techies/authelia
1
0
Fork 0
mirror of https://github.com/0rangebananaspy/authelia.git synced 2024-09-14 22:47:21 +07:00
Code Issues Projects Releases Wiki Activity

Remove _auth query path and update nginx config so that every authentication request is proxified under /auth/

Browse Source
This commit is contained in:
Clement Michaud 2017-01-21 20:33:55 +01:00
parent 8b4339f8da
commit 631b201229
6 changed files with 32 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
nginx_conf/nginx.conf
View File

@ -37,16 +37,6 @@ http {
return 302 https://localhost:8080/auth/login?redirect=$request_uri;
}
location = /verify {
internal;
# proxy_pass_request_body off;
proxy_set_header X-Original-URI $request_uri;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://auth/_verify;
}
location /auth/ {
proxy_set_header X-Original-URI $request_uri;
proxy_set_header Host $http_host;
@ -56,7 +46,7 @@ http {
}
location = /secret.html {
auth_request /verify;
auth_request /auth/verify;
auth_request_set $user $upstream_http_x_remote_user;
proxy_set_header X-Forwarded-User $user;

14
src/lib/server.js
View File

@ -51,15 +51,15 @@ function run(config, ldap_client, u2f, fn) {
app.get ('/login', routes.login);
app.get ('/logout', routes.logout);
app.get ('/_verify', routes.verify);
app.get ('/verify', routes.verify);
app.post ('/_auth/1stfactor', routes.first_factor);
app.post ('/_auth/2ndfactor/totp', routes.second_factor.totp);
app.post ('/1stfactor', routes.first_factor);
app.post ('/2ndfactor/totp', routes.second_factor.totp);
app.get ('/_auth/2ndfactor/u2f/register_request', routes.second_factor.u2f.register_request);
app.post ('/_auth/2ndfactor/u2f/register', routes.second_factor.u2f.register);
app.get ('/_auth/2ndfactor/u2f/sign_request', routes.second_factor.u2f.sign_request);
app.post ('/_auth/2ndfactor/u2f/sign', routes.second_factor.u2f.sign);
app.get ('/2ndfactor/u2f/register_request', routes.second_factor.u2f.register_request);
app.post ('/2ndfactor/u2f/register', routes.second_factor.u2f.register);
app.get ('/2ndfactor/u2f/sign_request', routes.second_factor.u2f.sign_request);
app.post ('/2ndfactor/u2f/sign', routes.second_factor.u2f.sign);
return app.listen(config.port, function(err) {
console.log('Listening on %d...', config.port);

12
src/public_html/login.js
View File

@ -79,7 +79,7 @@ function finishSecondFactorU2f(url, responseData, fn) {
}
function startSecondFactorU2fSigning(fn, timeout) {
$.get('/auth/_auth/2ndfactor/u2f/sign_request', {}, null, 'json')
$.get('/auth/2ndfactor/u2f/sign_request', {}, null, 'json')
.done(function(signResponse) {
var registeredKeys = signResponse.registeredKeys;
$.notify('Please touch the token', 'information');
@ -101,7 +101,7 @@ function startSecondFactorU2fSigning(fn, timeout) {
fn(response);
} else {
// response['sessionId'] = sessionIds[response.keyHandle];
finishSecondFactorU2f('/auth/_auth/2ndfactor/u2f/sign', response, fn);
finishSecondFactorU2f('/auth/2ndfactor/u2f/sign', response, fn);
}
},
timeout
@ -113,7 +113,7 @@ function startSecondFactorU2fSigning(fn, timeout) {
}
function startSecondFactorU2fRegister(fn, timeout) {
$.get('/auth/_auth/2ndfactor/u2f/register_request', {}, null, 'json')
$.get('/auth/2ndfactor/u2f/register_request', {}, null, 'json')
.done(function(startRegisterResponse) {
console.log(startRegisterResponse);
$.notify('Please touch the token', 'information');
@ -126,7 +126,7 @@ function startSecondFactorU2fRegister(fn, timeout) {
fn(response.errorCode);
} else {
// response['sessionId'] = startRegisterResponse.clientData;
finishSecondFactorU2f('/auth/_auth/2ndfactor/u2f/register', response, fn);
finishSecondFactorU2f('/auth/2ndfactor/u2f/register', response, fn);
}
},
timeout
@ -135,7 +135,7 @@ function startSecondFactorU2fRegister(fn, timeout) {
}
function validateSecondFactorTotp(token, fn) {
$.post('/auth/_auth/2ndfactor/totp', {
$.post('/auth/2ndfactor/totp', {
token: token,
})
.done(function() {
@ -148,7 +148,7 @@ function validateSecondFactorTotp(token, fn) {
function validateFirstFactor(username, password, fn) {
$.post('/auth/_auth/1stfactor', {
$.post('/auth/1stfactor', {
username: username,
password: password,
})

6
test/integration/test_server.js
View File

@ -62,7 +62,7 @@ describe('test the server', function() {
});
it('should fail the first_factor login', function() {
return postPromised(BASE_URL + '/auth/_auth/1stfactor', {
return postPromised(BASE_URL + '/auth/1stfactor', {
form: {
username: 'admin',
password: 'bad_password'
@ -80,7 +80,7 @@ describe('test the server', function() {
encoding: 'base32'
});
return postPromised(BASE_URL + '/auth/_auth/1stfactor', {
return postPromised(BASE_URL + '/auth/1stfactor', {
form: {
username: 'admin',
password: 'password',
@ -88,7 +88,7 @@ describe('test the server', function() {
})
.then(function(response) {
assert.equal(response.statusCode, 204);
return postPromised(BASE_URL + '/auth/_auth/2ndfactor/totp', {
return postPromised(BASE_URL + '/auth/2ndfactor/totp', {
form: { token: token }
});
})

