diff --git a/README.md b/README.md index 2554719f..383080f8 100644 --- a/README.md +++ b/README.md @@ -192,7 +192,7 @@ Check out [config.template.yml] to see how they are defined. ### Basic Authentication Authelia allows you to customize the authentication method to use for each sub-domain. -The supported methods are either "basic_auth" and "two_factor". +The supported methods are either "single_factor" and "two_factor". Please see [config.template.yml] to see an example of configuration. ### Session management with Redis diff --git a/config.template.yml b/config.template.yml index 55bd58ee..c9832ce9 100644 --- a/config.template.yml +++ b/config.template.yml @@ -63,7 +63,7 @@ ldap: # Authentication methods # # Authentication methods can be defined per subdomain. -# There are currently two available methods: "basic_auth" and "two_factor" +# There are currently two available methods: "single_factor" and "two_factor" # # Note: by default a domain uses "two_factor" method. # @@ -74,7 +74,7 @@ ldap: authentication_methods: default_method: two_factor per_subdomain_methods: - basicauth.test.local: basic_auth + basicauth.test.local: single_factor # Access Control # diff --git a/server/src/lib/configuration/Configuration.d.ts b/server/src/lib/configuration/Configuration.d.ts index 7c45fad4..a0075da7 100644 --- a/server/src/lib/configuration/Configuration.d.ts +++ b/server/src/lib/configuration/Configuration.d.ts @@ -113,7 +113,7 @@ export interface RegulationConfiguration { ban_time: number; } -declare type AuthenticationMethod = 'two_factor' | 'basic_auth'; +declare type AuthenticationMethod = 'two_factor' | 'single_factor'; declare type AuthenticationMethodPerSubdomain = { [subdomain: string]: AuthenticationMethod } export interface AuthenticationMethodsConfiguration { diff --git a/server/src/lib/routes/firstfactor/post.ts b/server/src/lib/routes/firstfactor/post.ts index 9cbf45c9..0d8c317d 100644 --- a/server/src/lib/routes/firstfactor/post.ts +++ b/server/src/lib/routes/firstfactor/post.ts @@ -70,7 +70,7 @@ export default function (vars: ServerVariables) { vars.logger.debug(req, "Mark successful authentication to regulator."); vars.regulator.mark(username, true); - if (authMethod == "basic_auth") { + if (authMethod == "single_factor") { res.send({ redirect: redirectUrl }); diff --git a/server/test/AuthenticationMethodCalculator.test.ts b/server/test/AuthenticationMethodCalculator.test.ts index 3fa470e4..5c51d335 100644 --- a/server/test/AuthenticationMethodCalculator.test.ts +++ b/server/test/AuthenticationMethodCalculator.test.ts @@ -9,23 +9,23 @@ describe("test authentication method calculator", function() { per_subdomain_methods: {} }; const options2: AuthenticationMethodsConfiguration = { - default_method: "basic_auth", + default_method: "single_factor", per_subdomain_methods: {} }; const calculator1 = new AuthenticationMethodCalculator(options1); const calculator2 = new AuthenticationMethodCalculator(options2); Assert.equal(calculator1.compute("www.example.com"), "two_factor"); - Assert.equal(calculator2.compute("www.example.com"), "basic_auth"); + Assert.equal(calculator2.compute("www.example.com"), "single_factor"); }); it("should return overridden method when sub domain method is defined", function() { const options1: AuthenticationMethodsConfiguration = { default_method: "two_factor", per_subdomain_methods: { - "www.example.com": "basic_auth" + "www.example.com": "single_factor" } }; const calculator1 = new AuthenticationMethodCalculator(options1); - Assert.equal(calculator1.compute("www.example.com"), "basic_auth"); + Assert.equal(calculator1.compute("www.example.com"), "single_factor"); }); -}); \ No newline at end of file +}); diff --git a/server/test/configuration/adapters/AuthenticationMethodsAdapter.test.ts b/server/test/configuration/adapters/AuthenticationMethodsAdapter.test.ts index e26abba7..3e88e572 100644 --- a/server/test/configuration/adapters/AuthenticationMethodsAdapter.test.ts +++ b/server/test/configuration/adapters/AuthenticationMethodsAdapter.test.ts @@ -18,7 +18,7 @@ describe("test authentication methods configuration adapter", function () { it("should adapt a configuration when default_method is not defined", function () { const userConfiguration: any = { per_subdomain_methods: { - "example.com": "basic_auth" + "example.com": "single_factor" } }; @@ -26,34 +26,34 @@ describe("test authentication methods configuration adapter", function () { Assert.deepStrictEqual(appConfiguration, { default_method: "two_factor", per_subdomain_methods: { - "example.com": "basic_auth" + "example.com": "single_factor" } }); }); it("should adapt a configuration when per_subdomain_methods is not defined", function () { const userConfiguration: any = { - default_method: "basic_auth" + default_method: "single_factor" }; const appConfiguration = AuthenticationMethodsAdapter.adapt(userConfiguration); Assert.deepStrictEqual(appConfiguration, { - default_method: "basic_auth", + default_method: "single_factor", per_subdomain_methods: {} }); }); it("should adapt a configuration when per_subdomain_methods has wrong type", function () { const userConfiguration: any = { - default_method: "basic_auth", + default_method: "single_factor", per_subdomain_methods: [] }; const appConfiguration = AuthenticationMethodsAdapter.adapt(userConfiguration); Assert.deepStrictEqual(appConfiguration, { - default_method: "basic_auth", + default_method: "single_factor", per_subdomain_methods: {} }); }); }); -}); \ No newline at end of file +}); diff --git a/server/test/routes/verify/get.test.ts b/server/test/routes/verify/get.test.ts index fd87ed0a..ea190dc1 100644 --- a/server/test/routes/verify/get.test.ts +++ b/server/test/routes/verify/get.test.ts @@ -162,7 +162,7 @@ describe("test /verify endpoint", function () { }; req.headers["host"] = "redirect.url"; mocks.config.authentication_methods.per_subdomain_methods = { - "redirect.url": "basic_auth" + "redirect.url": "single_factor" }; }); diff --git a/test/features/basic-auth.feature b/test/features/single-factor.feature similarity index 78% rename from test/features/basic-auth.feature rename to test/features/single-factor.feature index fc8d350d..aa50bb50 100644 --- a/test/features/basic-auth.feature +++ b/test/features/single-factor.feature @@ -1,4 +1,4 @@ -Feature: User can access certain subdomains with basic auth +Feature: User can access certain subdomains with single factor @need-registered-user-john Scenario: User is redirected to service after first factor if allowed @@ -7,7 +7,7 @@ Feature: User can access certain subdomains with basic auth Then I'm redirected to "https://basicauth.test.local:8080/secret.html" @need-registered-user-john - Scenario: Redirection after first factor fails if basic_auth not allowed. It redirects user to first factor. + Scenario: Redirection after first factor fails if single_factor not allowed. It redirects user to first factor. When I visit "https://auth.test.local:8080/?redirect=https%3A%2F%2Fadmin.test.local%3A8080%2Fsecret.html" And I login with user "john" and password "password" Then I'm redirected to "https://auth.test.local:8080/?redirect=https%3A%2F%2Fadmin.test.local%3A8080%2Fsecret.html"