mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
feat(commands): totp qr code in png format (#2673)
This allows exporting the TOTP QR code for easy registration when using `authelia storage totp generate` or `authelia storage totp export`.
This commit is contained in:
parent
6276883f04
commit
1b2af90e5a
|
@ -105,6 +105,7 @@ const (
|
||||||
const (
|
const (
|
||||||
storageExportFormatCSV = "csv"
|
storageExportFormatCSV = "csv"
|
||||||
storageExportFormatURI = "uri"
|
storageExportFormatURI = "uri"
|
||||||
|
storageExportFormatPNG = "png"
|
||||||
)
|
)
|
||||||
|
|
||||||
var (
|
var (
|
||||||
|
|
|
@ -112,6 +112,7 @@ func newStorageTOTPGenerateCmd() (cmd *cobra.Command) {
|
||||||
cmd.Flags().String("algorithm", "SHA1", "set the TOTP algorithm")
|
cmd.Flags().String("algorithm", "SHA1", "set the TOTP algorithm")
|
||||||
cmd.Flags().String("issuer", "Authelia", "set the TOTP issuer")
|
cmd.Flags().String("issuer", "Authelia", "set the TOTP issuer")
|
||||||
cmd.Flags().BoolP("force", "f", false, "forces the TOTP configuration to be generated regardless if it exists or not")
|
cmd.Flags().BoolP("force", "f", false, "forces the TOTP configuration to be generated regardless if it exists or not")
|
||||||
|
cmd.Flags().StringP("path", "p", "", "path to a file to create a PNG file with the QR code (optional)")
|
||||||
|
|
||||||
return cmd
|
return cmd
|
||||||
}
|
}
|
||||||
|
@ -135,6 +136,7 @@ func newStorageTOTPExportCmd() (cmd *cobra.Command) {
|
||||||
}
|
}
|
||||||
|
|
||||||
cmd.Flags().String("format", storageExportFormatURI, "sets the output format")
|
cmd.Flags().String("format", storageExportFormatURI, "sets the output format")
|
||||||
|
cmd.Flags().String("dir", "", "used with the png output format to specify which new directory to save the files in")
|
||||||
|
|
||||||
return cmd
|
return cmd
|
||||||
}
|
}
|
||||||
|
|
|
@ -4,7 +4,10 @@ import (
|
||||||
"context"
|
"context"
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
"image"
|
||||||
|
"image/png"
|
||||||
"os"
|
"os"
|
||||||
|
"path/filepath"
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
"github.com/spf13/cobra"
|
"github.com/spf13/cobra"
|
||||||
|
@ -15,11 +18,13 @@ import (
|
||||||
"github.com/authelia/authelia/v4/internal/models"
|
"github.com/authelia/authelia/v4/internal/models"
|
||||||
"github.com/authelia/authelia/v4/internal/storage"
|
"github.com/authelia/authelia/v4/internal/storage"
|
||||||
"github.com/authelia/authelia/v4/internal/totp"
|
"github.com/authelia/authelia/v4/internal/totp"
|
||||||
|
"github.com/authelia/authelia/v4/internal/utils"
|
||||||
)
|
)
|
||||||
|
|
||||||
func storagePersistentPreRunE(cmd *cobra.Command, _ []string) (err error) {
|
func storagePersistentPreRunE(cmd *cobra.Command, _ []string) (err error) {
|
||||||
configs, err := cmd.Flags().GetStringSlice("config")
|
var configs []string
|
||||||
if err != nil {
|
|
||||||
|
if configs, err = cmd.Flags().GetStringSlice("config"); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -72,8 +77,7 @@ func storagePersistentPreRunE(cmd *cobra.Command, _ []string) (err error) {
|
||||||
|
|
||||||
config = &schema.Configuration{}
|
config = &schema.Configuration{}
|
||||||
|
|
||||||
_, err = configuration.LoadAdvanced(val, "", &config, sources...)
|
if _, err = configuration.LoadAdvanced(val, "", &config, sources...); err != nil {
|
||||||
if err != nil {
|
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -117,6 +121,8 @@ func storagePersistentPreRunE(cmd *cobra.Command, _ []string) (err error) {
|
||||||
func storageSchemaEncryptionCheckRunE(cmd *cobra.Command, args []string) (err error) {
|
func storageSchemaEncryptionCheckRunE(cmd *cobra.Command, args []string) (err error) {
|
||||||
var (
|
var (
|
||||||
provider storage.Provider
|
provider storage.Provider
|
||||||
|
verbose bool
|
||||||
|
|
||||||
ctx = context.Background()
|
ctx = context.Background()
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -126,8 +132,7 @@ func storageSchemaEncryptionCheckRunE(cmd *cobra.Command, args []string) (err er
|
||||||
_ = provider.Close()
|
_ = provider.Close()
|
||||||
}()
|
}()
|
||||||
|
|
||||||
verbose, err := cmd.Flags().GetBool("verbose")
|
if verbose, err = cmd.Flags().GetBool("verbose"); err != nil {
|
||||||
if err != nil {
|
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -150,6 +155,9 @@ func storageSchemaEncryptionCheckRunE(cmd *cobra.Command, args []string) (err er
|
||||||
func storageSchemaEncryptionChangeKeyRunE(cmd *cobra.Command, args []string) (err error) {
|
func storageSchemaEncryptionChangeKeyRunE(cmd *cobra.Command, args []string) (err error) {
|
||||||
var (
|
var (
|
||||||
provider storage.Provider
|
provider storage.Provider
|
||||||
|
key string
|
||||||
|
version int
|
||||||
|
|
||||||
ctx = context.Background()
|
ctx = context.Background()
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -163,8 +171,7 @@ func storageSchemaEncryptionChangeKeyRunE(cmd *cobra.Command, args []string) (er
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
version, err := provider.SchemaVersion(ctx)
|
if version, err = provider.SchemaVersion(ctx); err != nil {
|
||||||
if err != nil {
|
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -172,17 +179,15 @@ func storageSchemaEncryptionChangeKeyRunE(cmd *cobra.Command, args []string) (er
|
||||||
return errors.New("schema version must be at least version 1 to change the encryption key")
|
return errors.New("schema version must be at least version 1 to change the encryption key")
|
||||||
}
|
}
|
||||||
|
|
||||||
key, err := cmd.Flags().GetString("new-encryption-key")
|
key, err = cmd.Flags().GetString("new-encryption-key")
|
||||||
if err != nil {
|
|
||||||
|
switch {
|
||||||
|
case err != nil:
|
||||||
return err
|
return err
|
||||||
}
|
case key == "":
|
||||||
|
|
||||||
if key == "" {
|
|
||||||
return errors.New("you must set the --new-encryption-key flag")
|
return errors.New("you must set the --new-encryption-key flag")
|
||||||
}
|
case len(key) < 20:
|
||||||
|
return errors.New("the new encryption key must be at least 20 characters")
|
||||||
if len(key) < 20 {
|
|
||||||
return errors.New("the encryption key must be at least 20 characters")
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if err = provider.SchemaEncryptionChangeKey(ctx, key); err != nil {
|
if err = provider.SchemaEncryptionChangeKey(ctx, key); err != nil {
|
||||||
|
@ -200,6 +205,9 @@ func storageTOTPGenerateRunE(cmd *cobra.Command, args []string) (err error) {
|
||||||
ctx = context.Background()
|
ctx = context.Background()
|
||||||
c *models.TOTPConfiguration
|
c *models.TOTPConfiguration
|
||||||
force bool
|
force bool
|
||||||
|
filename string
|
||||||
|
file *os.File
|
||||||
|
img image.Image
|
||||||
)
|
)
|
||||||
|
|
||||||
provider = getStorageProvider()
|
provider = getStorageProvider()
|
||||||
|
@ -208,10 +216,15 @@ func storageTOTPGenerateRunE(cmd *cobra.Command, args []string) (err error) {
|
||||||
_ = provider.Close()
|
_ = provider.Close()
|
||||||
}()
|
}()
|
||||||
|
|
||||||
force, err = cmd.Flags().GetBool("force")
|
if force, err = cmd.Flags().GetBool("force"); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
_, err = provider.LoadTOTPConfiguration(ctx, args[0])
|
if filename, err = cmd.Flags().GetString("path"); err != nil {
|
||||||
if err == nil && !force {
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
if _, err = provider.LoadTOTPConfiguration(ctx, args[0]); err == nil && !force {
|
||||||
return fmt.Errorf("%s already has a TOTP configuration, use --force to overwrite", args[0])
|
