refactor: apply godot recommendations (#2839)

This commit is contained in:
James Elliott 2022-01-31 16:25:15 +11:00 committed by GitHub
parent 357c654db8
commit 1772a83190
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
41 changed files with 101 additions and 101 deletions

View File

@ -46,19 +46,19 @@ var hostEntries = []HostEntry{
{Domain: "proxy-client2.example.com", IP: "192.168.240.202"}, {Domain: "proxy-client2.example.com", IP: "192.168.240.202"},
{Domain: "proxy-client3.example.com", IP: "192.168.240.203"}, {Domain: "proxy-client3.example.com", IP: "192.168.240.203"},
// Redis Replicas // Redis Replicas.
{Domain: "redis-node-0.example.com", IP: "192.168.240.110"}, {Domain: "redis-node-0.example.com", IP: "192.168.240.110"},
{Domain: "redis-node-1.example.com", IP: "192.168.240.111"}, {Domain: "redis-node-1.example.com", IP: "192.168.240.111"},
{Domain: "redis-node-2.example.com", IP: "192.168.240.112"}, {Domain: "redis-node-2.example.com", IP: "192.168.240.112"},
// Redis Sentinel Replicas // Redis Sentinel Replicas.
{Domain: "redis-sentinel-0.example.com", IP: "192.168.240.120"}, {Domain: "redis-sentinel-0.example.com", IP: "192.168.240.120"},
{Domain: "redis-sentinel-1.example.com", IP: "192.168.240.121"}, {Domain: "redis-sentinel-1.example.com", IP: "192.168.240.121"},
{Domain: "redis-sentinel-2.example.com", IP: "192.168.240.122"}, {Domain: "redis-sentinel-2.example.com", IP: "192.168.240.122"},
// Kubernetes dashboard. // Kubernetes dashboard.
{Domain: "kubernetes.example.com", IP: "192.168.240.110"}, {Domain: "kubernetes.example.com", IP: "192.168.240.110"},
// OIDC tester app // OIDC tester app.
{Domain: "oidc.example.com", IP: "192.168.240.100"}, {Domain: "oidc.example.com", IP: "192.168.240.100"},
{Domain: "oidc-public.example.com", IP: "192.168.240.100"}, {Domain: "oidc-public.example.com", IP: "192.168.240.100"},
} }

View File

@ -125,7 +125,7 @@ func setupSuite(cmd *cobra.Command, args []string) {
} }
} }
// Create the .suite file // Create the .suite file.
if err := createRunningSuiteFile(suiteName); err != nil { if err := createRunningSuiteFile(suiteName); err != nil {
log.Fatal(err) log.Fatal(err)
} }

View File

@ -53,7 +53,7 @@ func NewFileUserProvider(configuration *schema.FileAuthenticationBackendConfigur
panic(err) panic(err)
} }
// Early check whether hashed passwords are correct for all users // Early check whether hashed passwords are correct for all users.
err = checkPasswordHashes(database) err = checkPasswordHashes(database)
if err != nil { if err != nil {
panic(err) panic(err)

View File

@ -19,7 +19,7 @@ func WithDatabase(content []byte, f func(path string)) {
log.Fatal(err) log.Fatal(err)
} }
defer os.Remove(tmpfile.Name()) // Clean up defer os.Remove(tmpfile.Name()) // Clean up.
if _, err := tmpfile.Write(content); err != nil { if _, err := tmpfile.Write(content); err != nil {
tmpfile.Close() tmpfile.Close()

View File

@ -89,10 +89,10 @@ func TestEscapeSpecialCharsFromUserInput(t *testing.T) {
nil, nil,
mockFactory) mockFactory)
// No escape // No escape.
assert.Equal(t, "xyz", ldapClient.ldapEscape("xyz")) assert.Equal(t, "xyz", ldapClient.ldapEscape("xyz"))
// Escape // Escape.
assert.Equal(t, "test\\,abc", ldapClient.ldapEscape("test,abc")) assert.Equal(t, "test\\,abc", ldapClient.ldapEscape("test,abc"))
assert.Equal(t, "test\\5cabc", ldapClient.ldapEscape("test\\abc")) assert.Equal(t, "test\\5cabc", ldapClient.ldapEscape("test\\abc"))
assert.Equal(t, "test\\2aabc", ldapClient.ldapEscape("test*abc")) assert.Equal(t, "test\\2aabc", ldapClient.ldapEscape("test*abc"))

View File

@ -9,7 +9,7 @@ type IdentityProvidersConfiguration struct {
// OpenIDConnectConfiguration configuration for OpenID Connect. // OpenIDConnectConfiguration configuration for OpenID Connect.
type OpenIDConnectConfiguration struct { type OpenIDConnectConfiguration struct {
// This secret must be 32 bytes long // This secret must be 32 bytes long.
HMACSecret string `koanf:"hmac_secret"` HMACSecret string `koanf:"hmac_secret"`
IssuerPrivateKey string `koanf:"issuer_private_key"` IssuerPrivateKey string `koanf:"issuer_private_key"`

