Merge remote-tracking branch 'origin/master' into feat-settings-ui
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>feat-otp-verification
commit
1ba4f705f0
|
@ -0,0 +1,8 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
set +u
|
||||
|
||||
if [[ "${BUILDKITE_LABEL}" == ":docker: Build Image [coverage]" && "${BUILDKITE_AGENT_NAME}" =~ ^vega[0-9]+$ ]]; then
|
||||
mv authelia-image-coverage.tar.zst authelia-image-coverage-vega.tar.zst
|
||||
BUILDKITE_S3_ENDPOINT="${S3_ENDPOINT}" BUILDKITE_ARTIFACT_UPLOAD_DESTINATION="${S3_BUCKET}" BUILDKITE_S3_ACCESS_URL="${S3_ACCESS_URL}" BUILDKITE_S3_ACCESS_KEY_ID="${S3_ACCESS_KEY_ID}" BUILDKITE_S3_SECRET_ACCESS_KEY="${S3_SECRET_ACCESS_KEY}" buildkite-agent artifact upload authelia-image-coverage-vega.tar.zst
|
||||
fi
|
|
@ -21,7 +21,6 @@ if [[ "${BUILDKITE_LABEL}" == ":hammer_and_wrench: Unit Test" ]]; then
|
|||
fi
|
||||
|
||||
if [[ "${BUILDKITE_LABEL}" == ":docker: Build Image [coverage]" ]]; then
|
||||
# Saving image for docker push
|
||||
docker save "${DOCKER_IMAGE}" | zstdmt -T0 -12 > "authelia-image-coverage.tar.zst"
|
||||
fi
|
||||
|
||||
|
|
|
@ -29,14 +29,20 @@ if [[ "${BUILDKITE_LABEL}" =~ ":debian: Build Package" ]]; then
|
|||
fi
|
||||
|
||||
if [[ "${BUILDKITE_LABEL}" =~ ":selenium:" ]]; then
|
||||
DEFAULT_ARCH=coverage
|
||||
echo "--- :docker: Extract and load build container"
|
||||
mkdir coverage
|
||||
buildkite-agent artifact download "authelia-image-${DEFAULT_ARCH}*" .
|
||||
if [[ "${SUITE}" == "Kubernetes" ]]; then
|
||||
zstd -d authelia-image-coverage.tar.zst --stdout > ./internal/suites/example/kube/authelia-image-${DEFAULT_ARCH}.tar
|
||||
|
||||
if [[ "${BUILDKITE_AGENT_NAME}" =~ ^vega[0-9]+$ ]]; then
|
||||
BUILDKITE_S3_ENDPOINT="${S3_ENDPOINT}" BUILDKITE_ARTIFACT_UPLOAD_DESTINATION="${S3_BUCKET}" BUILDKITE_S3_ACCESS_URL="${S3_ACCESS_URL}" BUILDKITE_S3_ACCESS_KEY_ID="${S3_ACCESS_KEY_ID}" BUILDKITE_S3_SECRET_ACCESS_KEY="${S3_SECRET_ACCESS_KEY}" buildkite-agent artifact download "authelia-image-coverage-vega*" .
|
||||
mv authelia-image-coverage-vega.tar.zst authelia-image-coverage.tar.zst
|
||||
else
|
||||
zstdcat "authelia-image-${DEFAULT_ARCH}.tar.zst" | docker load
|
||||
buildkite-agent artifact download "authelia-image-coverage.*" .
|
||||
fi
|
||||
|
||||
if [[ "${SUITE}" == "Kubernetes" ]]; then
|
||||
zstd -d authelia-image-coverage.tar.zst --stdout > ./internal/suites/example/kube/authelia-image-coverage.tar
|
||||
else
|
||||
zstdcat "authelia-image-coverage.tar.zst" | docker load
|
||||
fi
|
||||
|
||||
if [[ "${BUILD_DUO}" == "true" ]] && [[ "${SUITE}" == "DuoPush" ]]; then
|
||||
|
@ -55,13 +61,13 @@ if [[ "${BUILDKITE_LABEL}" =~ ":selenium:" ]]; then
|
|||
fi
|
||||
|
||||
if [[ "${BUILDKITE_LABEL}" == ":docker: Build and Deploy" ]]; then
|
||||
echo ${DOCKER_PASSWORD} | docker login -u ${DOCKER_USERNAME} --password-stdin
|
||||
echo "${DOCKER_PASSWORD}" | docker login -u "${DOCKER_USERNAME}" --password-stdin
|
||||
fi
|
||||
|
||||
if [[ "${BUILDKITE_LABEL}" == ":docker: Deploy Manifest" ]]; then
|
||||
echo "--- :go: :react: :swagger: Extract pre-built binary"
|
||||
buildkite-agent artifact download "authelia-linux-*-musl.tar.gz" .
|
||||
for archive in authelia-linux-*-musl.tar.gz; do tar xzf ${archive} --wildcards "authelia-linux-*"; done
|
||||
for archive in authelia-linux-*-musl.tar.gz; do tar xzf "${archive}" --wildcards "authelia-linux-*"; done
|
||||
fi
|
||||
|
||||
if [[ "${BUILDKITE_LABEL}" == ":github: Deploy Artifacts" ]]; then
|
||||
|
|
|
@ -18,7 +18,9 @@ repository (but search first in case a similar issue already exists).
|
|||
|
||||
If you would like to fix a bug or implement a feature, please fork the repository and create a Pull Request.
|
||||
More information on getting set up locally can be found in the
|
||||
[Development Contribution](https://www.authelia.com/contributing/development/introduction/) documentation.
|
||||
[Development Contribution](https://www.authelia.com/contributing/development/introduction/) documentation, in addition
|
||||
the [Contribution Guidelines](https://www.authelia.com/contributing/guidelines/introduction/) documentation includes
|
||||
several contribution guidelines.
|
||||
|
||||
Before you start any Pull Request, it's recommended that you create an issue to discuss first if you have any doubts
|
||||
about requirement or implementation. That way you can be sure that the maintainer(s) agree on what to change and how,
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
# ===================================
|
||||
# ===== Authelia official image =====
|
||||
# ===================================
|
||||
FROM alpine:3.17.2
|
||||
FROM alpine:3.17.3
|
||||
|
||||
ARG TARGETOS
|
||||
ARG TARGETARCH
|
||||
|
|
|
@ -46,7 +46,7 @@ RUN \
|
|||
# ===================================
|
||||
# ===== Authelia official image =====
|
||||
# ===================================
|
||||
FROM alpine:3.17.2
|
||||
FROM alpine:3.17.3
|
||||
|
||||
RUN apk --no-cache add ca-certificates tzdata
|
||||
|
||||
|
|
|
@ -43,7 +43,7 @@ RUN \
|
|||
# ===================================
|
||||
# ===== Authelia official image =====
|
||||
# ===================================
|
||||
FROM alpine:3.17.2
|
||||
FROM alpine:3.17.3
|
||||
|
||||
WORKDIR /app
|
||||
|
||||
|
|
|
@ -3,10 +3,12 @@
|
|||
</p>
|
||||
|
||||
[![Build](https://img.shields.io/buildkite/d6543d3ece3433f46dbe5fd9fcfaf1f68a6dbc48eb1048bc22/master?logo=buildkite&style=flat-square&color=brightgreen)](https://buildkite.com/authelia/authelia)
|
||||
[![OpenSSF Best Practices](https://img.shields.io/static/v1?label=openssf%20best%20practices&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEYAAABGCAYAAABxLuKEAAAK/UlEQVR4nOxcD2wb1Rn/pXE5lxRfYQPiLXdsA48/SSG+eRPBKYg/ZeIqGIwyTWWAkKPWhYxIgw2GNhXB0JiAsdCMHRBro5rKAG3TgFwZdGv542UF75xhWmkYunFnuPBv41wDZ2q300veZW7+2e98l6rSflKaq+Pve19++d73vu997zmwf/9+/B8zESD/tLS0HJTB+XjicACfBXAMgMX0ZQvAW7auvVs2svsOimGEE+IxfhPDCdGjAJwTFKXlAE4E8HkAHQDaASyaQ6wM4F/063Vb13YBGKtY5o5qcbziq8F+E8PHE6cCuBnAJQAO80jtbgB32bq2qWxkP/RI5wx4TgwnRI8O8OFkgA9fBKDbma4+4F0AWyuW+Ttb135fLY5XvVTuGTFtXfLKAB9eC+AC8l9PrGsc/wCwyda1h8pG9k0vFHpCDB9PrAOgeGFQk3jH1rVY2cgazSpqipi2Lvn0AB++BcB5AFqbNcYjvAXg3lJuRKkWxy23SlwRwwnR44OidDuAS32MIc2CrGYbSrmRzW5WMWZiOCF6WFCUXgEQYR3sIOFWK53awCo0Vw4xKzghuiwoSo8dQqQQfL+tS76SVahhjyFJWlCUXqaZ6qEGspT3WOnUS40KNOQxnBBtC4rSrw9RUgh+YetahkWgbuBs65K7Anx4C03hvQCpf3QAxPt22rpG8o4igI/pHyoE4NNBUSLjfQnAaQCWNDHeUCk38u1qcZxJqC4xAT58j0ek7AXwWwC3WenUrnpvLhvZie98PEHIuprIAQgzjrnZ1rXrWElBvRjT1iVfGODDjzNrPRAmzUo3Ts9KO+TkkZT0ZQAOp7GAeM/bxXzGLOYznzjv5YQoMfLMoCjdSLPrehgipJSNrKt9lXmJ4eOJHIAuN4opSFy6ykqnprYPOuTkEkFOriavAzh3HtmPSGwAcP9of3d+ml1xAI/N40HEU77llhTMRUxrqL116fJV9wNIuNQ7ZuvahoplqiS5CkVirR1ycjUfiV0G4CwSQxj1kXmlGqrym4KqkByKeJAQFKUbqI21tVlTnuJgVmLauuRrA3x4yKXOzaXcSKJaHLdDkdgRnQPDawD0N+l5Dsgvu8lQlbscguji8CSA49wG2tkwKzF8PEGC48ku9D1q69qaspGt9gyNEaVP0zrKD1wx2t9NpirxntODotRv69oVzXqKgxnE0EFGXegatnVtLTHslIHhs/hI7AEAX/TCyDlAlvf7dg723VbMZ1wXi3NhRoJHoz4r/lzKjaynpKzkI7EtPpMCmttc3zkwvN4P5QfkMXw8QZbNVaxKbF27ngTZnqExEgQfajIhY8EThqrc6Yfi6R5zR81ufSMg5fy6spEd65CTpFx40UUS5hYPGqpySUFVPN3SdDBFDCdESbK1jlF+m5VOkVgCQU6SpfMUzy2cHcRT1vtFCqZ5TC+rcMUyJ0gJRWIkL2Eu7V3CV09xMBVjgqIkM8qqtq6R2gedA8M3AzjKc+tm4sGdg33rivmM7+3T2uAbZZQlxZlj4DebsOE1AI8AIOUHB+BCumU6vU6ZmD4LQQocYjgh2grgJAa5rJVOvU4eeobG1rkMuC8YqnJDQVV2THt9U4ec5EOR2Df4SOzHAD5Fp4+vMWU6JmJMUJQ6yWrNIPc8JgvCFrodwIqnDFU5t5YUPp5YTP9AKKiKtWuw70EAly1EoJ0NzlQ6k0XI1rUcfSSEHs045qOGqqwhv2hbl9wb4MPraeAXg6K0NyhKGQB/KOVGhkf7u7d1yMntBVVZ8CMZDjHzlf+z4UX6nXUle5UGT0LK6gAffnhanCM5VA/5Wrp8VV8pN3JGQVXeZRzDEzjLNWv6XsBk7nIco9y1xXzmA0zuDN5VZwfxhKXLV13LqN8zOMSwbHLvrVjmf+hzO4OcaajKnzAZT9bTbYJ6WM2g31M4xLAE3j01yzSL3K6aWNFoodrJxxOfYxjDMzA13ChqVweWfvXemmcWQlne6xkcYliOdNVWzmUGudrM+G8Nyti2rr3OMIZncIh5n0FmCd2xB93RbxQn1jxvbFBmrGxkSwxjeAaHGJbzJGT6HEserHymwCDH9wyNXYPJPOhxJ0mcDxXLHGbQ7ykcYv7KKDexvVDMZ/7OKLfxlIHhFWUju7+UGyErzly95AqAH9m6lmLU7xkcYhpudlM4O/6sxCziI7GfkodqcfwdW9dW0BXKrHnPUySvstKpH3qx2+8WE5vhy3r7yJL4Twa5X1np1NWhSGxR58AwqXdijOPusPKZ/l2DfRON9tZQeyDAh0lw3ls2shM5UigSa+mQkzfykdjFhqpcXlCVBQ3CU10