Commit Graph

1098 Commits (2b627c6c04d5d10564fe79b35a99146aaad746ae)

Author SHA1 Message Date
Amir Zarrinkafsh 2b627c6c04
[CI] Set concurrency groups at a global level and simplify pipeline (#942) 2020-04-29 14:06:35 +10:00
Amir Zarrinkafsh f781d63b2c
[CI] Prevent race conditions with appropriate deployment steps (#941)
If we have multiple builds to master that intend to deploy AUR packages or documentation, we must ensure that the jobs are locked and executed sequentially, not simultaneously. If they were to run simultaneously this has the ability to cause a race condition when attempting to commit the respective steps.
2020-04-29 13:05:41 +10:00
Dimitris Zervas c9efae05ad
[DOCS] Add jira auto-login with http headers documentation (#868)
* Add jira auto-login with http headers documentation

* Update two-factor-basic-auth.md

* Create using-remote-user-header-for-sso-with-jira.md
2020-04-29 12:34:05 +10:00
Amir Zarrinkafsh 12100d21e2
[CI] Linting optimisations (#940)
* [CI] Lint all builds except tagged commits to satisfy branch protection

* [CI] Add automatic retries for linting failures
This is to treat any issues with the reviewdog API server and occasional failures we are seeing.
2020-04-29 12:30:46 +10:00
Amir Zarrinkafsh f8bd506326
[FEATURE] Embed static assets in Go binary (#916)
* [FEATURE] Embed static assets in Go binary

* Refactor/consolidate code and specify public_html via configuration

* Update docs and config template for assets

* Update AUR package pre-requisites and systemd unit

* Include static assets as Buildkite and GitHub artifacts

* Remove references to PUBLIC_DIR

* Only serve assets via embedded filesystem and remove configuration references

* Update authelia-scripts helper to build the embedded filesystem

* Mock the embedded filesystem for unit tests
Add to gitignore to ensure this isn't overwritten.

* Move go:generate to satisfy linter
2020-04-29 00:07:20 +10:00
Amir Zarrinkafsh ff2df8b039
[DOCS] Fix HAProxy typo (#937) 2020-04-28 21:00:10 +10:00
Amir Zarrinkafsh 69859aa5d4
[DOCS] Update HAProxy code syntax style (#936) 2020-04-28 20:53:06 +10:00
Amir Zarrinkafsh dca8a5343a
[DOCS] Update proxy integration example for HAProxy (#935)
* [DOCS] Update proxy integration example for HAProxy

* Minor style tweak

* Update haproxy.md

Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2020-04-28 19:17:45 +10:00
Amir Zarrinkafsh 2f8bcef621
[CI] Adjust linting default excludes to align with goreportcard (#934) 2020-04-28 16:39:54 +10:00
dependabot-preview[bot] 3ba06c2e9d
[MISC] (deps): Bump node from 12-alpine to 14-alpine (#932)
Bumps node from 12-alpine to 14-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-04-28 09:38:20 +10:00
dependabot-preview[bot] 9fc3098481
[MISC] (deps): Bump @types/react-dom from 16.9.6 to 16.9.7 in /web (#933)
Bumps [@types/react-dom](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react-dom) from 16.9.6 to 16.9.7.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react-dom)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-04-27 23:03:49 +02:00
Amir Zarrinkafsh 6c7d5cfa9a
[CI] Add Gemfile.lock monitoring to dependabot (#931)
This will allow dependabot to inform us when there are newer ruby bundles available.
2020-04-27 21:09:26 +02:00
dependabot-preview[bot] ab8db21214
[MISC] (deps): Bump node in /internal/suites/example/compose/authelia (#930)
Bumps node from 12-alpine to 14-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-04-27 13:13:03 +10:00
dependabot-preview[bot] 6c0e9f84b0
[MISC] (deps): Bump node in /internal/suites/example/compose/duo-api (#929)
Bumps node from 12-alpine to 14-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-04-27 12:53:16 +10:00
Amir Zarrinkafsh 83d40641d7
[CI] Add Dockerfile monitoring to dependabot (#928)
This will allow dependabot to inform us when there are newer version of the base packages for our Dockerfiles.
2020-04-27 11:56:44 +10:00
dependabot-preview[bot] 1dad4846f9
[MISC] (deps): Bump @material-ui/core from 4.9.11 to 4.9.12 in /web (#927)
Bumps [@material-ui/core](https://github.com/mui-org/material-ui/tree/HEAD/packages/material-ui) from 4.9.11 to 4.9.12.
- [Release notes](https://github.com/mui-org/material-ui/releases)
- [Changelog](https://github.com/mui-org/material-ui/blob/master/CHANGELOG.md)
- [Commits](https://github.com/mui-org/material-ui/commits/v4.9.12/packages/material-ui)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-04-27 11:15:12 +10:00
dependabot-preview[bot] ac36283c68
[MISC] (deps): Bump @types/node from 13.13.2 to 13.13.4 in /web (#926)
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 13.13.2 to 13.13.4.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
2020-04-26 23:23:23 +02:00
dependabot-preview[bot] d79e90d84b
[MISC] (deps): Bump @types/react-router-dom from 5.1.4 to 5.1.5 in /web (#925)
Bumps [@types/react-router-dom](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react-router-dom) from 5.1.4 to 5.1.5.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react-router-dom)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
2020-04-26 21:41:56 +02:00
dependabot-preview[bot] 5d2b7a1398
[MISC] (deps): Bump github.com/fasthttp/router from 1.0.3 to 1.0.4 (#923)
Bumps [github.com/fasthttp/router](https://github.com/fasthttp/router) from 1.0.3 to 1.0.4.
- [Release notes](https://github.com/fasthttp/router/releases)
- [Commits](https://github.com/fasthttp/router/compare/v1.0.3...v1.0.4)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-04-26 20:43:59 +02:00
Amir Zarrinkafsh 784112d654
[MISC] Update QEMU to v4.2.0-7 (#921)
Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
2020-04-26 16:09:28 +02:00
Amir Zarrinkafsh a90f432ba1
[CI] Update reviewdog level to error (#922)
This will ensure that GitHub checks are identified as failures as opposed to neutral warnings.
2020-04-26 15:38:20 +02:00
Clément Michaud bfff9237fa
[RELEASE] v4.15.1 (#919) 2020-04-26 00:29:08 +02:00
Clément Michaud 29325ab273
Fix CSP not propagated in default handler. (#915)
Also:
- not hide the CSP header in the dist version of suites.
- Fix CSP errors due to FontAwesome loading stylesheets dynamically.
2020-04-26 00:12:55 +02:00
Daniel Sutton ca4a890fb2
[MISC] Update to alpine 3.11.6 (#917)
* update to alpine 3.11.6

