mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
Rename redirect query parameter into rd for compatibility with nginx-ingress
This commit is contained in:
parent
a9a14f8586
commit
48d6107b0b
|
@ -56,7 +56,7 @@
|
||||||
</li>
|
</li>
|
||||||
</ul>
|
</ul>
|
||||||
|
|
||||||
You can also log off by visiting the following <a href="https://login.example.com:8080/logout?redirect=https://home.example.com:8080/">link</a>.
|
You can also log off by visiting the following <a href="https://login.example.com:8080/logout?rd=https://home.example.com:8080/">link</a>.
|
||||||
|
|
||||||
<h1>List of users</h1>
|
<h1>List of users</h1>
|
||||||
Here is the list of credentials you can log in with to test access control.<br/>
|
Here is the list of credentials you can log in with to test access control.<br/>
|
||||||
|
@ -131,4 +131,4 @@ users:
|
||||||
- '^/users/harry/.*$'</pre>
|
- '^/users/harry/.*$'</pre>
|
||||||
</body>
|
</body>
|
||||||
|
|
||||||
</html>
|
</html>
|
||||||
|
|
|
@ -96,7 +96,7 @@ http {
|
||||||
|
|
||||||
proxy_set_header Host $http_host;
|
proxy_set_header Host $http_host;
|
||||||
|
|
||||||
error_page 401 =302 https://login.example.com:8080?redirect=$redirect;
|
error_page 401 =302 https://login.example.com:8080?rd=$redirect;
|
||||||
error_page 403 = https://login.example.com:8080/error/403;
|
error_page 403 = https://login.example.com:8080/error/403;
|
||||||
|
|
||||||
proxy_pass $upstream_endpoint;
|
proxy_pass $upstream_endpoint;
|
||||||
|
@ -113,7 +113,7 @@ http {
|
||||||
auth_request_set $groups $upstream_http_remote_groups;
|
auth_request_set $groups $upstream_http_remote_groups;
|
||||||
proxy_set_header Custom-Forwarded-Groups $groups;
|
proxy_set_header Custom-Forwarded-Groups $groups;
|
||||||
|
|
||||||
error_page 401 =302 https://login.example.com:8080?redirect=$redirect;
|
error_page 401 =302 https://login.example.com:8080?rd=$redirect;
|
||||||
error_page 403 = https://login.example.com:8080/error/403;
|
error_page 403 = https://login.example.com:8080/error/403;
|
||||||
|
|
||||||
proxy_pass $upstream_headers;
|
proxy_pass $upstream_headers;
|
||||||
|
@ -159,7 +159,7 @@ http {
|
||||||
|
|
||||||
proxy_set_header Host $http_host;
|
proxy_set_header Host $http_host;
|
||||||
|
|
||||||
error_page 401 =302 https://login.example.com:8080?redirect=$redirect;
|
error_page 401 =302 https://login.example.com:8080?rd=$redirect;
|
||||||
error_page 403 = https://login.example.com:8080/error/403;
|
error_page 403 = https://login.example.com:8080/error/403;
|
||||||
|
|
||||||
proxy_pass $upstream_endpoint;
|
proxy_pass $upstream_endpoint;
|
||||||
|
@ -205,7 +205,7 @@ http {
|
||||||
|
|
||||||
proxy_set_header Host $http_host;
|
proxy_set_header Host $http_host;
|
||||||
|
|
||||||
error_page 401 =302 https://login.example.com:8080?redirect=$redirect;
|
error_page 401 =302 https://login.example.com:8080?rd=$redirect;
|
||||||
error_page 403 = https://login.example.com:8080/error/403;
|
error_page 403 = https://login.example.com:8080/error/403;
|
||||||
|
|
||||||
proxy_pass $upstream_endpoint;
|
proxy_pass $upstream_endpoint;
|
||||||
|
@ -251,7 +251,7 @@ http {
|
||||||
|
|
||||||
proxy_set_header Host $http_host;
|
proxy_set_header Host $http_host;
|
||||||
|
|
||||||
error_page 401 =302 https://login.example.com:8080?redirect=$redirect;
|
error_page 401 =302 https://login.example.com:8080?rd=$redirect;
|
||||||
error_page 403 = https://login.example.com:8080/error/403;
|
error_page 403 = https://login.example.com:8080/error/403;