View File

@ -45,7 +45,7 @@ func validateFileAuthenticationBackend(configuration *schema.FileAuthenticationB
if configuration.Password == nil { if configuration.Password == nil {
configuration.Password = &schema.DefaultPasswordConfiguration configuration.Password = &schema.DefaultPasswordConfiguration
} else { } else {
// Salt Length // Salt Length.
switch { switch {
case configuration.Password.SaltLength == 0: case configuration.Password.SaltLength == 0:
configuration.Password.SaltLength = schema.DefaultPasswordConfiguration.SaltLength configuration.Password.SaltLength = schema.DefaultPasswordConfiguration.SaltLength
@ -72,32 +72,32 @@ func validateFileAuthenticationBackend(configuration *schema.FileAuthenticationB
} }
func validateFileAuthenticationBackendSHA512(configuration *schema.FileAuthenticationBackendConfiguration) { func validateFileAuthenticationBackendSHA512(configuration *schema.FileAuthenticationBackendConfiguration) {
// Iterations (time) // Iterations (time).
if configuration.Password.Iterations == 0 { if configuration.Password.Iterations == 0 {
configuration.Password.Iterations = schema.DefaultPasswordSHA512Configuration.Iterations configuration.Password.Iterations = schema.DefaultPasswordSHA512Configuration.Iterations
} }
} }
func validateFileAuthenticationBackendArgon2id(configuration *schema.FileAuthenticationBackendConfiguration, validator *schema.StructValidator) { func validateFileAuthenticationBackendArgon2id(configuration *schema.FileAuthenticationBackendConfiguration, validator *schema.StructValidator) {
// Iterations (time) // Iterations (time).
if configuration.Password.Iterations == 0 { if configuration.Password.Iterations == 0 {
configuration.Password.Iterations = schema.DefaultPasswordConfiguration.Iterations configuration.Password.Iterations = schema.DefaultPasswordConfiguration.Iterations
} }
// Parallelism // Parallelism.
if configuration.Password.Parallelism == 0 { if configuration.Password.Parallelism == 0 {
configuration.Password.Parallelism = schema.DefaultPasswordConfiguration.Parallelism configuration.Password.Parallelism = schema.DefaultPasswordConfiguration.Parallelism
} else if configuration.Password.Parallelism < 1 { } else if configuration.Password.Parallelism < 1 {
validator.Push(fmt.Errorf("Parallelism for argon2id must be 1 or more, you configured %d", configuration.Password.Parallelism)) validator.Push(fmt.Errorf("Parallelism for argon2id must be 1 or more, you configured %d", configuration.Password.Parallelism))
} }
// Memory // Memory.
if configuration.Password.Memory == 0 { if configuration.Password.Memory == 0 {
configuration.Password.Memory = schema.DefaultPasswordConfiguration.Memory configuration.Password.Memory = schema.DefaultPasswordConfiguration.Memory
} else if configuration.Password.Memory < configuration.Password.Parallelism*8 { } else if configuration.Password.Memory < configuration.Password.Parallelism*8 {
validator.Push(fmt.Errorf("Memory for argon2id must be %d or more (parallelism * 8), you configured memory as %d and parallelism as %d", configuration.Password.Parallelism*8, configuration.Password.Memory, configuration.Password.Parallelism)) validator.Push(fmt.Errorf("Memory for argon2id must be %d or more (parallelism * 8), you configured memory as %d and parallelism as %d", configuration.Password.Parallelism*8, configuration.Password.Memory, configuration.Password.Parallelism))
} }
// Key Length // Key Length.
if configuration.Password.KeyLength == 0 { if configuration.Password.KeyLength == 0 {
configuration.Password.KeyLength = schema.DefaultPasswordConfiguration.KeyLength configuration.Password.KeyLength = schema.DefaultPasswordConfiguration.KeyLength
} else if configuration.Password.KeyLength < 16 { } else if configuration.Password.KeyLength < 16 {
@ -185,12 +185,12 @@ func validateLDAPURL(ldapURL string, validator *schema.StructValidator) (finalUR
} }
func validateLDAPRequiredParameters(configuration *schema.LDAPAuthenticationBackendConfiguration, validator *schema.StructValidator) { func validateLDAPRequiredParameters(configuration *schema.LDAPAuthenticationBackendConfiguration, validator *schema.StructValidator) {
// TODO: see if it's possible to disable this check if disable_reset_password is set and when anonymous/user binding is supported (#101 and #387) // TODO: see if it's possible to disable this check if disable_reset_password is set and when anonymous/user binding is supported (#101 and #387).
if configuration.User == "" { if configuration.User == "" {
validator.Push(errors.New("Please provide a user name to connect to the LDAP server")) validator.Push(errors.New("Please provide a user name to connect to the LDAP server"))
} }
// TODO: see if it's possible to disable this check if disable_reset_password is set and when anonymous/user binding is supported (#101 and #387) // TODO: see if it's possible to disable this check if disable_reset_password is set and when anonymous/user binding is supported (#101 and #387).
if configuration.Password == "" { if configuration.Password == "" {
validator.Push(errors.New("Please provide a password to connect to the LDAP server")) validator.Push(errors.New("Please provide a password to connect to the LDAP server"))
} }

View File

@ -10,11 +10,11 @@ import (
// ValidateRegulation validates and update regulator configuration. // ValidateRegulation validates and update regulator configuration.
func ValidateRegulation(configuration *schema.RegulationConfiguration, validator *schema.StructValidator) { func ValidateRegulation(configuration *schema.RegulationConfiguration, validator *schema.StructValidator) {
if configuration.FindTime == "" { if configuration.FindTime == "" {
configuration.FindTime = schema.DefaultRegulationConfiguration.FindTime // 2 min configuration.FindTime = schema.DefaultRegulationConfiguration.FindTime // 2 min.
} }
if configuration.BanTime == "" { if configuration.BanTime == "" {
configuration.BanTime = schema.DefaultRegulationConfiguration.BanTime // 5 min configuration.BanTime = schema.DefaultRegulationConfiguration.BanTime // 5 min.
} }
findTime, err := utils.ParseDurationString(configuration.FindTime) findTime, err := utils.ParseDurationString(configuration.FindTime)

View File

@ -32,19 +32,19 @@ func ValidateSession(configuration *schema.SessionConfiguration, validator *sche
func validateSession(configuration *schema.SessionConfiguration, validator *schema.StructValidator) { func validateSession(configuration *schema.SessionConfiguration, validator *schema.StructValidator) {
if configuration.Expiration == "" { if configuration.Expiration == "" {
configuration.Expiration = schema.DefaultSessionConfiguration.Expiration // 1 hour configuration.Expiration = schema.DefaultSessionConfiguration.Expiration // 1 hour.
} else if _, err := utils.ParseDurationString(configuration.Expiration); err != nil { } else if _, err := utils.ParseDurationString(configuration.Expiration); err != nil {
validator.Push(fmt.Errorf("Error occurred parsing session expiration string: %s", err)) validator.Push(fmt.Errorf("Error occurred parsing session expiration string: %s", err))
} }
if configuration.Inactivity == "" { if configuration.Inactivity == "" {
configuration.Inactivity = schema.DefaultSessionConfiguration.Inactivity // 5 min configuration.Inactivity = schema.DefaultSessionConfiguration.Inactivity // 5 min.
} else if _, err := utils.ParseDurationString(configuration.Inactivity); err != nil { } else if _, err := utils.ParseDurationString(configuration.Inactivity); err != nil {
validator.Push(fmt.Errorf("Error occurred parsing session inactivity string: %s", err)) validator.Push(fmt.Errorf("Error occurred parsing session inactivity string: %s", err))
} }
if configuration.RememberMeDuration == "" { if configuration.RememberMeDuration == "" {
configuration.RememberMeDuration = schema.DefaultSessionConfiguration.RememberMeDuration // 1 month configuration.RememberMeDuration = schema.DefaultSessionConfiguration.RememberMeDuration // 1 month.
} else if _, err := utils.ParseDurationString(configuration.RememberMeDuration); err != nil { } else if _, err := utils.ParseDurationString(configuration.RememberMeDuration); err != nil {
validator.Push(fmt.Errorf("Error occurred parsing session remember_me_duration string: %s", err)) validator.Push(fmt.Errorf("Error occurred parsing session remember_me_duration string: %s", err))
} }

View File

@ -13,4 +13,4 @@ const (
) )
// PossibleMethods is the set of all possible Duo 2FA methods. // PossibleMethods is the set of all possible Duo 2FA methods.
var PossibleMethods = []string{Push} // OTP, Phone, SMS var PossibleMethods = []string{Push} // OTP, Phone, SMS.

