authelia/internal/configuration/validator/configuration.go

71 lines
2.0 KiB
Go
Raw Normal View History

package validator
import (
"fmt"
[FEATURE] Enhance LDAP/SMTP TLS Configuration and Unify Them (#1557) * add new directive in the global scope `certificates_directory` which is used to bulk load certs and trust them in Authelia * this is in ADDITION to system certs and are trusted by both LDAP and SMTP * added a shared TLSConfig struct to be used by both SMTP and LDAP, and anything else in the future that requires tuning the TLS * remove usage of deprecated LDAP funcs Dial and DialTLS in favor of DialURL which is also easier to use * use the server name from LDAP URL or SMTP host when validating the certificate unless otherwise defined in the TLS section * added temporary translations from the old names to the new ones for all deprecated options * added docs * updated example configuration * final deprecations to be done in 4.28.0 * doc updates * fix misc linting issues * uniform deprecation notices for ease of final removal * added additional tests covering previously uncovered areas and the new configuration options * add non-fatal to certificate loading when system certs could not be loaded * adjust timeout of Suite ShortTimeouts * add warnings pusher for the StructValidator * make the schema suites uninform * utilize the warnings in the StructValidator * fix test suite usage for skip_verify * extract LDAP filter parsing into it's own function to make it possible to test * test LDAP filter parsing * update ErrorContainer interface * add tests to the StructValidator * add NewTLSConfig test * move baseDN for users/groups into parsed values * add tests to cover many of the outstanding areas in LDAP * add explicit deferred LDAP conn close to UpdatePassword * add some basic testing to SMTP notifier * suggestions from code review
2021-01-04 17:28:55 +07:00
"os"
"github.com/authelia/authelia/v4/internal/configuration/schema"
"github.com/authelia/authelia/v4/internal/utils"
)
// ValidateConfiguration and adapt the configuration read from file.
func ValidateConfiguration(configuration *schema.Configuration, validator *schema.StructValidator) {
[FEATURE] Enhance LDAP/SMTP TLS Configuration and Unify Them (#1557) * add new directive in the global scope `certificates_directory` which is used to bulk load certs and trust them in Authelia * this is in ADDITION to system certs and are trusted by both LDAP and SMTP * added a shared TLSConfig struct to be used by both SMTP and LDAP, and anything else in the future that requires tuning the TLS * remove usage of deprecated LDAP funcs Dial and DialTLS in favor of DialURL which is also easier to use * use the server name from LDAP URL or SMTP host when validating the certificate unless otherwise defined in the TLS section * added temporary translations from the old names to the new ones for all deprecated options * added docs * updated example configuration * final deprecations to be done in 4.28.0 * doc updates * fix misc linting issues * uniform deprecation notices for ease of final removal * added additional tests covering previously uncovered areas and the new configuration options * add non-fatal to certificate loading when system certs could not be loaded * adjust timeout of Suite ShortTimeouts * add warnings pusher for the StructValidator * make the schema suites uninform * utilize the warnings in the StructValidator * fix test suite usage for skip_verify * extract LDAP filter parsing into it's own function to make it possible to test * test LDAP filter parsing * update ErrorContainer interface * add tests to the StructValidator * add NewTLSConfig test * move baseDN for users/groups into parsed values * add tests to cover many of the outstanding areas in LDAP * add explicit deferred LDAP conn close to UpdatePassword * add some basic testing to SMTP notifier * suggestions from code review
2021-01-04 17:28:55 +07:00
if configuration.CertificatesDirectory != "" {
info, err := os.Stat(configuration.CertificatesDirectory)
if err != nil {
validator.Push(fmt.Errorf("Error checking certificate directory: %v", err))
} else if !info.IsDir() {
validator.Push(fmt.Errorf("The path %s specified for certificate_directory is not a directory", configuration.CertificatesDirectory))
}
}
if configuration.JWTSecret == "" {
validator.Push(fmt.Errorf("Provide a JWT secret using \"jwt_secret\" key"))
}
if configuration.DefaultRedirectionURL != "" {
err := utils.IsStringAbsURL(configuration.DefaultRedirectionURL)
if err != nil {
validator.Push(fmt.Errorf("Value for \"default_redirection_url\" is invalid: %+v", err))
}
}
ValidateTheme(configuration, validator)
ValidateLogging(configuration, validator)
ValidateTOTP(configuration, validator)
ValidateAuthenticationBackend(&configuration.AuthenticationBackend, validator)
ValidateAccessControl(&configuration.AccessControl, validator)
ValidateRules(configuration.AccessControl, validator)
ValidateSession(&configuration.Session, validator)
if configuration.Regulation == nil {
configuration.Regulation = &schema.DefaultRegulationConfiguration
}
ValidateRegulation(configuration.Regulation, validator)
ValidateServer(configuration, validator)
ValidateStorage(configuration.Storage, validator)
2019-11-17 02:50:58 +07:00
if configuration.Notifier == nil {
validator.Push(fmt.Errorf("A notifier configuration must be provided"))
} else {
ValidateNotifier(configuration.Notifier, validator)
}
ValidateIdentityProviders(&configuration.IdentityProviders, validator)
if configuration.NTP == nil {
configuration.NTP = &schema.DefaultNTPConfiguration
}
ValidateNTP(configuration.NTP, validator)
}