Signed-off-by: Daniel Sutton <daniel@ducksecops.uk>
2020-04-25 22:56:32 +02:00
James Elliott 4e7d645084
[FIX] Layout discrepancy with U2F (#914)
* 4.8.0 deps bump changed the root containers padding from 32px to 24px
* only affects the u2f screen, this fixes the padding on the root container for the Login Layout
* this makes u2f screen layout behave the same as all of the other ones
2020-04-25 16:56:56 +02:00
Clément Michaud 9116135401
[BUGFIX] Bad redirection behavior after inactivity and inactivity update events. (#911)
* This affects primarily Authelia instances running behind Traefik or
nginx ingress controllers within Kubernetes because those proxies
require that Authelia returns 302 instead of 401 after the session
has been inactive for too long.
* fixes #909
* fixed activity timestamp not being updated when accessing forbidden resources.
* fix inactivity not updated when user was inactive for too long.
* cover inactivity timeout updates with unit tests.
2020-04-25 09:29:36 +10:00
Clément Michaud f92480b44b
[DOCS] Add SECURITY.md and update README.md. (#906)
* Add SECURITY.md and update README.md.

* Align README.md and SECURITY.md with the security documentation.
2020-04-24 10:29:30 +10:00
Clément Michaud 1b8dccb806
Fix broken link in threat model. (#908) 2020-04-24 07:18:16 +10:00
Clément Michaud a3721b69ce
Add mention about TLS support in threat model. (#907)
* Add mention about TLS support in threat model.

* Try to fix title rendering.
2020-04-23 22:59:04 +02:00
James Elliott 8917c98d65
[RELEASE] v4.15.0 (#904)
* [RELEASE] v4.15.0

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-04-23 12:43:27 +10:00
James Elliott e89e040949
[FIX] File Notifier Default Permissions (#902)
* [FIX] File Notifier Default Permissions

* set to 0600 for security
* recreate file if it exists with correct perms
* remove named return vars from notifier
2020-04-23 12:01:24 +10:00
James Elliott c1ac25a15b
[FEATURE] Config Validation (#901)
* [FEATURE] Config Validation

* check configuration for invalid keys on startup
* allow users to manually trigger all configuration validation on a file using a cmd
* setup all defaults in config template and run tests against it to prevent accidents
* use tests to check bad configuration values are caught
* use tests to check old configuration values are caught
* add tests for specific key errors
* resolve merge conflicts
* nolint prealloc for test
2020-04-23 11:47:27 +10:00
James Elliott b9fb33d806
[FEATURE] File Secrets (#896)
* [FEATURE] File Secret Loading

* add a validator for secrets
* run the secrets validator before the main config validator
* only allow a secret to be defined in one of: config, env, file env
* remove LF if found in file
* update configuration before main config validation
* fix unit tests
* implement secret testing
* refactor the secrets validator
* make check os agnostic
* update docs
* add warning when user attempts to use ENV instead of ENV file
* discourage ENV in docs
* update config template
* oxford comma
* apply suggestions from code review
* rename Validate to ValidateConfiguration
* add k8s example
* add deprecation notice in docs and warning
* style changes
2020-04-23 11:11:32 +10:00
Amir Zarrinkafsh 0ec3f18b44
[CI] Introduce GitHub checks based linting with reviewdog (#900)
* [CI] Introduce linting for branch commits with reviewdog
This utilises the GitHub checks API and could be a potential candidate instead of in-line PR reviews.