CPp4Yd2JHA9htpVPHY7K6vgCA6mJssqJdNNrf/fT0H/QMjS2mXUin4ffCaH/3ChdjuEYtMSQrPYdB9nwrnXqmQ04uEuTkGIDlLsYnaUIewE4Ab9PATlavL9Nedi1e2DnYd1Uxn9ntYhxmTCV4Fcvcyij7CCdEjymoyj4rn7m9ifEJEV8HQMqEtbSFO50Ugt7OgeFtoUjsCy7HYjZsAhXLZF2ZjgyK0qWYXJ0eBbAQkVLsHBh+aAHGOYCYFwG8xyif5IQoR2ogK5/5iffmzYrenqGx5/32nCliqsXxDwHczSh/alCU7sGk12x0kQ+5Ra/fnnNAEWnr2s9pEGTB+rYu+eKCqlQNVTkfwLPemjgnfPWcA4gpG9k9Fcu8j1VJgA//sq1LPrmgKnt2DvZdSFYQT62cG2d0yElfTlPM2HaoWOZmF3qWBfjwRPOtmM/sMVSFkFP3nF2TsAHIuwb7HvBD+Qxiykb2NQDbXejq5eOJ5zkhGimoygeGqkStfOYWAF7fKSK5z3NWPvPV0f7uP2Ly8FCSjye2t4baPZtWsx4c4oRolJ6R4VzofK9imWs+fEV9BpMtFi4Uia3lI7GbAHymSXu3G6pyk9N24YTokqAo3QbgevpzvZQbObNaHH+jyXHmPpzIxxPXARh0qbcK4CZb1+52Tjh1yMkjBDlJCsZrSA7EqO8vAAZG+7unDjFzQvSEoCg9OwvZW610aqVLu6cwJzGcEG0JitKTZB43of9ZW9furVjmlmpx/GNMEhQC8JVQJNbNR2LStOOs++hl0XcAvGGoCiHkpWI+86rTmqWEJOjZ37lqu630HKDu1vB5j7NyQpTkKaxbC7MhZ+uaXDayLBtbM8DHE5cB2AQg2MDbm/Kcupcs+HjiflrDNIuPAOyoWOa2imVqAF6e7yYa3Yo4DcBpQVE6gzYFWTsGrj2nLjGtofbFS5ev2gDge4ynrRpBEcCbAPZQ4kh1vZS2fY/1aLzdpdzI2azkNHwth48nhgActM5gk2CeVg33lUq5kR/QC6G+Xwb3ASInRJkuijBf/ePjCVJofseNdQcJVXqzdoxFiLkTWcqN3AzATdlwMDCRbLKSAre3aFtD7aRwXBEUpTtIIcc66ALgk4pl3lmxzFvLRvYTNwqaunfNCVEuKEokKPe5UuAPyOpznpVO5ZtR4slN/bYu+fwAH/6Zy4sZXoFkzQ/buvbdspE1m1Xm2Wc70ISsNyhKVwK43MNP/6iHQsUy765Y5qaykf23V0p9+ZgUPp6I0gLUz17Q+wDuJLVY2ch+7LVyXz8/hhOiJwE4m6b0KxkaerOhSs8CP2Xr2nMVy0xXi+Mspy2YsCCfOIT/VeudAL5G654YgCPqiL1GT0VsAfCElU7ZvhtKsWDETEdrqL0lwIePpSemDqebYvvoBa0SmSplI+ubR9TDfwMAAP//J8ZWGNO8y2EAAAAASUVORK5CYII=&message=passing&style=flat-square&color=brightgreen)](https://bestpractices.coreinfrastructure.org/projects/7128)
|
||||
[![Go Report Card](https://goreportcard.com/badge/github.com/authelia/authelia/v4?logo=go&style=flat-square)](https://goreportcard.com/report/github.com/authelia/authelia/v4)
|
||||
[![GitHub Release](https://img.shields.io/github/release/authelia/authelia.svg?logo=github&style=flat-square&color=blue)](https://github.com/authelia/authelia/releases)
|
||||
[![Docker Tag](https://img.shields.io/docker/v/authelia/authelia/latest?logo=docker&style=flat-square&color=blue&sort=semver)](https://hub.docker.com/r/authelia/authelia/tags)
|
||||
[![Docker Size](https://img.shields.io/docker/image-size/authelia/authelia/latest?logo=docker&style=flat-square&color=blue&sort=semver)](https://hub.docker.com/r/authelia/authelia/tags)
|
||||
[![GitHub Release](https://img.shields.io/github/release/authelia/authelia.svg?logo=github&style=flat-square&color=blue)](https://github.com/authelia/authelia/releases)
|
||||
![Docker Pulls](https://img.shields.io/docker/pulls/authelia/authelia?logo=docker&label=pulls&style=flat-square&color=blue)
|
||||
[![AUR source version](https://img.shields.io/aur/version/authelia?logo=arch-linux&label=authelia&style=flat-square&color=blue)](https://aur.archlinux.org/packages/authelia/)
|
||||
[![AUR binary version](https://img.shields.io/aur/version/authelia-bin?logo=arch-linux&label=authelia-bin&style=flat-square&color=blue)](https://aur.archlinux.org/packages/authelia-bin/)
|
||||
[![AUR development version](https://img.shields.io/aur/version/authelia-git?logo=arch-linux&label=authelia-git&style=flat-square&color=blue)](https://aur.archlinux.org/packages/authelia-git/)
|
||||
|
|
93
SECURITY.md
93
SECURITY.md
|
@ -2,46 +2,83 @@
|
|||
|
||||
## Prologue
|
||||
|
||||
Authelia takes security very seriously. We follow the rule of
|
||||
[responsible disclosure](https://en.wikipedia.org/wiki/Responsible_disclosure), and we urge our community to do so as
|
||||
well instead of making the vulnerability public. This allows time for the security issue to be patched quickly.
|
||||
The __Authelia__ team takes security very seriously. Because __Authelia__ is intended as a security product a lot of
|
||||
decisions are made with security being the priority and we always aim to implement security by design.
|
||||
|
||||
If you discover a vulnerability in Authelia, please first contact one of the maintainers privately as described in the
|
||||
[contact options](#contact-options) below.
|
||||
## Coordinated vulnerability disclosure
|
||||
|
||||
We urge you not to disclose the bug publicly at least until we've had a
|
||||
reasonable chance to fix it, and to clearly communicate any public disclosure timeline in your initial contact with us.
|
||||
If you do not have a particular public disclosure timeline, we will clearly communicate ours as we publish security
|
||||
advisories.
|
||||
__Authelia__ follows the [coordinated vulnerability disclosure] model when dealing with security vulnerabilities. This
|
||||
was previously known as responsible disclosure. We strongly urge anyone reporting vulnerabilities to __Authelia__ or any
|
||||
other project to follow this model as it is considered as a best practice by many in the security industry.
|
||||
|
||||
For more information about [security](https://www.authelia.com/information/security/) related matters, please read
|
||||
[the documentation](https://www.authelia.com/information/security/).
|
||||
If you believe you have identified a security vulnerability or security related bug with __Authelia__ please make every
|
||||
effort to contact us privately using one of the [contact options](#contact-options) below. Please do not open an issue,
|
||||
do not notify us in public, and do not disclose this issue to third parties.
|
||||
|
||||
Using this process helps ensure that users affected have an avenue to fixing the issue as close to the issue being
|
||||
made public as possible. This mitigates the increasing the attack surface (via improving attacker knowledge) for
|
||||
diligent administrators simply via the act of disclosing the security issue.
|
||||
|
||||
For more information about [security](https://www.authelia.com/security/) related matters, please read
|
||||
[the documentation](https://www.authelia.com/security/).
|
||||
|
||||
## Contact Options
|
||||
|
||||
Several [contact options](README.md#contact-options) exist, it's important to make sure you contact the maintainers
|
||||
privately which is described in each available contact method. The methods include our [security email](README.md#security),
|
||||
[Matrix](README.md#matrix), and [Discord](README.md#discord).
|
||||
Several contact options exist however it's important you specifically use a security contact method when reporting a
|
||||
security vulnerability or security related bug. These methods are clearly documented below.
|
||||
|
||||
## Credit
|
||||
### GitHub Security
|
||||
|
||||
Users who report bugs will optionally be credited for the discovery. Both in the [security advisory] and in our
|
||||
[all contributors](README.md#contribute) configuration/documentation.
|
||||
Users can utilize GitHub's security vulnerability system to privately [report a vulnerability]. This is an easy method
|
||||
for users who have a GitHub account.
|
||||
|
||||
### Email
|
||||
|
||||
Users can utilize the [security@authelia.com](mailto:security@authelia.com) email address to privately report a
|
||||
vulnerability. This is an easy method of users who do not have a GitHub account.
|
||||
|
||||
This email address is only accessible by members of the [core team] for the purpose of disclosing security
|
||||
vulnerabilities and issues within the __Authelia__ code base.
|
||||
|
||||
### Chat
|
||||
|
||||
If you wish to chat directly instead of sending an email please use either [Matrix](README.md#matrix) or
|
||||
[Discord](README.md#discord) to direct / private message one of the [core team] members.
|
||||
|
||||
Please avoid this method unless absolutely necessary. We generally prefer that users use either the
|
||||
[GitHub Security](#github-security) or [Email](#email) option rather than this option as it both allows multiple team
|
||||
members to deal with the report and prevents mistakes when contacting a [core team] member.
|
||||
|
||||
The [core team] members are identified in [Matrix](README.md#matrix) as room admins, and in [Discord](README.md#discord)
|
||||
with the `Core Team` role.
|
||||
|
||||
## Process
|
||||
|
||||
1. User privately reports a potential vulnerability.
|
||||
2. The core team reviews the report and ascertain if additional information is required.
|
||||
3. The core team reproduces the bug.
|
||||
4. The bug is patched, and if possible the user reporting te bug is given access to a fixed version or git patch.
|
||||
5. The fix is confirmed to resolve the vulnerability.
|
||||
6. The fix is released.
|
||||
7. The [security advisory] is published sometime after users have had a chance to update.
|
||||
1. The user privately reports a potential vulnerability.
|
||||
2. The report is acknowledged as received.
|
||||
3. The report is reviewed to ascertain if additional information is required. If it is required:
|
||||
1. The user is informed that the additional information is required.
|
||||
2. The user privately adds the additional information.
|
||||
3. The process begins at step 3 again, proceeding to step 4 if the additional information provided is sufficient.
|
||||
4. The vulnerability is reproduced.
|
||||
5. The vulnerability is patched, and if possible the user reporting the bug is given access to a fixed binary, docker
|
||||
image, and git patch.
|
||||
6. The patch is confirmed to resolve the vulnerability.
|
||||
7. The fix is released and users are notified that they should update urgently.
|
||||
8. The [security advisory] is published when (whichever happens sooner):
|
||||
- The CVE details are published by [MITRE], [NIST], etc.
|
||||
- Roughly 7 days after users have been notified the update is available.
|
||||
|
||||
## Help Wanted
|
||||
[MITRE]: https://www.mitre.org/
|
||||
[NIST]: https://www.nist.gov/
|
||||
|
||||
We are actively looking for sponsorship to obtain either a code security audit, penetration testing, or other audits
|
||||
related to improving the security of Authelia. If your company or you personally are willing to offer discounts, pro
|
||||
bono, or funding towards services like these please feel free to contact us on *any* of the methods above.
|
||||
## Credit
|
||||
|
||||
Users who report bugs will at their discretion (i.e. they do not have to be if they wish to remain anonymous) be
|
||||
credited for the discovery. Both in the [security advisory] and in our [all contributors](README.md#contribute)
|
||||
documentation.
|
||||
|
||||
[coordinated vulnerability disclosure]: https://en.wikipedia.org/wiki/Coordinated_vulnerability_disclosure
|
||||
[security advisory]: https://github.com/authelia/authelia/security/advisories
|
||||
[report a vulnerability]: https://github.com/authelia/authelia/security/advisories/new
|
||||
[core team]: https://www.authelia.com/information/about/#core-team
|
||||
|
|
|
@ -62,7 +62,12 @@
|
|||
url = "/code-of-conduct"
|
||||
weight = 30
|
||||
|
||||
[[footer]]
|
||||
name = "About"
|
||||
url = "/information/about"
|
||||
weight = 40
|
||||
|
||||
[[footer]]
|
||||
name = "Contact"
|
||||
url = "/information/contact"
|
||||
weight = 40
|
||||
weight = 50
|
||||
|
|
|
@ -94,6 +94,49 @@ authelia-scripts suites test Standalone
|
|||
|
||||
The suite will be spawned, tests will be run and then the suite will be torn down automatically.
|
||||
|
||||
## Manually Building
|
||||
|
||||
### Binary
|
||||
|
||||
If you want to manually build the binary from source you will require the open source software described in the
|
||||
[Development Environment](./environment.md#setup) documentation. Then you can follow the below steps on Linux (you may
|
||||
have to adapt them on other systems).
|
||||
|
||||
Clone the Repository:
|
||||
|
||||
```bash
|
||||
git clone https://github.com/authelia/authelia.git
|
||||
```
|
||||
|
||||
Download the Dependencies:
|
||||
|
||||
```bash
|
||||
cd authelia && go mod download
|
||||
cd web && pnpm install
|
||||
cd ..
|
||||
```
|
||||
|
||||
Build the Web Frontend:
|
||||
|
||||
```bash
|
||||
cd web && pnpm build
|
||||
cd ..
|
||||
```
|
||||
|
||||
Build the Binary (with debug symbols):
|
||||
|
||||
```bash
|
||||
CGO_ENABLED=1 CGO_CPPFLAGS="-D_FORTIFY_SOURCE=2 -fstack-protector-strong" CGO_LDFLAGS="-Wl,-z,relro,-z,now" \
|
||||
go build -ldflags "-linkmode=external" -trimpath -buildmode=pie -o authelia ./cmd/authelia
|
||||
```
|
||||
|
||||
Build the Binary (without debug symbols):
|
||||
|
||||
```bash
|
||||
CGO_ENABLED=1 CGO_CPPFLAGS="-D_FORTIFY_SOURCE=2 -fstack-protector-strong" CGO_LDFLAGS="-Wl,-z,relro,-z,now" \
|
||||
go build -ldflags "-linkmode=external -s -w" -trimpath -buildmode=pie -o authelia ./cmd/authelia
|
||||
```
|
||||
|
||||
[suites]: ./integration-suites.md
|
||||
[React]: https://reactjs.org/
|
||||
[go]: https://go.dev/dl/
|
||||
|
|
|
@ -19,3 +19,12 @@ those which are automated and those which are not in this section.
|
|||
While it's expected that people aim to follow all of these guidelines we understand that there are logical exceptions to
|
||||
all guidelines and if it makes sense we're likely to agree with you. So if you find a situation where it doesn't make
|
||||
sense to follow one just let us know your reasoning when you make a PR if it's not obvious.
|
||||
|
||||
## General Guidelines
|
||||
|
||||
Some general guidelines include:
|
||||
|
||||
- It's recommended people wishing to contribute discuss their intended changes prior to contributing
|
||||
- This helps avoid people doubling up on contributions
|
||||
- This helps avoid conflicts between contributions
|
||||
- This helps avoid contributors wasting their percussion time in a contribution that may not be accepted
|
||||
|
|
|
@ -31,3 +31,32 @@ the [master] branch.
|
|||
|
||||
Every [Pull Request] will undergo a formal review process. This process is heavily complicated if you rewrite history
|
||||
and/or perform a force push, especially after a maintainer has started a review. As such we request that any action that
|
||||
you merge `origin/master` into your branch to synchronize your commit after the initial review and any other action that
|
||||
rewrites history.
|
||||
|
||||
### Requirements
|
||||
|
||||
The following requirements must be met for a pull request to be accepted. This list also acts as a checklist for
|
||||
maintainers in their review process.
|
||||
|
||||
- The changes must be [documented](../prologue/documentation-contributions.md) if they add or change behaviour
|
||||
- The changes must meet the following guidelines:
|
||||
- [General](introduction.md#general-guidelines)
|
||||
- [Commit Message](commit-message.md)
|
||||
- [Database Schema](database-schema.md)
|
||||
- [Documentation](documentation.md)
|
||||
- [Testing](testing.md)
|
||||
- [Accessibility](accessibiliy.md)
|
||||
- [Style](style.md)
|
||||
- The changes adhere to all of the relevant linting and quality testing automations
|
||||
- The pull request closes related issues by mentioning them appropriately
|
||||
- The contribution adhere to the security by design principles by:
|
||||
- Setting secure defaults
|
||||
- Disallows critically insecure settings
|
||||
- Requires explicit awareness by users that specific settings may reduce security
|
||||
- Potential future items:
|
||||
- Contribution includes DCO
|
||||
- Contribution includes REUSE-compliance requirements
|
||||
|
||||
[Pull Request]: https://github.com/authelia/authelia/pulls
|
||||
[master]: https://github.com/authelia/authelia/tree/master/
|
||||
|
|
|
@ -0,0 +1,27 @@
|
|||
---
|
||||
title: "Testing"
|
||||
description: "Authelia Development Testing Guidelines"
|
||||
lead: "This section covers the testing guidelines."
|
||||
date: 2022-06-15T17:51:47+10:00
|
||||
draft: false
|
||||
images: []
|
||||
menu:
|
||||
contributing:
|
||||
parent: "guidelines"
|
||||
weight: 320
|
||||
toc: true
|
||||
---
|
||||
|
||||
The following outlines the specific requirements we have for testing the Authelia code contributions.
|
||||
|
||||
- While we aim for 100% coverage on changes and additions, we do not enforce this where it doesn't make practical sense:
|
||||
- A test which just marks a line as tested is not necessarily an effectual test
|
||||
- Sometimes there is limited ways in which tests can be performed and the limitation makes the test ineffectual
|
||||
- Tests should be named to reflect what they testing for and which part of the code they are testing
|
||||
- It's required for bug fixes that contributors create a test that fails prior to and passes
|
||||
subsequent to the fix being applied, this test must be included in the contribution, excluding this test will likely
|
||||
result in the fix being rejected unless explicitly agreed and advised otherwise by the
|
||||
[core team](../../information/about.md#core-team)
|
||||
- It's strongly encouraged for features that contributors create have as much testing as is reasonable i.e. any line
|
||||
that can be tested should be tested, if the line can't be tested generally this is an indication a refactor may be
|
||||
required
|
|
@ -44,40 +44,6 @@ We are currently directly looking for someone to sponsor:
|
|||
|
||||
* [Security Audit](../../policies/security.md#help-wanted)
|
||||
|
||||
### Balto
|
||||
|
||||
Our [apt repository](https://apt.authelia.com) is hosted thanks to [Balto](https://www.getbalto.com/?from=Authelia).
|
||||
|
||||
{{< figure src="/images/logos/balto.svg" alt="Balto" width="193" style="padding-right: 10px" ignoreStaticImages="false" >}}
|
||||
|
||||
### Buildkite
|
||||
|
||||
Our [continuous integration and continuous deployment pipelines](https://buildkite.com/authelia/?from=Authelia) are hosted by
|
||||
[Buildkite](https://buildkite.com/features?from=Authelia).
|
||||
|
||||
### Crowdin
|
||||
|
||||
Our [localization platform](https://translate.authelia.com) is hosted by [Crowdin](https://crowdin.com/?from=Authelia).
|
||||
|
||||
### JetBrains
|
||||
|
||||
Our development IDE's are provided by [JetBrains](https://www.jetbrains.com/?from=Authelia).
|
||||
|
||||
{{< figure src="/images/logos/jetbrains.svg" alt="JetBrains" width="50" style="padding-right: 10px" ignoreStaticImages="false" >}}
|
||||
|
||||
### Microsoft
|
||||
|
||||
Our pipeline agents which we rely on for productivity are hosted on [Azure](https://azure.microsoft.com/?from=Authelia)
|
||||
and our [git repositories](https://github.com/authelia) are hosted on [GitHub](https://github.com/?from=Authela)
|
||||
which are both [Microsoft](https://www.microsoft.com/?from=Authelia) products.
|
||||
|
||||
{{< figure src="/images/logos/microsoft.svg" alt="Microsoft" width="234.45" style="padding-right: 10px" ignoreStaticImages="false" >}}
|
||||
|
||||
{{< figure src="/images/logos/azure.svg" alt="Azure" width="173.55" style="padding-right: 10px" ignoreStaticImages="false" >}}
|
||||
|
||||
### Netlify
|
||||
|
||||
Our [website and documentation](https://www.authelia.com) are built and hosted by
|
||||
[Netlify](https://www.netlify.com/?from=Authelia).
|
||||
To see a list of our sponsors please see the [sponsors section](../../information/about.md#sponsors) on the about page.
