refactor: apply godot recommendations (#2839)

This commit is contained in:
James Elliott 2022-01-31 16:25:15 +11:00 committed by GitHub
parent 357c654db8
commit 1772a83190
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
41 changed files with 101 additions and 101 deletions

View File

@ -46,19 +46,19 @@ var hostEntries = []HostEntry{
{Domain: "proxy-client2.example.com", IP: "192.168.240.202"},
{Domain: "proxy-client3.example.com", IP: "192.168.240.203"},
// Redis Replicas
// Redis Replicas.
{Domain: "redis-node-0.example.com", IP: "192.168.240.110"},
{Domain: "redis-node-1.example.com", IP: "192.168.240.111"},
{Domain: "redis-node-2.example.com", IP: "192.168.240.112"},
// Redis Sentinel Replicas
// Redis Sentinel Replicas.
{Domain: "redis-sentinel-0.example.com", IP: "192.168.240.120"},
{Domain: "redis-sentinel-1.example.com", IP: "192.168.240.121"},
{Domain: "redis-sentinel-2.example.com", IP: "192.168.240.122"},
// Kubernetes dashboard.
{Domain: "kubernetes.example.com", IP: "192.168.240.110"},
// OIDC tester app
// OIDC tester app.
{Domain: "oidc.example.com", IP: "192.168.240.100"},
{Domain: "oidc-public.example.com", IP: "192.168.240.100"},
}

View File

@ -125,7 +125,7 @@ func setupSuite(cmd *cobra.Command, args []string) {
}
}
// Create the .suite file
// Create the .suite file.
if err := createRunningSuiteFile(suiteName); err != nil {
log.Fatal(err)
}

View File

@ -53,7 +53,7 @@ func NewFileUserProvider(configuration *schema.FileAuthenticationBackendConfigur
panic(err)
}
// Early check whether hashed passwords are correct for all users
// Early check whether hashed passwords are correct for all users.
err = checkPasswordHashes(database)
if err != nil {
panic(err)

View File

@ -19,7 +19,7 @@ func WithDatabase(content []byte, f func(path string)) {
log.Fatal(err)
}
defer os.Remove(tmpfile.Name()) // Clean up
defer os.Remove(tmpfile.Name()) // Clean up.
if _, err := tmpfile.Write(content); err != nil {
tmpfile.Close()

View File

@ -89,10 +89,10 @@ func TestEscapeSpecialCharsFromUserInput(t *testing.T) {
nil,
mockFactory)
// No escape
// No escape.
assert.Equal(t, "xyz", ldapClient.ldapEscape("xyz"))
// Escape
// Escape.
assert.Equal(t, "test\\,abc", ldapClient.ldapEscape("test,abc"))
assert.Equal(t, "test\\5cabc", ldapClient.ldapEscape("test\\abc"))
assert.Equal(t, "test\\2aabc", ldapClient.ldapEscape("test*abc"))

View File

@ -9,7 +9,7 @@ type IdentityProvidersConfiguration struct {
// OpenIDConnectConfiguration configuration for OpenID Connect.
type OpenIDConnectConfiguration struct {
// This secret must be 32 bytes long
// This secret must be 32 bytes long.
HMACSecret string `koanf:"hmac_secret"`
IssuerPrivateKey string `koanf:"issuer_private_key"`

