fix(authorization): configuration reports 2fa disabled with 2fa oidc clients (#2089)

This resolves an issue where if you have zero two_factor ACL rules but enabled two_factor OIDC clients, 2FA is reported as disabled.
author: James Elliott <james-d-elliott@users.noreply.github.com> 2021-06-18 11:38:01 +1000
committer: GitHub <noreply@github.com> 2021-06-18 11:38:01 +1000
commit: ef3c2faeb5a8d4ae30fa55fdaed5718e32f11364 (patch)
tree: 982cb547306d93dd54b85eec5552e00f3dbdf751 /internal/handlers/handler_configuration_test.go
parent: 438555886ee8cca96191e15bbfb6850361339cd5 (diff)
1 files changed, 60 insertions, 54 deletions
diff --git a/internal/handlers/handler_configuration_test.go b/internal/handlers/handler_configuration_test.go
index d5e821013..9340584de 100644
--- a/internal/handlers/handler_configuration_test.go
+++ b/internal/handlers/handler_configuration_test.go
@@ -17,10 +17,11 @@ type SecondFactorAvailableMethodsFixture struct {
 
 func (s *SecondFactorAvailableMethodsFixture) SetupTest() {
 	s.mock = mocks.NewMockAutheliaCtx(s.T())
-	s.mock.Ctx.Providers.Authorizer = authorization.NewAuthorizer(schema.AccessControlConfiguration{
-		DefaultPolicy: "deny",
-		Rules:         []schema.ACLRule{},
-	})
+	s.mock.Ctx.Providers.Authorizer = authorization.NewAuthorizer(&schema.Configuration{
+		AccessControl: schema.AccessControlConfiguration{
+			DefaultPolicy: "deny",
+			Rules:         []schema.ACLRule{},
+		}})
 }
 
 func (s *SecondFactorAvailableMethodsFixture) TearDownTest() {
@@ -66,23 +67,25 @@ func (s *SecondFactorAvailableMethodsFixture) TestShouldCheckSecondFactorIsDisab
 			Period: schema.DefaultTOTPConfiguration.Period,
 		},
 	}
-	s.mock.Ctx.Providers.Authorizer = authorization.NewAuthorizer(schema.AccessControlConfiguration{
-		DefaultPolicy: "bypass",
-		Rules: []schema.ACLRule{
-			{
-				Domains: []string{"example.com"},
-				Policy:  "deny",
-			},
-			{
-				Domains: []string{"abc.example.com"},
-				Policy:  "single_factor",
-			},
-			{
-				Domains: []string{"def.example.com"},
-				Policy:  "bypass",
-			},
-		},
-	})
+	s.mock.Ctx.Providers.Authorizer = authorization.NewAuthorizer(
+		&schema.Configuration{
+			AccessControl: schema.AccessControlConfiguration{
+				DefaultPolicy: "bypass",
+				Rules: []schema.ACLRule{
+					{
+						Domains: []string{"example.com"},
+						Policy:  "deny",
+					},
+					{
+						Domains: []string{"abc.example.com"},
+						Policy:  "single_factor",
+					},
+					{
+						Domains: []string{"def.example.com"},
+						Policy:  "bypass",
+					},
+				},
+			}})
 	ConfigurationGet(s.mock.Ctx)
 	s.mock.Assert200OK(s.T(), ConfigurationBody{
 		AvailableMethods:    []string{"totp", "u2f"},
@@ -97,23 +100,24 @@ func (s *SecondFactorAvailableMethodsFixture) TestShouldCheckSecondFactorIsEnabl
 			Period: schema.DefaultTOTPConfiguration.Period,
 		},
 	}
-	s.mock.Ctx.Providers.Authorizer = authorization.NewAuthorizer(schema.AccessControlConfiguration{
-		DefaultPolicy: "two_factor",
-		Rules: []schema.ACLRule{
-			{
-				Domains: []string{"example.com"},
-				Policy:  "deny",
-			},
-			{
-				Domains: []string{"abc.example.com"},
-				Policy:  "single_factor",
-			},
-			{
-				Domains: []string{"def.example.com"},
-				Policy:  "bypass",
+	s.mock.Ctx.Providers.Authorizer = authorization.NewAuthorizer(&schema.Configuration{
+		AccessControl: schema.AccessControlConfiguration{
+			DefaultPolicy: "two_factor",
+			Rules: []schema.ACLRule{
+				{
+					Domains: []string{"example.com"},
+					Policy:  "deny",
+				},
+				{
+					Domains: []string{"abc.example.com"},
+					Policy:  "single_factor",
+				},
+				{
+					Domains: []string{"def.example.com"},
+					Policy:  "bypass",
+				},
 			},
-		},
-	})
+		}})
 	ConfigurationGet(s.mock.Ctx)
 	s.mock.Assert200OK(s.T(), ConfigurationBody{
 		AvailableMethods:    []string{"totp", "u2f"},
@@ -128,23 +132,25 @@ func (s *SecondFactorAvailableMethodsFixture) TestShouldCheckSecondFactorIsEnabl
 			Period: schema.DefaultTOTPConfiguration.Period,
 		},
 	}
-	s.mock.Ctx.Providers.Authorizer = authorization.NewAuthorizer(schema.AccessControlConfiguration{
-		DefaultPolicy: "bypass",
-		Rules: []schema.ACLRule{
-			{
-				Domains: []string{"example.com"},
-				Policy:  "deny",
-			},
-			{
-				Domains: []string{"abc.example.com"},
-				Policy:  "two_factor",
-			},
-			{
-				Domains: []string{"def.example.com"},
-				Policy:  "bypass",
-			},
-		},
-	})
+	s.mock.Ctx.Providers.Authorizer = authorization.NewAuthorizer(
+		&schema.Configuration{
+			AccessControl: schema.AccessControlConfiguration{
+				DefaultPolicy: "bypass",
+				Rules: []schema.ACLRule{
+					{
+						Domains: []string{"example.com"},
+						Policy:  "deny",
+					},
+					{
+						Domains: []string{"abc.example.com"},
+						Policy:  "two_factor",
+					},
+					{
+						Domains: []string{"def.example.com"},
+						Policy:  "bypass",
+					},
+				},
+			}})
 	ConfigurationGet(s.mock.Ctx)
 	s.mock.Assert200OK(s.T(), ConfigurationBody{
 		AvailableMethods:    []string{"totp", "u2f"},
author	James Elliott <james-d-elliott@users.noreply.github.com>	2021-06-18 11:38:01 +1000
committer	GitHub <noreply@github.com>	2021-06-18 11:38:01 +1000
commit	ef3c2faeb5a8d4ae30fa55fdaed5718e32f11364 (patch)
tree	982cb547306d93dd54b85eec5552e00f3dbdf751 /internal/handlers/handler_configuration_test.go
parent	438555886ee8cca96191e15bbfb6850361339cd5 (diff)