|
||||||
|
|
||||||
proxy_pass $upstream_endpoint;
|
proxy_pass $upstream_endpoint;
|
||||||
|
@ -299,7 +299,7 @@ http {
|
||||||
|
|
||||||
proxy_set_header Host $http_host;
|
proxy_set_header Host $http_host;
|
||||||
|
|
||||||
error_page 401 =302 https://login.example.com:8080?redirect=$redirect;
|
error_page 401 =302 https://login.example.com:8080?rd=$redirect;
|
||||||
error_page 403 = https://login.example.com:8080/error/403;
|
error_page 403 = https://login.example.com:8080/error/403;
|
||||||
|
|
||||||
proxy_pass $upstream_endpoint;
|
proxy_pass $upstream_endpoint;
|
||||||
|
@ -316,7 +316,7 @@ http {
|
||||||
auth_request_set $groups $upstream_http_remote_groups;
|
auth_request_set $groups $upstream_http_remote_groups;
|
||||||
proxy_set_header Custom-Forwarded-Groups $groups;
|
proxy_set_header Custom-Forwarded-Groups $groups;
|
||||||
|
|
||||||
error_page 401 =302 https://login.example.com:8080?redirect=$redirect;
|
error_page 401 =302 https://login.example.com:8080?rd=$redirect;
|
||||||
error_page 403 = https://login.example.com:8080/error/403;
|
error_page 403 = https://login.example.com:8080/error/403;
|
||||||
|
|
||||||
proxy_pass $upstream_headers;
|
proxy_pass $upstream_headers;
|
||||||
|
|
|
@ -29,7 +29,7 @@
|
||||||
</ul>
|
</ul>
|
||||||
</p>
|
</p>
|
||||||
<p>
|
<p>
|
||||||
You can always log off by clicking <a href="https://login.kube.example.com/logout?redirect=http://home.kube.example.com">here</a>
|
You can always log off by clicking <a href="https://login.kube.example.com/logout?rd=http://home.kube.example.com">here</a>
|
||||||
</p>
|
</p>
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
||||||
|
|
|
@ -7,7 +7,7 @@ metadata:
|
||||||
annotations:
|
annotations:
|
||||||
kubernetes.io/ingress.class: "nginx"
|
kubernetes.io/ingress.class: "nginx"
|
||||||
nginx.ingress.kubernetes.io/auth-url: "http://authelia-service.authelia.svc.cluster.local/api/verify"
|
nginx.ingress.kubernetes.io/auth-url: "http://authelia-service.authelia.svc.cluster.local/api/verify"
|
||||||
nginx.ingress.kubernetes.io/auth-signin: "https://login.kube.example.com?redirect=$redirect"
|
nginx.ingress.kubernetes.io/auth-signin: "https://login.kube.example.com"
|
||||||
spec:
|
spec:
|
||||||
tls:
|
tls:
|
||||||
- secretName: app2-tls
|
- secretName: app2-tls
|
||||||
|
|
|
@ -20,16 +20,16 @@ spec:
|
||||||
spec:
|
spec:
|
||||||
terminationGracePeriodSeconds: 60
|
terminationGracePeriodSeconds: 60
|
||||||
containers:
|
containers:
|
||||||
- image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.9.0-beta.19
|
- image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.13.0
|
||||||
name: nginx-ingress-controller-external
|
name: nginx-ingress-controller-external
|
||||||
imagePullPolicy: Always
|
imagePullPolicy: Always
|
||||||
ports:
|
ports:
|
||||||
- containerPort: 80
|
- containerPort: 80
|
||||||
- containerPort: 443
|
- containerPort: 443
|
||||||
volumeMounts:
|
# volumeMounts:
|
||||||
- mountPath: /etc/nginx/template
|
# - mountPath: /etc/nginx/template
|
||||||
name: nginx-template-volume
|
# name: nginx-template-volume
|
||||||
readOnly: true
|
# readOnly: true
|
||||||
env:
|
env:
|
||||||
- name: POD_NAME
|
- name: POD_NAME
|
||||||
valueFrom:
|
valueFrom:
|
||||||
|
@ -44,7 +44,7 @@ spec:
|
||||||
- --ingress-class=nginx
|
- --ingress-class=nginx
|
||||||
- --election-id=ingress-controller-leader-external
|
- --election-id=ingress-controller-leader-external
|
||||||
- --default-backend-service=$(POD_NAMESPACE)/default-http-backend
