RPJosh
/
authelia
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/master' into feat-settings-ui 

# Conflicts:
#	web/package.json
#	web/pnpm-lock.yaml
feat-otp-email-verify
James Elliott 2023-04-21 21:32:32 +10:00
parent 79973414e4 72ab2e690e
commit 873749a28f
No known key found for this signature in database
GPG Key ID: 0F1C4A096E857E49
22 changed files with 380 additions and 289 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
api/openapi.yml
View File

@ -155,7 +155,7 @@ paths:
example: '{{ $.Domain | default "example.com" }}'
schema:
type: string
- name: X-Forwarded-Uri
- name: X-Forwarded-URI
in: header
description: Redirection URL (URI)
required: false
@ -1540,7 +1540,7 @@ components:
schema:
type: string
forwardedURIParam:
name: X-Forwarded-Uri
name: X-Forwarded-URI
in: header
description: Redirection URL (URI)
required: true

2
docs/content/en/integration/proxies/caddy.md
View File

@ -230,7 +230,7 @@ nextcloud.example.com {
rewrite "/api/authz/forward-auth?authelia_url=https://auth.example.com/"
header_up X-Forwarded-Method {method}
header_up X-Forwarded-Uri {uri}
header_up X-Forwarded-URI {uri}
## If the auth request:
## 1. Responds with a status code IN the 200-299 range.

29
docs/content/en/integration/proxies/introduction.md
View File

@ -28,6 +28,29 @@ bootstrapping *Authelia*.
See [support](support.md) for support information.
### Required Headers
__Authelia__ itself requires the following headers are set when secured behind a reverse proxy:
* Scheme Detection:
* Default: [X-Forwarded-Proto] (header)
* Fallback: TLS (listening socket state)
* Host Detection:
* Default: [X-Forwarded-Host] (header)
* Fallback: [Host] (header)
* Path Detection:
* Default: X-Forwarded-URI (header)
* Fallback: [Start Line] Request Target (start line)
* Remote IP:
* Default: [X-Forwarded-For]
* Fallback: TCP source IP
[Host]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Host
[Start Line]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Messages#start_line
[X-Forwarded-For]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For
[X-Forwarded-Proto]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Proto
[X-Forwarded-Host]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Host
## Integration Implementation
Authelia is capable of being integrated into many proxies due to the decisions regarding the implementation. We handle
@ -41,12 +64,14 @@ your reverse proxy. The headers we rely on at the authz endpoints are as follows
* [X-Forwarded-Proto](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Proto)
* [X-Forwarded-Host](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Host)
* X-Forwarded-Uri
* X-Forwarded-URI
* [X-Forwarded-For](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For)
* X-Forwarded-Method / X-Original-Method
* X-Original-URL
The specifics however are dictated by the specific [Authorization Implementation](../../reference/guides/proxy-authorization.md) used.
The specifics however are dictated by the specific
[Authorization Implementation](../../reference/guides/proxy-authorization.md) used. Please refer to the specific
implementation you're using.
### User Identification

8
docs/content/en/integration/proxies/nginx.md
View File

@ -350,7 +350,7 @@ use cases.
The following is an example `proxy.conf`. The important directives include the `real_ip` directives which you should read
[Trusted Proxies](#trusted-proxies) section to understand, or set the `X-Forwarded-Proto`, `X-Forwarded-Host`,
`X-Forwarded-Uri`, and `X-Forwarded-For` headers.
`X-Forwarded-URI`, and `X-Forwarded-For` headers.
