Commit Graph

15 Commits (14ad07ffa2719e74178826da3072287ee8015a50)

Author SHA1 Message Date
James Elliott 8f05846e21
feat: webauthn (#2707)
This implements Webauthn. Old devices can be used to authenticate via the appid compatibility layer which should be automatic. New devices will be registered via Webauthn, and devices which do not support FIDO2 will no longer be able to be registered. At this time it does not fully support multiple devices (backend does, frontend doesn't allow registration of additional devices). Does not support passwordless.
2022-03-03 22:20:43 +11:00
Clément Michaud 100d598a0e
docs: add documentation about the logout endpoint (#2860)
fix #2859
2022-02-10 09:10:35 +11:00
Philipp Staiger 01b77384f9
feat(duo): multi device selection (#2137)
Allow users to select and save the preferred duo device and method, depending on availability in the duo account. A default enrollment URL is provided and adjusted if returned by the duo API. This allows auto-enrollment if enabled by the administrator.

Closes #594. Closes #1039.
2021-12-01 14:32:58 +11:00
Amir Zarrinkafsh 8685e095e9
fix(web): clarify 2fa informational message (#2451) 2021-10-07 10:54:48 +11:00
James Elliott 0da770d900
docs: misc fixes (#2186)
This fixes misc broken links in the docs as well as an invalid viewBox element.
2021-07-15 13:21:47 +10:00
James Elliott 08e674b62f
docs: refactor several areas of documentation (#1726)
Updated all links to use https://www.authelia.com/docs/.
Removed all comment sections from documented configuration on the documentation site and replaced them with their own sections.
Made all documentation inside config.template.yml double hashes, and made all commented configuration sections single quoted.
Added .yamllint.yaml to express our desired YAML styles.
Added a style guide.
Refactored many documentation areas to be 120 char widths where possible. It's by no means exhaustive but is a large start.
Added a statelessness guide for the pending Kubernetes chart introduction.
Added labels to configuration documentation and made many areas uniform.
2021-04-11 21:25:03 +10:00
ThinkChaos ba65a3db82
feat(handlers): authorization header switch via query param to /api/verify (#1563)
* [FEATURE] Add auth query param to /api/verify (#1353)

When `/api/verify` is called with `?auth=basic`, use the standard
Authorization header instead of Proxy-Authorization.

* [FIX] Better basic auth error reporting

* [FIX] Return 401 when using basic auth instead of redirecting

* [TESTS] Add tests for auth=basic query param

* [DOCS] Mention auth=basic argument and provide nginx example

* docs: add/adjust basic auth query arg docs for proxies

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-02-24 10:35:04 +11:00
Amir Zarrinkafsh 683c4a70bf
fix(web): improve 2fa enrollment process (#1706)
* refactor(web): improve 2fa enrollment process

This PR will change some of the wording and colours for the 2FA processes in order to provide more clarity and address some accessibility issues for end users.

The following is a summary of the changes:

* One-Time Password ⭢ Time-based One-Time Password
* Security Key ⭢ Security Key - U2F

![Screenshot_2021-02-02-09-36-17](https://user-images.githubusercontent.com/3339418/107138185-17656100-6967-11eb-8fac-9e75c7a82d09.png)


* QRCode ⭢ QR Code

![Screenshot_2021-02-07-05-07-25](https://user-images.githubusercontent.com/3339418/107138196-29df9a80-6967-11eb-811f-d77c9bb0159e.png)

* `Not registered yet?` text to display `Lost device?` if a user has already registered a device of said type

![Screenshot_2021-02-02-10-24-54](https://user-images.githubusercontent.com/3339418/107138205-395ee380-6967-11eb-8826-83e1438dd146.png)

* Change button and text colour in e-mails that Authelia generates
* Change Authelia email footer to be more security conscious

![Screenshot_2021-02-07-04-51-40](https://user-images.githubusercontent.com/3339418/107138211-4085f180-6967-11eb-890b-9d931bd1ce76.png)

The docs have also been updated to clarify the 2fa device enrollment limitation which only allows users to register one of each device type concurrently.

Closes #1560.
2021-02-12 16:59:42 +11:00
James Elliott 365304a684
[FEATURE] Add Optional Check for Session Username on VerifyGet (#1427)
* Adding the Session-Username header to the /api/verify endpoint when using cookie auth will check the value stored in the session store for the username and the header value are the same.
* use strings.EqualFold to compare case insensitively
* add docs
* add unit tests
* invalidate session if it is theoretically hijacked and log it as a warning (can only be determined if the header doesn't match the cookie)
* add example PAM script
* go mod tidy
* go mod bump to 1.15
2020-12-02 10:03:44 +11:00
Clément Michaud 85933dd25d
Document future possibility to use alternative 1FA methods. (#1000) 2020-05-10 07:46:28 +10:00
James Elliott b0b3d61954
[DOCS] Adjust yaml snippets and misc adjustments (#855)
* [DOCS] Adjust yaml snippets

* use two spaces
* use yaml syntax highlighting
* other misc uniformity changes
* fix misc grammar
* add responsible disclosure link

Co-Authored-By: Amir Zarrinkafsh <nightah@me.com>
2020-04-11 14:46:07 +10:00
Amir Zarrinkafsh f3fd79d731
[DOCS] Review all docs and adjust since the initial refactoring (#698)
* [DOCS] Review all docs and adjust since the initial refactoring

* [DOCS] Minor tweaks
2020-03-10 09:37:46 +11:00
James Elliott ffc87c1006
[DOCS] Fix Docs Links (#674)
- Fixed a few broken links
2020-03-01 16:58:26 +11:00
Clément Michaud b5a9e0f047
[DOCS] Update links in README to reference docs.authelia.com. (#667)
* [DOCS] Update links in README to reference docs.authelia.com.

* Move report section of security to the top level page.

* Fix ordering of sub-pages of 2FA feature.
2020-03-01 00:27:23 +01:00
Clément Michaud adf7bbaf5b
[DOCS] Bootstrap new documentation website based on just-the-docs (#659) 2020-02-29 01:43:59 +01:00