fix(configuration): remember me duration disabled impossible (#2997)

This fixes an issue not properly resolved by db6dd32151.
This commit is contained in:
James Elliott 2022-03-13 13:51:23 +11:00 committed by GitHub
parent a7d3f8f16b
commit b43ee50368
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 27 additions and 16 deletions

View File

@ -295,6 +295,7 @@ func TestShouldDecodeSMTPSenderWithName(t *testing.T) {
assert.Equal(t, "Admin", config.Notifier.SMTP.Sender.Name) assert.Equal(t, "Admin", config.Notifier.SMTP.Sender.Name)
assert.Equal(t, "admin@example.com", config.Notifier.SMTP.Sender.Address) assert.Equal(t, "admin@example.com", config.Notifier.SMTP.Sender.Address)
assert.Equal(t, schema.RememberMeDisabled, config.Session.RememberMeDuration)
} }
func TestShouldNotReadConfigurationOnFSAccessDenied(t *testing.T) { func TestShouldNotReadConfigurationOnFSAccessDenied(t *testing.T) {

View File

@ -9,20 +9,24 @@ const argon2id = "argon2id"
// ProfileRefreshDisabled represents a value for refresh_interval that disables the check entirely. // ProfileRefreshDisabled represents a value for refresh_interval that disables the check entirely.
const ProfileRefreshDisabled = "disable" const ProfileRefreshDisabled = "disable"
// ProfileRefreshAlways represents a value for refresh_interval that's the same as 0ms. const (
const ProfileRefreshAlways = "always" // ProfileRefreshAlways represents a value for refresh_interval that's the same as 0ms.
ProfileRefreshAlways = "always"
// RefreshIntervalDefault represents the default value of refresh_interval. // RefreshIntervalDefault represents the default value of refresh_interval.
const RefreshIntervalDefault = "5m" RefreshIntervalDefault = "5m"
// RefreshIntervalAlways represents the duration value refresh interval should have if set to always. // RefreshIntervalAlways represents the duration value refresh interval should have if set to always.
const RefreshIntervalAlways = 0 * time.Millisecond RefreshIntervalAlways = 0 * time.Millisecond
)
// LDAPImplementationCustom is the string for the custom LDAP implementation. const (
const LDAPImplementationCustom = "custom" // LDAPImplementationCustom is the string for the custom LDAP implementation.
LDAPImplementationCustom = "custom"
// LDAPImplementationActiveDirectory is the string for the Active Directory LDAP implementation. // LDAPImplementationActiveDirectory is the string for the Active Directory LDAP implementation.
const LDAPImplementationActiveDirectory = "activedirectory" LDAPImplementationActiveDirectory = "activedirectory"
)
// TOTP Algorithm. // TOTP Algorithm.
const ( const (
@ -31,6 +35,11 @@ const (
TOTPAlgorithmSHA512 = "SHA512" TOTPAlgorithmSHA512 = "SHA512"
) )
const (
// RememberMeDisabled represents the duration for a disabled remember me session configuration.
RememberMeDisabled = time.Second * -1
)
var ( var (
// TOTPPossibleAlgorithms is a list of valid TOTP Algorithms. // TOTPPossibleAlgorithms is a list of valid TOTP Algorithms.
TOTPPossibleAlgorithms = []string{TOTPAlgorithmSHA1, TOTPAlgorithmSHA256, TOTPAlgorithmSHA512} TOTPPossibleAlgorithms = []string{TOTPAlgorithmSHA1, TOTPAlgorithmSHA256, TOTPAlgorithmSHA512}

View File

@ -97,6 +97,7 @@ session:
name: authelia_session name: authelia_session
expiration: 3600000 # 1 hour expiration: 3600000 # 1 hour
inactivity: 300000 # 5 minutes inactivity: 300000 # 5 minutes
remember_me_duration: -1
domain: example.com domain: example.com
redis: redis:
host: 127.0.0.1 host: 127.0.0.1

