS: &schema.TLSConfig{},
|
||||
}
|
||||
|
||||
ValidateStorage(suite.config, suite.validator)
|
||||
|
@ -320,15 +320,15 @@ func (suite *StorageSuite) TestShouldRaiseErrorOnTLSAndLegacySSL() {
|
|||
}
|
||||
|
||||
func (suite *StorageSuite) TestShouldValidatePostgresDefaultsDontOverrideConfiguration() {
|
||||
suite.config.PostgreSQL = &schema.StoragePostgreSQL{
|
||||
StorageSQL: schema.StorageSQL{
|
||||
suite.config.PostgreSQL = &schema.PostgreSQLStorageConfiguration{
|
||||
SQLStorageConfiguration: schema.SQLStorageConfiguration{
|
||||
Host: "db1",
|
||||
Username: "myuser",
|
||||
Password: "pass",
|
||||
Database: "database",
|
||||
},
|
||||
Schema: "authelia",
|
||||
SSL: &schema.StoragePostgreSQLSSL{
|
||||
SSL: &schema.PostgreSQLSSLStorageConfiguration{
|
||||
Mode: "require",
|
||||
},
|
||||
}
|
||||
|
@ -338,21 +338,21 @@ func (suite *StorageSuite) TestShouldValidatePostgresDefaultsDontOverrideConfigu
|
|||
suite.Require().Len(suite.validator.Warnings(), 1)
|
||||
suite.Assert().Len(suite.validator.Errors(), 0)
|
||||
|
||||
suite.Assert().Equal("require", suite.config.PostgreSQL.SSL.Mode) //nolint:staticcheck
|
||||
suite.Assert().Equal("require", suite.config.PostgreSQL.SSL.Mode)
|
||||
suite.Assert().Equal("authelia", suite.config.PostgreSQL.Schema)
|
||||
|
||||
suite.Assert().EqualError(suite.validator.Warnings()[0], "storage: postgres: ssl: the ssl configuration options are deprecated and we recommend the tls options instead")
|
||||
}
|
||||
|
||||
func (suite *StorageSuite) TestShouldValidatePostgresSSLModeMustBeValid() {
|
||||
suite.config.PostgreSQL = &schema.StoragePostgreSQL{
|
||||
StorageSQL: schema.StorageSQL{
|
||||
suite.config.PostgreSQL = &schema.PostgreSQLStorageConfiguration{
|
||||
SQLStorageConfiguration: schema.SQLStorageConfiguration{
|
||||
Host: "db2",
|
||||
Username: "myuser",
|
||||
Password: "pass",
|
||||
Database: "database",
|
||||
},
|
||||
SSL: &schema.StoragePostgreSQLSSL{
|
||||
SSL: &schema.PostgreSQLSSLStorageConfiguration{
|
||||
Mode: "unknown",
|
||||
},
|
||||
}
|
||||
|
@ -366,7 +366,7 @@ func (suite *StorageSuite) TestShouldValidatePostgresSSLModeMustBeValid() {
|
|||
|
||||
func (suite *StorageSuite) TestShouldRaiseErrorOnNoEncryptionKey() {
|
||||
suite.config.EncryptionKey = ""
|
||||
suite.config.Local = &schema.StorageLocal{
|
||||
suite.config.Local = &schema.LocalStorageConfiguration{
|
||||
Path: "/this/is/a/path",
|
||||
}
|
||||
|
||||
|
@ -379,7 +379,7 @@ func (suite *StorageSuite) TestShouldRaiseErrorOnNoEncryptionKey() {
|
|||
|
||||
func (suite *StorageSuite) TestShouldRaiseErrorOnShortEncryptionKey() {
|
||||
suite.config.EncryptionKey = "abc"
|
||||
suite.config.Local = &schema.StorageLocal{
|
||||
suite.config.Local = &schema.LocalStorageConfiguration{
|
||||
Path: "/this/is/a/path",
|
||||
}
|
||||
|
||||
|
|
|
@ -35,9 +35,9 @@ func TestValidateTelemetry(t *testing.T) {
|
|||
},
|
||||
{
|
||||
"ShouldSetDefaultPort",
|
||||
&schema.Configuration{Telemetry: schema.Telemetry{Metrics: schema.TelemetryMetrics{Address: mustParseAddress("tcp://0.0.0.0")}}},
|
||||
&schema.Configuration{Telemetry: schema.Telemetry{
|
||||
Metrics: schema.TelemetryMetrics{
|
||||
&schema.Configuration{Telemetry: schema.TelemetryConfig{Metrics: schema.TelemetryMetricsConfig{Address: mustParseAddress("tcp://0.0.0.0")}}},
|
||||
&schema.Configuration{Telemetry: schema.TelemetryConfig{
|
||||
Metrics: schema.TelemetryMetricsConfig{
|
||||
Address: mustParseAddress("tcp://0.0.0.0:9959/metrics"),
|
||||
Buffers: schema.ServerBuffers{
|
||||
Read: 4096,
|
||||
|
@ -55,22 +55,22 @@ func TestValidateTelemetry(t *testing.T) {
|
|||
},
|
||||
{
|
||||
"ShouldSetDefaultPortAlt",
|
||||
&schema.Configuration{Telemetry: schema.Telemetry{Metrics: schema.TelemetryMetrics{Address: mustParseAddress("tcp://:0/metrics")}}},
|
||||
&schema.Configuration{Telemetry: schema.TelemetryConfig{Metrics: schema.TelemetryMetricsConfig{Address: mustParseAddress("tcp://:0/metrics")}}},
|
||||
&schema.Configuration{Telemetry: schema.DefaultTelemetryConfig},
|
||||
nil,
|
||||
nil,
|
||||
},
|
||||
{
|
||||
