mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
97bfafb6eb
With previous configuration format rules were not ordered between groups and thus not predictable. Also in some cases `any` must have been a higher precedence than `groups`. Flattening the rules let the user apply whatever policy he can think of. When several rules match the (subject, domain, resource), the first one is applied. NOTE: This commit changed the format for declaring ACLs. Be sure to update your configuration file before upgrading.
56 lines
3.3 KiB
Gherkin
56 lines
3.3 KiB
Gherkin
Feature: User has access restricted access to domains
|
|
|
|
@need-registered-user-john
|
|
Scenario: User john has admin access
|
|
When I visit "https://login.example.com:8080?rd=https://home.example.com:8080/"
|
|
And I login with user "john" and password "password"
|
|
And I use "REGISTERED" as TOTP token handle
|
|
And I click on "Sign in"
|
|
And I'm redirected to "https://home.example.com:8080/"
|
|
Then I have access to "https://public.example.com:8080/secret.html"
|
|
And I have access to "https://dev.example.com:8080/groups/admin/secret.html"
|
|
And I have access to "https://dev.example.com:8080/groups/dev/secret.html"
|
|
And I have access to "https://dev.example.com:8080/users/john/secret.html"
|
|
And I have access to "https://dev.example.com:8080/users/harry/secret.html"
|
|
And I have access to "https://dev.example.com:8080/users/bob/secret.html"
|
|
And I have access to "https://admin.example.com:8080/secret.html"
|
|
And I have access to "https://mx1.mail.example.com:8080/secret.html"
|
|
And I have access to "https://single_factor.example.com:8080/secret.html"
|
|
And I have no access to "https://mx2.mail.example.com:8080/secret.html"
|
|
|
|
@need-registered-user-bob
|
|
Scenario: User bob has restricted access
|
|
When I visit "https://login.example.com:8080?rd=https://home.example.com:8080/"
|
|
And I login with user "bob" and password "password"
|
|
And I use "REGISTERED" as TOTP token handle
|
|
And I click on "Sign in"
|
|
And I'm redirected to "https://home.example.com:8080/"
|
|
Then I have access to "https://public.example.com:8080/secret.html"
|
|
And I have no access to "https://dev.example.com:8080/groups/admin/secret.html"
|
|
And I have access to "https://dev.example.com:8080/groups/dev/secret.html"
|
|
And I have no access to "https://dev.example.com:8080/users/john/secret.html"
|
|
And I have no access to "https://dev.example.com:8080/users/harry/secret.html"
|
|
And I have access to "https://dev.example.com:8080/users/bob/secret.html"
|
|
And I have no access to "https://admin.example.com:8080/secret.html"
|
|
And I have access to "https://mx1.mail.example.com:8080/secret.html"
|
|
And I have access to "https://single_factor.example.com:8080/secret.html"
|
|
And I have access to "https://mx2.mail.example.com:8080/secret.html"
|
|
|
|
@need-registered-user-harry
|
|
Scenario: User harry has restricted access
|
|
When I visit "https://login.example.com:8080?rd=https://home.example.com:8080/"
|
|
And I login with user "harry" and password "password"
|
|
And I use "REGISTERED" as TOTP token handle
|
|
And I click on "Sign in"
|
|
And I'm redirected to "https://home.example.com:8080/"
|
|
Then I have access to "https://public.example.com:8080/secret.html"
|
|
And I have no access to "https://dev.example.com:8080/groups/admin/secret.html"
|
|
And I have no access to "https://dev.example.com:8080/groups/dev/secret.html"
|
|
And I have no access to "https://dev.example.com:8080/users/john/secret.html"
|
|
And I have access to "https://dev.example.com:8080/users/harry/secret.html"
|
|
And I have no access to "https://dev.example.com:8080/users/bob/secret.html"
|
|
And I have no access to "https://admin.example.com:8080/secret.html"
|
|
And I have no access to "https://mx1.mail.example.com:8080/secret.html"
|
|
And I have access to "https://single_factor.example.com:8080/secret.html"
|
|
And I have no access to "https://mx2.mail.example.com:8080/secret.html"
|