Remove artifacts of only_basic_auth query param

This commit is contained in:
Clement Michaud 2017-10-09 01:55:51 +02:00
parent a0aab77449
commit 9559bff5de
7 changed files with 20 additions and 22 deletions

View File

@ -2,12 +2,19 @@
import BluebirdPromise = require("bluebird"); import BluebirdPromise = require("bluebird");
import Endpoints = require("../../../../shared/api"); import Endpoints = require("../../../../shared/api");
import Constants = require("../../../../shared/constants"); import Constants = require("../../../../shared/constants");
import Util = require("util");
export function validate(username: string, password: string, export function validate(username: string, password: string,
redirectUrl: string, onlyBasicAuth: boolean, $: JQueryStatic): BluebirdPromise<string> { redirectUrl: string, $: JQueryStatic): BluebirdPromise<string> {
return new BluebirdPromise<string>(function (resolve, reject) { return new BluebirdPromise<string>(function (resolve, reject) {
const url = Endpoints.FIRST_FACTOR_POST + "?" + Constants.REDIRECT_QUERY_PARAM + "=" + redirectUrl let url: string;
+ "&" + Constants.ONLY_BASIC_AUTH_QUERY_PARAM + "=" + onlyBasicAuth; if (redirectUrl != undefined) {
const redirectParam = Util.format("%s=%s", Constants.REDIRECT_QUERY_PARAM, redirectUrl);
url = Util.format("%s?%s", Endpoints.FIRST_FACTOR_POST, redirectParam);
}
else {
url = Util.format("%s", Endpoints.FIRST_FACTOR_POST);
}
$.ajax({ $.ajax({
method: "POST", method: "POST",

View File

@ -17,8 +17,7 @@ export default function (window: Window, $: JQueryStatic,
$(UISelectors.PASSWORD_FIELD_ID).val(""); $(UISelectors.PASSWORD_FIELD_ID).val("");
const redirectUrl = QueryParametersRetriever.get(Constants.REDIRECT_QUERY_PARAM); const redirectUrl = QueryParametersRetriever.get(Constants.REDIRECT_QUERY_PARAM);
const onlyBasicAuth = QueryParametersRetriever.get(Constants.ONLY_BASIC_AUTH_QUERY_PARAM) ? true : false; firstFactorValidator.validate(username, password, redirectUrl, $)
firstFactorValidator.validate(username, password, redirectUrl, onlyBasicAuth, $)
.then(onFirstFactorSuccess, onFirstFactorFailure); .then(onFirstFactorSuccess, onFirstFactorFailure);
return false; return false;
} }

View File

@ -13,7 +13,7 @@ describe("test FirstFactorValidator", function () {
const jqueryMock = JQueryMock.JQueryMock(); const jqueryMock = JQueryMock.JQueryMock();
jqueryMock.jquery.ajax.returns(postPromise); jqueryMock.jquery.ajax.returns(postPromise);
return FirstFactorValidator.validate("username", "password", "http://redirect", false, jqueryMock.jquery as any); return FirstFactorValidator.validate("username", "password", "http://redirect", jqueryMock.jquery as any);
}); });
function should_fail_first_factor_validation(errorMessage: string) { function should_fail_first_factor_validation(errorMessage: string) {
@ -27,7 +27,7 @@ describe("test FirstFactorValidator", function () {
const jqueryMock = JQueryMock.JQueryMock(); const jqueryMock = JQueryMock.JQueryMock();
jqueryMock.jquery.ajax.returns(postPromise); jqueryMock.jquery.ajax.returns(postPromise);
return FirstFactorValidator.validate("username", "password", "http://redirect", false, jqueryMock.jquery as any) return FirstFactorValidator.validate("username", "password", "http://redirect", jqueryMock.jquery as any)
.then(function () { .then(function () {
return BluebirdPromise.reject(new Error("First factor validation successfully finished while it should have not.")); return BluebirdPromise.reject(new Error("First factor validation successfully finished while it should have not."));
}, function (err: Error) { }, function (err: Error) {

