mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
29a900226d
* add new directive in the global scope `certificates_directory` which is used to bulk load certs and trust them in Authelia * this is in ADDITION to system certs and are trusted by both LDAP and SMTP * added a shared TLSConfig struct to be used by both SMTP and LDAP, and anything else in the future that requires tuning the TLS * remove usage of deprecated LDAP funcs Dial and DialTLS in favor of DialURL which is also easier to use * use the server name from LDAP URL or SMTP host when validating the certificate unless otherwise defined in the TLS section * added temporary translations from the old names to the new ones for all deprecated options * added docs * updated example configuration * final deprecations to be done in 4.28.0 * doc updates * fix misc linting issues * uniform deprecation notices for ease of final removal * added additional tests covering previously uncovered areas and the new configuration options * add non-fatal to certificate loading when system certs could not be loaded * adjust timeout of Suite ShortTimeouts * add warnings pusher for the StructValidator * make the schema suites uninform * utilize the warnings in the StructValidator * fix test suite usage for skip_verify * extract LDAP filter parsing into it's own function to make it possible to test * test LDAP filter parsing * update ErrorContainer interface * add tests to the StructValidator * add NewTLSConfig test * move baseDN for users/groups into parsed values * add tests to cover many of the outstanding areas in LDAP * add explicit deferred LDAP conn close to UpdatePassword * add some basic testing to SMTP notifier * suggestions from code review
109 lines
3.5 KiB
Go
109 lines
3.5 KiB
Go
package configuration
|
|
|
|
import (
|
|
"errors"
|
|
"fmt"
|
|
"io/ioutil"
|
|
"os"
|
|
"strings"
|
|
|
|
"github.com/spf13/viper"
|
|
"gopkg.in/yaml.v2"
|
|
|
|
"github.com/authelia/authelia/internal/configuration/schema"
|
|
"github.com/authelia/authelia/internal/configuration/validator"
|
|
"github.com/authelia/authelia/internal/logging"
|
|
)
|
|
|
|
// Read a YAML configuration and create a Configuration object out of it.
|
|
//go:generate broccoli -src ../../config.template.yml -var=cfg -o configuration
|
|
func Read(configPath string) (*schema.Configuration, []error) {
|
|
if configPath == "" {
|
|
return nil, []error{errors.New("No config file path provided")}
|
|
}
|
|
|
|
_, err := os.Stat(configPath)
|
|
if err != nil {
|
|
errs := []error{
|
|
fmt.Errorf("Unable to find config file: %v", configPath),
|
|
fmt.Errorf("Generating config file: %v", configPath),
|
|
}
|
|
|
|
err = generateConfigFromTemplate(configPath)
|
|
if err != nil {
|
|
errs = append(errs, err)
|
|
} else {
|
|
errs = append(errs, fmt.Errorf("Generated configuration at: %v", configPath))
|
|
}
|
|
|
|
return nil, errs
|
|
}
|
|
|
|
file, err := ioutil.ReadFile(configPath)
|
|
if err != nil {
|
|
return nil, []error{fmt.Errorf("Failed to %v", err)}
|
|
}
|
|
|
|
var data interface{}
|
|
|
|
err = yaml.Unmarshal(file, &data)
|
|
if err != nil {
|
|
return nil, []error{fmt.Errorf("Error malformed %v", err)}
|
|
}
|
|
|
|
viper.SetEnvKeyReplacer(strings.NewReplacer(".", "_"))
|
|
|
|
viper.BindEnv("authelia.jwt_secret.file") //nolint:errcheck // TODO: Legacy code, consider refactoring time permitting.
|
|
viper.BindEnv("authelia.duo_api.secret_key.file") //nolint:errcheck // TODO: Legacy code, consider refactoring time permitting.
|
|
viper.BindEnv("authelia.session.secret.file") //nolint:errcheck // TODO: Legacy code, consider refactoring time permitting.
|
|
viper.BindEnv("authelia.authentication_backend.ldap.password.file") //nolint:errcheck // TODO: Legacy code, consider refactoring time permitting.
|
|
viper.BindEnv("authelia.notifier.smtp.password.file") //nolint:errcheck // TODO: Legacy code, consider refactoring time permitting.
|
|
viper.BindEnv("authelia.session.redis.password.file") //nolint:errcheck // TODO: Legacy code, consider refactoring time permitting.
|
|
viper.BindEnv("authelia.storage.mysql.password.file") //nolint:errcheck // TODO: Legacy code, consider refactoring time permitting.
|
|
viper.BindEnv("authelia.storage.postgres.password.file") //nolint:errcheck // TODO: Legacy code, consider refactoring time permitting.
|
|
|
|
viper.SetConfigFile(configPath)
|
|
|
|
_ = viper.ReadInConfig()
|
|
|
|
var configuration schema.Configuration
|
|
|
|
viper.Unmarshal(&configuration) //nolint:errcheck // TODO: Legacy code, consider refactoring time permitting.
|
|
|
|
val := schema.NewStructValidator()
|
|
validator.ValidateSecrets(&configuration, val, viper.GetViper())
|
|
validator.ValidateConfiguration(&configuration, val)
|
|
validator.ValidateKeys(val, viper.AllKeys())
|
|
|
|
if val.HasErrors() {
|
|
return nil, val.Errors()
|
|
}
|
|
|
|
if val.HasWarnings() {
|
|
for _, warn := range val.Warnings() {
|
|
logging.Logger().Warnf(warn.Error())
|
|
}
|
|
}
|
|
|
|
return &configuration, nil
|
|
}
|
|
|
|
func generateConfigFromTemplate(configPath string) error {
|
|
f, err := cfg.Open("config.template.yml")
|
|
if err != nil {
|
|
return fmt.Errorf("Unable to open config.template.yml: %v", err)
|
|
}
|
|
|
|
b, err := ioutil.ReadAll(f)
|
|
if err != nil {
|
|
return fmt.Errorf("Unable to read config.template.yml: %v", err)
|
|
}
|
|
|
|
err = ioutil.WriteFile(configPath, b, 0600)
|
|
if err != nil {
|
|
return fmt.Errorf("Unable to generate %v: %v", configPath, err)
|
|
}
|
|
|
|
return nil
|
|
}
|