|
- --default-backend-service=$(POD_NAMESPACE)/default-http-backend
|
||||||
- --configmap=$(POD_NAMESPACE)/authelia-ingress-controller-config
|
# - --configmap=$(POD_NAMESPACE)/authelia-ingress-controller-config
|
||||||
volumes:
|
volumes:
|
||||||
- name: nginx-template-volume
|
- name: nginx-template-volume
|
||||||
configMap:
|
configMap:
|
||||||
|
|
|
@ -20,7 +20,8 @@ function redirectToSecondFactorPage(req: express.Request, res: express.Response)
|
||||||
if (!redirectUrl)
|
if (!redirectUrl)
|
||||||
res.redirect(Endpoints.SECOND_FACTOR_GET);
|
res.redirect(Endpoints.SECOND_FACTOR_GET);
|
||||||
else
|
else
|
||||||
res.redirect(Util.format("%s?redirect=%s", Endpoints.SECOND_FACTOR_GET,
|
res.redirect(Util.format("%s?%s=%s", Endpoints.SECOND_FACTOR_GET,
|
||||||
|
Constants.REDIRECT_QUERY_PARAM,
|
||||||
encodeURIComponent(redirectUrl)));
|
encodeURIComponent(redirectUrl)));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
export const REDIRECT_QUERY_PARAM = "redirect";
|
export const REDIRECT_QUERY_PARAM = "rd";
|
|
@ -2,7 +2,7 @@ Feature: User has access restricted access to domains
|
||||||
|
|
||||||
@need-registered-user-john
|
@need-registered-user-john
|
||||||
Scenario: User john has admin access
|
Scenario: User john has admin access
|
||||||
When I visit "https://login.example.com:8080?redirect=https%3A%2F%2Fhome.example.com%3A8080%2F"
|
When I visit "https://login.example.com:8080?rd=https%3A%2F%2Fhome.example.com%3A8080%2F"
|
||||||
And I login with user "john" and password "password"
|
And I login with user "john" and password "password"
|
||||||
And I use "REGISTERED" as TOTP token handle
|
And I use "REGISTERED" as TOTP token handle
|
||||||
And I click on "Sign in"
|
And I click on "Sign in"
|
||||||
|
@ -20,7 +20,7 @@ Feature: User has access restricted access to domains
|
||||||
|
|
||||||
@need-registered-user-bob
|
@need-registered-user-bob
|
||||||
Scenario: User bob has restricted access
|
Scenario: User bob has restricted access
|
||||||
When I visit "https://login.example.com:8080?redirect=https%3A%2F%2Fhome.example.com%3A8080%2F"
|
When I visit "https://login.example.com:8080?rd=https%3A%2F%2Fhome.example.com%3A8080%2F"
|
||||||
And I login with user "bob" and password "password"
|
And I login with user "bob" and password "password"
|
||||||
And I use "REGISTERED" as TOTP token handle
|
And I use "REGISTERED" as TOTP token handle
|
||||||
And I click on "Sign in"
|
And I click on "Sign in"
|
||||||
|
@ -38,7 +38,7 @@ Feature: User has access restricted access to domains
|
||||||
|
|
||||||
@need-registered-user-harry
|
@need-registered-user-harry
|
||||||
Scenario: User harry has restricted access
|
Scenario: User harry has restricted access
|
||||||
When I visit "https://login.example.com:8080?redirect=https%3A%2F%2Fhome.example.com%3A8080%2F"
|
When I visit "https://login.example.com:8080?rd=https%3A%2F%2Fhome.example.com%3A8080%2F"
|
||||||
And I login with user "harry" and password "password"
|
And I login with user "harry" and password "password"
|
||||||
And I use "REGISTERED" as TOTP token handle
|
And I use "REGISTERED" as TOTP token handle
|
||||||
And I click on "Sign in"
|
And I click on "Sign in"
|
||||||
|
|
|
@ -3,16 +3,16 @@ Feature: User is redirected when factors are already validated
|
||||||
@need-registered-user-john
|
@need-registered-user-john
|
||||||
Scenario: User has validated first factor and tries to access service protected by second factor. He is then redirect to second factor step.
