Misc Spelling Corrections

- Mostly changes to spelling of comments/docs/displayed text
- A few changes to test function names
pull/570/head
James Elliott 2020-01-21 11:10:00 +11:00 committed by Amir Zarrinkafsh
parent 47b34b4026
commit 736ed3f212
23 changed files with 34 additions and 34 deletions

View File

@ -63,7 +63,7 @@ Release Notes - Version 3.14.0
Release Notes - Version 3.13.0 Release Notes - Version 3.13.0
------------------------------ ------------------------------
* Rewrite Authelia portal in Typescript. * Rewrite Authelia portal in Typescript.
* Intoduce concept of suites and authelia-scripts. * Introduce concept of suites and authelia-scripts.
* Add official support for Kubernetes and a suite. * Add official support for Kubernetes and a suite.
* Improve documentation for nginx. * Improve documentation for nginx.
* Fix bypass policy not properly handled. * Fix bypass policy not properly handled.
@ -90,7 +90,7 @@ Release Notes - Version 3.10.0
------------------------------ ------------------------------
* Add docker-compose for deploying Authelia on Swarm*. * Add docker-compose for deploying Authelia on Swarm*.
* Add "keep me logged in" checkbox in first factor page. * Add "keep me logged in" checkbox in first factor page.
* Fix U2F compatiblity with Firefox. * Fix U2F compatibility with Firefox.
* Bump dependencies to fix vulnerabilities reported by snyk. * Bump dependencies to fix vulnerabilities reported by snyk.
* Improve documentation for dev setup. * Improve documentation for dev setup.

View File

@ -32,7 +32,7 @@ func init() {
SuitesTestCmd.Flags().BoolVar(&headless, "headless", false, "Run tests in headless mode") SuitesTestCmd.Flags().BoolVar(&headless, "headless", false, "Run tests in headless mode")
} }
// SuitesListCmd Command for listing the available suites // SuitesListCmd Command for listing the available suites.
var SuitesListCmd = &cobra.Command{ var SuitesListCmd = &cobra.Command{
Use: "list", Use: "list",
Short: "List available suites.", Short: "List available suites.",
@ -42,7 +42,7 @@ var SuitesListCmd = &cobra.Command{
Args: cobra.ExactArgs(0), Args: cobra.ExactArgs(0),
} }
// SuitesSetupCmd Command for setuping a suite environment // SuitesSetupCmd Command to setup a suite environment.
var SuitesSetupCmd = &cobra.Command{ var SuitesSetupCmd = &cobra.Command{
Use: "setup [suite]", Use: "setup [suite]",
Short: "Setup a Go suite environment. Suites can be listed using the list command.", Short: "Setup a Go suite environment. Suites can be listed using the list command.",

View File

@ -117,7 +117,7 @@ authentication_backend:
# It must stand at the beginning of the pattern. (example: *.mydomain.com) # It must stand at the beginning of the pattern. (example: *.mydomain.com)
# #
# Note: You must put patterns containing wildcards between simple quotes for the YAML # Note: You must put patterns containing wildcards between simple quotes for the YAML
# to be syntaxically correct. # to be syntactically correct.
# #
# Definition: A `rule` is an object with the following keys: `domain`, `subject`, # Definition: A `rule` is an object with the following keys: `domain`, `subject`,
# `policy` and `resources`. # `policy` and `resources`.

View File

@ -46,7 +46,7 @@ Integration tests are located under the `internal/suites` directory
and are based on Selenium. A suite is a combination of environment and are based on Selenium. A suite is a combination of environment
and tests. Executing a suite therefore means starting the environment, and tests. Executing a suite therefore means starting the environment,
running the tests and tearing down the environment. Each step can be running the tests and tearing down the environment. Each step can be
run independantly: run independently:
# List the available suites # List the available suites
$ authelia-scripts suites list $ authelia-scripts suites list

View File

@ -149,7 +149,7 @@ This documentation gives instructions that will make **Authelia** non
highly-available and non scalable by preventing you from running multiple highly-available and non scalable by preventing you from running multiple
instances of the application. instances of the application.
This means that **Authelia** won't be able to distribute the This means that **Authelia** won't be able to distribute the
load accross multiple servers and it will prevent failover in case of a load across multiple servers and it will prevent failover in case of a
crash or an hardware issue. Moreover, it will also prevent from reliably crash or an hardware issue. Moreover, it will also prevent from reliably
persisting data and consequently fail access to your platform as the devices persisting data and consequently fail access to your platform as the devices
registered by your users will be lost. registered by your users will be lost.