View File

@ -45,7 +45,7 @@ func validateFileAuthenticationBackend(configuration *schema.FileAuthenticationB
if configuration.Password == nil {
configuration.Password = &schema.DefaultPasswordConfiguration
} else {
// Salt Length
// Salt Length.
switch {
case configuration.Password.SaltLength == 0:
configuration.Password.SaltLength = schema.DefaultPasswordConfiguration.SaltLength
@ -72,32 +72,32 @@ func validateFileAuthenticationBackend(configuration *schema.FileAuthenticationB
}
func validateFileAuthenticationBackendSHA512(configuration *schema.FileAuthenticationBackendConfiguration) {
// Iterations (time)
// Iterations (time).
if configuration.Password.Iterations == 0 {
configuration.Password.Iterations = schema.DefaultPasswordSHA512Configuration.Iterations
}
}
func validateFileAuthenticationBackendArgon2id(configuration *schema.FileAuthenticationBackendConfiguration, validator *schema.StructValidator) {
// Iterations (time)
// Iterations (time).
if configuration.Password.Iterations == 0 {
configuration.Password.Iterations = schema.DefaultPasswordConfiguration.Iterations
}
// Parallelism
// Parallelism.
if configuration.Password.Parallelism == 0 {
configuration.Password.Parallelism = schema.DefaultPasswordConfiguration.Parallelism
} else if configuration.Password.Parallelism < 1 {
validator.Push(fmt.Errorf("Parallelism for argon2id must be 1 or more, you configured %d", configuration.Password.Parallelism))
}
// Memory
// Memory.
if configuration.Password.Memory == 0 {
configuration.Password.Memory = schema.DefaultPasswordConfiguration.Memory
} else if configuration.Password.Memory < configuration.Password.Parallelism*8 {
validator.Push(fmt.Errorf("Memory for argon2id must be %d or more (parallelism * 8), you configured memory as %d and parallelism as %d", configuration.Password.Parallelism*8, configuration.Password.Memory, configuration.Password.Parallelism))
}
// Key Length
// Key Length.
if configuration.Password.KeyLength == 0 {
configuration.Password.KeyLength = schema.DefaultPasswordConfiguration.KeyLength
} else if configuration.Password.KeyLength < 16 {
@ -185,12 +185,12 @@ func validateLDAPURL(ldapURL string, validator *schema.StructValidator) (finalUR
}
func validateLDAPRequiredParameters(configuration *schema.LDAPAuthenticationBackendConfiguration, validator *schema.StructValidator) {
// TODO: see if it's possible to disable this check if disable_reset_password is set and when anonymous/user binding is supported (#101 and #387)
// TODO: see if it's possible to disable this check if disable_reset_password is set and when anonymous/user binding is supported (#101 and #387).
if configuration.User == "" {
validator.Push(errors.New("Please provide a user name to connect to the LDAP server"))
}
// TODO: see if it's possible to disable this check if disable_reset_password is set and when anonymous/user binding is supported (#101 and #387)
// TODO: see if it's possible to disable this check if disable_reset_password is set and when anonymous/user binding is supported (#101 and #387).
if configuration.Password == "" {
validator.Push(errors.New("Please provide a password to connect to the LDAP server"))
}

View File

@ -10,11 +10,11 @@ import (
// ValidateRegulation validates and update regulator configuration.
func ValidateRegulation(configuration *schema.RegulationConfiguration, validator *schema.StructValidator) {
if configuration.FindTime == "" {
configuration.FindTime = schema.DefaultRegulationConfiguration.FindTime // 2 min
configuration.FindTime = schema.DefaultRegulationConfiguration.FindTime // 2 min.
}
if configuration.BanTime == "" {
configuration.BanTime = schema.DefaultRegulationConfiguration.BanTime // 5 min
configuration.BanTime = schema.DefaultRegulationConfiguration.BanTime // 5 min.
}
findTime, err := utils.ParseDurationString(configuration.FindTime)

View File

@ -32,19 +32,19 @@ func ValidateSession(configuration *schema.SessionConfiguration, validator *sche
func validateSession(configuration *schema.SessionConfiguration, validator *schema.StructValidator) {
if configuration.Expiration == "" {
configuration.Expiration = schema.DefaultSessionConfiguration.Expiration // 1 hour
configuration.Expiration = schema.DefaultSessionConfiguration.Expiration // 1 hour.
} else if _, err := utils.ParseDurationString(configuration.Expiration); err != nil {
validator.Push(fmt.Errorf("Error occurred parsing session expiration string: %s", err))
}
if configuration.Inactivity == "" {
configuration.Inactivity = schema.DefaultSessionConfiguration.Inactivity // 5 min
configuration.Inactivity = schema.DefaultSessionConfiguration.Inactivity // 5 min.
} else if _, err := utils.ParseDurationString(configuration.Inactivity); err != nil {
validator.Push(fmt.Errorf("Error occurred parsing session inactivity string: %s", err))
}
if configuration.RememberMeDuration == "" {
configuration.RememberMeDuration = schema.DefaultSessionConfiguration.RememberMeDuration // 1 month
configuration.RememberMeDuration = schema.DefaultSessionConfiguration.RememberMeDuration // 1 month.
} else if _, err := utils.ParseDurationString(configuration.RememberMeDuration); err != nil {
validator.Push(fmt.Errorf("Error occurred parsing session remember_me_duration string: %s", err))
}

View File

@ -13,4 +13,4 @@ const (
)
// PossibleMethods is the set of all possible Duo 2FA methods.
var PossibleMethods = []string{Push} // OTP, Phone, SMS
var PossibleMethods = []string{Push} // OTP, Phone, SMS.