10
test/unitary/test_data_persistence.js
View File

@ -118,7 +118,7 @@ describe('test data persistence', function() {
function execute_first_factor(jar) {
return request.postAsync({
url: BASE_URL + '/_auth/1stfactor',
url: BASE_URL + '/1stfactor',
jar: jar,
form: {
username: 'test_ok',
@ -129,12 +129,12 @@ describe('test data persistence', function() {
function execute_u2f_registration(jar) {
return request.getAsync({
url: BASE_URL + '/_auth/2ndfactor/u2f/register_request',
url: BASE_URL + '/2ndfactor/u2f/register_request',
jar: jar
})
.then(function(res) {
return request.postAsync({
url: BASE_URL + '/_auth/2ndfactor/u2f/register',
url: BASE_URL + '/2ndfactor/u2f/register',
jar: jar,
form: {
s: 'test'
@ -145,12 +145,12 @@ describe('test data persistence', function() {
function execute_u2f_authentication(jar) {
return request.getAsync({
url: BASE_URL + '/_auth/2ndfactor/u2f/sign_request',
url: BASE_URL + '/2ndfactor/u2f/sign_request',
jar: jar
})
.then(function() {
return request.postAsync({
url: BASE_URL + '/_auth/2ndfactor/u2f/sign',
url: BASE_URL + '/2ndfactor/u2f/sign',
jar: jar,
form: {
s: 'test'

20
test/unitary/test_server.js
View File

@ -81,7 +81,7 @@ describe('test the server', function() {
function test_authentication() {
it('should return status code 401 when user is not authenticated', function() {
return request.getAsync({ url: BASE_URL + '/_verify' })
return request.getAsync({ url: BASE_URL + '/verify' })
.then(function(response) {
assert.equal(response.statusCode, 401);
return Promise.resolve();
@ -98,7 +98,7 @@ describe('test the server', function() {
.then(function(res) {
assert.equal(res.statusCode, 200, 'get login page failed');
return request.postAsync({
url: BASE_URL + '/_auth/1stfactor',
url: BASE_URL + '/1stfactor',
jar: j,
form: {
username: 'test_ok',
@ -109,7 +109,7 @@ describe('test the server', function() {
.then(function(res) {
assert.equal(res.statusCode, 204, 'first factor failed');
return request.postAsync({
url: BASE_URL + '/_auth/2ndfactor/totp',
url: BASE_URL + '/2ndfactor/totp',
jar: j,
form: {
token: real_token
@ -118,7 +118,7 @@ describe('test the server', function() {
})
.then(function(res) {
assert.equal(res.statusCode, 204, 'second factor failed');
return request.getAsync({ url: BASE_URL + '/_verify', jar: j })
return request.getAsync({ url: BASE_URL + '/verify', jar: j })
})
.then(function(res) {
assert.equal(res.statusCode, 204, 'verify failed');
@ -141,7 +141,7 @@ describe('test the server', function() {
.then(function(res) {
assert.equal(res.statusCode, 200, 'get login page failed');
return request.postAsync({
url: BASE_URL + '/_auth/1stfactor',
url: BASE_URL + '/1stfactor',
jar: j,
form: {
username: 'test_ok',
@ -152,14 +152,14 @@ describe('test the server', function() {
.then(function(res) {
assert.equal(res.statusCode, 204, 'first factor failed');
return request.getAsync({
url: BASE_URL + '/_auth/2ndfactor/u2f/register_request',
url: BASE_URL + '/2ndfactor/u2f/register_request',
jar: j
});
})
.then(function(res) {
assert.equal(res.statusCode, 200, 'second factor, start register failed');
return request.postAsync({
url: BASE_URL + '/_auth/2ndfactor/u2f/register',
url: BASE_URL + '/2ndfactor/u2f/register',
jar: j,
form: {
s: 'test'
@ -169,14 +169,14 @@ describe('test the server', function() {
.then(function(res) {
assert.equal(res.statusCode, 204, 'second factor, finish register failed');
return request.getAsync({
url: BASE_URL + '/_auth/2ndfactor/u2f/sign_request',
url: BASE_URL + '/2ndfactor/u2f/sign_request',
jar: j
});
})
.then(function(res) {
assert.equal(res.statusCode, 200, 'second factor, start sign failed');
return request.postAsync({
url: BASE_URL + '/_auth/2ndfactor/u2f/sign',
url: BASE_URL + '/2ndfactor/u2f/sign',
jar: j,
form: {
s: 'test'
@ -185,7 +185,7 @@ describe('test the server', function() {
})
.then(function(res) {
assert.equal(res.statusCode, 204, 'second factor, finish sign failed');
return request.getAsync({ url: BASE_URL + '/_verify', jar: j })
return request.getAsync({ url: BASE_URL + '/verify', jar: j })
})
.then(function(res) {
assert.equal(res.statusCode, 204, 'verify failed');