4dce8f9496
perf(authorizer): preload access control lists ( #1640 )
...
* adjust session refresh to always occur (for disabled users)
* feat: adds filtering option for Request Method in ACL's
* simplify flow of internal/authorization/authorizer.go's methods
* implement query string checking
* utilize authorizer.Object fully
* make matchers uniform
* add tests
* add missing request methods
* add frontend enhancements to handle request method
* add request method to 1FA Handler Suite
* add internal ACL representations (preparsing)
* expand on access_control next
* add docs
* remove unnecessary slice for network names and instead just use a plain string
* add warning for ineffectual bypass policy (due to subjects)
* add user/group wildcard support
* fix(authorization): allow subject rules to match anonymous users
* feat(api): add new params
* docs(api): wording adjustments
* test: add request method into testing and proxy docs
* test: add several checks and refactor schema validation for ACL
* test: add integration test for methods acl
* refactor: apply suggestions from code review
* docs(authorization): update description
2021-03-05 15:18:31 +11:00
81e34d84de
[MISC] Validate all sections of ACLs on startup ( #1595 )
...
* [MISC] Validate all sections of ACLs on startup
This change ensure that all sections of the `access_control` key are validated on startup.
* Change error format to clearly identify values
2021-01-16 21:05:41 +11:00
9ca0e940da
[FEATURE] Validate ACLs and add network groups ( #1568 )
...
* adds validation to ACL's
* adds a new networks section that can be used as aliases in other sections (currently access_control)
2021-01-04 21:55:23 +11:00
5c4edf2f4d
[FEATURE] Support for subject combinations in ACLs ( #1142 )
2020-06-25 18:22:42 +10:00
be0cc72473
[CI] Add goconst linter ( #961 )
...
* [CI] Add goconst linter
* Implement goconst recommendations
* Rename defaultPolicy to denyPolicy
* Change order for test constants
Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
2020-05-02 18:20:40 +02:00
2e784084c7
[MISC] Implement golint recommendations ( #885 )
...
Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
2020-04-20 23:03:38 +02:00
951dc71325
[FEATURE] Support multiple domains and multiple subjects in ACLs ( #869 )
...
* added support for listing multiple domains and multiple subjects
* updated documentation to show use of multiple domains and subjects
* updated config.template.yml to display multiple domains as a list
* updated config.template.yml to display multiple subjects as a list
* updated docs/configuration/access-control.md to display multiple domains as a list
* updated docs/configuration/access-control.md to display multiple subjects as a list
* removed redundant check that always returned true
* Commentary definition for `weak`
2020-04-16 10:18:11 +10:00
e92d3ced3a
Introduce viper in order to read secrets from env variables.
2020-01-22 10:15:25 +11:00
3b2d733367
Move source code into internal directory to follow standard project layout.
...
https://github.com/golang-standards/project-layout
2019-11-17 16:30:33 +01:00
James Elliott
Amir Zarrinkafsh
Philipp Staiger
Dustin Sweigart
Clement Michaud