View File

@ -91,10 +91,10 @@ func FirstFactorPost(delayFunc middlewares.TimingAttackDelayFunc) middlewares.Re
return
}
// Check if bodyJSON.KeepMeLoggedIn can be deref'd and derive the value based on the configuration and JSON data
// Check if bodyJSON.KeepMeLoggedIn can be deref'd and derive the value based on the configuration and JSON data.
keepMeLoggedIn := ctx.Providers.SessionProvider.RememberMe != 0 && bodyJSON.KeepMeLoggedIn != nil && *bodyJSON.KeepMeLoggedIn
// Set the cookie to expire if remember me is enabled and the user has asked us to
// Set the cookie to expire if remember me is enabled and the user has asked us to.
if keepMeLoggedIn {
err = ctx.Providers.SessionProvider.UpdateExpiration(ctx.RequestCtx, ctx.Providers.SessionProvider.RememberMe)
if err != nil {

View File

@ -33,13 +33,13 @@ func (s *FirstFactorSuite) TearDownTest() {
func (s *FirstFactorSuite) TestShouldFailIfBodyIsNil() {
FirstFactorPost(nil)(s.mock.Ctx)
// No body
// No body.
assert.Equal(s.T(), "Failed to parse 1FA request body: unable to parse body: unexpected end of JSON input", s.mock.Hook.LastEntry().Message)
s.mock.Assert401KO(s.T(), "Authentication failed. Check your credentials.")
}
func (s *FirstFactorSuite) TestShouldFailIfBodyIsInBadFormat() {
// Missing password
// Missing password.
s.mock.Ctx.Request.SetBodyString(`{
"username": "test"
}`)

View File

@ -65,7 +65,7 @@ func SecondFactorU2FSignGet(ctx *middlewares.AutheliaCtx) {
},
}
// Save the challenge and registration for use in next request
// Save the challenge and registration for use in next request.
userSession.U2FRegistration = &session.U2FRegistration{
KeyHandle: device.KeyHandle,
PublicKey: device.PublicKey,

View File

@ -73,7 +73,7 @@ func isTargetURLAuthorized(authorizer *authorization.Authorizer, targetURL url.U
// deduce the access is forbidden
// For anonymous users though, we cannot be sure that she
// could not be granted the rights to access the resource. Consequently
// for anonymous users we send Unauthorized instead of Forbidden
// for anonymous users we send Unauthorized instead of Forbidden.
return Forbidden
case level == authorization.OneFactor && authLevel >= authentication.OneFactor,
level == authorization.TwoFactor && authLevel >= authentication.TwoFactor:
@ -100,7 +100,7 @@ func verifyBasicAuth(ctx *middlewares.AutheliaCtx, header, auth []byte) (usernam
// If the user is not correctly authenticated, send a 401.
if !authenticated {
// Request Basic Authentication otherwise
// Request Basic Authentication otherwise.
return "", "", nil, nil, authentication.NotAuthenticated, fmt.Errorf("user %s is not authenticated", username)
}
@ -391,7 +391,7 @@ func getProfileRefreshSettings(cfg schema.AuthenticationBackendConfiguration) (r
refresh = true
if cfg.RefreshInterval != schema.ProfileRefreshAlways {
// Skip Error Check since validator checks it
// Skip Error Check since validator checks it.
refreshInterval, _ = utils.ParseDurationString(cfg.RefreshInterval)
} else {
refreshInterval = schema.RefreshIntervalAlways

View File

@ -1023,7 +1023,7 @@ func TestShouldDestroySessionWhenUserNotExist(t *testing.T) {
userSession = mock.Ctx.GetSession()
assert.Equal(t, clock.Now().Add(5*time.Minute).Unix(), userSession.RefreshTTL.Unix())
// Simulate a Deleted User
// Simulate a Deleted User.
userSession.RefreshTTL = clock.Now().Add(-1 * time.Minute)
err = mock.Ctx.SaveSession(userSession)

View File

@ -151,7 +151,7 @@ func IdentityVerificationFinish(args IdentityVerificationFinishArgs, next func(c
ctx.Error(fmt.Errorf("Cannot parse token"), messageOperationFailed)
return
case ve.Errors&(jwt.ValidationErrorExpired|jwt.ValidationErrorNotValidYet) != 0:
// Token is either expired or not active yet
// Token is either expired or not active yet.
ctx.Error(fmt.Errorf("Token expired"), messageIdentityVerificationTokenHasExpired)
return
default:

View File

@ -117,7 +117,7 @@ func NewMockAutheliaCtx(t *testing.T) *MockAutheliaCtx {
request := &fasthttp.RequestCtx{}
// Set a cookie to identify this client throughout the test.
// request.Request.Header.SetCookie("authelia_session", "client_cookie")
// request.Request.Header.SetCookie("authelia_session", "client_cookie").
autheliaCtx, _ := middlewares.NewAutheliaCtx(request, configuration, providers)
mockAuthelia.Ctx = autheliaCtx

View File

@ -38,7 +38,7 @@ func NewSMTPNotifier(configuration *schema.SMTPNotifierConfiguration, certPool *
// Do startTLS if available (some servers only provide the auth extension after, and encryption is preferred).
func (n *SMTPNotifier) startTLS() error {
// Only start if not already encrypted
// Only start if not already encrypted.
if _, ok := n.client.TLSConnectionState(); ok {
n.log.Debugf("Notifier SMTP connection is already encrypted, skipping STARTTLS")
return nil

