RPJosh
/
authelia
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
3,577 Commits
27 Branches
187 Tags
61 MiB
Commit Graph

720 Commits (133f1626ab498e5ef5813012c1952aaf83e7bccd)

Author SHA1 Message Date
James Elliott 133f1626ab
Merge remote tracking branch 'origin/master' into feat-settings-ui 2022-11-30 10:00:33 +11:00
James Elliott 3e4ac7821d
refactor: remove pre1 migration path (#4356) 
This removes pre1 migrations and improves a lot of tooling.
 2022-11-25 23:44:55 +11:00
James Elliott e1f9718e17
fix(configuration): max tls ver not correctly derived (#4428) 
This fixes an issue where the maximum version if unset is derived from the minimum version erroneously.

Fixes #4425
 2022-11-24 20:32:57 +11:00
James Elliott 203cb19c2f
fix(configuration): missing warning about session domain (#4417) 
This adds some helpful configuration warnings and fixes a few misconfiguration issues.
 2022-11-24 10:16:23 +11:00
renovate[bot] 66807b5a8c
build(deps): update alpine docker tag to v3.17.0 (#4422) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2022-11-23 00:58:19 +00:00
James Elliott c481ac86bb
fix(configuration): valid oidc redirect uris not accepted (#4410) 
This fixes an issue where redirect URIs which may be valid are rejected by the configuration validator. This will instead allow the OpenID Connect 1.0 flows to validate them individually.
 2022-11-21 11:52:27 +11:00
James Elliott 5d1b840e2b
refactor: merge master and fix missing rebinds (#4404) 
* build(deps): update module github.com/jackc/pgx/v5 to v5.1.0 (#4365)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* docs: add smkent as a contributor for code, design, and ideas (#4367)

* update README.md

* update .all-contributorsrc

Co-authored-by: allcontributors[bot] <46447321+allcontributors[bot]@users.noreply.github.com>

* build(deps): update module github.com/ory/fosite to v0.43.0 (#4269)

This updates fosite and refactors our usage out of compose.

* refactor(cmd): restrict bootstrap pnpm tasks to dev environment (#4370)

* build(deps): update alpine docker tag to v3.16.3 (#4362)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* build(deps): update module github.com/ory/x to v0.0.514 (#4368)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* refactor: sql formatting (#4371)

* refactor: sql spacing

* refactor editor config

* docs: clarify cloudflare docs (#4373)

* build(deps): update dependency @types/react-dom to v18.0.9 (#4379)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* build(deps): update typescript-eslint monorepo to v5.43.0 (#4380)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* build(deps): update dependency @types/jest to v29.2.3 (#4381)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* build(deps): update dependency esbuild to v0.15.14 (#4383)

* build(deps): update material-ui monorepo to v5.10.14 (#4385)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* build(deps): update dependency vite to v3.2.4 (#4386)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* build(deps): update font awesome to v6.2.1 (#4389)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* build(deps): update dependency typescript to v4.9.3 (#4390)

* docs: adjust issue templates (#4391)

* docs: adjust issue templates

* docs: adjust wording

* build(deps): update dependency jest-watch-typeahead to v2.2.1 (#4392)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* build(deps): update dependency i18next to v22.0.6 (#4395)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* build(deps): update github.com/duosecurity/duo_api_golang digest to 091daa0 (#4396)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* build(deps): update traefik docker tag to v2.9.5 (#4398)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* build(deps): update module github.com/jackc/pgx/v5 to v5.1.1 (#4400)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* build(deps): update mariadb docker tag to v10.10.2 (#4399)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* build(deps): update dependency eslint-plugin-react to v7.31.11 (#4401)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* build(deps): update dependency eslint to v8.28.0 (#4402)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* fix(storage): schema inconsistency (#4262)

* fix: missing pg rebinds

* fix: refactoring issues

* fix: refactoring issues

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: allcontributors[bot] <46447321+allcontributors[bot]@users.noreply.github.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
 2022-11-19 17:42:03 +11:00
Stephen Kent 2584e3d328
feat: move webauthn device enrollment flow to new settings ui (#4376) 
The current 2-factor authentication method registration flow requires
email verification for both initial 2FA registration, and 2FA
re-registration even if the user is already logged in with 2FA.

