Create a specific suite for short timeouts to let humans use simple suite.

test/suites/short-timeouts/config.yml

@@ -0,0 +1,110 @@
+###############################################################
+#                Authelia minimal configuration               #
+###############################################################
+
+port: 9091
+
+logs_level: debug
+
+default_redirection_url: https://home.example.com:8080/
+
+authentication_backend:
+  file:
+    path: ./users_database.yml
+
+session:
+  secret: unsecure_session_secret
+  domain: example.com
+  inactivity: 5000
+  expiration: 8000
+
+# Configuration of the storage backend used to store data and secrets. i.e. totp data
+storage:
+  local:
+    path: /tmp/authelia/db
+
+# TOTP Issuer Name
+#
+# This will be the issuer name displayed in Google Authenticator
+# See: https://github.com/google/google-authenticator/wiki/Key-Uri-Format for more info on issuer names
+totp:
+  issuer: example.com
+
+# Access Control
+#
+# Access control is a set of rules you can use to restrict user access to certain 
+# resources.
+access_control:
+  # Default policy can either be `bypass`, `one_factor`, `two_factor` or `deny`.
+  default_policy: deny
+
+  rules:
+    - domain: single_factor.example.com
+      policy: one_factor
+
+    - domain: '*.example.com'
+      subject: "group:admins"
+      policy: two_factor
+
+    - domain: dev.example.com
+      resources:
+        - '^/users/john/.*$' 
+      subject: "user:john"
+      policy: two_factor
+
+    - domain: dev.example.com
+      resources:
+        - '^/users/harry/.*$'
+      subject: "user:harry"
+      policy: two_factor
+
+    - domain: '*.mail.example.com'
+      subject: "user:bob"
+      policy: two_factor
+
+    - domain: dev.example.com
+      resources:
+        - '^/users/bob/.*$'
+      subject: "user:bob"
+      policy: two_factor
+
+
+# Configuration of the authentication regulation mechanism.
+regulation: 
+  # Set it to 0 to disable max_retries.
+  max_retries: 3
+
+  # The user is banned if the authenticaction failed `max_retries` times in a `find_time` seconds window. 
+  find_time: 10
+
+  # The length of time before a banned user can login again.
+  ban_time: 5
+
+# Default redirection URL
+#
+# Note: this parameter is optional. If not provided, user won't
+# be redirected upon successful authentication.
+#default_redirection_url: https://authelia.example.domain
+
+notifier:
+  # For testing purpose, notifications can be sent in a file
+  # filesystem:
+  #   filename: /tmp/authelia/notification.txt
+
+  # Use your email account to send the notifications. You can use an app password.
+  # List of valid services can be found here: https://nodemailer.com/smtp/well-known/  
+  ## email:
+  ##   username: user@example.com
+  ##   password: yourpassword
+  ##   sender: admin@example.com
+  ##   service: gmail
+  
+  # Use a SMTP server for sending notifications
+  smtp:
+    username: test
+    password: password
+    secure: false
+    host: 127.0.0.1
+    port: 1025
+    sender: admin@example.com
+

test/suites/short-timeouts/environment.ts

@@ -0,0 +1,27 @@
+import fs from 'fs';
+import { exec } from "../../helpers/utils/exec";
+import AutheliaServer from "../../helpers/context/AutheliaServer";
+import DockerEnvironment from "../../helpers/context/DockerEnvironment";
+
+const autheliaServer = new AutheliaServer(__dirname + '/config.yml');
+const dockerEnv = new DockerEnvironment([
+  'docker-compose.yml',
+  'example/compose/nginx/backend/docker-compose.yml',
+  'example/compose/nginx/portal/docker-compose.yml',
+  'example/compose/smtp/docker-compose.yml',
+])
+
+async function setup() {
+  await exec('mkdir -p /tmp/authelia/db');
+  await exec('./example/compose/nginx/portal/render.js ' + (fs.existsSync('.suite') ? '': '--production'));
+  await dockerEnv.start();
+  await autheliaServer.start();
+}
+
+async function teardown() {
+  await dockerEnv.stop();
+  await autheliaServer.stop();
+  await exec('rm -r /tmp/authelia/db');
+}
+
+export { setup, teardown };

test/suites/short-timeouts/test.ts

@@ -0,0 +1,12 @@
+import AutheliaSuite from "../../helpers/context/AutheliaSuite";
+import Inactivity from './scenarii/Inactivity';
+import { exec } from '../../helpers/utils/exec';
+
+AutheliaSuite('Short timeouts', __dirname, function() {
+  this.timeout(10000);
+  beforeEach(async function() {
+    await exec('cp users_database.example.yml users_database.yml');
+  });
+
+  describe('Inactivity period', Inactivity);
+});

test/suites/simple/config.yml

@@ -15,8 +15,8 @@ authentication_backend:
 session:
   secret: unsecure_session_secret
   domain: example.com
-  inactivity: 5000
+  expiration: 3600000 # 1 hour
-  expiration: 8000
+  inactivity: 300000 # 5 minutes
 
 # Configuration of the storage backend used to store data and secrets. i.e. totp data
 storage:
@@ -75,10 +75,10 @@ regulation:
   max_retries: 3
 
   # The user is banned if the authenticaction failed `max_retries` times in a `find_time` seconds window. 
-  find_time: 10
+  find_time: 300
 
   # The length of time before a banned user can login again.
-  ban_time: 5
+  ban_time: 900
 
 # Default redirection URL
 #

test/suites/simple/environment.ts

@@ -21,7 +21,7 @@ async function setup() {
 async function teardown() {
   await dockerEnv.stop();
   await autheliaServer.stop();
-  await exec('mkdir -p /tmp/authelia/db');
+  await exec('rm -r /tmp/authelia/db');
 }
 
 export { setup, teardown };

test/suites/simple/test.ts

@@ -3,7 +3,6 @@ import BadPassword from "./scenarii/BadPassword";
 import RegisterTotp from './scenarii/RegisterTotp';
 import ResetPassword from './scenarii/ResetPassword';
 import TOTPValidation from './scenarii/TOTPValidation';
-import Inactivity from './scenarii/Inactivity';
 import BackendProtection from './scenarii/BackendProtection';
 import VerifyEndpoint from './scenarii/VerifyEndpoint';
 import RequiredTwoFactor from './scenarii/RequiredTwoFactor';
@@ -11,7 +10,7 @@ import LogoutRedirectToAlreadyLoggedIn from './scenarii/LogoutRedirectToAlreadyL
 import SimpleAuthentication from './scenarii/SimpleAuthentication';
 import { exec } from '../../helpers/utils/exec';
 
-AutheliaSuite('Minimal configuration', __dirname, function() {
+AutheliaSuite('Simple configuration', __dirname, function() {
   this.timeout(10000);
   beforeEach(async function() {
     await exec('cp users_database.example.yml users_database.yml');
@@ -24,7 +23,6 @@ AutheliaSuite('Minimal configuration', __dirname, function() {
   describe('Reset password', ResetPassword);
   describe('TOTP Registration', RegisterTotp);
   describe('TOTP Validation', TOTPValidation);
-  describe('Inactivity period', Inactivity);
   describe('Required two factor', RequiredTwoFactor);
   describe('Logout endpoint redirect to already logged in page', LogoutRedirectToAlreadyLoggedIn);
 });