techies/authelia
1
0
Fork 0
mirror of https://github.com/0rangebananaspy/authelia.git synced 2024-09-14 22:47:21 +07:00
Code Issues Projects Releases Wiki Activity

Remove _auth query path and update nginx config so that every authentication request is proxified under /auth/

Browse Source
This commit is contained in:
Clement Michaud 2017-01-21 20:33:55 +01:00
parent 8b4339f8da
commit 631b201229
6 changed files with 32 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
nginx_conf/nginx.conf
View File

@ -37,16 +37,6 @@ http {
return 302 https://localhost:8080/auth/login?redirect=$request_uri; return 302 https://localhost:8080/auth/login?redirect=$request_uri;
} }
location = /verify {
internal;
# proxy_pass_request_body off;
proxy_set_header X-Original-URI $request_uri;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://auth/_verify;
}
location /auth/ { location /auth/ {
proxy_set_header X-Original-URI $request_uri; proxy_set_header X-Original-URI $request_uri;
proxy_set_header Host $http_host; proxy_set_header Host $http_host;
@ -56,7 +46,7 @@ http {
} }
location = /secret.html { location = /secret.html {
auth_request /verify; auth_request /auth/verify;
auth_request_set $user $upstream_http_x_remote_user; auth_request_set $user $upstream_http_x_remote_user;
proxy_set_header X-Forwarded-User $user; proxy_set_header X-Forwarded-User $user;

14
src/lib/server.js
View File

@ -51,15 +51,15 @@ function run(config, ldap_client, u2f, fn) {
app.get ('/login', routes.login); app.get ('/login', routes.login);
app.get ('/logout', routes.logout); app.get ('/logout', routes.logout);
app.get ('/_verify', routes.verify); app.get ('/verify', routes.verify);
app.post ('/_auth/1stfactor', routes.first_factor); app.post ('/1stfactor', routes.first_factor);
app.post ('/_auth/2ndfactor/totp', routes.second_factor.totp); app.post ('/2ndfactor/totp', routes.second_factor.totp);
app.get ('/_auth/2ndfactor/u2f/register_request', routes.second_factor.u2f.register_request); app.get ('/2ndfactor/u2f/register_request', routes.second_factor.u2f.register_request);
app.post ('/_auth/2ndfactor/u2f/register', routes.second_factor.u2f.register); app.post ('/2ndfactor/u2f/register', routes.second_factor.u2f.register);
app.get ('/_auth/2ndfactor/u2f/sign_request', routes.second_factor.u2f.sign_request); app.get ('/2ndfactor/u2f/sign_request', routes.second_factor.u2f.sign_request);
app.post ('/_auth/2ndfactor/u2f/sign', routes.second_factor.u2f.sign); app.post ('/2ndfactor/u2f/sign', routes.second_factor.u2f.sign);
return app.listen(config.port, function(err) { return app.listen(config.port, function(err) {
console.log('Listening on %d...', config.port); console.log('Listening on %d...', config.port);

12
src/public_html/login.js
View File

@ -79,7 +79,7 @@ function finishSecondFactorU2f(url, responseData, fn) {
} }
function startSecondFactorU2fSigning(fn, timeout) { function startSecondFactorU2fSigning(fn, timeout) {
$.get('/auth/_auth/2ndfactor/u2f/sign_request', {}, null, 'json') $.get('/auth/2ndfactor/u2f/sign_request', {}, null, 'json')
.done(function(signResponse) { .done(function(signResponse) {
var registeredKeys = signResponse.registeredKeys; var registeredKeys = signResponse.registeredKeys;
$.notify('Please touch the token', 'information'); $.notify('Please touch the token', 'information');
@ -101,7 +101,7 @@ function startSecondFactorU2fSigning(fn, timeout) {
fn(response); fn(response);
} else { } else {
// response['sessionId'] = sessionIds[response.keyHandle]; // response['sessionId'] = sessionIds[response.keyHandle];
finishSecondFactorU2f('/auth/_auth/2ndfactor/u2f/sign', response, fn); finishSecondFactorU2f('/auth/2ndfactor/u2f/sign', response, fn);
} }
}, },
timeout timeout
@ -113,7 +113,7 @@ function startSecondFactorU2fSigning(fn, timeout) {
} }
function startSecondFactorU2fRegister(fn, timeout) { function startSecondFactorU2fRegister(fn, timeout) {
$.get('/auth/_auth/2ndfactor/u2f/register_request', {}, null, 'json') $.get('/auth/2ndfactor/u2f/register_request', {}, null, 'json')
.done(function(startRegisterResponse) { .done(function(startRegisterResponse) {
console.log(startRegisterResponse); console.log(startRegisterResponse);
$.notify('Please touch the token', 'information'); $.notify('Please touch the token', 'information');
@ -126,7 +126,7 @@ function startSecondFactorU2fRegister(fn, timeout) {
fn(response.errorCode); fn(response.errorCode);
} else { } else {
// response['sessionId'] = startRegisterResponse.clientData; // response['sessionId'] = startRegisterResponse.clientData;
finishSecondFactorU2f('/auth/_auth/2ndfactor/u2f/register', response, fn); finishSecondFactorU2f('/auth/2ndfactor/u2f/register', response, fn);
} }
}, },
timeout timeout
@ -135,7 +135,7 @@ function startSecondFactorU2fRegister(fn, timeout) {
} }
function validateSecondFactorTotp(token, fn) { function validateSecondFactorTotp(token, fn) {
$.post('/auth/_auth/2ndfactor/totp', { $.post('/auth/2ndfactor/totp', {
token: token, token: token,
}) })
.done(function() { .done(function() {
@ -148,7 +148,7 @@ function validateSecondFactorTotp(token, fn) {
function validateFirstFactor(username, password, fn) { function validateFirstFactor(username, password, fn) {
$.post('/auth/_auth/1stfactor', { $.post('/auth/1stfactor', {
username: username, username: username,
password: password, password: password,
}) })

