From 29e54c231ba16f4e597cd8699a249d2267a3245f Mon Sep 17 00:00:00 2001 From: Amir Zarrinkafsh Date: Sun, 21 Jun 2020 23:40:37 +1000 Subject: [PATCH] [MISC] Template global config and refactor some /api endpoints (#1135) * [MISC] Template global config and refactor some /api endpoints * /api/configuration has been removed in favour of templating said global config * /api/configuration/extended has been renamed to /api/configuration and display_name has been removed * /api/user/info has been modified to include display_name Co-authored-by: Clement Michaud --- internal/handlers/handler_configuration.go | 28 ++- .../handlers/handler_configuration_test.go | 140 +++++++++++++-- .../handler_extended_configuration.go | 32 ---- .../handler_extended_configuration_test.go | 159 ------------------ internal/handlers/handler_user_info.go | 18 +- internal/handlers/handler_user_info_test.go | 8 +- internal/handlers/types.go | 7 +- internal/server/index.go | 4 +- internal/server/server.go | 15 +- .../scenario_backend_protection_test.go | 5 +- web/public/index.html | 2 +- web/src/App.tsx | 17 +- web/src/hooks/BasePath.ts | 9 +- web/src/hooks/Configuration.ts | 23 ++- web/src/models/Configuration.ts | 6 - web/src/models/UserInfo.ts | 1 + web/src/services/Api.ts | 1 - web/src/services/Configuration.ts | 15 +- web/src/services/UserPreferences.ts | 1 + web/src/setupTests.js | 2 + web/src/views/LoginPortal/LoginPortal.tsx | 6 +- .../SecondFactor/SecondFactorForm.tsx | 6 +- 22 files changed, 216 insertions(+), 289 deletions(-) delete mode 100644 internal/handlers/handler_extended_configuration.go delete mode 100644 internal/handlers/handler_extended_configuration_test.go diff --git a/internal/handlers/handler_configuration.go b/internal/handlers/handler_configuration.go index 08d08dc7..0166cab2 100644 --- a/internal/handlers/handler_configuration.go +++ b/internal/handlers/handler_configuration.go @@ -1,18 +1,30 @@ package handlers -import "github.com/authelia/authelia/internal/middlewares" +import ( + "github.com/authelia/authelia/internal/authentication" + "github.com/authelia/authelia/internal/middlewares" +) -// ConfigurationBody configuration parameters exposed to the frontend. +// ConfigurationBody the content returned by the configuration endpoint. type ConfigurationBody struct { - RememberMe bool `json:"remember_me"` // whether remember me is enabled or not - ResetPassword bool `json:"reset_password"` + AvailableMethods MethodList `json:"available_methods"` + SecondFactorEnabled bool `json:"second_factor_enabled"` // whether second factor is enabled or not. + TOTPPeriod int `json:"totp_period"` } -// ConfigurationGet fetches configuration parameters for frontend mutation. +// ConfigurationGet get the configuration accessible to authenticated users. func ConfigurationGet(ctx *middlewares.AutheliaCtx) { - body := ConfigurationBody{ - RememberMe: ctx.Providers.SessionProvider.RememberMe != 0, - ResetPassword: !ctx.Configuration.AuthenticationBackend.DisableResetPassword, + body := ConfigurationBody{} + body.AvailableMethods = MethodList{authentication.TOTP, authentication.U2F} + body.TOTPPeriod = ctx.Configuration.TOTP.Period + + if ctx.Configuration.DuoAPI != nil { + body.AvailableMethods = append(body.AvailableMethods, authentication.Push) } + + body.SecondFactorEnabled = ctx.Providers.Authorizer.IsSecondFactorEnabled() + ctx.Logger.Tracef("Second factor enabled: %v", body.SecondFactorEnabled) + + ctx.Logger.Tracef("Available