RPJosh
/
authelia
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2,760 Commits
27 Branches
187 Tags
61 MiB
Commit Graph

7 Commits (1bd862a814ba3b6e0d0112fb52805544a586be5f)

Author SHA1 Message Date
James Elliott 3c1bb3ec19
feat(authorization): domain regex match with named groups (#2789) 
This adds an option to match domains by regex including two special named matching groups. User matches the username of the user, and Group matches the groups a user is a member of. These are both case-insensitive and you can see examples in the docs.
 2022-04-01 22:38:49 +11:00
James Elliott ef3c2faeb5
fix(authorization): configuration reports 2fa disabled with 2fa oidc clients (#2089) 
This resolves an issue where if you have zero two_factor ACL rules but enabled two_factor OIDC clients, 2FA is reported as disabled.
 2021-06-18 11:38:01 +10:00
James Elliott 1e30b00f7e
fix(validator): misleading warning for empty acl domains (#1898) 
This fixes misleading errors for ACL rules with an empty list of domains. This also enables admins to have a default policy with zero ACL rules as long as the default policy is not deny or bypass. It also adds a rule number to all ACL rule related log messages which is the position in the YAML list plus 1. Lastly it adds comprehensive per rule HIT/MISS logging when Authelia trace logging is enabled. This trace logging includes the rule number.
 2021-04-14 20:53:23 +10:00
James Elliott 4dce8f9496
perf(authorizer): preload access control lists (#1640) 
* adjust session refresh to always occur (for disabled users)

* feat: adds filtering option for Request Method in ACL's

* simplify flow of internal/authorization/authorizer.go's methods

* implement query string checking

* utilize authorizer.Object fully

* make matchers uniform

* add tests

* add missing request methods

* add frontend enhancements to handle request method

* add request method to 1FA Handler Suite

* add internal ACL representations (preparsing)

* expand on access_control next

* add docs

* remove unnecessary slice for network names and instead just use a plain string

* add warning for ineffectual bypass policy (due to subjects)

* add user/group wildcard support

* fix(authorization): allow subject rules to match anonymous users

* feat(api): add new params

* docs(api): wording adjustments

* test: add request method into testing and proxy docs

* test: add several checks and refactor schema validation for ACL

* test: add integration test for methods acl

* refactor: apply suggestions from code review

* docs(authorization): update description
 2021-03-05 15:18:31 +11:00
Amir Zarrinkafsh 81e34d84de
[MISC] Validate all sections of ACLs on startup (#1595) 
* [MISC] Validate all sections of ACLs on startup

This change ensure that all sections of the `access_control` key are validated on startup.

* Change error format to clearly identify values
 2021-01-16 21:05:41 +11:00
Amir Zarrinkafsh 9ca0e940da
[FEATURE] Validate ACLs and add network groups (#1568) 
* adds validation to ACL's
* adds a new networks section that can be used as aliases in other sections (currently access_control)
 2021-01-04 21:55:23 +11:00
Clement Michaud 3b2d733367 Move source code into internal directory to follow standard project layout. 
https://github.com/golang-standards/project-layout
 2019-11-17 16:30:33 +01:00