mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
cf16272a73
ACLs can now be defined by subdomain AND resource using pattern matching with regular expressions. It allows a very fine-grained access control to backend resources. [Note] For using example environmnent, user must update its /etc/hosts with new subdomains updated in README.
62 lines
3.0 KiB
Gherkin
62 lines
3.0 KiB
Gherkin
Feature: User has access restricted access to domains
|
|
|
|
@need-registered-user-john
|
|
Scenario: User john has admin access
|
|
When I visit "https://auth.test.local:8080"
|
|
And I login with user "john" and password "password"
|
|
And I use "REGISTERED" as TOTP token handle
|
|
And I click on "TOTP"
|
|
Then I have access to:
|
|
| url |
|
|
| https://public.test.local:8080/secret.html |
|
|
| https://dev.test.local:8080/groups/admin/secret.html |
|
|
| https://dev.test.local:8080/groups/dev/secret.html |
|
|
| https://dev.test.local:8080/users/john/secret.html |
|
|
| https://dev.test.local:8080/users/harry/secret.html |
|
|
| https://dev.test.local:8080/users/bob/secret.html |
|
|
| https://admin.test.local:8080/secret.html |
|
|
| https://mx1.mail.test.local:8080/secret.html |
|
|
And I have no access to:
|
|
| url |
|
|
| https://mx2.mail.test.local:8080/secret.html |
|
|
|
|
@need-registered-user-bob
|
|
Scenario: User bob has restricted access
|
|
When I visit "https://auth.test.local:8080"
|
|
And I login with user "bob" and password "password"
|
|
And I use "REGISTERED" as TOTP token handle
|
|
And I click on "TOTP"
|
|
Then I have access to:
|
|
| url |
|
|
| https://public.test.local:8080/secret.html |
|
|
| https://dev.test.local:8080/groups/dev/secret.html |
|
|
| https://dev.test.local:8080/users/bob/secret.html |
|
|
| https://mx1.mail.test.local:8080/secret.html |
|
|
| https://mx2.mail.test.local:8080/secret.html |
|
|
And I have no access to:
|
|
| url |
|
|
| https://dev.test.local:8080/groups/admin/secret.html |
|
|
| https://admin.test.local:8080/secret.html |
|
|
| https://dev.test.local:8080/users/john/secret.html |
|
|
| https://dev.test.local:8080/users/harry/secret.html |
|
|
|
|
@need-registered-user-harry
|
|
Scenario: User harry has restricted access
|
|
When I visit "https://auth.test.local:8080"
|
|
And I login with user "harry" and password "password"
|
|
And I use "REGISTERED" as TOTP token handle
|
|
And I click on "TOTP"
|
|
Then I have access to:
|
|
| url |
|
|
| https://public.test.local:8080/secret.html |
|
|
| https://dev.test.local:8080/users/harry/secret.html |
|
|
And I have no access to:
|
|
| url |
|
|
| https://dev.test.local:8080/groups/dev/secret.html |
|
|
| https://dev.test.local:8080/users/bob/secret.html |
|
|
| https://dev.test.local:8080/groups/admin/secret.html |
|
|
| https://admin.test.local:8080/secret.html |
|
|
| https://dev.test.local:8080/users/john/secret.html |
|
|
| https://mx1.mail.test.local:8080/secret.html |
|
|
| https://mx2.mail.test.local:8080/secret.html |
|