methods are %s", body.AvailableMethods) ctx.SetJSONBody(body) //nolint:errcheck // TODO: Legacy code, consider refactoring time permitting. } diff --git a/internal/handlers/handler_configuration_test.go b/internal/handlers/handler_configuration_test.go index d1b64d40..d5e82101 100644 --- a/internal/handlers/handler_configuration_test.go +++ b/internal/handlers/handler_configuration_test.go @@ -5,49 +5,155 @@ import ( "github.com/stretchr/testify/suite" + "github.com/authelia/authelia/internal/authorization" + "github.com/authelia/authelia/internal/configuration/schema" "github.com/authelia/authelia/internal/mocks" - "github.com/authelia/authelia/internal/session" ) -type ConfigurationSuite struct { +type SecondFactorAvailableMethodsFixture struct { suite.Suite - mock *mocks.MockAutheliaCtx } -func (s *ConfigurationSuite) SetupTest() { +func (s *SecondFactorAvailableMethodsFixture) SetupTest() { s.mock = mocks.NewMockAutheliaCtx(s.T()) + s.mock.Ctx.Providers.Authorizer = authorization.NewAuthorizer(schema.AccessControlConfiguration{ + DefaultPolicy: "deny", + Rules: []schema.ACLRule{}, + }) } -func (s *ConfigurationSuite) TearDownTest() { +func (s *SecondFactorAvailableMethodsFixture) TearDownTest() { s.mock.Close() } -func (s *ConfigurationSuite) TestShouldDisableRememberMe() { - s.mock.Ctx.Configuration.Session.RememberMeDuration = "0" - s.mock.Ctx.Providers.SessionProvider = session.NewProvider( - s.mock.Ctx.Configuration.Session) +func (s *SecondFactorAvailableMethodsFixture) TestShouldServeDefaultMethods() { + s.mock.Ctx.Configuration = schema.Configuration{ + TOTP: &schema.TOTPConfiguration{ + Period: schema.DefaultTOTPConfiguration.Period, + }, + } expectedBody := ConfigurationBody{ - RememberMe: false, - ResetPassword: true, + AvailableMethods: []string{"totp", "u2f"}, + SecondFactorEnabled: false, + TOTPPeriod: schema.DefaultTOTPConfiguration.Period, } ConfigurationGet(s.mock.Ctx) s.mock.Assert200OK(s.T(), expectedBody) } -func (s *ConfigurationSuite) TestShouldDisableResetPassword() { - s.mock.Ctx.Configuration.AuthenticationBackend.DisableResetPassword = true +func (s *SecondFactorAvailableMethodsFixture) TestShouldServeDefaultMethodsAndMobilePush() { + s.mock.Ctx.Configuration = schema.Configuration{ + DuoAPI: &schema.DuoAPIConfiguration{}, + TOTP: &schema.TOTPConfiguration{ + Period: schema.DefaultTOTPConfiguration.Period, + }, + } expectedBody := ConfigurationBody{ - RememberMe: true, - ResetPassword: false, + AvailableMethods: []string{"totp", "u2f", "mobile_push"}, + SecondFactorEnabled: false, + TOTPPeriod: schema.DefaultTOTPConfiguration.Period, } ConfigurationGet(s.mock.Ctx) s.mock.Assert200OK(s.T(), expectedBody) } -func TestRunHandlerConfigurationSuite(t *testing.T) { - s := new(ConfigurationSuite) +func (s *SecondFactorAvailableMethodsFixture) TestShouldCheckSecondFactorIsDisabledWhenNoRuleIsSetToTwoFactor() { + s.mock.Ctx.Configuration = schema.Configuration{ + TOTP: &schema.TOTPConfiguration{ + Period: schema.DefaultTOTPConfiguration.Period, + }, + } + s.mock.Ctx.Providers.Authorizer = authorization.NewAuthorizer(schema.AccessControlConfiguration{ + DefaultPolicy: "bypass", + Rules: []schema.ACLRule{ + { + Domains: []string{"example.com"}, + Policy: "deny", + }, + { + Domains: []string{"abc.example.com"}, + Policy: "single_factor", + }, + { + Domains: []string{"def.example.com"}, + Policy: "bypass", + }, + }, + }) + ConfigurationGet(s.mock.Ctx) + s.mock.Assert200OK(s.T(), ConfigurationBody{ + AvailableMethods: []string{"totp", "u2f"}, + SecondFactorEnabled: false, + TOTPPeriod: schema.DefaultTOTPConfiguration.Period, + }) +} + +func (s *SecondFactorAvailableMethodsFixture) TestShouldCheckSecondFactorIsEnabledWhenDefaultPolicySetToTwoFactor() { + s.mock.Ctx.Configuration = schema.Configuration{ + TOTP: &schema.TOTPConfiguration{ + Period: schema.DefaultTOTPConfiguration.Period, + }, + } + s.mock.Ctx.Providers.Authorizer = authorization.NewAuthorizer(schema.AccessControlConfiguration{ + DefaultPolicy: "two_factor", + Rules: []schema.ACLRule{ + { + Domains: []string{"example.com"}, + Policy: "deny", + }, + { + Domains: []string{"abc.example.com"}, + Policy: "single_factor", + }, + { + Domains: []string{"def.example.com"}, + Policy: "bypass", + }, + }, + }) + ConfigurationGet(s.mock.Ctx) + s.mock.Assert200OK(s.T(), ConfigurationBody{ + AvailableMethods: []string{"totp", "u2f"}, + SecondFactorEnabled: true, + TOTPPeriod: schema.DefaultTOTPConfiguration.Period, + }) +} + +func (s *SecondFactorAvailableMethodsFixture) TestShouldCheckSecondFactorIsEnabledWhenSomePolicySetToTwoFactor() { + s.mock.Ctx.Configuration = schema.Configuration{ + TOTP: &schema.TOTPConfiguration{ + Period: schema.DefaultTOTPConfiguration.Period, + }, + } + s.mock.Ctx.Providers.Authorizer = authorization.NewAuthorizer(schema.AccessControlConfiguration{ + DefaultPolicy: "bypass", + Rules: []schema.ACLRule{ + { + Domains: []string{"example.com"}, + Policy: "deny", + }, + { + Domains: []string{"abc.example.com"}, + Policy: "two_factor", + }, + { + Domains: []string{"def.example.com"}, + Policy: "bypass", + }, + }, + }) + ConfigurationGet(s.mock.Ctx) + s.mock.Assert200OK(s.T(), ConfigurationBody{ + AvailableMethods: []string{"totp", "u2f"}, + SecondFactorEnabled: true, + TOTPPeriod: schema.DefaultTOTPConfiguration.Period, + }) +} + +func TestRunSuite(t *testing.T) { + s := new(SecondFactorAvailableMethodsFixture) suite.Run(t, s) } diff --git a/internal/handlers/handler_extended_configuration.go b/internal/handlers/handler_extended_configuration.go deleted file mode 100644 index 2a06f3e9..00000000 --- a/internal/handlers/handler_extended_configuration.go +++ /dev/null @@ -1,32 +0,0 @@ -package handlers - -import ( - "github.com/authelia/authelia/internal/authentication" - "github.com/authelia/authelia/internal/middlewares" -) - -// ExtendedConfigurationBody the content returned by extended configuration endpoint. -type ExtendedConfigurationBody struct { - AvailableMethods MethodList `json:"available_methods"` - DisplayName string `json:"display_name"` - SecondFactorEnabled bool `json:"second_factor_enabled"` // whether second factor is enabled or not. - TOTPPeriod int `json:"totp_period"` -} - -// ExtendedConfigurationGet get the extended configuration accessible to authenticated users. -func ExtendedConfigurationGet(ctx *middlewares.AutheliaCtx) { - body := ExtendedConfigurationBody{} - body.AvailableMethods = MethodList{authentication.TOTP, authentication.U2F} - body.DisplayName = ctx.GetSession().DisplayName - body.TOTPPeriod = ctx.Configuration.TOTP.Period - - if ctx.Configuration.DuoAPI != nil { - body.AvailableMethods = append(body.AvailableMethods, authentication.Push) - } - - body.SecondFactorEnabled = ctx.Providers.Authorizer.IsSecondFactorEnabled() - ctx.Logger.Tracef("Second factor enabled: %v", body.SecondFactorEnabled) - - ctx.Logger.Tracef("Available methods are %s", body.AvailableMethods) - ctx.SetJSONBody(body) //nolint:errcheck // TODO: Legacy code, consider refactoring time permitting. -} diff --git a/internal/handlers/handler_extended_configuration_test.go b/internal/handlers/handler_extended_configuration_test.go deleted file mode 100644 index b974b075..00000000 --- a/internal/handlers/handler_extended_configuration_test.go +++ /dev/null @@ -1,159 +0,0 @@ -package handlers - -import ( - "testing" - - "github.com/stretchr/testify/suite" - - "github.com/authelia/authelia/internal/authorization" - "github.com/authelia/authelia/internal/configuration/schema" - "github.com/authelia/authelia/internal/mocks" -) - -type SecondFactorAvailableMethodsFixture struct { - suite.Suite - mock *mocks.MockAutheliaCtx -} - -func (s *SecondFactorAvailableMethodsFixture) SetupTest() { - s.mock = mocks.NewMockAutheliaCtx(s.T()) - s.mock.Ctx.Providers.Authorizer = authorization.NewAuthorizer(schema.AccessControlConfiguration{ - DefaultPolicy: "deny", - Rules: []schema.ACLRule{}, - }) -} - -func (s *SecondFactorAvailableMethodsFixture) TearDownTest() { - s.mock.Close() -} - -func (s *SecondFactorAvailableMethodsFixture) TestShouldServeDefaultMethods() { - s.mock.Ctx.Configuration = schema.Configuration{ - TOTP: &schema.TOTPConfiguration{ - Period: schema.DefaultTOTPConfiguration.Period, - }, - } - expectedBody := ExtendedConfigurationBody{ - AvailableMethods: []string{"totp", "u2f"}, - SecondFactorEnabled: false, - TOTPPeriod: schema.DefaultTOTPConfiguration.Period, - } - - ExtendedConfigurationGet(s.mock.Ctx) - s.mock.Assert200OK(s.T(), expectedBody) -} - -func (s *SecondFactorAvailableMethodsFixture) TestShouldServeDefaultMethodsAndMobilePush() { - s.mock.Ctx.Configuration = schema.Configuration{ - DuoAPI: &schema.DuoAPIConfiguration{}, - TOTP: &schema.TOTPConfiguration{ - Period: schema.DefaultTOTPConfiguration.Period, - }, - } - expectedBody := ExtendedConfigurationBody{ - AvailableMethods: []string{"totp", "u2f", "mobile_push"}, - SecondFactorEnabled: false, - TOTPPeriod: schema.DefaultTOTPConfiguration.Period, - } - - ExtendedConfigurationGet(s.mock.Ctx) - s.mock.Assert200OK(s.T(), expectedBody) -} - -func (s *SecondFactorAvailableMethodsFixture) TestShouldCheckSecondFactorIsDisabledWhenNoRuleIsSetToTwoFactor() { - s.mock.Ctx.Configuration = schema.Configuration{ - TOTP: &schema.TOTPConfiguration{ - Period: schema.DefaultTOTPConfiguration.Period, - }, - } - s.mock.Ctx.Providers.Authorizer = authorization.NewAuthorizer(schema.AccessControlConfiguration{ - DefaultPolicy: "bypass", - Rules: []schema.ACLRule{ - { - Domains: []string{"example.com"}, - Policy: "deny", - }, - { - Domains: []string{"abc.example.com"}, - Policy: "single_factor", - }, - { - Domains: []string{"def.example.com"}, - Policy: "bypass", - }, - }, - }) - ExtendedConfigurationGet(s.mock.Ctx) - s.mock.Assert200OK(s.T(), ExtendedConfigurationBody{ - AvailableMethods: []string{"totp", "u2f"}, - SecondFactorEnabled: false, - TOTPPeriod: schema.DefaultTOTPConfiguration.Period, - }) -} - -func (s *SecondFactorAvailableMethodsFixture) TestShouldCheckSecondFactorIsEnabledWhenDefaultPolicySetToTwoFactor() { - s.mock.Ctx.Configuration = schema.Configuration{ - TOTP: &schema.TOTPConfiguration{ - Period: schema.DefaultTOTPConfiguration.Period, - }, - } - s.mock.Ctx.Providers.Authorizer = authorization.NewAuthorizer(schema.AccessControlConfiguration{ - DefaultPolicy: "two_factor", - Rules: []schema.ACLRule{ - { - Domains: []string{"example.com"}, - Policy: "deny", - }, - { - Domains: []string{"abc.example.com"}, - Policy: "single_factor", - }, - { - Domains: []string{"def.example.com"}, - Policy: "bypass", - }, - }, - }) - ExtendedConfigurationGet(s.mock.Ctx) - s.mock.Assert200OK(s.T(), ExtendedConfigurationBody{ - AvailableMethods: []string{"totp", "u2f"}, - SecondFactorEnabled: true, - TOTPPeriod: schema.DefaultTOTPConfiguration.Period, - }) -} - -func (s *SecondFactorAvailableMethodsFixture) TestShouldCheckSecondFactorIsEnabledWhenSomePolicySetToTwoFactor() { - s.mock.Ctx.Configuration = schema.Configuration{ - TOTP: &schema.TOTPConfiguration{ - Period: schema.DefaultTOTPConfiguration.Period, - }, - } - s.mock.Ctx.Providers.Authorizer = authorization.NewAuthorizer(schema.AccessControlConfiguration{ - DefaultPolicy: "bypass", - Rules: []schema.ACLRule{ - { - Domains: []string{"example.com"}, - Policy: "deny", - }, - { - Domains: []string{"abc.example.com"}, - Policy: "two_factor", - }, - { - Domains: []string{"def.example.com"}, - Policy: "bypass", - }, - }, - }) - ExtendedConfigurationGet(s.mock.Ctx) - s.mock.Assert200OK(s.T(), ExtendedConfigurationBody{ - AvailableMethods: []string{"totp", "u2f"}, - SecondFactorEnabled: true, - TOTPPeriod: schema.DefaultTOTPConfiguration.Period, - }) -} - -func TestRunSuite(t *testing.T) { - s := new(SecondFactorAvailableMethodsFixture) - suite.Run(t, s) -} diff --git a/internal/handlers/handler_user_info.go b/internal/handlers/handler_user_info.go index 7066c640..410aedad 100644 --- a/internal/handlers/handler_user_info.go +++ b/internal/handlers/handler_user_info.go @@ -13,7 +13,7 @@ import ( "github.com/authelia/authelia/internal/utils" ) -func loadInfo(username string, storageProvider storage.Provider, preferences *UserPreferences, logger *logrus.Entry) []error { +func loadInfo(username string, storageProvider storage.Provider, userInfo *UserInfo, logger *logrus.Entry) []error { var wg sync.WaitGroup wg.Add(3) @@ -32,9 +32,9 @@ func loadInfo(username string, storageProvider storage.Provider, preferences *Us } if method == "" { - preferences.Method = authentication.PossibleMethods[0] + userInfo.Method = authentication.PossibleMethods[0] } else { - preferences.Method = method + userInfo.Method = method } }() @@ -53,7 +53,7 @@ func loadInfo(username string, storageProvider storage.Provider, preferences *Us return } - preferences.HasU2F = true + userInfo.HasU2F = true }() go func() { @@ -71,7 +71,7 @@ func loadInfo(username string, storageProvider storage.Provider, preferences *Us return } - preferences.HasTOTP = true + userInfo.HasTOTP = true }() wg.Wait() @@ -83,15 +83,17 @@ func loadInfo(username string, storageProvider storage.Provider, preferences *Us func UserInfoGet(ctx *middlewares.AutheliaCtx) { userSession := ctx.GetSession() - preferences := UserPreferences{} - errors := loadInfo(userSession.Username, ctx.Providers.StorageProvider, &preferences, ctx.Logger) + userInfo := UserInfo{} + errors := loadInfo(userSession.Username, ctx.Providers.StorageProvider, &userInfo, ctx.Logger) if len(errors) > 0 { ctx.Error(fmt.Errorf("Unable to load user information"), operationFailedMessage) return } - ctx.SetJSONBody(preferences) //nolint:errcheck // TODO: Legacy code, consider refactoring time permitting. + userInfo.DisplayName = userSession.DisplayName + + ctx.SetJSONBody(userInfo) //nolint:errcheck // TODO: Legacy code, consider refactoring time permitting. } // MethodBody the selected 