James Elliott
e784a72735
test(authorization): add missing tests ( #5478 )
...
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-24 19:23:46 +10:00
James Elliott
a4edf21320
fix(authorization): subject wildcard domain rule not matching ( #4187 )
...
This fixes an issue where the subject wildcard domain rules (those containing {user} and {group}) are not considered matches even though they may be once a user authenticates.
Fixes #4186
2022-10-18 19:14:34 +11:00
James Elliott
8cdf4a5624
fix(authorization): regex subj doesn't redirect anon user ( #4037 )
...
This fixes an issue with the authorization policies where if the Domain Regex or Resources criteria would incorrectly return 403 Forbidden statuses instead of 302 Found statuses.
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2022-09-26 14:33:08 +10:00
James Elliott
ab1d0c51d3
feat(authorization): acl resource regex named groups ( #3597 )
...
This adds the named group functionality from domain_regex to the resource criteria.
2022-06-28 12:51:05 +10:00
James Elliott
3c1bb3ec19
feat(authorization): domain regex match with named groups ( #2789 )
...
This adds an option to match domains by regex including two special named matching groups. User matches the username of the user, and Group matches the groups a user is a member of. These are both case-insensitive and you can see examples in the docs.
2022-04-01 22:38:49 +11:00
James Elliott
b4e570358e
fix: include major in go.mod module directive ( #2278 )
...
* build: include major in go.mod module directive
* fix: xflags
* revert: cobra changes
* fix: mock doc
2021-08-11 11:16:46 +10:00
James Elliott
4dce8f9496
perf(authorizer): preload access control lists ( #1640 )
...
* adjust session refresh to always occur (for disabled users)
* feat: adds filtering option for Request Method in ACL's
* simplify flow of internal/authorization/authorizer.go's methods
* implement query string checking
* utilize authorizer.Object fully
* make matchers uniform
* add tests
* add missing request methods
* add frontend enhancements to handle request method
* add request method to 1FA Handler Suite
* add internal ACL representations (preparsing)
* expand on access_control next
* add docs
* remove unnecessary slice for network names and instead just use a plain string
* add warning for ineffectual bypass policy (due to subjects)
* add user/group wildcard support
* fix(authorization): allow subject rules to match anonymous users
* feat(api): add new params
* docs(api): wording adjustments
* test: add request method into testing and proxy docs
* test: add several checks and refactor schema validation for ACL
* test: add integration test for methods acl
* refactor: apply suggestions from code review
* docs(authorization): update description
2021-03-05 15:18:31 +11:00