return fmt.Errorf("%s already has a TOTP configuration, use --force to overwrite", args[0])
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -225,12 +238,35 @@ func storageTOTPGenerateRunE(cmd *cobra.Command, args []string) (err error) {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
err = provider.SaveTOTPConfiguration(ctx, *c)
|
extraInfo := ""
|
||||||
if err != nil {
|
|
||||||
|
if filename != "" {
|
||||||
|
if _, err = os.Stat(filename); !os.IsNotExist(err) {
|
||||||
|
return errors.New("image output filepath already exists")
|
||||||
|
}
|
||||||
|
|
||||||
|
if file, err = os.Create(filename); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
fmt.Printf("Generated TOTP configuration for user '%s': %s", args[0], c.URI())
|
defer file.Close()
|
||||||
|
|
||||||
|
if img, err = c.Image(256, 256); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
if err = png.Encode(file, img); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
extraInfo = fmt.Sprintf(" and saved it as a PNG image at the path '%s'", filename)
|
||||||
|
}
|
||||||
|
|
||||||
|
if err = provider.SaveTOTPConfiguration(ctx, *c); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
fmt.Printf("Generated TOTP configuration for user '%s' with URI '%s'%s\n", args[0], c.URI(), extraInfo)
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
@ -249,13 +285,11 @@ func storageTOTPDeleteRunE(cmd *cobra.Command, args []string) (err error) {
|
||||||
_ = provider.Close()
|
_ = provider.Close()
|
||||||
}()
|
}()
|
||||||
|
|
||||||
_, err = provider.LoadTOTPConfiguration(ctx, user)
|
if _, err = provider.LoadTOTPConfiguration(ctx, user); err != nil {
|
||||||
if err != nil {
|
|
||||||
return fmt.Errorf("can't delete configuration for user '%s': %+v", user, err)
|
return fmt.Errorf("can't delete configuration for user '%s': %+v", user, err)
|
||||||
}
|
}
|
||||||
|
|
||||||
err = provider.DeleteTOTPConfiguration(ctx, user)
|
if err = provider.DeleteTOTPConfiguration(ctx, user); err != nil {
|
||||||
if err != nil {
|
|
||||||
return fmt.Errorf("can't delete configuration for user '%s': %+v", user, err)
|
return fmt.Errorf("can't delete configuration for user '%s': %+v", user, err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -267,6 +301,10 @@ func storageTOTPDeleteRunE(cmd *cobra.Command, args []string) (err error) {
|
||||||
func storageTOTPExportRunE(cmd *cobra.Command, args []string) (err error) {
|
func storageTOTPExportRunE(cmd *cobra.Command, args []string) (err error) {
|
||||||
var (
|
var (
|
||||||
provider storage.Provider
|
provider storage.Provider
|
||||||
|
format, dir string
|
||||||
|
configurations []models.TOTPConfiguration
|
||||||
|
img image.Image
|
||||||
|
|
||||||
ctx = context.Background()
|
ctx = context.Background()
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -280,25 +318,14 @@ func storageTOTPExportRunE(cmd *cobra.Command, args []string) (err error) {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
format, err := cmd.Flags().GetString("format")
|
if format, dir, err = storageTOTPExportGetConfigFromFlags(cmd); err != nil {
|
||||||
if err != nil {
|
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
switch format {
|
|
||||||
case storageExportFormatCSV, storageExportFormatURI:
|
|
||||||
break
|
|
||||||
default:
|
|
||||||
return errors.New("format must be csv or uri")
|
|
||||||
}
|
|
||||||
|
|
||||||
limit := 10
|
limit := 10
|
||||||
|
|
||||||
var configurations []models.TOTPConfiguration
|
|
||||||
|
|
||||||
for page := 0; true; page++ {
|
for page := 0; true; page++ {
|
||||||
configurations, err = provider.LoadTOTPConfigurations(ctx, limit, page)
|
if configurations, err = provider.LoadTOTPConfigurations(ctx, limit, page); err != nil {
|
||||||
if err != nil {
|
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -312,6 +339,17 @@ func storageTOTPExportRunE(cmd *cobra.Command, args []string) (err error) {
|
||||||
fmt.Printf("%s,%s,%s,%d,%d,%s\n", c.Issuer, c.Username, c.Algorithm, c.Digits, c.Period, string(c.Secret))
|
fmt.Printf("%s,%s,%s,%d,%d,%s\n", c.Issuer, c.Username, c.Algorithm, c.Digits, c.Period, string(c.Secret))
|
||||||
case storageExportFormatURI:
|
case storageExportFormatURI:
|
||||||
fmt.Println(c.URI())
|
fmt.Println(c.URI())
|
||||||
|
case storageExportFormatPNG:
|
||||||
|
file, _ := os.Create(filepath.Join(dir, fmt.Sprintf("%s.png", c.Username)))
|
||||||
|
defer file.Close()
|
||||||
|
|
||||||
|
if img, err = c.Image(256, 256); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
if err = png.Encode(file, img); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -320,12 +358,50 @@ func storageTOTPExportRunE(cmd *cobra.Command, args []string) (err error) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if format == storageExportFormatPNG {
|
||||||
|
fmt.Printf("Exported TOTP QR codes in PNG format in the '%s' directory\n", dir)
|
||||||
|
}
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func storageTOTPExportGetConfigFromFlags(cmd *cobra.Command) (format, dir string, err error) {
|
||||||
|
if format, err = cmd.Flags().GetString("format"); err != nil {
|
||||||
|
return "", "", err
|
||||||
|
}
|
||||||
|
|
||||||
|
if dir, err = cmd.Flags().GetString("dir"); err != nil {
|
||||||
|
return "", "", err
|
||||||
|
}
|
||||||
|
|
||||||
|
switch format {
|
||||||
|
case storageExportFormatCSV, storageExportFormatURI:
|
||||||
|
break
|
||||||
|
case storageExportFormatPNG:
|
||||||
|
if dir == "" {
|
||||||
|
dir = utils.RandomString(8, utils.AlphaNumericCharacters, false)
|
||||||
|
}
|
||||||
|
|
||||||
|
if _, err = os.Stat(dir); !os.IsNotExist(err) {
|
||||||
|
return "", "", errors.New("output directory must not exist")
|
||||||
|
}
|
||||||
|
|
||||||
|
if err = os.MkdirAll(dir, 0700); err != nil {
|
||||||
|
return "", "", err
|
||||||
|
}
|
||||||
|
default:
|
||||||
|
return "", "", errors.New("format must be csv, uri, or png")
|
||||||
|
}
|
||||||
|
|
||||||
|
return format, dir, nil
|
||||||
|
}
|
||||||
|
|
||||||
func storageMigrateHistoryRunE(_ *cobra.Command, _ []string) (err error) {
|
func storageMigrateHistoryRunE(_ *cobra.Command, _ []string) (err error) {
|
||||||
var (
|
var (
|
||||||
provider storage.Provider
|
provider storage.Provider
|
||||||
|
version int
|
||||||
|
migrations []models.Migration
|
||||||
|
|
||||||
ctx = context.Background()
|
ctx = context.Background()
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -338,8 +414,7 @@ func storageMigrateHistoryRunE(_ *cobra.Command, _ []string) (err error) {
|
||||||
_ = provider.Close()
|
_ = provider.Close()
|
||||||
}()
|
}()
|
||||||
|
|
||||||
version, err := provider.SchemaVersion(ctx)
|
if version, err = provider.SchemaVersion(ctx); err != nil {
|
||||||
if err != nil {
|
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -348,8 +423,7 @@ func storageMigrateHistoryRunE(_ *cobra.Command, _ []string) (err error) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
migrations, err := provider.SchemaMigrationHistory(ctx)
|
if migrations, err = provider.SchemaMigrationHistory(ctx); err != nil {
|
||||||
if err != nil {
|
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -411,6 +485,9 @@ func newStorageMigrationRunE(up bool) func(cmd *cobra.Command, args []string) (e
|
||||||
return func(cmd *cobra.Command, args []string) (err error) {
|
return func(cmd *cobra.Command, args []string) (err error) {
|
||||||
var (
|
var (
|
||||||
provider storage.Provider
|
provider storage.Provider
|
||||||
|
target int
|
||||||
|
pre1 bool
|
||||||
|
|
||||||
ctx = context.Background()
|
ctx = context.Background()
