diff options
| author | James Elliott <james-d-elliott@users.noreply.github.com> | 2023-01-25 20:36:40 +1100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-01-25 20:36:40 +1100 |
| commit | 65705a646dfd31e4477af3ffb35c584eb49346a4 (patch) | |
| tree | 882b5df73348c5fc6471e57ef6787c4b04cb68f4 /internal/mocks | |
| parent | 78064dec2e9b48308b71ff8862b27e6f8ded5d56 (diff) | |
feat(server): customizable authz endpoints (#4296)
This allows users to customize the authz endpoints.
Closes #2753, Fixes #3716
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
Diffstat (limited to 'internal/mocks')
| -rw-r--r-- | internal/mocks/authelia_ctx.go | 132 | ||||
| -rw-r--r-- | internal/mocks/duo_api.go | 28 |
2 files changed, 124 insertions, 36 deletions
diff --git a/internal/mocks/authelia_ctx.go b/internal/mocks/authelia_ctx.go index 17f742648..486beeac9 100644 --- a/internal/mocks/authelia_ctx.go +++ b/internal/mocks/authelia_ctx.go @@ -70,28 +70,116 @@ func NewMockAutheliaCtx(t *testing.T) *MockAutheliaCtx { }, } - config.AccessControl.DefaultPolicy = "deny" - config.AccessControl.Rules = []schema.ACLRule{{ - Domains: []string{"bypass.example.com"}, - Policy: "bypass", - }, { - Domains: []string{"one-factor.example.com"}, - Policy: "one_factor", - }, { - Domains: []string{"two-factor.example.com"}, - Policy: "two_factor", - }, { - Domains: []string{"deny.example.com"}, - Policy: "deny", - }, { - Domains: []string{"admin.example.com"}, - Policy: "two_factor", - Subjects: [][]string{{"group:admin"}}, - }, { - Domains: []string{"grafana.example.com"}, - Policy: "two_factor", - Subjects: [][]string{{"group:grafana"}}, - }} + config.AccessControl = schema.AccessControlConfiguration{ + DefaultPolicy: "deny", + Rules: []schema.ACLRule{ + { + Domains: []string{"bypass.example.com"}, + Policy: "bypass", + }, + { + Domains: []string{"bypass-get.example.com"}, + Policy: "bypass", + Methods: []string{fasthttp.MethodGet}, + }, + { + Domains: []string{"bypass-head.example.com"}, + Policy: "bypass", + Methods: []string{fasthttp.MethodHead}, + }, + { + Domains: []string{"bypass-options.example.com"}, + Policy: "bypass", + Methods: []string{fasthttp.MethodOptions}, + }, + { + Domains: []string{"bypass-trace.example.com"}, + Policy: "bypass", + Methods: []string{fasthttp.MethodTrace}, + }, + { + Domains: []string{"bypass-put.example.com"}, + Policy: "bypass", + Methods: []string{fasthttp.MethodPut}, + }, + { + Domains: []string{"bypass-patch.example.com"}, + Policy: "bypass", + Methods: []string{fasthttp.MethodPatch}, + }, + { + Domains: []string{"bypass-post.example.com"}, + Policy: "bypass", + Methods: []string{fasthttp.MethodPost}, + }, + { + Domains: []string{"bypass-delete.example.com"}, + Policy: "bypass", + Methods: []string{fasthttp.MethodDelete}, + }, + { + Domains: []string{"bypass-connect.example.com"}, + Policy: "bypass", + Methods: []string{fasthttp.MethodConnect}, + }, + { + Domains: []string{ + "bypass-get.example.com", "bypass-head.example.com", "bypass-options.example.com", + "bypass-trace.example.com", "bypass-put.example.com", "bypass-patch.example.com", + "bypass-post.example.com", "bypass-delete.example.com", "bypass-connect.example.com", + }, + Policy: "one_factor", + }, + { + Domains: []string{"one-factor.example.com"}, + Policy: "one_factor", + }, + { + Domains: []string{"two-factor.example.com"}, + Policy: "two_factor", + }, + { + Domains: []string{"deny.example.com"}, + Policy: "deny", + }, + { + Domains: []string{"admin.example.com"}, + Policy: "two_factor", + Subjects: [][]string{{"group:admin"}}, + }, + { + Domains: []string{"grafana.example.com"}, + Policy: "two_factor", + Subjects: [][]string{{"group:grafana"}}, + }, + { + Domains: []string{"bypass.example2.com"}, + Policy: "bypass", + }, + { + Domains: []string{"one-factor.example2.com"}, + Policy: "one_factor", + }, + { + Domains: []string{"two-factor.example2.com"}, + Policy: "two_factor", + }, + { + Domains: []string{"deny.example2.com"}, + Policy: "deny", + }, + { + Domains: []string{"admin.example2.com"}, + Policy: "two_factor", + Subjects: [][]string{{"group:admin"}}, + }, + { + Domains: []string{"grafana.example2.com"}, + Policy: "two_factor", + Subjects: [][]string{{"group:grafana"}}, + }, + }, + } providers := middlewares.Providers{} diff --git a/internal/mocks/duo_api.go b/internal/mocks/duo_api.go index d5a753305..d358f9c74 100644 --- a/internal/mocks/duo_api.go +++ b/internal/mocks/duo_api.go @@ -8,10 +8,10 @@ import ( url "net/url" reflect "reflect" - gomock "github.com/golang/mock/gomock" - duo "github.com/authelia/authelia/v4/internal/duo" middlewares "github.com/authelia/authelia/v4/internal/middlewares" + session "github.com/authelia/authelia/v4/internal/session" + gomock "github.com/golang/mock/gomock" ) // MockAPI is a mock of API interface. @@ -38,46 +38,46 @@ func (m *MockAPI) EXPECT() *MockAPIMockRecorder { } // AuthCall mocks base method. -func (m *MockAPI) AuthCall(arg0 *middlewares.AutheliaCtx, arg1 url.Values) (*duo.AuthResponse, error) { +func (m *MockAPI) AuthCall(arg0 *middlewares.AutheliaCtx, arg1 *session.UserSession, arg2 url.Values) (*duo.AuthResponse, error) { m.ctrl.T.Helper() - ret := m.ctrl.Call(m, "AuthCall", arg0, arg1) + ret := m.ctrl.Call(m, "AuthCall", arg0, arg1, arg2) ret0, _ := ret[0].(*duo.AuthResponse) ret1, _ := ret[1].(error) return ret0, ret1 } // AuthCall indicates an expected call of AuthCall. -func (mr *MockAPIMockRecorder) AuthCall(arg0, arg1 interface{}) *gomock.Call { +func (mr *MockAPIMockRecorder) AuthCall(arg0, arg1, arg2 interface{}) *gomock.Call { mr.mock.ctrl.T.Helper() - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "AuthCall", reflect.TypeOf((*MockAPI)(nil).AuthCall), arg0, arg1) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "AuthCall", reflect.TypeOf((*MockAPI)(nil).AuthCall), arg0, arg1, arg2) } // Call mocks base method. -func (m *MockAPI) Call(arg0 *middlewares.AutheliaCtx, arg1 url.Values, arg2, arg3 string) (*duo.Response, error) { +func (m *MockAPI) Call(arg0 *middlewares.AutheliaCtx, arg1 *session.UserSession, arg2 url.Values, arg3, arg4 string) (*duo.Response, error) { m.ctrl.T.Helper() - ret := m.ctrl.Call(m, "Call", arg0, arg1, arg2, arg3) + ret := m.ctrl.Call(m, "Call", arg0, arg1, arg2, arg3, arg4) ret0, _ := ret[0].(*duo.Response) ret1, _ := ret[1].(error) return ret0, ret1 } // Call indicates an expected call of Call. -func (mr *MockAPIMockRecorder) Call(arg0, arg1, arg2, arg3 interface{}) *gomock.Call { +func (mr *MockAPIMockRecorder) Call(arg0, arg1, arg2, arg3, arg4 interface{}) *gomock.Call { mr.mock.ctrl.T.Helper() - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Call", reflect.TypeOf((*MockAPI)(nil).Call), arg0, arg1, arg2, arg3) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Call", reflect.TypeOf((*MockAPI)(nil).Call), arg0, arg1, arg2, arg3, arg4) } // PreAuthCall mocks base method. -func (m *MockAPI) PreAuthCall(arg0 *middlewares.AutheliaCtx, arg1 url.Values) (*duo.PreAuthResponse, error) { +func (m *MockAPI) PreAuthCall(arg0 *middlewares.AutheliaCtx, arg1 *session.UserSession, arg2 url.Values) (*duo.PreAuthResponse, error) { m.ctrl.T.Helper() - ret := m.ctrl.Call(m, "PreAuthCall", arg0, arg1) + ret := m.ctrl.Call(m, "PreAuthCall", arg0, arg1, arg2) ret0, _ := ret[0].(*duo.PreAuthResponse) ret1, _ := ret[1].(error) return ret0, ret1 } // PreAuthCall indicates an expected call of PreAuthCall. -func (mr *MockAPIMockRecorder) PreAuthCall(arg0, arg1 interface{}) *gomock.Call { +func (mr *MockAPIMockRecorder) PreAuthCall(arg0, arg1, arg2 interface{}) *gomock.Call { mr.mock.ctrl.T.Helper() - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "PreAuthCall", reflect.TypeOf((*MockAPI)(nil).PreAuthCall), arg0, arg1) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "PreAuthCall", reflect.TypeOf((*MockAPI)(nil).PreAuthCall), arg0, arg1, arg2) } |