2019-04-25 04:52:08 +07:00
package validator
import (
2021-03-22 16:04:09 +07:00
"runtime"
2019-04-25 04:52:08 +07:00
"testing"
"github.com/stretchr/testify/assert"
2020-01-22 03:15:40 +07:00
"github.com/stretchr/testify/require"
2020-04-05 19:37:21 +07:00
2021-08-11 08:04:35 +07:00
"github.com/authelia/authelia/v4/internal/configuration/schema"
2019-04-25 04:52:08 +07:00
)
func newDefaultConfig ( ) schema . Configuration {
config := schema . Configuration { }
2021-08-02 18:55:30 +07:00
config . Server . Host = loopback
config . Server . Port = 9090
2021-08-03 16:55:21 +07:00
config . Log . Level = "info"
config . Log . Format = "text"
2020-05-02 23:20:40 +07:00
config . JWTSecret = testJWTSecret
2021-04-14 17:53:23 +07:00
config . AuthenticationBackend . File = & schema . FileAuthenticationBackendConfiguration {
Path : "/a/path" ,
}
config . AccessControl = schema . AccessControlConfiguration {
DefaultPolicy : "two_factor" ,
}
2019-04-25 04:52:08 +07:00
config . Session = schema . SessionConfiguration {
Domain : "example.com" ,
Name : "authelia_session" ,
Secret : "secret" ,
}
2021-11-25 08:56:58 +07:00
config . Storage . EncryptionKey = testEncryptionKey
2020-02-06 09:53:02 +07:00
config . Storage . Local = & schema . LocalStorageConfiguration {
Path : "abc" ,
2019-11-17 02:50:58 +07:00
}
2020-01-22 03:15:40 +07:00
config . Notifier = & schema . NotifierConfiguration {
FileSystem : & schema . FileSystemNotifierConfiguration {
Filename : "/tmp/file" ,
} ,
}
2020-05-06 02:35:32 +07:00
2019-04-25 04:52:08 +07:00
return config
}
2020-01-22 03:15:40 +07:00
func TestShouldEnsureNotifierConfigIsProvided ( t * testing . T ) {
validator := schema . NewStructValidator ( )
config := newDefaultConfig ( )
2020-04-23 08:11:32 +07:00
ValidateConfiguration ( & config , validator )
2020-01-22 03:15:40 +07:00
require . Len ( t , validator . Errors ( ) , 0 )
config . Notifier = nil
2020-04-23 08:11:32 +07:00
ValidateConfiguration ( & config , validator )
2020-01-22 03:15:40 +07:00
require . Len ( t , validator . Errors ( ) , 1 )
2022-02-28 10:15:01 +07:00
assert . EqualError ( t , validator . Errors ( ) [ 0 ] , "notifier: you must ensure either the 'smtp' or 'filesystem' notifier is configured" )
2020-01-22 03:15:40 +07:00
}
2020-02-05 04:18:02 +07:00
func TestShouldAddDefaultAccessControl ( t * testing . T ) {
validator := schema . NewStructValidator ( )
config := newDefaultConfig ( )
2021-04-14 17:53:23 +07:00
config . AccessControl . DefaultPolicy = ""
config . AccessControl . Rules = [ ] schema . ACLRule {
{
Policy : "bypass" ,
Domains : [ ] string {
"public.example.com" ,
} ,
} ,
}
2020-04-23 08:11:32 +07:00
ValidateConfiguration ( & config , validator )
2020-02-05 04:18:02 +07:00
require . Len ( t , validator . Errors ( ) , 0 )
assert . NotNil ( t , config . AccessControl )
assert . Equal ( t , "deny" , config . AccessControl . DefaultPolicy )
}
2020-03-03 14:18:25 +07:00
2020-04-05 19:37:21 +07:00
func TestShouldRaiseErrorWithUndefinedJWTSecretKey ( t * testing . T ) {
validator := schema . NewStructValidator ( )
config := newDefaultConfig ( )
config . JWTSecret = ""
2020-04-23 08:11:32 +07:00
ValidateConfiguration ( & config , validator )
2020-04-05 19:37:21 +07:00
require . Len ( t , validator . Errors ( ) , 1 )
2021-08-03 16:55:21 +07:00
require . Len ( t , validator . Warnings ( ) , 1 )
2022-02-28 10:15:01 +07:00
assert . EqualError ( t , validator . Errors ( ) [ 0 ] , "option 'jwt_secret' is required" )
assert . EqualError ( t , validator . Warnings ( ) [ 0 ] , "access control: no rules have been specified so the 'default_policy' of 'two_factor' is going to be applied to all requests" )
2020-04-05 19:37:21 +07:00
}
func TestShouldRaiseErrorWithBadDefaultRedirectionURL ( t * testing . T ) {
validator := schema . NewStructValidator ( )
config := newDefaultConfig ( )
feat(oidc): add additional config options, accurate token times, and refactoring (#1991)
* This gives admins more control over their OIDC installation exposing options that had defaults before. Things like lifespans for authorize codes, access tokens, id tokens, refresh tokens, a option to enable the debug client messages, minimum parameter entropy. It also allows admins to configure the response modes.
* Additionally this records specific values about a users session indicating when they performed a specific authz factor so this is represented in the token accurately.