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -420,8 +497,7 @@ func newStorageMigrationRunE(up bool) func(cmd *cobra.Command, args []string) (e
|
||||||
_ = provider.Close()
|
_ = provider.Close()
|
||||||
}()
|
}()
|
||||||
|
|
||||||
target, err := cmd.Flags().GetInt("target")
|
if target, err = cmd.Flags().GetInt("target"); err != nil {
|
||||||
if err != nil {
|
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -434,8 +510,7 @@ func newStorageMigrationRunE(up bool) func(cmd *cobra.Command, args []string) (e
|
||||||
return provider.SchemaMigrate(ctx, true, storage.SchemaLatest)
|
return provider.SchemaMigrate(ctx, true, storage.SchemaLatest)
|
||||||
}
|
}
|
||||||
default:
|
default:
|
||||||
pre1, err := cmd.Flags().GetBool("pre1")
|
if pre1, err = cmd.Flags().GetBool("pre1"); err != nil {
|
||||||
if err != nil {
|
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -458,8 +533,9 @@ func newStorageMigrationRunE(up bool) func(cmd *cobra.Command, args []string) (e
|
||||||
}
|
}
|
||||||
|
|
||||||
func storageMigrateDownConfirmDestroy(cmd *cobra.Command) (err error) {
|
func storageMigrateDownConfirmDestroy(cmd *cobra.Command) (err error) {
|
||||||
destroy, err := cmd.Flags().GetBool("destroy-data")
|
var destroy bool
|
||||||
if err != nil {
|
|
||||||
|
if destroy, err = cmd.Flags().GetBool("destroy-data"); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -480,10 +556,13 @@ func storageMigrateDownConfirmDestroy(cmd *cobra.Command) (err error) {
|
||||||
|
|
||||||
func storageSchemaInfoRunE(_ *cobra.Command, _ []string) (err error) {
|
func storageSchemaInfoRunE(_ *cobra.Command, _ []string) (err error) {
|
||||||
var (
|
var (
|
||||||
|
upgradeStr, tablesStr string
|
||||||
|
|
||||||
provider storage.Provider
|
provider storage.Provider
|
||||||
|
tables []string
|
||||||
|
version, latest int
|
||||||
|
|
||||||
ctx = context.Background()
|
ctx = context.Background()
|
||||||
upgradeStr string
|
|
||||||
tablesStr string
|
|
||||||
)
|
)
|
||||||
|
|
||||||
provider = getStorageProvider()
|
provider = getStorageProvider()
|
||||||
|
@ -492,13 +571,11 @@ func storageSchemaInfoRunE(_ *cobra.Command, _ []string) (err error) {
|
||||||
_ = provider.Close()
|
_ = provider.Close()
|
||||||
}()
|
}()
|
||||||
|
|
||||||
version, err := provider.SchemaVersion(ctx)
|
if version, err = provider.SchemaVersion(ctx); err != nil && err.Error() != "unknown schema state" {
|
||||||
if err != nil && err.Error() != "unknown schema state" {
|
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
tables, err := provider.SchemaTables(ctx)
|
if tables, err = provider.SchemaTables(ctx); err != nil {
|
||||||
if err != nil {
|
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -508,8 +585,7 @@ func storageSchemaInfoRunE(_ *cobra.Command, _ []string) (err error) {
|
||||||
tablesStr = strings.Join(tables, ", ")
|
tablesStr = strings.Join(tables, ", ")
|
||||||
}
|
}
|
||||||
|
|
||||||
latest, err := provider.SchemaLatestVersion()
|
if latest, err = provider.SchemaLatestVersion(); err != nil {
|
||||||
if err != nil {
|
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -537,13 +613,13 @@ func storageSchemaInfoRunE(_ *cobra.Command, _ []string) (err error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func checkStorageSchemaUpToDate(ctx context.Context, provider storage.Provider) (err error) {
|
func checkStorageSchemaUpToDate(ctx context.Context, provider storage.Provider) (err error) {
|
||||||
version, err := provider.SchemaVersion(ctx)
|
var version, latest int
|
||||||
if err != nil {
|
|
||||||
|
if version, err = provider.SchemaVersion(ctx); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
latest, err := provider.SchemaLatestVersion()
|
if latest, err = provider.SchemaLatestVersion(); err != nil {
|
||||||
if err != nil {
|
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,8 +1,11 @@
|
||||||
package models
|
package models
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"image"
|
||||||
"net/url"
|
"net/url"
|
||||||
"strconv"
|
"strconv"
|
||||||
|
|
||||||
|
"github.com/pquerna/otp"
|
||||||
)
|
)
|
||||||
|
|
||||||
// TOTPConfiguration represents a users TOTP configuration row in the database.
|
// TOTPConfiguration represents a users TOTP configuration row in the database.
|
||||||
|
@ -34,3 +37,19 @@ func (c TOTPConfiguration) URI() (uri string) {
|
||||||
|
|
||||||
return u.String()
|
return u.String()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Key returns the *otp.Key using TOTPConfiguration.URI with otp.NewKeyFromURL.
|
||||||
|
func (c TOTPConfiguration) Key() (key *otp.Key, err error) {
|
||||||
|
return otp.NewKeyFromURL(c.URI())
|
||||||
|
}
|
||||||
|
|
||||||
|
// Image returns the image.Image of the TOTPConfiguration using the Image func from the return of TOTPConfiguration.Key.
|
||||||
|
func (c TOTPConfiguration) Image(width, height int) (img image.Image, err error) {
|
||||||
|
var key *otp.Key
|
||||||
|
|
||||||
|
if key, err = c.Key(); err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
return key.Image(width, height)
|
||||||
|
}
|
||||||
|
|
|
@ -38,3 +38,40 @@ func TestShouldOnlyMarshalPeriodAndDigitsAndAbsolutelyNeverSecret(t *testing.T)
|
||||||
require.NotContains(t, string(data), "secret")
|
require.NotContains(t, string(data), "secret")
|
||||||
require.NotContains(t, string(data), "ABC123")
|
require.NotContains(t, string(data), "ABC123")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestShouldReturnErrWhenImageTooSmall(t *testing.T) {
|
||||||
|
object := TOTPConfiguration{
|
||||||
|
ID: 1,
|
||||||
|
Username: "john",
|
||||||
|
Issuer: "Authelia",
|
||||||
|
Algorithm: "SHA1",
|
||||||
|
Digits: 6,
|
||||||
|
Period: 30,
|
||||||
|
Secret: []byte("ABC123"),
|
||||||
|
}
|
||||||
|
|
||||||
|
img, err := object.Image(10, 10)
|
||||||
|
|
||||||
|
assert.EqualError(t, err, "can not scale barcode to an image smaller than 41x41")
|
||||||
|
assert.Nil(t, img)
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestShouldReturnImage(t *testing.T) {
|
||||||
|
object := TOTPConfiguration{
|
||||||
|
ID: 1,
|
||||||
|
Username: "john",
|
||||||
|
Issuer: "Authelia",
|
||||||
|
Algorithm: "SHA1",
|
||||||
|
Digits: 6,
|
||||||
|
Period: 30,
|
||||||
|
Secret: []byte("ABC123"),
|
||||||
|
}
|
||||||
|
|
||||||
|
img, err := object.Image(41, 41)
|
||||||
|
|
||||||
|
assert.NoError(t, err)
|
||||||
|
require.NotNil(t, img)
|
||||||
|
|
||||||
|
assert.Equal(t, 41, img.Bounds().Dx())
|
||||||
|
assert.Equal(t, 41, img.Bounds().Dy())
|
||||||
|
}
|
||||||
|
|
|
@ -38,6 +38,8 @@ func init() {
|
||||||
err := dockerEnvironment.Down()
|
err := dockerEnvironment.Down()
|
||||||
_ = os.Remove("/tmp/db.sqlite3")
|
_ = os.Remove("/tmp/db.sqlite3")
|
||||||
_ = os.Remove("/tmp/db.sqlite")
|
_ = os.Remove("/tmp/db.sqlite")
|
||||||
|
_ = os.RemoveAll("/tmp/qr/")
|
||||||
|
_ = os.Remove("/tmp/qr.png")
|
||||||
|
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
|
@ -66,13 +66,13 @@ func (s *CLISuite) TestShouldPrintVersion() {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *CLISuite) TestShouldValidateConfig() {
|
func (s *CLISuite) TestShouldValidateConfig() {
|
||||||
output, err := s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "validate-config", "--config", "/config/configuration.yml"})
|
output, err := s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "validate-config", "--config=/config/configuration.yml"})
|
||||||
s.Assert().NoError(err)
|
s.Assert().NoError(err)
|
||||||
s.Assert().Contains(output, "Configuration parsed and loaded successfully without errors.")
|
s.Assert().Contains(output, "Configuration parsed and loaded successfully without errors.")
