Remove tests with dockerhub image.

This commit is contained in:
Clement Michaud 2019-06-28 22:01:00 +02:00 committed by Clément Michaud
parent 21d55a027d
commit 4979f2bd2d
4 changed files with 0 additions and 339 deletions

View File

@ -1,13 +0,0 @@
# Dockerhub suite
This suite is made to quickly test that the Docker image of Authelia runs properly when spawned.
It can also be used for you to test Authelia without building it since the latest image will be
pulled from Dockerhub.
## Components
This suite will spawn an highly-available setup with nginx, mongo, redis, OpenLDAP, etc...
## Tests
Check if the image runs and does not crash unexpectedly and do a simple authentication with 2FA.

View File

@ -1,262 +0,0 @@
###############################################################
# Authelia configuration #
###############################################################
# The port to listen on
port: 9091
# Log level
#
# Level of verbosity for logs
logs_level: debug
# Default redirection URL
#
# If user tries to authenticate without any referer, Authelia
# does not know where to redirect the user to at the end of the
# authentication process.
# This parameter allows you to specify the default redirection
# URL Authelia will use in such a case.
#
# Note: this parameter is optional. If not provided, user won't
# be redirected upon successful authentication.
default_redirection_url: https://home.example.com:8080/
# TOTP Issuer Name
#
# This will be the issuer name displayed in Google Authenticator
# See: https://github.com/google/google-authenticator/wiki/Key-Uri-Format for more info on issuer names
totp:
issuer: authelia.com
# The authentication backend to use for verifying user passwords
# and retrieve information such as email address and groups
# users belong to.
#
# There are two supported backends: `ldap` and `file`.
authentication_backend:
# LDAP backend configuration.
#
# This backend allows Authelia to be scaled to more
# than one instance and therefore is recommended for
# production.
ldap:
# The url of the ldap server
url: ldap://openldap
# The base dn for every entries
base_dn: dc=example,dc=com
# An additional dn to define the scope to all users
additional_users_dn: ou=users
# The users filter used to find the user DN
# {0} is a matcher replaced by username.
# 'cn={0}' by default.
users_filter: cn={0}
# An additional dn to define the scope of groups
additional_groups_dn: ou=groups
# The groups filter used for retrieving groups of a given user.
# {0} is a matcher replaced by username.
# {dn} is a matcher replaced by user DN.
# 'member={dn}' by default.
groups_filter: (&(member={dn})(objectclass=groupOfNames))
# The attribute holding the name of the group
group_name_attribute: cn
# The attribute holding the mail address of the user
mail_attribute: mail
# The username and password of the admin user.
user: cn=admin,dc=example,dc=com
password: password
# File backend configuration.
#
# With this backend, the users database is stored in a file
# which is updated when users reset their passwords.
# Therefore, this backend is meant to be used in a dev environment
# and not in production since it prevents Authelia to be scaled to
# more than one instance.
#
## file:
## path: ./users_database.yml
# Access Control
#
# Access control is a list of rules defining the authorizations applied for one
# resource to users or group of users.
#
# If 'access_control' is not defined, ACL rules are disabled and the `bypass`
# rule is applied, i.e., access is allowed to anyone. Otherwise restrictions follow
# the rules defined.
#
# Note: One can use the wildcard * to match any subdomain.
# It must stand at the beginning of the pattern. (example: *.mydomain.com)
#
# Note: You must put patterns containing wildcards between simple quotes for the YAML
# to be syntaxically correct.
#
# Definition: A `rule` is an object with the following keys: `domain`, `subject`,
# `policy` and `resources`.
#
# - `domain` defines which domain or set of domains the rule applies to.
#
# - `subject` defines the subject to apply authorizations to. This parameter is
# optional and matching any user if not provided. If provided, the parameter
# represents either a user or a group. It should be of the form 'user:<username>'
# or 'group:<groupname>'.
#
# - `policy` is the policy to apply to resources. It must be either `bypass`,
# `one_factor`, `two_factor` or `deny`.
#
# - `resources` is a list of regular expressions that matches a set of resources to
# apply the policy to. This parameter is optional and matches any resource if not
# provided.
#
# Note: the order of the rules is important. The first policy matching
# (domain, resource, subject) applies.
access_control:
# Default policy can either be `bypass`, `one_factor`, `two_factor` or `deny`.
# It is the policy applied to any resource if there is no policy to be applied
# to the user.
default_policy: deny
rules:
# Rules applied to everyone
- domain: public.example.com
policy: two_factor
- domain: singlefactor.example.com
policy: one_factor
# Rules applied to 'admin' group
- domain: 'mx2.mail.example.com'
subject: 'group:admin'
policy: deny
- domain: '*.example.com'
subject: 'group:admin'
policy: two_factor
# Rules applied to 'dev' group
- domain: dev.example.com
resources:
- '^/groups/dev/.*$'
subject: 'group:dev'
policy: two_factor
# Rules applied to user 'john'
- domain: dev.example.com
resources:
- '^/users/john/.*$'
subject: 'user:john'
policy: two_factor
# Rules applied to user 'harry'
- domain: dev.example.com
resources:
- '^/users/harry/.*$'
subject: 'user:harry'
policy: two_factor
# Rules applied to user 'bob'
- domain: '*.mail.example.com'
subject: 'user:bob'
policy: two_factor
- domain: 'dev.example.com'
resources:
- '^/users/bob/.*$'
subject: 'user:bob'
policy: two_factor
# Configuration of session cookies
#
# The session cookies identify the user once logged in.
session:
# The name of the session cookie. (default: authelia_session).
name: authelia_session
# The secret to encrypt the session cookie.
secret: unsecure_session_secret
# The time in ms before the cookie expires and session is reset.
expiration: 3600000 # 1 hour
# The inactivity time in ms before the session is reset.
inactivity: 300000 # 5 minutes
# The domain to protect.
# Note: the authenticator must also be in that domain. If empty, the cookie
# is restricted to the subdomain of the issuer.
domain: example.com
# The redis connection details
redis:
host: redis
port: 6379
password: authelia
# Configuration of the authentication regulation mechanism.
#
# This mechanism prevents attackers from brute forcing the first factor.
# It bans the user if too many attempts are done in a short period of
# time.
regulation:
# The number of failed login attempts before user is banned.
# Set it to 0 to disable regulation.
max_retries: 3
# The time range during which the user can attempt login before being banned.
# The user is banned if the authenticaction failed `max_retries` times in a `find_time` seconds window.
find_time: 15
# The length of time before a banned user can login again.
ban_time: 5
# Configuration of the storage backend used to store data and secrets.
#
# You must use only an available configuration: local, mongo
storage:
# The directory where the DB files will be saved
## local:
## path: /var/lib/authelia/store
# Settings to connect to mongo server
mongo:
url: mongodb://mongo
database: authelia
auth:
username: authelia
password: authelia
# Configuration of the notification system.
#
# Notifications are sent to users when they require a password reset, a u2f
# registration or a TOTP registration.
# Use only an available configuration: filesystem, gmail
notifier:
# For testing purpose, notifications can be sent in a file
## filesystem:
## filename: /tmp/authelia/notification.txt
# Use your email account to send the notifications. You can use an app password.
# List of valid services can be found here: https://nodemailer.com/smtp/well-known/
## email:
## username: user@example.com
## password: yourpassword
## sender: admin@example.com
## service: gmail
# Use a SMTP server for sending notifications
smtp:
username: test
password: password
secure: false
host: smtp
port: 1025
sender: admin@example.com