"ShouldSetDefaultPortWithCustomIP",
|
||||
&schema.Configuration{Telemetry: schema.Telemetry{Metrics: schema.TelemetryMetrics{Address: mustParseAddress("tcp://127.0.0.1")}}},
|
||||
&schema.Configuration{Telemetry: schema.Telemetry{Metrics: schema.TelemetryMetrics{Address: mustParseAddress("tcp://127.0.0.1:9959/metrics")}}},
|
||||
&schema.Configuration{Telemetry: schema.TelemetryConfig{Metrics: schema.TelemetryMetricsConfig{Address: mustParseAddress("tcp://127.0.0.1")}}},
|
||||
&schema.Configuration{Telemetry: schema.TelemetryConfig{Metrics: schema.TelemetryMetricsConfig{Address: mustParseAddress("tcp://127.0.0.1:9959/metrics")}}},
|
||||
nil,
|
||||
nil,
|
||||
},
|
||||
{
|
||||
"ShouldNotValidateUDP",
|
||||
&schema.Configuration{Telemetry: schema.Telemetry{Metrics: schema.TelemetryMetrics{Address: mustParseAddress("udp://0.0.0.0")}}},
|
||||
&schema.Configuration{Telemetry: schema.Telemetry{Metrics: schema.TelemetryMetrics{Address: mustParseAddress("udp://0.0.0.0:9959/metrics")}}},
|
||||
&schema.Configuration{Telemetry: schema.TelemetryConfig{Metrics: schema.TelemetryMetricsConfig{Address: mustParseAddress("udp://0.0.0.0")}}},
|
||||
&schema.Configuration{Telemetry: schema.TelemetryConfig{Metrics: schema.TelemetryMetricsConfig{Address: mustParseAddress("udp://0.0.0.0:9959/metrics")}}},
|
||||
nil,
|
||||
[]string{"telemetry: metrics: option 'address' with value 'udp://0.0.0.0:0' is invalid: scheme must be one of 'tcp', 'tcp4', 'tcp6', or 'unix' but is configured as 'udp'"},
|
||||
},
|
||||
|
|
|
@ -13,8 +13,8 @@ import (
|
|||
func TestValidateTOTP(t *testing.T) {
|
||||
testCases := []struct {
|
||||
desc string
|
||||
have schema.TOTP
|
||||
expected schema.TOTP
|
||||
have schema.TOTPConfiguration
|
||||
expected schema.TOTPConfiguration
|
||||
errs []string
|
||||
warns []string
|
||||
}{
|
||||
|
@ -24,12 +24,12 @@ func TestValidateTOTP(t *testing.T) {
|
|||
},
|
||||
{
|
||||
desc: "ShouldNotSetDefaultTOTPValuesWhenDisabled",
|
||||
have: schema.TOTP{Disable: true},
|
||||
expected: schema.TOTP{Disable: true},
|
||||
have: schema.TOTPConfiguration{Disable: true},
|
||||
expected: schema.TOTPConfiguration{Disable: true},
|
||||
},
|
||||
{
|
||||
desc: "ShouldNormalizeTOTPAlgorithm",
|
||||
have: schema.TOTP{
|
||||
have: schema.TOTPConfiguration{
|
||||
Algorithm: digestSHA1,
|
||||
Digits: 6,
|
||||
Period: 30,
|
||||
|
@ -37,7 +37,7 @@ func TestValidateTOTP(t *testing.T) {
|
|||
Skew: schema.DefaultTOTPConfiguration.Skew,
|
||||
Issuer: "abc",
|
||||
},
|
||||
expected: schema.TOTP{
|
||||
expected: schema.TOTPConfiguration{
|
||||
Algorithm: "SHA1",
|
||||
Digits: 6,
|
||||
Period: 30,
|
||||
|
@ -48,7 +48,7 @@ func TestValidateTOTP(t *testing.T) {
|
|||
},
|
||||
{
|
||||
desc: "ShouldRaiseErrorWhenInvalidTOTPAlgorithm",
|
||||
have: schema.TOTP{
|
||||
have: schema.TOTPConfiguration{
|
||||
Algorithm: "sha3",
|
||||
Digits: 6,
|
||||
Period: 30,
|
||||
|
@ -62,7 +62,7 @@ func TestValidateTOTP(t *testing.T) {
|
|||
},
|
||||
{
|
||||
desc: "ShouldRaiseErrorWhenInvalidTOTPValue",
|
||||
have: schema.TOTP{
|
||||
have: schema.TOTPConfiguration{
|
||||
Algorithm: "sha3",
|
||||
Period: 5,
|
||||
Digits: 20,
|
||||
|
|
|
@ -190,7 +190,7 @@ func jwkCalculateThumbprint(key schema.CryptographicKey) (thumbprintStr string,
|
|||
return fmt.Sprintf("%x", thumbprint)[:6], nil
|
||||
}
|
||||
|
||||
func getResponseObjectAlgFromKID(config *schema.IdentityProvidersOpenIDConnect, kid, alg string) string {
|
||||
func getResponseObjectAlgFromKID(config *schema.OpenIDConnect, kid, alg string) string {
|
||||
for _, jwk := range config.IssuerPrivateKeys {
|
||||
if kid == jwk.KeyID {
|
||||
return jwk.Algorithm
|
||||
|
|
|
@ -81,7 +81,7 @@ func TestSchemaJWKGetPropertiesMissingTests(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestGetResponseObjectAlgFromKID(t *testing.T) {
|
||||
c := &schema.IdentityProvidersOpenIDConnect{
|
||||
c := &schema.OpenIDConnect{
|
||||
IssuerPrivateKeys: []schema.JWK{
|
||||
{KeyID: "abc", Algorithm: "EX256"},
|
||||
{KeyID: "123", Algorithm: "EX512"},
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue