summaryrefslogtreecommitdiff
path: root/internal/configuration/validator/authentication_test.go
diff options
context:
space:
mode:
authorAmir Zarrinkafsh <nightah@me.com>2020-11-28 00:30:27 +1100
committerGitHub <noreply@github.com>2020-11-28 00:30:27 +1100
commitba04d1072b327f2bd95e3fc82cb74fb0945b4029 (patch)
tree0502d1d758a02b6b1692a1c1bf304ac3f5578ded /internal/configuration/validator/authentication_test.go
parentaa64d0c4e542f0504d4388a6f3ac0fed83d3b696 (diff)
[BUGFIX] Make username_attribute a mandatory placeholder in users_filter (#1449)
* [BUGFIX] Make username_attribute a mandatory placeholder in users_filter Not including the `username_attribute` in the `users_filter` will cause issues with the LDAP session refresh and will result in session resets when the refresh interval has expired. This change makes said attribute mandatory for the `users_filter`. * Update version referenced in docs for fix
Diffstat (limited to 'internal/configuration/validator/authentication_test.go')
-rw-r--r--internal/configuration/validator/authentication_test.go91
1 files changed, 11 insertions, 80 deletions
diff --git a/internal/configuration/validator/authentication_test.go b/internal/configuration/validator/authentication_test.go
index 338b0d8b5..9f85955ab 100644
--- a/internal/configuration/validator/authentication_test.go
+++ b/internal/configuration/validator/authentication_test.go
@@ -165,7 +165,7 @@ func (suite *LdapAuthenticationBackendSuite) SetupTest() {
suite.configuration.Ldap.Password = "password"
suite.configuration.Ldap.BaseDN = "base_dn"
suite.configuration.Ldap.UsernameAttribute = "uid"
- suite.configuration.Ldap.UsersFilter = "(uid={input})"
+ suite.configuration.Ldap.UsersFilter = "({username_attribute}={input})"
suite.configuration.Ldap.GroupsFilter = "(cn={input})"
}
@@ -267,10 +267,10 @@ func (suite *LdapAuthenticationBackendSuite) TestShouldSetDefaultRefreshInterval
}
func (suite *LdapAuthenticationBackendSuite) TestShouldRaiseWhenUsersFilterDoesNotContainEnclosingParenthesis() {
- suite.configuration.Ldap.UsersFilter = "uid={input}"
+ suite.configuration.Ldap.UsersFilter = "{username_attribute}={input}"
ValidateAuthenticationBackend(&suite.configuration, suite.validator)
require.Len(suite.T(), suite.validator.Errors(), 1)
- assert.EqualError(suite.T(), suite.validator.Errors()[0], "The users filter should contain enclosing parenthesis. For instance uid={input} should be (uid={input})")
+ assert.EqualError(suite.T(), suite.validator.Errors()[0], "The users filter should contain enclosing parenthesis. For instance {username_attribute}={input} should be ({username_attribute}={input})")
}
func (suite *LdapAuthenticationBackendSuite) TestShouldRaiseWhenGroupsFilterDoesNotContainEnclosingParenthesis() {
@@ -280,8 +280,15 @@ func (suite *LdapAuthenticationBackendSuite) TestShouldRaiseWhenGroupsFilterDoes
assert.EqualError(suite.T(), suite.validator.Errors()[0], "The groups filter should contain enclosing parenthesis. For instance cn={input} should be (cn={input})")
}
+func (suite *LdapAuthenticationBackendSuite) TestShouldRaiseWhenUsersFilterDoesNotContainUsernameAttribute() {
+ suite.configuration.Ldap.UsersFilter = "(&({mail_attribute}={input})(objectClass=person))"
+ ValidateAuthenticationBackend(&suite.configuration, suite.validator)
+ require.Len(suite.T(), suite.validator.Errors(), 1)
+ assert.EqualError(suite.T(), suite.validator.Errors()[0], "Unable to detect {username_attribute} placeholder in users_filter, your configuration is broken. Please review configuration options listed at https://docs.authelia.com/configuration/authentication/ldap.html")
+}
+
func (suite *LdapAuthenticationBackendSuite) TestShouldHelpDetectNoInputPlaceholder() {
- suite.configuration.Ldap.UsersFilter = "(objectClass=person)"
+ suite.configuration.Ldap.UsersFilter = "(&({username_attribute}={mail_attribute})(objectClass=person))"
ValidateAuthenticationBackend(&suite.configuration, suite.validator)
require.Len(suite.T(), suite.validator.Errors(), 1)