|
Scenario: User has validated first factor and tries to access service protected by second factor. He is then redirect to second factor step.
|
||||||
When I visit "https://single_factor.example.com:8080/secret.html"
|
When I visit "https://single_factor.example.com:8080/secret.html"
|
||||||
And I'm redirected to "https://login.example.com:8080/?redirect=https%3A%2F%2Fsingle_factor.example.com%3A8080%2Fsecret.html"
|
And I'm redirected to "https://login.example.com:8080/?rd=https%3A%2F%2Fsingle_factor.example.com%3A8080%2Fsecret.html"
|
||||||
And I login with user "john" and password "password"
|
And I login with user "john" and password "password"
|
||||||
And I'm redirected to "https://single_factor.example.com:8080/secret.html"
|
And I'm redirected to "https://single_factor.example.com:8080/secret.html"
|
||||||
And I visit "https://public.example.com:8080/secret.html"
|
And I visit "https://public.example.com:8080/secret.html"
|
||||||
Then I'm redirected to "https://login.example.com:8080/secondfactor?redirect=https%3A%2F%2Fpublic.example.com%3A8080%2Fsecret.html"
|
Then I'm redirected to "https://login.example.com:8080/secondfactor?rd=https%3A%2F%2Fpublic.example.com%3A8080%2Fsecret.html"
|
||||||
|
|
||||||
@need-registered-user-john
|
@need-registered-user-john
|
||||||
Scenario: User who has validated second factor and access auth portal should be redirected to "Already logged in page" and redirected to default URL declared in configuration
|
Scenario: User who has validated second factor and access auth portal should be redirected to "Already logged in page" and redirected to default URL declared in configuration
|
||||||
When I visit "https://public.example.com:8080/secret.html"
|
When I visit "https://public.example.com:8080/secret.html"
|
||||||
And I'm redirected to "https://login.example.com:8080/?redirect=https%3A%2F%2Fpublic.example.com%3A8080%2Fsecret.html"
|
And I'm redirected to "https://login.example.com:8080/?rd=https%3A%2F%2Fpublic.example.com%3A8080%2Fsecret.html"
|
||||||
And I login with user "john" and password "password"
|
And I login with user "john" and password "password"
|
||||||
And I use "REGISTERED" as TOTP token handle
|
And I use "REGISTERED" as TOTP token handle
|
||||||
And I click on "Sign in"
|
And I click on "Sign in"
|
||||||
|
@ -25,10 +25,10 @@ Feature: User is redirected when factors are already validated
|
||||||
@need-registered-user-john
|
@need-registered-user-john
|
||||||
Scenario: User who has validated second factor and access auth portal with rediction param should be redirected to that URL
|
Scenario: User who has validated second factor and access auth portal with rediction param should be redirected to that URL
|
||||||
When I visit "https://public.example.com:8080/secret.html"
|
When I visit "https://public.example.com:8080/secret.html"
|
||||||
And I'm redirected to "https://login.example.com:8080/?redirect=https%3A%2F%2Fpublic.example.com%3A8080%2Fsecret.html"
|
And I'm redirected to "https://login.example.com:8080/?rd=https%3A%2F%2Fpublic.example.com%3A8080%2Fsecret.html"
|
||||||
And I login with user "john" and password "password"
|
And I login with user "john" and password "password"
|
||||||
And I use "REGISTERED" as TOTP token handle
|
And I use "REGISTERED" as TOTP token handle
|
||||||
And I click on "Sign in"
|
And I click on "Sign in"
|
||||||
And I'm redirected to "https://public.example.com:8080/secret.html"
|
And I'm redirected to "https://public.example.com:8080/secret.html"
|
||||||
And I visit "https://login.example.com:8080?redirect=https://public.example.com:8080/secret.html"
|
And I visit "https://login.example.com:8080?rd=https://public.example.com:8080/secret.html"
|
||||||
Then I'm redirected to "https://public.example.com:8080/secret.html"
|
Then I'm redirected to "https://public.example.com:8080/secret.html"
|
||||||
|
|
|
@ -5,5 +5,5 @@ Feature: Generic tests on Authelia endpoints
|
||||||
Then I get error code 401