View File

@ -1,10 +1,10 @@
package ntp
const (
ntpClientModeValue uint8 = 3 // 00000011
ntpLeapEnabledValue uint8 = 64 // 01000000
ntpVersion3Value uint8 = 24 // 00011000
ntpVersion4Value uint8 = 40 // 00101000
ntpClientModeValue uint8 = 3 // 00000011.
ntpLeapEnabledValue uint8 = 64 // 01000000.
ntpVersion3Value uint8 = 24 // 00011000.
ntpVersion4Value uint8 = 40 // 00101000.
)
const ntpEpochOffset = 2208988800

View File

@ -72,7 +72,7 @@ func NewOpenIDConnectProvider(configuration *schema.OpenIDConnectConfiguration)
compose.OAuth2ClientCredentialsGrantFactory,
compose.OAuth2RefreshTokenGrantFactory,
compose.OAuth2ResourceOwnerPasswordCredentialsFactory,
// compose.RFC7523AssertionGrantFactory,
// compose.RFC7523AssertionGrantFactory,.
compose.OpenIDConnectExplicitFactory,
compose.OpenIDConnectImplicitFactory,
@ -82,7 +82,7 @@ func NewOpenIDConnectProvider(configuration *schema.OpenIDConnectConfiguration)
compose.OAuth2TokenIntrospectionFactory,
compose.OAuth2TokenRevocationFactory,
// compose.OAuth2PKCEFactory,
// compose.OAuth2PKCEFactory,.
)
provider.herodot = herodot.NewJSONWriter(nil)

View File

@ -282,7 +282,7 @@ func (s *RegulatorSuite) TestShouldHaveRegulatorDisabled() {
LoadAuthenticationLogs(s.ctx, gomock.Eq("john"), gomock.Any(), gomock.Eq(10), gomock.Eq(0)).
Return(attemptsInDB, nil)
// Check Disabled Functionality
// Check Disabled Functionality.
configuration := schema.RegulationConfiguration{
MaxRetries: 0,
FindTime: "180",
@ -293,7 +293,7 @@ func (s *RegulatorSuite) TestShouldHaveRegulatorDisabled() {
_, err := regulator.Regulate(s.ctx, "john")
assert.NoError(s.T(), err)
// Check Enabled Functionality
// Check Enabled Functionality.
configuration = schema.RegulationConfiguration{
MaxRetries: 1,
FindTime: "180",

View File

@ -11,7 +11,7 @@ import (
type Regulator struct {
// Is the regulation enabled.
enabled bool
// The number of failed authentication attempt before banning the user
// The number of failed authentication attempt before banning the user.
maxRetries int
// If a user does the max number of retries within that duration, she will be banned.
findTime time.Duration

View File

@ -59,7 +59,7 @@ func TestShouldCreateRedisSessionProviderTLS(t *testing.T) {
pConfig := providerConfig.redisConfig
assert.Equal(t, "redis.example.com:6379", pConfig.Addr)
assert.Equal(t, "pass", pConfig.Password)
// DbNumber is the fasthttp/session property for the Redis DB Index
// DbNumber is the fasthttp/session property for the Redis DB Index.
assert.Equal(t, 0, pConfig.DB)
assert.Equal(t, 0, pConfig.PoolSize)
assert.Equal(t, 0, pConfig.MinIdleConns)
@ -94,7 +94,7 @@ func TestShouldCreateRedisSessionProvider(t *testing.T) {
pConfig := providerConfig.redisConfig
assert.Equal(t, "redis.example.com:6379", pConfig.Addr)
assert.Equal(t, "pass", pConfig.Password)
// DbNumber is the fasthttp/session property for the Redis DB Index
// DbNumber is the fasthttp/session property for the Redis DB Index.
assert.Equal(t, 0, pConfig.DB)
assert.Equal(t, 0, pConfig.PoolSize)
assert.Equal(t, 0, pConfig.MinIdleConns)
@ -180,7 +180,7 @@ func TestShouldCreateRedisSentinelSessionProvider(t *testing.T) {
assert.Equal(t, 8, pConfig.PoolSize)
assert.Equal(t, 2, pConfig.MinIdleConns)
// DbNumber is the fasthttp/session property for the Redis DB Index
// DbNumber is the fasthttp/session property for the Redis DB Index.
assert.Equal(t, 0, pConfig.DB)
assert.Nil(t, pConfig.TLSConfig)
}
@ -233,7 +233,7 @@ func TestShouldCreateRedisSessionProviderWithUnixSocket(t *testing.T) {
pConfig := providerConfig.redisConfig
assert.Equal(t, "/var/run/redis/redis.sock", pConfig.Addr)
assert.Equal(t, "pass", pConfig.Password)
// DbNumber is the fasthttp/session property for the Redis DB Index
// DbNumber is the fasthttp/session property for the Redis DB Index.
assert.Equal(t, 0, pConfig.DB)
assert.Nil(t, pConfig.TLSConfig)
}
@ -256,7 +256,7 @@ func TestShouldSetDbNumber(t *testing.T) {
assert.Equal(t, "redis", providerConfig.providerName)
pConfig := providerConfig.redisConfig
// DbNumber is the fasthttp/session property for the Redis DB Index
// DbNumber is the fasthttp/session property for the Redis DB Index.
assert.Equal(t, 5, pConfig.DB)
}
@ -277,7 +277,7 @@ func TestShouldUseEncryptingSerializerWithRedis(t *testing.T) {
encoded, err := providerConfig.config.EncodeFunc(payload)
require.NoError(t, err)
// Now we try to decrypt what has been serialized
// Now we try to decrypt what has been serialized.
key := sha256.Sum256([]byte("abc"))
decrypted, err := utils.Decrypt(encoded, &key)
require.NoError(t, err)