2FA method. diff --git a/internal/handlers/handler_user_info_test.go b/internal/handlers/handler_user_info_test.go index 4d925787..44702ec2 100644 --- a/internal/handlers/handler_user_info_test.go +++ b/internal/handlers/handler_user_info_test.go @@ -31,7 +31,7 @@ func (s *FetchSuite) TearDownTest() { s.mock.Close() } -func setPreferencesExpectations(preferences UserPreferences, provider *storage.MockProvider) { +func setPreferencesExpectations(preferences UserInfo, provider *storage.MockProvider) { provider. EXPECT(). LoadPreferred2FAMethod(gomock.Eq("john")). @@ -65,7 +65,7 @@ func setPreferencesExpectations(preferences UserPreferences, provider *storage.M } func TestMethodSetToU2F(t *testing.T) { - table := []UserPreferences{ + table := []UserInfo{ { Method: "totp", }, @@ -97,7 +97,7 @@ func TestMethodSetToU2F(t *testing.T) { setPreferencesExpectations(expectedPreferences, mock.StorageProviderMock) UserInfoGet(mock.Ctx) - actualPreferences := UserPreferences{} + actualPreferences := UserInfo{} mock.GetResponseData(t, &actualPreferences) t.Run("expected method", func(t *testing.T) { @@ -132,7 +132,7 @@ func (s *FetchSuite) TestShouldGetDefaultPreferenceIfNotInDB() { Return("", storage.ErrNoTOTPSecret) UserInfoGet(s.mock.Ctx) - s.mock.Assert200OK(s.T(), UserPreferences{Method: "totp"}) + s.mock.Assert200OK(s.T(), UserInfo{Method: "totp"}) } func (s *FetchSuite) TestShouldReturnError500WhenStorageFailsToLoad() { diff --git a/internal/handlers/types.go b/internal/handlers/types.go index b42b2889..bcd21f62 100644 --- a/internal/handlers/types.go +++ b/internal/handlers/types.go @@ -11,8 +11,11 @@ type MethodList = []string type authorizationMatching int -// UserPreferences is the model of user second factor preferences. -type UserPreferences struct { +// UserInfo is the model of user info and second factor preferences. +type UserInfo struct { + // The users display name. + DisplayName string `json:"display_name"` + // The preferred 2FA method. Method string `json:"method" valid:"required"` diff --git a/internal/server/index.go b/internal/server/index.go index 9c5544f1..fbf09e9c 100644 --- a/internal/server/index.go +++ b/internal/server/index.go @@ -16,7 +16,7 @@ var alphaNumericRunes = []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUV // ServeIndex serve the index.html file with nonce generated for supporting // restrictive CSP while using material-ui from the embedded virtual filesystem. //go:generate broccoli -src ../../public_html -o public_html -func ServeIndex(publicDir, base string) fasthttp.RequestHandler { +func ServeIndex(publicDir, base, rememberMe, resetPassword string) fasthttp.RequestHandler { f, err := br.Open(publicDir + "/index.html") if err != nil { logging.Logger().Fatalf("Unable to open index.html: %v", err) @@ -38,7 +38,7 @@ func ServeIndex(publicDir, base string) fasthttp.RequestHandler { ctx.SetContentType("text/html; charset=utf-8") ctx.Response.Header.Add("Content-Security-Policy", fmt.Sprintf("default-src 'self'; object-src 'none'; style-src 'self' 'nonce-%s'", nonce)) - err := tmpl.Execute(ctx.Response.BodyWriter(), struct{ CSPNonce, Base string }{CSPNonce: nonce, Base: base}) + err := tmpl.Execute(ctx.Response.BodyWriter(), struct{ Base, CSPNonce, RememberMe, ResetPassword string }{Base: base, CSPNonce: nonce, RememberMe: rememberMe, ResetPassword: resetPassword}) if err != nil { ctx.Error("An error occurred", 503) logging.Logger().Errorf("Unable to execute