diff --git a/test/configuration.ts b/test/configuration.ts deleted file mode 100644 index 3204c6c2..00000000 --- a/test/configuration.ts +++ /dev/null @@ -1,32 +0,0 @@ -import Bluebird = require("bluebird"); -import YamlJS = require("yamljs"); -import Fs = require("fs"); -import ChildProcess = require("child_process"); - -const execAsync = Bluebird.promisify(ChildProcess.exec); - -export class Configuration { - private outputPath: string; - - setup( - inputPath: string, - outputPath: string, - updateFn: (configuration: any) => void) - : Bluebird { - - console.log("[CONFIGURATION] setup"); - this.outputPath = outputPath; - return new Bluebird((resolve, reject) => { - const configuration = YamlJS.load(inputPath); - updateFn(configuration); - const configurationStr = YamlJS.stringify(configuration); - Fs.writeFileSync(outputPath, configurationStr); - resolve(); - }); - } - - cleanup(): Bluebird<{}> { - console.log("[CONFIGURATION] cleanup"); - return execAsync(`rm ${this.outputPath}`); - } -} \ No newline at end of file diff --git a/test/environment.ts b/test/environment.ts deleted file mode 100644 index 593aa05a..00000000 --- a/test/environment.ts +++ /dev/null @@ -1,62 +0,0 @@ -const { exec } = require('child_process'); -import Bluebird = require("bluebird"); - -function docker_compose(includes: string[]) { - const compose_args = includes.map((dc: string) => `-f ${dc}`).join(' '); - return `docker-compose ${compose_args}`; -} - -export class Environment { - private includes: string[]; - constructor(includes: string[]) { - this.includes = includes; - } - - private runCommand(command: string, timeout?: number): Bluebird { - return new Bluebird((resolve, reject) => { - console.log('[ENVIRONMENT] Running: %s', command); - exec(command, (err: any, stdout: any, stderr: any) => { - if(err) { - reject(err); - return; - } - if(!timeout) resolve(); - else setTimeout(resolve, timeout); - }); - }); - } - - - setup(timeout?: number): Bluebird { - const command = docker_compose(this.includes) + ' up -d' - console.log('[ENVIRONMENT] Starting up...'); - return this.runCommand(command, timeout); - } - - cleanup(): Bluebird { - if(process.env.KEEP_ENV != "true") { - const command = docker_compose(this.includes) + ' down' - console.log('[ENVIRONMENT] Cleaning up...'); - return this.runCommand(command); - } - return Bluebird.resolve(); - } - - stop_service(serviceName: string): Bluebird { - const command = docker_compose(this.includes) + ' stop ' + serviceName; - console.log('[ENVIRONMENT] Stopping service %s...', serviceName); - return this.runCommand(command); - } - - start_service(serviceName: string): Bluebird { - const command = docker_compose(this.includes) + ' start ' + serviceName; - console.log('[ENVIRONMENT] Starting service %s...', serviceName); - return this.runCommand(command); - } - - restart_service(serviceName: string, timeout?: number): Bluebird { - const command = docker_compose(this.includes) + ' restart ' + serviceName; - console.log('[ENVIRONMENT] Restarting service %s...', serviceName); - return this.runCommand(command, timeout); - } -} \ No newline at end of file diff --git a/test/suites/complete/config.yml b/test/suites/complete/config.yml new file mode 100644 index 00000000..b4a0a66a --- /dev/null +++ b/test/suites/complete/config.yml @@ -0,0 +1,262 @@ +############################################################### +# Authelia configuration # +############################################################### + +# The port to listen on +port: 9091 + +# Log level +# +# Level of verbosity for logs +logs_level: debug + +# Default redirection URL +# +# If user tries to authenticate without any referer, Authelia +# does not know where to redirect the user to at the end of the +# authentication process. +# This parameter allows you to specify the default redirection +# URL Authelia will use in such a case. +# +# Note: this parameter is optional. If not provided, user won't +# be redirected upon successful authentication. +default_redirection_url: https://home.example.com:8080/ + +# TOTP Issuer Name +# +# This will be the issuer name displayed in Google Authenticator +# See: https://github.com/google/google-authenticator/wiki/Key-Uri-Format for more info on issuer names +totp: + issuer: authelia.com + +# The authentication backend to use for verifying user passwords +# and retrieve information such as email address and groups +# users belong to. +# +# There are two supported backends: `ldap` and `file`. +authentication_backend: + # LDAP backend configuration. + # + # This backend allows Authelia to be scaled to more + # than one instance and therefore is recommended for + # production. + ldap: + # The url of the ldap server + url: ldap://127.0.0.1 + + # The base dn for every entries + base_dn: dc=example,dc=com + + # An additional dn to define the scope to all users + additional_users_dn: ou=users + + # The users filter used to find the user DN + # {0} is a matcher replaced by username. + # 'cn={0}' by default. + users_filter: cn={0} + + # An additional dn to define the scope of groups + additional_groups_dn: ou=groups + + # The groups filter used for retrieving groups of a given user. + # {0} is a matcher replaced by username. + # {dn} is a matcher replaced by user DN. + # 'member={dn}' by default. + groups_filter: (&(member={dn})(objectclass=groupOfNames)) + + # The attribute holding the name of the group + group_name_attribute: cn + + # The attribute holding the mail address of the user + mail_attribute: mail + + # The username and password of the admin user. + user: cn=admin,dc=example,dc=com + password: password + + # File backend configuration. + # + # With this backend, the users database is stored in a file + # which is updated when users reset their passwords. + # Therefore, this backend is meant to be used in a dev environment + # and not in production since it prevents Authelia to be scaled to + # more than one instance. + # + ## file: + ## path: ./users_database.yml + + +# Access Control +# +# Access control is a list of rules defining the authorizations applied for one +# resource to users or group of users. +# +# If 'access_control' is not defined, ACL rules are disabled and the `bypass` +# rule is applied, i.e., access is allowed to anyone. Otherwise restrictions follow +# the rules defined. +# +# Note: One can use the wildcard * to match any subdomain. +# It must stand at the beginning of the pattern. (example: *.mydomain.com) +# +# Note: You must put patterns containing wildcards between simple quotes for the YAML +# to be syntaxically correct. +# +# Definition: A `rule` is an object with the following keys: `domain`, `subject`, +# `policy` and `resources`. +# +# - `domain` defines which domain or set of domains the rule applies to. +# +# - `subject` defines the subject to apply authorizations to. This parameter is +# optional and matching any user if not provided. If provided, the parameter +# represents either a user or a group. It should be of the form 'user:' +# or 'group:'. +# +# - `policy` is the policy to apply to resources. It must be either `bypass`, +# `one_factor`, `two_factor` or `deny`. +# +# - `resources` is a list of regular expressions that matches a set of resources to +# apply the policy to. This parameter is optional and matches any resource if not +# provided. +# +# Note: the order of the rules is important. The first policy matching +# (domain, resource, subject) applies. +access_control: + # Default policy can either be `bypass`, `one_factor`, `two_factor` or `deny`. + # It is the policy applied to any resource if there is no policy to be applied + # to the user. + default_policy: deny + + rules: + # Rules applied to everyone + - domain: public.example.com + policy: two_factor + - domain: single_factor.example.com + policy: one_factor + + # Rules applied to 'admin' group + - domain: 'mx2.mail.example.com' + subject: 'group:admin' + policy: deny + - domain: '*.example.com' + subject: 'group:admin' + policy: two_factor + + # Rules applied to 'dev' group + - domain: dev.example.com + resources: + - '^/groups/dev/.*$' + subject: 'group:dev' + policy: two_factor + + # Rules applied to user 'john' + - domain: dev.example.com + resources: + - '^/users/john/.*$' + subject: 'user:john' + policy: two_factor + + + # Rules applied to user 'harry' + - domain: dev.example.com + resources: + - '^/users/harry/.*$' + subject: 'user:harry' + policy: two_factor + + # Rules applied to user 'bob' + - domain: '*.mail.example.com' + subject: 'user:bob' + policy: two_factor + - domain: 'dev.example.com' + resources: + - '^/users/bob/.*$' + subject: 'user:bob' + policy: two_factor + + +# Configuration of session cookies +# +# The session cookies identify the user once logged in. +session: + # The name of the session cookie. (default: authelia_session). + name: authelia_session + + # The secret to encrypt the session cookie. + secret: unsecure_session_secret + + # The time in ms before the cookie expires and session is reset. + expiration: 3600000 # 1 hour + + # The inactivity time in ms before the session is reset. + inactivity: 300000 # 5 minutes + + # The domain to protect. + # Note: the authenticator must also be in that domain. If empty, the cookie + # is restricted to the subdomain of the issuer. + domain: example.com + + # The redis connection details + redis: + host: 127.0.0.1 + port: 6379 + password: authelia + +# Configuration of the authentication regulation mechanism. +# +# This mechanism prevents attackers from brute forcing the first factor. +# It bans the user if too many attempts are done in a short period of +# time. +regulation: + # The number of failed login attempts before user is banned. + # Set it to 0 to disable regulation. + max_retries: 3 + + # The time range during which the user can attempt login before being banned. + # The user is banned if the authenticaction failed `max_retries` times in a `find_time` seconds window. + find_time: 120 + + # The length of time before a banned user can login again. + ban_time: 300 + +# Configuration of the storage backend used to store data and secrets. +# +# You must use only an available configuration: local, mongo +storage: + # The directory where the DB files will be saved + ## local: + ## path: /var/lib/authelia/store + + # Settings to connect to mongo server + mongo: + url: mongodb://127.0.0.1 + database: authelia + auth: + username: authelia + password: authelia + +# Configuration of the notification system. +# +# Notifications are sent to users when they require a password reset, a u2f +# registration or a TOTP registration. +# Use only an available configuration: filesystem, gmail +notifier: + # For testing purpose, notifications can be sent in a file + ## filesystem: + ## filename: /tmp/authelia/notification.txt + + # Use your email account to send the notifications. You can use an app password. + # List of valid services can be found here: https://nodemailer.com/smtp/well-known/ + ## email: + ## username: user@example.com + ## password: yourpassword + ## sender: admin@example.com + ## service: gmail + + # Use a SMTP server for sending notifications + smtp: + username: test + password: password + secure: false + host: 127.0.0.1 + port: 1025 + sender: admin@example.com diff --git a/test/suites/complete/index.ts b/test/suites/complete/index.ts index 277982be..03a519b9 100644 --- a/test/suites/complete/index.ts +++ b/test/suites/complete/index.ts @@ -2,7 +2,7 @@ import AutheliaSuite from "../../helpers/context/AutheliaSuite"; import MongoConnectionRecovery from "./scenarii/MongoConnectionRecovery"; import EnforceInternalRedirectionsOnly from "./scenarii/EnforceInternalRedirectionsOnly"; -AutheliaSuite('Complete configuration', 'config.template.yml', function() { +AutheliaSuite('Complete configuration', __dirname + 'config.yml', function() { this.timeout(10000); describe('Mongo broken connection recovery', MongoConnectionRecovery);