View File

@ -111,7 +111,7 @@ type SQLProvider struct {
sqlUpdateU2FDevicePublicKey string
sqlUpdateU2FDevicePublicKeyByUsername string
// Table: duo_devices
// Table: duo_devices.
sqlUpsertDuoDevice string
sqlDeleteDuoDevice string
sqlSelectDuoDevice string

View File

@ -39,7 +39,7 @@ func (rs *RodSession) doLoginTwoFactor(t *testing.T, page *rod.Page, username, p
rs.doLoginOneFactor(t, page, username, password, keepMeLoggedIn, targetURL)
rs.verifyIsSecondFactorPage(t, page)
rs.doValidateTOTP(t, page, otpSecret)
// timeout when targetURL is not defined to prevent a show stopping redirect when visiting a protected domain
// timeout when targetURL is not defined to prevent a show stopping redirect when visiting a protected domain.
if targetURL == "" {
time.Sleep(1 * time.Second)
}

View File

@ -11,10 +11,10 @@ import (
func (rs *RodSession) doInitiatePasswordReset(t *testing.T, page *rod.Page, username string) {
err := rs.WaitElementLocatedByCSSSelector(t, page, "reset-password-button").Click("left")
require.NoError(t, err)
// Fill in username
// Fill in username.
err = rs.WaitElementLocatedByCSSSelector(t, page, "username-textfield").Input(username)
require.NoError(t, err)
// And click on the reset button
// And click on the reset button.
err = rs.WaitElementLocatedByCSSSelector(t, page, "reset-button").Click("left")
require.NoError(t, err)
}
@ -49,7 +49,7 @@ func (rs *RodSession) doUnsuccessfulPasswordReset(t *testing.T, page *rod.Page,
func (rs *RodSession) doResetPassword(t *testing.T, page *rod.Page, username, newPassword1, newPassword2 string, unsuccessful bool) {
rs.doInitiatePasswordReset(t, page, username)
// then wait for the "email sent notification"
// then wait for the "email sent notification".
rs.verifyMailNotificationDisplayed(t, page)
if unsuccessful {

View File

@ -84,7 +84,7 @@ func (s *OIDCScenario) TestShouldAuthorizeAccessToOIDCApp() {
s.waitBodyContains(s.T(), s.Context(ctx), "Not logged yet...")
// Search for the 'login' link
// Search for the 'login' link.
err := s.Page.MustSearch("Log in").Click("left")
assert.NoError(s.T(), err)
@ -92,7 +92,7 @@ func (s *OIDCScenario) TestShouldAuthorizeAccessToOIDCApp() {
err = s.WaitElementLocatedByCSSSelector(s.T(), s.Context(ctx), "accept-button").Click("left")
assert.NoError(s.T(), err)
// Verify that the app is showing the info related to the user stored in the JWT token
// Verify that the app is showing the info related to the user stored in the JWT token.
s.waitBodyContains(s.T(), s.Context(ctx), "Logged in as john!")
}
@ -111,7 +111,7 @@ func (s *OIDCScenario) TestShouldDenyConsent() {
s.waitBodyContains(s.T(), s.Context(ctx), "Not logged yet...")
// Search for the 'login' link
// Search for the 'login' link.
err := s.Page.MustSearch("Log in").Click("left")
assert.NoError(s.T(), err)

View File

@ -55,7 +55,7 @@ func (s *PasswordComplexityScenario) TestShouldRejectPasswordReset() {
s.doVisit(s.T(), s.Context(ctx), GetLoginBaseURL())
s.verifyIsFirstFactorPage(s.T(), s.Context(ctx))
// Attempt to reset the password to a
// Attempt to reset the password to a.
s.doResetPassword(s.T(), s.Context(ctx), "john", "a", "a", true)
s.verifyNotificationDisplayed(s.T(), s.Context(ctx), "Your supplied password does not meet the password policy requirements.")
}

