James Elliott
ad68f33aeb
build(deps): update module github.com/ory/fosite to v0.43.0 ( #4269 )
...
This updates fosite and refactors our usage out of compose.
2022-11-13 14:26:10 +11:00
renovate[bot]
909deafeba
build(deps): update mariadb docker tag to v10.9.4 ( #4355 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-11-11 07:20:15 +00:00
James Elliott
02920c18be
refactor: few misc issues ( #4330 )
2022-11-04 22:24:10 +11:00
James Elliott
e97a848600
refactor: ldap filter ( #4329 )
2022-11-04 13:42:28 +11:00
James Elliott
500410fac3
refactor(commands): include rfc3986 charset ( #4328 )
...
This includes the RFC3986 unreserved charset as an option, and allows the '-upper' and '-lower' suffix for alphabetic inclusive charsets.
2022-11-04 11:32:49 +11:00
renovate[bot]
1e057819f2
build(deps): update golang docker tag to v1.19.3 ( #4316 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-11-02 03:42:08 +00:00
James Elliott
5a23df4544
refactor: uuid parse bytes ( #4311 )
...
Use ParseBytes instead since it supports a byte encoded string.
2022-11-01 10:31:13 +11:00
James Elliott
6b2f713e10
fix(configuration): certificate_chains can't be defined as secrets ( #4302 )
...
This fixes an issue where certificate_chain values can't be defined as secrets. While not expressly needed for certificates, it's more convenient and less prone to error than defining a environment variable with the contents.
2022-10-31 11:52:14 +11:00
renovate[bot]
db9de7b5a4
build(deps): update traefik docker tag to v2.9.4 ( #4286 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2022-10-29 17:00:46 +11:00
James Elliott
a048ab6d47
fix(authentication): erroneously escaped group base dn ( #4288 )
...
The BaseDN for groups was escaped improperly and failed on any BaseDN with special characters. This fixes the issue.
2022-10-28 20:21:43 +11:00
James Elliott
a283fda6d6
fix(oidc): handle authorization post requests ( #4270 )
...
This fixes an issue where the authorization endpoint was not handling post requests as per the specification. It also fixes the missing CORS middleware on the authorization endpoint.
2022-10-26 19:14:43 +11:00
James Elliott
dfd196460f
refactor: close database connections on shutdown ( #4255 )
...
This explicitly closes the database connection during shutdown.
2022-10-25 16:12:42 +11:00
James Elliott
53c1b645ee
fix(storage): postgresql default port incorrect ( #4251 )
...
This fixes a typo with the default port for PostgreSQL in 4.37.
Fixes #4249
2022-10-24 06:09:38 +11:00
James Elliott
6654fd6130
refactor: update users_database examples ( #4240 )
2022-10-23 08:12:16 +11:00
James Elliott
e3d82bcfa0
refactor: fix misc alignment issues and gen ( #4239 )
2022-10-23 07:42:19 +11:00
James Elliott
00ab279336
refactor: csp gen ( #4163 )
...
Generator for CSP.
2022-10-22 22:19:32 +11:00
James Elliott
69c4c02d03
feat(storage): tls connection support ( #4233 )
...
This adds support to PostgreSQL and MySQL to connect via TLS via the standard TLS configuration options.
2022-10-22 19:27:59 +11:00
James Elliott
1ea29cb2c2
feat(storage): unix socket support ( #4231 )
...
Support for unix sockets for MySQL and PostgreSQL.
2022-10-22 16:41:27 +11:00
James Elliott
1d821a0d3a
fix(storage): mysql timestamp parsed incorrectly ( #4230 )
...
The timestamps in MySQL were not being parsed correctly. The driver treats all timestamp and datetime objects the same which is not correct.
2022-10-22 15:25:12 +11:00
renovate[bot]
4611636b2b
build(deps): update node.js to v19 ( #4203 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2022-10-21 20:34:44 +11:00
James Elliott
5c981e7603
feat(configuration): comment unnecessary template lines ( #4222 )
...
This adjusts the default configuration to mostly include commented configuration.
2022-10-21 20:17:30 +11:00
James Elliott
9532823a99
feat(configuration): mtls clients ( #4221 )
...
This implements mTLS support for LDAP, Redis, and SMTP. Specified via the tls.certificate_chain and tls.private_key options.
Closes #4044
2022-10-21 19:41:33 +11:00
James Elliott
3113ec2b80
feat(commands): random character generator ( #4213 )
...
This improves all random character generator command usages to be nearly identical and reuse a large block of code. It also improves several functions to give more options when randomly generating outputs.
2022-10-21 07:41:46 +11:00
James Elliott
248f1d49d4
feat(oidc): hashed client secrets ( #4026 )
...
Allow use of hashed OpenID Connect client secrets.