* [CI] Change reporter to `github-check`

* [CI] Adjust linting in-line PR commentary to execute with linting step
2020-04-22 23:10:22 +10:00
dependabot-preview[bot] 7e63439c48
[MISC] (deps): Bump @types/node from 13.13.1 to 13.13.2 in /web (#899)
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 13.13.1 to 13.13.2.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-04-22 15:33:07 +10:00
dependabot-preview[bot] d6f240dca5
[MISC] (deps): Bump github.com/lib/pq from 1.3.0 to 1.4.0 (#898)
Bumps [github.com/lib/pq](https://github.com/lib/pq) from 1.3.0 to 1.4.0.
- [Release notes](https://github.com/lib/pq/releases)
- [Commits](https://github.com/lib/pq/compare/v1.3.0...v1.4.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-04-22 15:18:30 +10:00
dependabot-preview[bot] 799945ba4b
[MISC] (deps): Bump github.com/valyala/fasthttp from 1.11.0 to 1.12.0 (#897)
Bumps [github.com/valyala/fasthttp](https://github.com/valyala/fasthttp) from 1.11.0 to 1.12.0.
- [Release notes](https://github.com/valyala/fasthttp/releases)
- [Commits](https://github.com/valyala/fasthttp/compare/v1.11.0...v1.12.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-04-22 14:37:32 +10:00
Amir Zarrinkafsh 9eb9d107f1
[DEPRECATE] Remove migration tools from latest version of Authelia (#894)
* [DEPRECATE] Remove migration tools from latest version of Authelia
Also update references to point to container version 4.14.2 for any of the migration examples.

* [DOCS] Remove v4 release statement in README.md
2020-04-22 13:55:30 +10:00
Amir Zarrinkafsh 54694c4fca
[MISC] Ignore errcheck recommendations for legacy code (#893)
* [MISC] Ignore errcheck recommendations for legacy code
Some of this is likely intended to stay how it is, some could use refactoring, for now we will mark is and ignore it from the linter to be potentially addressed in the future.

* [MISC] Ensure files are gofmt-ed
2020-04-22 13:33:14 +10:00
James Elliott fca190dedc
[MISC] Linting unparam fixes (#892)
* remove unused bools
2020-04-21 15:53:47 +10:00
James Elliott 9e9dee43ac
[FEATURE] Notifier Startup Checks (#889)
* implement SMTP notifier startup check
* check dial, starttls, auth, mail from, rcpt to, reset, and quit
* log the error on failure
* implement mock
* misc optimizations, adjustments, and refactoring
* implement validate_skip config option
* fix comments to end with period
* fix suites that used smtp notifier without a smtp container
* add docs
* add file notifier startup check
* move file mode into const.go
* disable gosec linting on insecureskipverify since it's intended, warned, and discouraged
* minor PR commentary adjustment
* apply suggestions from code review

Co-Authored-By: Amir Zarrinkafsh <nightah@me.com>
2020-04-21 14:59:38 +10:00
James Elliott a26ddf9c65
[CI] Update PR commentary messages (#890)
* thank users for their contribution
* let users know about the golangci-lint reviews
* notify users about artifacts on buildkite
2020-04-21 13:08:40 +10:00
Amir Zarrinkafsh 333137d56d
[MISC] Implement final golint recommendations (#888) 2020-04-21 10:48:24 +10:00
Clément Michaud b12d9d405f
[FEATURE] Add Content-Security-Policy meta to login portal. (#822)
CSP is used to avoid some attacks where the hacker tries to execute
untrusted code in the browser.

The policy is to use assets hosted on the the original website and in order to make CSP work with material UI, a nonce is generated at each request of index.html and injected in the template as well as provided in the Content-Security-Policy header (https://material-ui.com/styles/advanced/#how-does-one-implement-csp)

Fix #815
2020-04-21 10:23:28 +10:00
Amir Zarrinkafsh 2e784084c7
[MISC] Implement golint recommendations (#885)
Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
2020-04-20 23:03:38 +02:00
dependabot-preview[bot] a6b7a8632b
[MISC] (deps): Bump @types/node from 13.13.0 to 13.13.1 in /web (#887)
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 13.13.0 to 13.13.1.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-04-20 21:46:17 +02:00
dependabot-preview[bot] fcfe8c4da8
[MISC] (deps): Bump github.com/fasthttp/router from 1.0.2 to 1.0.3 (#884)
Bumps [github.com/fasthttp/router](https://github.com/fasthttp/router) from 1.0.2 to 1.0.3.
- [Release notes](https://github.com/fasthttp/router/releases)
- [Commits](https://github.com/fasthttp/router/compare/v1.0.2...v1.0.3)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-04-19 21:48:45 +02:00
James Elliott d233057b31
[RELEASE] 4.14.2 (#882) 2020-04-19 22:06:59 +10:00
James Elliott e72c653f6e
[BUGFIX] 2FA after 1FA only when necessary for access to target (#881)
* prevents requirement to always 2FA if the user doesn't have permission to access a target URL
2020-04-19 21:45:46 +10:00
Amir Zarrinkafsh 4b664cf15f
[RELEASE] v4.14.1 (#880) 2020-04-19 04:33:18 +10:00