2019-04-25 04:52:08 +07:00
package validator
import (
2021-03-22 16:04:09 +07:00
"runtime"
2019-04-25 04:52:08 +07:00
"testing"
"github.com/stretchr/testify/assert"
2020-01-22 03:15:40 +07:00
"github.com/stretchr/testify/require"
2020-04-05 19:37:21 +07:00
"github.com/authelia/authelia/internal/configuration/schema"
2019-04-25 04:52:08 +07:00
)
func newDefaultConfig ( ) schema . Configuration {
config := schema . Configuration { }
2019-12-07 03:45:59 +07:00
config . Host = "127.0.0.1"
2019-04-25 04:52:08 +07:00
config . Port = 9090
2021-06-01 11:09:50 +07:00
config . Logging . Level = "info"
config . Logging . Format = "text"
2020-05-02 23:20:40 +07:00
config . JWTSecret = testJWTSecret
2021-04-14 17:53:23 +07:00
config . AuthenticationBackend . File = & schema . FileAuthenticationBackendConfiguration {
Path : "/a/path" ,
}
config . AccessControl = schema . AccessControlConfiguration {
DefaultPolicy : "two_factor" ,
}
2019-04-25 04:52:08 +07:00
config . Session = schema . SessionConfiguration {
Domain : "example.com" ,
Name : "authelia_session" ,
Secret : "secret" ,
}
2020-02-06 09:53:02 +07:00
config . Storage . Local = & schema . LocalStorageConfiguration {
Path : "abc" ,
2019-11-17 02:50:58 +07:00
}
2020-01-22 03:15:40 +07:00
config . Notifier = & schema . NotifierConfiguration {
FileSystem : & schema . FileSystemNotifierConfiguration {
Filename : "/tmp/file" ,
} ,
}
2020-05-06 02:35:32 +07:00
2019-04-25 04:52:08 +07:00
return config
}
func TestShouldNotUpdateConfig ( t * testing . T ) {
validator := schema . NewStructValidator ( )
config := newDefaultConfig ( )
2020-04-23 08:11:32 +07:00
ValidateConfiguration ( & config , validator )
2019-04-25 04:52:08 +07:00
2020-01-22 03:15:40 +07:00
require . Len ( t , validator . Errors ( ) , 0 )
2019-04-25 04:52:08 +07:00
assert . Equal ( t , 9090 , config . Port )
2021-06-01 11:09:50 +07:00
assert . Equal ( t , "info" , config . Logging . Level )
2019-04-25 04:52:08 +07:00
}
func TestShouldValidateAndUpdatePort ( t * testing . T ) {
validator := schema . NewStructValidator ( )
config := newDefaultConfig ( )
config . Port = 0
2020-04-23 08:11:32 +07:00
ValidateConfiguration ( & config , validator )
2019-04-25 04:52:08 +07:00
2020-01-22 03:15:40 +07:00
require . Len ( t , validator . Errors ( ) , 0 )
2021-03-22 16:04:09 +07:00
assert . Equal ( t , 9091 , config . Port )
2019-04-25 04:52:08 +07:00
}
2019-12-07 03:45:59 +07:00
func TestShouldValidateAndUpdateHost ( t * testing . T ) {
validator := schema . NewStructValidator ( )
config := newDefaultConfig ( )
config . Host = ""
2020-04-23 08:11:32 +07:00
ValidateConfiguration ( & config , validator )
2019-12-07 03:45:59 +07:00
2020-01-22 03:15:40 +07:00
require . Len ( t , validator . Errors ( ) , 0 )
2019-12-07 03:45:59 +07:00
assert . Equal ( t , "0.0.0.0" , config . Host )
}
2020-01-22 03:15:40 +07:00
func TestShouldEnsureNotifierConfigIsProvided ( t * testing . T ) {
validator := schema . NewStructValidator ( )
config := newDefaultConfig ( )
2020-04-23 08:11:32 +07:00
ValidateConfiguration ( & config , validator )
2020-01-22 03:15:40 +07:00
require . Len ( t , validator . Errors ( ) , 0 )
config . Notifier = nil
2020-04-23 08:11:32 +07:00
ValidateConfiguration ( & config , validator )
2020-01-22 03:15:40 +07:00
require . Len ( t , validator . Errors ( ) , 1 )