|
Then I get error code 401
|
||||||
|
|
||||||
Scenario: /api/verify redirects when redirect parameter is provided
|
Scenario: /api/verify redirects when redirect parameter is provided
|
||||||
When I query "https://authelia.example.com:8080/api/verify?redirect=http://login.example.com:8080"
|
When I query "https://authelia.example.com:8080/api/verify?rd=http://login.example.com:8080"
|
||||||
Then I get redirected to "http://login.example.com:8080"
|
Then I get redirected to "http://login.example.com:8080"
|
|
@ -19,7 +19,7 @@ Feature: Authentication scenarii
|
||||||
And I login with user "john" and password "password"
|
And I login with user "john" and password "password"
|
||||||
And I register a TOTP secret called "Sec0"
|
And I register a TOTP secret called "Sec0"
|
||||||
When I visit "https://admin.example.com:8080/secret.html"
|
When I visit "https://admin.example.com:8080/secret.html"
|
||||||
And I'm redirected to "https://login.example.com:8080/?redirect=https%3A%2F%2Fadmin.example.com%3A8080%2Fsecret.html"
|
And I'm redirected to "https://login.example.com:8080/?rd=https%3A%2F%2Fadmin.example.com%3A8080%2Fsecret.html"
|
||||||
And I login with user "john" and password "password"
|
And I login with user "john" and password "password"
|
||||||
And I use "Sec0" as TOTP token handle
|
And I use "Sec0" as TOTP token handle
|
||||||
And I click on "Sign in"
|
And I click on "Sign in"
|
||||||
|
@ -27,12 +27,12 @@ Feature: Authentication scenarii
|
||||||
|
|
||||||
Scenario: User fails TOTP second factor
|
Scenario: User fails TOTP second factor
|
||||||
When I visit "https://admin.example.com:8080/secret.html"
|
When I visit "https://admin.example.com:8080/secret.html"
|
||||||
And I'm redirected to "https://login.example.com:8080/?redirect=https%3A%2F%2Fadmin.example.com%3A8080%2Fsecret.html"
|
And I'm redirected to "https://login.example.com:8080/?rd=https%3A%2F%2Fadmin.example.com%3A8080%2Fsecret.html"
|
||||||
And I login with user "john" and password "password"
|
And I login with user "john" and password "password"
|
||||||
And I use "BADTOKEN" as TOTP token
|
And I use "BADTOKEN" as TOTP token
|
||||||
And I click on "Sign in"
|
And I click on "Sign in"
|
||||||
Then I get a notification of type "error" with message "Authentication failed. Have you already registered your secret?"
|
Then I get a notification of type "error" with message "Authentication failed. Have you already registered your secret?"
|
||||||
|
|
||||||
Scenario: Logout redirects user to redirect URL given in parameter
|
Scenario: Logout redirects user to redirect URL given in parameter
|
||||||
When I visit "https://login.example.com:8080/logout?redirect=https://home.example.com:8080/"
|
When I visit "https://login.example.com:8080/logout?rd=https://home.example.com:8080/"
|
||||||
Then I'm redirected to "https://home.example.com:8080/"
|
Then I'm redirected to "https://home.example.com:8080/"
|
||||||
|
|
|
@ -2,7 +2,7 @@ Feature: User is correctly redirected
|
||||||
|
|
||||||
Scenario: User is redirected to authelia when he is not authenticated
|
Scenario: User is redirected to authelia when he is not authenticated
|
||||||
When I visit "https://public.example.com:8080"
|
When I visit "https://public.example.com:8080"
|
||||||
Then I'm redirected to "https://login.example.com:8080/?redirect=https%3A%2F%2Fpublic.example.com%3A8080%2F"
|
Then I'm redirected to "https://login.example.com:8080/?rd=https%3A%2F%2Fpublic.example.com%3A8080%2F"
|
||||||
|
|
||||||
@need-registered-user-john
|
@need-registered-user-john
|
||||||
Scenario: User is redirected to home page after several authentication tries
|
Scenario: User is redirected to home page after several authentication tries
|
||||||
|
@ -22,7 +22,7 @@ Feature: User is correctly redirected
|
||||||
|
|
||||||
Scenario: Redirection URL is propagated from restricted page to first factor
|
Scenario: Redirection URL is propagated from restricted page to first factor