This change removes email ID verification for users who are already
logged in with 2-factor authentication. Users who have only completed
first factor authentication (password) are still required to complete
email ID verification.
 2022-11-19 16:48:47 +11:00
James Elliott 194d34106e
fix(storage): schema inconsistency (#4262) 2022-11-19 16:47:09 +11:00
renovate[bot] 47b78f2272
build(deps): update mariadb docker tag to v10.10.2 (#4399) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2022-11-18 10:50:47 +00:00
renovate[bot] a4d9d488b1
build(deps): update traefik docker tag to v2.9.5 (#4398) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2022-11-18 01:29:38 +00:00
James Elliott ff26673659
feat: better menu matching and overview page (#4384) 2022-11-15 19:26:09 +11:00
James Elliott 164fc5e80d
feat: settings i18n [skip test] (#4372) 2022-11-14 14:49:34 +11:00
James Elliott 1a1b85489c
feat: settings ui device details (#4369) 
This adds details to the settings ui.
 2022-11-14 13:19:18 +11:00
James Elliott 36dbc96b14
refactor: sql formatting (#4371) 
* refactor: sql spacing

* refactor editor config
 2022-11-14 12:54:30 +11:00
renovate[bot] 3574d8ab17
build(deps): update alpine docker tag to v3.16.3 (#4362) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2022-11-13 12:26:20 +00:00
Stephen Kent 92b3a5804b
feat: provide webauthn device description from frontend on registration (#4363) 2022-11-13 18:59:21 +11:00
James Elliott ad68f33aeb
build(deps): update module github.com/ory/fosite to v0.43.0 (#4269) 
This updates fosite and refactors our usage out of compose.
 2022-11-13 14:26:10 +11:00
James Elliott 9b66bb4fe2
Merge remote-tracking branch 'origin/master' into feat-settings-ui 
# Conflicts:
#	internal/model/webauthn.go
 2022-11-13 09:19:22 +11:00
renovate[bot] 909deafeba
build(deps): update mariadb docker tag to v10.9.4 (#4355) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2022-11-11 07:20:15 +00:00
James Elliott 02920c18be
refactor: few misc issues (#4330) 2022-11-04 22:24:10 +11:00
James Elliott e97a848600
refactor: ldap filter (#4329) 2022-11-04 13:42:28 +11:00
James Elliott 500410fac3
refactor(commands): include rfc3986 charset (#4328) 
This includes the RFC3986 unreserved charset as an option, and allows the '-upper' and '-lower' suffix for alphabetic inclusive charsets.
 2022-11-04 11:32:49 +11:00
renovate[bot] 1e057819f2
build(deps): update golang docker tag to v1.19.3 (#4316) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2022-11-02 03:42:08 +00:00
James Elliott 5a23df4544
refactor: uuid parse bytes (#4311) 
Use ParseBytes instead since it supports a byte encoded string.
 2022-11-01 10:31:13 +11:00
James Elliott 6b2f713e10
fix(configuration): certificate_chains can't be defined as secrets (#4302) 
This fixes an issue where certificate_chain values can't be defined as secrets. While not expressly needed for certificates, it's more convenient and less prone to error than defining a environment variable with the contents.
 2022-10-31 11:52:14 +11:00
Clément Michaud a69ba22f46 feat: implement a ui for supporting multiple u2f devices 2022-10-30 09:52:49 +01:00
renovate[bot] db9de7b5a4
build(deps): update traefik docker tag to v2.9.4 (#4286) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
 2022-10-29 17:00:46 +11:00
James Elliott a048ab6d47
fix(authentication): erroneously escaped group base dn (#4288) 
The BaseDN for groups was escaped improperly and failed on any BaseDN with special characters. This fixes the issue.
 2022-10-28 20:21:43 +11:00
James Elliott a283fda6d6
fix(oidc): handle authorization post requests (#4270) 
This fixes an issue where the authorization endpoint was not handling post requests as per the specification. It also fixes the missing CORS middleware on the authorization endpoint.
 2022-10-26 19:14:43 +11:00
James Elliott dfd196460f
refactor: close database connections on shutdown (#4255) 
This explicitly closes the database connection during shutdown.
 2022-10-25 16:12:42 +11:00
James Elliott 53c1b645ee
fix(storage): postgresql default port incorrect (#4251) 
This fixes a typo with the default port for PostgreSQL in 4.37.