##### Standard Variant
@ -363,7 +363,7 @@ proxy_set_header Host $host;
proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Uri $request_uri;
proxy_set_header X-Forwarded-URI $request_uri;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
@ -408,7 +408,7 @@ proxy_set_header Host $host;
proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Uri $request_uri;
proxy_set_header X-Forwarded-URI $request_uri;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-For $remote_addr;
```
@ -539,7 +539,7 @@ location /internal/authelia/authz/basic {
proxy_set_header X-Forwarded-Method $request_method;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Uri $request_uri;
proxy_set_header X-Forwarded-URI $request_uri;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Content-Length "";
proxy_set_header Connection "";

1
docs/content/en/reference/cli/authelia/authelia_crypto_certificate_ecdsa_generate.md
View File

@ -56,6 +56,7 @@ authelia crypto certificate ecdsa generate --help
-o, --organization strings certificate organization (default [Authelia])
--organizational-unit strings certificate organizational unit
--path.ca string source directory of the certificate authority files, if not provided the certificate will be self-signed
--pkcs8 force PKCS #8 ASN.1 format
-p, --postcode strings certificate postcode
--province strings certificate province
--sans strings subject alternative names

1
docs/content/en/reference/cli/authelia/authelia_crypto_certificate_ecdsa_request.md
View File

@ -48,6 +48,7 @@ authelia crypto certificate ecdsa request --help
--not-before string earliest date and time the certificate is considered valid in various formats (default is now)
-o, --organization strings certificate organization (default [Authelia])
--organizational-unit strings certificate organizational unit
--pkcs8 force PKCS #8 ASN.1 format
-p, --postcode strings certificate postcode
--province strings certificate province
--sans strings subject alternative names

1
docs/content/en/reference/cli/authelia/authelia_crypto_certificate_ed25519_generate.md
View File

@ -55,6 +55,7 @@ authelia crypto certificate ed25519 request --help
-o, --organization strings certificate organization (default [Authelia])
--organizational-unit strings certificate organizational unit
--path.ca string source directory of the certificate authority files, if not provided the certificate will be self-signed
--pkcs8 force PKCS #8 ASN.1 format
-p, --postcode strings certificate postcode
--province strings certificate province
--sans strings subject alternative names

1
docs/content/en/reference/cli/authelia/authelia_crypto_certificate_ed25519_request.md
View File

@ -47,6 +47,7 @@ authelia crypto certificate ed25519 request --help
--not-before string earliest date and time the certificate is considered valid in various formats (default is now)
-o, --organization strings certificate organization (default [Authelia])
--organizational-unit strings certificate organizational unit
--pkcs8 force PKCS #8 ASN.1 format
-p, --postcode strings certificate postcode
--province strings certificate province
--sans strings subject alternative names

1
docs/content/en/reference/cli/authelia/authelia_crypto_certificate_rsa_generate.md
