mirror of https://github.com/authelia/authelia.git
500 lines
16 KiB
Go
500 lines
16 KiB
Go
package configuration
|
|
|
|
import (
|
|
"fmt"
|
|
"path"
|
|
"strconv"
|
|
|
|
"github.com/authelia/authelia/v4/internal/configuration/schema"
|
|
"github.com/authelia/authelia/v4/internal/model"
|
|
"github.com/authelia/authelia/v4/internal/utils"
|
|
)
|
|
|
|
// Deprecation represents a deprecated configuration key.
|
|
type Deprecation struct {
|
|
Version model.SemanticVersion
|
|
Key string
|
|
NewKey string
|
|
AutoMap bool
|
|
Keep bool
|
|
MapFunc func(value any) any
|
|
ErrFunc func(d Deprecation, keysFinal map[string]any, value any, val *schema.StructValidator)
|
|
}
|
|
|
|
var deprecations = map[string]Deprecation{
|
|
"logs_level": {
|
|
Version: model.SemanticVersion{Major: 4, Minor: 7},
|
|
Key: "logs_level",
|
|
NewKey: "log.level",
|
|
AutoMap: true,
|
|
MapFunc: nil,
|
|
ErrFunc: nil,
|
|
},
|
|
"logs_file": {
|
|
Version: model.SemanticVersion{Major: 4, Minor: 7},
|
|
Key: "logs_file",
|
|
NewKey: "log.file_path",
|
|
AutoMap: true,
|
|
MapFunc: nil,
|
|
ErrFunc: nil,
|
|
},
|
|
"authentication_backend.ldap.skip_verify": {
|
|
Version: model.SemanticVersion{Major: 4, Minor: 25},
|
|
Key: "authentication_backend.ldap.skip_verify",
|
|
NewKey: "authentication_backend.ldap.tls.skip_verify",
|
|
AutoMap: true,
|
|
MapFunc: nil,
|
|
ErrFunc: nil,
|
|
},
|
|
"authentication_backend.ldap.minimum_tls_version": {
|
|
Version: model.SemanticVersion{Major: 4, Minor: 25},
|
|
Key: "authentication_backend.ldap.minimum_tls_version",
|
|
NewKey: "authentication_backend.ldap.tls.minimum_version",
|
|
AutoMap: true,
|
|
MapFunc: nil,
|
|
ErrFunc: nil,
|
|
},
|
|
"notifier.smtp.disable_verify_cert": {
|
|
Version: model.SemanticVersion{Major: 4, Minor: 25},
|
|
Key: "notifier.smtp.disable_verify_cert",
|
|
NewKey: "notifier.smtp.tls.skip_verify",
|
|
AutoMap: true,
|
|
MapFunc: nil,
|
|
ErrFunc: nil,
|
|
},
|
|
"notifier.smtp.trusted_cert": {
|
|
Version: model.SemanticVersion{Major: 4, Minor: 25},
|
|
Key: "notifier.smtp.trusted_cert",
|
|
NewKey: "certificates_directory",
|
|
AutoMap: false,
|
|
MapFunc: nil,
|
|
ErrFunc: nil,
|
|
},
|
|
"host": {
|
|
Version: model.SemanticVersion{Major: 4, Minor: 30},
|
|
Key: "host",
|
|
NewKey: "server.host",
|
|
AutoMap: true,
|
|
MapFunc: nil,
|
|
ErrFunc: nil,
|
|
},
|
|
"port": {
|
|
Version: model.SemanticVersion{Major: 4, Minor: 30},
|
|
Key: "port",
|
|
NewKey: "server.port",
|
|
AutoMap: true,
|
|
MapFunc: nil,
|
|
ErrFunc: nil,
|
|
},
|
|
"tls_key": {
|
|
Version: model.SemanticVersion{Major: 4, Minor: 30},
|
|
Key: "tls_key",
|
|
NewKey: "server.tls.key",
|
|
AutoMap: true,
|
|
MapFunc: nil,
|
|
ErrFunc: nil,
