mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
dc7ca6f03c
This adjusts the validated keys to utilize a generated code section.
254 lines
7.3 KiB
Go
254 lines
7.3 KiB
Go
package schema
|
|
|
|
import (
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
)
|
|
|
|
var ValidKeys = []string{
|
|
// Root Keys.
|
|
"certificates_directory",
|
|
"theme",
|
|
"default_redirection_url",
|
|
"jwt_secret",
|
|
|
|
// Log keys.
|
|
"log.level",
|
|
"log.format",
|
|
"log.file_path",
|
|
"log.keep_stdout",
|
|
|
|
// Server Keys.
|
|
"server.host",
|
|
"server.port",
|
|
"server.read_buffer_size",
|
|
"server.write_buffer_size",
|
|
"server.path",
|
|
"server.asset_path",
|
|
"server.enable_pprof",
|
|
"server.enable_expvars",
|
|
"server.disable_healthcheck",
|
|
"server.tls.key",
|
|
"server.tls.certificate",
|
|
"server.tls.client_certificates",
|
|
"server.headers.csp_template",
|
|
|
|
// TOTP Keys.
|
|
"totp.disable",
|
|
"totp.issuer",
|
|
"totp.algorithm",
|
|
"totp.digits",
|
|
"totp.period",
|
|
"totp.skew",
|
|
"totp.secret_size",
|
|
|
|
// Webauthn Keys.
|
|
"webauthn.disable",
|
|
"webauthn.display_name",
|
|
"webauthn.attestation_conveyance_preference",
|
|
"webauthn.user_verification",
|
|
"webauthn.timeout",
|
|
|
|
// DUO API Keys.
|
|
"duo_api.disable",
|
|
"duo_api.hostname",
|
|
"duo_api.enable_self_enrollment",
|
|
"duo_api.secret_key",
|
|
"duo_api.integration_key",
|
|
|
|
// Access Control Keys.
|
|
"access_control.default_policy",
|
|
"access_control.networks",
|
|
"access_control.networks[].name",
|
|
"access_control.networks[].networks",
|
|
"access_control.rules",
|
|
"access_control.rules[].domain",
|
|
"access_control.rules[].domain_regex",
|
|
"access_control.rules[].methods",
|
|
"access_control.rules[].networks",
|
|
"access_control.rules[].subject",
|
|
"access_control.rules[].policy",
|
|
"access_control.rules[].resources",
|
|
|
|
// Session Keys.
|
|
"session.name",
|
|
"session.domain",
|
|
"session.secret",
|
|
"session.same_site",
|
|
"session.expiration",
|
|
"session.inactivity",
|
|
"session.remember_me_duration",
|
|
|
|
// Redis Session Keys.
|
|
"session.redis.host",
|
|
"session.redis.port",
|
|
"session.redis.username",
|
|
"session.redis.password",
|
|
"session.redis.database_index",
|
|
"session.redis.maximum_active_connections",
|
|
"session.redis.minimum_idle_connections",
|
|
"session.redis.tls.minimum_version",
|
|
"session.redis.tls.skip_verify",
|
|
"session.redis.tls.server_name",
|
|
"session.redis.high_availability.sentinel_name",
|
|
"session.redis.high_availability.sentinel_username",
|
|
"session.redis.high_availability.sentinel_password",
|
|
"session.redis.high_availability.nodes",
|
|
"session.redis.high_availability.nodes[].host",
|
|
"session.redis.high_availability.nodes[].port",
|
|
"session.redis.high_availability.route_by_latency",
|
|
"session.redis.high_availability.route_randomly",
|
|
|
|
// Storage Keys.
|
|
"storage.encryption_key",
|
|
|
|
// Local Storage Keys.
|
|
"storage.local.path",
|
|
|
|
// MySQL Storage Keys.
|
|
"storage.mysql.host",
|
|
"storage.mysql.port",
|
|
"storage.mysql.database",
|
|
"storage.mysql.username",
|
|
"storage.mysql.password",
|
|
"storage.mysql.timeout",
|
|
|
|
// PostgreSQL Storage Keys.
|
|
"storage.postgres.host",
|
|
"storage.postgres.port",
|
|
"storage.postgres.database",
|
|
"storage.postgres.username",
|
|
"storage.postgres.password",
|
|
"storage.postgres.timeout",
|
|
"storage.postgres.schema",
|
|
"storage.postgres.ssl.mode",
|
|
"storage.postgres.ssl.root_certificate",
|
|
"storage.postgres.ssl.certificate",
|
|
"storage.postgres.ssl.key",
|
|
|
|
"storage.postgres.sslmode", // Deprecated. TODO: Remove in v4.36.0.
|
|
|
|
// FileSystem Notifier Keys.
|
|
"notifier.filesystem.filename",
|
|
"notifier.disable_startup_check",
|
|
|
|
// SMTP Notifier Keys.
|
|
"notifier.smtp.host",
|
|
"notifier.smtp.port",
|
|
"notifier.smtp.timeout",
|
|
"notifier.smtp.username",
|
|
"notifier.smtp.password",
|
|
"notifier.smtp.identifier",
|
|
"notifier.smtp.sender",
|
|
"notifier.smtp.subject",
|
|
"notifier.smtp.startup_check_address",
|
|
"notifier.smtp.disable_require_tls",
|
|
"notifier.smtp.disable_html_emails",
|
|
"notifier.smtp.tls.minimum_version",
|
|
"notifier.smtp.tls.skip_verify",
|
|
"notifier.smtp.tls.server_name",
|
|
"notifier.template_path",
|
|
|
|
// Regulation Keys.