View File

@ -48,13 +48,13 @@ func (s *RedirectionCheckScenario) TearDownTest() {
}
var redirectionAuthorizations = map[string]bool{
// external website
// external website.
"https://www.google.fr": false,
// Not the right domain
// Not the right domain.
"https://public.example.com.a:8080/secret.html": false,
// Not https
// Not https.
"http://secure.example.com:8080/secret.html": false,
// Domain handled by Authelia
// Domain handled by Authelia.
"https://secure.example.com:8080/secret.html": true,
}
@ -83,13 +83,13 @@ func (s *RedirectionCheckScenario) TestShouldRedirectOnLoginOnlyWhenDomainIsSafe
}
var logoutRedirectionURLs = map[string]bool{
// external website
// external website.
"https://www.google.fr": false,
// Not the right domain
// Not the right domain.
"https://public.example-not-right.com:8080/index.html": false,
// Not https
// Not https.
"http://public.example.com:8080/index.html": false,
// Domain handled by Authelia
// Domain handled by Authelia.
"https://public.example.com:8080/index.html": true,
}

View File

@ -66,7 +66,7 @@ func (s *RegulationScenario) TestShouldBanUserAfterTooManyAttempt() {
require.NoError(s.T(), err)
}
// Enter the correct password and test the regulation lock out
// Enter the correct password and test the regulation lock out.
err := s.WaitElementLocatedByCSSSelector(s.T(), s.Context(ctx), "password-textfield").Input("password")
require.NoError(s.T(), err)
err = s.WaitElementLocatedByCSSSelector(s.T(), s.Context(ctx), "sign-in-button").Click("left")
@ -76,7 +76,7 @@ func (s *RegulationScenario) TestShouldBanUserAfterTooManyAttempt() {
s.verifyIsFirstFactorPage(s.T(), s.Context(ctx))
time.Sleep(10 * time.Second)
// Enter the correct password and test a successful login
// Enter the correct password and test a successful login.
err = s.WaitElementLocatedByCSSSelector(s.T(), s.Context(ctx), "password-textfield").Input("password")
require.NoError(s.T(), err)
err = s.WaitElementLocatedByCSSSelector(s.T(), s.Context(ctx), "sign-in-button").Click("left")

View File

@ -55,20 +55,20 @@ func (s *ResetPasswordScenario) TestShouldResetPassword() {
s.doVisit(s.T(), s.Context(ctx), GetLoginBaseURL())
s.verifyIsFirstFactorPage(s.T(), s.Context(ctx))
// Reset the password to abc
// Reset the password to abc.
s.doResetPassword(s.T(), s.Context(ctx), "john", "abc", "abc", false)
// Try to login with the old password
// Try to login with the old password.
s.doLoginOneFactor(s.T(), s.Context(ctx), "john", "password", false, "")
s.verifyNotificationDisplayed(s.T(), s.Context(ctx), "Incorrect username or password.")
// Try to login with the new password
// Try to login with the new password.
s.doLoginOneFactor(s.T(), s.Context(ctx), "john", "abc", false, "")
// Logout
// Logout.
s.doLogout(s.T(), s.Context(ctx))
// Reset the original password
// Reset the original password.
s.doResetPassword(s.T(), s.Context(ctx), "john", "password", "password", false)
}
@ -85,7 +85,7 @@ func (s *ResetPasswordScenario) TestShouldMakeAttackerThinkPasswordResetIsInitia
// Try to initiate a password reset of an nonexistent user.
s.doInitiatePasswordReset(s.T(), s.Context(ctx), "i_dont_exist")
// Check that the notification make the attacker thinks the process is initiated
// Check that the notification make the attacker thinks the process is initiated.
s.verifyMailNotificationDisplayed(s.T(), s.Context(ctx))
}

View File

@ -58,18 +58,18 @@ func (s *TwoFactorSuite) TestShouldAuthorizeSecretAfterTwoFactor() {
username := testUsername
password := testPassword
// Login and register TOTP, logout and login again with 1FA & 2FA
// Login and register TOTP, logout and login again with 1FA & 2FA.
targetURL := fmt.Sprintf("%s/secret.html", AdminBaseURL)
_ = s.doRegisterAndLogin2FA(s.T(), s.Context(ctx), username, password, false, targetURL)
// And check if the user is redirected to the secret.
s.verifySecretAuthorized(s.T(), s.Context(ctx))
// Leave the secret
// Leave the secret.
s.doVisit(s.T(), s.Context(ctx), HomeBaseURL)
s.verifyIsHome(s.T(), s.Context(ctx))
// And try to reload it again to check the session is kept
// And try to reload it again to check the session is kept.
s.doVisit(s.T(), s.Context(ctx), targetURL)
s.verifySecretAuthorized(s.T(), s.Context(ctx))
}