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *CLISuite) TestShouldFailValidateConfig() {
|
func (s *CLISuite) TestShouldFailValidateConfig() {
|
||||||
output, err := s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "validate-config", "--config", "/config/invalid.yml"})
|
output, err := s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "validate-config", "--config=/config/invalid.yml"})
|
||||||
s.Assert().NoError(err)
|
s.Assert().NoError(err)
|
||||||
s.Assert().Contains(output, "failed to load configuration from yaml file(/config/invalid.yml) source: open /config/invalid.yml: no such file or directory")
|
s.Assert().Contains(output, "failed to load configuration from yaml file(/config/invalid.yml) source: open /config/invalid.yml: no such file or directory")
|
||||||
}
|
}
|
||||||
|
@ -90,75 +90,75 @@ func (s *CLISuite) TestShouldHashPasswordSHA512() {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *CLISuite) TestShouldGenerateCertificateRSA() {
|
func (s *CLISuite) TestShouldGenerateCertificateRSA() {
|
||||||
output, err := s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "certificates", "generate", "--host", "*.example.com", "--dir", "/tmp/"})
|
output, err := s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "certificates", "generate", "--host=*.example.com", "--dir=/tmp/"})
|
||||||
s.Assert().NoError(err)
|
s.Assert().NoError(err)
|
||||||
s.Assert().Contains(output, "Certificate Public Key written to /tmp/cert.pem")
|
s.Assert().Contains(output, "Certificate Public Key written to /tmp/cert.pem")
|
||||||
s.Assert().Contains(output, "Certificate Private Key written to /tmp/key.pem")
|
s.Assert().Contains(output, "Certificate Private Key written to /tmp/key.pem")
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *CLISuite) TestShouldGenerateCertificateRSAWithIPAddress() {
|
func (s *CLISuite) TestShouldGenerateCertificateRSAWithIPAddress() {
|
||||||
output, err := s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "certificates", "generate", "--host", "127.0.0.1", "--dir", "/tmp/"})
|
output, err := s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "certificates", "generate", "--host=127.0.0.1", "--dir=/tmp/"})
|
||||||
s.Assert().NoError(err)
|
s.Assert().NoError(err)
|
||||||
s.Assert().Contains(output, "Certificate Public Key written to /tmp/cert.pem")
|
s.Assert().Contains(output, "Certificate Public Key written to /tmp/cert.pem")
|
||||||
s.Assert().Contains(output, "Certificate Private Key written to /tmp/key.pem")
|
s.Assert().Contains(output, "Certificate Private Key written to /tmp/key.pem")
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *CLISuite) TestShouldGenerateCertificateRSAWithStartDate() {
|
func (s *CLISuite) TestShouldGenerateCertificateRSAWithStartDate() {
|
||||||
output, err := s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "certificates", "generate", "--host", "*.example.com", "--dir", "/tmp/", "--start-date", "'Jan 1 15:04:05 2011'"})
|
output, err := s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "certificates", "generate", "--host=*.example.com", "--dir=/tmp/", "--start-date='Jan 1 15:04:05 2011'"})
|
||||||
s.Assert().NoError(err)
|
s.Assert().NoError(err)
|
||||||
s.Assert().Contains(output, "Certificate Public Key written to /tmp/cert.pem")
|
s.Assert().Contains(output, "Certificate Public Key written to /tmp/cert.pem")
|
||||||
s.Assert().Contains(output, "Certificate Private Key written to /tmp/key.pem")
|
s.Assert().Contains(output, "Certificate Private Key written to /tmp/key.pem")
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *CLISuite) TestShouldFailGenerateCertificateRSAWithStartDate() {
|
func (s *CLISuite) TestShouldFailGenerateCertificateRSAWithStartDate() {
|
||||||
output, err := s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "certificates", "generate", "--host", "*.example.com", "--dir", "/tmp/", "--start-date", "Jan"})
|
output, err := s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "certificates", "generate", "--host=*.example.com", "--dir=/tmp/", "--start-date=Jan"})
|
||||||
s.Assert().NotNil(err)
|
s.Assert().NotNil(err)
|
||||||
s.Assert().Contains(output, "Failed to parse start date: parsing time \"Jan\" as \"Jan 2 15:04:05 2006\": cannot parse \"\" as \"2\"")
|
s.Assert().Contains(output, "Failed to parse start date: parsing time \"Jan\" as \"Jan 2 15:04:05 2006\": cannot parse \"\" as \"2\"")
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *CLISuite) TestShouldGenerateCertificateCA() {
|
func (s *CLISuite) TestShouldGenerateCertificateCA() {
|
||||||
output, err := s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "certificates", "generate", "--host", "*.example.com", "--dir", "/tmp/", "--ca"})
|
output, err := s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "certificates", "generate", "--host=*.example.com", "--dir=/tmp/", "--ca"})
|
||||||
s.Assert().NoError(err)
|
s.Assert().NoError(err)
|
||||||
s.Assert().Contains(output, "Certificate Public Key written to /tmp/cert.pem")
|
s.Assert().Contains(output, "Certificate Public Key written to /tmp/cert.pem")
|
||||||
s.Assert().Contains(output, "Certificate Private Key written to /tmp/key.pem")
|
s.Assert().Contains(output, "Certificate Private Key written to /tmp/key.pem")
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *CLISuite) TestShouldGenerateCertificateEd25519() {
|
func (s *CLISuite) TestShouldGenerateCertificateEd25519() {
|
||||||
output, err := s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "certificates", "generate", "--host", "*.example.com", "--dir", "/tmp/", "--ed25519"})
|
output, err := s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "certificates", "generate", "--host=*.example.com", "--dir=/tmp/", "--ed25519"})
|
||||||
s.Assert().NoError(err)
|
s.Assert().NoError(err)
|
||||||
s.Assert().Contains(output, "Certificate Public Key written to /tmp/cert.pem")
|
s.Assert().Contains(output, "Certificate Public Key written to /tmp/cert.pem")
|
||||||
s.Assert().Contains(output, "Certificate Private Key written to /tmp/key.pem")
|
s.Assert().Contains(output, "Certificate Private Key written to /tmp/key.pem")
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *CLISuite) TestShouldFailGenerateCertificateECDSA() {
|
func (s *CLISuite) TestShouldFailGenerateCertificateECDSA() {
|
||||||
output, err := s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "certificates", "generate", "--host", "*.example.com", "--dir", "/tmp/", "--ecdsa-curve", "invalid"})
|
output, err := s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "certificates", "generate", "--host=*.example.com", "--dir=/tmp/", "--ecdsa-curve=invalid"})
|
||||||
s.Assert().NotNil(err)
|
s.Assert().NotNil(err)
|
||||||
s.Assert().Contains(output, "Failed to generate private key: unrecognized elliptic curve: \"invalid\"")
|
s.Assert().Contains(output, "Failed to generate private key: unrecognized elliptic curve: \"invalid\"")
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *CLISuite) TestShouldGenerateCertificateECDSAP224() {
|
func (s *CLISuite) TestShouldGenerateCertificateECDSAP224() {
|
||||||
output, err := s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "certificates", "generate", "--host", "*.example.com", "--dir", "/tmp/", "--ecdsa-curve", "P224"})
|
output, err := s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "certificates", "generate", "--host=*.example.com", "--dir=/tmp/", "--ecdsa-curve=P224"})
|
||||||
s.Assert().NoError(err)
|
s.Assert().NoError(err)
|
||||||
s.Assert().Contains(output, "Certificate Public Key written to /tmp/cert.pem")
|
s.Assert().Contains(output, "Certificate Public Key written to /tmp/cert.pem")
|
||||||
s.Assert().Contains(output, "Certificate Private Key written to /tmp/key.pem")
|
s.Assert().Contains(output, "Certificate Private Key written to /tmp/key.pem")
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *CLISuite) TestShouldGenerateCertificateECDSAP256() {
|
func (s *CLISuite) TestShouldGenerateCertificateECDSAP256() {
|
||||||
output, err := s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "certificates", "generate", "--host", "*.example.com", "--dir", "/tmp/", "--ecdsa-curve", "P256"})
|
output, err := s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "certificates", "generate", "--host=*.example.com", "--dir=/tmp/", "--ecdsa-curve=P256"})
|
||||||
s.Assert().NoError(err)
|
s.Assert().NoError(err)
|
||||||
s.Assert().Contains(output, "Certificate Public Key written to /tmp/cert.pem")
|
s.Assert().Contains(output, "Certificate Public Key written to /tmp/cert.pem")
|
||||||
s.Assert().Contains(output, "Certificate Private Key written to /tmp/key.pem")
|
s.Assert().Contains(output, "Certificate Private Key written to /tmp/key.pem")
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *CLISuite) TestShouldGenerateCertificateECDSAP384() {
|
func (s *CLISuite) TestShouldGenerateCertificateECDSAP384() {