View File

@ -91,10 +91,10 @@ func FirstFactorPost(delayFunc middlewares.TimingAttackDelayFunc) middlewares.Re
return return
} }
// Check if bodyJSON.KeepMeLoggedIn can be deref'd and derive the value based on the configuration and JSON data // Check if bodyJSON.KeepMeLoggedIn can be deref'd and derive the value based on the configuration and JSON data.
keepMeLoggedIn := ctx.Providers.SessionProvider.RememberMe != 0 && bodyJSON.KeepMeLoggedIn != nil && *bodyJSON.KeepMeLoggedIn keepMeLoggedIn := ctx.Providers.SessionProvider.RememberMe != 0 && bodyJSON.KeepMeLoggedIn != nil && *bodyJSON.KeepMeLoggedIn
// Set the cookie to expire if remember me is enabled and the user has asked us to // Set the cookie to expire if remember me is enabled and the user has asked us to.
if keepMeLoggedIn { if keepMeLoggedIn {
err = ctx.Providers.SessionProvider.UpdateExpiration(ctx.RequestCtx, ctx.Providers.SessionProvider.RememberMe) err = ctx.Providers.SessionProvider.UpdateExpiration(ctx.RequestCtx, ctx.Providers.SessionProvider.RememberMe)
if err != nil { if err != nil {

View File

@ -33,13 +33,13 @@ func (s *FirstFactorSuite) TearDownTest() {
func (s *FirstFactorSuite) TestShouldFailIfBodyIsNil() { func (s *FirstFactorSuite) TestShouldFailIfBodyIsNil() {
FirstFactorPost(nil)(s.mock.Ctx) FirstFactorPost(nil)(s.mock.Ctx)
// No body // No body.
assert.Equal(s.T(), "Failed to parse 1FA request body: unable to parse body: unexpected end of JSON input", s.mock.Hook.LastEntry().Message) assert.Equal(s.T(), "Failed to parse 1FA request body: unable to parse body: unexpected end of JSON input", s.mock.Hook.LastEntry().Message)
s.mock.Assert401KO(s.T(), "Authentication failed. Check your credentials.") s.mock.Assert401KO(s.T(), "Authentication failed. Check your credentials.")
} }
func (s *FirstFactorSuite) TestShouldFailIfBodyIsInBadFormat() { func (s *FirstFactorSuite) TestShouldFailIfBodyIsInBadFormat() {
// Missing password // Missing password.
s.mock.Ctx.Request.SetBodyString(`{ s.mock.Ctx.Request.SetBodyString(`{
"username": "test" "username": "test"
}`) }`)

View File

@ -65,7 +65,7 @@ func SecondFactorU2FSignGet(ctx *middlewares.AutheliaCtx) {
}, },
} }
// Save the challenge and registration for use in next request // Save the challenge and registration for use in next request.
userSession.U2FRegistration = &session.U2FRegistration{ userSession.U2FRegistration = &session.U2FRegistration{
KeyHandle: device.KeyHandle, KeyHandle: device.KeyHandle,
PublicKey: device.PublicKey, PublicKey: device.PublicKey,

View File

@ -73,7 +73,7 @@ func isTargetURLAuthorized(authorizer *authorization.Authorizer, targetURL url.U
// deduce the access is forbidden // deduce the access is forbidden
// For anonymous users though, we cannot be sure that she // For anonymous users though, we cannot be sure that she
// could not be granted the rights to access the resource. Consequently // could not be granted the rights to access the resource. Consequently
// for anonymous users we send Unauthorized instead of Forbidden // for anonymous users we send Unauthorized instead of Forbidden.
return Forbidden return Forbidden
case level == authorization.OneFactor && authLevel >= authentication.OneFactor, case level == authorization.OneFactor && authLevel >= authentication.OneFactor,
level == authorization.TwoFactor && authLevel >= authentication.TwoFactor: level == authorization.TwoFactor && authLevel >= authentication.TwoFactor:
@ -100,7 +100,7 @@ func verifyBasicAuth(ctx *middlewares.AutheliaCtx, header, auth []byte) (usernam
// If the user is not correctly authenticated, send a 401. // If the user is not correctly authenticated, send a 401.
if !authenticated { if !authenticated {
// Request Basic Authentication otherwise // Request Basic Authentication otherwise.
return "", "", nil, nil, authentication.NotAuthenticated, fmt.Errorf("user %s is not authenticated", username) return "", "", nil, nil, authentication.NotAuthenticated, fmt.Errorf("user %s is not authenticated", username)
} }
@ -391,7 +391,7 @@ func getProfileRefreshSettings(cfg schema.AuthenticationBackendConfiguration) (r
refresh = true refresh = true
if cfg.RefreshInterval != schema.ProfileRefreshAlways { if cfg.RefreshInterval != schema.ProfileRefreshAlways {
// Skip Error Check since validator checks it // Skip Error Check since validator checks it.
refreshInterval, _ = utils.ParseDurationString(cfg.RefreshInterval) refreshInterval, _ = utils.ParseDurationString(cfg.RefreshInterval)
} else { } else {
refreshInterval = schema.RefreshIntervalAlways refreshInterval = schema.RefreshIntervalAlways

View File

@ -1023,7 +1023,7 @@ func TestShouldDestroySessionWhenUserNotExist(t *testing.T) {
userSession = mock.Ctx.GetSession() userSession = mock.Ctx.GetSession()
assert.Equal(t, clock.Now().Add(5*time.Minute).Unix(), userSession.RefreshTTL.Unix()) assert.Equal(t, clock.Now().Add(5*time.Minute).Unix(), userSession.RefreshTTL.Unix())
// Simulate a Deleted User // Simulate a Deleted User.
userSession.RefreshTTL = clock.Now().Add(-1 * time.Minute) userSession.RefreshTTL = clock.Now().Add(-1 * time.Minute)
err = mock.Ctx.SaveSession(userSession) err = mock.Ctx.SaveSession(userSession)

View File

@ -151,7 +151,7 @@ func IdentityVerificationFinish(args IdentityVerificationFinishArgs, next func(c
ctx.Error(fmt.Errorf("Cannot parse token"), messageOperationFailed) ctx.Error(fmt.Errorf("Cannot parse token"), messageOperationFailed)
return return
case ve.Errors&(jwt.ValidationErrorExpired|jwt.ValidationErrorNotValidYet) != 0: case ve.Errors&(jwt.ValidationErrorExpired|jwt.ValidationErrorNotValidYet) != 0:
// Token is either expired or not active yet // Token is either expired or not active yet.
ctx.Error(fmt.Errorf("Token expired"), messageIdentityVerificationTokenHasExpired) ctx.Error(fmt.Errorf("Token expired"), messageIdentityVerificationTokenHasExpired)
return return
default: default:

View File

@ -117,7 +117,7 @@ func NewMockAutheliaCtx(t *testing.T) *MockAutheliaCtx {
request := &fasthttp.RequestCtx{} request := &fasthttp.RequestCtx{}
// Set a cookie to identify this client throughout the test. // Set a cookie to identify this client throughout the test.
// request.Request.Header.SetCookie("authelia_session", "client_cookie") // request.Request.Header.SetCookie("authelia_session", "client_cookie").
autheliaCtx, _ := middlewares.NewAutheliaCtx(request, configuration, providers) autheliaCtx, _ := middlewares.NewAutheliaCtx(request, configuration, providers)
mockAuthelia.Ctx = autheliaCtx mockAuthelia.Ctx = autheliaCtx

View File

@ -38,7 +38,7 @@ func NewSMTPNotifier(configuration *schema.SMTPNotifierConfiguration, certPool *
// Do startTLS if available (some servers only provide the auth extension after, and encryption is preferred). // Do startTLS if available (some servers only provide the auth extension after, and encryption is preferred).
func (n *SMTPNotifier) startTLS() error { func (n *SMTPNotifier) startTLS() error {
// Only start if not already encrypted // Only start if not already encrypted.
if _, ok := n.client.TLSConnectionState(); ok { if _, ok := n.client.TLSConnectionState(); ok {
n.log.Debugf("Notifier SMTP connection is already encrypted, skipping STARTTLS") n.log.Debugf("Notifier SMTP connection is already encrypted, skipping STARTTLS")
return nil return nil