|
||||||
When I visit "https://public.example.com:8080/secret.html"
|
When I visit "https://public.example.com:8080/secret.html"
|
||||||
Then I'm redirected to "https://login.example.com:8080/?redirect=https%3A%2F%2Fpublic.example.com%3A8080%2Fsecret.html"
|
Then I'm redirected to "https://login.example.com:8080/?rd=https%3A%2F%2Fpublic.example.com%3A8080%2Fsecret.html"
|
||||||
|
|
||||||
Scenario: Redirection URL is propagated from first factor to second factor
|
Scenario: Redirection URL is propagated from first factor to second factor
|
||||||
Given I visit "https://login.example.com:8080/"
|
Given I visit "https://login.example.com:8080/"
|
||||||
|
@ -30,7 +30,7 @@ Feature: User is correctly redirected
|
||||||
And I register a TOTP secret called "Sec0"
|
And I register a TOTP secret called "Sec0"
|
||||||
When I visit "https://public.example.com:8080/secret.html"
|
When I visit "https://public.example.com:8080/secret.html"
|
||||||
And I login with user "john" and password "password"
|
And I login with user "john" and password "password"
|
||||||
Then I'm redirected to "https://login.example.com:8080/secondfactor?redirect=https%3A%2F%2Fpublic.example.com%3A8080%2Fsecret.html"
|
Then I'm redirected to "https://login.example.com:8080/secondfactor?rd=https%3A%2F%2Fpublic.example.com%3A8080%2Fsecret.html"
|
||||||
|
|
||||||
Scenario: Redirection URL is used to send user from second factor to target page
|
Scenario: Redirection URL is used to send user from second factor to target page
|
||||||
Given I visit "https://login.example.com:8080/"
|
Given I visit "https://login.example.com:8080/"
|
||||||
|
|
|
@ -20,7 +20,7 @@ Feature: Authelia regulates authentication to avoid brute force
|
||||||
|
|
||||||
@need-registered-user-blackhat
|
@need-registered-user-blackhat
|
||||||
Scenario: User is unbanned after a configured amount of time
|
Scenario: User is unbanned after a configured amount of time
|
||||||
Given I visit "https://login.example.com:8080/?redirect=https%3A%2F%2Fpublic.example.com%3A8080%2Fsecret.html"
|
Given I visit "https://login.example.com:8080/?rd=https%3A%2F%2Fpublic.example.com%3A8080%2Fsecret.html"
|
||||||
And I set field "username" to "blackhat"
|
And I set field "username" to "blackhat"
|
||||||
And I set field "password" to "bad-password"
|
And I set field "password" to "bad-password"
|
||||||
And I click on "Sign in"
|
And I click on "Sign in"
|
||||||
|
|
|
@ -8,7 +8,7 @@ Feature: Authelia keeps user sessions despite the application restart
|
||||||
@need-registered-user-john
|
@need-registered-user-john
|
||||||
Scenario: Secrets are stored even when Authelia restarts
|
Scenario: Secrets are stored even when Authelia restarts
|
||||||
When the application restarts
|
When the application restarts
|
||||||
And I visit "https://admin.example.com:8080/secret.html" and get redirected "https://login.example.com:8080/?redirect=https%3A%2F%2Fadmin.example.com%3A8080%2Fsecret.html"
|
And I visit "https://admin.example.com:8080/secret.html" and get redirected "https://login.example.com:8080/?rd=https%3A%2F%2Fadmin.example.com%3A8080%2Fsecret.html"
|
||||||
And I login with user "john" and password "password"
|
And I login with user "john" and password "password"
|
||||||
And I use "REGISTERED" as TOTP token handle
|
And I use "REGISTERED" as TOTP token handle
|
||||||
And I click on "Sign in"
|
And I click on "Sign in"
|
||||||
|
|
|
@ -6,7 +6,7 @@ Feature: Session is closed after a certain amount of time
|
||||||
Given I have access to "https://public.example.com:8080/secret.html"
|
Given I have access to "https://public.example.com:8080/secret.html"
|
||||||
When I sleep for 6 seconds
|
When I sleep for 6 seconds
|
||||||
And I visit "https://public.example.com:8080/secret.html"
|
And I visit "https://public.example.com:8080/secret.html"
|
||||||
Then I'm redirected to "https://login.example.com:8080/?redirect=https%3A%2F%2Fpublic.example.com%3A8080%2Fsecret.html"