|
||||||
output, err := s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "certificates", "generate", "--host", "*.example.com", "--dir", "/tmp/", "--ecdsa-curve", "P384"})
|
output, err := s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "certificates", "generate", "--host=*.example.com", "--dir=/tmp/", "--ecdsa-curve=P384"})
|
||||||
s.Assert().NoError(err)
|
s.Assert().NoError(err)
|
||||||
s.Assert().Contains(output, "Certificate Public Key written to /tmp/cert.pem")
|
s.Assert().Contains(output, "Certificate Public Key written to /tmp/cert.pem")
|
||||||
s.Assert().Contains(output, "Certificate Private Key written to /tmp/key.pem")
|
s.Assert().Contains(output, "Certificate Private Key written to /tmp/key.pem")
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *CLISuite) TestShouldGenerateCertificateECDSAP521() {
|
func (s *CLISuite) TestShouldGenerateCertificateECDSAP521() {
|
||||||
output, err := s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "certificates", "generate", "--host", "*.example.com", "--dir", "/tmp/", "--ecdsa-curve", "P521"})
|
output, err := s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "certificates", "generate", "--host=*.example.com", "--dir=/tmp/", "--ecdsa-curve=P521"})
|
||||||
s.Assert().NoError(err)
|
s.Assert().NoError(err)
|
||||||
s.Assert().Contains(output, "Certificate Public Key written to /tmp/cert.pem")
|
s.Assert().Contains(output, "Certificate Public Key written to /tmp/cert.pem")
|
||||||
s.Assert().Contains(output, "Certificate Private Key written to /tmp/key.pem")
|
s.Assert().Contains(output, "Certificate Private Key written to /tmp/key.pem")
|
||||||
|
@ -179,7 +179,7 @@ func (s *CLISuite) TestStorageShouldShowErrWithoutConfig() {
|
||||||
func (s *CLISuite) TestStorage00ShouldShowCorrectPreInitInformation() {
|
func (s *CLISuite) TestStorage00ShouldShowCorrectPreInitInformation() {
|
||||||
_ = os.Remove("/tmp/db.sqlite3")
|
_ = os.Remove("/tmp/db.sqlite3")
|
||||||
|
|
||||||
output, err := s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "storage", "schema-info", "--config", "/config/configuration.storage.yml"})
|
output, err := s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "storage", "schema-info", "--config=/config/configuration.storage.yml"})
|
||||||
s.Assert().NoError(err)
|
s.Assert().NoError(err)
|
||||||
|
|
||||||
pattern := regexp.MustCompile(`^Schema Version: N/A\nSchema Upgrade Available: yes - version \d+\nSchema Tables: N/A\nSchema Encryption Key: unsupported \(schema version\)`)
|
pattern := regexp.MustCompile(`^Schema Version: N/A\nSchema Upgrade Available: yes - version \d+\nSchema Tables: N/A\nSchema Encryption Key: unsupported \(schema version\)`)
|
||||||
|
@ -188,45 +188,45 @@ func (s *CLISuite) TestStorage00ShouldShowCorrectPreInitInformation() {
|
||||||
|
|
||||||
patternOutdated := regexp.MustCompile(`Error: schema is version \d+ which is outdated please migrate to version \d+ in order to use this command or use an older binary`)
|
patternOutdated := regexp.MustCompile(`Error: schema is version \d+ which is outdated please migrate to version \d+ in order to use this command or use an older binary`)
|
||||||
|
|
||||||
output, err = s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "storage", "totp", "export", "--config", "/config/configuration.storage.yml"})
|
output, err = s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "storage", "totp", "export", "--config=/config/configuration.storage.yml"})
|
||||||
s.Assert().EqualError(err, "exit status 1")
|
s.Assert().EqualError(err, "exit status 1")
|
||||||
s.Assert().Regexp(patternOutdated, output)
|
s.Assert().Regexp(patternOutdated, output)
|
||||||
|
|
||||||
output, err = s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "storage", "encryption", "change-key", "--config", "/config/configuration.storage.yml"})
|
output, err = s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "storage", "encryption", "change-key", "--config=/config/configuration.storage.yml"})
|
||||||
s.Assert().EqualError(err, "exit status 1")
|
s.Assert().EqualError(err, "exit status 1")
|
||||||
s.Assert().Regexp(patternOutdated, output)
|
s.Assert().Regexp(patternOutdated, output)
|
||||||
|
|
||||||
output, err = s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "storage", "encryption", "check", "--config", "/config/configuration.storage.yml"})
|
output, err = s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "storage", "encryption", "check", "--config=/config/configuration.storage.yml"})
|
||||||
s.Assert().NoError(err)
|
s.Assert().NoError(err)
|
||||||
s.Assert().Contains(output, "Could not check encryption key for validity. The schema version doesn't support encryption.")
|
s.Assert().Contains(output, "Could not check encryption key for validity. The schema version doesn't support encryption.")
|
||||||
|
|
||||||
output, err = s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "storage", "migrate", "down", "--target", "0", "--destroy-data", "--config", "/config/configuration.storage.yml"})
|
output, err = s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "storage", "migrate", "down", "--target=0", "--destroy-data", "--config=/config/configuration.storage.yml"})
|
||||||
s.Assert().EqualError(err, "exit status 1")
|
s.Assert().EqualError(err, "exit status 1")
|
||||||
s.Assert().Contains(output, "Error: schema migration target version 0 is the same current version 0")
|
s.Assert().Contains(output, "Error: schema migration target version 0 is the same current version 0")
|
||||||
|
|
||||||
output, err = s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "storage", "migrate", "up", "--target", "2147483640", "--config", "/config/configuration.storage.yml"})
|
output, err = s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "storage", "migrate", "up", "--target=2147483640", "--config=/config/configuration.storage.yml"})
|
||||||
s.Assert().EqualError(err, "exit status 1")
|
s.Assert().EqualError(err, "exit status 1")
|
||||||
s.Assert().Contains(output, "Error: schema up migration target version 2147483640 is greater then the latest version ")
|
s.Assert().Contains(output, "Error: schema up migration target version 2147483640 is greater then the latest version ")
|
||||||
s.Assert().Contains(output, " which indicates it doesn't exist")
|
s.Assert().Contains(output, " which indicates it doesn't exist")
|
||||||
|
|
||||||
output, err = s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "storage", "--config", "/config/configuration.storage.yml", "migrate", "history"})
|
output, err = s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "storage", "migrate", "history", "--config=/config/configuration.storage.yml"})
|
||||||
s.Assert().NoError(err)
|
s.Assert().NoError(err)
|
||||||
|
|
||||||
s.Assert().Contains(output, "No migration history is available for schemas that not version 1 or above.\n")
|
s.Assert().Contains(output, "No migration history is available for schemas that not version 1 or above.\n")
|
||||||
|
|
||||||
output, err = s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "storage", "--config", "/config/configuration.storage.yml", "migrate", "list-up"})
|
output, err = s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "storage", "migrate", "list-up", "--config=/config/configuration.storage.yml"})
|
||||||
s.Assert().NoError(err)
|
s.Assert().NoError(err)
|
||||||
|
|
||||||
s.Assert().Contains(output, "Storage Schema Migration List (Up)\n\nVersion\t\tDescription\n1\t\tInitial Schema\n")
|
s.Assert().Contains(output, "Storage Schema Migration List (Up)\n\nVersion\t\tDescription\n1\t\tInitial Schema\n")
|
||||||
|
|
||||||
output, err = s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "storage", "--config", "/config/configuration.storage.yml", "migrate", "list-down"})
|
output, err = s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "storage", "migrate", "list-down", "--config=/config/configuration.storage.yml"})
|
||||||
s.Assert().NoError(err)
|
s.Assert().NoError(err)
|
||||||
|
|
||||||
s.Assert().Contains(output, "Storage Schema Migration List (Down)\n\nNo Migrations Available\n")
|
s.Assert().Contains(output, "Storage Schema Migration List (Down)\n\nNo Migrations Available\n")
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *CLISuite) TestStorage01ShouldMigrateUp() {
|
func (s *CLISuite) TestStorage01ShouldMigrateUp() {
|
||||||
output, err := s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "storage", "--config", "/config/configuration.storage.yml", "migrate", "up"})
|
output, err := s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "storage", "migrate", "up", "--config=/config/configuration.storage.yml"})
|
||||||
s.Require().NoError(err)
|
s.Require().NoError(err)
|
||||||
|
|
||||||
pattern0 := regexp.MustCompile(`"Storage schema migration from \d+ to \d+ is being attempted"`)
|