View File

@ -1,10 +1,10 @@
package ntp package ntp
const ( const (
ntpClientModeValue uint8 = 3 // 00000011 ntpClientModeValue uint8 = 3 // 00000011.
ntpLeapEnabledValue uint8 = 64 // 01000000 ntpLeapEnabledValue uint8 = 64 // 01000000.
ntpVersion3Value uint8 = 24 // 00011000 ntpVersion3Value uint8 = 24 // 00011000.
ntpVersion4Value uint8 = 40 // 00101000 ntpVersion4Value uint8 = 40 // 00101000.
) )
const ntpEpochOffset = 2208988800 const ntpEpochOffset = 2208988800

View File

@ -72,7 +72,7 @@ func NewOpenIDConnectProvider(configuration *schema.OpenIDConnectConfiguration)
compose.OAuth2ClientCredentialsGrantFactory, compose.OAuth2ClientCredentialsGrantFactory,
compose.OAuth2RefreshTokenGrantFactory, compose.OAuth2RefreshTokenGrantFactory,
compose.OAuth2ResourceOwnerPasswordCredentialsFactory, compose.OAuth2ResourceOwnerPasswordCredentialsFactory,
// compose.RFC7523AssertionGrantFactory, // compose.RFC7523AssertionGrantFactory,.
compose.OpenIDConnectExplicitFactory, compose.OpenIDConnectExplicitFactory,
compose.OpenIDConnectImplicitFactory, compose.OpenIDConnectImplicitFactory,
@ -82,7 +82,7 @@ func NewOpenIDConnectProvider(configuration *schema.OpenIDConnectConfiguration)
compose.OAuth2TokenIntrospectionFactory, compose.OAuth2TokenIntrospectionFactory,
compose.OAuth2TokenRevocationFactory, compose.OAuth2TokenRevocationFactory,
// compose.OAuth2PKCEFactory, // compose.OAuth2PKCEFactory,.
) )
provider.herodot = herodot.NewJSONWriter(nil) provider.herodot = herodot.NewJSONWriter(nil)

View File

@ -282,7 +282,7 @@ func (s *RegulatorSuite) TestShouldHaveRegulatorDisabled() {
LoadAuthenticationLogs(s.ctx, gomock.Eq("john"), gomock.Any(), gomock.Eq(10), gomock.Eq(0)). LoadAuthenticationLogs(s.ctx, gomock.Eq("john"), gomock.Any(), gomock.Eq(10), gomock.Eq(0)).
Return(attemptsInDB, nil) Return(attemptsInDB, nil)
// Check Disabled Functionality // Check Disabled Functionality.
configuration := schema.RegulationConfiguration{ configuration := schema.RegulationConfiguration{
MaxRetries: 0, MaxRetries: 0,
FindTime: "180", FindTime: "180",
@ -293,7 +293,7 @@ func (s *RegulatorSuite) TestShouldHaveRegulatorDisabled() {
_, err := regulator.Regulate(s.ctx, "john") _, err := regulator.Regulate(s.ctx, "john")
assert.NoError(s.T(), err) assert.NoError(s.T(), err)
// Check Enabled Functionality // Check Enabled Functionality.
configuration = schema.RegulationConfiguration{ configuration = schema.RegulationConfiguration{
MaxRetries: 1, MaxRetries: 1,
FindTime: "180", FindTime: "180",

View File

@ -11,7 +11,7 @@ import (
type Regulator struct { type Regulator struct {
// Is the regulation enabled. // Is the regulation enabled.
enabled bool enabled bool
// The number of failed authentication attempt before banning the user // The number of failed authentication attempt before banning the user.
maxRetries int maxRetries int
// If a user does the max number of retries within that duration, she will be banned. // If a user does the max number of retries within that duration, she will be banned.
findTime time.Duration findTime time.Duration

View File

@ -59,7 +59,7 @@ func TestShouldCreateRedisSessionProviderTLS(t *testing.T) {
pConfig := providerConfig.redisConfig pConfig := providerConfig.redisConfig
assert.Equal(t, "redis.example.com:6379", pConfig.Addr) assert.Equal(t, "redis.example.com:6379", pConfig.Addr)
assert.Equal(t, "pass", pConfig.Password) assert.Equal(t, "pass", pConfig.Password)
// DbNumber is the fasthttp/session property for the Redis DB Index // DbNumber is the fasthttp/session property for the Redis DB Index.
assert.Equal(t, 0, pConfig.DB) assert.Equal(t, 0, pConfig.DB)
assert.Equal(t, 0, pConfig.PoolSize) assert.Equal(t, 0, pConfig.PoolSize)
assert.Equal(t, 0, pConfig.MinIdleConns) assert.Equal(t, 0, pConfig.MinIdleConns)
@ -94,7 +94,7 @@ func TestShouldCreateRedisSessionProvider(t *testing.T) {
pConfig := providerConfig.redisConfig pConfig := providerConfig.redisConfig
assert.Equal(t, "redis.example.com:6379", pConfig.Addr) assert.Equal(t, "redis.example.com:6379", pConfig.Addr)
assert.Equal(t, "pass", pConfig.Password) assert.Equal(t, "pass", pConfig.Password)
// DbNumber is the fasthttp/session property for the Redis DB Index // DbNumber is the fasthttp/session property for the Redis DB Index.
assert.Equal(t, 0, pConfig.DB) assert.Equal(t, 0, pConfig.DB)
assert.Equal(t, 0, pConfig.PoolSize) assert.Equal(t, 0, pConfig.PoolSize)
assert.Equal(t, 0, pConfig.MinIdleConns) assert.Equal(t, 0, pConfig.MinIdleConns)
@ -180,7 +180,7 @@ func TestShouldCreateRedisSentinelSessionProvider(t *testing.T) {
assert.Equal(t, 8, pConfig.PoolSize) assert.Equal(t, 8, pConfig.PoolSize)
assert.Equal(t, 2, pConfig.MinIdleConns) assert.Equal(t, 2, pConfig.MinIdleConns)
// DbNumber is the fasthttp/session property for the Redis DB Index // DbNumber is the fasthttp/session property for the Redis DB Index.
assert.Equal(t, 0, pConfig.DB) assert.Equal(t, 0, pConfig.DB)
assert.Nil(t, pConfig.TLSConfig) assert.Nil(t, pConfig.TLSConfig)
} }
@ -233,7 +233,7 @@ func TestShouldCreateRedisSessionProviderWithUnixSocket(t *testing.T) {
pConfig := providerConfig.redisConfig pConfig := providerConfig.redisConfig
assert.Equal(t, "/var/run/redis/redis.sock", pConfig.Addr) assert.Equal(t, "/var/run/redis/redis.sock", pConfig.Addr)
assert.Equal(t, "pass", pConfig.Password) assert.Equal(t, "pass", pConfig.Password)
// DbNumber is the fasthttp/session property for the Redis DB Index // DbNumber is the fasthttp/session property for the Redis DB Index.
assert.Equal(t, 0, pConfig.DB) assert.Equal(t, 0, pConfig.DB)
assert.Nil(t, pConfig.TLSConfig) assert.Nil(t, pConfig.TLSConfig)
} }
@ -256,7 +256,7 @@ func TestShouldSetDbNumber(t *testing.T) {
assert.Equal(t, "redis", providerConfig.providerName) assert.Equal(t, "redis", providerConfig.providerName)
pConfig := providerConfig.redisConfig pConfig := providerConfig.redisConfig
// DbNumber is the fasthttp/session property for the Redis DB Index // DbNumber is the fasthttp/session property for the Redis DB Index.
assert.Equal(t, 5, pConfig.DB) assert.Equal(t, 5, pConfig.DB)
} }
@ -277,7 +277,7 @@ func TestShouldUseEncryptingSerializerWithRedis(t *testing.T) {
encoded, err := providerConfig.config.EncodeFunc(payload) encoded, err := providerConfig.config.EncodeFunc(payload)
require.NoError(t, err) require.NoError(t, err)
// Now we try to decrypt what has been serialized // Now we try to decrypt what has been serialized.
key := sha256.Sum256([]byte("abc")) key := sha256.Sum256([]byte("abc"))
decrypted, err := utils.Decrypt(encoded, &key) decrypted, err := utils.Decrypt(encoded, &key)
require.NoError(t, err) require.NoError(t, err)