assert . EqualError ( t , validator . Errors ( ) [ 0 ] , "A notifier configuration must be provided" )
}
2020-02-05 04:18:02 +07:00
func TestShouldAddDefaultAccessControl ( t * testing . T ) {
validator := schema . NewStructValidator ( )
config := newDefaultConfig ( )
2021-04-14 17:53:23 +07:00
config . AccessControl . DefaultPolicy = ""
config . AccessControl . Rules = [ ] schema . ACLRule {
{
Policy : "bypass" ,
Domains : [ ] string {
"public.example.com" ,
} ,
} ,
}
2020-04-23 08:11:32 +07:00
ValidateConfiguration ( & config , validator )
2020-02-05 04:18:02 +07:00
require . Len ( t , validator . Errors ( ) , 0 )
assert . NotNil ( t , config . AccessControl )
assert . Equal ( t , "deny" , config . AccessControl . DefaultPolicy )
}
2020-03-03 14:18:25 +07:00
func TestShouldRaiseErrorWhenTLSCertWithoutKeyIsProvided ( t * testing . T ) {
validator := schema . NewStructValidator ( )
config := newDefaultConfig ( )
2020-05-02 23:20:40 +07:00
config . TLSCert = testTLSCert
2020-03-03 14:18:25 +07:00
2020-04-23 08:11:32 +07:00
ValidateConfiguration ( & config , validator )
2020-03-03 14:18:25 +07:00
require . Len ( t , validator . Errors ( ) , 1 )
assert . EqualError ( t , validator . Errors ( ) [ 0 ] , "No TLS key provided, please check the \"tls_key\" which has been configured" )
}
func TestShouldRaiseErrorWhenTLSKeyWithoutCertIsProvided ( t * testing . T ) {
validator := schema . NewStructValidator ( )
config := newDefaultConfig ( )
2020-05-02 23:20:40 +07:00
config . TLSKey = testTLSKey
2020-03-03 14:18:25 +07:00
2020-04-23 08:11:32 +07:00
ValidateConfiguration ( & config , validator )
2020-03-03 14:18:25 +07:00
require . Len ( t , validator . Errors ( ) , 1 )
assert . EqualError ( t , validator . Errors ( ) [ 0 ] , "No TLS certificate provided, please check the \"tls_cert\" which has been configured" )
}
func TestShouldNotRaiseErrorWhenBothTLSCertificateAndKeyAreProvided ( t * testing . T ) {
validator := schema . NewStructValidator ( )
config := newDefaultConfig ( )
2020-05-02 23:20:40 +07:00
config . TLSCert = testTLSCert
config . TLSKey = testTLSKey
2020-03-03 14:18:25 +07:00
2020-04-23 08:11:32 +07:00
ValidateConfiguration ( & config , validator )
2020-03-03 14:18:25 +07:00
require . Len ( t , validator . Errors ( ) , 0 )
}
2020-04-05 19:37:21 +07:00
func TestShouldRaiseErrorWithUndefinedJWTSecretKey ( t * testing . T ) {
validator := schema . NewStructValidator ( )
config := newDefaultConfig ( )
config . JWTSecret = ""
2020-04-23 08:11:32 +07:00
ValidateConfiguration ( & config , validator )
2020-04-05 19:37:21 +07:00
require . Len ( t , validator . Errors ( ) , 1 )
assert . EqualError ( t , validator . Errors ( ) [ 0 ] , "Provide a JWT secret using \"jwt_secret\" key" )
}
func TestShouldRaiseErrorWithBadDefaultRedirectionURL ( t * testing . T ) {
validator := schema . NewStructValidator ( )
config := newDefaultConfig ( )
feat(oidc): add additional config options, accurate token times, and refactoring (#1991)
* This gives admins more control over their OIDC installation exposing options that had defaults before. Things like lifespans for authorize codes, access tokens, id tokens, refresh tokens, a option to enable the debug client messages, minimum parameter entropy. It also allows admins to configure the response modes.