6
test/integration/test_server.js
View File

@ -62,7 +62,7 @@ describe('test the server', function() {
}); });
it('should fail the first_factor login', function() { it('should fail the first_factor login', function() {
return postPromised(BASE_URL + '/auth/_auth/1stfactor', { return postPromised(BASE_URL + '/auth/1stfactor', {
form: { form: {
username: 'admin', username: 'admin',
password: 'bad_password' password: 'bad_password'
@ -80,7 +80,7 @@ describe('test the server', function() {
encoding: 'base32' encoding: 'base32'
}); });
return postPromised(BASE_URL + '/auth/_auth/1stfactor', { return postPromised(BASE_URL + '/auth/1stfactor', {
form: { form: {
username: 'admin', username: 'admin',
password: 'password', password: 'password',
@ -88,7 +88,7 @@ describe('test the server', function() {
}) })
.then(function(response) { .then(function(response) {
assert.equal(response.statusCode, 204); assert.equal(response.statusCode, 204);
return postPromised(BASE_URL + '/auth/_auth/2ndfactor/totp', { return postPromised(BASE_URL + '/auth/2ndfactor/totp', {
form: { token: token } form: { token: token }
}); });
}) })

10
test/unitary/test_data_persistence.js
View File

@ -118,7 +118,7 @@ describe('test data persistence', function() {
function execute_first_factor(jar) { function execute_first_factor(jar) {
return request.postAsync({ return request.postAsync({
url: BASE_URL + '/_auth/1stfactor', url: BASE_URL + '/1stfactor',
jar: jar, jar: jar,
form: { form: {
username: 'test_ok', username: 'test_ok',
@ -129,12 +129,12 @@ describe('test data persistence', function() {
function execute_u2f_registration(jar) { function execute_u2f_registration(jar) {
return request.getAsync({ return request.getAsync({
url: BASE_URL + '/_auth/2ndfactor/u2f/register_request', url: BASE_URL + '/2ndfactor/u2f/register_request',
jar: jar jar: jar
}) })
.then(function(res) { .then(function(res) {
return request.postAsync({ return request.postAsync({
url: BASE_URL + '/_auth/2ndfactor/u2f/register', url: BASE_URL + '/2ndfactor/u2f/register',
jar: jar, jar: jar,
form: { form: {
s: 'test' s: 'test'
@ -145,12 +145,12 @@ describe('test data persistence', function() {
function execute_u2f_authentication(jar) { function execute_u2f_authentication(jar) {
return request.getAsync({ return request.getAsync({
url: BASE_URL + '/_auth/2ndfactor/u2f/sign_request', url: BASE_URL + '/2ndfactor/u2f/sign_request',
jar: jar jar: jar
}) })
.then(function() { .then(function() {
return request.postAsync({ return request.postAsync({
url: BASE_URL + '/_auth/2ndfactor/u2f/sign', url: BASE_URL + '/2ndfactor/u2f/sign',
jar: jar, jar: jar,
form: { form: {
s: 'test' s: 'test'

