mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
cc4f47f21c
This removes the deprecated options from 4.25. This includes the LDAP filters which allow {0} or {1} placeholders. The new aliases are documented. Additionally it refactors the keys validator to use uniform messages for most replaced keys.
84 lines
2.7 KiB
Go
84 lines
2.7 KiB
Go
package validator
|
|
|
|
import (
|
|
"fmt"
|
|
"io/ioutil"
|
|
"strings"
|
|
|
|
"github.com/spf13/viper"
|
|
|
|
"github.com/authelia/authelia/internal/configuration/schema"
|
|
)
|
|
|
|
// SecretNameToEnvName converts a secret name into the env name.
|
|
func SecretNameToEnvName(secretName string) (envName string) {
|
|
return "authelia." + secretName + ".file"
|
|
}
|
|
|
|
func isSecretKey(value string) (isSecretKey bool) {
|
|
for _, secretKey := range SecretNames {
|
|
if value == secretKey || value == SecretNameToEnvName(secretKey) {
|
|
return true
|
|
}
|
|
}
|
|
|
|
return false
|
|
}
|
|
|
|
// ValidateSecrets checks that secrets are either specified by config file/env or by file references.
|
|
func ValidateSecrets(configuration *schema.Configuration, validator *schema.StructValidator, viper *viper.Viper) {
|
|
configuration.JWTSecret = getSecretValue(SecretNames["JWTSecret"], validator, viper)
|
|
configuration.Session.Secret = getSecretValue(SecretNames["SessionSecret"], validator, viper)
|
|
|
|
if configuration.DuoAPI != nil {
|
|
configuration.DuoAPI.SecretKey = getSecretValue(SecretNames["DUOSecretKey"], validator, viper)
|
|
}
|
|
|
|
if configuration.Session.Redis != nil {
|
|
configuration.Session.Redis.Password = getSecretValue(SecretNames["RedisPassword"], validator, viper)
|
|
|
|
if configuration.Session.Redis.HighAvailability != nil {
|
|
configuration.Session.Redis.HighAvailability.SentinelPassword =
|
|
getSecretValue(SecretNames["RedisSentinelPassword"], validator, viper)
|
|
}
|
|
}
|
|
|
|
if configuration.AuthenticationBackend.LDAP != nil {
|
|
configuration.AuthenticationBackend.LDAP.Password = getSecretValue(SecretNames["LDAPPassword"], validator, viper)
|
|
}
|
|
|
|
if configuration.Notifier != nil && configuration.Notifier.SMTP != nil {
|
|
configuration.Notifier.SMTP.Password = getSecretValue(SecretNames["SMTPPassword"], validator, viper)
|
|
}
|
|
|
|
if configuration.Storage.MySQL != nil {
|
|
configuration.Storage.MySQL.Password = getSecretValue(SecretNames["MySQLPassword"], validator, viper)
|
|
}
|
|
|
|
if configuration.Storage.PostgreSQL != nil {
|
|
configuration.Storage.PostgreSQL.Password = getSecretValue(SecretNames["PostgreSQLPassword"], validator, viper)
|
|
}
|
|
}
|
|
|
|
func getSecretValue(name string, validator *schema.StructValidator, viper *viper.Viper) string {
|
|
configValue := viper.GetString(name)
|
|
fileEnvValue := viper.GetString(SecretNameToEnvName(name))
|
|
|
|
// Error Checking.
|
|
if fileEnvValue != "" && configValue != "" {
|
|
validator.Push(fmt.Errorf("error loading secret (%s): it's already defined in the config file", name))
|
|
}
|
|
|
|
// Derive Secret.
|
|
if fileEnvValue != "" {
|
|
content, err := ioutil.ReadFile(fileEnvValue)
|
|
if err != nil {
|
|
validator.Push(fmt.Errorf("error loading secret file (%s): %s", name, err))
|
|
} else {
|
|
return strings.ReplaceAll(string(content), "\n", "")
|
|
}
|
|
}
|
|
|
|
return configValue
|
|
}
|