fix(configuration): missing trailing slash

[james-d-elliott]

The trailing slash in the Authelia URL when missing in the path can cause situations where a user can provide an invalid configuration and not be aware which can be rather difficult to diagnose. This fixes that issue by ensuring if there is a path that it ends with a '/'.

Summary by CodeRabbit

• Bug Fixes
  • Improved validation for session cookie URLs to ensure they are correctly formatted, enhancing the reliability of session management.
  • Updated error messages to include more accurate information when invalid portal URLs are detected, aiding in troubleshooting configuration issues.
  • Ignored internal/suites/ directory in the .yamllint.yml configuration file.

[authelia]

Artifacts

These changes are published for testing on Buildkite, DockerHub and GitHub Container Registry.

Docker Container

• docker pull authelia/authelia:fix-authelia-url
• docker pull ghcr.io/authelia/authelia:fix-authelia-url

[coderabbitai]

Walkthrough

The changes involve enhancing the handling of URLs in session cookie configurations within a security framework. A switch statement has been added to ensure that AutheliaURL.Path is correctly formatted, appending a slash where necessary. This update ensures consistent URL path handling. Additionally, unit tests have been updated to reflect and validate these changes, particularly focusing on the error messaging for invalid portal URLs, ensuring they are accurately tested against the updated logic.

Changes

File Path	Change Summary
.../validator/session.go	Added a switch statement to correctly format AutheliaURL.Path in validateSessionCookiesURLs.
.../validator/session_test.go	Updated error messages in tests to include a trailing slash for URL validation.

Related issues

• Server.path + F5 on login page #5902: The changes in this PR may address the issue where the Authelia login page JavaScript drops the trailing slash, leading to unexpected behavior. The enhancement in URL formatting could potentially prevent such issues, ensuring the server responds correctly to subpath requests.

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

• X
• Mastodon
• Reddit
• LinkedIn

---

Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>.
  • Generate unit-tests for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit tests for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai generate interesting stats about this repository and render them as a table.
  • @coderabbitai show all the console.log statements in this repository.
  • @coderabbitai read src/utils.ts and generate unit tests.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger a review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• The JSON schema for the configuration file is available here.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/coderabbit-overrides.v2.json

CodeRabbit Discord Community

Join our Discord Community to get help, request features, and share feedback.

[nightah]

LGTM.

[coderabbitai]

Review Status

Actionable comments generated: 1

Configuration used: CodeRabbit UI

Commits

Files that changed from the base of the PR and between 39b228b and 44d0508.

Files selected for processing (2)

• internal/configuration/validator/session.go (2 hunks)
• internal/configuration/validator/session_test.go (1 hunks)

Additional comments: 2

internal/configuration/validator/session.go (1)

• 219-219: The update to config.Cookies[i] with the modified d object is correctly placed to ensure that any changes made to the AutheliaURL.Path are saved back to the main configuration object. This is a crucial step to ensure that the validation changes are not lost.

internal/configuration/validator/session_test.go (1)

• 896-897: The updated test cases in TestShouldRaiseErrorWhenPortalURLIsInvalid correctly reflect the new expectation of a trailing slash in the URL values being checked. This ensures that the unit tests are aligned with the updated validation logic in the main codebase.

[netlify]

✅ Deploy Preview for authelia-staging ready!

Name	Link
🔨 Latest commit	f829ed3
🔍 Latest deploy log	https://app.netlify.com/sites/authelia-staging/deploys/65fa6266f957600008b90c36
😎 Deploy Preview	https://deploy-preview-6968--authelia-staging.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[coderabbitai]

Review Status

Actionable comments generated: 0

Configuration used: CodeRabbit UI

Commits

Files that changed from the base of the PR and between 39b228b and f829ed3.

Files selected for processing (3)

• .yamllint.yml (1 hunks)
• internal/configuration/validator/session.go (2 hunks)
• internal/configuration/validator/session_test.go (1 hunks)

Files skipped from review as they are similar to previous changes (2)

• internal/configuration/validator/session.go
• internal/configuration/validator/session_test.go

Additional comments: 1

.yamllint.yml (1)

• 20-20: The addition of internal/suites/ to the ignore list in .yamllint.yml is noted.

Please ensure that excluding this directory from YAML linting aligns with the project's standards and does not inadvertently skip important linting checks for new or existing YAML files within internal/suites/.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 73.39%. Comparing base (39b228b) to head (f829ed3).

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #6968      +/-   ##
==========================================
+ Coverage   73.37%   73.39%   +0.01%     
==========================================
  Files         345      345              
  Lines       29716    29724       +8     
  Branches      839      839              
==========================================
+ Hits        21804    21815      +11     
+ Misses       7041     7038       -3     
  Partials      871      871              

Flag	Coverage Δ
backend	74.26% <100.00%> (+0.01%)	⬆️
frontend	65.84% <ø> (+0.03%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files	Coverage Δ
internal/configuration/validator/session.go	100.00% <100.00%> (ø)

... and 4 files with indirect coverage changes