View File

@ -56,6 +56,7 @@ authelia crypto certificate rsa generate --help
-o, --organization strings certificate organization (default [Authelia])
--organizational-unit strings certificate organizational unit
--path.ca string source directory of the certificate authority files, if not provided the certificate will be self-signed
--pkcs8 force PKCS #8 ASN.1 format
-p, --postcode strings certificate postcode
--province strings certificate province
--sans strings subject alternative names

1
docs/content/en/reference/cli/authelia/authelia_crypto_certificate_rsa_request.md
View File

@ -48,6 +48,7 @@ authelia crypto certificate rsa request --help
--not-before string earliest date and time the certificate is considered valid in various formats (default is now)
-o, --organization strings certificate organization (default [Authelia])
--organizational-unit strings certificate organizational unit
--pkcs8 force PKCS #8 ASN.1 format
-p, --postcode strings certificate postcode
--province strings certificate province
--sans strings subject alternative names

2
go.mod
View File

@ -34,7 +34,7 @@ require (
github.com/ory/fosite v0.44.0
github.com/ory/herodot v0.10.2
github.com/ory/x v0.0.553
github.com/otiai10/copy v1.10.0
github.com/otiai10/copy v1.11.0
github.com/pkg/errors v0.9.1
github.com/pquerna/otp v1.4.0
github.com/prometheus/client_golang v1.15.0

4
go.sum
View File

@ -329,8 +329,8 @@ github.com/ory/herodot v0.10.2 h1:gGvNMHgAwWzdP/eo+roSiT5CGssygHSjDU7MSQNlJ4E=
github.com/ory/herodot v0.10.2/go.mod h1:MMNmY6MG1uB6fnXYFaHoqdV23DTWctlPsmRCeq/2+wc=
github.com/ory/x v0.0.553 h1:dRSEcbfpJYOl+yk55LTiLUXq2JslaeVaTp6CzHQW5Kw=
github.com/ory/x v0.0.553/go.mod h1:oRVemI3SQQOLvOCJWIRinHQKlgmay/NbwSyRUIsS/Yk=
github.com/otiai10/copy v1.10.0 h1:znyI7l134wNg/wDktoVQPxPkgvhDfGCYUasey+h0rDQ=
github.com/otiai10/copy v1.10.0/go.mod h1:rSaLseMUsZFFbsFGc7wCJnnkTAvdc5L6VWxPE4308Ww=
github.com/otiai10/copy v1.11.0 h1:OKBD80J/mLBrwnzXqGtFCzprFSGioo30JcmR4APsNwc=
github.com/otiai10/copy v1.11.0/go.mod h1:rSaLseMUsZFFbsFGc7wCJnnkTAvdc5L6VWxPE4308Ww=
github.com/otiai10/mint v1.5.1 h1:XaPLeE+9vGbuyEHem1JNk3bYc7KKqyI/na0/mLd/Kks=
github.com/pborman/uuid v1.2.1 h1:+ZZIw58t/ozdjRaXh/3awHfmWRbzYxJoAdNJxe/3pvw=
github.com/pborman/uuid v1.2.1/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k=

21
internal/commands/crypto.go
View File

@ -275,18 +275,20 @@ func (ctx *CmdCtx) CryptoGenerateRunE(cmd *cobra.Command, args []string) (err er
// CryptoCertificateRequestRunE is the RunE for the authelia crypto certificate request command.
func (ctx *CmdCtx) CryptoCertificateRequestRunE(cmd *cobra.Command, _ []string) (err error) {
var (
template *x509.CertificateRequest
privateKey any
csr []byte
privateKeyPath, csrPath string
pkcs8 bool
)
if privateKey, err = ctx.cryptoGenPrivateKeyFromCmd(cmd); err != nil {
return err
}
var (
template *x509.CertificateRequest
csr []byte
privateKeyPath, csrPath string
)
if pkcs8, err = cmd.Flags().GetBool(cmdFlagNamePKCS8); err != nil {
return err
}
if template, err = cryptoGetCSRFromCmd(cmd); err != nil {
return err
@ -329,7 +331,7 @@ func (ctx *CmdCtx) CryptoCertificateRequestRunE(cmd *cobra.Command, _ []string)
return fmt.Errorf("failed to create certificate request: %w", err)