|
||||
|
||||
[Open Collective]: https://opencollective.com/authelia-sponsors
|
||||
|
|
|
@ -0,0 +1,8 @@
|
|||
---
|
||||
title: "Amir Zarrinkafsh"
|
||||
date: 2022-06-15T17:51:47+10:00
|
||||
draft: false
|
||||
images: []
|
||||
---
|
||||
|
||||
{{< profile-details name="amir-zarrinkafsh" >}}
|
|
@ -0,0 +1,8 @@
|
|||
---
|
||||
title: "Clément Michaud"
|
||||
date: 2022-06-15T17:51:47+10:00
|
||||
draft: false
|
||||
images: []
|
||||
---
|
||||
|
||||
{{< profile-details name="clement-michaud" >}}
|
|
@ -1,15 +1,8 @@
|
|||
---
|
||||
title: "James Elliott"
|
||||
description: "Authelia Core Team"
|
||||
date: 2022-06-15T17:51:47+10:00
|
||||
draft: false
|
||||
images: []
|
||||
---
|
||||
|
||||
*__Authelia Core Team Member.__*
|
||||
|
||||
__GitHub:__ [james-d-elliott](https://github.com/james-d-elliott)
|
||||
|
||||
__Email:__ [james.elliott@authelia.com](mailto:james.elliott@authelia.com)
|
||||
|
||||
__Matrix:__ [@james:authelia.com](https://matrix.to/#/@james:authelia.com) __Discord:__ [James#6549](https://discord.com/users/209869584814047232/)
|
||||
{{< profile-details name="james-elliott" >}}
|
||||
|
|
|
@ -0,0 +1,8 @@
|
|||
---
|
||||
title: "Manuel Nuñez"
|
||||
date: 2022-06-15T17:51:47+10:00
|
||||
draft: false
|
||||
images: []
|
||||
---
|
||||
|
||||
{{< profile-details name="manuel-nunez" >}}
|
|
@ -0,0 +1,104 @@
|
|||
---
|
||||
title: "About"
|
||||
description: "About Authelia and the Authelia Team"
|
||||
date: 2022-06-15T17:51:47+10:00
|
||||
draft: false
|
||||
images: []
|
||||
aliases:
|
||||
- /about
|
||||
- /about.html
|
||||
---
|
||||
|
||||
## What is Authelia?
|
||||
|
||||
Authelia is a project with several open source developers who contribute to the project in their free time. We are not
|
||||
a company or another type of incorporated entity, and do not have any monetization model. Individuals and Organizations
|
||||
are free to contribute [financially](../contributing/prologue/financial.md) or with their time to the
|
||||
[documentation](../contributing/prologue/documentation-contributions.md) or
|
||||
[code base](../contributing/development/introduction.md).
|
||||
|
||||
## Teams
|
||||
|
||||
The following section describes the various teams within the Authelia project.
|
||||
|
||||
### Core Team
|
||||
|
||||
{{% profile-team name="core" %}}
|
||||
|
||||
### Maintainers Team
|
||||
|
||||
{{% profile-team name="maintainers" %}}
|
||||
|
||||
## Sponsors
|
||||
|
||||
Authelia is sponsored by the organizations listed below. The organizations below sponsor us completely voluntarily
|
||||
and do not expect anything additional other than us mentioning them or having a code of conduct, and some do not even
|
||||
require either of those things.
|
||||
|
||||
Please see the [sponsorship section](../contributing/prologue/financial.md#sponsorship) of the financial contributing
|
||||
page for more information on how to become a sponsor.
|
||||
|
||||
### Balto
|
||||
|
||||
Our [apt repository](https://apt.authelia.com) is hosted thanks to [Balto](https://www.getbalto.com/?from=Authelia).
|
||||
|
||||
{{< figure src="/images/logos/balto.svg" alt="Balto" width="193" style="padding-right: 10px" ignoreStaticImages="false" >}}
|
||||
|
||||
### Buildkite
|
||||
|
||||
Our [continuous integration and continuous deployment pipelines](https://buildkite.com/authelia/?from=Authelia) are hosted by
|
||||
[Buildkite](https://buildkite.com/features?from=Authelia).
|
||||
|
||||
### Crowdin
|
||||
|
||||
Our [localization platform](https://translate.authelia.com) is hosted by [Crowdin](https://crowdin.com/?from=Authelia).
|
||||
|
||||
### JetBrains
|
||||
|
||||
Our development IDE's are provided by [JetBrains](https://www.jetbrains.com/?from=Authelia).
|
||||
|
||||
{{< figure src="/images/logos/jetbrains.svg" alt="JetBrains" width="50" style="padding-right: 10px" ignoreStaticImages="false" >}}
|
||||
|
||||
### Microsoft
|
||||
|
||||
Our pipeline agents which we rely on for productivity are hosted on [Azure](https://azure.microsoft.com/?from=Authelia)
|
||||
and our [git repositories](https://github.com/authelia) are hosted on [GitHub](https://github.com/?from=Authela)
|
||||
which are both [Microsoft](https://www.microsoft.com/?from=Authelia) products.
|
||||
|
||||
{{< figure src="/images/logos/microsoft.svg" alt="Microsoft" width="234.45" style="padding-right: 10px" ignoreStaticImages="false" >}}
|
||||
|
||||
{{< figure src="/images/logos/azure.svg" alt="Azure" width="173.55" style="padding-right: 10px" ignoreStaticImages="false" >}}
|
||||
|
||||
### Netlify
|
||||
|
||||
Our [website and documentation](https://www.authelia.com) are built and hosted by
|
||||
[Netlify](https://www.netlify.com/?from=Authelia).
|
||||
|
||||
[Open Collective]: https://opencollective.com/authelia-sponsors
|
||||
|
||||
## Governance and Affiliations
|
||||
|
||||
Authelia is free from any outside governance and is entirely governed as outlined on this page, in addition we do not
|
||||
have any affiliations which have ever asked this of us.
|
||||
|
||||
Our affiliations with external companies will be transparently communicated in this section and the
|
||||
[sponsors](#sponsors) section.
|
||||
|
||||
## Compliance
|
||||
|
||||
The following section contains various compliance related information.
|
||||
|
||||
### Key Individuals
|
||||
|
||||
There is no key individual who if they were incapacitated or unavailable would prevent future operations of the project.
|
||||
|
||||
All of the following areas can be reset or are otherwise accessible to all of the members of the [Core Team](#core-team):
|
||||
|
||||
- Private Keys
|
||||
- Access Rights
|
||||
- Passwords
|
||||
|
||||
### Bus Factor
|
||||
|
||||
The Authelia team has a bus factor of 3. Meaning that the project would stall if 3 team members were suddenly hit by a
|
||||
bus.
|
|
@ -11,15 +11,25 @@ aliases:
|
|||
|
||||
## Security
|
||||
|
||||
If you believe you have identified a security related bug with Authelia please visit the
|
||||
[security policy](../policies/security.md) documentation.
|
||||
If you believe you have identified a security vulnerability or security related bug with __Authelia__ please view our
|
||||
[security policy](../policies/security.md).
|
||||
|
||||
## Individual Team Members
|
||||
|
||||
If you're interested in contacting an individual team member for any reason please see the [About](about.md)
|
||||
informational page.
|
||||
|
||||
## GitHub
|
||||
|
||||
### Discussions
|
||||
|
||||
If you have a general question or want to discuss an idea that's not entirely hashed out please visit
|
||||
[GitHub Discussions](https://github.com/authelia/authelia/discussions) and start a new discussion.
|
||||
The [GitHub Discussions](https://github.com/authelia/authelia/discussions) forum is the correct location to discus
|
||||
anything that is not a bug or feature request such as:
|
||||
|
||||
- Ideas about future features where it's not clear most people can use it (allows users to vote on it)
|
||||
- Questions / Support Requests
|
||||
- Sharing configuration or utilization ideas (i.e. show your setup) for things that are not obvious
|
||||
- Any issue you're experiencing that may or may not be a bug (i.e you're unsure if it's a bug)
|
||||
|
||||
### Issues
|
||||
|
||||
|
@ -55,7 +65,7 @@ are bridged to the [Matrix Rooms](#matrix) with the same names providing they ex
|
|||
|
||||
To contact the team for anything not security related you can utilize [team@authelia.com](mailto:team@authelia.com).
|
||||
|
||||
For all security related matters over email please ensure you use [security@authelia.com](mailto:team@authelia.com).
|
||||
For all security related matters over email please ensure you use [security@authelia.com](mailto:security@authelia.com).
|
||||
|
||||
[Discord]: https://discord.com/
|
||||
[Matrix]: https://matrix.org/
|
||||
|
|
Binary file not shown.
After Width: | Height: | Size: 37 KiB |
|
@ -0,0 +1,96 @@
|
|||
---
|
||||
title: "Firezone"
|
||||
description: "Integrating Firezone with the Authelia OpenID Connect Provider."
|
||||
lead: ""
|
||||
date: 2023-03-25T13:07:02+10:00
|
||||
draft: false
|
||||
images: []
|
||||
menu:
|
||||
integration:
|
||||
parent: "openid-connect"
|
||||
weight: 620
|
||||
toc: true
|
||||
community: true
|
||||
---
|
||||
|
||||
## Tested Versions
|
||||
|
||||
* [Authelia]
|
||||
* [v4.37.5](https://github.com/authelia/authelia/releases/tag/v4.37.5)
|
||||
* [Firezone]
|
||||
* [0.7.25](https://github.com/firezone/firezone/releases/tag/0.7.25)
|
||||
|
||||
## Before You Begin
|
||||
|
||||
{{% oidc-common %}}
|
||||
|
||||
### Assumptions
|
||||
|
||||
This example makes the following assumptions:
|
||||
|
||||
* __Application Root URL:__ `https://firezone.example.com`
|
||||
* __Authelia Root URL:__ `https://auth.example.com`
|
||||
* __Client ID:__ `firezone`
|
||||
* __Client Secret:__ `insecure_secret`
|
||||
* __Config ID (Firezone):__ `authelia`:
|
||||
* This option determines the redirect URI in the format of
|
||||
`https://firezone.example.com/auth/oidc/<Config ID>/callback`.
|
||||
This means if you change this value you need to update the redirect URI.
|
||||
|
||||
## Configuration
|
||||
|
||||
### Application
|
||||
|
||||
To configure [Firezone] to utilize Authelia as an [OpenID Connect 1.0] Provider:
|
||||
|
||||
1. Visit your [Firezone] site
|
||||
2. Sign in as an admin
|
||||
3. Visit:
|
||||
1. Settings
|
||||
2. Security
|
||||
4. In the `Single Sign-On` section, click on the `Add OpenID Connect Provider` button
|
||||
5. Configure:
|
||||
1. Config ID: `authelia`
|
||||
2. Label: `Authelia`
|
||||
3. Scope: `openid email profile`
|
||||
4. Client ID: `firezone`
|
||||
5. Client secret: `insecure_secret`
|
||||
6. Discovery Document URI: `https://auth.example.com/.well-known/openid-configuration`
|
||||
7. Redirect URI (optional): `https://firezone.example.com/auth/oidc/authelia/callback`
|
||||
8. Auto-create users (checkbox): `true`
|
||||
|
||||
{{< figure src="firezone.png" alt="Firezone" width="500" >}}
|
||||
|
||||
Take a look at the [See Also](#see-also) section for the cheatsheets corresponding to the sections above for their
|
||||
descriptions.
|
||||
|
||||
### Authelia
|
||||
|
||||
The following YAML configuration is an example __Authelia__
|
||||
[client configuration](../../../configuration/identity-providers/open-id-connect.md#clients) for use with [Firezone] which
|
||||
will operate with the above example:
|
||||
|
||||
```yaml
|
||||
- id: firezone
|
||||
description: Firezone
|
||||
secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'.
