/
configuration.go
94 lines (61 loc) · 2.42 KB
/
configuration.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
package validator
import (
"fmt"
"os"
"github.com/authelia/authelia/v4/internal/configuration/schema"
"github.com/authelia/authelia/v4/internal/utils"
)
// ValidateConfiguration and adapt the configuration read from file.
func ValidateConfiguration(config *schema.Configuration, validator *schema.StructValidator) {
var err error
if config.CertificatesDirectory != "" {
var info os.FileInfo
if info, err = os.Stat(config.CertificatesDirectory); err != nil {
validator.Push(fmt.Errorf("the location 'certificates_directory' could not be inspected: %w", err))
} else if !info.IsDir() {
validator.Push(fmt.Errorf("the location 'certificates_directory' refers to '%s' is not a directory", config.CertificatesDirectory))
}
}
validateDefault2FAMethod(config, validator)
ValidateTheme(config, validator)
ValidateLog(config, validator)
ValidateDuo(config, validator)
ValidateTOTP(config, validator)
ValidateWebAuthn(config, validator)
ValidateAuthenticationBackend(&config.AuthenticationBackend, validator)
ValidateAccessControl(config, validator)
ValidateRules(config, validator)
ValidateSession(config, validator)
ValidateRegulation(config, validator)
ValidateServer(config, validator)
ValidateTelemetry(config, validator)
ValidateStorage(config.Storage, validator)
ValidateNotifier(&config.Notifier, validator)
ValidateIdentityProviders(&config.IdentityProviders, validator)
ValidateIdentityValidation(config, validator)
ValidateNTP(config, validator)
ValidatePasswordPolicy(&config.PasswordPolicy, validator)
ValidatePrivacyPolicy(&config.PrivacyPolicy, validator)
}
func validateDefault2FAMethod(config *schema.Configuration, validator *schema.StructValidator) {
if config.Default2FAMethod == "" {
return
}
if !utils.IsStringInSlice(config.Default2FAMethod, validDefault2FAMethods) {
validator.Push(fmt.Errorf(errFmtInvalidDefault2FAMethod, strJoinOr(validDefault2FAMethods), config.Default2FAMethod))
return
}
var enabledMethods []string
if !config.TOTP.Disable {
enabledMethods = append(enabledMethods, "totp")
}
if !config.WebAuthn.Disable {
enabledMethods = append(enabledMethods, "webauthn")
}
if !config.DuoAPI.Disable {
enabledMethods = append(enabledMethods, "mobile_push")
}
if !utils.IsStringInSlice(config.Default2FAMethod, enabledMethods) {
validator.Push(fmt.Errorf(errFmtInvalidDefault2FAMethodDisabled, strJoinOr(enabledMethods), config.Default2FAMethod))
}
}