|
|
},
|
|
"tls_cert": {
|
|
Version: model.SemanticVersion{Major: 4, Minor: 30},
|
|
Key: "tls_cert",
|
|
NewKey: "server.tls.certificate",
|
|
AutoMap: true,
|
|
MapFunc: nil,
|
|
ErrFunc: nil,
|
|
},
|
|
"log_level": {
|
|
Version: model.SemanticVersion{Major: 4, Minor: 30},
|
|
Key: "log_level",
|
|
NewKey: "log.level",
|
|
AutoMap: true,
|
|
MapFunc: nil,
|
|
ErrFunc: nil,
|
|
},
|
|
"log_file_path": {
|
|
Version: model.SemanticVersion{Major: 4, Minor: 30},
|
|
Key: "log_file_path",
|
|
NewKey: "log.file_path",
|
|
AutoMap: true,
|
|
MapFunc: nil,
|
|
ErrFunc: nil,
|
|
},
|
|
"log_format": {
|
|
Version: model.SemanticVersion{Major: 4, Minor: 30},
|
|
Key: "log_format",
|
|
NewKey: "log.format",
|
|
AutoMap: true,
|
|
MapFunc: nil,
|
|
ErrFunc: nil,
|
|
},
|
|
"storage.postgres.sslmode": {
|
|
Version: model.SemanticVersion{Major: 4, Minor: 36},
|
|
Key: "storage.postgres.sslmode",
|
|
NewKey: "storage.postgres.ssl.mode",
|
|
AutoMap: true,
|
|
MapFunc: nil,
|
|
ErrFunc: nil,
|
|
},
|
|
"authentication_backend.disable_reset_password": {
|
|
Version: model.SemanticVersion{Major: 4, Minor: 36},
|
|
Key: "authentication_backend.disable_reset_password",
|
|
NewKey: "authentication_backend.password_reset.disable",
|
|
AutoMap: true,
|
|
MapFunc: nil,
|
|
ErrFunc: nil,
|
|
},
|
|
"server.read_buffer_size": {
|
|
Version: model.SemanticVersion{Major: 4, Minor: 36},
|
|
Key: "server.read_buffer_size",
|
|
NewKey: "server.buffers.read",
|
|
AutoMap: true,
|
|
MapFunc: nil,
|
|
ErrFunc: nil,
|
|
},
|
|
"server.write_buffer_size": {
|
|
Version: model.SemanticVersion{Major: 4, Minor: 36},
|
|
Key: "server.write_buffer_size",
|
|
NewKey: "server.buffers.write",
|
|
AutoMap: true,
|
|
MapFunc: nil,
|
|
ErrFunc: nil,
|
|
},
|
|
"session.remember_me_duration": {
|
|
Version: model.SemanticVersion{Major: 4, Minor: 38},
|
|
Key: "session.remember_me_duration",
|
|
NewKey: "session.remember_me",
|
|
AutoMap: true,
|
|
MapFunc: nil,
|
|
ErrFunc: nil,
|
|
},
|
|
"server.enable_pprof": {
|
|
Version: model.SemanticVersion{Major: 4, Minor: 38},
|
|
Key: "server.enable_pprof",
|
|
NewKey: "server.endpoints.enable_pprof",
|
|
AutoMap: true,
|
|
MapFunc: nil,
|
|
ErrFunc: nil,
|
|
},
|
|
"server.enable_expvars": {
|
|
Version: model.SemanticVersion{Major: 4, Minor: 38},
|
|
Key: "server.enable_expvars",
|
|
NewKey: "server.endpoints.enable_expvars",
|
|
AutoMap: true,
|
|
MapFunc: nil,
|
|
ErrFunc: nil,
|
|
},
|
|
"identity_providers.oidc.clients[].userinfo_signing_algorithm": {
|
|
Version: model.SemanticVersion{Major: 4, Minor: 38},
|
|
Key: "identity_providers.oidc.clients[].userinfo_signing_algorithm",
|
|
NewKey: "identity_providers.oidc.clients[].userinfo_signed_response_alg",