* Lastly we also implemented a OIDC key manager which calculates the kid for jwk's using the SHA1 digest instead of being static, or more specifically the first 7 chars. As per https://datatracker.ietf.org/doc/html/draft-ietf-jose-json-web-key#section-8.1.1 the kid should not exceed 8 chars. While it's allowed to exceed 8 chars, it must only be done so with a compelling reason, which we do not have.
2021-07-04 06:44:30 +07:00
config . DefaultRedirectionURL = "bad_default_redirection_url"
2020-04-05 19:37:21 +07:00
2020-04-23 08:11:32 +07:00
ValidateConfiguration ( & config , validator )
2020-04-05 19:37:21 +07:00
require . Len ( t , validator . Errors ( ) , 1 )
2021-08-03 16:55:21 +07:00
require . Len ( t , validator . Warnings ( ) , 1 )
2022-02-28 10:15:01 +07:00
assert . EqualError ( t , validator . Errors ( ) [ 0 ] , "option 'default_redirection_url' is invalid: the url 'bad_default_redirection_url' is not absolute because it doesn't start with a scheme like 'ldap://' or 'ldaps://'" )
assert . EqualError ( t , validator . Warnings ( ) [ 0 ] , "access control: no rules have been specified so the 'default_policy' of 'two_factor' is going to be applied to all requests" )
2020-04-05 19:37:21 +07:00
}
2021-01-04 17:28:55 +07:00
func TestShouldNotOverrideCertificatesDirectoryAndShouldPassWhenBlank ( t * testing . T ) {
validator := schema . NewStructValidator ( )
config := newDefaultConfig ( )
2021-08-03 16:55:21 +07:00
2021-01-04 17:28:55 +07:00
ValidateConfiguration ( & config , validator )
2021-08-03 16:55:21 +07:00
assert . Len ( t , validator . Errors ( ) , 0 )
require . Len ( t , validator . Warnings ( ) , 1 )
2021-01-04 17:28:55 +07:00
require . Equal ( t , "" , config . CertificatesDirectory )
2021-08-03 16:55:21 +07:00
2022-02-28 10:15:01 +07:00
assert . EqualError ( t , validator . Warnings ( ) [ 0 ] , "access control: no rules have been specified so the 'default_policy' of 'two_factor' is going to be applied to all requests" )
2021-01-04 17:28:55 +07:00
}
func TestShouldRaiseErrorOnInvalidCertificatesDirectory ( t * testing . T ) {
validator := schema . NewStructValidator ( )
config := newDefaultConfig ( )
config . CertificatesDirectory = "not-a-real-file.go"
ValidateConfiguration ( & config , validator )
require . Len ( t , validator . Errors ( ) , 1 )
2021-08-03 16:55:21 +07:00
require . Len ( t , validator . Warnings ( ) , 1 )
2021-03-22 16:04:09 +07:00
if runtime . GOOS == "windows" {
2022-02-28 10:15:01 +07:00
assert . EqualError ( t , validator . Errors ( ) [ 0 ] , "the location 'certificates_directory' could not be inspected: CreateFile not-a-real-file.go: The system cannot find the file specified." )
2021-03-22 16:04:09 +07:00
} else {
2022-02-28 10:15:01 +07:00
assert . EqualError ( t , validator . Errors ( ) [ 0 ] , "the location 'certificates_directory' could not be inspected: stat not-a-real-file.go: no such file or directory" )
2021-03-22 16:04:09 +07:00
}
2021-01-04 17:28:55 +07:00
2022-02-28 10:15:01 +07:00
assert . EqualError ( t , validator . Warnings ( ) [ 0 ] , "access control: no rules have been specified so the 'default_policy' of 'two_factor' is going to be applied to all requests" )
2021-08-03 16:55:21 +07:00
2021-01-04 17:28:55 +07:00
validator = schema . NewStructValidator ( )
config . CertificatesDirectory = "const.go"
2021-08-03 16:55:21 +07:00
2021-01-04 17:28:55 +07:00
ValidateConfiguration ( & config , validator )
require . Len ( t , validator . Errors ( ) , 1 )
2021-08-03 16:55:21 +07:00
require . Len ( t , validator . Warnings ( ) , 1 )
2022-02-28 10:15:01 +07:00
assert . EqualError ( t , validator . Errors ( ) [ 0 ] , "the location 'certificates_directory' refers to 'const.go' is not a directory" )
assert . EqualError ( t , validator . Warnings ( ) [ 0 ] , "access control: no rules have been specified so the 'default_policy' of 'two_factor' is going to be applied to all requests" )
2021-01-04 17:28:55 +07:00
}
func TestShouldNotRaiseErrorOnValidCertificatesDirectory ( t * testing . T ) {
validator := schema . NewStructValidator ( )
config := newDefaultConfig ( )
config . CertificatesDirectory = "../../suites/common/ssl"
ValidateConfiguration ( & config , validator )
2021-08-03 16:55:21 +07:00
assert . Len ( t , validator . Errors ( ) , 0 )
require . Len ( t , validator . Warnings ( ) , 1 )
2022-02-28 10:15:01 +07:00
assert . EqualError ( t , validator . Warnings ( ) [ 0 ] , "access control: no rules have been specified so the 'default_policy' of 'two_factor' is going to be applied to all requests" )
2021-01-04 17:28:55 +07:00
}