View File

@ -111,7 +111,7 @@ type SQLProvider struct {
sqlUpdateU2FDevicePublicKey string sqlUpdateU2FDevicePublicKey string
sqlUpdateU2FDevicePublicKeyByUsername string sqlUpdateU2FDevicePublicKeyByUsername string
// Table: duo_devices // Table: duo_devices.
sqlUpsertDuoDevice string sqlUpsertDuoDevice string
sqlDeleteDuoDevice string sqlDeleteDuoDevice string
sqlSelectDuoDevice string sqlSelectDuoDevice string

View File

@ -39,7 +39,7 @@ func (rs *RodSession) doLoginTwoFactor(t *testing.T, page *rod.Page, username, p
rs.doLoginOneFactor(t, page, username, password, keepMeLoggedIn, targetURL) rs.doLoginOneFactor(t, page, username, password, keepMeLoggedIn, targetURL)
rs.verifyIsSecondFactorPage(t, page) rs.verifyIsSecondFactorPage(t, page)
rs.doValidateTOTP(t, page, otpSecret) rs.doValidateTOTP(t, page, otpSecret)
// timeout when targetURL is not defined to prevent a show stopping redirect when visiting a protected domain // timeout when targetURL is not defined to prevent a show stopping redirect when visiting a protected domain.
if targetURL == "" { if targetURL == "" {
time.Sleep(1 * time.Second) time.Sleep(1 * time.Second)
} }

View File

@ -11,10 +11,10 @@ import (
func (rs *RodSession) doInitiatePasswordReset(t *testing.T, page *rod.Page, username string) { func (rs *RodSession) doInitiatePasswordReset(t *testing.T, page *rod.Page, username string) {
err := rs.WaitElementLocatedByCSSSelector(t, page, "reset-password-button").Click("left") err := rs.WaitElementLocatedByCSSSelector(t, page, "reset-password-button").Click("left")
require.NoError(t, err) require.NoError(t, err)
// Fill in username // Fill in username.
err = rs.WaitElementLocatedByCSSSelector(t, page, "username-textfield").Input(username) err = rs.WaitElementLocatedByCSSSelector(t, page, "username-textfield").Input(username)
require.NoError(t, err) require.NoError(t, err)
// And click on the reset button // And click on the reset button.
err = rs.WaitElementLocatedByCSSSelector(t, page, "reset-button").Click("left") err = rs.WaitElementLocatedByCSSSelector(t, page, "reset-button").Click("left")
require.NoError(t, err) require.NoError(t, err)
} }
@ -49,7 +49,7 @@ func (rs *RodSession) doUnsuccessfulPasswordReset(t *testing.T, page *rod.Page,
func (rs *RodSession) doResetPassword(t *testing.T, page *rod.Page, username, newPassword1, newPassword2 string, unsuccessful bool) { func (rs *RodSession) doResetPassword(t *testing.T, page *rod.Page, username, newPassword1, newPassword2 string, unsuccessful bool) {
rs.doInitiatePasswordReset(t, page, username) rs.doInitiatePasswordReset(t, page, username)
// then wait for the "email sent notification" // then wait for the "email sent notification".
rs.verifyMailNotificationDisplayed(t, page) rs.verifyMailNotificationDisplayed(t, page)
if unsuccessful { if unsuccessful {

View File

@ -84,7 +84,7 @@ func (s *OIDCScenario) TestShouldAuthorizeAccessToOIDCApp() {
s.waitBodyContains(s.T(), s.Context(ctx), "Not logged yet...") s.waitBodyContains(s.T(), s.Context(ctx), "Not logged yet...")
// Search for the 'login' link // Search for the 'login' link.
err := s.Page.MustSearch("Log in").Click("left") err := s.Page.MustSearch("Log in").Click("left")
assert.NoError(s.T(), err) assert.NoError(s.T(), err)
@ -92,7 +92,7 @@ func (s *OIDCScenario) TestShouldAuthorizeAccessToOIDCApp() {
err = s.WaitElementLocatedByCSSSelector(s.T(), s.Context(ctx), "accept-button").Click("left") err = s.WaitElementLocatedByCSSSelector(s.T(), s.Context(ctx), "accept-button").Click("left")
assert.NoError(s.T(), err) assert.NoError(s.T(), err)
// Verify that the app is showing the info related to the user stored in the JWT token // Verify that the app is showing the info related to the user stored in the JWT token.
s.waitBodyContains(s.T(), s.Context(ctx), "Logged in as john!") s.waitBodyContains(s.T(), s.Context(ctx), "Logged in as john!")
} }
@ -111,7 +111,7 @@ func (s *OIDCScenario) TestShouldDenyConsent() {
s.waitBodyContains(s.T(), s.Context(ctx), "Not logged yet...") s.waitBodyContains(s.T(), s.Context(ctx), "Not logged yet...")
// Search for the 'login' link // Search for the 'login' link.
err := s.Page.MustSearch("Log in").Click("left") err := s.Page.MustSearch("Log in").Click("left")
assert.NoError(s.T(), err) assert.NoError(s.T(), err)

View File

@ -55,7 +55,7 @@ func (s *PasswordComplexityScenario) TestShouldRejectPasswordReset() {
s.doVisit(s.T(), s.Context(ctx), GetLoginBaseURL()) s.doVisit(s.T(), s.Context(ctx), GetLoginBaseURL())
s.verifyIsFirstFactorPage(s.T(), s.Context(ctx)) s.verifyIsFirstFactorPage(s.T(), s.Context(ctx))
// Attempt to reset the password to a // Attempt to reset the password to a.
s.doResetPassword(s.T(), s.Context(ctx), "john", "a", "a", true) s.doResetPassword(s.T(), s.Context(ctx), "john", "a", "a", true)
s.verifyNotificationDisplayed(s.T(), s.Context(ctx), "Your supplied password does not meet the password policy requirements.") s.verifyNotificationDisplayed(s.T(), s.Context(ctx), "Your supplied password does not meet the password policy requirements.")
} }