View File

@ -54,11 +54,11 @@ func (s *UserPreferencesScenario) TestShouldRememberLastUsed2FAMethod() {
s.collectScreenshot(ctx.Err(), s.Page)
}()
// Authenticate
// Authenticate.
s.doLoginOneFactor(s.T(), s.Context(ctx), "john", "password", false, "")
s.verifyIsSecondFactorPage(s.T(), s.Context(ctx))
// Then switch to push notification method
// Then switch to push notification method.
s.doChangeMethod(s.T(), s.Context(ctx), "push-notification")
s.WaitElementLocatedByCSSSelector(s.T(), s.Context(ctx), "push-notification-method")
@ -71,7 +71,7 @@ func (s *UserPreferencesScenario) TestShouldRememberLastUsed2FAMethod() {
s.verifyIsSecondFactorPage(s.T(), s.Context(ctx))
// And check the latest method is still used.
s.WaitElementLocatedByCSSSelector(s.T(), s.Context(ctx), "push-notification-method")
// Meaning the authentication is successful
// Meaning the authentication is successful.
s.verifyIsHome(s.T(), s.Context(ctx))
// Logout the user and see what user 'harry' sees.
@ -83,7 +83,7 @@ func (s *UserPreferencesScenario) TestShouldRememberLastUsed2FAMethod() {
s.doLogout(s.T(), s.Context(ctx))
s.verifyIsFirstFactorPage(s.T(), s.Context(ctx))
// Then log back as previous user and verify the push notification is still the default method
// Then log back as previous user and verify the push notification is still the default method.
s.doLoginOneFactor(s.T(), s.Context(ctx), "john", "password", false, "")
s.verifyIsSecondFactorPage(s.T(), s.Context(ctx))
s.WaitElementLocatedByCSSSelector(s.T(), s.Context(ctx), "push-notification-method")
@ -92,7 +92,7 @@ func (s *UserPreferencesScenario) TestShouldRememberLastUsed2FAMethod() {
s.doLogout(s.T(), s.Context(ctx))
s.doLoginOneFactor(s.T(), s.Context(ctx), "john", "password", false, "")
// Eventually restore the default method
// Eventually restore the default method.
s.doChangeMethod(s.T(), s.Context(ctx), "one-time-password")
s.WaitElementLocatedByCSSSelector(s.T(), s.Context(ctx), "one-time-password-method")
}

View File

@ -132,18 +132,18 @@ func (s *DuoPushWebDriverSuite) TestShouldAutoSelectDevice() {
ConfigureDuoPreAuth(s.T(), PreAuthAPIResponse)
ConfigureDuo(s.T(), Allow)
// Authenticate
// Authenticate.
s.doLoginOneFactor(s.T(), s.Context(ctx), "john", "password", false, "")
// Switch Method where single Device should be selected automatically.
s.doChangeMethod(s.T(), s.Context(ctx), "push-notification")
s.verifyIsHome(s.T(), s.Context(ctx))
// Re-Login the user
// Re-Login the user.
s.doLogout(s.T(), s.Context(ctx))
s.doLoginOneFactor(s.T(), s.Context(ctx), "john", "password", false, "")
// And check the latest method and device is still used.
s.WaitElementLocatedByCSSSelector(s.T(), s.Context(ctx), "push-notification-method")
// Meaning the authentication is successful
// Meaning the authentication is successful.
s.verifyIsHome(s.T(), s.Context(ctx))
}
@ -171,7 +171,7 @@ func (s *DuoPushWebDriverSuite) TestShouldSelectDevice() {
ConfigureDuoPreAuth(s.T(), PreAuthAPIResponse)
ConfigureDuo(s.T(), Allow)
// Authenticate
// Authenticate.
s.doLoginOneFactor(s.T(), s.Context(ctx), "john", "password", false, "")
// Switch Method where Device Selection should open automatically.
s.doChangeMethod(s.T(), s.Context(ctx), "push-notification")
@ -183,12 +183,12 @@ func (s *DuoPushWebDriverSuite) TestShouldSelectDevice() {
s.doChangeDevice(s.T(), s.Context(ctx), "1234567890ABCDEFGHIJ")
s.verifyIsHome(s.T(), s.Context(ctx))
// Re-Login the user
// Re-Login the user.
s.doLogout(s.T(), s.Context(ctx))
s.doLoginOneFactor(s.T(), s.Context(ctx), "john", "password", false, "")
// And check the latest method and device is still used.
s.WaitElementLocatedByCSSSelector(s.T(), s.Context(ctx), "push-notification-method")
// Meaning the authentication is successful
// Meaning the authentication is successful.
s.verifyIsHome(s.T(), s.Context(ctx))
}

