mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
3f374534ab
* [FIX] LDAP Not Checking for Updated Groups * refactor handlers verifyFromSessionCookie * refactor authorizer selectMatchingObjectRules * refactor authorizer isDomainMatching * add authorizer URLHasGroupSubjects method * add user provider ProviderType method * update tests * check for new LDAP groups and update session when: * user provider type is LDAP * authorization is forbidden * URL has rule with group subjects * Implement Refresh Interval * add default values for LDAP user provider * add default for refresh interval * add schema validator for refresh interval * add various tests * rename hasUserBeenInactiveLongEnough to hasUserBeenInactiveTooLong * use Authelia ctx clock * add check to determine if user is deleted, if so destroy the * make ldap user not found error a const * implement GetRefreshSettings in mock * Use user not found const with FileProvider * comment exports * use ctx.Clock instead of time pkg * add debug logging * use ptr to reference userSession so we don't have to retrieve it again * add documenation * add check for 0 refresh interval to reduce CPU cost * remove badly copied debug msg * add group change delta message * add SliceStringDelta * refactor ldap refresh to use the new func * improve delta add/remove log message * fix incorrect logic in SliceStringDelta * add tests to SliceStringDelta * add always config option * add tests for always config option * update docs * apply suggestions from code review Co-Authored-By: Amir Zarrinkafsh <nightah@me.com> * complete mocks and fix an old one * show warning when LDAP details failed to update for an unknown reason * golint fix * actually fix existing mocks * use mocks for LDAP refresh testing * use mocks for LDAP refresh testing for both added and removed groups * use test mock to verify disabled refresh behaviour * add information to threat model * add time const for default Unix() value * misc adjustments to mocks * Suggestions from code review * requested changes * update emails * docs updates * test updates * misc * golint fix * set debug for dev testing * misc docs and logging updates * misc grammar/spelling * use built function for VerifyGet * fix reviewdog suggestions * requested changes * Apply suggestions from code review Co-authored-by: Amir Zarrinkafsh <nightah@me.com> Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
166 lines
6.9 KiB
Go
166 lines
6.9 KiB
Go
package validator
|
|
|
|
var validKeys = []string{
|
|
// Root Keys.
|
|
"host",
|
|
"port",
|
|
"log_level",
|
|
"log_file_path",
|
|
"default_redirection_url",
|
|
"jwt_secret",
|
|
"tls_key",
|
|
"tls_cert",
|
|
"google_analytics",
|
|
|
|
// Server Keys.
|
|
"server.read_buffer_size",
|
|
"server.write_buffer_size",
|
|
|
|
// TOTP Keys
|
|
"totp.issuer",
|
|
"totp.period",
|
|
"totp.skew",
|
|
|
|
// Access Control Keys
|
|
"access_control.rules",
|
|
"access_control.default_policy",
|
|
|
|
// Session Keys.
|
|
"session.name",
|
|
"session.secret",
|
|
"session.expiration",
|
|
"session.inactivity",
|
|
"session.remember_me_duration",
|
|
"session.domain",
|
|
|
|
// Redis Session Keys.
|
|
"session.redis.host",
|
|
"session.redis.port",
|
|
"session.redis.password",
|
|
"session.redis.database_index",
|
|
|
|
// Local Storage Keys.
|
|
"storage.local.path",
|
|
|
|
// MySQL Storage Keys.
|
|
"storage.mysql.host",
|
|
"storage.mysql.port",
|
|
"storage.mysql.database",
|
|
"storage.mysql.username",
|
|
"storage.mysql.password",
|
|
|
|
// PostgreSQL Storage Keys.
|
|
"storage.postgres.host",
|
|
"storage.postgres.port",
|
|
"storage.postgres.database",
|
|
"storage.postgres.username",
|
|
"storage.postgres.password",
|
|
"storage.postgres.sslmode",
|
|
|
|
// FileSystem Notifier Keys.
|
|
"notifier.filesystem.filename",
|
|
"notifier.disable_startup_check",
|
|
|
|
// SMTP Notifier Keys.
|
|
"notifier.smtp.username",
|
|
"notifier.smtp.password",
|
|
"notifier.smtp.host",
|
|
"notifier.smtp.port",
|
|
"notifier.smtp.sender",
|
|
"notifier.smtp.subject",
|
|
"notifier.smtp.startup_check_address",
|
|
"notifier.smtp.disable_require_tls",
|
|
"notifier.smtp.disable_verify_cert",
|
|
"notifier.smtp.trusted_cert",
|
|
|
|
// Regulation Keys.
|
|
"regulation.max_retries",
|
|
"regulation.find_time",
|
|
"regulation.ban_time",
|
|
|
|
// DUO API Keys.
|
|
"duo_api.hostname",
|
|
"duo_api.integration_key",
|
|
"duo_api.secret_key",
|
|
|
|
// Authentication Backend Keys.
|
|
"authentication_backend.disable_reset_password",
|
|
"authentication_backend.refresh_interval",
|
|
|
|
// LDAP Authentication Backend Keys.