View File

@ -6,12 +6,12 @@ Authelia uses two mechanisms to protect against cookie theft:
1. session attribute `httpOnly` set to true make client-side code unable to 1. session attribute `httpOnly` set to true make client-side code unable to
read the cookie. read the cookie.
2. session attribute `secure` ensure the cookie will never be sent over an 2. session attribute `secure` ensure the cookie will never be sent over an
unsecure HTTP connections. insecure HTTP connections.
## Protection against multi-domain cookie attacks ## Protection against multi-domain cookie attacks
Since Authelia uses multi-domain cookies to perform single sign-on, an Since Authelia uses multi-domain cookies to perform single sign-on, an
attacker who poisonned a user's DNS cache can easily retrieve the user's attacker who poisoned a user's DNS cache can easily retrieve the user's
cookies by making the user send a request to one of the attacker's IPs. cookies by making the user send a request to one of the attacker's IPs.
To mitigate this risk, it's advisable to only use HTTPS connections with valid To mitigate this risk, it's advisable to only use HTTPS connections with valid
@ -54,12 +54,12 @@ that can be used to validate the authenticity of a server with a self signed
certificate. This can either be the public cert of the certificate authority certificate. This can either be the public cert of the certificate authority
used to sign the certificate or the public key itself. They must be in the PEM used to sign the certificate or the public key itself. They must be in the PEM
format. The certificate is added in addition to the certificates trusted by the format. The certificate is added in addition to the certificates trusted by the
;host machine. If the certificate is invalid, inaccessible, or is otherwise not host machine. If the certificate is invalid, inaccessible, or is otherwise not
configured; Authelia just uses the hosts certificates. configured; Authelia just uses the hosts certificates.
### Explanation ### Explanation
There are a few reasons for the security measures implemented: There are a few reasons for the security measures implemented:
1. Transmitting usernames and passwords over plain-text is an obvious vulnerability 1. Transmitting username's and passwords over plain-text is an obvious vulnerability
2. The emails generated by Authelia, if transmitted in plain-text could allow 2. The emails generated by Authelia, if transmitted in plain-text could allow
an attacker to intercept a link used to setup 2FA; which reduces security an attacker to intercept a link used to setup 2FA; which reduces security
3. Not validating the identity of the server allows man-in-the-middle attacks 3. Not validating the identity of the server allows man-in-the-middle attacks

View File

@ -67,7 +67,7 @@
Here is the list of credentials you can log in with to test access control.<br /> Here is the list of credentials you can log in with to test access control.<br />
<br /> Once first factor is passed, you will need to follow the links to register a secret for the second <br /> Once first factor is passed, you will need to follow the links to register a secret for the second
factor.<br /> Authelia factor.<br /> Authelia
will send you a fictituous email in a <strong>fake webmail</strong> at <a will send you a fictitious email in a <strong>fake webmail</strong> at <a
href="http://localhost:8085">http://localhost:8085</a>.<br /> href="http://localhost:8085">http://localhost:8085</a>.<br />
It will provide you with the link to complete the registration allowing you to authenticate with 2-factor. It will provide you with the link to complete the registration allowing you to authenticate with 2-factor.