View File

@ -87,7 +87,7 @@ func (s *HighAvailabilityWebDriverSuite) TestShouldKeepUserSessionActiveWithPrim
s.doVisit(s.T(), s.Context(ctx), HomeBaseURL)
s.verifyIsHome(s.T(), s.Context(ctx))
// Verify the user is still authenticated
// Verify the user is still authenticated.
s.doVisit(s.T(), s.Context(ctx), GetLoginBaseURL())
s.verifyIsSecondFactorPage(s.T(), s.Context(ctx))
@ -130,7 +130,7 @@ func (s *HighAvailabilityWebDriverSuite) TestShouldKeepUserSessionActiveWithPrim
s.doVisit(s.T(), s.Context(ctx), HomeBaseURL)
s.verifyIsHome(s.T(), s.Context(ctx))
// Verify the user is still authenticated
// Verify the user is still authenticated.
s.doVisit(s.T(), s.Context(ctx), GetLoginBaseURL())
s.verifyIsSecondFactorPage(s.T(), s.Context(ctx))
}
@ -170,11 +170,11 @@ func (s *HighAvailabilityWebDriverSuite) TestShouldKeepSessionAfterAutheliaResta
s.doVisit(s.T(), s.Context(ctx), HomeBaseURL)
s.verifyIsHome(s.T(), s.Context(ctx))
// Verify the user is still authenticated
// Verify the user is still authenticated.
s.doVisit(s.T(), s.Context(ctx), GetLoginBaseURL())
s.verifyIsSecondFactorPage(s.T(), s.Context(ctx))
// Then logout and login again to check the secret is still there
// Then logout and login again to check the secret is still there.
s.doLogout(s.T(), s.Context(ctx))
s.verifyIsFirstFactorPage(s.T(), s.Context(ctx))

View File

@ -17,7 +17,7 @@ func init() {
"internal/suites/example/compose/nginx/portal/docker-compose.yml",
"internal/suites/example/compose/squid/docker-compose.yml",
"internal/suites/example/compose/smtp/docker-compose.yml",
// To debug headers
// To debug headers.
"internal/suites/example/compose/httpbin/docker-compose.yml",
})

View File

@ -10,8 +10,8 @@ var standaloneSuiteName = "Standalone"
func init() {
_ = os.MkdirAll("/tmp/authelia/StandaloneSuite/", 0700)
_ = os.WriteFile("/tmp/authelia/StandaloneSuite/jwt", []byte("very_important_secret"), 0600)
_ = os.WriteFile("/tmp/authelia/StandaloneSuite/session", []byte("unsecure_session_secret"), 0600)
_ = os.WriteFile("/tmp/authelia/StandaloneSuite/jwt", []byte("very_important_secret"), 0600) //nolint:gosec
_ = os.WriteFile("/tmp/authelia/StandaloneSuite/session", []byte("unsecure_session_secret"), 0600) //nolint:gosec
dockerEnvironment := NewDockerEnvironment([]string{
"internal/suites/docker-compose.yml",

View File

@ -139,7 +139,7 @@ func (s *StandaloneWebDriverSuite) TestShouldCheckUserIsAskedToRegisterDevice()
// Login one factor again.
s.doLoginOneFactor(s.T(), s.Context(ctx), username, password, false, "")
// now the user should be asked to perform 2FA
// now the user should be asked to perform 2FA.
s.WaitElementLocatedByClassName(s.T(), s.Context(ctx), "state-method")
}

View File

@ -136,12 +136,12 @@ func RunFuncUntilCtrlC(fn func() error) error {
// RunCommandWithTimeout run a command with timeout.
func RunCommandWithTimeout(cmd *exec.Cmd, timeout time.Duration) error {
// Start a process:
// Start a process.
if err := cmd.Start(); err != nil {
log.Fatal(err)
}
// Wait for the process to finish or kill it after a timeout (whichever happens first):
// Wait for the process to finish or kill it after a timeout (whichever happens first).
done := make(chan error, 1)
go func() {

View File

@ -76,7 +76,7 @@ func ParseRsaPublicKeyFromPemStr(pubPEM string) (*rsa.PublicKey, error) {
case *rsa.PublicKey:
return pub, nil
default:
break // fall through
break // fall through.
}
return nil, errors.New("key type is not RSA")

View File

@ -43,7 +43,7 @@ func ParseDurationString(input string) (time.Duration, error) {
duration = time.Duration(seconds) * time.Second
case input != "":
// Throw this error if input is anything other than a blank string, blank string will default to a duration of nothing
// Throw this error if input is anything other than a blank string, blank string will default to a duration of nothing.
return 0, fmt.Errorf("could not convert the input string of %s into a duration", input)
}