View File

@ -48,13 +48,13 @@ func (s *RedirectionCheckScenario) TearDownTest() {
} }
var redirectionAuthorizations = map[string]bool{ var redirectionAuthorizations = map[string]bool{
// external website // external website.
"https://www.google.fr": false, "https://www.google.fr": false,
// Not the right domain // Not the right domain.
"https://public.example.com.a:8080/secret.html": false, "https://public.example.com.a:8080/secret.html": false,
// Not https // Not https.
"http://secure.example.com:8080/secret.html": false, "http://secure.example.com:8080/secret.html": false,
// Domain handled by Authelia // Domain handled by Authelia.
"https://secure.example.com:8080/secret.html": true, "https://secure.example.com:8080/secret.html": true,
} }
@ -83,13 +83,13 @@ func (s *RedirectionCheckScenario) TestShouldRedirectOnLoginOnlyWhenDomainIsSafe
} }
var logoutRedirectionURLs = map[string]bool{ var logoutRedirectionURLs = map[string]bool{
// external website // external website.
"https://www.google.fr": false, "https://www.google.fr": false,
// Not the right domain // Not the right domain.
"https://public.example-not-right.com:8080/index.html": false, "https://public.example-not-right.com:8080/index.html": false,
// Not https // Not https.
"http://public.example.com:8080/index.html": false, "http://public.example.com:8080/index.html": false,
// Domain handled by Authelia // Domain handled by Authelia.
"https://public.example.com:8080/index.html": true, "https://public.example.com:8080/index.html": true,
} }

View File

@ -66,7 +66,7 @@ func (s *RegulationScenario) TestShouldBanUserAfterTooManyAttempt() {
require.NoError(s.T(), err) require.NoError(s.T(), err)
} }
// Enter the correct password and test the regulation lock out // Enter the correct password and test the regulation lock out.
err := s.WaitElementLocatedByCSSSelector(s.T(), s.Context(ctx), "password-textfield").Input("password") err := s.WaitElementLocatedByCSSSelector(s.T(), s.Context(ctx), "password-textfield").Input("password")
require.NoError(s.T(), err) require.NoError(s.T(), err)
err = s.WaitElementLocatedByCSSSelector(s.T(), s.Context(ctx), "sign-in-button").Click("left") err = s.WaitElementLocatedByCSSSelector(s.T(), s.Context(ctx), "sign-in-button").Click("left")
@ -76,7 +76,7 @@ func (s *RegulationScenario) TestShouldBanUserAfterTooManyAttempt() {
s.verifyIsFirstFactorPage(s.T(), s.Context(ctx)) s.verifyIsFirstFactorPage(s.T(), s.Context(ctx))
time.Sleep(10 * time.Second) time.Sleep(10 * time.Second)
// Enter the correct password and test a successful login // Enter the correct password and test a successful login.
err = s.WaitElementLocatedByCSSSelector(s.T(), s.Context(ctx), "password-textfield").Input("password") err = s.WaitElementLocatedByCSSSelector(s.T(), s.Context(ctx), "password-textfield").Input("password")
require.NoError(s.T(), err) require.NoError(s.T(), err)
err = s.WaitElementLocatedByCSSSelector(s.T(), s.Context(ctx), "sign-in-button").Click("left") err = s.WaitElementLocatedByCSSSelector(s.T(), s.Context(ctx), "sign-in-button").Click("left")

View File

@ -55,20 +55,20 @@ func (s *ResetPasswordScenario) TestShouldResetPassword() {
s.doVisit(s.T(), s.Context(ctx), GetLoginBaseURL()) s.doVisit(s.T(), s.Context(ctx), GetLoginBaseURL())
s.verifyIsFirstFactorPage(s.T(), s.Context(ctx)) s.verifyIsFirstFactorPage(s.T(), s.Context(ctx))
// Reset the password to abc // Reset the password to abc.
s.doResetPassword(s.T(), s.Context(ctx), "john", "abc", "abc", false) s.doResetPassword(s.T(), s.Context(ctx), "john", "abc", "abc", false)
// Try to login with the old password // Try to login with the old password.
s.doLoginOneFactor(s.T(), s.Context(ctx), "john", "password", false, "") s.doLoginOneFactor(s.T(), s.Context(ctx), "john", "password", false, "")
s.verifyNotificationDisplayed(s.T(), s.Context(ctx), "Incorrect username or password.") s.verifyNotificationDisplayed(s.T(), s.Context(ctx), "Incorrect username or password.")
// Try to login with the new password // Try to login with the new password.
s.doLoginOneFactor(s.T(), s.Context(ctx), "john", "abc", false, "") s.doLoginOneFactor(s.T(), s.Context(ctx), "john", "abc", false, "")
// Logout // Logout.
s.doLogout(s.T(), s.Context(ctx)) s.doLogout(s.T(), s.Context(ctx))
// Reset the original password // Reset the original password.
s.doResetPassword(s.T(), s.Context(ctx), "john", "password", "password", false) s.doResetPassword(s.T(), s.Context(ctx), "john", "password", "password", false)
} }
@ -85,7 +85,7 @@ func (s *ResetPasswordScenario) TestShouldMakeAttackerThinkPasswordResetIsInitia
// Try to initiate a password reset of an nonexistent user. // Try to initiate a password reset of an nonexistent user.
s.doInitiatePasswordReset(s.T(), s.Context(ctx), "i_dont_exist") s.doInitiatePasswordReset(s.T(), s.Context(ctx), "i_dont_exist")
// Check that the notification make the attacker thinks the process is initiated // Check that the notification make the attacker thinks the process is initiated.
s.verifyMailNotificationDisplayed(s.T(), s.Context(ctx)) s.verifyMailNotificationDisplayed(s.T(), s.Context(ctx))
} }

View File

@ -58,18 +58,18 @@ func (s *TwoFactorSuite) TestShouldAuthorizeSecretAfterTwoFactor() {
username := testUsername username := testUsername
password := testPassword password := testPassword
// Login and register TOTP, logout and login again with 1FA & 2FA // Login and register TOTP, logout and login again with 1FA & 2FA.
targetURL := fmt.Sprintf("%s/secret.html", AdminBaseURL) targetURL := fmt.Sprintf("%s/secret.html", AdminBaseURL)
_ = s.doRegisterAndLogin2FA(s.T(), s.Context(ctx), username, password, false, targetURL) _ = s.doRegisterAndLogin2FA(s.T(), s.Context(ctx), username, password, false, targetURL)
// And check if the user is redirected to the secret. // And check if the user is redirected to the secret.
s.verifySecretAuthorized(s.T(), s.Context(ctx)) s.verifySecretAuthorized(s.T(), s.Context(ctx))
// Leave the secret // Leave the secret.
s.doVisit(s.T(), s.Context(ctx), HomeBaseURL) s.doVisit(s.T(), s.Context(ctx), HomeBaseURL)
s.verifyIsHome(s.T(), s.Context(ctx)) s.verifyIsHome(s.T(), s.Context(ctx))
// And try to reload it again to check the session is kept // And try to reload it again to check the session is kept.
s.doVisit(s.T(), s.Context(ctx), targetURL) s.doVisit(s.T(), s.Context(ctx), targetURL)
s.verifySecretAuthorized(s.T(), s.Context(ctx)) s.verifySecretAuthorized(s.T(), s.Context(ctx))
} }