View File

@ -33,7 +33,7 @@ func identityRetrieverFromStorage(ctx *middlewares.AutheliaCtx) (*session.Identi
} }
// ResetPasswordIdentityStart the handler for initiating the identity validation for resetting a password. // ResetPasswordIdentityStart the handler for initiating the identity validation for resetting a password.
// We need to ensure the attacker cannot perform user enumeration by alway replying with 200 whatever what happens in backend. // We need to ensure the attacker cannot perform user enumeration by always replying with 200 whatever what happens in backend.
var ResetPasswordIdentityStart = middlewares.IdentityVerificationStart(middlewares.IdentityVerificationStartArgs{ var ResetPasswordIdentityStart = middlewares.IdentityVerificationStart(middlewares.IdentityVerificationStartArgs{
MailSubject: "[Authelia] Reset your password", MailSubject: "[Authelia] Reset your password",
MailTitle: "Reset your password", MailTitle: "Reset your password",
@ -52,6 +52,6 @@ func resetPasswordIdentityFinish(ctx *middlewares.AutheliaCtx, username string)
ctx.ReplyOK() ctx.ReplyOK()
} }
// ResetPasswordIdentityFinish the handler for finishing the identity validation // ResetPasswordIdentityFinish the handler for finishing the identity validation.
var ResetPasswordIdentityFinish = middlewares.IdentityVerificationFinish( var ResetPasswordIdentityFinish = middlewares.IdentityVerificationFinish(
middlewares.IdentityVerificationFinishArgs{ActionClaim: ResetPasswordAction}, resetPasswordIdentityFinish) middlewares.IdentityVerificationFinishArgs{ActionClaim: ResetPasswordAction}, resetPasswordIdentityFinish)

View File

@ -92,7 +92,7 @@ func (s *SecondFactorDuoPostSuite) TestShouldCallDuoAPIAndFail() {
s.mock.Assert200KO(s.T(), "Authentication failed, please retry later.") s.mock.Assert200KO(s.T(), "Authentication failed, please retry later.")
} }
func TestRunSecondeFactorDuoPostSuite(t *testing.T) { func TestRunSecondFactorDuoPostSuite(t *testing.T) {
s := new(SecondFactorDuoPostSuite) s := new(SecondFactorDuoPostSuite)
suite.Run(t, s) suite.Run(t, s)
} }

View File

@ -12,14 +12,14 @@ import (
"github.com/sirupsen/logrus" "github.com/sirupsen/logrus"
) )
func loadInfo(username string, storageProvier storage.Provider, preferences *UserPreferences, logger *logrus.Entry) []error { func loadInfo(username string, storageProvider storage.Provider, preferences *UserPreferences, logger *logrus.Entry) []error {
var wg sync.WaitGroup var wg sync.WaitGroup
wg.Add(3) wg.Add(3)
errors := make([]error, 0) errors := make([]error, 0)
go func() { go func() {
defer wg.Done() defer wg.Done()
method, err := storageProvier.LoadPreferred2FAMethod(username) method, err := storageProvider.LoadPreferred2FAMethod(username)
if err != nil { if err != nil {
errors = append(errors, err) errors = append(errors, err)
logger.Error(err) logger.Error(err)
@ -34,7 +34,7 @@ func loadInfo(username string, storageProvier storage.Provider, preferences *Use
go func() { go func() {
defer wg.Done() defer wg.Done()
_, _, err := storageProvier.LoadU2FDeviceHandle(username) _, _, err := storageProvider.LoadU2FDeviceHandle(username)
if err != nil { if err != nil {
if err == storage.ErrNoU2FDeviceHandle { if err == storage.ErrNoU2FDeviceHandle {
return return
@ -48,7 +48,7 @@ func loadInfo(username string, storageProvier storage.Provider, preferences *Use
go func() { go func() {
defer wg.Done() defer wg.Done()
_, err := storageProvier.LoadTOTPSecret(username) _, err := storageProvider.LoadTOTPSecret(username)
if err != nil { if err != nil {
if err == storage.ErrNoTOTPSecret { if err == storage.ErrNoTOTPSecret {
return return
@ -64,7 +64,7 @@ func loadInfo(username string, storageProvier storage.Provider, preferences *Use
return errors return errors
} }
// UserInfoGet get the info related to the user identitified by the session. // UserInfoGet get the info related to the user identified by the session.
func UserInfoGet(ctx *middlewares.AutheliaCtx) { func UserInfoGet(ctx *middlewares.AutheliaCtx) {
userSession := ctx.GetSession() userSession := ctx.GetSession()

