mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
626f5d2949
* [FEATURE] Remember Me Configuration * allow users to specify the duration of remember me using remember_me_duration in session config * setting the duration to 0 disables remember me * only render the remember me element if remember me is enabled * prevent malicious users from faking remember me functionality in the backend * add string to duration helper called ParseDurationString to parse a string into a duration * added tests to the helper function * use the SessionProvider to store the time.Duration instead of parsing it over and over again * add sec doc, adjust month/min, consistency * renamed internal/utils/constants.go to internal/utils/const.go to be consistent * added security measure docs * adjusted default remember me duration to be 1 month instead of 1 year * utilize default remember me duration in the autheliaCtx mock * adjust order of keys in session configuration examples * add notes on session security measures secret only being redis * add TODO items for duration notation for both Expiration and Inactivity (will be removed soon) * fix error text for Inactivity in the validator * add session validator tests * deref check bodyJSON.KeepMeLoggedIn and derive the value based on conf and user input and store it (DRY) * remove unnecessary regex for the simplified ParseDurationString utility * ParseDurationString only accepts decimals without leading zeros now * comprehensively test all unit types * remove unnecessary type unions in web * add test to check sanity of time duration consts, this is just so they can't be accidentally changed * simplify deref check and assignment * fix reset password padding/margins * adjust some doc wording * adjust the handler configuration suite test * actually run the handler configuration suite test (whoops) * reduce the number of regex's used by ParseDurationString to 1, thanks to Clement * adjust some error wording
153 lines
4.3 KiB
Go
153 lines
4.3 KiB
Go
package mocks
|
|
|
|
import (
|
|
"encoding/json"
|
|
"fmt"
|
|
"testing"
|
|
"time"
|
|
|
|
"github.com/authelia/authelia/internal/regulation"
|
|
"github.com/authelia/authelia/internal/storage"
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
|
|
"github.com/authelia/authelia/internal/authorization"
|
|
"github.com/authelia/authelia/internal/configuration/schema"
|
|
"github.com/authelia/authelia/internal/middlewares"
|
|
"github.com/authelia/authelia/internal/session"
|
|
"github.com/golang/mock/gomock"
|
|
"github.com/sirupsen/logrus"
|
|
"github.com/sirupsen/logrus/hooks/test"
|
|
"github.com/valyala/fasthttp"
|
|
)
|
|
|
|
// MockAutheliaCtx a mock of AutheliaCtx
|
|
type MockAutheliaCtx struct {
|
|
// Logger hook
|
|
Hook *test.Hook
|
|
Ctx *middlewares.AutheliaCtx
|
|
Ctrl *gomock.Controller
|
|
|
|
// Providers
|
|
UserProviderMock *MockUserProvider
|
|
StorageProviderMock *storage.MockProvider
|
|
NotifierMock *MockNotifier
|
|
|
|
UserSession *session.UserSession
|
|
|
|
Clock TestingClock
|
|
}
|
|
|
|
// TestingClock implementation of clock for tests
|
|
type TestingClock struct {
|
|
now time.Time
|
|
}
|
|
|
|
// Now return the stored clock
|
|
func (dc *TestingClock) Now() time.Time {
|
|
return dc.now
|
|
}
|
|
|
|
// After return a channel receiving the time after duration has elapsed
|
|
func (dc *TestingClock) After(d time.Duration) <-chan time.Time {
|
|
return time.After(d)
|
|
}
|
|
|