View File

@ -1,37 +0,0 @@
import DockerEnvironment from "../../helpers/context/DockerEnvironment";
import { exec } from "../../helpers/utils/exec";
const composeFiles = [
'docker-compose.yml',
'example/compose/authelia/docker-compose.dockerhub.yml',
'example/compose/mongo/docker-compose.yml',
'example/compose/redis/docker-compose.yml',
'example/compose/nginx/backend/docker-compose.yml',
'example/compose/nginx/portal/docker-compose.yml',
'example/compose/smtp/docker-compose.yml',
'example/compose/httpbin/docker-compose.yml',
'example/compose/ldap/docker-compose.admin.yml', // This is just used for administration, not for testing.
'example/compose/ldap/docker-compose.yml'
]
const dockerEnv = new DockerEnvironment(composeFiles);
async function setup() {
await exec('./example/compose/nginx/portal/render.js --production http://authelia:9091');
await dockerEnv.start();
}
async function teardown() {
await dockerEnv.stop();
}
const setup_timeout = 30000;
const teardown_timeout = 30000;
export {
setup,
setup_timeout,
teardown,
teardown_timeout,
composeFiles
};

View File

@ -1,27 +0,0 @@
import AutheliaSuite from '../../helpers/context/AutheliaSuite';
import DockerCompose from '../../helpers/context/DockerCompose';
import { composeFiles } from './environment';
import Assert from 'assert';
import SingleFactorAuthentication from '../../helpers/scenarii/SingleFactorAuthentication';
import TwoFactorAuthentication from '../../helpers/scenarii/TwoFactorAuthentication';
AutheliaSuite(__dirname, function() {
this.timeout(15000);
const dockerCompose = new DockerCompose(composeFiles);
describe('Check the container', function() {
it('should be running', async function() {
const stdout = await dockerCompose.ps();
const lines = stdout.split("\n");
const autheliaLine = lines.filter(l => l.indexOf('authelia_1') > -1);
if (autheliaLine.length != 1) {
throw new Error('Authelia container not found...');
}
// check if the container is up.
Assert(autheliaLine[0].indexOf(' Up ') > -1);
});
});
describe('Single-factor authentication', SingleFactorAuthentication())
describe('Two-factor authentication', TwoFactorAuthentication());
});