diff --git a/AUTHELIA-V4.md b/AUTHELIA-V4.md deleted file mode 100644 index dec4ed3dc..000000000 --- a/AUTHELIA-V4.md +++ /dev/null @@ -1,40 +0,0 @@ -# Authelia v4 - -Authelia has been rewritten in Go for better code maintainability and for performance and security reasons. - -The principles stay the same, Authelia is still an authenticating and authorizing proxy. Some major changes have been made though so -that the system is more reliable overall. - -Majors changes: -* The configuration mostly remained the same, only one major key has been added: `jwt_secret` and one key removed: `secure` from the -SMTP notifier as the Go SMTP library default to TLS if available. -* The local storage used for dev purpose was a `nedb` database which was implementing the same interface -as mongo but was not really standard. It has been replaced by a good old sqlite3 database. -* The model of the database is not compatible with v3. This has been decided to better fit with Golang libraries. -* Some features have been upgraded such as U2F in order to use the latest security features available like allowing device cloning detection. -* Furthermore, a top-notch web server implementation (fasthttp) has been selected to allow a large performance gain in order to use Authelia in demanding environments. - - -## Migration from v3 to v4 - -Please note that the migration is breaking the configuration and the data model. Therefore the actions proposed (as of now) to do the migration will make you lose previously registered devices that you'll need to register again in v4. - -### Automatic Steps - -Since v4 is in beta phase, manual steps are provided for those who are ready to lose their configuration or bootstrap a new instance. -However a migration script will be provided later on. Help for writing this script will be welcome by the way. - -### Manual Steps - -* Add the `jwt_secret` key in the configuration along with the value of the secret. This secret is used to generate expirable JWT tokens -for operations requiring identity validation. -* Remove the `secure` key of your SMTP notifier configuration as the Go implementation of the SMTP library uses TLS by default if available. -* Make sure users and groups filter in the LDAP configuration have outer parenthesis. The standard format of LDAP filters always include outer -parenthesis. You can find some examples in the "Examples" section of the following document: https://social.technet.microsoft.com/wiki/contents/articles/5392.active-directory-ldap-syntax-filters.aspx - -#### If you were using the local storage -* Remove the directory of the storage (beware you will lose your previous configuration: U2F, TOTP devices). Replace the path with a path to a sqlite3 database, -it is the new standard way of storing data in Authelia. - -#### If you were using the mongo storage -* Flush your collections (beware you will lose your previous configuration: U2F, TOTP devices). New collections will be created by Authelia. diff --git a/BREAKING.md b/BREAKING.md index 6cb28caa5..49c514835 100644 --- a/BREAKING.md +++ b/BREAKING.md @@ -2,19 +2,49 @@ Breaking changes ================ Since Authelia is still under active development, it is subject to breaking changes. We then recommend you don't blindly use the latest -Docker image but pick a version instead and check this file before upgrading. This is where you will get information about breaking changes and about what you should do to overcome those changes. +Docker image but pick a version instead and read this documentation before upgrading. This is where you will get information about breaking +changes and about what you should do to overcome those changes. ## Breaking in v4.0.0 -Authelia has been rewritten in Go for better performance and reliability. +Authelia has been rewritten in Go for better code maintainability and for performance and security reasons. -### Model of U2F devices +The principles stay the same, Authelia is still an authenticating and authorizing proxy. Some major changes have been made though so +that the system is more reliable overall. This induced breaking the previous data model and the configuration to bring new features +but fortunately migration tools are provided to ease the task. -The model of U2F devices has been updated to better fit with the Go library handling U2F keys. +### Migration tools -### Removal of flag secure for SMTP notifier +An authelia-scripts command is provided to perform the data model