|
// Set set the time of the clock
|
|
func (dc *TestingClock) Set(now time.Time) {
|
|
dc.now = now
|
|
}
|
|
|
|
// NewMockAutheliaCtx create an instance of AutheliaCtx mock
|
|
func NewMockAutheliaCtx(t *testing.T) *MockAutheliaCtx {
|
|
mockAuthelia := new(MockAutheliaCtx)
|
|
mockAuthelia.Clock = TestingClock{}
|
|
|
|
datetime, _ := time.Parse("2006-Jan-02", "2013-Feb-03")
|
|
mockAuthelia.Clock.Set(datetime)
|
|
|
|
configuration := schema.Configuration{}
|
|
configuration.Session.RememberMeDuration = schema.DefaultSessionConfiguration.RememberMeDuration
|
|
configuration.Session.Name = "authelia_session"
|
|
configuration.AccessControl.DefaultPolicy = "deny"
|
|
configuration.AccessControl.Rules = []schema.ACLRule{schema.ACLRule{
|
|
Domain: "bypass.example.com",
|
|
Policy: "bypass",
|
|
}, schema.ACLRule{
|
|
Domain: "one-factor.example.com",
|
|
Policy: "one_factor",
|
|
}, schema.ACLRule{
|
|
Domain: "two-factor.example.com",
|
|
Policy: "two_factor",
|
|
}, schema.ACLRule{
|
|
Domain: "deny.example.com",
|
|
Policy: "deny",
|
|
}}
|
|
|
|
providers := middlewares.Providers{}
|
|
|
|
mockAuthelia.Ctrl = gomock.NewController(t)
|
|
mockAuthelia.UserProviderMock = NewMockUserProvider(mockAuthelia.Ctrl)
|
|
providers.UserProvider = mockAuthelia.UserProviderMock
|
|
|
|
mockAuthelia.StorageProviderMock = storage.NewMockProvider(mockAuthelia.Ctrl)
|
|
providers.StorageProvider = mockAuthelia.StorageProviderMock
|
|
|
|
mockAuthelia.NotifierMock = NewMockNotifier(mockAuthelia.Ctrl)
|
|
providers.Notifier = mockAuthelia.NotifierMock
|
|
|
|
providers.Authorizer = authorization.NewAuthorizer(
|
|
configuration.AccessControl)
|
|
|
|
providers.SessionProvider = session.NewProvider(
|
|
configuration.Session)
|
|
|
|
providers.Regulator = regulation.NewRegulator(configuration.Regulation, providers.StorageProvider, &mockAuthelia.Clock)
|
|
|
|
request := &fasthttp.RequestCtx{}
|
|
// Set a cookie to identify this client throughout the test
|
|
// request.Request.Header.SetCookie("authelia_session", "client_cookie")
|
|
|
|
autheliaCtx, _ := middlewares.NewAutheliaCtx(request, configuration, providers)
|
|
mockAuthelia.Ctx = autheliaCtx
|
|
|
|
logger, hook := test.NewNullLogger()
|
|
mockAuthelia.Hook = hook
|
|
|
|
mockAuthelia.Ctx.Logger = logrus.NewEntry(logger)
|
|
return mockAuthelia
|
|
}
|
|
|
|
// Close close the mock
|
|
func (m *MockAutheliaCtx) Close() {
|
|
m.Hook.Reset()
|
|
m.Ctrl.Finish()
|
|
}
|
|
|
|
// Assert200KO assert an error response from the service.
|
|
func (m *MockAutheliaCtx) Assert200KO(t *testing.T, message string) {
|
|
assert.Equal(t, 200, m.Ctx.Response.StatusCode())
|
|
assert.Equal(t, fmt.Sprintf("{\"status\":\"KO\",\"message\":\"%s\"}", message), string(m.Ctx.Response.Body()))
|
|
}
|
|
|
|
// Assert200OK assert a successful response from the service.
|
|
func (m *MockAutheliaCtx) Assert200OK(t *testing.T, data interface{}) {
|
|
assert.Equal(t, 200, m.Ctx.Response.StatusCode())
|
|
response := middlewares.OKResponse{
|
|
Status: "OK",
|
|
Data: data,
|
|
}
|
|
|
|
b, err := json.Marshal(response)
|
|
|
|
assert.NoError(t, err)
|
|
assert.Equal(t, string(b), string(m.Ctx.Response.Body()))
|
|
}
|
|
|
|
func (m *MockAutheliaCtx) GetResponseData(t *testing.T, data interface{}) {
|
|
okResponse := middlewares.OKResponse{}
|
|
okResponse.Data = data
|
|
err := json.Unmarshal(m.Ctx.Response.Body(), &okResponse)
|
|
require.NoError(t, err)
|
|
}
|