pattern0 := regexp.MustCompile(`"Storage schema migration from \d+ to \d+ is being attempted"`)
|
||||||
|
@ -235,23 +235,23 @@ func (s *CLISuite) TestStorage01ShouldMigrateUp() {
|
||||||
s.Regexp(pattern0, output)
|
s.Regexp(pattern0, output)
|
||||||
s.Regexp(pattern1, output)
|
s.Regexp(pattern1, output)
|
||||||
|
|
||||||
output, err = s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "storage", "--config", "/config/configuration.storage.yml", "migrate", "up"})
|
output, err = s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "storage", "migrate", "up", "--config=/config/configuration.storage.yml"})
|
||||||
s.Assert().EqualError(err, "exit status 1")
|
s.Assert().EqualError(err, "exit status 1")
|
||||||
|
|
||||||
s.Assert().Contains(output, "Error: schema already up to date\n")
|
s.Assert().Contains(output, "Error: schema already up to date\n")
|
||||||
|
|
||||||
output, err = s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "storage", "--config", "/config/configuration.storage.yml", "migrate", "history"})
|
output, err = s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "storage", "migrate", "history", "--config=/config/configuration.storage.yml"})
|
||||||
s.Assert().NoError(err)
|
s.Assert().NoError(err)
|
||||||
|
|
||||||
s.Assert().Contains(output, "Migration History:\n\nID\tDate\t\t\t\tBefore\tAfter\tAuthelia Version\n")
|
s.Assert().Contains(output, "Migration History:\n\nID\tDate\t\t\t\tBefore\tAfter\tAuthelia Version\n")
|
||||||
s.Assert().Contains(output, "0\t1")
|
s.Assert().Contains(output, "0\t1")
|
||||||
|
|
||||||
output, err = s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "storage", "--config", "/config/configuration.storage.yml", "migrate", "list-up"})
|
output, err = s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "storage", "migrate", "list-up", "--config=/config/configuration.storage.yml"})
|
||||||
s.Assert().NoError(err)
|
s.Assert().NoError(err)
|
||||||
|
|
||||||
s.Assert().Contains(output, "Storage Schema Migration List (Up)\n\nNo Migrations Available")
|
s.Assert().Contains(output, "Storage Schema Migration List (Up)\n\nNo Migrations Available")
|
||||||
|
|
||||||
output, err = s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "storage", "--config", "/config/configuration.storage.yml", "migrate", "list-down"})
|
output, err = s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "storage", "migrate", "list-down", "--config=/config/configuration.storage.yml"})
|
||||||
s.Assert().NoError(err)
|
s.Assert().NoError(err)
|
||||||
|
|
||||||
s.Assert().Contains(output, "Storage Schema Migration List (Down)\n\nVersion\t\tDescription\n")
|
s.Assert().Contains(output, "Storage Schema Migration List (Down)\n\nVersion\t\tDescription\n")
|
||||||
|
@ -259,7 +259,7 @@ func (s *CLISuite) TestStorage01ShouldMigrateUp() {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *CLISuite) TestStorage02ShouldShowSchemaInfo() {
|
func (s *CLISuite) TestStorage02ShouldShowSchemaInfo() {
|
||||||
output, err := s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "storage", "schema-info", "--config", "/config/configuration.storage.yml"})
|
output, err := s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "storage", "schema-info", "--config=/config/configuration.storage.yml"})
|
||||||
s.Assert().NoError(err)
|
s.Assert().NoError(err)
|
||||||
|
|
||||||
pattern := regexp.MustCompile(`^Schema Version: \d+\nSchema Upgrade Available: no\nSchema Tables: authentication_logs, identity_verification, totp_configurations, u2f_devices, duo_devices, user_preferences, migrations, encryption\nSchema Encryption Key: valid`)
|
pattern := regexp.MustCompile(`^Schema Version: \d+\nSchema Upgrade Available: no\nSchema Tables: authentication_logs, identity_verification, totp_configurations, u2f_devices, duo_devices, user_preferences, migrations, encryption\nSchema Encryption Key: valid`)
|
||||||
|
@ -284,95 +284,157 @@ func (s *CLISuite) TestStorage03ShouldExportTOTP() {
|
||||||
|
|
||||||
expectedLinesCSV = append(expectedLinesCSV, "issuer,username,algorithm,digits,period,secret")
|
expectedLinesCSV = append(expectedLinesCSV, "issuer,username,algorithm,digits,period,secret")
|
||||||
|
|
||||||
configs := []*models.TOTPConfiguration{
|
testCases := []struct {
|
||||||
|
config models.TOTPConfiguration
|
||||||
|
png bool
|
||||||
|
}{
|
||||||
{
|
{
|
||||||
|
config: models.TOTPConfiguration{
|
||||||
Username: "john",
|
Username: "john",
|
||||||
Period: 30,
|
Period: 30,
|
||||||
Digits: 6,
|
Digits: 6,
|
||||||
Algorithm: "SHA1",
|
Algorithm: "SHA1",
|
||||||
},
|
},
|
||||||
|
},
|
||||||
{
|
{
|
||||||
|
config: models.TOTPConfiguration{
|
||||||
Username: "mary",
|
Username: "mary",
|
||||||
Period: 45,
|
Period: 45,
|
||||||
Digits: 6,
|
Digits: 6,
|
||||||
Algorithm: "SHA1",
|
Algorithm: "SHA1",
|
||||||
},
|
},
|
||||||
|
},
|
||||||
{
|
{
|
||||||
|
config: models.TOTPConfiguration{
|
||||||
Username: "fred",
|
Username: "fred",
|
||||||
Period: 30,
|
Period: 30,
|
||||||
Digits: 8,
|
Digits: 8,
|
||||||
Algorithm: "SHA1",
|
Algorithm: "SHA1",
|
||||||
},
|
},
|
||||||
|
},
|
||||||
{
|
{
|
||||||
|
config: models.TOTPConfiguration{
|
||||||
Username: "jone",
|
Username: "jone",
|
||||||
Period: 30,
|
Period: 30,
|
||||||
Digits: 6,
|
Digits: 6,
|
||||||
Algorithm: "SHA512",
|
Algorithm: "SHA512",
|
||||||
},
|
},
|
||||||
|
png: true,
|
||||||
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
for _, config := range configs {
|
var (
|
||||||
output, err = s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "storage", "totp", "generate", config.Username, "--period", strconv.Itoa(int(config.Period)), "--algorithm", config.Algorithm, "--digits", strconv.Itoa(int(config.Digits)), "--config", "/config/configuration.storage.yml"})
|
config *models.TOTPConfiguration
|
||||||
|
fileInfo os.FileInfo
|
||||||
|
)
|
||||||
|
|
||||||
|
for _, testCase := range testCases {
|
||||||
|
if testCase.png {
|
||||||
|
output, err = s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "storage", "totp", "generate", testCase.config.Username, "--period", strconv.Itoa(int(testCase.config.Period)), "--algorithm", testCase.config.Algorithm, "--digits", strconv.Itoa(int(testCase.config.Digits)), "--path=/tmp/qr.png", "--config=/config/configuration.storage.yml"})
|
||||||
|
s.Assert().NoError(err)
|
||||||
|
s.Assert().Contains(output, " and saved it as a PNG image at the path '/tmp/qr.png'")
|
||||||
|
|
||||||
|
fileInfo, err = os.Stat("/tmp/qr.png")
|
||||||
|
s.Assert().NoError(err)
|
||||||
|
s.Require().NotNil(fileInfo)
|
||||||
|
s.Assert().False(fileInfo.IsDir())
|
||||||
|
s.Assert().Greater(fileInfo.Size(), int64(1000))
|
||||||
|
} else {
|
||||||
|
output, err = s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "storage", "totp", "generate", testCase.config.Username, "--period", strconv.Itoa(int(testCase.config.Period)), "--algorithm", testCase.config.Algorithm, "--digits", strconv.Itoa(int(testCase.config.Digits)), "--config=/config/configuration.storage.yml"})
|
||||||
|
s.Assert().NoError(err)
|
||||||
|
}
|
||||||
|
|
||||||
|
config, err = storageProvider.LoadTOTPConfiguration(ctx, testCase.config.Username)
|
||||||
s.Assert().NoError(err)
|
s.Assert().NoError(err)
|
||||||
|
|
||||||
config, err = storageProvider.LoadTOTPConfiguration(ctx, config.Username)
|
|
||||||
s.Assert().NoError(err)
|
|
||||||
s.Assert().Contains(output, config.URI())
|
s.Assert().Contains(output, config.URI())
|
||||||
|
|
||||||
expectedLinesCSV = append(expectedLinesCSV, fmt.Sprintf("%s,%s,%s,%d,%d,%s", "Authelia", config.Username, config.Algorithm, config.Digits, config.Period, string(config.Secret)))
|
expectedLinesCSV = append(expectedLinesCSV, fmt.Sprintf("%s,%s,%s,%d,%d,%s", "Authelia", config.Username, config.Algorithm, config.Digits, config.Period, string(config.Secret)))
|
||||||
expectedLines = append(expectedLines, config.URI())
|
expectedLines = append(expectedLines, config.URI())
|
||||||
}
|
}
|
||||||
|
|
||||||
output, err = s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "storage", "totp", "export", "--format", "uri", "--config", "/config/configuration.storage.yml"})
|
output, err = s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "storage", "totp", "export", "--format=uri", "--config=/config/configuration.storage.yml"})
|
||||||
s.Assert().NoError(err)
|
s.Assert().NoError(err)
|
||||||
|
|
||||||
for _, expectedLine := range expectedLines {
|
for _, expectedLine := range expectedLines {
|
||||||
s.Assert().Contains(output, expectedLine)
|
s.Assert().Contains(output, expectedLine)
|
||||||
}
|
}
|
||||||
|
|
||||||
output, err = s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "storage", "totp", "export", "--format", "csv", "--config", "/config/configuration.storage.yml"})
|
output, err = s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "storage", "totp", "export", "--format=csv", "--config=/config/configuration.storage.yml"})
