mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
Rename authentication method from 'basic_auth' to 'single_factor'
This commit is contained in:
parent
563e2da323
commit
cd0a93f027
|
@ -192,7 +192,7 @@ Check out [config.template.yml] to see how they are defined.
|
||||||
|
|
||||||
### Basic Authentication
|
### Basic Authentication
|
||||||
Authelia allows you to customize the authentication method to use for each sub-domain.
|
Authelia allows you to customize the authentication method to use for each sub-domain.
|
||||||
The supported methods are either "basic_auth" and "two_factor".
|
The supported methods are either "single_factor" and "two_factor".
|
||||||
Please see [config.template.yml] to see an example of configuration.
|
Please see [config.template.yml] to see an example of configuration.
|
||||||
|
|
||||||
### Session management with Redis
|
### Session management with Redis
|
||||||
|
|
|
@ -63,7 +63,7 @@ ldap:
|
||||||
# Authentication methods
|
# Authentication methods
|
||||||
#
|
#
|
||||||
# Authentication methods can be defined per subdomain.
|
# Authentication methods can be defined per subdomain.
|
||||||
# There are currently two available methods: "basic_auth" and "two_factor"
|
# There are currently two available methods: "single_factor" and "two_factor"
|
||||||
#
|
#
|
||||||
# Note: by default a domain uses "two_factor" method.
|
# Note: by default a domain uses "two_factor" method.
|
||||||
#
|
#
|
||||||
|
@ -74,7 +74,7 @@ ldap:
|
||||||
authentication_methods:
|
authentication_methods:
|
||||||
default_method: two_factor
|
default_method: two_factor
|
||||||
per_subdomain_methods:
|
per_subdomain_methods:
|
||||||
basicauth.test.local: basic_auth
|
basicauth.test.local: single_factor
|
||||||
|
|
||||||
# Access Control
|
# Access Control
|
||||||
#
|
#
|
||||||
|
|
|
@ -113,7 +113,7 @@ export interface RegulationConfiguration {
|
||||||
ban_time: number;
|
ban_time: number;
|
||||||
}
|
}
|
||||||
|
|
||||||
declare type AuthenticationMethod = 'two_factor' | 'basic_auth';
|
declare type AuthenticationMethod = 'two_factor' | 'single_factor';
|
||||||
declare type AuthenticationMethodPerSubdomain = { [subdomain: string]: AuthenticationMethod }
|
declare type AuthenticationMethodPerSubdomain = { [subdomain: string]: AuthenticationMethod }
|
||||||
|
|
||||||
export interface AuthenticationMethodsConfiguration {
|
export interface AuthenticationMethodsConfiguration {
|
||||||
|
|
|
@ -70,7 +70,7 @@ export default function (vars: ServerVariables) {
|
||||||
vars.logger.debug(req, "Mark successful authentication to regulator.");
|
vars.logger.debug(req, "Mark successful authentication to regulator.");
|
||||||
vars.regulator.mark(username, true);
|
vars.regulator.mark(username, true);
|
||||||
|
|
||||||
if (authMethod == "basic_auth") {
|
if (authMethod == "single_factor") {
|
||||||
res.send({
|
res.send({
|
||||||
redirect: redirectUrl
|
redirect: redirectUrl
|
||||||
});
|
});
|
||||||
|
|
|
@ -9,23 +9,23 @@ describe("test authentication method calculator", function() {
|
||||||
per_subdomain_methods: {}
|
per_subdomain_methods: {}
|
||||||
};
|
};
|
||||||
const options2: AuthenticationMethodsConfiguration = {
|
const options2: AuthenticationMethodsConfiguration = {
|
||||||
default_method: "basic_auth",
|
default_method: "single_factor",
|
||||||
per_subdomain_methods: {}
|
per_subdomain_methods: {}
|
||||||
};
|
};
|
||||||
const calculator1 = new AuthenticationMethodCalculator(options1);
|
const calculator1 = new AuthenticationMethodCalculator(options1);
|
||||||
const calculator2 = new AuthenticationMethodCalculator(options2);
|
const calculator2 = new AuthenticationMethodCalculator(options2);
|
||||||
Assert.equal(calculator1.compute("www.example.com"), "two_factor");
|
Assert.equal(calculator1.compute("www.example.com"), "two_factor");
|
||||||
Assert.equal(calculator2.compute("www.example.com"), "basic_auth");
|
Assert.equal(calculator2.compute("www.example.com"), "single_factor");
|
||||||
});
|
});
|
||||||
|
|
||||||
it("should return overridden method when sub domain method is defined", function() {
|
it("should return overridden method when sub domain method is defined", function() {
|
||||||
const options1: AuthenticationMethodsConfiguration = {
|
const options1: AuthenticationMethodsConfiguration = {
|
||||||
default_method: "two_factor",
|
default_method: "two_factor",
|
||||||
per_subdomain_methods: {
|
per_subdomain_methods: {
|
||||||
"www.example.com": "basic_auth"
|
"www.example.com": "single_factor"
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
const calculator1 = new AuthenticationMethodCalculator(options1);
|
const calculator1 = new AuthenticationMethodCalculator(options1);
|
||||||
Assert.equal(calculator1.compute("www.example.com"), "basic_auth");
|
