fix(configuration): remember me duration disabled impossible (#2997)

This fixes an issue not properly resolved by db6dd32151.
This commit is contained in:
James Elliott 2022-03-13 13:51:23 +11:00 committed by GitHub
parent a7d3f8f16b
commit b43ee50368
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 27 additions and 16 deletions

View File

@ -295,6 +295,7 @@ func TestShouldDecodeSMTPSenderWithName(t *testing.T) {
assert.Equal(t, "Admin", config.Notifier.SMTP.Sender.Name)
assert.Equal(t, "admin@example.com", config.Notifier.SMTP.Sender.Address)
assert.Equal(t, schema.RememberMeDisabled, config.Session.RememberMeDuration)
}
func TestShouldNotReadConfigurationOnFSAccessDenied(t *testing.T) {

View File

@ -9,20 +9,24 @@ const argon2id = "argon2id"
// ProfileRefreshDisabled represents a value for refresh_interval that disables the check entirely.
const ProfileRefreshDisabled = "disable"
const (
// ProfileRefreshAlways represents a value for refresh_interval that's the same as 0ms.
const ProfileRefreshAlways = "always"
ProfileRefreshAlways = "always"
// RefreshIntervalDefault represents the default value of refresh_interval.
const RefreshIntervalDefault = "5m"
RefreshIntervalDefault = "5m"
// RefreshIntervalAlways represents the duration value refresh interval should have if set to always.
const RefreshIntervalAlways = 0 * time.Millisecond
RefreshIntervalAlways = 0 * time.Millisecond
)
const (
// LDAPImplementationCustom is the string for the custom LDAP implementation.
const LDAPImplementationCustom = "custom"
LDAPImplementationCustom = "custom"
// LDAPImplementationActiveDirectory is the string for the Active Directory LDAP implementation.
const LDAPImplementationActiveDirectory = "activedirectory"
LDAPImplementationActiveDirectory = "activedirectory"
)
// TOTP Algorithm.
const (
@ -31,6 +35,11 @@ const (
TOTPAlgorithmSHA512 = "SHA512"
)
const (
// RememberMeDisabled represents the duration for a disabled remember me session configuration.
RememberMeDisabled = time.Second * -1
)
var (
// TOTPPossibleAlgorithms is a list of valid TOTP Algorithms.
TOTPPossibleAlgorithms = []string{TOTPAlgorithmSHA1, TOTPAlgorithmSHA256, TOTPAlgorithmSHA512}

View File

@ -97,6 +97,7 @@ session:
name: authelia_session
expiration: 3600000 # 1 hour
inactivity: 300000 # 5 minutes
remember_me_duration: -1
domain: example.com
redis:
host: 127.0.0.1

View File

@ -35,7 +35,7 @@ func validateSession(config *schema.SessionConfiguration, validator *schema.Stru
config.Inactivity = schema.DefaultSessionConfiguration.Inactivity // 5 min.
}
if config.RememberMeDuration <= 0 && config.RememberMeDuration != -1 {
if config.RememberMeDuration <= 0 && config.RememberMeDuration != schema.RememberMeDisabled {
config.RememberMeDuration = schema.DefaultSessionConfiguration.RememberMeDuration // 1 month.
}

View File

@ -3,7 +3,6 @@ package validator
import (
"fmt"
"testing"
"time"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
@ -412,7 +411,7 @@ func TestShouldSetDefaultWhenNegativeAndNotOverrideDisabledRememberMe(t *testing
config := newDefaultSessionConfig()
config.Inactivity = -1
config.Expiration = -1
config.RememberMeDuration = -1
config.RememberMeDuration = schema.RememberMeDisabled
ValidateSession(&config, validator)
@ -421,7 +420,7 @@ func TestShouldSetDefaultWhenNegativeAndNotOverrideDisabledRememberMe(t *testing
assert.Equal(t, schema.DefaultSessionConfiguration.Inactivity, config.Inactivity)
assert.Equal(t, schema.DefaultSessionConfiguration.Expiration, config.Expiration)
assert.Equal(t, time.Duration(-1), config.RememberMeDuration)
assert.Equal(t, schema.RememberMeDisabled, config.RememberMeDuration)
}
func TestShouldSetDefaultRememberMeDuration(t *testing.T) {

View File

@ -4,6 +4,7 @@ import (
"errors"
"time"
"github.com/authelia/authelia/v4/internal/configuration/schema"
"github.com/authelia/authelia/v4/internal/middlewares"
"github.com/authelia/authelia/v4/internal/regulation"
"github.com/authelia/authelia/v4/internal/session"
@ -92,7 +93,7 @@ func FirstFactorPost(delayFunc middlewares.TimingAttackDelayFunc) middlewares.Re
}
// Check if bodyJSON.KeepMeLoggedIn can be deref'd and derive the value based on the configuration and JSON data.
keepMeLoggedIn := ctx.Providers.SessionProvider.RememberMe != -1 && bodyJSON.KeepMeLoggedIn != nil && *bodyJSON.KeepMeLoggedIn
keepMeLoggedIn := ctx.Providers.SessionProvider.RememberMe != schema.RememberMeDisabled && bodyJSON.KeepMeLoggedIn != nil && *bodyJSON.KeepMeLoggedIn
// Set the cookie to expire if remember me is enabled and the user has asked us to.
if keepMeLoggedIn {

View File

@ -28,7 +28,7 @@ var assets embed.FS
func registerRoutes(configuration schema.Configuration, providers middlewares.Providers) fasthttp.RequestHandler {
autheliaMiddleware := middlewares.AutheliaMiddleware(configuration, providers)
rememberMe := strconv.FormatBool(configuration.Session.RememberMeDuration != -1)
rememberMe := strconv.FormatBool(configuration.Session.RememberMeDuration != schema.RememberMeDisabled)
resetPassword := strconv.FormatBool(!configuration.AuthenticationBackend.DisableResetPassword)
duoSelfEnrollment := f