}
if err = utils.WriteKeyToPEM(privateKey, privateKeyPath, false); err != nil {
if err = utils.WriteKeyToPEM(privateKey, privateKeyPath, pkcs8); err != nil {
return err
}
@ -345,8 +347,13 @@ func (ctx *CmdCtx) CryptoCertificateGenerateRunE(cmd *cobra.Command, _ []string,
var (
template, caCertificate, parent *x509.Certificate
publicKey, caPrivateKey, signatureKey any
pkcs8 bool
)
if pkcs8, err = cmd.Flags().GetBool(cmdFlagNamePKCS8); err != nil {
return err
}
if publicKey = utils.PublicKeyFromPrivateKey(privateKey); publicKey == nil {
return fmt.Errorf("failed to obtain public key from private key")
}
@ -419,7 +426,7 @@ func (ctx *CmdCtx) CryptoCertificateGenerateRunE(cmd *cobra.Command, _ []string,
return fmt.Errorf("failed to create certificate: %w", err)
}
if err = utils.WriteKeyToPEM(privateKey, privateKeyPath, false); err != nil {
if err = utils.WriteKeyToPEM(privateKey, privateKeyPath, pkcs8); err != nil {
return err
}

2
internal/commands/crypto_helper.go
View File

@ -59,10 +59,10 @@ func cmdFlagsCryptoCertificateRequest(cmd *cobra.Command) {
func cmdFlagsCryptoPairGenerate(cmd *cobra.Command) {
cmd.Flags().String(cmdFlagNameFilePublicKey, "public.pem", "name of the file to export the public key data to")
cmd.Flags().Bool(cmdFlagNamePKCS8, false, "force PKCS #8 ASN.1 format")
}
func cmdFlagsCryptoPrivateKey(cmd *cobra.Command) {
cmd.Flags().Bool(cmdFlagNamePKCS8, false, "force PKCS #8 ASN.1 format")
cmd.Flags().String(cmdFlagNameFilePrivateKey, "private.pem", "name of the file to export the private key data to")
cmd.Flags().StringP(cmdFlagNameDirectory, "d", "", "directory where the generated keys, certificates, etc will be stored")
}

2
internal/handlers/const_test.go
View File

@ -21,7 +21,7 @@ var (
const (
testXOriginalMethod = "X-Original-Method"
testXOriginalUrl = "X-Original-Url"
testXOriginalUrl = "X-Original-URL"
testBypass = "bypass"
testWithoutAccept = "WithoutAccept"
testWithXHRHeader = "WithXHRHeader"

6
internal/handlers/handler_authz_impl_forwardauth_test.go
View File

@ -240,7 +240,7 @@ func (s *ForwardAuthAuthzSuite) TestShouldHandleMissingHostDeny() {
mock.Ctx.Request.Header.Set("X-Forwarded-Method", method)
mock.Ctx.Request.Header.Set(fasthttp.HeaderXForwardedProto, "https")
mock.Ctx.Request.Header.Del(fasthttp.HeaderXForwardedHost)
mock.Ctx.Request.Header.Set("X-Forwarded-Uri", "/")
mock.Ctx.Request.Header.Set("X-Forwarded-URI", "/")
mock.Ctx.Request.Header.Set(fasthttp.HeaderAccept, "text/html; charset=utf-8")
authz.Handler(mock.Ctx)
@ -395,7 +395,7 @@ func (s *ForwardAuthAuthzSuite) TestShouldHandleInvalidURLForCVE202132637() {
mock.Ctx.Request.Header.Set("X-Forwarded-Method", method)
mock.Ctx.Request.Header.SetBytesKV([]byte(fasthttp.HeaderXForwardedProto), tc.scheme)
mock.Ctx.Request.Header.SetBytesKV([]byte(fasthttp.HeaderXForwardedHost), tc.host)
mock.Ctx.Request.Header.Set("X-Forwarded-Uri", tc.path)
mock.Ctx.Request.Header.Set("X-Forwarded-URI", tc.path)
mock.Ctx.Request.Header.Set(fasthttp.HeaderAccept, "text/html; charset=utf-8")
authz.Handler(mock.Ctx)
@ -560,7 +560,7 @@ func setRequestForwardAuth(ctx *middlewares.AutheliaCtx, method string, targetUR
if targetURI != nil {
ctx.Request.Header.Set(fasthttp.HeaderXForwardedProto, targetURI.Scheme)