|
|
"regulation.max_retries",
|
|
"regulation.find_time",
|
|
"regulation.ban_time",
|
|
|
|
// Authentication Backend Keys.
|
|
"authentication_backend.disable_reset_password",
|
|
"authentication_backend.password_reset.custom_url",
|
|
"authentication_backend.refresh_interval",
|
|
|
|
// LDAP Authentication Backend Keys.
|
|
"authentication_backend.ldap.implementation",
|
|
"authentication_backend.ldap.url",
|
|
"authentication_backend.ldap.timeout",
|
|
"authentication_backend.ldap.base_dn",
|
|
"authentication_backend.ldap.username_attribute",
|
|
"authentication_backend.ldap.additional_users_dn",
|
|
"authentication_backend.ldap.users_filter",
|
|
"authentication_backend.ldap.additional_groups_dn",
|
|
"authentication_backend.ldap.groups_filter",
|
|
"authentication_backend.ldap.group_name_attribute",
|
|
"authentication_backend.ldap.mail_attribute",
|
|
"authentication_backend.ldap.display_name_attribute",
|
|
"authentication_backend.ldap.user",
|
|
"authentication_backend.ldap.password",
|
|
"authentication_backend.ldap.start_tls",
|
|
"authentication_backend.ldap.tls.minimum_version",
|
|
"authentication_backend.ldap.tls.skip_verify",
|
|
"authentication_backend.ldap.tls.server_name",
|
|
|
|
// File Authentication Backend Keys.
|
|
"authentication_backend.file.path",
|
|
"authentication_backend.file.password.algorithm",
|
|
"authentication_backend.file.password.iterations",
|
|
"authentication_backend.file.password.key_length",
|
|
"authentication_backend.file.password.salt_length",
|
|
"authentication_backend.file.password.memory",
|
|
"authentication_backend.file.password.parallelism",
|
|
|
|
// Identity Provider Keys.
|
|
"identity_providers.oidc.hmac_secret",
|
|
"identity_providers.oidc.issuer_private_key",
|
|
"identity_providers.oidc.id_token_lifespan",
|
|
"identity_providers.oidc.access_token_lifespan",
|
|
"identity_providers.oidc.refresh_token_lifespan",
|
|
"identity_providers.oidc.authorize_code_lifespan",
|
|
"identity_providers.oidc.enforce_pkce",
|
|
"identity_providers.oidc.enable_pkce_plain_challenge",
|
|
"identity_providers.oidc.enable_client_debug_messages",
|
|
"identity_providers.oidc.minimum_parameter_entropy",
|
|
"identity_providers.oidc.cors.endpoints",
|
|
"identity_providers.oidc.cors.allowed_origins",
|
|
"identity_providers.oidc.cors.allowed_origins_from_client_redirect_uris",
|
|
"identity_providers.oidc.clients",
|
|
"identity_providers.oidc.clients[].id",
|
|
"identity_providers.oidc.clients[].description",
|
|
"identity_providers.oidc.clients[].secret",
|
|
"identity_providers.oidc.clients[].sector_identifier",
|
|
"identity_providers.oidc.clients[].public",
|
|
"identity_providers.oidc.clients[].redirect_uris",
|
|
"identity_providers.oidc.clients[].authorization_policy",
|
|
"identity_providers.oidc.clients[].pre_configured_consent_duration",
|
|
"identity_providers.oidc.clients[].scopes",
|
|
"identity_providers.oidc.clients[].audience",
|
|
"identity_providers.oidc.clients[].grant_types",
|
|
"identity_providers.oidc.clients[].response_types",
|
|
"identity_providers.oidc.clients[].response_modes",
|
|
"identity_providers.oidc.clients[].userinfo_signing_algorithm",
|
|
|
|
// NTP keys.
|
|
"ntp.address",
|
|
"ntp.version",
|
|
"ntp.max_desync",
|
|
"ntp.disable_startup_check",
|
|
"ntp.disable_failure",
|
|
|
|
// Password Policy keys.
|
|
"password_policy.standard.enabled",
|
|
"password_policy.standard.min_length",
|
|
"password_policy.standard.max_length",
|
|
"password_policy.standard.require_uppercase",
|
|
"password_policy.standard.require_lowercase",
|
|
"password_policy.standard.require_number",
|
|
"password_policy.standard.require_special",
|
|
"password_policy.zxcvbn.enabled",
|
|
"password_policy.zxcvbn.min_score",
|
|
}
|
|
|
|
func TestOldKeys(t *testing.T) {
|
|
for _, key := range ValidKeys {
|
|
assert.Contains(t, Keys, key)
|
|
}
|
|
|
|
for _, key := range Keys {
|
|
assert.Contains(t, ValidKeys, key)
|
|
}
|
|
}
|
|
|
|
func TestDuplicates(t *testing.T) {
|
|
assert.Equal(t, len(Keys), len(ValidKeys))
|
|
}
|