View File

@ -11,7 +11,7 @@ func init() {
logrus.AddHook(logrus_stack.NewHook(callerLevels, stackLevels)) logrus.AddHook(logrus_stack.NewHook(callerLevels, stackLevels))
} }
// Logger return the standard logrues logger. // Logger return the standard logrus logger.
func Logger() *logrus.Logger { func Logger() *logrus.Logger {
return logrus.StandardLogger() return logrus.StandardLogger()
} }

View File

@ -87,7 +87,7 @@ func TestShouldFailSendingAnEmail(t *testing.T) {
assert.Equal(t, "no notif", mock.Hook.LastEntry().Message) assert.Equal(t, "no notif", mock.Hook.LastEntry().Message)
} }
func TestShouldSucceedIdentityVerficationStartProcess(t *testing.T) { func TestShouldSucceedIdentityVerificationStartProcess(t *testing.T) {
mock := mocks.NewMockAutheliaCtx(t) mock := mocks.NewMockAutheliaCtx(t)
defer mock.Close() defer mock.Close()

View File

@ -69,7 +69,7 @@ access_control:
regulation: regulation:
# Set it to 0 to disable max_retries. # Set it to 0 to disable max_retries.
max_retries: 3 max_retries: 3
# The user is banned if the authenticaction failed `max_retries` times in a `find_time` seconds window. # The user is banned if the authentication failed `max_retries` times in a `find_time` seconds window.
find_time: 300 find_time: 300
# The length of time before a banned user can login again. # The length of time before a banned user can login again.
ban_time: 900 ban_time: 900

View File

@ -85,7 +85,7 @@ regulation:
# Set it to 0 to disable max_retries. # Set it to 0 to disable max_retries.
max_retries: 3 max_retries: 3
# The user is banned if the authenticaction failed `max_retries` times in a `find_time` seconds window. # The user is banned if the authentication failed `max_retries` times in a `find_time` seconds window.
find_time: 300 find_time: 300
# The length of time before a banned user can login again. # The length of time before a banned user can login again.

View File

@ -212,7 +212,7 @@ regulation:
max_retries: 3 max_retries: 3
# The time range during which the user can attempt login before being banned. # The time range during which the user can attempt login before being banned.
# The user is banned if the authenticaction failed `max_retries` times in a `find_time` seconds window. # The user is banned if the authentication failed `max_retries` times in a `find_time` seconds window.
find_time: 8 find_time: 8
# The length of time before a banned user can login again. # The length of time before a banned user can login again.

View File

@ -83,7 +83,7 @@ regulation:
# Set it to 0 to disable max_retries. # Set it to 0 to disable max_retries.
max_retries: 3 max_retries: 3
# The user is banned if the authenticaction failed `max_retries` times in a `find_time` seconds window. # The user is banned if the authentication failed `max_retries` times in a `find_time` seconds window.
find_time: 300 find_time: 300
# The length of time before a banned user can login again. # The length of time before a banned user can login again.

View File

@ -53,7 +53,7 @@ regulation:
# Set it to 0 to disable max_retries. # Set it to 0 to disable max_retries.
max_retries: 3 max_retries: 3
# The user is banned if the authenticaction failed `max_retries` times in a `find_time` seconds window. # The user is banned if the authentication failed `max_retries` times in a `find_time` seconds window.
find_time: 8 find_time: 8
# The length of time before a banned user can login again. # The length of time before a banned user can login again.