ctx.Request.Header.Set(fasthttp.HeaderXForwardedHost, targetURI.Host)
ctx.Request.Header.Set("X-Forwarded-Uri", targetURI.Path)
ctx.Request.Header.Set("X-Forwarded-URI", targetURI.Path)
}
setRequestXHRValues(ctx, accept, xhr)

22
internal/handlers/handler_authz_impl_legacy_test.go
View File

@ -60,7 +60,7 @@ func (s *LegacyAuthzSuite) TestShouldHandleAllMethodsDeny() {
mock.Ctx.Request.Header.Set("X-Forwarded-Method", method)
mock.Ctx.Request.Header.Set(fasthttp.HeaderXForwardedProto, pairURI.TargetURI.Scheme)
mock.Ctx.Request.Header.Set(fasthttp.HeaderXForwardedHost, pairURI.TargetURI.Host)
mock.Ctx.Request.Header.Set("X-Forwarded-Uri", pairURI.TargetURI.Path)
mock.Ctx.Request.Header.Set("X-Forwarded-URI", pairURI.TargetURI.Path)
mock.Ctx.Request.Header.Set(fasthttp.HeaderAccept, "text/html; charset=utf-8")
authz.Handler(mock.Ctx)
@ -108,7 +108,7 @@ func (s *LegacyAuthzSuite) TestShouldHandleAllMethodsOverrideAutheliaURLDeny() {
mock.Ctx.Request.Header.Set("X-Forwarded-Method", method)
mock.Ctx.Request.Header.Set(fasthttp.HeaderXForwardedProto, pairURI.TargetURI.Scheme)
mock.Ctx.Request.Header.Set(fasthttp.HeaderXForwardedHost, pairURI.TargetURI.Host)
mock.Ctx.Request.Header.Set("X-Forwarded-Uri", pairURI.TargetURI.Path)
mock.Ctx.Request.Header.Set("X-Forwarded-URI", pairURI.TargetURI.Path)
mock.Ctx.Request.Header.Set(fasthttp.HeaderAccept, "text/html; charset=utf-8")
authz.Handler(mock.Ctx)
@ -151,7 +151,7 @@ func (s *LegacyAuthzSuite) TestShouldHandleAllMethodsMissingAutheliaURLBypassSta
mock.Ctx.Request.Header.Set("X-Forwarded-Method", method)
mock.Ctx.Request.Header.Set(fasthttp.HeaderXForwardedProto, targetURI.Scheme)
mock.Ctx.Request.Header.Set(fasthttp.HeaderXForwardedHost, targetURI.Host)
mock.Ctx.Request.Header.Set("X-Forwarded-Uri", targetURI.Path)
mock.Ctx.Request.Header.Set("X-Forwarded-URI", targetURI.Path)
mock.Ctx.Request.Header.Set(fasthttp.HeaderAccept, "text/html; charset=utf-8")
authz.Handler(mock.Ctx)
@ -183,7 +183,7 @@ func (s *LegacyAuthzSuite) TestShouldHandleAllMethodsMissingAutheliaURLOneFactor
mock.Ctx.Request.Header.Set("X-Forwarded-Method", method)
mock.Ctx.Request.Header.Set(fasthttp.HeaderXForwardedProto, targetURI.Scheme)
mock.Ctx.Request.Header.Set(fasthttp.HeaderXForwardedHost, targetURI.Host)
mock.Ctx.Request.Header.Set("X-Forwarded-Uri", targetURI.Path)
mock.Ctx.Request.Header.Set("X-Forwarded-URI", targetURI.Path)
mock.Ctx.Request.Header.Set(fasthttp.HeaderAccept, "text/html; charset=utf-8")
authz.Handler(mock.Ctx)
@ -213,7 +213,7 @@ func (s *LegacyAuthzSuite) TestShouldHandleAllMethodsRDAutheliaURLOneFactorStatu
mock.Ctx.Request.Header.Set("X-Forwarded-Method", method)
mock.Ctx.Request.Header.Set(fasthttp.HeaderXForwardedProto, targetURI.Scheme)
mock.Ctx.Request.Header.Set(fasthttp.HeaderXForwardedHost, targetURI.Host)
mock.Ctx.Request.Header.Set("X-Forwarded-Uri", targetURI.Path)
mock.Ctx.Request.Header.Set("X-Forwarded-URI", targetURI.Path)
mock.Ctx.Request.Header.Set(fasthttp.HeaderAccept, "text/html; charset=utf-8")
mock.Ctx.Request.SetRequestURI("/api/verify?rd=https%3A%2F%2Fauth.example.com")
@ -263,7 +263,7 @@ func (s *LegacyAuthzSuite) TestShouldHandleAllMethodsXHRDeny() {