20
test/unitary/test_server.js
View File

@ -81,7 +81,7 @@ describe('test the server', function() {
function test_authentication() { function test_authentication() {
it('should return status code 401 when user is not authenticated', function() { it('should return status code 401 when user is not authenticated', function() {
return request.getAsync({ url: BASE_URL + '/_verify' }) return request.getAsync({ url: BASE_URL + '/verify' })
.then(function(response) { .then(function(response) {
assert.equal(response.statusCode, 401); assert.equal(response.statusCode, 401);
return Promise.resolve(); return Promise.resolve();
@ -98,7 +98,7 @@ describe('test the server', function() {
.then(function(res) { .then(function(res) {
assert.equal(res.statusCode, 200, 'get login page failed'); assert.equal(res.statusCode, 200, 'get login page failed');
return request.postAsync({ return request.postAsync({
url: BASE_URL + '/_auth/1stfactor', url: BASE_URL + '/1stfactor',
jar: j, jar: j,
form: { form: {
username: 'test_ok', username: 'test_ok',
@ -109,7 +109,7 @@ describe('test the server', function() {
.then(function(res) { .then(function(res) {
assert.equal(res.statusCode, 204, 'first factor failed'); assert.equal(res.statusCode, 204, 'first factor failed');
return request.postAsync({ return request.postAsync({
url: BASE_URL + '/_auth/2ndfactor/totp', url: BASE_URL + '/2ndfactor/totp',
jar: j, jar: j,
form: { form: {
token: real_token token: real_token
@ -118,7 +118,7 @@ describe('test the server', function() {
}) })
.then(function(res) { .then(function(res) {
assert.equal(res.statusCode, 204, 'second factor failed'); assert.equal(res.statusCode, 204, 'second factor failed');
return request.getAsync({ url: BASE_URL + '/_verify', jar: j }) return request.getAsync({ url: BASE_URL + '/verify', jar: j })
}) })
.then(function(res) { .then(function(res) {
assert.equal(res.statusCode, 204, 'verify failed'); assert.equal(res.statusCode, 204, 'verify failed');
@ -141,7 +141,7 @@ describe('test the server', function() {
.then(function(res) { .then(function(res) {
assert.equal(res.statusCode, 200, 'get login page failed'); assert.equal(res.statusCode, 200, 'get login page failed');
return request.postAsync({ return request.postAsync({
url: BASE_URL + '/_auth/1stfactor', url: BASE_URL + '/1stfactor',
jar: j, jar: j,
form: { form: {
username: 'test_ok', username: 'test_ok',
@ -152,14 +152,14 @@ describe('test the server', function() {
.then(function(res) { .then(function(res) {
assert.equal(res.statusCode, 204, 'first factor failed'); assert.equal(res.statusCode, 204, 'first factor failed');
return request.getAsync({ return request.getAsync({
url: BASE_URL + '/_auth/2ndfactor/u2f/register_request', url: BASE_URL + '/2ndfactor/u2f/register_request',
jar: j jar: j
}); });
}) })
.then(function(res) { .then(function(res) {
assert.equal(res.statusCode, 200, 'second factor, start register failed'); assert.equal(res.statusCode, 200, 'second factor, start register failed');
return request.postAsync({ return request.postAsync({
url: BASE_URL + '/_auth/2ndfactor/u2f/register', url: BASE_URL + '/2ndfactor/u2f/register',
jar: j, jar: j,
form: { form: {
s: 'test' s: 'test'
@ -169,14 +169,14 @@ describe('test the server', function() {
.then(function(res) { .then(function(res) {
assert.equal(res.statusCode, 204, 'second factor, finish register failed'); assert.equal(res.statusCode, 204, 'second factor, finish register failed');
return request.getAsync({ return request.getAsync({
url: BASE_URL + '/_auth/2ndfactor/u2f/sign_request', url: BASE_URL + '/2ndfactor/u2f/sign_request',
jar: j jar: j
}); });
}) })
.then(function(res) { .then(function(res) {
assert.equal(res.statusCode, 200, 'second factor, start sign failed'); assert.equal(res.statusCode, 200, 'second factor, start sign failed');
return request.postAsync({ return request.postAsync({
url: BASE_URL + '/_auth/2ndfactor/u2f/sign', url: BASE_URL + '/2ndfactor/u2f/sign',
jar: j, jar: j,
form: { form: {
s: 'test' s: 'test'
@ -185,7 +185,7 @@ describe('test the server', function() {
}) })
.then(function(res) { .then(function(res) {
assert.equal(res.statusCode, 204, 'second factor, finish sign failed'); assert.equal(res.statusCode, 204, 'second factor, finish sign failed');
return request.getAsync({ url: BASE_URL + '/_verify', jar: j }) return request.getAsync({ url: BASE_URL + '/verify', jar: j })
}) })
.then(function(res) { .then(function(res) {
assert.equal(res.statusCode, 204, 'verify failed'); assert.equal(res.statusCode, 204, 'verify failed');