|
|
AutoMap: true,
|
|
MapFunc: nil,
|
|
ErrFunc: nil,
|
|
},
|
|
"identity_providers.oidc.clients[].id": {
|
|
Version: model.SemanticVersion{Major: 4, Minor: 38},
|
|
Key: "identity_providers.oidc.clients[].id",
|
|
NewKey: "identity_providers.oidc.clients[].client_id",
|
|
AutoMap: true,
|
|
MapFunc: nil,
|
|
ErrFunc: nil,
|
|
},
|
|
"identity_providers.oidc.clients[].secret": {
|
|
Version: model.SemanticVersion{Major: 4, Minor: 38},
|
|
Key: "identity_providers.oidc.clients[].secret",
|
|
NewKey: "identity_providers.oidc.clients[].client_secret",
|
|
AutoMap: true,
|
|
MapFunc: nil,
|
|
ErrFunc: nil,
|
|
},
|
|
"identity_providers.oidc.clients[].description": {
|
|
Version: model.SemanticVersion{Major: 4, Minor: 38},
|
|
Key: "identity_providers.oidc.clients[].description",
|
|
NewKey: "identity_providers.oidc.clients[].client_name",
|
|
AutoMap: true,
|
|
MapFunc: nil,
|
|
ErrFunc: nil,
|
|
},
|
|
"identity_providers.oidc.clients[].sector_identifier": {
|
|
Version: model.SemanticVersion{Major: 4, Minor: 38},
|
|
Key: "identity_providers.oidc.clients[].sector_identifier",
|
|
NewKey: "identity_providers.oidc.clients[].sector_identifier_uri",
|
|
AutoMap: true,
|
|
MapFunc: nil,
|
|
ErrFunc: nil,
|
|
},
|
|
"identity_providers.oidc.access_token_lifespan": {
|
|
Version: model.SemanticVersion{Major: 4, Minor: 38},
|
|
Key: "identity_providers.oidc.access_token_lifespan",
|
|
NewKey: "identity_providers.oidc.lifespans.access_token",
|
|
AutoMap: true,
|
|
MapFunc: nil,
|
|
ErrFunc: nil,
|
|
},
|
|
"identity_providers.oidc.authorize_code_lifespan": {
|
|
Version: model.SemanticVersion{Major: 4, Minor: 38},
|
|
Key: "identity_providers.oidc.authorize_code_lifespan",
|
|
NewKey: "identity_providers.oidc.lifespans.authorize_code",
|
|
AutoMap: true,
|
|
MapFunc: nil,
|
|
ErrFunc: nil,
|
|
},
|
|
"identity_providers.oidc.id_token_lifespan": {
|
|
Version: model.SemanticVersion{Major: 4, Minor: 38},
|
|
Key: "identity_providers.oidc.id_token_lifespan",
|
|
NewKey: "identity_providers.oidc.lifespans.id_token",
|
|
AutoMap: true,
|
|
MapFunc: nil,
|
|
ErrFunc: nil,
|
|
},
|
|
"identity_providers.oidc.refresh_token_lifespan": {
|
|
Version: model.SemanticVersion{Major: 4, Minor: 38},
|
|
Key: "identity_providers.oidc.refresh_token_lifespan",
|
|
NewKey: "identity_providers.oidc.lifespans.refresh_token",
|
|
AutoMap: true,
|
|
MapFunc: nil,
|
|
ErrFunc: nil,
|
|
},
|
|
"identity_providers.oidc.issuer_private_key": {
|
|
Version: model.SemanticVersion{Major: 4, Minor: 38},
|
|
Key: "identity_providers.oidc.issuer_private_key",
|
|
NewKey: "identity_providers.oidc.jwks",
|
|
AutoMap: false,
|
|
MapFunc: nil,
|
|
ErrFunc: func(d Deprecation, keysFinal map[string]any, value any, val *schema.StructValidator) {
|
|
val.PushWarning(fmt.Errorf(errFmtAutoMapKey+" : see https://www.authelia.com/c/oidc for more information", d.Key, d.Version, d.NewKey, d.Version.NextMajor()))
|
|
},
|
|
},
|
|
"identity_providers.oidc.issuer_certificate_chain": {
|
|
Version: model.SemanticVersion{Major: 4, Minor: 38},
|
|
Key: "identity_providers.oidc.issuer_certificate_chain",
|
|
NewKey: "identity_providers.oidc.jwks",
|
|
AutoMap: false,
|
|
MapFunc: nil,
|
|
ErrFunc: func(d Deprecation, keysFinal map[string]any, value any, val *schema.StructValidator) {
|
|
val.PushWarning(fmt.Errorf("configuration key '%s' is deprecated in %s and should be configured using the new configuration key '%s': this has been automatically mapped for you but you will need to adjust your configuration (see https://www.authelia.com/c/oidc) to remove this message", d.Key, d.Version, d.NewKey))
|
|
},
|
|
},
|
|
"authentication_backend.ldap.url": {
|
|
Version: model.SemanticVersion{Major: 4, Minor: 38},
|
|
Key: "authentication_backend.ldap.url",
|
|
NewKey: "authentication_backend.ldap.address",
|
|
AutoMap: true,
|
|
MapFunc: nil,
|
|
ErrFunc: nil,
|
|
},
|
|
"authentication_backend.ldap.username_attribute": {
|
|
Version: model.SemanticVersion{Major: 4, Minor: 38},
|
|
Key: "authentication_backend.ldap.username_attribute",
|
|
NewKey: "authentication_backend.ldap.attributes.username",
|
|
AutoMap: true,
|
|
MapFunc: nil,
|
|
ErrFunc: nil,
|
|
},
|
|
"authentication_backend.ldap.mail_attribute": {
|
|
Version: model.SemanticVersion{Major: 4, Minor: 38},
|
|
Key: "authentication_backend.ldap.mail_attribute",
|
|
NewKey: "authentication_backend.ldap.attributes.mail",
|
|
AutoMap: true,
|
|
MapFunc: nil,
|
|
ErrFunc: nil,
|
|
},
|
|
"authentication_backend.ldap.display_name_attribute": {
|
|
Version: model.SemanticVersion{Major: 4, Minor: 38},
|
|
Key: "authentication_backend.ldap.display_name_attribute",
|
|
NewKey: "authentication_backend.ldap.attributes.display_name",
|
|
AutoMap: true,
|
|
MapFunc: nil,
|
|
ErrFunc: nil,
|
|
},
|
|
"authentication_backend.ldap.group_name_attribute": {
|
|
Version: model.SemanticVersion{Major: 4, Minor: 38},
|
|
Key: "authentication_backend.ldap.group_name_attribute",
|
|
NewKey: "authentication_backend.ldap.attributes.group_name",
|
|
AutoMap: true,
|
|
MapFunc: nil,
|
|
ErrFunc: nil,
|
|
},
|
|
"jwt_secret": {
|
|
Version: model.SemanticVersion{Major: 4, Minor: 38},
|
|
Key: "jwt_secret",
|
|
NewKey: "identity_validation.reset_password.jwt_secret",
|
|
AutoMap: true,
|
|
MapFunc: nil,
|
|
ErrFunc: nil,
|
|
},
|
|
}
|
|
|
|
// MultiKeyMappedDeprecation represents a deprecated configuration key.