mock.Ctx.Request.Header.Set("X-Forwarded-Method", method)
mock.Ctx.Request.Header.Set(fasthttp.HeaderXForwardedProto, pairURI.TargetURI.Scheme)
mock.Ctx.Request.Header.Set(fasthttp.HeaderXForwardedHost, pairURI.TargetURI.Host)
mock.Ctx.Request.Header.Set("X-Forwarded-Uri", pairURI.TargetURI.Path)
mock.Ctx.Request.Header.Set("X-Forwarded-URI", pairURI.TargetURI.Path)
if x {
mock.Ctx.Request.Header.Set(fasthttp.HeaderAccept, "text/html; charset=utf-8")
@ -311,7 +311,7 @@ func (s *LegacyAuthzSuite) TestShouldHandleInvalidMethodCharsDeny() {
mock.Ctx.Request.Header.Set("X-Forwarded-Method", method)
mock.Ctx.Request.Header.Set(fasthttp.HeaderXForwardedProto, targetURI.Scheme)
mock.Ctx.Request.Header.Set(fasthttp.HeaderXForwardedHost, targetURI.Host)
mock.Ctx.Request.Header.Set("X-Forwarded-Uri", targetURI.Path)
mock.Ctx.Request.Header.Set("X-Forwarded-URI", targetURI.Path)
mock.Ctx.Request.Header.Set(fasthttp.HeaderAccept, "text/html; charset=utf-8")
authz.Handler(mock.Ctx)
@ -338,7 +338,7 @@ func (s *LegacyAuthzSuite) TestShouldHandleMissingHostDeny() {
mock.Ctx.Request.Header.Set("X-Forwarded-Method", method)
mock.Ctx.Request.Header.Set(fasthttp.HeaderXForwardedProto, "https")
mock.Ctx.Request.Header.Del(fasthttp.HeaderXForwardedHost)
mock.Ctx.Request.Header.Set("X-Forwarded-Uri", "/")
mock.Ctx.Request.Header.Set("X-Forwarded-URI", "/")
mock.Ctx.Request.Header.Set(fasthttp.HeaderAccept, "text/html; charset=utf-8")
authz.Handler(mock.Ctx)
@ -370,7 +370,7 @@ func (s *LegacyAuthzSuite) TestShouldHandleAllMethodsAllow() {
mock.Ctx.Request.Header.Set("X-Forwarded-Method", method)
mock.Ctx.Request.Header.Set(fasthttp.HeaderXForwardedProto, targetURI.Scheme)
mock.Ctx.Request.Header.Set(fasthttp.HeaderXForwardedHost, targetURI.Host)
mock.Ctx.Request.Header.Set("X-Forwarded-Uri", targetURI.Path)
mock.Ctx.Request.Header.Set("X-Forwarded-URI", targetURI.Path)
mock.Ctx.Request.Header.Set(fasthttp.HeaderAccept, "text/html; charset=utf-8")
authz.Handler(mock.Ctx)
@ -454,7 +454,7 @@ func (s *LegacyAuthzSuite) TestShouldHandleAllMethodsAllowXHR() {
mock.Ctx.Request.Header.Set("X-Forwarded-Method", method)
mock.Ctx.Request.Header.Set(fasthttp.HeaderXForwardedProto, targetURI.Scheme)
mock.Ctx.Request.Header.Set(fasthttp.HeaderXForwardedHost, targetURI.Host)
mock.Ctx.Request.Header.Set("X-Forwarded-Uri", targetURI.Path)
mock.Ctx.Request.Header.Set("X-Forwarded-URI", targetURI.Path)
mock.Ctx.Request.Header.Set(fasthttp.HeaderAccept, "text/html; charset=utf-8")
authz.Handler(mock.Ctx)
@ -613,7 +613,7 @@ func (s *LegacyAuthzSuite) TestShouldHandleInvalidURLForCVE202132637() {
mock.Ctx.Request.Header.Set("X-Forwarded-Method", method)
mock.Ctx.Request.Header.SetBytesKV([]byte(fasthttp.HeaderXForwardedProto), tc.scheme)
mock.Ctx.Request.Header.SetBytesKV([]byte(fasthttp.HeaderXForwardedHost), tc.host)
mock.Ctx.Request.Header.Set("X-Forwarded-Uri", tc.path)
mock.Ctx.Request.Header.Set("X-Forwarded-URI", tc.path)
mock.Ctx.Request.Header.Set(fasthttp.HeaderAccept, "text/html; charset=utf-8")
authz.Handler(mock.Ctx)

2
internal/middlewares/authelia_context.go
View File

@ -177,7 +177,7 @@ func (ctx *AutheliaCtx) GetXForwardedHost() (host []byte) {
return host
}
// XForwardedURI returns the content of the X-Forwarded-Uri header.
