diff options
| author | Clément Michaud <clement.michaud34@gmail.com> | 2020-03-15 08:10:25 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-03-15 18:10:25 +1100 |
| commit | cc6650dbcd7ede111e806b9674ab3142fab0c921 (patch) | |
| tree | 1c58694c15eee25d1e0b666b41360e6f24392cee /internal/configuration/validator/authentication_test.go | |
| parent | 7a3d43a12a7f2bbf5b8e4471ebb39180be98d654 (diff) | |
[BUGFIX] [BREAKING] Set username retrieved from authentication backend in session. (#687)
* [BUGFIX] Set username retrieved from authentication backend in session.
In some setups, binding is case insensitive but Authelia is case
sensitive and therefore need the actual username as stored in the
authentication backend in order for Authelia to work correctly.
Fixes #561.
* Use uid attribute as unique user identifier in suites.
* Fix the integration tests.
* Update config.template.yml
* Compute user filter based on username attribute and users_filter.
The filter provided in users_filter is now combined with a filter
based on the username attribute to perform the LDAP search query
finding a user object from the username.
* Fix LDAP based integration tests.
* Update `users_filter` reference examples
Diffstat (limited to 'internal/configuration/validator/authentication_test.go')
| -rw-r--r-- | internal/configuration/validator/authentication_test.go | 27 |
1 files changed, 17 insertions, 10 deletions
diff --git a/internal/configuration/validator/authentication_test.go b/internal/configuration/validator/authentication_test.go index a3333f172..8cdf982eb 100644 --- a/internal/configuration/validator/authentication_test.go +++ b/internal/configuration/validator/authentication_test.go @@ -169,6 +169,9 @@ func (suite *LdapAuthenticationBackendSuite) SetupTest() { suite.configuration.Ldap.User = "user" suite.configuration.Ldap.Password = "password" suite.configuration.Ldap.BaseDN = "base_dn" + suite.configuration.Ldap.UsernameAttribute = "uid" + suite.configuration.Ldap.UsersFilter = "(uid={0})" + suite.configuration.Ldap.GroupsFilter = "(cn={0})" } func (suite *LdapAuthenticationBackendSuite) TestShouldValidateCompleteConfiguration() { @@ -204,16 +207,20 @@ func (suite *LdapAuthenticationBackendSuite) TestShouldRaiseErrorWhenBaseDNNotPr assert.EqualError(suite.T(), suite.validator.Errors()[0], "Please provide a base DN to connect to the LDAP server") } -func (suite *LdapAuthenticationBackendSuite) TestShouldSetDefaultUsersFilter() { +func (suite *LdapAuthenticationBackendSuite) TestShouldRaiseOnEmptyFilterAndGroupsFilter() { + suite.configuration.Ldap.UsersFilter = "" + suite.configuration.Ldap.GroupsFilter = "" ValidateAuthenticationBackend(&suite.configuration, suite.validator) - assert.Len(suite.T(), suite.validator.Errors(), 0) - assert.Equal(suite.T(), "(cn={0})", suite.configuration.Ldap.UsersFilter) + require.Len(suite.T(), suite.validator.Errors(), 2) + assert.EqualError(suite.T(), suite.validator.Errors()[0], "Please provide a users filter with `users_filter` attribute") + assert.EqualError(suite.T(), suite.validator.Errors()[1], "Please provide a groups filter with `groups_filter` attribute") } -func (suite *LdapAuthenticationBackendSuite) TestShouldSetDefaultGroupsFilter() { +func (suite *LdapAuthenticationBackendSuite) TestShouldRaiseOnEmptyUsernameAttribute() { + suite.configuration.Ldap.UsernameAttribute = "" ValidateAuthenticationBackend(&suite.configuration, suite.validator) - assert.Len(suite.T(), suite.validator.Errors(), 0) - assert.Equal(suite.T(), "(member={dn})", suite.configuration.Ldap.GroupsFilter) + require.Len(suite.T(), suite.validator.Errors(), 1) + assert.EqualError(suite.T(), suite.validator.Errors()[0], "Please provide a username attribute with `username_attribute`") } func (suite *LdapAuthenticationBackendSuite) TestShouldSetDefaultGroupNameAttribute() { @@ -229,17 +236,17 @@ func (suite *LdapAuthenticationBackendSuite) TestShouldSetDefaultMailAttribute() } func (suite *LdapAuthenticationBackendSuite) TestShouldRaiseWhenUsersFilterDoesNotContainEnclosingParenthesis() { - suite.configuration.Ldap.UsersFilter = "cn={0}" + suite.configuration.Ldap.UsersFilter = "uid={0}" ValidateAuthenticationBackend(&suite.configuration, suite.validator) assert.Len(suite.T(), suite.validator.Errors(), 1) - assert.EqualError(suite.T(), suite.validator.Errors()[0], "The users filter should contain enclosing parenthesis. For instance cn={0} should be (cn={0})") + assert.EqualError(suite.T(), suite.validator.Errors()[0], "The users filter should contain enclosing parenthesis. For instance uid={0} should be (uid={0})") } func (suite *LdapAuthenticationBackendSuite) TestShouldRaiseWhenGroupsFilterDoesNotContainEnclosingParenthesis() { - suite.configuration.Ldap.UsersFilter = "cn={0}" + suite.configuration.Ldap.GroupsFilter = "cn={0}" ValidateAuthenticationBackend(&suite.configuration, suite.validator) assert.Len(suite.T(), suite.validator.Errors(), 1) - assert.EqualError(suite.T(), suite.validator.Errors()[0], "The users filter should contain enclosing parenthesis. For instance cn={0} should be (cn={0})") + assert.EqualError(suite.T(), suite.validator.Errors()[0], "The groups filter should contain enclosing parenthesis. For instance cn={0} should be (cn={0})") } func (suite *LdapAuthenticationBackendSuite) TestShouldAdaptLDAPURL() { |