|
||||
public: false
|
||||
authorization_policy: two_factor
|
||||
enforce_pkce: true
|
||||
pkce_challenge_method: S256
|
||||
redirect_uris:
|
||||
- https://firezone.example.com/auth/oidc/authelia/callback
|
||||
scopes:
|
||||
- openid
|
||||
- email
|
||||
- profile
|
||||
userinfo_signing_algorithm: none
|
||||
```
|
||||
|
||||
## See Also
|
||||
|
||||
- [Firezone OIDC documentation](https://www.firezone.dev/docs/authenticate/oidc/)
|
||||
|
||||
[Authelia]: https://www.authelia.com
|
||||
[Firezone]: https://www.firezone.dev
|
||||
[OpenID Connect 1.0]: ../../openid-connect/introduction.md
|
|
@ -0,0 +1,91 @@
|
|||
---
|
||||
title: "MinIO"
|
||||
description: "Integrating MinIO with the Authelia OpenID Connect Provider."
|
||||
lead: ""
|
||||
date: 2022-06-15T17:51:47+10:00
|
||||
draft: false
|
||||
images: []
|
||||
menu:
|
||||
integration:
|
||||
parent: "openid-connect"
|
||||
weight: 620
|
||||
toc: true
|
||||
community: true
|
||||
---
|
||||
|
||||
## Tested Versions
|
||||
|
||||
* [Authelia]
|
||||
* [v4.37.5](https://github.com/authelia/authelia/releases/tag/v4.37.5)
|
||||
* [MinIO]
|
||||
* [2023-03-13T19:46:17Z](https://github.com/minio/minio/releases/tag/RELEASE.2023-03-13T19-46-17Z)
|
||||
|
||||
## Before You Begin
|
||||
|
||||
{{% oidc-common %}}
|
||||
|
||||
### Assumptions
|
||||
|
||||
This example makes the following assumptions:
|
||||
|
||||
* __Application Root URL:__ `https://minio.example.com`
|
||||
* __Authelia Root URL:__ `https://auth.example.com`
|
||||
* __Client ID:__ `minio`
|
||||
* __Client Secret:__ `insecure_secret`
|
||||
|
||||
## Configuration
|
||||
|
||||
### Application
|
||||
|
||||
To configure [MinIO] to utilize Authelia as an [OpenID Connect 1.0] Provider:
|
||||
|
||||
1. Login to [MinIO]
|
||||
2. On the left hand menu, go to `Identity`, then `OpenID`
|
||||
3. On the top right, click `Create Configuration`
|
||||
4. On the screen that appears, enter the following information:
|
||||
- Name: `authelia`
|
||||
- Config URL: `https://auth.example.com/.well-known/openid-configuration`
|
||||
- Client ID: `minio`
|
||||
- Client Secret: `insecure_secret`
|
||||
- Claim Name: Leave Empty
|
||||
- Display Name: `Authelia`
|
||||
- Claim Prefix: `authelia`
|
||||
- Scopes: `openid,profile,email`
|
||||
- Redirect URI: `https://minio.example.com/oauth_callback`
|
||||
- Role Policy: `readonly`
|
||||
- Claim User Info: Disabled
|
||||
- Redirect URI Dynamic: Disabled
|
||||
5. Press `Save` at the bottom
|
||||
6. Accept the offer of a server restart at the top
|
||||
7. When the login screen appears again, click the `Other Authentication Methods` open, then select `Authelia` from the list.
|
||||
8. Login
|
||||
|
||||
### Authelia
|
||||
|
||||
The following YAML configuration is an example __Authelia__
|
||||
[client configuration](../../../configuration/identity-providers/open-id-connect.md#clients) for use with [MinIO]
|
||||
which will operate with the above example:
|
||||
|
||||
```yaml
|
||||
- id: minio
|
||||
description: MinIO
|
||||
secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'.
|
||||
public: false
|
||||
authorization_policy: two_factor
|
||||
redirect_uris:
|
||||
- https://minio.example.com/apps/oidc_login/oidc
|
||||
scopes:
|
||||
- openid
|
||||
- profile
|
||||
- email
|
||||
- groups
|
||||
userinfo_signing_algorithm: none
|
||||
```
|
||||
|
||||
## See Also
|
||||
|
||||
- [MinIO OpenID Identiy Management](https://min.io/docs/minio/linux/reference/minio-server/minio-server.html#minio-server-envvar-external-identity-management-openid)
|
||||
|
||||
[MinIO]: https://minio.com/
|
||||
[Authelia]: https://www.authelia.com
|
||||
[OpenID Connect 1.0]: ../../openid-connect/introduction.md
|
|
@ -81,7 +81,7 @@ support to ensure the basic example covers your use case in a secure way.
|
|||
{{< details "Caddyfile" >}}
|
||||
```caddyfile
|
||||
## It is important to read the following document before enabling this section:
|
||||
## https://www.authelia.com/integration/proxies/caddy/#forwarded-header-trust#trusted-proxies
|
||||
## https://www.authelia.com/integration/proxies/caddy/#trusted-proxies
|
||||
(trusted_proxy_list) {
|
||||
## Uncomment & adjust the following line to configure specific ranges which should be considered as trustworthy.
|
||||
# trusted_proxies 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 fc00::/7
|
||||
|
@ -120,7 +120,7 @@ nextcloud.example.com {
|
|||
{{< details "Caddyfile" >}}
|
||||
```caddyfile
|
||||
## It is important to read the following document before enabling this section:
|
||||
## https://www.authelia.com/integration/proxies/caddy/#forwarded-header-trust#trusted-proxies
|
||||
## https://www.authelia.com/integration/proxies/caddy/#trusted-proxies
|
||||
(trusted_proxy_list) {
|
||||
## Uncomment & adjust the following line to configure specific ranges which should be considered as trustworthy.
|
||||
# trusted_proxies 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 fc00::/7
|
||||
|
@ -165,7 +165,7 @@ preferred in *most* situations. If you are unsure of what you're doing please do
|
|||
{{< details "Caddyfile" >}}
|
||||
```caddyfile
|
||||
## It is important to read the following document before enabling this section:
|
||||
## https://www.authelia.com/integration/proxies/caddy/#forwarded-header-trust#trusted-proxies
|
||||
## https://www.authelia.com/integration/proxies/caddy/#trusted-proxies
|
||||
(trusted_proxy_list) {
|
||||
## Uncomment & adjust the following line to configure specific ranges which should be considered as trustworthy.
|
||||
# trusted_proxies 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 fc00::/7
|
||||
|
|
|
@ -15,12 +15,22 @@ aliases:
|
|||
---
|
||||
|
||||
The __Authelia__ team takes security very seriously. Because __Authelia__ is intended as a security product a lot of
|
||||
decisions are made with security being the priority. This section discusses these decisions as well as considerations
|
||||
users should make when implementing __Authelia__.
|
||||
decisions are made with security being the priority and we always aim to implement security by design.
|
||||
|
||||
## Coordinated vulnerability disclosure
|
||||
|
||||
__Authelia__ follows the [coordinated vulnerability disclosure](https://en.wikipedia.org/wiki/Coordinated_vulnerability_disclosure)
|
||||
model when dealing with security vulnerabilities. This was previously known as responsible disclosure. We strongly
|
||||
urge anyone reporting vulnerabilities to __Authelia__ or any other project to follow this model as it is considered
|
||||
as a best practice by many in the security industry.
|
||||
__Authelia__ follows the [coordinated vulnerability disclosure] model when dealing with security vulnerabilities. This
|
||||
was previously known as responsible disclosure. We strongly urge anyone reporting vulnerabilities to __Authelia__ or any
|
||||
other project to follow this model as it is considered as a best practice by many in the security industry.
|
||||
|
||||
If you believe you have identified a security vulnerability or security related bug with __Authelia__ please make every
|
||||
effort to contact us privately using one of the [contact options](../../policies/security.md#contact-options) below.
|
||||
Please do not open an issue, do not notify us in public, and do not disclose this issue to third parties.
|
||||
|
||||
Using this process helps ensure that users affected have an avenue to fixing the issue as close to the issue being
|
||||
made public as possible. This mitigates the increasing the attack surface (via improving attacker knowledge) for
|
||||
diligent administrators simply via the act of disclosing the security issue.
|
||||
|
||||
## Policy
|
||||
|
||||
Please view our [security policy](../../policies/security.md) for more information.
|
||||
|
|
|
@ -75,6 +75,14 @@ Lastly Authelia's implementation of Argon2id is highly tunable. You can tune the
|
|||
(time), parallelism, and memory usage. To read more about this please read how to
|
||||
[configure](../../configuration/first-factor/file.md) file authentication.
|
||||
|
||||
## Protections against return oriented programming attacks and general hardening
|
||||
|
||||
Authelia is built as a position independent executable which makes Return Oriented Programming (ROP) attacks
|
||||
significantly more difficult to execute reliably.
|
||||
|
||||
In addition it is built as a static binary with full relocation read-only support making this and several other
|
||||
traditional binary weaknesses significantly more difficult to exploit.
|
||||
|
||||
## User profile and group membership always kept up-to-date (LDAP authentication provider)
|
||||
|
||||
This measure is unrelated to the File authentication provider.
|
||||
|
|
|
@ -11,58 +11,82 @@ aliases:
|
|||
---
|
||||
|
||||
The __Authelia__ team takes security very seriously. Because __Authelia__ is intended as a security product a lot of
|
||||
decisions are made with security being the priority.
|
||||
decisions are made with security being the priority and we always aim to implement security by design.
|
||||
|
||||
## Coordinated vulnerability disclosure
|
||||
|
||||
__Authelia__ follows the
|
||||
[coordinated vulnerability disclosure](https://en.wikipedia.org/wiki/Coordinated_vulnerability_disclosure) model when
|
||||
dealing with security vulnerabilities. This was previously known as responsible disclosure. We strongly urge anyone
|
||||
reporting vulnerabilities to __Authelia__ or any other project to follow this model as it is considered as a best
|
||||
practice by many in the security industry.
|
||||
__Authelia__ follows the [coordinated vulnerability disclosure] model when dealing with security vulnerabilities. This
|
||||
was previously known as responsible disclosure. We strongly urge anyone reporting vulnerabilities to __Authelia__ or any
|
||||
other project to follow this model as it is considered as a best practice by many in the security industry.
|
||||
|
||||
If you believe you have identified a security related bug with Authelia please do not open an issue, do not notify us in
|
||||
public, and do not disclose this issue to third parties. Please use one of the [contact options](#contact-options)
|
||||
below.
|
||||
If you believe you have identified a security vulnerability or security related bug with __Authelia__ please make every
|
||||
effort to contact us privately using one of the [contact options](#contact-options) below. Please do not open an issue,
|
||||
do not notify us in public, and do not disclose this issue to third parties.
|
||||
|
||||
Using this process helps ensure that users affected have an avenue to fixing the issue as close to the issue being
|
||||
made public as possible. This mitigates the increasing the attack surface (via improving attacker knowledge) for
|
||||
diligent administrators simply via the act of disclosing the security issue.
|
||||
|
||||
## Contact Options
|
||||
|
||||
Several contact options exist however it's important you specifically use a security contact method when reporting a
|
||||
security vulnerability or security related bug. These methods are clearly documented below.
|
||||
|
||||
### GitHub Security
|
||||
|
||||
Users can utilize GitHub's security vulnerability system to privately [report a vulnerability]. This is an easy method
|
||||
for users who have a GitHub account.