// XForwardedURI returns the content of the X-Forwarded-URI header.
func (ctx *AutheliaCtx) XForwardedURI() (host []byte) {
return ctx.Request.Header.PeekBytes(headerXForwardedURI)
}

2
internal/server/template_test.go
View File

@ -71,7 +71,7 @@ func TestShouldTemplateOpenAPI(t *testing.T) {
mock.Ctx.Request.Header.Set(fasthttp.HeaderXForwardedProto, "https")
mock.Ctx.Request.Header.Set(fasthttp.HeaderXForwardedHost, "example.com")
mock.Ctx.Request.Header.Set("X-Forwarded-Uri", "/api/openapi.yml")
mock.Ctx.Request.Header.Set("X-Forwarded-URI", "/api/openapi.yml")
handler(mock.Ctx)

2
internal/suites/example/compose/envoy/docker-compose.yml
View File

@ -2,7 +2,7 @@
version: '3'
services:
envoy:
image: envoyproxy/envoy:v1.25.5
image: envoyproxy/envoy:v1.26.0
volumes:
- ./example/compose/envoy/envoy.yaml:/etc/envoy/envoy.yaml
- ./common/pki:/pki

22
web/package.json
View File

@ -23,14 +23,14 @@
"@fortawesome/free-solid-svg-icons": "6.4.0",
"@fortawesome/react-fontawesome": "0.2.0",
"@mui/icons-material": "5.11.16",
"@mui/material": "5.12.0",
"@mui/material": "5.12.1",
"@mui/styles": "5.12.0",
"@simplewebauthn/browser": "7.2.0",
"@simplewebauthn/typescript-types": "7.0.0",
"axios": "1.3.5",
"axios": "1.3.6",
"broadcast-channel": "5.0.3",
"classnames": "2.3.2",
"i18next": "22.4.14",
"i18next": "22.4.15",
"i18next-browser-languagedetector": "7.0.1",
"i18next-http-backend": "2.2.0",
"qrcode.react": "3.1.0",
@ -77,16 +77,16 @@
"@limegrass/eslint-plugin-import-alias": "1.0.6",
"@testing-library/jest-dom": "5.16.5",
"@testing-library/react": "14.0.0",
"@types/node": "18.15.11",
"@types/react": "18.0.35",
"@types/node": "18.15.13",
"@types/react": "18.0.37",
"@types/react-dom": "18.0.11",
"@types/testing-library__jest-dom": "5.14.5",
"@types/zxcvbn": "4.4.1",
"@typescript-eslint/eslint-plugin": "5.58.0",
"@typescript-eslint/parser": "5.58.0",
"@vitejs/plugin-react": "3.1.0",
"@typescript-eslint/eslint-plugin": "5.59.0",
"@typescript-eslint/parser": "5.59.0",
"@vitejs/plugin-react": "4.0.0",
"@vitest/coverage-istanbul": "0.30.1",
"esbuild": "0.17.16",
"esbuild": "0.17.17",
"eslint": "8.38.0",
"eslint-config-prettier": "8.8.0",
"eslint-config-react-app": "7.0.1",
@ -97,12 +97,12 @@
"eslint-plugin-prettier": "4.2.1",
"eslint-plugin-react": "7.32.2",
"eslint-plugin-react-hooks": "4.6.0",
"happy-dom": "9.7.1",
"happy-dom": "9.8.4",
"husky": "8.0.3",
"prettier": "2.8.7",
"react-test-renderer": "18.2.0",
"typescript": "5.0.4",
"vite": "4.2.1",
"vite": "4.3.1",
"vite-plugin-eslint": "1.8.1",
"vite-plugin-istanbul": "4.0.1",
"vite-plugin-svgr": "2.4.0",

531
web/pnpm-lock.yaml
View File

File diff suppressed because it is too large Load Diff