authelia/internal/configuration/validator/webauthn_test.go

package validator

import (
	"testing"
	"time"

	"github.com/duo-labs/webauthn/protocol"
	"github.com/stretchr/testify/assert"
	"github.com/stretchr/testify/require"

	"github.com/authelia/authelia/v4/internal/configuration/schema"
)

func TestWebauthnShouldSetDefaultValues(t *testing.T) {
	validator := schema.NewStructValidator()
	config := &schema.Configuration{
		Webauthn: schema.WebauthnConfiguration{},
	}

	ValidateWebauthn(config, validator)

	require.Len(t, validator.Errors(), 0)
	assert.Equal(t, schema.DefaultWebauthnConfiguration.DisplayName, config.Webauthn.DisplayName)
	assert.Equal(t, schema.DefaultWebauthnConfiguration.Timeout, config.Webauthn.Timeout)
	assert.Equal(t, schema.DefaultWebauthnConfiguration.ConveyancePreference, config.Webauthn.ConveyancePreference)
	assert.Equal(t, schema.DefaultWebauthnConfiguration.UserVerification, config.Webauthn.UserVerification)
}

func TestWebauthnShouldSetDefaultTimeoutWhenNegative(t *testing.T) {
	validator := schema.NewStructValidator()
	config := &schema.Configuration{
		Webauthn: schema.WebauthnConfiguration{
			Timeout: -1,
		},
	}

	ValidateWebauthn(config, validator)

	require.Len(t, validator.Errors(), 0)
	assert.Equal(t, schema.DefaultWebauthnConfiguration.Timeout, config.Webauthn.Timeout)
}

func TestWebauthnShouldNotSetDefaultValuesWhenConfigured(t *testing.T) {
	validator := schema.NewStructValidator()
	config := &schema.Configuration{
		Webauthn: schema.WebauthnConfiguration{
			DisplayName:          "Test",
			Timeout:              time.Second * 50,
			ConveyancePreference: protocol.PreferNoAttestation,
			UserVerification:     protocol.VerificationDiscouraged,
		},
	}

	ValidateWebauthn(config, validator)

	require.Len(t, validator.Errors(), 0)
	assert.Equal(t, "Test", config.Webauthn.DisplayName)
	assert.Equal(t, time.Second*50, config.Webauthn.Timeout)
	assert.Equal(t, protocol.PreferNoAttestation, config.Webauthn.ConveyancePreference)
	assert.Equal(t, protocol.VerificationDiscouraged, config.Webauthn.UserVerification)

	config.Webauthn.ConveyancePreference = protocol.PreferIndirectAttestation
	config.Webauthn.UserVerification = protocol.VerificationPreferred

	ValidateWebauthn(config, validator)

	require.Len(t, validator.Errors(), 0)
	assert.Equal(t, protocol.PreferIndirectAttestation, config.Webauthn.ConveyancePreference)
	assert.Equal(t, protocol.VerificationPreferred, config.Webauthn.UserVerification)

	config.Webauthn.ConveyancePreference = protocol.PreferDirectAttestation
	config.Webauthn.UserVerification = protocol.VerificationRequired

	ValidateWebauthn(config, validator)

	require.Len(t, validator.Errors(), 0)
	assert.Equal(t, protocol.PreferDirectAttestation, config.Webauthn.ConveyancePreference)
	assert.Equal(t, protocol.VerificationRequired, config.Webauthn.UserVerification)
}

func TestWebauthnShouldRaiseErrorsOnInvalidOptions(t *testing.T) {
	validator := schema.NewStructValidator()
	config := &schema.Configuration{
		Webauthn: schema.WebauthnConfiguration{
			DisplayName:          "Test",
			Timeout:              time.Second * 50,
			ConveyancePreference: "no",
			UserVerification:     "yes",
		},
	}

	ValidateWebauthn(config, validator)

	require.Len(t, validator.Errors(), 2)

	assert.EqualError(t, validator.Errors()[0], "webauthn: option 'attestation_conveyance_preference' must be one of 'none', 'indirect', 'direct' but it is configured as 'no'")
	assert.EqualError(t, validator.Errors()[1], "webauthn: option 'user_verification' must be one of 'discouraged', 'preferred', 'required' but it is configured as 'yes'")
}