|
||||
|
||||
### Email
|
||||
|
||||
Please utilize the [security@authelia.com](mailto:team@authelia.com) email address for security issues discovered. This
|
||||
email address is only accessible by key members of the team for the purpose of disclosing security issues within the
|
||||
__Authelia__ code base.
|
||||
Users can utilize the [security@authelia.com](mailto:security@authelia.com) email address to privately report a
|
||||
vulnerability. This is an easy method of users who do not have a GitHub account.
|
||||
|
||||
This is the preferred method of reporting.
|
||||
This email address is only accessible by members of the [core team] for the purpose of disclosing security
|
||||
vulnerabilities and issues within the __Authelia__ code base.
|
||||
|
||||
### Chat
|
||||
|
||||
If you wish to chat directly instead of sending an email please use one of the
|
||||
[chat options](../information/contact.md#chat) but it is vital that when you do that you only do so privately with one
|
||||
of the maintainers. In order to start a private discussion you should ask to have a private discussion with a team
|
||||
member without mentioning the reason why you wish to have a private discussion so that provided the bug is confirmed we
|
||||
can coordinate the release of fixes and information responsibly.
|
||||
[chat options](../information/contact.md#chat) to direct / private message one of the [core team] members.
|
||||
|
||||
## Credit
|
||||
Please avoid this method unless absolutely necessary. We generally prefer that users use either the
|
||||
[GitHub Security](#github-security) or [Email](#email) option rather than this option as it both allows multiple team
|
||||
members to deal with the report and prevents mistakes when contacting a [core team] member.
|
||||
|
||||
Users who report bugs will optionally be credited for the discovery in the
|
||||
[security advisory](https://github.com/authelia/authelia/security/advisories) and/or in our
|
||||
[all contributors](https://github.com/authelia/authelia/blob/master/README.md#contribute) configuration/documentation.
|
||||
The [core team] members are identified in [Matrix](../information/contact.md#matrix) as room admins, and in
|
||||
[Discord](../information/contact.md#discord) with the `Core Team` role.
|
||||
|
||||
## Process
|
||||
|
||||
1. User privately reports a potential vulnerability.
|
||||
2. The core team reviews the report and ascertain if additional information is required.
|
||||
3. The core team reproduces the bug.
|
||||
4. The bug is patched, and if possible the user reporting te bug is given access to a fixed version or git patch.
|
||||
5. The fix is confirmed to resolve the vulnerability.
|
||||
6. The fix is released.
|
||||
7. The security advisory is published sometime after users have had a chance to update.
|
||||
1. The user privately reports a potential vulnerability.
|
||||
2. The report is acknowledged as received.
|
||||
3. The report is reviewed to ascertain if additional information is required. If it is required:
|
||||
1. The user is informed that the additional information is required.
|
||||
2. The user privately adds the additional information.
|
||||
3. The process begins at step 3 again, proceeding to step 4 if the additional information provided is sufficient.
|
||||
4. The vulnerability is reproduced.
|
||||
5. The vulnerability is patched, and if possible the user reporting the bug is given access to a fixed binary, docker
|
||||
image, and git patch.
|
||||
6. The patch is confirmed to resolve the vulnerability.
|
||||
7. The fix is released and users are notified that they should update urgently.
|
||||
8. The [security advisory] is published when (whichever happens sooner):
|
||||
- The CVE details are published by [MITRE], [NIST], etc.
|
||||
- Roughly 7 days after users have been notified the update is available.
|
||||
|
||||
[MITRE]: https://www.mitre.org/
|
||||
[NIST]: https://www.nist.gov/
|
||||
|
||||
## Credit
|
||||
|
||||
Users who report bugs will at their discretion (i.e. they do not have to be if they wish to remain anonymous) be
|
||||
credited for the discovery. Both in the [security advisory] and in our
|
||||
[all contributors] documentation.
|
||||
|
||||
## Help wanted
|
||||
|
||||
We are actively looking for sponsorship to obtain security audits to comprehensively ensure the security of Authelia.
|
||||
As security is imperative to us we see this as one of the main financial priorities.
|
||||
We are actively looking for sponsorship to obtain security audits to comprehensively ensure the security of _Authelia_.
|
||||
As security is really important to us we see this as one of the main financial priorities.
|
||||
|
||||
We believe that we should obtain the following categories of security audits:
|
||||
|
||||
|
@ -70,5 +94,11 @@ We believe that we should obtain the following categories of security audits:
|
|||
* Penetration Testing
|
||||
|
||||
If you know of a company which either performs these kinds of audits and would be willing to sponsor the audit in some
|
||||
way such as doing it pro bono or at a discounted rate, or wants to help improve Authelia in a meaningful way and is
|
||||
way such as doing it pro bono or at a discounted rate, or wants to help improve _Authelia_ in a meaningful way and is
|
||||
willing to make a financial contribution towards this then please feel free to contact us.
|
||||
|
||||
[coordinated vulnerability disclosure]: https://en.wikipedia.org/wiki/Coordinated_vulnerability_disclosure
|
||||
[security advisory]: https://github.com/authelia/authelia/security/advisories
|
||||
[report a vulnerability]: https://github.com/authelia/authelia/security/advisories/new
|
||||
[core team]: ../information/about.md#core-team
|
||||
[all contributors]: https://github.com/authelia/authelia/blob/master/README.md#contribute
|
||||
|
|
|
@ -22,6 +22,17 @@ prevent automatic upgrade of the `major` version.
|
|||
We generally do not recommend automated upgrades of critical systems but instead recommend ensuring you are notified an
|
||||
upgrade exists.
|
||||
|
||||
## Supported Versions
|
||||
|
||||
The following information is indicative of our support policy:
|
||||
|
||||
- We provide support to user questions for 3 `minor` versions at minimum
|
||||
- We provide bug fixes (as a `patch`) to the latest `minor` version
|
||||
- We provide vulnerability fixes:
|
||||
- As workarounds in the [security advisory](https://github.com/authelia/authelia/security/advisories) (if possible)
|
||||
- As patches in the [security advisory](https://github.com/authelia/authelia/security/advisories)
|
||||
- To the last 3 `minor` versions upon request
|
||||
|
||||
## Major Version Zero
|
||||
|
||||
A major version of `v0.x.x` indicates as per the [Semantic Versioning 2.0.0](https://semver.org/spec/v2.0.0.html) policy
|
||||
|
@ -35,6 +46,7 @@ It is important to note that each component has its own version, for example the
|
|||
v4.40.0 but another component such as the [Helm Chart](https://charts.authelia.com) version may be v0.9.0.
|
||||
|
||||
This means that a breaking change may occur to one but not the other as these components do not share a version.
|
||||
|
||||
## Exceptions
|
||||
|
||||
There are exceptions to this versioning policy.
|
||||
|
|
|
@ -0,0 +1,81 @@
|
|||
{
|
||||
"people": {
|
||||
"clement-michaud": {
|
||||
"display": "Clément Michaud",
|
||||
"description": "",
|
||||
"team": "core",
|
||||
"location": "Paris",
|
||||
"github": "clems4ever",
|
||||
"email": "",
|
||||
"discord": {
|
||||
"id": "",
|
||||
"tag": ""
|
||||
},
|
||||
"matrix": ""
|
||||
},
|
||||
"amir-zarrinkafsh": {
|
||||
"display": "Amir Zarrinkafsh",
|
||||
"description": "",
|
||||
"team": "core",
|
||||
"location": "Melbourne, Australia",
|
||||
"github": "nightah",
|
||||
"email": "",
|
||||
"discord": {
|
||||
"id": "",
|
||||
"tag": ""
|
||||
},
|
||||
"matrix": ""
|
||||
},
|
||||
"james-elliott": {
|
||||
"display": "James Elliott",
|
||||
"description": "",
|
||||
"team": "core",
|
||||
"location": "Melbourne, Australia",
|
||||
"github": "james-d-elliott",
|
||||
"email": "james.elliott@authelia.com",
|
||||
"discord": {
|
||||
"id": "209869584814047232",
|
||||
"tag": "James#6549"
|
||||
},
|
||||
"matrix": "@james:authelia.com"
|
||||
},
|
||||
"manuel-nunez": {
|
||||
"display": "Manuel Nuñez",
|
||||
"description": "",
|
||||
"team": "maintainers",
|
||||
"location": "Argentina",
|
||||
"github": "mind-ar",
|
||||
"email": "",
|
||||
"discord": {
|
||||
"id": "",
|
||||
"tag": ""
|
||||
},
|
||||
"matrix": ""
|
||||
}
|
||||
},
|
||||
"teams": {
|
||||
"core": {
|
||||
"display": "Core",
|
||||
"description": "The Core Team are effectively members of the Maintainers Team with extra responsibilities.",
|
||||
"people": ["clement-michaud", "amir-zarrinkafsh", "james-elliott"],
|
||||
"responsibilities": [
|
||||