|
||||||
s.Assert().NoError(err)
|
s.Assert().NoError(err)
|
||||||
|
|
||||||
for _, expectedLine := range expectedLinesCSV {
|
for _, expectedLine := range expectedLinesCSV {
|
||||||
s.Assert().Contains(output, expectedLine)
|
s.Assert().Contains(output, expectedLine)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
output, err = s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "storage", "totp", "export", "--format=wrong", "--config=/config/configuration.storage.yml"})
|
||||||
|
s.Assert().EqualError(err, "exit status 1")
|
||||||
|
s.Assert().Contains(output, "Error: format must be csv, uri, or png")
|
||||||
|
|
||||||
|
output, err = s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "storage", "totp", "export", "--format=png", "--dir=/tmp/qr", "--config=/config/configuration.storage.yml"})
|
||||||
|
s.Assert().NoError(err)
|
||||||
|
s.Assert().Contains(output, "Exported TOTP QR codes in PNG format in the '/tmp/qr' directory")
|
||||||
|
|
||||||
|
for _, testCase := range testCases {
|
||||||
|
fileInfo, err = os.Stat(fmt.Sprintf("/tmp/qr/%s.png", testCase.config.Username))
|
||||||
|
|
||||||
|
s.Assert().NoError(err)
|
||||||
|
s.Require().NotNil(fileInfo)
|
||||||
|
|
||||||
|
s.Assert().False(fileInfo.IsDir())
|
||||||
|
s.Assert().Greater(fileInfo.Size(), int64(1000))
|
||||||
|
}
|
||||||
|
|
||||||
|
output, err = s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "storage", "totp", "generate", "test", "--period=30", "--algorithm=SHA1", "--digits=6", "--path=/tmp/qr.png", "--config=/config/configuration.storage.yml"})
|
||||||
|
s.Assert().EqualError(err, "exit status 1")
|
||||||
|
s.Assert().Contains(output, "Error: image output filepath already exists")
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *CLISuite) TestStorage04ShouldChangeEncryptionKey() {
|
func (s *CLISuite) TestStorage04ShouldChangeEncryptionKey() {
|
||||||
output, err := s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "storage", "encryption", "change-key", "--new-encryption-key", "apple-apple-apple-apple", "--config", "/config/configuration.storage.yml"})
|
output, err := s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "storage", "encryption", "change-key", "--new-encryption-key=apple-apple-apple-apple", "--config=/config/configuration.storage.yml"})
|
||||||
s.Assert().NoError(err)
|
s.Assert().NoError(err)
|
||||||
|
|
||||||
s.Assert().Contains(output, "Completed the encryption key change. Please adjust your configuration to use the new key.\n")
|
s.Assert().Contains(output, "Completed the encryption key change. Please adjust your configuration to use the new key.\n")
|
||||||
|
|
||||||
output, err = s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "storage", "schema-info", "--config", "/config/configuration.storage.yml"})
|
output, err = s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "storage", "schema-info", "--config=/config/configuration.storage.yml"})
|
||||||
s.Assert().NoError(err)
|
s.Assert().NoError(err)
|
||||||
|
|
||||||
pattern := regexp.MustCompile(`Schema Version: \d+\nSchema Upgrade Available: no\nSchema Tables: authentication_logs, identity_verification, totp_configurations, u2f_devices, duo_devices, user_preferences, migrations, encryption\nSchema Encryption Key: invalid`)
|
pattern := regexp.MustCompile(`Schema Version: \d+\nSchema Upgrade Available: no\nSchema Tables: authentication_logs, identity_verification, totp_configurations, u2f_devices, duo_devices, user_preferences, migrations, encryption\nSchema Encryption Key: invalid`)
|
||||||
s.Assert().Regexp(pattern, output)
|
s.Assert().Regexp(pattern, output)
|
||||||
|
|
||||||
output, err = s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "storage", "encryption", "check", "--config", "/config/configuration.storage.yml"})
|
output, err = s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "storage", "encryption", "check", "--config=/config/configuration.storage.yml"})
|
||||||
s.Assert().NoError(err)
|
s.Assert().NoError(err)
|
||||||
|
|
||||||
s.Assert().Contains(output, "Encryption key validation: failed.\n\nError: the encryption key is not valid against the schema check value.\n")
|
s.Assert().Contains(output, "Encryption key validation: failed.\n\nError: the encryption key is not valid against the schema check value.\n")
|
||||||
|
|
||||||
output, err = s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "storage", "encryption", "check", "--verbose", "--config", "/config/configuration.storage.yml"})
|
output, err = s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "storage", "encryption", "check", "--verbose", "--config=/config/configuration.storage.yml"})
|
||||||
s.Assert().NoError(err)
|
s.Assert().NoError(err)
|
||||||
|
|
||||||
s.Assert().Contains(output, "Encryption key validation: failed.\n\nError: the encryption key is not valid against the schema check value, 4 of 4 total TOTP secrets were invalid.\n")
|
s.Assert().Contains(output, "Encryption key validation: failed.\n\nError: the encryption key is not valid against the schema check value, 4 of 4 total TOTP secrets were invalid.\n")
|
||||||
|
|
||||||
output, err = s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "storage", "encryption", "check", "--encryption-key", "apple-apple-apple-apple", "--config", "/config/configuration.storage.yml"})
|
output, err = s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "storage", "encryption", "check", "--encryption-key=apple-apple-apple-apple", "--config=/config/configuration.storage.yml"})
|
||||||
s.Assert().NoError(err)
|
s.Assert().NoError(err)
|
||||||
|
|
||||||
s.Assert().Contains(output, "Encryption key validation: success.\n")
|
s.Assert().Contains(output, "Encryption key validation: success.\n")
|
||||||
|
|
||||||
output, err = s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "storage", "encryption", "check", "--verbose", "--encryption-key", "apple-apple-apple-apple", "--config", "/config/configuration.storage.yml"})
|
output, err = s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "storage", "encryption", "check", "--verbose", "--encryption-key=apple-apple-apple-apple", "--config=/config/configuration.storage.yml"})
|
||||||
s.Assert().NoError(err)
|
s.Assert().NoError(err)
|
||||||
|
|
||||||
s.Assert().Contains(output, "Encryption key validation: success.\n")
|
s.Assert().Contains(output, "Encryption key validation: success.\n")
|
||||||
|
|
||||||
|
output, err = s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "storage", "encryption", "change-key", "--encryption-key=apple-apple-apple-apple", "--config=/config/configuration.storage.yml"})
|
||||||
|
s.Assert().EqualError(err, "exit status 1")
|
||||||
|
|
||||||
|
s.Assert().Contains(output, "Error: you must set the --new-encryption-key flag\n")
|
||||||
|
|
||||||
|
output, err = s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "storage", "encryption", "change-key", "--encryption-key=apple-apple-apple-apple", "--new-encryption-key=abc", "--config=/config/configuration.storage.yml"})
|
||||||
|
s.Assert().EqualError(err, "exit status 1")
|
||||||
|
|
||||||
|
s.Assert().Contains(output, "Error: the new encryption key must be at least 20 characters\n")
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *CLISuite) TestStorage05ShouldMigrateDown() {
|
func (s *CLISuite) TestStorage05ShouldMigrateDown() {
|
||||||
output, err := s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "storage", "migrate", "down", "--target", "0", "--destroy-data", "--config", "/config/configuration.storage.yml"})
|
output, err := s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "storage", "migrate", "down", "--target=0", "--destroy-data", "--config=/config/configuration.storage.yml"})
|
||||||
s.Assert().NoError(err)
|
s.Assert().NoError(err)
|
||||||
|
|
||||||
pattern0 := regexp.MustCompile(`"Storage schema migration from \d+ to \d+ is being attempted"`)
|
pattern0 := regexp.MustCompile(`"Storage schema migration from \d+ to \d+ is being attempted"`)
|
||||||
|
@ -383,7 +445,7 @@ func (s *CLISuite) TestStorage05ShouldMigrateDown() {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *CLISuite) TestACLPolicyCheckVerbose() {
|
func (s *CLISuite) TestACLPolicyCheckVerbose() {
|
||||||
output, err := s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "access-control", "check-policy", "--url=https://public.example.com", "--verbose", "--config", "/config/configuration.yml"})
|
output, err := s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "access-control", "check-policy", "--url=https://public.example.com", "--verbose", "--config=/config/configuration.yml"})
|
||||||
s.Assert().NoError(err)
|
s.Assert().NoError(err)
|
||||||
|
|
||||||
// This is an example of `authelia access-control check-policy --config .\internal\suites\CLI\configuration.yml --url=https://public.example.com --verbose`.
