summaryrefslogtreecommitdiff
path: root/experimental/embed/config_test.go
diff options
context:
space:
mode:
Diffstat (limited to 'experimental/embed/config_test.go')
-rw-r--r--experimental/embed/config_test.go195
1 files changed, 195 insertions, 0 deletions
diff --git a/experimental/embed/config_test.go b/experimental/embed/config_test.go
new file mode 100644
index 000000000..eb0ce6e2f
--- /dev/null
+++ b/experimental/embed/config_test.go
@@ -0,0 +1,195 @@
+package embed
+
+import (
+ "testing"
+
+ "github.com/stretchr/testify/assert"
+ "github.com/stretchr/testify/require"
+
+ "github.com/authelia/authelia/v4/internal/configuration"
+)
+
+func TestNewConfiguration(t *testing.T) {
+ testCases := []struct {
+ name string
+ paths []string
+ filters []configuration.BytesFilter
+ keys []string
+ warnings []string
+ errors []string
+ err string
+ }{
+ {
+ name: "ShouldHandleWebAuthn",
+ paths: []string{"../../internal/configuration/test_resources/config.webauthn.yml"},
+ keys: []string{
+ "server.endpoints.rate_limits.reset_password_finish.enable",
+ "server.endpoints.rate_limits.reset_password_start.enable",
+ "server.endpoints.rate_limits.second_factor_duo.enable",
+ "server.endpoints.rate_limits.second_factor_totp.enable",
+ "server.endpoints.rate_limits.session_elevation_finish.enable",
+ "server.endpoints.rate_limits.session_elevation_start.enable",
+ "webauthn.selection_criteria.attachment",
+ "webauthn.selection_criteria.discoverability",
+ "webauthn.selection_criteria.user_verification",
+ },
+ warnings: nil,
+ errors: []string{
+ "identity_validation: reset_password: option 'jwt_secret' is required when the reset password functionality isn't disabled",
+ "authentication_backend: you must ensure either the 'file' or 'ldap' authentication backend is configured",
+ "access_control: 'default_policy' option 'deny' is invalid: when no rules are specified it must be 'two_factor' or 'one_factor'",
+ "session: option 'cookies' is required",
+ "storage: option 'encryption_key' is required",
+ "storage: configuration for a 'local', 'mysql' or 'postgres' database must be provided",
+ "notifier: you must ensure either the 'smtp' or 'filesystem' notifier is configured",
+ },
+ },
+ {
+ name: "ShouldHandleConfigWithDefinitions",
+ paths: []string{"../../internal/configuration/test_resources/config_with_definitions.yml"},
+ keys: []string{
+ "access_control.default_policy",
+ "access_control.networks",
+ "access_control.networks[].name",
+ "access_control.networks[].networks",
+ "access_control.rules",
+ "access_control.rules[].domain",
+ "access_control.rules[].networks",
+ "access_control.rules[].policy",
+ "access_control.rules[].resources",
+ "access_control.rules[].subject",
+ "authentication_backend.ldap.additional_groups_dn",
+ "authentication_backend.ldap.additional_users_dn",
+ "authentication_backend.ldap.address",
+ "authentication_backend.ldap.attributes.group_name",
+ "authentication_backend.ldap.attributes.mail",
+ "authentication_backend.ldap.attributes.username",
+ "authentication_backend.ldap.base_dn",
+ "authentication_backend.ldap.groups_filter",
+ "authentication_backend.ldap.tls.private_key",
+ "authentication_backend.ldap.user",
+ "authentication_backend.ldap.users_filter",
+ "authentication_backend.refresh_interval",
+ "definitions.network.lan",
+ "definitions.user_attributes.example.expression",
+ "duo_api.hostname",
+ "duo_api.integration_key",
+ "log.level",
+ "notifier.smtp.address",
+ "notifier.smtp.disable_require_tls",
+ "notifier.smtp.sender",
+ "notifier.smtp.username",
+ "regulation.ban_time",
+ "regulation.find_time",
+ "regulation.max_retries",