|
|
"authentication_backend.ldap.url",
|
|
"authentication_backend.ldap.skip_verify",
|
|
"authentication_backend.ldap.base_dn",
|
|
"authentication_backend.ldap.username_attribute",
|
|
"authentication_backend.ldap.additional_users_dn",
|
|
"authentication_backend.ldap.users_filter",
|
|
"authentication_backend.ldap.additional_groups_dn",
|
|
"authentication_backend.ldap.groups_filter",
|
|
"authentication_backend.ldap.group_name_attribute",
|
|
"authentication_backend.ldap.mail_attribute",
|
|
"authentication_backend.ldap.user",
|
|
"authentication_backend.ldap.password",
|
|
|
|
// File Authentication Backend Keys.
|
|
"authentication_backend.file.path",
|
|
"authentication_backend.file.password.algorithm",
|
|
"authentication_backend.file.password.iterations",
|
|
"authentication_backend.file.password.key_length",
|
|
"authentication_backend.file.password.salt_length",
|
|
"authentication_backend.file.password.memory",
|
|
"authentication_backend.file.password.parallelism",
|
|
|
|
// Secret Keys.
|
|
"authelia.jwt_secret",
|
|
"authelia.duo_api.secret_key",
|
|
"authelia.session.secret",
|
|
"authelia.authentication_backend.ldap.password",
|
|
"authelia.notifier.smtp.password",
|
|
"authelia.session.redis.password",
|
|
"authelia.storage.mysql.password",
|
|
"authelia.storage.postgres.password",
|
|
"authelia.jwt_secret.file",
|
|
"authelia.duo_api.secret_key.file",
|
|
"authelia.session.secret.file",
|
|
"authelia.authentication_backend.ldap.password.file",
|
|
"authelia.notifier.smtp.password.file",
|
|
"authelia.session.redis.password.file",
|
|
"authelia.storage.mysql.password.file",
|
|
"authelia.storage.postgres.password.file",
|
|
}
|
|
|
|
var specificErrorKeys = map[string]string{
|
|
"logs_file_path": "config key replaced: logs_file is now log_file",
|
|
"logs_level": "config key replaced: logs_level is now log_level",
|
|
"authentication_backend.file.password_options.algorithm": "config key incorrect: authentication_backend.file.password_options should be authentication_backend.file.password",
|
|
"authentication_backend.file.password_options.iterations": "config key incorrect: authentication_backend.file.password_options should be authentication_backend.file.password",
|
|
"authentication_backend.file.password_options.key_length": "config key incorrect: authentication_backend.file.password_options should be authentication_backend.file.password",
|
|
"authentication_backend.file.password_options.salt_length": "config key incorrect: authentication_backend.file.password_options should be authentication_backend.file.password",
|
|
"authentication_backend.file.password_options.memory": "config key incorrect: authentication_backend.file.password_options should be authentication_backend.file.password",
|
|
"authentication_backend.file.password_options.parallelism": "config key incorrect: authentication_backend.file.password_options should be authentication_backend.file.password",
|
|
"authentication_backend.file.password_hashing.algorithm": "config key incorrect: authentication_backend.file.password_hashing should be authentication_backend.file.password",
|
|
"authentication_backend.file.password_hashing.iterations": "config key incorrect: authentication_backend.file.password_hashing should be authentication_backend.file.password",
|
|
"authentication_backend.file.password_hashing.key_length": "config key incorrect: authentication_backend.file.password_hashing should be authentication_backend.file.password",
|
|
"authentication_backend.file.password_hashing.salt_length": "config key incorrect: authentication_backend.file.password_hashing should be authentication_backend.file.password",
|
|
"authentication_backend.file.password_hashing.memory": "config key incorrect: authentication_backend.file.password_hashing should be authentication_backend.file.password",
|
|
"authentication_backend.file.password_hashing.parallelism": "config key incorrect: authentication_backend.file.password_hashing should be authentication_backend.file.password",
|
|
"authentication_backend.file.hashing.algorithm": "config key incorrect: authentication_backend.file.hashing should be authentication_backend.file.password",
|
|
"authentication_backend.file.hashing.iterations": "config key incorrect: authentication_backend.file.hashing should be authentication_backend.file.password",
|
|
"authentication_backend.file.hashing.key_length": "config key incorrect: authentication_backend.file.hashing should be authentication_backend.file.password",
|
|
"authentication_backend.file.hashing.salt_length": "config key incorrect: authentication_backend.file.hashing should be authentication_backend.file.password",
|
|
"authentication_backend.file.hashing.memory": "config key incorrect: authentication_backend.file.hashing should be authentication_backend.file.password",
|
|
"authentication_backend.file.hashing.parallelism": "config key incorrect: authentication_backend.file.hashing should be authentication_backend.file.password",
|
|
}
|
|
|
|
const argon2id = "argon2id"
|
|
const sha512 = "sha512"
|
|
|
|
const schemeLDAP = "ldap"
|
|
const schemeLDAPS = "ldaps"
|
|
|
|
const testBadTimer = "-1"
|
|
const testModeDisabled = "disable"
|
|
const testJWTSecret = "a_secret"
|
|
const testTLSCert = "/tmp/cert.pem"
|
|
const testTLSKey = "/tmp/key.pem"
|