diff --git a/test/suites/short-timeouts/config.yml b/test/suites/short-timeouts/config.yml new file mode 100644 index 00000000..7920a409 --- /dev/null +++ b/test/suites/short-timeouts/config.yml @@ -0,0 +1,110 @@ +############################################################### +# Authelia minimal configuration # +############################################################### + +port: 9091 + +logs_level: debug + +default_redirection_url: https://home.example.com:8080/ + +authentication_backend: + file: + path: ./users_database.yml + +session: + secret: unsecure_session_secret + domain: example.com + inactivity: 5000 + expiration: 8000 + +# Configuration of the storage backend used to store data and secrets. i.e. totp data +storage: + local: + path: /tmp/authelia/db + +# TOTP Issuer Name +# +# This will be the issuer name displayed in Google Authenticator +# See: https://github.com/google/google-authenticator/wiki/Key-Uri-Format for more info on issuer names +totp: + issuer: example.com + +# Access Control +# +# Access control is a set of rules you can use to restrict user access to certain +# resources. +access_control: + # Default policy can either be `bypass`, `one_factor`, `two_factor` or `deny`. + default_policy: deny + + rules: + - domain: single_factor.example.com + policy: one_factor + + - domain: '*.example.com' + subject: "group:admins" + policy: two_factor + + - domain: dev.example.com + resources: + - '^/users/john/.*$' + subject: "user:john" + policy: two_factor + + - domain: dev.example.com + resources: + - '^/users/harry/.*$' + subject: "user:harry" + policy: two_factor + + - domain: '*.mail.example.com' + subject: "user:bob" + policy: two_factor + + - domain: dev.example.com + resources: + - '^/users/bob/.*$' + subject: "user:bob" + policy: two_factor + + +# Configuration of the authentication regulation mechanism. +regulation: + # Set it to 0 to disable max_retries. + max_retries: 3 + + # The user is banned if the authenticaction failed `max_retries` times in a `find_time` seconds window. + find_time: 10 + + # The length of time before a banned user can login again. + ban_time: 5 + +# Default redirection URL +# +# Note: this parameter is optional. If not provided, user won't +# be redirected upon successful authentication. +#default_redirection_url: https://authelia.example.domain + +notifier: + # For testing purpose, notifications can be sent in a file + # filesystem: + # filename: /tmp/authelia/notification.txt + + # Use your email account to send the notifications. You can use an app password. + # List of valid services can be found here: https://nodemailer.com/smtp/well-known/ + ## email: + ## username: user@example.com + ## password: yourpassword + ## sender: admin@example.com + ## service: gmail + + # Use a SMTP server for sending notifications + smtp: + username: test + password: password + secure: false + host: 127.0.0.1 + port: 1025 + sender: admin@example.com + diff --git a/test/suites/short-timeouts/environment.ts b/test/suites/short-timeouts/environment.ts new file mode 100644 index 00000000..82fd6611 --- /dev/null +++ b/test/suites/short-timeouts/environment.ts @@ -0,0 +1,27 @@ +import fs from 'fs'; +import { exec } from "../../helpers/utils/exec"; +import AutheliaServer from "../../helpers/context/AutheliaServer"; +import DockerEnvironment from "../../helpers/context/DockerEnvironment"; + +const autheliaServer = new AutheliaServer(__dirname + '/config.yml'); +const dockerEnv = new DockerEnvironment([ + 'docker-compose.yml', + 'example/compose/nginx/backend/docker-compose.yml', + 'example/compose/nginx/portal/docker-compose.yml', + 'example/compose/smtp/docker-compose.yml', +]) + +async function setup() { + await exec('mkdir -p /tmp/authelia/db'); + await exec('./example/compose/nginx/portal/render.js ' + (fs.existsSync('.suite') ? '': '--production')); + await