+ "server.address",
+ "server.endpoints.authz.auth-request.authn_strategies",
+ "server.endpoints.authz.auth-request.authn_strategies[].name",
+ "server.endpoints.authz.auth-request.implementation",
+ "server.endpoints.authz.ext-authz.authn_strategies",
+ "server.endpoints.authz.ext-authz.authn_strategies[].name",
+ "server.endpoints.authz.ext-authz.implementation",
+ "server.endpoints.authz.forward-auth.authn_strategies",
+ "server.endpoints.authz.forward-auth.authn_strategies[].name",
+ "server.endpoints.authz.forward-auth.implementation",
+ "server.endpoints.authz.legacy.implementation",
+ "server.endpoints.rate_limits.reset_password_finish.enable",
+ "server.endpoints.rate_limits.reset_password_start.enable",
+ "server.endpoints.rate_limits.second_factor_duo.enable",
+ "server.endpoints.rate_limits.second_factor_totp.enable",
+ "server.endpoints.rate_limits.session_elevation_finish.enable",
+ "server.endpoints.rate_limits.session_elevation_start.enable",
+ "session.cookies",
+ "session.cookies[].authelia_url",
+ "session.cookies[].default_redirection_url",
+ "session.cookies[].domain",
+ "session.expiration",
+ "session.inactivity",
+ "session.name",
+ "session.redis.high_availability.sentinel_name",
+ "session.redis.host",
+ "session.redis.port",
+ "storage.mysql.address",
+ "storage.mysql.database",
+ "storage.mysql.username",
+ "totp.issuer",
+ "webauthn.selection_criteria.discoverability",
+ "webauthn.selection_criteria.user_verification",
+ },
+ warnings: nil,
+ errors: []string{
+ "duo_api: option 'secret_key' is required when duo is enabled but it's absent",
+ "identity_validation: reset_password: option 'jwt_secret' is required when the reset password functionality isn't disabled",
+ "authentication_backend: ldap: option 'password' is required",
+ "session: option 'secret' is required when using the 'redis' provider",
+ "storage: option 'encryption_key' is required",
+ },
+ },
+ }
+
+ for _, tc := range testCases {
+ t.Run(tc.name, func(t *testing.T) {
+ t.Run("Individual", func(t *testing.T) {
+ keys, config, val, err := NewConfiguration(tc.paths, tc.filters)
+
+ assert.Equal(t, tc.keys, keys)
+
+ if tc.err != "" {
+ assert.EqualError(t, err, tc.err)
+ assert.Nil(t, config)
+ } else {
+ assert.NoError(t, err)
+ assert.NotNil(t, config)
+ ValidateConfigurationKeys(keys, val)
+ ValidateConfiguration(config, val)
+ }
+
+ require.Len(t, val.Warnings(), len(tc.warnings))
+ require.Len(t, val.Errors(), len(tc.errors))
+
+ for i, err := range val.Warnings() {
+ assert.EqualError(t, err, tc.warnings[i])
+ }
+
+ for i, err := range val.Errors() {
+ assert.EqualError(t, err, tc.errors[i])
+ }
+ })
+ t.Run("Combined", func(t *testing.T) {
+ keys, config, val, err := NewConfiguration(tc.paths, tc.filters)
+
+ assert.Equal(t, tc.keys, keys)
+
+ if tc.err != "" {
+ assert.EqualError(t, err, tc.err)
+ assert.Nil(t, config)
+ } else {
+ assert.NoError(t, err)
+ assert.NotNil(t, config)
+ ValidateConfigurationAndKeys(config, keys, val)
+ }
+
+ require.Len(t, val.Warnings(), len(tc.warnings))
+ require.Len(t, val.Errors(), len(tc.errors))
+
+ for i, err := range val.Warnings() {
+ assert.EqualError(t, err, tc.warnings[i])
+ }
+
+ for i, err := range val.Errors() {
+ assert.EqualError(t, err, tc.errors[i])
+ }
+ })
+ })
+ }
+}
+
+func TestNewNamedConfigFileFilters(t *testing.T) {
+ filters, err := NewNamedConfigFileFilters("abc")
+ assert.Nil(t, filters)
+ assert.EqualError(t, err, "error occurred loading filters: invalid filter named 'abc'")
+
+ filters, err = NewNamedConfigFileFilters("template")
+ assert.NotNil(t, filters)
+ assert.NoError(t, err)
+}