2022-10-20 14:21:45 +11:00
James Elliott
3aaca0604f
feat(oidc): implicit consent ( #4080 )
...
This adds multiple consent modes to OpenID Connect clients. Specifically it allows configuration of a new consent mode called implicit which never asks for user consent.
2022-10-20 13:16:36 +11:00
renovate[bot]
395d81e72a
build(deps): update envoyproxy/envoy docker tag to v1.24.0 ( #4208 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-10-20 10:28:27 +11:00
James Elliott
24e41aed84
feat(commands): add webauthn device commands ( #3671 )
2022-10-19 18:17:55 +11:00
James Elliott
52102eea8c
feat(authorization): query parameter filtering ( #3990 )
...
This allows for advanced filtering of the query parameters in ACL's.
Closes #2708
2022-10-19 14:09:22 +11:00
renovate[bot]
47d18b462a
build(deps): update envoyproxy/envoy docker tag to v1.23.2 ( #4201 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-10-19 08:32:32 +11:00
James Elliott
a4edf21320
fix(authorization): subject wildcard domain rule not matching ( #4187 )
...
This fixes an issue where the subject wildcard domain rules (those containing {user} and {group}) are not considered matches even though they may be once a user authenticates.
Fixes #4186
2022-10-18 19:14:34 +11:00
James Elliott
a0b2e78e5d
feat(authentication): file case-insensitive and email search ( #4194 )
...
This allows both case-insensitive and email searching for the file auth provider.
Closes #3383
2022-10-18 11:57:08 +11:00
James Elliott
d610874be4
feat(authentication): disabled users in yaml file ( #4193 )
...
Allows setting users as disabled.
2022-10-18 09:10:53 +11:00
James Elliott
84cb457cb0
feat(authentication): file provider hot reload ( #4188 )
...
This adds hot reloading to the file auth provider.
2022-10-17 22:31:23 +11:00
James Elliott
3a70f6739b
feat(authentication): file password algorithms ( #3848 )
...
This adds significant enhancements to the file auth provider including multiple additional algorithms.
2022-10-17 21:51:59 +11:00
James Elliott
8eadf72dc7
docs: rule matching concepts ( #4154 )
...
* docs: rule matching concepts
* docs: add named regex note
* docs: adjust wording
* docs: expand match table
* docs: simplify
* docs: fix link
* docs: fix link
2022-10-16 14:11:43 +11:00
renovate[bot]
c6e1197750
build(deps): update postgres docker tag to v15 ( #4182 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-10-15 11:51:02 +11:00
renovate[bot]
b3abccc034
build(deps): update caddy docker tag to v2.6.2 ( #4177 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-10-14 15:22:37 +11:00
James Elliott
3107e493e7
refactor: adjust defaults ( #4137 )
...
* refactor: adjust defaults
* refactor: adjust level
* refactor: adjust level
* refactor: fix templates
2022-10-07 13:52:01 +11:00
renovate[bot]
998856b47c
build(deps): update golang docker tag to v1.19.2 ( #4129 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-10-05 18:36:00 +11:00
James Elliott
dc79c8ea59
refactor: any ( #4133 )
...
* refactor: any
* refactor: fix test
2022-10-05 16:05:23 +11:00
renovate[bot]
ff0ed6fa22
build(deps): update traefik docker tag to v2.9.1 ( #4126 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-10-04 03:13:03 +00:00
James Elliott
3f39914c8f
refactor: private key decoding and generators ( #4116 )
2022-10-03 11:52:29 +11:00
James Elliott
32bd2eba60
test(suites): use iss cert ( #4114 )
2022-10-02 16:19:26 +11:00
Manuel Nuñez
c8fa19e6bd
feat(notification): add disable_starttls option ( #3855 )
...
This adds a boolean option to SMTP which disables StartTLS for SMTP servers that ignore standards.
2022-10-02 13:51:19 +11:00
James Elliott
6810c91d34
feat(oidc): issuer jwk certificates ( #3989 )
...
This allows for JWKs to include certificate information, either signed via Global PKI, Enterprise PKI, or self-signed.
2022-10-02 13:07:40 +11:00
James Elliott
66ea374227
feat(authentication): permit feature detection failures ( #4061 )
...
This adds a configuration option which permits the failure of feature detection (control type OIDs and extension OIDs).
2022-10-02 07:44:18 +11:00
renovate[bot]
56b6fd615b
build(deps): update envoyproxy/envoy docker tag to v1.23.1 ( #4112 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-10-01 14:59:21 +00:00
James Elliott
ed7092c59a
feat: envoy support ( #3793 )
...
Adds support for Envoy and Istio using the X-Authelia-URL header. The documentation will be published just before the release.