View File

@ -54,11 +54,11 @@ func (s *UserPreferencesScenario) TestShouldRememberLastUsed2FAMethod() {
s.collectScreenshot(ctx.Err(), s.Page) s.collectScreenshot(ctx.Err(), s.Page)
}() }()
// Authenticate // Authenticate.
s.doLoginOneFactor(s.T(), s.Context(ctx), "john", "password", false, "") s.doLoginOneFactor(s.T(), s.Context(ctx), "john", "password", false, "")
s.verifyIsSecondFactorPage(s.T(), s.Context(ctx)) s.verifyIsSecondFactorPage(s.T(), s.Context(ctx))
// Then switch to push notification method // Then switch to push notification method.
s.doChangeMethod(s.T(), s.Context(ctx), "push-notification") s.doChangeMethod(s.T(), s.Context(ctx), "push-notification")
s.WaitElementLocatedByCSSSelector(s.T(), s.Context(ctx), "push-notification-method") s.WaitElementLocatedByCSSSelector(s.T(), s.Context(ctx), "push-notification-method")
@ -71,7 +71,7 @@ func (s *UserPreferencesScenario) TestShouldRememberLastUsed2FAMethod() {
s.verifyIsSecondFactorPage(s.T(), s.Context(ctx)) s.verifyIsSecondFactorPage(s.T(), s.Context(ctx))
// And check the latest method is still used. // And check the latest method is still used.
s.WaitElementLocatedByCSSSelector(s.T(), s.Context(ctx), "push-notification-method") s.WaitElementLocatedByCSSSelector(s.T(), s.Context(ctx), "push-notification-method")
// Meaning the authentication is successful // Meaning the authentication is successful.
s.verifyIsHome(s.T(), s.Context(ctx)) s.verifyIsHome(s.T(), s.Context(ctx))
// Logout the user and see what user 'harry' sees. // Logout the user and see what user 'harry' sees.
@ -83,7 +83,7 @@ func (s *UserPreferencesScenario) TestShouldRememberLastUsed2FAMethod() {
s.doLogout(s.T(), s.Context(ctx)) s.doLogout(s.T(), s.Context(ctx))
s.verifyIsFirstFactorPage(s.T(), s.Context(ctx)) s.verifyIsFirstFactorPage(s.T(), s.Context(ctx))
// Then log back as previous user and verify the push notification is still the default method // Then log back as previous user and verify the push notification is still the default method.
s.doLoginOneFactor(s.T(), s.Context(ctx), "john", "password", false, "") s.doLoginOneFactor(s.T(), s.Context(ctx), "john", "password", false, "")
s.verifyIsSecondFactorPage(s.T(), s.Context(ctx)) s.verifyIsSecondFactorPage(s.T(), s.Context(ctx))
s.WaitElementLocatedByCSSSelector(s.T(), s.Context(ctx), "push-notification-method") s.WaitElementLocatedByCSSSelector(s.T(), s.Context(ctx), "push-notification-method")
@ -92,7 +92,7 @@ func (s *UserPreferencesScenario) TestShouldRememberLastUsed2FAMethod() {
s.doLogout(s.T(), s.Context(ctx)) s.doLogout(s.T(), s.Context(ctx))
s.doLoginOneFactor(s.T(), s.Context(ctx), "john", "password", false, "") s.doLoginOneFactor(s.T(), s.Context(ctx), "john", "password", false, "")
// Eventually restore the default method // Eventually restore the default method.
s.doChangeMethod(s.T(), s.Context(ctx), "one-time-password") s.doChangeMethod(s.T(), s.Context(ctx), "one-time-password")
s.WaitElementLocatedByCSSSelector(s.T(), s.Context(ctx), "one-time-password-method") s.WaitElementLocatedByCSSSelector(s.T(), s.Context(ctx), "one-time-password-method")
} }

View File

@ -132,18 +132,18 @@ func (s *DuoPushWebDriverSuite) TestShouldAutoSelectDevice() {
ConfigureDuoPreAuth(s.T(), PreAuthAPIResponse) ConfigureDuoPreAuth(s.T(), PreAuthAPIResponse)
ConfigureDuo(s.T(), Allow) ConfigureDuo(s.T(), Allow)
// Authenticate // Authenticate.
s.doLoginOneFactor(s.T(), s.Context(ctx), "john", "password", false, "") s.doLoginOneFactor(s.T(), s.Context(ctx), "john", "password", false, "")
// Switch Method where single Device should be selected automatically. // Switch Method where single Device should be selected automatically.
s.doChangeMethod(s.T(), s.Context(ctx), "push-notification") s.doChangeMethod(s.T(), s.Context(ctx), "push-notification")
s.verifyIsHome(s.T(), s.Context(ctx)) s.verifyIsHome(s.T(), s.Context(ctx))
// Re-Login the user // Re-Login the user.
s.doLogout(s.T(), s.Context(ctx)) s.doLogout(s.T(), s.Context(ctx))
s.doLoginOneFactor(s.T(), s.Context(ctx), "john", "password", false, "") s.doLoginOneFactor(s.T(), s.Context(ctx), "john", "password", false, "")
// And check the latest method and device is still used. // And check the latest method and device is still used.
s.WaitElementLocatedByCSSSelector(s.T(), s.Context(ctx), "push-notification-method") s.WaitElementLocatedByCSSSelector(s.T(), s.Context(ctx), "push-notification-method")
// Meaning the authentication is successful // Meaning the authentication is successful.
s.verifyIsHome(s.T(), s.Context(ctx)) s.verifyIsHome(s.T(), s.Context(ctx))
} }
@ -171,7 +171,7 @@ func (s *DuoPushWebDriverSuite) TestShouldSelectDevice() {
ConfigureDuoPreAuth(s.T(), PreAuthAPIResponse) ConfigureDuoPreAuth(s.T(), PreAuthAPIResponse)
ConfigureDuo(s.T(), Allow) ConfigureDuo(s.T(), Allow)
// Authenticate // Authenticate.
s.doLoginOneFactor(s.T(), s.Context(ctx), "john", "password", false, "") s.doLoginOneFactor(s.T(), s.Context(ctx), "john", "password", false, "")
// Switch Method where Device Selection should open automatically. // Switch Method where Device Selection should open automatically.
s.doChangeMethod(s.T(), s.Context(ctx), "push-notification") s.doChangeMethod(s.T(), s.Context(ctx), "push-notification")
@ -183,12 +183,12 @@ func (s *DuoPushWebDriverSuite) TestShouldSelectDevice() {
s.doChangeDevice(s.T(), s.Context(ctx), "1234567890ABCDEFGHIJ") s.doChangeDevice(s.T(), s.Context(ctx), "1234567890ABCDEFGHIJ")
s.verifyIsHome(s.T(), s.Context(ctx)) s.verifyIsHome(s.T(), s.Context(ctx))
// Re-Login the user // Re-Login the user.
s.doLogout(s.T(), s.Context(ctx)) s.doLogout(s.T(), s.Context(ctx))
s.doLoginOneFactor(s.T(), s.Context(ctx), "john", "password", false, "") s.doLoginOneFactor(s.T(), s.Context(ctx), "john", "password", false, "")
// And check the latest method and device is still used. // And check the latest method and device is still used.
s.WaitElementLocatedByCSSSelector(s.T(), s.Context(ctx), "push-notification-method") s.WaitElementLocatedByCSSSelector(s.T(), s.Context(ctx), "push-notification-method")
// Meaning the authentication is successful // Meaning the authentication is successful.
s.verifyIsHome(s.T(), s.Context(ctx)) s.verifyIsHome(s.T(), s.Context(ctx))
} }