migration from a local database +or a mongo database created by Authelia v3 into a target SQL database (sqlite3, mysql, postgres) +supported by Authelia v4. -The go library for sending e-mails automatically switch to TLS if possible according to https://golang.org/pkg/net/smtp/#SendMail. +Example of usage: + + # Migrate a local database into the targeted database defined in config-v4.yml + authelia-scripts migrate local --config=/path/to/config-v4.yml --db-path=/old/db/path + + # Migrate a mongo database into the targeted database defined in config-v4.yml + authelia-scripts migrate mongo --config=/path/to/config-v4.yml --url=mongodb://myuser:mypassword@mymongo:27017 --database=authelia + + +Those commands migrate TOTP secrets, U2F devices, authentication traces and user preferences so +that the migration is almost seamless for your users. + +The identity verification tokens are not migrated though since their format has changed. However they were +made to expire after a few minutes anyway. Consequently, the users who initiated a device registration process +which has not been completed before the migration will have to restart the device registration process for their +device. This is because their identity verification token will not be usable in v4. + +### Major changes in details: + +* The configuration mostly remained the same, only one major key has been added: `jwt_secret` and one key removed: `secure` from the +SMTP notifier as the Go SMTP library default to TLS if available. +* The local storage used for dev purpose was a `nedb` database which was implementing the same interface +as mongo but was not really standard. It has been replaced by a good old sqlite3 database. +* The model of the database is not compatible with v3. This has been decided to better fit with Golang libraries. +* Some features have been upgraded such as U2F in order to use the latest security features available like allowing device cloning detection. +* Furthermore, a top-notch web server implementation (fasthttp) has been selected to allow a large performance gain in order to use Authelia in demanding environments. ## Breaking in v3.14.0 diff --git a/CHANGELOG.md b/CHANGELOG.md index ca51d6a9a..0d92f067a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,9 +4,13 @@ Release Notes - Version 4.0.0 * config.yml should include a secret for jwt issuance and verification. * Models in database have been updated to better fit with the Go library. * The local storage has been replaced by a good old sqlite3 database. +* The mongo option for storing user preferences and device secrets has been deprecated in favor of SQL options: mysql and postgres. * The "secure" flag from the SMTP notifier configuration has been removed as TLS is used by default when available. * authelia-scripts tool has been rewritten in Go. -* Use pure implementation of crypt to avoid CGO and dependency to libc. +* Use pure implementation of crypt. +* Introduction of a "migrate" command to authelia-scripts to help migrating from v3 to v4. +* Authelia is built and available on Dockerhub in 3 flavors: amd64, arm32v7 and arm64v8. +* Introduction of suites in Go. Release Notes - Version 3.16.3 ------------------------------ diff --git a/README.md b/README.md index 8d519fa97..c1dced269 100644 --- a/README.md +++ b/README.md @@ -14,7 +14,7 @@ It acts as a companion of reverse proxies like [nginx] or [Traefik] by handling BREAKING NEWS: Authelia v4 release is coming soon! The new version is written in Go for reliability, performance and security improvements. It is currently available in beta in master. - Please read AUTHELIA-V4.md if you want to migrate from v3 to v4. But note that the data model migration is not automated yet. + Please read BREAKING.md if you want to migrate from v3 to v4. Otherwise, start fresh in v4 and enjoy!

diff --git a/cmd/authelia-scripts/cmd_bootstrap.go b/cmd/authelia-scripts/cmd_bootstrap.go index f16399671..89561ccf3 100644 --- a/cmd/authelia-scripts/cmd_bootstrap.go +++ b/cmd/authelia-scripts/cmd_bootstrap.go @@ -224,6 +224,7 @@ func Bootstrap(cobraCmd *cobra.Command, args []string) { bootstrapPrintln("Preparing /etc/hosts to serve subdomains of example.com...") prepareHostsFile() + fmt.Println() bootstrapPrintln("Run 'authelia-scripts suites setup Standalone' to start Authelia and visit https://home.example.com:8080.") bootstrapPrintln("More details at https://github.com/clems4ever/authelia/blob/master/docs/getting-started.md") }