assert.EqualError(suite.T(), suite.validator.Errors()[0], "Unable to detect {input} placeholder in users_filter, your configuration might be broken. Please review configuration options listed at https://docs.authelia.com/configuration/authentication/ldap.html")
@@ -308,79 +315,3 @@ func (suite *LdapAuthenticationBackendSuite) TestShouldAdaptLDAPURL() {
func TestLdapAuthenticationBackend(t *testing.T) {
suite.Run(t, new(LdapAuthenticationBackendSuite))
}
-
-type ActiveDirectoryAuthenticationBackendSuite struct {
- suite.Suite
- configuration schema.AuthenticationBackendConfiguration
- validator *schema.StructValidator
-}
-
-func (suite *ActiveDirectoryAuthenticationBackendSuite) SetupTest() {
- suite.validator = schema.NewStructValidator()
- suite.configuration = schema.AuthenticationBackendConfiguration{}
- suite.configuration.Ldap = &schema.LDAPAuthenticationBackendConfiguration{}
- suite.configuration.Ldap.Implementation = schema.LDAPImplementationActiveDirectory
- suite.configuration.Ldap.URL = "ldap://ldap"
- suite.configuration.Ldap.User = "user"
- suite.configuration.Ldap.Password = "password"
- suite.configuration.Ldap.BaseDN = "base_dn"
-}
-
-func (suite *ActiveDirectoryAuthenticationBackendSuite) TestShouldSetActiveDirectoryDefaults() {
- ValidateAuthenticationBackend(&suite.configuration, suite.validator)
-
- assert.Len(suite.T(), suite.validator.Errors(), 0)
-
- assert.Equal(suite.T(),
- suite.configuration.Ldap.UsersFilter,
- schema.DefaultLDAPAuthenticationBackendImplementationActiveDirectoryConfiguration.UsersFilter)
- assert.Equal(suite.T(),
- suite.configuration.Ldap.UsernameAttribute,
- schema.DefaultLDAPAuthenticationBackendImplementationActiveDirectoryConfiguration.UsernameAttribute)
- assert.Equal(suite.T(),
- suite.configuration.Ldap.DisplayNameAttribute,
- schema.DefaultLDAPAuthenticationBackendImplementationActiveDirectoryConfiguration.DisplayNameAttribute)
- assert.Equal(suite.T(),
- suite.configuration.Ldap.MailAttribute,
- schema.DefaultLDAPAuthenticationBackendImplementationActiveDirectoryConfiguration.MailAttribute)
- assert.Equal(suite.T(),
- suite.configuration.Ldap.GroupsFilter,
- schema.DefaultLDAPAuthenticationBackendImplementationActiveDirectoryConfiguration.GroupsFilter)
- assert.Equal(suite.T(),
- suite.configuration.Ldap.GroupNameAttribute,
- schema.DefaultLDAPAuthenticationBackendImplementationActiveDirectoryConfiguration.GroupNameAttribute)
-}
-
-func (suite *ActiveDirectoryAuthenticationBackendSuite) TestShouldOnlySetDefaultsIfNotManuallyConfigured() {
- suite.configuration.Ldap.UsersFilter = "(&({username_attribute}={input})(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2))"
- suite.configuration.Ldap.UsernameAttribute = "cn"
- suite.configuration.Ldap.MailAttribute = "userPrincipalName"
- suite.configuration.Ldap.DisplayNameAttribute = "name"
- suite.configuration.Ldap.GroupsFilter = "(&(member={dn})(objectClass=group)(objectCategory=group))"
- suite.configuration.Ldap.GroupNameAttribute = "distinguishedName"
-
- ValidateAuthenticationBackend(&suite.configuration, suite.validator)
-
- assert.NotEqual(suite.T(),
- suite.configuration.Ldap.UsersFilter,
- schema.DefaultLDAPAuthenticationBackendImplementationActiveDirectoryConfiguration.UsersFilter)
- assert.NotEqual(suite.T(),
- suite.configuration.Ldap.UsernameAttribute,
- schema.DefaultLDAPAuthenticationBackendImplementationActiveDirectoryConfiguration.UsernameAttribute)
- assert.NotEqual(suite.T(),
- suite.configuration.Ldap.DisplayNameAttribute,
- schema.DefaultLDAPAuthenticationBackendImplementationActiveDirectoryConfiguration.DisplayNameAttribute)
- assert.NotEqual(suite.T(),
- suite.configuration.Ldap.MailAttribute,
- schema.DefaultLDAPAuthenticationBackendImplementationActiveDirectoryConfiguration.MailAttribute)
- assert.NotEqual(suite.T(),
- suite.configuration.Ldap.GroupsFilter,
- schema.DefaultLDAPAuthenticationBackendImplementationActiveDirectoryConfiguration.GroupsFilter)
- assert.NotEqual(suite.T(),
- suite.configuration.Ldap.GroupNameAttribute,
- schema.DefaultLDAPAuthenticationBackendImplementationActiveDirectoryConfiguration.GroupNameAttribute)
-}
-
-func TestActiveDirectoryAuthenticationBackend(t *testing.T) {
- suite.Run(t, new(ActiveDirectoryAuthenticationBackendSuite))
-}