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2022-10-01 21:47:09 +10:00
renovate[bot]
fea3bd108b
build(deps): update traefik docker tag to v2.8.8 ( #4109 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-10-01 06:53:57 +10:00
James Elliott
61943f6986
test(notification): unit testing for mime characteristics ( #4092 )
...
* test: unit testing for mime characteristics
* test: improve reliability
* test: improve readability
2022-09-27 11:12:18 +10:00
James Elliott
8cdf4a5624
fix(authorization): regex subj doesn't redirect anon user ( #4037 )
...
This fixes an issue with the authorization policies where if the Domain Regex or Resources criteria would incorrectly return 403 Forbidden statuses instead of 302 Found statuses.
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2022-09-26 14:33:08 +10:00
renovate[bot]
d8f8f74dce
build(deps): update module github.com/go-rod/rod to v0.111.0 ( #4056 )
...
* build(deps): update module github.com/go-rod/rod to v0.111.0
* fix(suites): update click to include click count
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2022-09-26 13:10:37 +10:00
Amir Zarrinkafsh
e3f5a574fe
build: add container labels and annotations ( #4071 )
...
This adds a new helper which retrieves the build metadata, uses it to generate container labels, and refactors XFlags uses to utilize the same machinery.
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2022-09-26 10:05:59 +10:00
renovate[bot]
c832515192
build(deps): update traefik docker tag to v2.8.7 ( #4058 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2022-09-24 12:31:43 +10:00
James Elliott
b25578392f
i18n: update translations ( #4053 )
2022-09-24 08:27:10 +10:00
renovate[bot]
31e1ca6b59
build(deps): update haproxy docker tag to v2.6.6 ( #4051 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-09-23 20:00:17 +10:00
renovate[bot]
d6a30baef0
build(deps): update caddy docker tag to v2.6.1 ( #4049 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-09-23 09:51:18 +10:00
renovate[bot]
f5baf2ea1a
build(deps): update caddy docker tag to v2.6.0 ( #4042 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-09-21 12:57:47 +10:00
renovate[bot]
8cf290a1df
build(deps): update mariadb docker tag to v10.9.3 ( #4041 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-09-21 12:37:27 +10:00
James Elliott
c756c7b67b
i18n: update translations ( #3972 )
2022-09-16 15:01:22 +10:00
James Elliott
9c72bc8977
ci: gen github tmpl locales and commitlint ( #3759 )
...
This adds several automatic generators for Authelia docs etc.
2022-09-16 14:21:05 +10:00
James Elliott
15110b732a
fix(server): i18n etags missing ( #3973 )
...
This fixes missing etags from locales assets.
2022-09-16 11:19:16 +10:00
renovate[bot]
d08dcb31d4
build(deps): update traefik docker tag to v2.8.5 ( #4008 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-09-14 15:57:16 +10:00
James Elliott
d7fd9ca506
refactor(logging): implement common interfaces ( #3994 )
...
This implements and leverages some common library logging interfaces.
2022-09-10 18:02:57 +10:00
renovate[bot]
a02fd4b5bc
build(deps): update haproxy docker tag to v2.6.5 ( #3982 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-09-08 13:55:30 +10:00
renovate[bot]
cd8b2d22c6
build(deps): update golang docker tag to v1.19.1 ( #3978 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-09-07 09:18:07 +10:00
James Elliott
cd9bfe3f90
fix(web): i18n explicit lang ignored ( #3961 )
...
This fixes an issue where explicit languages such as nl-NL, pt-PT, zh-CH, and zh-TW are ignored even though they're supported.
2022-09-06 09:09:33 +10:00
James Elliott
9c5a8b77aa
i18n: update translations for portal.json (chinese simplified) ( #3962 )
2022-09-06 06:08:05 +10:00
renovate[bot]
48eb9a8ac3
build(deps): update traefik docker tag to v2.8.4 ( #3945 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2022-09-05 09:54:51 +10:00
Manuel Nuñez
ca85992ac6
fix(handlers): verify handler ( #3956 )
...
When an anonymous user tries to access a forbidden resource with no subject, we should response with 403.
Fixes #3084
2022-09-05 08:21:30 +10:00
James Elliott
6cc182de08
fix(commands): potential nil ptr error on shutdown ( #3947 )
2022-09-04 22:26:03 +10:00
James Elliott
2325031052
refactor: clean up uri checking functions ( #3943 )
2022-09-03 11:51:02 +10:00
James Elliott
84f9e0c021
fix(configuration): incorrect deprecated version ( #3935 )
2022-09-01 12:44:53 +10:00
James Elliott
f17268ee80
docs: remove cobra auto gen tags ( #3937 )
2022-09-01 12:24:47 +10:00
James Elliott
305619f324
i18n: update translation for portal.json (portuguese) ( #3932 )
2022-09-01 06:22:22 +10:00
James Elliott
319a8cf9d4
fix(notification): text emails not encoded properly ( #3854 )
...