"All responsibilities of the Maintainers Team",
|
||||
"Review and merge pull requests from all other teams",
|
||||
"Handle vulnerability and security related bug reports",
|
||||
"Handle project governance unanimously",
|
||||
"Maintain the project roadmap",
|
||||
"Coordinate collaboration",
|
||||
"Maintain the continuous integration and delivery pipelines and related mechanisms"
|
||||
]
|
||||
},
|
||||
"maintainers": {
|
||||
"display": "Maintainers",
|
||||
"description": "The Maintainer Team are traditional repository maintainers.",
|
||||
"people": ["manuel-nunez"],
|
||||
"responsibilities": [
|
||||
"Review and merge pull requests from external parties",
|
||||
"Respond to bug reports, feature requests, discussions, and support chat rooms"
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
|
@ -3,7 +3,7 @@
|
|||
Strict-Transport-Security: max-age=31536000; includeSubDomains
|
||||
X-Content-Type-Options: nosniff
|
||||
X-XSS-Protection: 1; mode=block
|
||||
Content-Security-Policy: default-src 'self'; script-src 'self' https://*.netlify.app 'unsafe-inline' 'sha512-RGGByJUOP98hE4wFZM78RM/3MijWJs0Tm0DbfrFhCDCXKXfDx60fii+syp5iMs3UcNX/1H4zJNgmqSejfhHrYw==' 'sha512-+T2H7TEv2U6umnIOWYijvTIrzdCZUYhm/FZo4YYQzKAHf8NWs+38cn3t9fdz2rCm2HqHDkthZZXnY4EWPdWnMA==' 'sha512-okYuGnNmmUuCX64AD7FVra0445z43U8riOY3jZue+WZ2KeVOWLo17hE/wZXGUIJh9WBiSHZ2epTd36MMP6R66w==' 'sha512-bv9WRsSROhTW5djDurORNUCGITVeRfjDXkhqg4Ez/4vTY6FcaVBPy4MXpn4EGC3J3oZNcxpfQIScElDKlmiLhw==' 'sha512-RBYr6Ld4w1yVqaACrgrBLQfPgGhj/1jyacA74WxJ1KM6KVcSWymwrdDwb3HDcdpwiNJ5yssot1He0U9vXoQVlg==' 'sha256-aWZ3y/RxbBYKHXH0z8+8ljrHG1mSBvyzSfxSMjBSaXk=' 'sha256-vOgyKS2vkH4n5TxBJpeh9SgzrE6LVGsAeOAvEST6oCc='; style-src 'self' https://*.netlify.app 'unsafe-inline'; img-src 'self' https://*.netlify.app data:; connect-src 'self' https://*.netlify.app; font-src 'self' https://*.netlify.app; manifest-src 'self' https://*.netlify.app; object-src 'none'; frame-src https://app.netlify.com; frame-ancestors 'none'; base-uri 'none'
|
||||
Content-Security-Policy: default-src 'self'; script-src 'self' https://*.netlify.app 'unsafe-inline' 'sha512-RGGByJUOP98hE4wFZM78RM/3MijWJs0Tm0DbfrFhCDCXKXfDx60fii+syp5iMs3UcNX/1H4zJNgmqSejfhHrYw==' 'sha512-+T2H7TEv2U6umnIOWYijvTIrzdCZUYhm/FZo4YYQzKAHf8NWs+38cn3t9fdz2rCm2HqHDkthZZXnY4EWPdWnMA==' 'sha512-okYuGnNmmUuCX64AD7FVra0445z43U8riOY3jZue+WZ2KeVOWLo17hE/wZXGUIJh9WBiSHZ2epTd36MMP6R66w==' 'sha512-bv9WRsSROhTW5djDurORNUCGITVeRfjDXkhqg4Ez/4vTY6FcaVBPy4MXpn4EGC3J3oZNcxpfQIScElDKlmiLhw==' 'sha512-RBYr6Ld4w1yVqaACrgrBLQfPgGhj/1jyacA74WxJ1KM6KVcSWymwrdDwb3HDcdpwiNJ5yssot1He0U9vXoQVlg==' 'sha256-aWZ3y/RxbBYKHXH0z8+8ljrHG1mSBvyzSfxSMjBSaXk=' 'sha256-vOgyKS2vkH4n5TxBJpeh9SgzrE6LVGsAeOAvEST6oCc='; style-src 'self' https://*.netlify.app 'unsafe-inline'; img-src 'self' https://*.netlify.app https://github.com https://avatars.githubusercontent.com data:; connect-src 'self' https://*.netlify.app; font-src 'self' https://*.netlify.app; manifest-src 'self' https://*.netlify.app; object-src 'none'; frame-src https://app.netlify.com; frame-ancestors 'none'; base-uri 'none'
|
||||
X-Frame-Options: SAMEORIGIN
|
||||
Referrer-Policy: strict-origin
|
||||
Feature-Policy: geolocation 'self'
|
||||
|
|
|
@ -0,0 +1,46 @@
|
|||
{{- $profile := index $.Site.Data.profiles.people .Profile }}
|
||||
{{- if $profile }}
|
||||
{{- $team := "" }}
|
||||
{{- if $profile.team }}
|
||||
{{- $team = index $.Site.Data.profiles.teams $profile.team }}
|
||||
{{- end }}
|
||||
<div class="card" style="border-radius: 15px;">
|
||||
<div class="card-body text-center">
|
||||
{{- if $profile.github }}
|
||||
<div class="mt-3 mb-4">
|
||||
<img src="https://github.com/{{ $profile.github }}.png"
|
||||
class="rounded-circle img-fluid" style="width: 100px;" />
|
||||
</div>
|
||||
{{- end }}
|
||||
<h4 class="mb-2">{{ $profile.display }}</h4>
|
||||
{{- if $team }}
|
||||
<p class="text-muted mb-4"><a href="{{ printf "%s#%s-team" (absURL "information/about") ($profile.team | lower) }}" target="_self">{{ $team.display }} Team</a></p>
|
||||
{{- end }}
|
||||
<div class="mb-4 pb-2">
|
||||
{{- if $profile.email }}
|
||||
<a role="button" class="btn btn-outline-primary btn-floating rounded-circle" href="mailto:{{ $profile.email }}" data-toggle="tooltip" data-placement="bottom" title="Email {{ $profile.display }} ({{ $profile.email }})">
|
||||
<i class="bi bi-envelope-fill"></i>
|
||||
</a>
|
||||
{{- end }}
|
||||
{{- if $profile.github }}
|
||||
<a role="button" class="btn btn-outline-primary btn-floating rounded-circle" href="https://github.com/{{ $profile.github }}/" target="_blank" rel="noopener" data-toggle="tooltip" data-placement="bottom" title="Checkout {{ $profile.display }} on GitHub ({{ $profile.github }})">
|
||||
<i class="bi bi-github"></i>
|
||||
</a>
|
||||
{{- end }}
|
||||
{{- if $profile.matrix }}
|
||||
<a role="button" class="btn btn-outline-primary btn-floating rounded-circle" href="https://matrix.to/#/{{ $profile.matrix }}" target="_blank" rel="noopener" data-toggle="tooltip" data-placement="bottom" title="Message {{ $profile.display }} on Matrix ({{ $profile.matrix }})">
|
||||
<i class="bi bi-chat-right-quote-fill"></i>
|
||||
</a>
|
||||
{{- end }}
|
||||
{{- if (and $profile.discord $profile.discord.id) }}
|
||||
<a role="button" class="btn btn-outline-primary btn-floating rounded-circle" href="https://discord.com/users/{{ $profile.discord.id }}" target="_blank" rel="noopener" data-toggle="tooltip" data-placement="bottom" title="Message {{ $profile.display}} on Discord ({{ $profile.discord.tag }})">
|
||||
<i class="bi bi-discord"></i>
|
||||
</a>
|
||||
{{- end }}
|
||||
</div>
|
||||
<a role="button" class="btn btn-primary btn-rounded btn-lg" href="{{ printf "%s/%s/" (absURL "contributors") .Profile }}">
|
||||
Profile Details
|
||||
</a>
|
||||
</div>
|
||||
</div>
|
||||
{{- end }}
|
|
@ -0,0 +1,10 @@
|
|||
{{- $key := .Get "name" }}
|
||||
<section class="vh-100">
|
||||
<div class="container py-5 h-100">
|
||||
<div class="row d-flex justify-content-center align-items-center h-100">
|
||||
<div class="col-md-12">
|
||||
{{ partial "content/profile-card.html" (dict "Site" .Site "Profile" $key) }}
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</section>
|
|
@ -0,0 +1,49 @@
|
|||
{{- $key := .Get "name" }}
|
||||
{{- $profile := index $.Site.Data.profiles.people $key }}
|
||||
{{- if $profile }}
|
||||
{{- $team := "" }}
|
||||
{{- if $profile.team }}
|
||||
{{- $team = index $.Site.Data.profiles.teams $profile.team }}
|
||||
{{- end }}
|
||||
{{- $email := false }}
|
||||
{{- if $profile.email }}{{ $email = true }}{{ end }}
|
||||
{{- $matrix := false }}
|
||||
{{- if $profile.matrix }}{{ $matrix = true }}{{ end }}
|
||||
{{- $discord := false }}
|
||||
{{- if (and $profile.discord $profile.discord.id) }}{{ $discord = true }}{{ end }}
|
||||
{{- if $profile.github }}
|
||||
<div class="mt-3 mb-4">
|
||||
<img src="https://github.com/{{ $profile.github }}.png"
|
||||
class="rounded-circle img-fluid" style="width: 100px;" />
|
||||
</div>
|
||||
{{- if $team }}
|
||||
<p class="text-muted mb-4"><a href="{{ printf "%s#%s-team" (absURL "information/about") ($profile.team | lower) }}" target="_self">{{ $team.display }} Team</a></p>
|
||||
{{- end }}
|
||||
<p class="text-muted mb-4">
|
||||
<i class="bi bi-geo-alt"></i> {{ $profile.location }}
|
||||
</p>
|
||||
{{- if $profile.description }}
|
||||
<p class="text-muted mb-4">{{ $profile.description }}</p>
|
||||
{{- end }}
|
||||
{{- if $profile.github }}
|
||||
<p>
|
||||
<i class="bi bi-github"></i> <a href="https://github.com/{{ $profile.github }}/" target="_blank" rel="noopener" data-toggle="tooltip" data-placement="bottom" title="Checkout {{ $profile.display }} on GitHub ({{ $profile.github }})">{{ $profile.github }}</a>
|
||||
</p>
|
||||
{{- end }}
|
||||
{{- if $email }}
|
||||
<p>
|
||||
<i class="bi bi-envelope"></i> <a href="mailto:{{ $profile.email }}" data-toggle="tooltip" data-placement="bottom" title="Email {{ $profile.display }} ({{ $profile.email }})">{{ $profile.email }}</a>
|
||||
</p>
|
||||
{{- end }}
|
||||
{{- if (or $matrix $discord) }}
|
||||
<p>
|
||||
{{- if $matrix }}
|
||||
<i class="bi bi-chat-right-quote"></i> <a href="https://matrix.to/#/{{ $profile.matrix }}" target="_blank" rel="noopener" data-toggle="tooltip" data-placement="bottom" title="Message {{ $profile.display }} on Matrix ({{ $profile.matrix }})">{{ $profile.matrix }}</a>
|
||||
{{- end }}
|
||||
{{- if $discord }}
|
||||
<i class="bi bi-discord"></i> <a href="https://discord.com/users/{{ $profile.discord.id }}" target="_blank" rel="noopener" data-toggle="tooltip" data-placement="bottom" title="Message {{ $profile.display}} on Discord ({{ $profile.discord.tag }})">{{ $profile.discord.tag }}</a>
|
||||
{{- end }}
|
||||
</p>
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -0,0 +1,23 @@
|
|||
{{- $key := .Get "name" }}
|
||||
{{- $team := index $.Site.Data.profiles.teams $key }}
