diff --git a/pkg/config/auth_test.go b/pkg/config/auth_test.go index 6833ba1f5..057c5ccdd 100644 --- a/pkg/config/auth_test.go +++ b/pkg/config/auth_test.go @@ -133,17 +133,17 @@ func TestHookDiff(t *testing.T) { }, SendEmail: hookConfig{ Enabled: true, - URI: "http://example.com", + URI: "https://example.com", Secrets: "test-secret", }, MFAVerificationAttempt: hookConfig{ Enabled: true, - URI: "http://example.com", + URI: "https://example.com", Secrets: "test-secret", }, PasswordVerificationAttempt: hookConfig{ Enabled: true, - URI: "pg-functions://functionName", + URI: "pg-functions://verifyPassword", }, } // Run test @@ -152,17 +152,16 @@ func TestHookDiff(t *testing.T) { HookCustomAccessTokenUri: cast.Ptr("http://example.com"), HookCustomAccessTokenSecrets: cast.Ptr("ce62bb9bcced294fd4afe668f8ab3b50a89cf433093c526fffa3d0e46bf55252"), HookSendEmailEnabled: cast.Ptr(true), - HookSendEmailUri: cast.Ptr("http://example.com"), + HookSendEmailUri: cast.Ptr("https://example.com"), HookSendEmailSecrets: cast.Ptr("ce62bb9bcced294fd4afe668f8ab3b50a89cf433093c526fffa3d0e46bf55252"), HookSendSmsEnabled: cast.Ptr(true), HookSendSmsUri: cast.Ptr("http://example.com"), HookSendSmsSecrets: cast.Ptr("ce62bb9bcced294fd4afe668f8ab3b50a89cf433093c526fffa3d0e46bf55252"), HookMfaVerificationAttemptEnabled: cast.Ptr(true), - HookMfaVerificationAttemptUri: cast.Ptr("http://example.com"), + HookMfaVerificationAttemptUri: cast.Ptr("https://example.com"), HookMfaVerificationAttemptSecrets: cast.Ptr("ce62bb9bcced294fd4afe668f8ab3b50a89cf433093c526fffa3d0e46bf55252"), HookPasswordVerificationAttemptEnabled: cast.Ptr(true), - HookPasswordVerificationAttemptUri: cast.Ptr("pg-functions://functionName"), - HookPasswordVerificationAttemptSecrets: nil, + HookPasswordVerificationAttemptUri: cast.Ptr("pg-functions://verifyPassword"), }) // Check error assert.NoError(t, err) @@ -172,17 +171,41 @@ func TestHookDiff(t *testing.T) { t.Run("local enabled and disabled", func(t *testing.T) { c := newWithDefaults() c.Hook = hook{ - CustomAccessToken: hookConfig{Enabled: true}, - MFAVerificationAttempt: hookConfig{Enabled: false}, + CustomAccessToken: hookConfig{ + Enabled: true, + URI: "http://example.com", + Secrets: "test-secret", + }, + SendSMS: hookConfig{ + Enabled: false, + URI: "https://example.com", + Secrets: "test-secret", + }, + SendEmail: hookConfig{ + Enabled: true, + URI: "pg-functions://sendEmail", + }, + MFAVerificationAttempt: hookConfig{ + Enabled: false, + URI: "pg-functions://verifyMFA", + }, + PasswordVerificationAttempt: hookConfig{Enabled: false}, } // Run test diff, err := c.DiffWithRemote("", v1API.AuthConfigResponse{ - HookCustomAccessTokenEnabled: cast.Ptr(false), - HookCustomAccessTokenUri: cast.Ptr(""), - HookCustomAccessTokenSecrets: cast.Ptr("b613679a0814d9ec772f95d778c35fc5ff1697c493715653c6c712144292c5ad"), - HookMfaVerificationAttemptEnabled: cast.Ptr(true), - HookMfaVerificationAttemptUri: cast.Ptr(""), - HookMfaVerificationAttemptSecrets: cast.Ptr("b613679a0814d9ec772f95d778c35fc5ff1697c493715653c6c712144292c5ad"), + HookCustomAccessTokenEnabled: cast.Ptr(false), + HookCustomAccessTokenUri: cast.Ptr(""), + HookCustomAccessTokenSecrets: cast.Ptr("b613679a0814d9ec772f95d778c35fc5ff1697c493715653c6c712144292c5ad"), + HookSendEmailEnabled: cast.Ptr(false), + HookSendEmailUri: cast.Ptr(""), + HookSendSmsEnabled: cast.Ptr(true), + HookSendSmsUri: cast.Ptr("http://example.com"), + HookSendSmsSecrets: cast.Ptr("ce62bb9bcced294fd4afe668f8ab3b50a89cf433093c526fffa3d0e46bf55252"), + HookMfaVerificationAttemptEnabled: cast.Ptr(true), + HookMfaVerificationAttemptUri: cast.Ptr("pg-functions://verifyMFA"), + HookPasswordVerificationAttemptEnabled: cast.Ptr(true), + HookPasswordVerificationAttemptUri: cast.Ptr("https://example.com"), + HookPasswordVerificationAttemptSecrets: cast.Ptr("ce62bb9bcced294fd4afe668f8ab3b50a89cf433093c526fffa3d0e46bf55252"), }) // Check error assert.NoError(t, err) diff --git a/pkg/config/config.go b/pkg/config/config.go index 4cc81a679..f5a56dfc0 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -1001,14 +1001,14 @@ func (h *hookConfig) validate(hookType string) (err error) { } switch strings.ToLower(parsed.Scheme) { case "http", "https": - if h.Secrets, err = maybeLoadEnv(h.Secrets); err != nil { - return err - } else if len(h.Secrets) == 0 { + if len(h.Secrets) == 0 { return errors.Errorf("Missing required field in config: auth.hook.%s.secrets", hookType) + } else if h.Secrets, err = maybeLoadEnv(h.Secrets); err != nil { + return err } case "pg-functions": if len(h.Secrets) > 0 { - return errors.Errorf("Invalid hook config: auth.hook.%s.secrets is not supported for pg-functions URI", hookType) + return errors.Errorf("Invalid hook config: auth.hook.%s.secrets is unsupported for pg-functions URI", hookType) } default: return errors.Errorf("Invalid hook config: auth.hook.%v should be a HTTP, HTTPS, or pg-functions URI", hookType) @@ -1081,19 +1081,16 @@ func (c *tpaCognito) issuerURL() string { return fmt.Sprintf("https://cognito-idp.%s.amazonaws.com/%s", c.UserPoolRegion, c.UserPoolID) } -func (c *tpaCognito) validate() error { +func (c *tpaCognito) validate() (err error) { if c.UserPoolID == "" { return errors.New("Invalid config: auth.third_party.cognito is enabled but without a user_pool_id.") - } - var err error - if c.UserPoolID, err = maybeLoadEnv(c.UserPoolID); err != nil { + } else if c.UserPoolID, err = maybeLoadEnv(c.UserPoolID); err != nil { return err } if c.UserPoolRegion == "" { return errors.New("Invalid config: auth.third_party.cognito is enabled but without a user_pool_region.") - } - if c.UserPoolRegion, err = maybeLoadEnv(c.UserPoolRegion); err != nil { + } else if c.UserPoolRegion, err = maybeLoadEnv(c.UserPoolRegion); err != nil { return err } diff --git a/pkg/config/config_test.go b/pkg/config/config_test.go index 5ac6705e5..4aa7ce243 100644 --- a/pkg/config/config_test.go +++ b/pkg/config/config_test.go @@ -265,7 +265,7 @@ func TestValidateHookURI(t *testing.T) { URI: "pg-functions://functionName", Secrets: "test-secret", }, - errorMsg: "Invalid hook config: auth.hook.valid pg-functions URI with unsupported secrets.secrets is not supported for pg-functions URI", + errorMsg: "Invalid hook config: auth.hook.valid pg-functions URI with unsupported secrets.secrets is unsupported for pg-functions URI", }, } diff --git a/pkg/config/testdata/TestHookDiff/local_enabled_and_disabled.diff b/pkg/config/testdata/TestHookDiff/local_enabled_and_disabled.diff index b54e19f5e..e3afeb491 100644 --- a/pkg/config/testdata/TestHookDiff/local_enabled_and_disabled.diff +++ b/pkg/config/testdata/TestHookDiff/local_enabled_and_disabled.diff @@ -1,16 +1,17 @@ diff remote[auth] local[auth] --- remote[auth] +++ local[auth] -@@ -11,7 +11,7 @@ +@@ -11,24 +11,24 @@ [hook] [hook.mfa_verification_attempt] -enabled = true +enabled = false - uri = "" + uri = "pg-functions://verifyMFA" secrets = "" [hook.password_verification_attempt] -@@ -19,9 +19,9 @@ +-enabled = true ++enabled = false uri = "" secrets = "" [hook.custom_access_token] @@ -18,8 +19,18 @@ diff remote[auth] local[auth] -uri = "" -secrets = "hash:b613679a0814d9ec772f95d778c35fc5ff1697c493715653c6c712144292c5ad" +enabled = true -+uri = "" -+secrets = "" ++uri = "http://example.com" ++secrets = "hash:ce62bb9bcced294fd4afe668f8ab3b50a89cf433093c526fffa3d0e46bf55252" [hook.send_sms] - enabled = false - uri = "" +-enabled = true ++enabled = false + uri = "https://example.com" + secrets = "test-secret" + [hook.send_email] +-enabled = false +-uri = "" ++enabled = true ++uri = "pg-functions://sendEmail" + secrets = "" + + [mfa]