|
|
type MultiKeyMappedDeprecation struct {
|
|
Version model.SemanticVersion
|
|
Keys []string
|
|
NewKey string
|
|
MapFunc func(d MultiKeyMappedDeprecation, keys map[string]any, val *schema.StructValidator)
|
|
}
|
|
|
|
var deprecationsMKM = []MultiKeyMappedDeprecation{
|
|
{
|
|
Version: model.SemanticVersion{Major: 4, Minor: 38},
|
|
Keys: []string{"notifier.smtp.host", "notifier.smtp.port"},
|
|
NewKey: "notifier.smtp.address",
|
|
MapFunc: func(d MultiKeyMappedDeprecation, keys map[string]any, val *schema.StructValidator) {
|
|
host, port, err := getHostPort("notifier.smtp.host", "notifier.smtp.port", schema.DefaultSMTPNotifierConfiguration.Address.Host(), schema.DefaultSMTPNotifierConfiguration.Address.Port(), keys)
|
|
if err != nil {
|
|
val.Push(fmt.Errorf(errFmtMultiKeyMappingPortConvert, utils.StringJoinAnd(d.Keys), d.NewKey, err))
|
|
|
|
return
|
|
}
|
|
|
|
address := schema.NewSMTPAddress("", host, port)
|
|
|
|
val.PushWarning(fmt.Errorf(errFmtMultiRemappedKeys, utils.StringJoinAnd(d.Keys), d.Version, d.NewKey, "[tcp://]<hostname>[:<port>]", address.String(), d.Version.NextMajor()))
|
|
|
|
keys[d.NewKey] = address.String()
|
|
|
|
for _, key := range d.Keys {
|
|
delete(keys, key)
|
|
}
|
|
},
|
|
},
|
|
{
|
|
Version: model.SemanticVersion{Major: 4, Minor: 38},
|
|
Keys: []string{keyStoragePostgresHost, keyStoragePostgresPort},
|
|
NewKey: "storage.postgres.address",
|
|
MapFunc: func(d MultiKeyMappedDeprecation, keys map[string]any, val *schema.StructValidator) {
|
|
host, port, err := getHostPort(keyStoragePostgresHost, keyStoragePostgresPort, schema.DefaultPostgreSQLStorageConfiguration.Address.Host(), schema.DefaultPostgreSQLStorageConfiguration.Address.Port(), keys)
|
|
if err != nil {
|
|
val.Push(fmt.Errorf(errFmtMultiKeyMappingPortConvert, utils.StringJoinAnd(d.Keys), d.NewKey, err))
|
|
|
|
return
|
|
}
|
|
|
|
if address, err := schema.NewAddressFromNetworkValuesDefault(host, port, schema.AddressSchemeTCP, schema.AddressSchemeUnix); err != nil {
|
|
val.Push(fmt.Errorf("storage: %s: option 'address' failed to parse options 'host' and 'port' for mapping: %w", "postgres", err))
|
|
} else {
|
|
keys[d.NewKey] = address.String()
|
|
|
|
val.PushWarning(fmt.Errorf(errFmtMultiRemappedKeys, utils.StringJoinAnd(d.Keys), d.Version, d.NewKey, "[tcp://]<hostname>[:<port>]", address.String(), d.Version.NextMajor()))
|
|
|
|
for _, key := range d.Keys {
|
|
delete(keys, key)
|
|
}
|
|
}
|
|
},
|
|
},
|
|
{
|
|
Version: model.SemanticVersion{Major: 4, Minor: 38},
|
|
Keys: []string{keyStorageMySQLHost, keyStorageMySQLPort},
|
|
NewKey: "storage.mysql.address",
|
|
MapFunc: func(d MultiKeyMappedDeprecation, keys map[string]any, val *schema.StructValidator) {
|
|
host, port, err := getHostPort(keyStorageMySQLHost, keyStorageMySQLPort, schema.DefaultMySQLStorageConfiguration.Address.Host(), schema.DefaultMySQLStorageConfiguration.Address.Port(), keys)
|
|
if err != nil {
|
|
val.Push(fmt.Errorf(errFmtMultiKeyMappingPortConvert, utils.StringJoinAnd(d.Keys), d.NewKey, err))