Assert.equal(calculator1.compute("www.example.com"), "single_factor");
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
|
@ -18,7 +18,7 @@ describe("test authentication methods configuration adapter", function () {
|
||||||
it("should adapt a configuration when default_method is not defined", function () {
|
it("should adapt a configuration when default_method is not defined", function () {
|
||||||
const userConfiguration: any = {
|
const userConfiguration: any = {
|
||||||
per_subdomain_methods: {
|
per_subdomain_methods: {
|
||||||
"example.com": "basic_auth"
|
"example.com": "single_factor"
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -26,34 +26,34 @@ describe("test authentication methods configuration adapter", function () {
|
||||||
Assert.deepStrictEqual(appConfiguration, {
|
Assert.deepStrictEqual(appConfiguration, {
|
||||||
default_method: "two_factor",
|
default_method: "two_factor",
|
||||||
per_subdomain_methods: {
|
per_subdomain_methods: {
|
||||||
"example.com": "basic_auth"
|
"example.com": "single_factor"
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
it("should adapt a configuration when per_subdomain_methods is not defined", function () {
|
it("should adapt a configuration when per_subdomain_methods is not defined", function () {
|
||||||
const userConfiguration: any = {
|
const userConfiguration: any = {
|
||||||
default_method: "basic_auth"
|
default_method: "single_factor"
|
||||||
};
|
};
|
||||||
|
|
||||||
const appConfiguration = AuthenticationMethodsAdapter.adapt(userConfiguration);
|
const appConfiguration = AuthenticationMethodsAdapter.adapt(userConfiguration);
|
||||||
Assert.deepStrictEqual(appConfiguration, {
|
Assert.deepStrictEqual(appConfiguration, {
|
||||||
default_method: "basic_auth",
|
default_method: "single_factor",
|
||||||
per_subdomain_methods: {}
|
per_subdomain_methods: {}
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
it("should adapt a configuration when per_subdomain_methods has wrong type", function () {
|
it("should adapt a configuration when per_subdomain_methods has wrong type", function () {
|
||||||
const userConfiguration: any = {
|
const userConfiguration: any = {
|
||||||
default_method: "basic_auth",
|
default_method: "single_factor",
|
||||||
per_subdomain_methods: []
|
per_subdomain_methods: []
|
||||||
};
|
};
|
||||||
|
|
||||||
const appConfiguration = AuthenticationMethodsAdapter.adapt(userConfiguration);
|
const appConfiguration = AuthenticationMethodsAdapter.adapt(userConfiguration);
|
||||||
Assert.deepStrictEqual(appConfiguration, {
|
Assert.deepStrictEqual(appConfiguration, {
|
||||||
default_method: "basic_auth",
|
default_method: "single_factor",
|
||||||
per_subdomain_methods: {}
|
per_subdomain_methods: {}
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
|
@ -162,7 +162,7 @@ describe("test /verify endpoint", function () {
|
||||||
};
|
};
|
||||||
req.headers["host"] = "redirect.url";
|
req.headers["host"] = "redirect.url";
|
||||||
mocks.config.authentication_methods.per_subdomain_methods = {
|
mocks.config.authentication_methods.per_subdomain_methods = {
|
||||||
"redirect.url": "basic_auth"
|
"redirect.url": "single_factor"
|
||||||
};
|
};
|
||||||
});
|
});
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
Feature: User can access certain subdomains with basic auth
|
Feature: User can access certain subdomains with single factor
|
||||||
|
|
||||||
@need-registered-user-john
|
@need-registered-user-john
|
||||||
Scenario: User is redirected to service after first factor if allowed
|
Scenario: User is redirected to service after first factor if allowed
|
||||||
|
@ -7,7 +7,7 @@ Feature: User can access certain subdomains with basic auth
|
||||||
Then I'm redirected to "https://basicauth.test.local:8080/secret.html"
|
Then I'm redirected to "https://basicauth.test.local:8080/secret.html"
|
||||||
|
|
||||||
@need-registered-user-john
|
@need-registered-user-john
|
||||||
Scenario: Redirection after first factor fails if basic_auth not allowed. It redirects user to first factor.
|
Scenario: Redirection after first factor fails if single_factor not allowed. It redirects user to first factor.
|
||||||
When I visit "https://auth.test.local:8080/?redirect=https%3A%2F%2Fadmin.test.local%3A8080%2Fsecret.html"
|
When I visit "https://auth.test.local:8080/?redirect=https%3A%2F%2Fadmin.test.local%3A8080%2Fsecret.html"
|
||||||
And I login with user "john" and password "password"
|
And I login with user "john" and password "password"
|
||||||
Then I'm redirected to "https://auth.test.local:8080/?redirect=https%3A%2F%2Fadmin.test.local%3A8080%2Fsecret.html"
|
Then I'm redirected to "https://auth.test.local:8080/?redirect=https%3A%2F%2Fadmin.test.local%3A8080%2Fsecret.html"
|
Loading…
Reference in New Issue
Block a user