View File

@ -35,7 +35,7 @@ func validateSession(config *schema.SessionConfiguration, validator *schema.Stru
config.Inactivity = schema.DefaultSessionConfiguration.Inactivity // 5 min. config.Inactivity = schema.DefaultSessionConfiguration.Inactivity // 5 min.
} }
if config.RememberMeDuration <= 0 && config.RememberMeDuration != -1 { if config.RememberMeDuration <= 0 && config.RememberMeDuration != schema.RememberMeDisabled {
config.RememberMeDuration = schema.DefaultSessionConfiguration.RememberMeDuration // 1 month. config.RememberMeDuration = schema.DefaultSessionConfiguration.RememberMeDuration // 1 month.
} }

View File

@ -3,7 +3,6 @@ package validator
import ( import (
"fmt" "fmt"
"testing" "testing"
"time"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
@ -412,7 +411,7 @@ func TestShouldSetDefaultWhenNegativeAndNotOverrideDisabledRememberMe(t *testing
config := newDefaultSessionConfig() config := newDefaultSessionConfig()
config.Inactivity = -1 config.Inactivity = -1
config.Expiration = -1 config.Expiration = -1
config.RememberMeDuration = -1 config.RememberMeDuration = schema.RememberMeDisabled
ValidateSession(&config, validator) ValidateSession(&config, validator)
@ -421,7 +420,7 @@ func TestShouldSetDefaultWhenNegativeAndNotOverrideDisabledRememberMe(t *testing
assert.Equal(t, schema.DefaultSessionConfiguration.Inactivity, config.Inactivity) assert.Equal(t, schema.DefaultSessionConfiguration.Inactivity, config.Inactivity)
assert.Equal(t, schema.DefaultSessionConfiguration.Expiration, config.Expiration) assert.Equal(t, schema.DefaultSessionConfiguration.Expiration, config.Expiration)
assert.Equal(t, time.Duration(-1), config.RememberMeDuration) assert.Equal(t, schema.RememberMeDisabled, config.RememberMeDuration)
} }
func TestShouldSetDefaultRememberMeDuration(t *testing.T) { func TestShouldSetDefaultRememberMeDuration(t *testing.T) {

View File

@ -4,6 +4,7 @@ import (
"errors" "errors"
"time" "time"
"github.com/authelia/authelia/v4/internal/configuration/schema"
"github.com/authelia/authelia/v4/internal/middlewares" "github.com/authelia/authelia/v4/internal/middlewares"
"github.com/authelia/authelia/v4/internal/regulation" "github.com/authelia/authelia/v4/internal/regulation"
"github.com/authelia/authelia/v4/internal/session" "github.com/authelia/authelia/v4/internal/session"
@ -92,7 +93,7 @@ func FirstFactorPost(delayFunc middlewares.TimingAttackDelayFunc) middlewares.Re
} }
// Check if bodyJSON.KeepMeLoggedIn can be deref'd and derive the value based on the configuration and JSON data. // Check if bodyJSON.KeepMeLoggedIn can be deref'd and derive the value based on the configuration and JSON data.
keepMeLoggedIn := ctx.Providers.SessionProvider.RememberMe != -1 && bodyJSON.KeepMeLoggedIn != nil && *bodyJSON.KeepMeLoggedIn keepMeLoggedIn := ctx.Providers.SessionProvider.RememberMe != schema.RememberMeDisabled && bodyJSON.KeepMeLoggedIn != nil && *bodyJSON.KeepMeLoggedIn
// Set the cookie to expire if remember me is enabled and the user has asked us to. // Set the cookie to expire if remember me is enabled and the user has asked us to.
if keepMeLoggedIn { if keepMeLoggedIn {

View File

@ -28,7 +28,7 @@ var assets embed.FS
func registerRoutes(configuration schema.Configuration, providers middlewares.Providers) fasthttp.RequestHandler { func registerRoutes(configuration schema.Configuration, providers middlewares.Providers) fasthttp.RequestHandler {
autheliaMiddleware := middlewares.AutheliaMiddleware(configuration, providers) autheliaMiddleware := middlewares.AutheliaMiddleware(configuration, providers)
rememberMe := strconv.FormatBool(configuration.Session.RememberMeDuration != -1) rememberMe := strconv.FormatBool(configuration.Session.RememberMeDuration != schema.RememberMeDisabled)
resetPassword := strconv.FormatBool(!configuration.AuthenticationBackend.DisableResetPassword) resetPassword := strconv.FormatBool(!configuration.AuthenticationBackend.DisableResetPassword)
duoSelfEnrollment := f duoSelfEnrollment := f