|
|
|
|
return
|
|
}
|
|
|
|
if address, err := schema.NewAddressFromNetworkValuesDefault(host, port, schema.AddressSchemeTCP, schema.AddressSchemeUnix); err != nil {
|
|
val.Push(fmt.Errorf("storage: %s: option 'address' failed to parse options 'host' and 'port' for mapping: %w", "mysql", err))
|
|
} else {
|
|
keys[d.NewKey] = address.String()
|
|
|
|
val.PushWarning(fmt.Errorf(errFmtMultiRemappedKeys, utils.StringJoinAnd(d.Keys), d.Version, d.NewKey, "[tcp://]<hostname>[:<port>]", address.String(), d.Version.NextMajor()))
|
|
|
|
for _, key := range d.Keys {
|
|
delete(keys, key)
|
|
}
|
|
}
|
|
},
|
|
},
|
|
{
|
|
Version: model.SemanticVersion{Major: 4, Minor: 38},
|
|
Keys: []string{keyServerHost, keyServerPort, keyServerPath},
|
|
NewKey: "server.address",
|
|
MapFunc: func(d MultiKeyMappedDeprecation, keys map[string]any, val *schema.StructValidator) {
|
|
host, port, err := getHostPort(keyServerHost, keyServerPort, schema.DefaultServerConfiguration.Address.Hostname(), schema.DefaultServerConfiguration.Address.Port(), keys)
|
|
if err != nil {
|
|
val.Push(fmt.Errorf(errFmtMultiKeyMappingPortConvert, utils.StringJoinAnd(d.Keys), d.NewKey, err))
|
|
|
|
return
|
|
}
|
|
|
|
var (
|
|
v any
|
|
ok bool
|
|
subpath string
|
|
)
|
|
|
|
if v, ok = keys[keyServerPath]; ok {
|
|
subpath, _ = v.(string)
|
|
}
|
|
|
|
switch subpath {
|
|
case "":
|
|
subpath = schema.DefaultServerConfiguration.Address.Path()
|
|
default:
|
|
subpath = path.Clean("/" + subpath)
|
|
}
|
|
|
|
address := &schema.AddressTCP{Address: schema.NewAddressFromNetworkValues(schema.AddressSchemeTCP, host, port)}
|
|
|
|
address.SetPath(subpath)
|
|
|
|
val.PushWarning(fmt.Errorf(errFmtMultiRemappedKeys, utils.StringJoinAnd(d.Keys), d.Version, d.NewKey, "[tcp[(4|6)]://]<hostname>[:<port>][/<path>]' or 'tcp[(4|6)://][hostname]:<port>[/<path>]", address.String(), d.Version.NextMajor()))
|
|
|
|
keys[d.NewKey] = address.String()
|
|
|
|
for _, key := range d.Keys {
|
|
delete(keys, key)
|
|
}
|
|
},
|
|
},
|
|
}
|
|
|
|
func getHostPort(hostKey, portKey, hostFallback string, portFallback uint16, keys map[string]any) (host string, port uint16, err error) {
|
|
var (
|
|
ok bool
|
|
v any
|
|
)
|
|
|
|
if v, ok = keys[hostKey]; ok {
|
|
host, _ = v.(string)
|
|
}
|
|
|
|
if v, ok = keys[portKey]; ok {
|
|
switch value := v.(type) {
|
|
case uint16:
|
|
port = value
|
|
case int:
|
|
if value >= 0 && value <= 65535 {
|
|
port = uint16(value)
|
|
}
|
|
case string:
|
|
var p uint64
|
|
|
|
if p, err = strconv.ParseUint(value, 10, 16); err != nil {
|
|
return "", 0, fmt.Errorf("error occurred converting the port from a string: %w", err)
|
|
}
|
|
|
|
port = uint16(p)
|
|
}
|
|
}
|
|
|
|
if host == "" {
|
|
host = hostFallback
|
|
}
|
|
|
|
if port == 0 {
|
|
port = portFallback
|
|
}
|
|
|
|
return host, port, nil
|
|
}
|
|
|
|
func GetMultiKeyMappedDeprecationKeys() (keys []string) {
|
|
for _, mkm := range deprecationsMKM {
|
|
keys = append(keys, mkm.Keys...)
|
|
}
|
|
|
|
return keys
|
|
}
|