diff options
Diffstat (limited to 'internal/handlers/handler_configuration_test.go')
| -rw-r--r-- | internal/handlers/handler_configuration_test.go | 201 |
1 files changed, 133 insertions, 68 deletions
diff --git a/internal/handlers/handler_configuration_test.go b/internal/handlers/handler_configuration_test.go index ab69e87fd..f1f11e080 100644 --- a/internal/handlers/handler_configuration_test.go +++ b/internal/handlers/handler_configuration_test.go @@ -28,106 +28,171 @@ func (s *SecondFactorAvailableMethodsFixture) TearDownTest() { s.mock.Close() } -func (s *SecondFactorAvailableMethodsFixture) TestShouldServeDefaultMethods() { - expectedBody := configurationBody{ - AvailableMethods: []string{"totp", "u2f"}, - SecondFactorEnabled: false, - } +func (s *SecondFactorAvailableMethodsFixture) TestShouldHaveAllConfiguredMethods() { + s.mock.Ctx.Configuration = schema.Configuration{ + DuoAPI: &schema.DuoAPIConfiguration{}, + TOTP: schema.TOTPConfiguration{ + Disable: false, + }, + Webauthn: schema.WebauthnConfiguration{ + Disable: false, + }, + AccessControl: schema.AccessControlConfiguration{ + DefaultPolicy: "deny", + Rules: []schema.ACLRule{ + { + Domains: []string{"example.com"}, + Policy: "two_factor", + }, + }, + }} + + s.mock.Ctx.Providers.Authorizer = authorization.NewAuthorizer(&s.mock.Ctx.Configuration) ConfigurationGet(s.mock.Ctx) - s.mock.Assert200OK(s.T(), expectedBody) + + s.mock.Assert200OK(s.T(), configurationBody{ + AvailableMethods: []string{"totp", "webauthn", "mobile_push"}, + }) } -func (s *SecondFactorAvailableMethodsFixture) TestShouldServeDefaultMethodsAndMobilePush() { +func (s *SecondFactorAvailableMethodsFixture) TestShouldRemoveTOTPFromAvailableMethodsWhenDisabled() { s.mock.Ctx.Configuration = schema.Configuration{ DuoAPI: &schema.DuoAPIConfiguration{}, - } - expectedBody := configurationBody{ - AvailableMethods: []string{"totp", "u2f", "mobile_push"}, - SecondFactorEnabled: false, - } + TOTP: schema.TOTPConfiguration{ + Disable: true, + }, + Webauthn: schema.WebauthnConfiguration{ + Disable: false, + }, + AccessControl: schema.AccessControlConfiguration{ + DefaultPolicy: "deny", + Rules: []schema.ACLRule{ + { + Domains: []string{"example.com"}, + Policy: "two_factor", + }, + }, + }} + + s.mock.Ctx.Providers.Authorizer = authorization.NewAuthorizer(&s.mock.Ctx.Configuration) ConfigurationGet(s.mock.Ctx) - s.mock.Assert200OK(s.T(), expectedBody) + + s.mock.Assert200OK(s.T(), configurationBody{ + AvailableMethods: []string{"webauthn", "mobile_push"}, + }) } -func (s *SecondFactorAvailableMethodsFixture) TestShouldCheckSecondFactorIsDisabledWhenNoRuleIsSetToTwoFactor() { - s.mock.Ctx.Providers.Authorizer = authorization.NewAuthorizer( - &schema.Configuration{ - AccessControl: schema.AccessControlConfiguration{ - DefaultPolicy: "bypass", - Rules: []schema.ACLRule{ - { - Domains: []string{"example.com"}, - Policy: "deny", - }, - { - Domains: []string{"abc.example.com"}, - Policy: "single_factor", - }, - { - Domains: []string{"def.example.com"}, - Policy: "bypass", - }, +func (s *SecondFactorAvailableMethodsFixture) TestShouldRemoveWebauthnFromAvailableMethodsWhenDisabled() { + s.mock.Ctx.Configuration = schema.Configuration{ + DuoAPI: &schema.DuoAPIConfiguration{}, + TOTP: schema.TOTPConfiguration{ + Disable: false, + }, + Webauthn: schema.WebauthnConfiguration{ + Disable: true, + }, + AccessControl: schema.AccessControlConfiguration{ + DefaultPolicy: "deny", + Rules: []schema.ACLRule{ + { + Domains: []string{"example.com"}, + Policy: "two_factor", }, - }}) + }, + }} + + s.mock.Ctx.Providers.Authorizer = authorization.NewAuthorizer(&s.mock.Ctx.Configuration) + ConfigurationGet(s.mock.Ctx) + s.mock.Assert200OK(s.T(), configurationBody{ - AvailableMethods: []string{"totp", "u2f"}, - SecondFactorEnabled: false, + AvailableMethods: []string{"totp", "mobile_push"}, }) } -func (s *SecondFactorAvailableMethodsFixture) TestShouldCheckSecondFactorIsEnabledWhenDefaultPolicySetToTwoFactor() { - s.mock.Ctx.Providers.Authorizer = authorization.NewAuthorizer(&schema.Configuration{ +func (s *SecondFactorAvailableMethodsFixture) TestShouldRemoveDuoFromAvailableMethodsWhenNotConfigured() { + s.mock.Ctx.Configuration = schema.Configuration{ + DuoAPI: nil, + TOTP: schema.TOTPConfiguration{ + Disable: false, + }, + Webauthn: schema.WebauthnConfiguration{ + Disable: false, + }, AccessControl: schema.AccessControlConfiguration{ - DefaultPolicy: "two_factor", + DefaultPolicy: "deny", Rules: []schema.ACLRule{ { Domains: []string{"example.com"}, - Policy: "deny", - }, - { - Domains: []string{"abc.example.com"}, - Policy: "single_factor", + Policy: "two_factor", }, + }, + }} + + s.mock.Ctx.Providers.Authorizer = authorization.NewAuthorizer(&s.mock.Ctx.Configuration) + + ConfigurationGet(s.mock.Ctx) + + s.mock.Assert200OK(s.T(), configurationBody{ + AvailableMethods: []string{"totp", "webauthn"}, + }) +} + +func (s *SecondFactorAvailableMethodsFixture) TestShouldRemoveAllMethodsWhenNoTwoFactorACLRulesConfigured() { + s.mock.Ctx.Configuration = schema.Configuration{ + DuoAPI: &schema.DuoAPIConfiguration{}, + TOTP: schema.TOTPConfiguration{ + Disable: false, + }, + Webauthn: schema.WebauthnConfiguration{ + Disable: false, + }, + AccessControl: schema.AccessControlConfiguration{ + DefaultPolicy: "deny", + Rules: []schema.ACLRule{ { - Domains: []string{"def.example.com"}, - Policy: "bypass", + Domains: []string{"example.com"}, + Policy: "one_factor", }, }, - }}) + }} + + s.mock.Ctx.Providers.Authorizer = authorization.NewAuthorizer(&s.mock.Ctx.Configuration) + ConfigurationGet(s.mock.Ctx) + s.mock.Assert200OK(s.T(), configurationBody{ - AvailableMethods: []string{"totp", "u2f"}, - SecondFactorEnabled: true, + AvailableMethods: []string{}, }) } -func (s *SecondFactorAvailableMethodsFixture) TestShouldCheckSecondFactorIsEnabledWhenSomePolicySetToTwoFactor() { - s.mock.Ctx.Providers.Authorizer = authorization.NewAuthorizer( - &schema.Configuration{ - AccessControl: schema.AccessControlConfiguration{ - DefaultPolicy: "bypass", - Rules: []schema.ACLRule{ - { - Domains: []string{"example.com"}, - Policy: "deny", - }, - { - Domains: []string{"abc.example.com"}, - Policy: "two_factor", - }, - { - Domains: []string{"def.example.com"}, - Policy: "bypass", - }, +func (s *SecondFactorAvailableMethodsFixture) TestShouldRemoveAllMethodsWhenAllDisabledOrNotConfigured() { + s.mock.Ctx.Configuration = schema.Configuration{ + DuoAPI: nil, + TOTP: schema.TOTPConfiguration{ + Disable: true, + }, + Webauthn: schema.WebauthnConfiguration{ + Disable: true, + }, + AccessControl: schema.AccessControlConfiguration{ + DefaultPolicy: "deny", + Rules: []schema.ACLRule{ + { + Domains: []string{"example.com"}, + Policy: "two_factor", }, - }}) + }, + }} + + s.mock.Ctx.Providers.Authorizer = authorization.NewAuthorizer(&s.mock.Ctx.Configuration) + ConfigurationGet(s.mock.Ctx) + s.mock.Assert200OK(s.T(), configurationBody{ - AvailableMethods: []string{"totp", "u2f"}, - SecondFactorEnabled: true, + AvailableMethods: []string{}, }) } |