|
// This is an example of `authelia access-control check-policy --config .\internal\suites\CLI\configuration.yml --url=https://public.example.com --verbose`.
|
||||||
|
@ -400,7 +462,7 @@ func (s *CLISuite) TestACLPolicyCheckVerbose() {
|
||||||
s.Contains(output, " 9\tmiss\thit\t\thit\thit\tmay\n")
|
s.Contains(output, " 9\tmiss\thit\t\thit\thit\tmay\n")
|
||||||
s.Contains(output, "The policy 'bypass' from rule #1 will be applied to this request.")
|
s.Contains(output, "The policy 'bypass' from rule #1 will be applied to this request.")
|
||||||
|
|
||||||
output, err = s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "access-control", "check-policy", "--url=https://admin.example.com", "--method=HEAD", "--username=tom", "--groups=basic,test", "--ip=192.168.2.3", "--verbose", "--config", "/config/configuration.yml"})
|
output, err = s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "access-control", "check-policy", "--url=https://admin.example.com", "--method=HEAD", "--username=tom", "--groups=basic,test", "--ip=192.168.2.3", "--verbose", "--config=/config/configuration.yml"})
|
||||||
s.Assert().NoError(err)
|
s.Assert().NoError(err)
|
||||||
|
|
||||||
// This is an example of `authelia access-control check-policy --config .\internal\suites\CLI\configuration.yml --url=https://admin.example.com --method=HEAD --username=tom --groups=basic,test --ip=192.168.2.3 --verbose`.
|
// This is an example of `authelia access-control check-policy --config .\internal\suites\CLI\configuration.yml --url=https://admin.example.com --method=HEAD --username=tom --groups=basic,test --ip=192.168.2.3 --verbose`.
|
||||||
|
@ -418,7 +480,7 @@ func (s *CLISuite) TestACLPolicyCheckVerbose() {
|
||||||
s.Contains(output, " 9\tmiss\thit\t\thit\thit\tmiss\n")
|
s.Contains(output, " 9\tmiss\thit\t\thit\thit\tmiss\n")
|
||||||
s.Contains(output, "The policy 'two_factor' from rule #2 will be applied to this request.")
|
s.Contains(output, "The policy 'two_factor' from rule #2 will be applied to this request.")
|
||||||
|
|
||||||
output, err = s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "access-control", "check-policy", "--url=https://resources.example.com/resources/test", "--method=POST", "--username=john", "--groups=admin,test", "--ip=192.168.1.3", "--verbose", "--config", "/config/configuration.yml"})
|
output, err = s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "access-control", "check-policy", "--url=https://resources.example.com/resources/test", "--method=POST", "--username=john", "--groups=admin,test", "--ip=192.168.1.3", "--verbose", "--config=/config/configuration.yml"})
|
||||||
s.Assert().NoError(err)
|
s.Assert().NoError(err)
|
||||||
|
|
||||||
// This is an example of `authelia access-control check-policy --config .\internal\suites\CLI\configuration.yml --url=https://resources.example.com/resources/test --method=POST --username=john --groups=admin,test --ip=192.168.1.3 --verbose`.
|
// This is an example of `authelia access-control check-policy --config .\internal\suites\CLI\configuration.yml --url=https://resources.example.com/resources/test --method=POST --username=john --groups=admin,test --ip=192.168.1.3 --verbose`.
|
||||||
|
@ -435,7 +497,7 @@ func (s *CLISuite) TestACLPolicyCheckVerbose() {
|
||||||
s.Contains(output, " 9\tmiss\thit\t\thit\thit\thit\n")
|
s.Contains(output, " 9\tmiss\thit\t\thit\thit\thit\n")
|
||||||
s.Contains(output, "The policy 'one_factor' from rule #5 will be applied to this request.")
|
s.Contains(output, "The policy 'one_factor' from rule #5 will be applied to this request.")
|
||||||
|
|
||||||
output, err = s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "access-control", "check-policy", "--url=https://user.example.com/resources/test", "--method=HEAD", "--username=john", "--groups=admin,test", "--ip=192.168.1.3", "--verbose", "--config", "/config/configuration.yml"})
|
output, err = s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "access-control", "check-policy", "--url=https://user.example.com/resources/test", "--method=HEAD", "--username=john", "--groups=admin,test", "--ip=192.168.1.3", "--verbose", "--config=/config/configuration.yml"})
|
||||||
s.Assert().NoError(err)
|
s.Assert().NoError(err)
|
||||||
|
|
||||||
// This is an example of `access-control check-policy --config .\internal\suites\CLI\configuration.yml --url=https://user.example.com --method=HEAD --username=john --groups=admin,test --ip=192.168.1.3 --verbose`.
|
// This is an example of `access-control check-policy --config .\internal\suites\CLI\configuration.yml --url=https://user.example.com --method=HEAD --username=john --groups=admin,test --ip=192.168.1.3 --verbose`.
|
||||||
|
@ -452,7 +514,7 @@ func (s *CLISuite) TestACLPolicyCheckVerbose() {
|
||||||
s.Contains(output, "* 9\thit\thit\t\thit\thit\thit\n")
|
s.Contains(output, "* 9\thit\thit\t\thit\thit\thit\n")
|
||||||
s.Contains(output, "The policy 'one_factor' from rule #9 will be applied to this request.")
|
s.Contains(output, "The policy 'one_factor' from rule #9 will be applied to this request.")
|
||||||
|
|
||||||
output, err = s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "access-control", "check-policy", "--url=https://user.example.com", "--method=HEAD", "--ip=192.168.1.3", "--verbose", "--config", "/config/configuration.yml"})
|
output, err = s.Exec("authelia-backend", []string{"authelia", s.testArg, s.coverageArg, "access-control", "check-policy", "--url=https://user.example.com", "--method=HEAD", "--ip=192.168.1.3", "--verbose", "--config=/config/configuration.yml"})
|
||||||
s.Assert().NoError(err)
|
s.Assert().NoError(err)
|
||||||
|
|
||||||
// This is an example of `authelia access-control check-policy --config .\internal\suites\CLI\configuration.yml --url=https://user.example.com --method=HEAD --ip=192.168.1.3 --verbose`.
|
// This is an example of `authelia access-control check-policy --config .\internal\suites\CLI\configuration.yml --url=https://user.example.com --method=HEAD --ip=192.168.1.3 --verbose`.
|
||||||
|
|
Loading…
Reference in New Issue
Block a user