Fixes #4249
 2022-10-24 06:09:38 +11:00
James Elliott 6654fd6130
refactor: update users_database examples (#4240) 2022-10-23 08:12:16 +11:00
James Elliott e3d82bcfa0
refactor: fix misc alignment issues and gen (#4239) 2022-10-23 07:42:19 +11:00
James Elliott 00ab279336
refactor: csp gen (#4163) 
Generator for CSP.
 2022-10-22 22:19:32 +11:00
James Elliott 69c4c02d03
feat(storage): tls connection support (#4233) 
This adds support to PostgreSQL and MySQL to connect via TLS via the standard TLS configuration options.
 2022-10-22 19:27:59 +11:00
James Elliott 1ea29cb2c2
feat(storage): unix socket support (#4231) 
Support for unix sockets for MySQL and PostgreSQL.
 2022-10-22 16:41:27 +11:00
James Elliott 1d821a0d3a
fix(storage): mysql timestamp parsed incorrectly (#4230) 
The timestamps in MySQL were not being parsed correctly. The driver treats all timestamp and datetime objects the same which is not correct.
 2022-10-22 15:25:12 +11:00
renovate[bot] 4611636b2b
build(deps): update node.js to v19 (#4203) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
 2022-10-21 20:34:44 +11:00
James Elliott 5c981e7603
feat(configuration): comment unnecessary template lines (#4222) 
This adjusts the default configuration to mostly include commented configuration.
 2022-10-21 20:17:30 +11:00
James Elliott 9532823a99
feat(configuration): mtls clients (#4221) 
This implements mTLS support for LDAP, Redis, and SMTP. Specified via the tls.certificate_chain and tls.private_key options.

Closes #4044
 2022-10-21 19:41:33 +11:00
James Elliott 3113ec2b80
feat(commands): random character generator (#4213) 
This improves all random character generator command usages to be nearly identical and reuse a large block of code. It also improves several functions to give more options when randomly generating outputs.
 2022-10-21 07:41:46 +11:00
James Elliott 248f1d49d4
feat(oidc): hashed client secrets (#4026) 
Allow use of hashed OpenID Connect client secrets.
 2022-10-20 14:21:45 +11:00
James Elliott 3aaca0604f
feat(oidc): implicit consent (#4080) 
This adds multiple consent modes to OpenID Connect clients. Specifically it allows configuration of a new consent mode called implicit which never asks for user consent.
 2022-10-20 13:16:36 +11:00
renovate[bot] 395d81e72a
build(deps): update envoyproxy/envoy docker tag to v1.24.0 (#4208) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2022-10-20 10:28:27 +11:00
James Elliott 24e41aed84
feat(commands): add webauthn device commands (#3671) 2022-10-19 18:17:55 +11:00
James Elliott 52102eea8c
feat(authorization): query parameter filtering (#3990) 
This allows for advanced filtering of the query parameters in ACL's.

Closes #2708
 2022-10-19 14:09:22 +11:00
renovate[bot] 47d18b462a
build(deps): update envoyproxy/envoy docker tag to v1.23.2 (#4201) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2022-10-19 08:32:32 +11:00
James Elliott a4edf21320
fix(authorization): subject wildcard domain rule not matching (#4187) 
This fixes an issue where the subject wildcard domain rules (those containing {user} and {group}) are not considered matches even though they may be once a user authenticates.

Fixes #4186
 2022-10-18 19:14:34 +11:00
James Elliott a0b2e78e5d
feat(authentication): file case-insensitive and email search (#4194) 
This allows both case-insensitive and email searching for the file auth provider.

Closes #3383
 2022-10-18 11:57:08 +11:00