View File

@ -87,7 +87,7 @@ func (s *HighAvailabilityWebDriverSuite) TestShouldKeepUserSessionActiveWithPrim
s.doVisit(s.T(), s.Context(ctx), HomeBaseURL) s.doVisit(s.T(), s.Context(ctx), HomeBaseURL)
s.verifyIsHome(s.T(), s.Context(ctx)) s.verifyIsHome(s.T(), s.Context(ctx))
// Verify the user is still authenticated // Verify the user is still authenticated.
s.doVisit(s.T(), s.Context(ctx), GetLoginBaseURL()) s.doVisit(s.T(), s.Context(ctx), GetLoginBaseURL())
s.verifyIsSecondFactorPage(s.T(), s.Context(ctx)) s.verifyIsSecondFactorPage(s.T(), s.Context(ctx))
@ -130,7 +130,7 @@ func (s *HighAvailabilityWebDriverSuite) TestShouldKeepUserSessionActiveWithPrim
s.doVisit(s.T(), s.Context(ctx), HomeBaseURL) s.doVisit(s.T(), s.Context(ctx), HomeBaseURL)
s.verifyIsHome(s.T(), s.Context(ctx)) s.verifyIsHome(s.T(), s.Context(ctx))
// Verify the user is still authenticated // Verify the user is still authenticated.
s.doVisit(s.T(), s.Context(ctx), GetLoginBaseURL()) s.doVisit(s.T(), s.Context(ctx), GetLoginBaseURL())
s.verifyIsSecondFactorPage(s.T(), s.Context(ctx)) s.verifyIsSecondFactorPage(s.T(), s.Context(ctx))
} }
@ -170,11 +170,11 @@ func (s *HighAvailabilityWebDriverSuite) TestShouldKeepSessionAfterAutheliaResta
s.doVisit(s.T(), s.Context(ctx), HomeBaseURL) s.doVisit(s.T(), s.Context(ctx), HomeBaseURL)
s.verifyIsHome(s.T(), s.Context(ctx)) s.verifyIsHome(s.T(), s.Context(ctx))
// Verify the user is still authenticated // Verify the user is still authenticated.
s.doVisit(s.T(), s.Context(ctx), GetLoginBaseURL()) s.doVisit(s.T(), s.Context(ctx), GetLoginBaseURL())
s.verifyIsSecondFactorPage(s.T(), s.Context(ctx)) s.verifyIsSecondFactorPage(s.T(), s.Context(ctx))
// Then logout and login again to check the secret is still there // Then logout and login again to check the secret is still there.
s.doLogout(s.T(), s.Context(ctx)) s.doLogout(s.T(), s.Context(ctx))
s.verifyIsFirstFactorPage(s.T(), s.Context(ctx)) s.verifyIsFirstFactorPage(s.T(), s.Context(ctx))

View File

@ -17,7 +17,7 @@ func init() {
"internal/suites/example/compose/nginx/portal/docker-compose.yml", "internal/suites/example/compose/nginx/portal/docker-compose.yml",
"internal/suites/example/compose/squid/docker-compose.yml", "internal/suites/example/compose/squid/docker-compose.yml",
"internal/suites/example/compose/smtp/docker-compose.yml", "internal/suites/example/compose/smtp/docker-compose.yml",
// To debug headers // To debug headers.
"internal/suites/example/compose/httpbin/docker-compose.yml", "internal/suites/example/compose/httpbin/docker-compose.yml",
}) })

View File

@ -10,8 +10,8 @@ var standaloneSuiteName = "Standalone"
func init() { func init() {
_ = os.MkdirAll("/tmp/authelia/StandaloneSuite/", 0700) _ = os.MkdirAll("/tmp/authelia/StandaloneSuite/", 0700)
_ = os.WriteFile("/tmp/authelia/StandaloneSuite/jwt", []byte("very_important_secret"), 0600) _ = os.WriteFile("/tmp/authelia/StandaloneSuite/jwt", []byte("very_important_secret"), 0600) //nolint:gosec
_ = os.WriteFile("/tmp/authelia/StandaloneSuite/session", []byte("unsecure_session_secret"), 0600) _ = os.WriteFile("/tmp/authelia/StandaloneSuite/session", []byte("unsecure_session_secret"), 0600) //nolint:gosec
dockerEnvironment := NewDockerEnvironment([]string{ dockerEnvironment := NewDockerEnvironment([]string{
"internal/suites/docker-compose.yml", "internal/suites/docker-compose.yml",

View File

@ -139,7 +139,7 @@ func (s *StandaloneWebDriverSuite) TestShouldCheckUserIsAskedToRegisterDevice()
// Login one factor again. // Login one factor again.
s.doLoginOneFactor(s.T(), s.Context(ctx), username, password, false, "") s.doLoginOneFactor(s.T(), s.Context(ctx), username, password, false, "")
// now the user should be asked to perform 2FA // now the user should be asked to perform 2FA.
s.WaitElementLocatedByClassName(s.T(), s.Context(ctx), "state-method") s.WaitElementLocatedByClassName(s.T(), s.Context(ctx), "state-method")
} }

View File

@ -136,12 +136,12 @@ func RunFuncUntilCtrlC(fn func() error) error {
// RunCommandWithTimeout run a command with timeout. // RunCommandWithTimeout run a command with timeout.
func RunCommandWithTimeout(cmd *exec.Cmd, timeout time.Duration) error { func RunCommandWithTimeout(cmd *exec.Cmd, timeout time.Duration) error {
// Start a process: // Start a process.
if err := cmd.Start(); err != nil { if err := cmd.Start(); err != nil {
log.Fatal(err) log.Fatal(err)
} }
// Wait for the process to finish or kill it after a timeout (whichever happens first): // Wait for the process to finish or kill it after a timeout (whichever happens first).
done := make(chan error, 1) done := make(chan error, 1)
go func() { go func() {

View File

@ -76,7 +76,7 @@ func ParseRsaPublicKeyFromPemStr(pubPEM string) (*rsa.PublicKey, error) {
case *rsa.PublicKey: case *rsa.PublicKey:
return pub, nil return pub, nil
default: default:
break // fall through break // fall through.
} }
return nil, errors.New("key type is not RSA") return nil, errors.New("key type is not RSA")

View File

@ -43,7 +43,7 @@ func ParseDurationString(input string) (time.Duration, error) {
duration = time.Duration(seconds) * time.Second duration = time.Duration(seconds) * time.Second
case input != "": case input != "":
// Throw this error if input is anything other than a blank string, blank string will default to a duration of nothing // Throw this error if input is anything other than a blank string, blank string will default to a duration of nothing.
return 0, fmt.Errorf("could not convert the input string of %s into a duration", input) return 0, fmt.Errorf("could not convert the input string of %s into a duration", input)
} }