template: %v", err) diff --git a/internal/server/server.go b/internal/server/server.go index cee96144..9d0bfb88 100644 --- a/internal/server/server.go +++ b/internal/server/server.go @@ -3,6 +3,7 @@ package server import ( "fmt" "os" + "strconv" duoapi "github.com/duosecurity/duo_api_golang" "github.com/fasthttp/router" @@ -22,10 +23,15 @@ import ( func StartServer(configuration schema.Configuration, providers middlewares.Providers) { autheliaMiddleware := middlewares.AutheliaMiddleware(configuration, providers) embeddedAssets := "/public_html" + rememberMe := strconv.FormatBool(configuration.Session.RememberMeDuration != "0") + resetPassword := strconv.FormatBool(!configuration.AuthenticationBackend.DisableResetPassword) + rootFiles := []string{"favicon.ico", "manifest.json", "robots.txt"} + serveIndexHandler := ServeIndex(embeddedAssets, configuration.Server.Path, rememberMe, resetPassword) + r := router.New() - r.GET("/", ServeIndex(embeddedAssets, configuration.Server.Path)) + r.GET("/", serveIndexHandler) for _, f := range rootFiles { r.GET("/"+f, fasthttpadaptor.NewFastHTTPHandler(br.Serve(embeddedAssets))) @@ -35,9 +41,8 @@ func StartServer(configuration schema.Configuration, providers middlewares.Provi r.GET("/api/state", autheliaMiddleware(handlers.StateGet)) - r.GET("/api/configuration", autheliaMiddleware(handlers.ConfigurationGet)) - r.GET("/api/configuration/extended", autheliaMiddleware( - middlewares.RequireFirstFactor(handlers.ExtendedConfigurationGet))) + r.GET("/api/configuration", autheliaMiddleware( + middlewares.RequireFirstFactor(handlers.ConfigurationGet))) r.GET("/api/verify", autheliaMiddleware(handlers.VerifyGet(configuration.AuthenticationBackend))) r.HEAD("/api/verify", autheliaMiddleware(handlers.VerifyGet(configuration.AuthenticationBackend))) @@ -113,7 +118,7 @@ func StartServer(configuration schema.Configuration, providers middlewares.Provi r.GET("/debug/vars", expvarhandler.ExpvarHandler) } - r.NotFound = ServeIndex(embeddedAssets, configuration.Server.Path) + r.NotFound = serveIndexHandler handler := middlewares.LogRequestMiddleware(r.Handler) if configuration.Server.Path != "" { diff --git a/internal/suites/scenario_backend_protection_test.go b/internal/suites/scenario_backend_protection_test.go index 197cedd8..c4b500a2 100644 --- a/internal/suites/scenario_backend_protection_test.go +++ b/internal/suites/scenario_backend_protection_test.go @@ -47,10 +47,7 @@ func (s *BackendProtectionScenario) TestProtectionOfBackendEndpoints() { s.AssertRequestStatusCode("POST", fmt.Sprintf("%s/api/user/info/2fa_method", AutheliaBaseURL), 403) s.AssertRequestStatusCode("GET", fmt.Sprintf("%s/api/user/info", AutheliaBaseURL), 403) - s.AssertRequestStatusCode("GET", fmt.Sprintf("%s/api/configuration/extended", AutheliaBaseURL), 403) - - // This is the global configuration, it's safe to let it open. - s.AssertRequestStatusCode("GET", fmt.Sprintf("%s/api/configuration", AutheliaBaseURL), 200) + s.AssertRequestStatusCode("GET", fmt.Sprintf("%s/api/configuration", AutheliaBaseURL), 403) s.AssertRequestStatusCode("POST", fmt.Sprintf("%s/api/secondfactor/u2f/identity/start", AutheliaBaseURL), 403) s.AssertRequestStatusCode("POST", fmt.Sprintf("%s/api/secondfactor/u2f/identity/finish", AutheliaBaseURL), 403) diff --git a/web/public/index.html b/web/public/index.html index e24d9350..4ae162c2 100644 --- a/web/public/index.html +++ b/web/public/index.html @@ -25,7 +25,7 @@ Login - Authelia - +