|
||||
{{- if $team }}
|
||||
{{- $header := .Get "header" }}
|
||||
{{- if not $header }}{{ $header = "####" }}{{ end }}
|
||||
{{ $team.description }}
|
||||
|
||||
{{ $header }} Responsibilities
|
||||
|
||||
{{- range $team.responsibilities }}
|
||||
- {{ . }}
|
||||
{{- end }}
|
||||
|
||||
{{ $header }} Members
|
||||
|
||||
<div class="row row-cols-1 row-cols-md-2 row-cols-xl-3 g-4">
|
||||
{{- range $team.people }}
|
||||
<div class="col col-align-c">
|
||||
{{ partial "content/profile-card.html" (dict "Site" $.Site "Profile" .) }}
|
||||
</div>
|
||||
{{- end }}
|
||||
</div>
|
||||
{{- end }}
|
|
@ -45,7 +45,7 @@ services:
|
|||
- TZ=Australia/Melbourne
|
||||
|
||||
traefik:
|
||||
image: traefik:v2.9.8
|
||||
image: traefik:v2.9.9
|
||||
container_name: traefik
|
||||
volumes:
|
||||
- ./traefik:/etc/traefik
|
||||
|
|
|
@ -32,7 +32,7 @@ services:
|
|||
- TZ=Australia/Melbourne
|
||||
|
||||
traefik:
|
||||
image: traefik:v2.9.8
|
||||
image: traefik:v2.9.9
|
||||
container_name: traefik
|
||||
volumes:
|
||||
- ./traefik:/etc/traefik
|
||||
|
|
4
go.mod
4
go.mod
|
@ -13,7 +13,7 @@ require (
|
|||
github.com/go-asn1-ber/asn1-ber v1.5.4
|
||||
github.com/go-crypt/crypt v0.2.6
|
||||
github.com/go-ldap/ldap/v3 v3.4.4
|
||||
github.com/go-rod/rod v0.112.6
|
||||
github.com/go-rod/rod v0.112.8
|
||||
github.com/go-sql-driver/mysql v1.7.0
|
||||
github.com/go-webauthn/webauthn v0.8.2
|
||||
github.com/golang-jwt/jwt/v4 v4.5.0
|
||||
|
@ -33,7 +33,7 @@ require (
|
|||
github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826
|
||||
github.com/ory/fosite v0.44.0
|
||||
github.com/ory/herodot v0.9.13
|
||||
github.com/ory/x v0.0.543
|
||||
github.com/ory/x v0.0.545
|
||||
github.com/otiai10/copy v1.9.0
|
||||
github.com/pkg/errors v0.9.1
|
||||
github.com/pquerna/otp v1.4.0
|
||||
|
|
10
go.sum
10
go.sum
|
@ -160,8 +160,8 @@ github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG
|
|||
github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs=
|
||||
github.com/go-redis/redis/v8 v8.11.5 h1:AcZZR7igkdvfVmQTPnu9WE37LRrO/YrBH5zWyjDC0oI=
|
||||
github.com/go-redis/redis/v8 v8.11.5/go.mod h1:gREzHqY1hg6oD9ngVRbLStwAWKhA0FEgq8Jd4h5lpwo=
|
||||
github.com/go-rod/rod v0.112.6 h1:zMirUmhsBeshMWyf285BD0UGtGq54HfThLDGSjcP3lU=
|
||||
github.com/go-rod/rod v0.112.6/go.mod h1:ElViL9ABbcshNQw93+11FrYRH92RRhMKleuILo6+5V0=
|
||||
github.com/go-rod/rod v0.112.8 h1:lYFnHv/lFyjW/Ye0IhyKLeHw/zfhHbSTqawoCi2z/nI=
|
||||
github.com/go-rod/rod v0.112.8/go.mod h1:ElViL9ABbcshNQw93+11FrYRH92RRhMKleuILo6+5V0=
|
||||
github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
|
||||
github.com/go-sql-driver/mysql v1.7.0 h1:ueSltNNllEqE3qcWBTD0iQd3IpL/6U+mJxLkazJ7YPc=
|
||||
github.com/go-sql-driver/mysql v1.7.0/go.mod h1:OXbVy3sEdcQ2Doequ6Z5BW6fXNQTmx+9S1MCJN5yJMI=
|
||||
|
@ -372,8 +372,8 @@ github.com/ory/go-convenience v0.1.0/go.mod h1:uEY/a60PL5c12nYz4V5cHY03IBmwIAEm8
|
|||
github.com/ory/herodot v0.9.13 h1:cN/Z4eOkErl/9W7hDIDLb79IO/bfsH+8yscBjRpB4IU=
|
||||
github.com/ory/herodot v0.9.13/go.mod h1:IWDs9kSvFQqw/cQ8zi5ksyYvITiUU4dI7glUrhZcJYo=
|
||||
github.com/ory/viper v1.7.5/go.mod h1:ypOuyJmEUb3oENywQZRgeAMwqgOyDqwboO1tj3DjTaM=
|
||||
github.com/ory/x v0.0.543 h1:I6bl6IV2Ok07io6M2dnaRaJHP5oRU096T9FYoe8m48U=
|
||||
github.com/ory/x v0.0.543/go.mod h1:ktXUvx51Ok1gMGr3ysvktanqr+eiB4FXglt4nF4w2Uo=
|
||||
github.com/ory/x v0.0.545 h1:B2zw7LrQwtdzbaRo0nz4EvDukH7A2UK+IdeYQF2iXBw=
|
||||
github.com/ory/x v0.0.545/go.mod h1:x0n1bElGPQeONaKO++izk4CIOhiDhan+i1MUygjrlfM=
|
||||
github.com/otiai10/copy v1.9.0 h1:7KFNiCgZ91Ru4qW4CWPf/7jqtxLagGRmIxWldPP9VY4=
|
||||
github.com/otiai10/copy v1.9.0/go.mod h1:hsfX19wcn0UWIHUQ3/4fHuehhk2UyArQ9dVFAn3FczI=
|
||||
github.com/otiai10/curr v0.0.0-20150429015615-9b4961190c95/go.mod h1:9qAhocn7zKJG+0mI8eUu6xqkFDYS2kb2saOteoSB3cE=
|
||||
|
@ -507,8 +507,6 @@ github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6Kllzaw
|
|||
github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
|
||||
github.com/valyala/fasthttp v1.45.0 h1:zPkkzpIn8tdHZUrVa6PzYd0i5verqiPSkgTd3bSUcpA=
|
||||
github.com/valyala/fasthttp v1.45.0/go.mod h1:k2zXd82h/7UZc3VOdJ2WaUqt1uZ/XpXAfE9i+HBC3lA=
|
||||
github.com/wneessen/go-mail v0.3.8 h1:ja5D/o/RVwrtRIYFlrO7GmtcjDNeMakGQuwQRZYv0JM=
|
||||
github.com/wneessen/go-mail v0.3.8/go.mod h1:m25lkU2GYQnlVr6tdwK533/UXxo57V0kLOjaFYmub0E=
|
||||
github.com/wneessen/go-mail v0.3.9 h1:Q4DbCk3htT5DtDWKeMgNXCiHc4bBY/vv/XQPT6XDXzc=
|
||||
github.com/wneessen/go-mail v0.3.9/go.mod h1:zxOlafWCP/r6FEhAaRgH4IC1vg2YXxO0Nar9u0IScZ8=
|
||||
github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
version: '3'
|
||||
services:
|
||||
envoy:
|
||||
image: envoyproxy/envoy:v1.25.2
|
||||
image: envoyproxy/envoy:v1.25.3
|
||||
volumes:
|
||||
- ./example/compose/envoy/envoy.yaml:/etc/envoy/envoy.yaml
|
||||
- ./common/pki:/pki
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
FROM haproxy:2.7.4-alpine
|
||||
FROM haproxy:2.7.6-alpine
|
||||
USER root
|
||||
|
||||
RUN \
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
FROM alpine:3.17.2
|
||||
FROM alpine:3.17.3
|
||||
|
||||
RUN \
|
||||
apk add --no-cache \
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
version: '3'
|
||||
services:
|
||||
traefik:
|
||||
image: traefik:v2.9.8
|
||||
image: traefik:v2.9.9
|
||||
volumes:
|
||||
- '/var/run/docker.sock:/var/run/docker.sock'
|
||||
labels:
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
"private": true,
|
||||
"engines": {
|
||||
"node": ">=18.4.0",
|
||||
"pnpm": "7"
|
||||
"pnpm": "8"
|
||||
},
|
||||
"pnpm": {
|
||||
"peerDependencyRules": {
|
||||
|
@ -25,19 +25,19 @@
|
|||
"@emotion/cache": "11.10.5",
|
||||
"@emotion/react": "11.10.6",
|
||||
"@emotion/styled": "11.10.6",
|
||||
"@fortawesome/fontawesome-svg-core": "6.3.0",
|
||||
"@fortawesome/free-regular-svg-icons": "6.3.0",
|
||||
"@fortawesome/free-solid-svg-icons": "6.3.0",
|
||||
"@fortawesome/fontawesome-svg-core": "6.4.0",
|
||||
"@fortawesome/free-regular-svg-icons": "6.4.0",
|
||||
"@fortawesome/free-solid-svg-icons": "6.4.0",
|
||||
"@fortawesome/react-fontawesome": "0.2.0",
|
||||
"@mui/icons-material": "5.11.11",
|
||||
"@mui/material": "5.11.13",
|
||||
"@mui/material": "5.11.15",
|
||||
"@mui/styles": "5.11.13",
|
||||
"@simplewebauthn/browser": "7.2.0",
|
||||
"@simplewebauthn/typescript-types": "7.0.0",
|
||||
"axios": "1.3.4",
|
||||
"broadcast-channel": "4.20.2",
|
||||
"broadcast-channel": "5.0.3",
|
||||
"classnames": "2.3.2",
|
||||
"i18next": "22.4.12",
|
||||
"i18next": "22.4.13",
|
||||
"i18next-browser-languagedetector": "7.0.1",
|
||||
"i18next-http-backend": "2.2.0",
|
||||
"qrcode.react": "3.1.0",
|
||||
|
@ -45,7 +45,7 @@
|
|||
"react-dom": "18.2.0",
|
||||
"react-i18next": "12.2.0",
|
||||
"react-loading": "2.0.3",
|
||||
"react-router-dom": "6.9.0",
|
||||
"react-router-dom": "6.10.0",
|
||||
"react18-input-otp": "1.1.3",
|
||||
"zxcvbn": "4.4.2"
|
||||
},
|
||||
|
@ -148,27 +148,27 @@
|
|||
]
|
||||
},
|
||||
"devDependencies": {
|
||||
"@commitlint/cli": "17.4.4",
|
||||
"@commitlint/cli": "17.5.1",
|
||||
"@commitlint/config-conventional": "17.4.4",
|
||||
"@limegrass/eslint-plugin-import-alias": "1.0.6",
|
||||
"@testing-library/jest-dom": "5.16.5",
|
||||
"@testing-library/react": "14.0.0",
|
||||
"@types/jest": "29.5.0",
|
||||
"@types/node": "18.15.3",
|
||||
"@types/node": "18.15.11",
|
||||
"@types/qrcode.react": "1.0.2",
|
||||
"@types/react": "18.0.28",
|
||||
"@types/react": "18.0.31",
|
||||
"@types/react-dom": "18.0.11",
|
||||
"@types/zxcvbn": "4.4.1",
|
||||
"@typescript-eslint/eslint-plugin": "5.55.0",
|
||||
"@typescript-eslint/parser": "5.55.0",
|
||||
"@typescript-eslint/eslint-plugin": "5.57.0",
|
||||
"@typescript-eslint/parser": "5.57.0",
|
||||
"@vitejs/plugin-react": "3.1.0",
|
||||
"esbuild": "0.17.12",
|
||||
"esbuild": "0.17.14",
|
||||
"esbuild-jest": "0.5.0",
|
||||
"eslint": "8.36.0",
|
||||
"eslint-config-prettier": "8.7.0",
|
||||
"eslint": "8.37.0",
|
||||
"eslint-config-prettier": "8.8.0",
|
||||
"eslint-config-react-app": "7.0.1",
|
||||
"eslint-formatter-rdjson": "1.0.5",
|
||||
"eslint-import-resolver-typescript": "3.5.3",
|
||||
"eslint-import-resolver-typescript": "3.5.4",
|
||||
"eslint-plugin-import": "2.27.5",
|
||||
"eslint-plugin-jsx-a11y": "6.7.1",
|
||||
"eslint-plugin-prettier": "4.2.1",
|
||||
|
@ -179,10 +179,10 @@
|
|||
"jest-environment-jsdom": "29.5.0",
|
||||
"jest-transform-stub": "2.0.0",
|
||||
"jest-watch-typeahead": "2.2.2",
|
||||
"prettier": "2.8.4",
|
||||
"prettier": "2.8.7",
|
||||
"react-test-renderer": "18.2.0",
|
||||
"typescript": "5.0.2",
|
||||
"vite": "4.2.0",
|
||||
"typescript": "5.0.3",
|
||||
"vite": "4.2.1",
|
||||
"vite-plugin-eslint": "1.8.1",
|
||||
"vite-plugin-istanbul": "4.0.1",
|
||||
"vite-plugin-svgr": "2.4.0",
|
||||
|
|
3481
web/pnpm-lock.yaml
3481
web/pnpm-lock.yaml
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue