mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
6b78240d39
From this commit on, api endpoints reply with a 401 error code and non api endpoints redirect to /error/40X. This commit also fixes missing restrictions on /loggedin (the "already logged in page). This was not a security issue, though. The change also makes error pages automatically redirect the user after few seconds based on the referrer or the default_redirection_url if provided in the configuration. Warning: The old /verify endpoint of the REST API has moved to /api/verify. You will need to update your nginx configuration to take this change into account.
37 lines
2.6 KiB
Gherkin
37 lines
2.6 KiB
Gherkin
Feature: Non authenticated users have no access to certain pages
|
|
|
|
Scenario: Anonymous user has no access to protected pages
|
|
Then I get the following status code when requesting:
|
|
| url | code | method |
|
|
| https://auth.test.local:8080/secondfactor | 401 | GET |
|
|
| https://auth.test.local:8080/secondfactor/u2f/identity/start | 401 | GET |
|
|
| https://auth.test.local:8080/secondfactor/u2f/identity/finish | 401 | GET |
|
|
| https://auth.test.local:8080/secondfactor/totp/identity/start | 401 | GET |
|
|
| https://auth.test.local:8080/secondfactor/totp/identity/finish | 401 | GET |
|
|
| https://auth.test.local:8080/loggedin | 401 | GET |
|
|
| https://auth.test.local:8080/api/totp | 401 | POST |
|
|
| https://auth.test.local:8080/api/u2f/sign_request | 401 | GET |
|
|
| https://auth.test.local:8080/api/u2f/sign | 401 | POST |
|
|
| https://auth.test.local:8080/api/u2f/register_request | 401 | GET |
|
|
| https://auth.test.local:8080/api/u2f/register | 401 | POST |
|
|
|
|
|
|
@needs-single_factor-config
|
|
@need-registered-user-john
|
|
Scenario: User does not have acces to second factor related endpoints when in single factor mode
|
|
Given I post "https://auth.test.local:8080/api/firstfactor" with body:
|
|
| key | value |
|
|
| username | john |
|
|
| password | password |
|
|
Then I get the following status code when requesting:
|
|
| url | code | method |
|
|
| https://auth.test.local:8080/secondfactor | 401 | GET |
|
|
| https://auth.test.local:8080/secondfactor/u2f/identity/start | 401 | GET |
|
|
| https://auth.test.local:8080/secondfactor/u2f/identity/finish | 401 | GET |
|
|
| https://auth.test.local:8080/secondfactor/totp/identity/start | 401 | GET |
|
|
| https://auth.test.local:8080/secondfactor/totp/identity/finish | 401 | GET |
|
|
| https://auth.test.local:8080/api/totp | 401 | POST |
|
|
| https://auth.test.local:8080/api/u2f/sign_request | 401 | GET |
|
|
| https://auth.test.local:8080/api/u2f/sign | 401 | POST |
|
|
| https://auth.test.local:8080/api/u2f/register_request | 401 | GET |
|
|
| https://auth.test.local:8080/api/u2f/register | 401 | POST | |