* Additionally this records specific values about a users session indicating when they performed a specific authz factor so this is represented in the token accurately.
* Lastly we also implemented a OIDC key manager which calculates the kid for jwk's using the SHA1 digest instead of being static, or more specifically the first 7 chars. As per https://datatracker.ietf.org/doc/html/draft-ietf-jose-json-web-key#section-8.1.1 the kid should not exceed 8 chars. While it's allowed to exceed 8 chars, it must only be done so with a compelling reason, which we do not have.
2021-07-04 06:44:30 +07:00
config . DefaultRedirectionURL = "bad_default_redirection_url"
2020-04-05 19:37:21 +07:00
2020-04-23 08:11:32 +07:00
ValidateConfiguration ( & config , validator )
2020-04-05 19:37:21 +07:00
require . Len ( t , validator . Errors ( ) , 1 )
feat(oidc): add additional config options, accurate token times, and refactoring (#1991)
* This gives admins more control over their OIDC installation exposing options that had defaults before. Things like lifespans for authorize codes, access tokens, id tokens, refresh tokens, a option to enable the debug client messages, minimum parameter entropy. It also allows admins to configure the response modes.
* Additionally this records specific values about a users session indicating when they performed a specific authz factor so this is represented in the token accurately.
* Lastly we also implemented a OIDC key manager which calculates the kid for jwk's using the SHA1 digest instead of being static, or more specifically the first 7 chars. As per https://datatracker.ietf.org/doc/html/draft-ietf-jose-json-web-key#section-8.1.1 the kid should not exceed 8 chars. While it's allowed to exceed 8 chars, it must only be done so with a compelling reason, which we do not have.
2021-07-04 06:44:30 +07:00
assert . EqualError ( t , validator . Errors ( ) [ 0 ] , "Value for \"default_redirection_url\" is invalid: the url 'bad_default_redirection_url' is not absolute because it doesn't start with a scheme like 'http://' or 'https://'" )
2020-04-05 19:37:21 +07:00
}
2021-01-04 17:28:55 +07:00
func TestShouldNotOverrideCertificatesDirectoryAndShouldPassWhenBlank ( t * testing . T ) {
validator := schema . NewStructValidator ( )
config := newDefaultConfig ( )
ValidateConfiguration ( & config , validator )
require . Len ( t , validator . Errors ( ) , 0 )
require . Equal ( t , "" , config . CertificatesDirectory )
}
func TestShouldRaiseErrorOnInvalidCertificatesDirectory ( t * testing . T ) {
validator := schema . NewStructValidator ( )
config := newDefaultConfig ( )
config . CertificatesDirectory = "not-a-real-file.go"
ValidateConfiguration ( & config , validator )
require . Len ( t , validator . Errors ( ) , 1 )
2021-03-22 16:04:09 +07:00
if runtime . GOOS == "windows" {
assert . EqualError ( t , validator . Errors ( ) [ 0 ] , "Error checking certificate directory: CreateFile not-a-real-file.go: The system cannot find the file specified." )
} else {
assert . EqualError ( t , validator . Errors ( ) [ 0 ] , "Error checking certificate directory: stat not-a-real-file.go: no such file or directory" )
}
2021-01-04 17:28:55 +07:00
validator = schema . NewStructValidator ( )
config . CertificatesDirectory = "const.go"
ValidateConfiguration ( & config , validator )
require . Len ( t , validator . Errors ( ) , 1 )
assert . EqualError ( t , validator . Errors ( ) [ 0 ] , "The path const.go specified for certificate_directory is not a directory" )
}
func TestShouldNotRaiseErrorOnValidCertificatesDirectory ( t * testing . T ) {
validator := schema . NewStructValidator ( )
config := newDefaultConfig ( )
config . CertificatesDirectory = "../../suites/common/ssl"
ValidateConfiguration ( & config , validator )
require . Len ( t , validator . Errors ( ) , 0 )
}