View File

@ -48,7 +48,7 @@ access_control:
regulation: regulation:
# Set it to 0 to disable max_retries. # Set it to 0 to disable max_retries.
max_retries: 3 max_retries: 3
# The user is banned if the authenticaction failed `max_retries` times in a `find_time` seconds window. # The user is banned if the authentication failed `max_retries` times in a `find_time` seconds window.
find_time: 300 find_time: 300
# The length of time before a banned user can login again. # The length of time before a banned user can login again.
ban_time: 900 ban_time: 900

View File

@ -53,7 +53,7 @@ regulation:
# Set it to 0 to disable max_retries. # Set it to 0 to disable max_retries.
max_retries: 3 max_retries: 3
# The user is banned if the authenticaction failed `max_retries` times in a `find_time` seconds window. # The user is banned if the authentication failed `max_retries` times in a `find_time` seconds window.
find_time: 8 find_time: 8
# The length of time before a banned user can login again. # The length of time before a banned user can login again.

View File

@ -69,7 +69,7 @@ access_control:
regulation: regulation:
# Set it to 0 to disable max_retries. # Set it to 0 to disable max_retries.
max_retries: 3 max_retries: 3
# The user is banned if the authenticaction failed `max_retries` times in a `find_time` seconds window. # The user is banned if the authentication failed `max_retries` times in a `find_time` seconds window.
find_time: 300 find_time: 300
# The length of time before a banned user can login again. # The length of time before a banned user can login again.
ban_time: 900 ban_time: 900

View File

@ -75,7 +75,7 @@ func (s *ResetPasswordScenario) TestShouldMakeAttackerThinkPasswordResetIsInitia
s.doVisit(s.T(), LoginBaseURL) s.doVisit(s.T(), LoginBaseURL)
s.verifyIsFirstFactorPage(ctx, s.T()) s.verifyIsFirstFactorPage(ctx, s.T())
// Try to initiate a password reset of an inexistant user // Try to initiate a password reset of an nonexistent user.
s.doInitiatePasswordReset(ctx, s.T(), "i_dont_exist") s.doInitiatePasswordReset(ctx, s.T(), "i_dont_exist")
// Check that the notification make the attacker thinks the process is initiated // Check that the notification make the attacker thinks the process is initiated

View File

@ -5,7 +5,7 @@ import (
"time" "time"
) )
// CheckUntil regurly check a predicate until it's true or time out is reached // CheckUntil regularly check a predicate until it's true or time out is reached.
func CheckUntil(interval time.Duration, timeout time.Duration, predicate func() (bool, error)) error { func CheckUntil(interval time.Duration, timeout time.Duration, predicate func() (bool, error)) error {
for { for {
select { select {

View File

@ -31,11 +31,11 @@ See the section about [deployment](https://facebook.github.io/create-react-app/d
**Note: this is a one-way operation. Once you `eject`, you cant go back!** **Note: this is a one-way operation. Once you `eject`, you cant go back!**
If you arent satisfied with the build tool and configuration choices, you can `eject` at any time. This command will remove the single build dependency from your project. If you aren't satisfied with the build tool and configuration choices, you can `eject` at any time. This command will remove the single build dependency from your project.
Instead, it will copy all the configuration files and the transitive dependencies (Webpack, Babel, ESLint, etc) right into your project so you have full control over them. All of the commands except `eject` will still work, but they will point to the copied scripts so you can tweak them. At this point youre on your own. Instead, it will copy all the configuration files and the transitive dependencies (Webpack, Babel, ESLint, etc) right into your project so you have full control over them. All of the commands except `eject` will still work, but they will point to the copied scripts so you can tweak them. At this point youre on your own.
You dont have to ever use `eject`. The curated feature set is suitable for small and middle deployments, and you shouldnt feel obligated to use this feature. However we understand that this tool wouldnt be useful if you couldnt customize it when you are ready for it. You dont have to ever use `eject`. The curated feature set is suitable for small and middle deployments, and you shouldnt feel obligated to use this feature. However we understand that this tool wouldn't be useful if you couldn't customize it when you are ready for it.
## Learn More ## Learn More