This fixes an issue where the plain text portion of emails is not encoded with quoted printable encoding.
2022-08-27 07:39:20 +10:00
renovate[bot]
f690324e94
build(deps): update mariadb docker tag to v10.9.2 ( #3881 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-08-24 15:45:17 +10:00
renovate[bot]
29faf53a05
build(deps): update haproxy docker tag to v2.6.4 ( #3873 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-08-23 12:48:11 +10:00
renovate[bot]
ec7d9e2350
build(deps): update haproxy docker tag to v2.6.3 ( #3865 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-08-20 12:01:24 +10:00
renovate[bot]
7dc03f7f7c
build(deps): update traefik docker tag to v2.8.3 ( #3836 )
2022-08-14 21:22:34 +10:00
renovate[bot]
6adcb3e24d
build(deps): update traefik docker tag to v2.8.2 ( #3828 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-08-12 10:44:26 +10:00
renovate[bot]
c9f355bed9
build(deps): update dependency alpine to v3.16.2 ( #3820 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-08-10 10:03:03 +10:00
James Elliott
0f64618cb6
i18n: update translations ( #3699 )
2022-08-09 10:35:33 +10:00
James Elliott
342497a869
refactor(server): use errgroup to supervise services ( #3755 )
...
Uses the errgroup package and pattern for supervising services like servers etc.
2022-08-09 07:50:12 +10:00
James Elliott
9c00104cb2
fix(utils): domain suffix improperly checked ( #3799 )
2022-08-07 21:13:56 +10:00
Amir Zarrinkafsh
2d26b4e115
refactor: fix linter directives for go 1.19 and golangci-lint 1.48.0 ( #3798 )
2022-08-07 11:24:00 +10:00
renovate[bot]
e5b5930bf9
build(deps): update dependency golang to v1.19.0 ( #3783 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-08-03 18:24:35 +10:00
renovate[bot]
1eff10b891
build(deps): update dependency golang to v1.18.5 ( #3778 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-08-02 07:06:38 +10:00
James Elliott
b2cbcf3913
fix(handlers): consent session prevents standard flow ( #3668 )
...
This fixes an issue where consent sessions prevent the standard workflow.
2022-07-26 15:43:39 +10:00
James Elliott
f12346e39c
fix(server): missing cache-control header ( #3737 )
...
This fixes a missing cache control header.
Fixes #3732 .
2022-07-25 20:43:50 +10:00
renovate[bot]
db53b32877
build(deps): update dependency haproxy to v2.6.2 ( #3735 )
2022-07-23 12:24:06 +10:00
Amir Zarrinkafsh
e5d62191ca
refactor(utils): remove unused linter rule ( #3731 )
2022-07-23 07:59:14 +10:00
renovate[bot]
88b80ac38f
build(deps): update dependency alpine to v3.16.1 ( #3723 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-07-19 11:52:10 +10:00
James Elliott
f55082d4db
fix(authorization): final slash in url matches ignored ( #3717 )
...
This fixes an issue with the URL matching machinery which ignores the final slash of a URL. Introduced in 664d65d7fb
.
Fixes #3692
2022-07-18 14:59:13 +10:00
James Elliott
df016be29e
fix(notification): incorrect date header format ( #3684 )
...
* fix(notification): incorrect date header format
The date header in the email envelopes was incorrectly formatted missing a space between the `Date:` header and the value of this header. This also refactors the notification templates system allowing people to manually override the envelope itself.
* test: fix tests and linting issues
* fix: misc issues
* refactor: misc refactoring
* docs: add example for envelope with message id
* refactor: organize smtp notifier
* refactor: move subject interpolation
* refactor: include additional placeholders
* docs: fix missing link
* docs: gravity
* fix: rcpt to command
* refactor: remove mid
* refactor: apply suggestions
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
* refactor: include pid
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2022-07-18 10:56:09 +10:00
renovate[bot]
f77e386b82
build(deps): update dependency caddy to v2.5.2 ( #3696 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-07-14 11:30:01 +10:00
James Elliott
7d170f09b4
fix(commands): acl check panic on decode failure ( #3697 )
...
This fixes an issue with the authelia access-control check-policy command which potentially panics when a decode hook fails to parse an item.
2022-07-13 17:22:42 +10:00
renovate[bot]
1d5469de43
build(deps): update dependency golang to v1.18.4 ( #3695 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-07-13 11:06:14 +10:00
renovate[bot]
a75d7bf6e5
build(deps): update dependency traefik to v2.8.1 ( #3688 )
2022-07-12 11:36:12 +10:00
James Elliott
55e03e2e32
docs: fix ntp inconsistency ( #3686 )
2022-07-11 23:29:10 +10:00