|
Then I'm redirected to "https://login.example.com:8080/?rd=https%3A%2F%2Fpublic.example.com%3A8080%2Fsecret.html"
|
||||||
|
|
||||||
@need-authenticated-user-john
|
@need-authenticated-user-john
|
||||||
Scenario: An authenticated user is disconnected after session expiration period
|
Scenario: An authenticated user is disconnected after session expiration period
|
||||||
|
@ -17,4 +17,4 @@ Feature: Session is closed after a certain amount of time
|
||||||
And I visit "https://public.example.com:8080/secret.html"
|
And I visit "https://public.example.com:8080/secret.html"
|
||||||
And I sleep for 4 seconds
|
And I sleep for 4 seconds
|
||||||
And I visit "https://public.example.com:8080/secret.html"
|
And I visit "https://public.example.com:8080/secret.html"
|
||||||
Then I'm redirected to "https://login.example.com:8080/?redirect=https%3A%2F%2Fpublic.example.com%3A8080%2Fsecret.html"
|
Then I'm redirected to "https://login.example.com:8080/?rd=https%3A%2F%2Fpublic.example.com%3A8080%2Fsecret.html"
|
|
@ -1,14 +1,14 @@
|
||||||
Feature: User can access certain subdomains with single factor
|
Feature: User can access certain subdomains with single factor
|
||||||
|
|
||||||
Scenario: User is redirected to service after first factor if allowed
|
Scenario: User is redirected to service after first factor if allowed
|
||||||
When I visit "https://login.example.com:8080/?redirect=https%3A%2F%2Fsingle_factor.example.com%3A8080%2Fsecret.html"
|
When I visit "https://login.example.com:8080/?rd=https%3A%2F%2Fsingle_factor.example.com%3A8080%2Fsecret.html"
|
||||||
And I login with user "john" and password "password"
|
And I login with user "john" and password "password"
|
||||||
Then I'm redirected to "https://single_factor.example.com:8080/secret.html"
|
Then I'm redirected to "https://single_factor.example.com:8080/secret.html"
|
||||||
|
|
||||||
Scenario: Redirection after first factor fails if single_factor not allowed. It redirects user to first factor.
|
Scenario: Redirection after first factor fails if single_factor not allowed. It redirects user to first factor.
|
||||||
When I visit "https://login.example.com:8080/?redirect=https%3A%2F%2Fadmin.example.com%3A8080%2Fsecret.html"
|
When I visit "https://login.example.com:8080/?rd=https%3A%2F%2Fadmin.example.com%3A8080%2Fsecret.html"
|
||||||
And I login with user "john" and password "password"
|
And I login with user "john" and password "password"
|
||||||
Then I'm redirected to "https://login.example.com:8080/?redirect=https%3A%2F%2Fadmin.example.com%3A8080%2Fsecret.html"
|
Then I'm redirected to "https://login.example.com:8080/?rd=https%3A%2F%2Fadmin.example.com%3A8080%2Fsecret.html"
|
||||||
|
|
||||||
Scenario: User can login using basic authentication
|
Scenario: User can login using basic authentication
|
||||||
When I request "https://single_factor.example.com:8080/secret.html" with username "john" and password "password" using basic authentication
|
When I request "https://single_factor.example.com:8080/secret.html" with username "john" and password "password" using basic authentication
|
||||||
|
|
|
@ -3,7 +3,7 @@ Feature: Server is configured as a single factor only server
|
||||||
|
|
||||||
@need-registered-user-john
|
@need-registered-user-john
|
||||||
Scenario: User is redirected to service after first factor if allowed
|
Scenario: User is redirected to service after first factor if allowed
|
||||||
When I visit "https://login.example.com:8080/?redirect=https%3A%2F%2Fpublic.example.com%3A8080%2Fsecret.html"
|
When I visit "https://login.example.com:8080/?rd=https%3A%2F%2Fpublic.example.com%3A8080%2Fsecret.html"
|
||||||
And I login with user "john" and password "password"
|
And I login with user "john" and password "password"
|
||||||
Then I'm redirected to "https://public.example.com:8080/secret.html"
|
Then I'm redirected to "https://public.example.com:8080/secret.html"
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user