View File

@ -48,7 +48,7 @@ export default function (req: express.Request, res: express.Response): BluebirdP
JSON.stringify(groupsAndEmails)); JSON.stringify(groupsAndEmails));
authSession.userid = username; authSession.userid = username;
authSession.first_factor = true; authSession.first_factor = true;
const redirectUrl = req.query[Constants.REDIRECT_QUERY_PARAM] != "undefined" const redirectUrl = req.query[Constants.REDIRECT_QUERY_PARAM] !== "undefined"
// Fuck, don't know why it is a string! // Fuck, don't know why it is a string!
? req.query[Constants.REDIRECT_QUERY_PARAM] ? req.query[Constants.REDIRECT_QUERY_PARAM]
: undefined; : undefined;
@ -79,8 +79,9 @@ export default function (req: express.Request, res: express.Response): BluebirdP
} }
else if (authMethod == "two_factor") { else if (authMethod == "two_factor") {
let newRedirectUrl = Endpoint.SECOND_FACTOR_GET; let newRedirectUrl = Endpoint.SECOND_FACTOR_GET;
if (redirectUrl !== "undefined") { if (redirectUrl) {
newRedirectUrl += "?redirect=" + encodeURIComponent(redirectUrl); newRedirectUrl += "?" + Constants.REDIRECT_QUERY_PARAM + "="
+ encodeURIComponent(redirectUrl);
} }
logger.debug(req, "Redirect to '%s'", newRedirectUrl, typeof redirectUrl); logger.debug(req, "Redirect to '%s'", newRedirectUrl, typeof redirectUrl);
res.send({ res.send({

View File

@ -26,5 +26,5 @@ html
</div> </div>
</div> </div>
</div> </div>
script(src="/js/authelia.min.js") script(src="/js/authelia.js")
block entrypoint block entrypoint

View File

@ -1,4 +1 @@
export const ONLY_BASIC_AUTH_QUERY_PARAM = "only_basic_auth";
export const REDIRECT_QUERY_PARAM = "redirect"; export const REDIRECT_QUERY_PARAM = "redirect";

View File

@ -2,18 +2,12 @@ Feature: User can access certain subdomains with basic auth
@need-registered-user-john @need-registered-user-john
Scenario: User is redirected to service after first factor if allowed Scenario: User is redirected to service after first factor if allowed
When I visit "https://auth.test.local:8080/?redirect=https%3A%2F%2Fbasicauth.test.local%3A8080%2Fsecret.html&only_basic_auth=true" When I visit "https://auth.test.local:8080/?redirect=https%3A%2F%2Fbasicauth.test.local%3A8080%2Fsecret.html"
And I login with user "john" and password "password" And I login with user "john" and password "password"
Then I'm redirected to "https://basicauth.test.local:8080/secret.html" Then I'm redirected to "https://basicauth.test.local:8080/secret.html"
@need-registered-user-john @need-registered-user-john
Scenario: Redirection after first factor fails if basic_auth not allowed. It redirects user to first factor. Scenario: Redirection after first factor fails if basic_auth not allowed. It redirects user to first factor.
When I visit "https://auth.test.local:8080/?redirect=https%3A%2F%2Fadmin.test.local%3A8080%2Fsecret.html&only_basic_auth=true"
And I login with user "john" and password "password"
Then I'm redirected to "https://auth.test.local:8080/?redirect=https%3A%2F%2Fadmin.test.local%3A8080%2Fsecret.html"
@need-registered-user-john
Scenario: User is redirected to second factor after first factor
When I visit "https://auth.test.local:8080/?redirect=https%3A%2F%2Fadmin.test.local%3A8080%2Fsecret.html" When I visit "https://auth.test.local:8080/?redirect=https%3A%2F%2Fadmin.test.local%3A8080%2Fsecret.html"
And I login with user "john" and password "password" And I login with user "john" and password "password"
Then I'm redirected to "https://auth.test.local:8080/secondfactor?redirect=https%3A%2F%2Fadmin.test.local%3A8080%2Fsecret.html" Then I'm redirected to "https://auth.test.local:8080/?redirect=https%3A%2F%2Fadmin.test.local%3A8080%2Fsecret.html"