dockerEnv.start(); + await autheliaServer.start(); +} + +async function teardown() { + await dockerEnv.stop(); + await autheliaServer.stop(); + await exec('rm -r /tmp/authelia/db'); +} + +export { setup, teardown }; \ No newline at end of file diff --git a/test/suites/simple/scenarii/Inactivity.ts b/test/suites/short-timeouts/scenarii/Inactivity.ts similarity index 100% rename from test/suites/simple/scenarii/Inactivity.ts rename to test/suites/short-timeouts/scenarii/Inactivity.ts diff --git a/test/suites/short-timeouts/test.ts b/test/suites/short-timeouts/test.ts new file mode 100644 index 00000000..e5ccc5bb --- /dev/null +++ b/test/suites/short-timeouts/test.ts @@ -0,0 +1,12 @@ +import AutheliaSuite from "../../helpers/context/AutheliaSuite"; +import Inactivity from './scenarii/Inactivity'; +import { exec } from '../../helpers/utils/exec'; + +AutheliaSuite('Short timeouts', __dirname, function() { + this.timeout(10000); + beforeEach(async function() { + await exec('cp users_database.example.yml users_database.yml'); + }); + + describe('Inactivity period', Inactivity); +}); \ No newline at end of file diff --git a/test/suites/simple/config.yml b/test/suites/simple/config.yml index 7920a409..6fa30b14 100644 --- a/test/suites/simple/config.yml +++ b/test/suites/simple/config.yml @@ -15,8 +15,8 @@ authentication_backend: session: secret: unsecure_session_secret domain: example.com - inactivity: 5000 - expiration: 8000 + expiration: 3600000 # 1 hour + inactivity: 300000 # 5 minutes # Configuration of the storage backend used to store data and secrets. i.e. totp data storage: @@ -75,10 +75,10 @@ regulation: max_retries: 3 # The user is banned if the authenticaction failed `max_retries` times in a `find_time` seconds window. - find_time: 10 + find_time: 300 # The length of time before a banned user can login again. - ban_time: 5 + ban_time: 900 # Default redirection URL # diff --git a/test/suites/simple/environment.ts b/test/suites/simple/environment.ts index 3fb43625..82fd6611 100644 --- a/test/suites/simple/environment.ts +++ b/test/suites/simple/environment.ts @@ -21,7 +21,7 @@ async function setup() { async function teardown() { await dockerEnv.stop(); await autheliaServer.stop(); - await exec('mkdir -p /tmp/authelia/db'); + await exec('rm -r /tmp/authelia/db'); } export { setup, teardown }; \ No newline at end of file diff --git a/test/suites/simple/test.ts b/test/suites/simple/test.ts index 910221d0..00d9c177 100644 --- a/test/suites/simple/test.ts +++ b/test/suites/simple/test.ts @@ -3,7 +3,6 @@ import BadPassword from "./scenarii/BadPassword"; import RegisterTotp from './scenarii/RegisterTotp'; import ResetPassword from './scenarii/ResetPassword'; import TOTPValidation from './scenarii/TOTPValidation'; -import Inactivity from './scenarii/Inactivity'; import BackendProtection from './scenarii/BackendProtection'; import VerifyEndpoint from './scenarii/VerifyEndpoint'; import RequiredTwoFactor from './scenarii/RequiredTwoFactor'; @@ -11,7 +10,7 @@ import LogoutRedirectToAlreadyLoggedIn from './scenarii/LogoutRedirectToAlreadyL import SimpleAuthentication from './scenarii/SimpleAuthentication'; import { exec } from '../../helpers/utils/exec'; -AutheliaSuite('Minimal configuration', __dirname, function() { +AutheliaSuite('Simple configuration', __dirname, function() { this.timeout(10000); beforeEach(async function() { await exec('cp users_database.example.yml users_database.yml'); @@ -24,7 +23,6 @@ AutheliaSuite('Minimal configuration', __dirname, function() { describe('Reset password', ResetPassword); describe('TOTP Registration', RegisterTotp); describe('TOTP Validation', TOTPValidation); - describe('Inactivity period', Inactivity); describe('Required two factor', RequiredTwoFactor); describe('Logout endpoint redirect to already logged in page', LogoutRedirectToAlreadyLoggedIn); }); \ No newline at end of file