Commit Graph

160 Commits (319a8cf9d4a8b690ff3c9b8d873de1d0408210ed)

Author SHA1 Message Date
Amir Zarrinkafsh 7363dea011
build(deps): update swagger-ui to v4.13.0 (#3765) 2022-07-29 15:21:09 +10:00
James Elliott 5304178165
ci: add dedicated authelia-gen command (#3463)
Adds a dedicated authelia code/doc gen command.
2022-06-14 22:40:00 +10:00
James Elliott 001589cd6d
feat(metrics): implement prometheus metrics (#3234)
Adds ability to record metrics and gather them for Prometheus.
2022-06-14 17:20:13 +10:00
Amir Zarrinkafsh 647f3eaa5d
build(deps): update swagger-ui to v4.12.0 (#3485) 2022-06-05 22:04:37 +10:00
Manuel Nuñez 3a8fdb3be4
fix: pnpm permissions in dev mode (#3386)
* fix: pnpm permissions

* Update cmd_bootstrap.go

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2022-05-18 13:12:39 +10:00
James Elliott ac4159acff
build(deps): update swagger-ui to v4.11.1 (#3361) 2022-05-14 15:24:45 +10:00
Amir Zarrinkafsh 91c0c81818
refactor(suites): stop integration tests on first failure (#3270)
* refactor(suites): stop integration tests on first failure

* refactor(suites): remove additional nginx instance

* refactor(suites): log relevant containers

* refactor(suites): add traefik2 logs to stdout

* refactor(suites): explicitly enable traefik for tests

* refactor(suites): remove redis restart and duplicate pathprefix tests

* ci(buildkite): allow manual retry on integration tests
2022-05-02 14:50:37 +10:00
James Elliott dc7ca6f03c
refactor: introduce config key gen (#3206)
This adjusts the validated keys to utilize a generated code section.
2022-04-16 19:00:39 +10:00
Clément Michaud 3ca438e3d5
feat: implement mutual tls in the web server (#3065)
Mutual TLS helps prevent untrusted clients communicating with services like Authelia. This can be utilized to reduce the attack surface.

Fixes #3041
2022-04-05 09:57:47 +10:00
James Elliott b8280dfed6
build(deps): update dependency swagger-ui to 4.10.3 (#3110) 2022-04-04 14:59:27 +10:00
James Elliott 1772a83190
refactor: apply godot recommendations (#2839) 2022-01-31 16:25:15 +11:00
Amir Zarrinkafsh 34b31c7b83
build(deps): update swagger-ui to v4.1.3 (#2736) 2021-12-27 17:00:36 +11:00
James Elliott 7df242f1e3
refactor: remove ioutil (#2635)
Was deprecated in 1.16 and has more performant options available.
2021-12-02 00:14:15 +11:00
James Elliott ad8e844af6
feat(totp): algorithm and digits config (#2634)
Allow users to configure the TOTP Algorithm and Digits. This should be used with caution as many TOTP applications do not support it. Some will also fail to notify the user that there is an issue. i.e. if the algorithm in the QR code is sha512, they continue to generate one time passwords with sha1. In addition this drastically refactors TOTP in general to be more user friendly by not forcing them to register a new device if the administrator changes the period (or algorithm).

Fixes #1226.
2021-12-01 23:11:29 +11:00
James Elliott 3695aa8140
feat(storage): primary key for all tables and general qol refactoring (#2431)
This is a massive overhaul to the SQL Storage for Authelia. It facilitates a whole heap of utility commands to help manage the database, primary keys, ensures all database requests use a context for cancellations, and paves the way for a few other PR's which improve the database.

Fixes #1337
2021-11-23 20:45:38 +11:00
Amir Zarrinkafsh 86865cea29
build(deps): update swagger-ui to v4.1.0 (#2576) 2021-11-09 10:59:01 +11:00
Amir Zarrinkafsh 722f2daf9a
build(deps): update swagger-ui to v3.52.4 (#2493) 2021-10-12 15:52:50 +11:00
Amir Zarrinkafsh 9445878ca2
refactor(web): use transformindexhtml vite hook (#2488) 2021-10-11 20:30:02 +11:00
Clément Michaud 1f28bc9b26
docs: provide installation guidelines for installing missing tools (#2481) 2021-10-09 20:41:02 +02:00
Amir Zarrinkafsh a3e84769b5
feat(web): replace cra with vite (#2457)
* feat(web): replace cra with vite

* fix: add istanbul
* fix: add jest
* fix: inject env vars
* fix: replicate cra output directories
* fix: post-frontend build for go templating
* fix: dynamic publicpath

* fix(web): import resolution with aliases for .module.css files

* refactor(server): baseurl var

* refactor(web): drop babel-jest for esbuild-jest

* refactor(web): add inline sourcemap for coverage bundle

* build(deps): update web deps

* build(deps): downgrade vite-plugin-istanbul to 2.2.0

98bf77dbaa is a breaking change that means production mode builds can no longer be instrumented.

* refactor(web): match frontend name and version

* refactor(web): drop cra readme
2021-10-08 15:00:06 +11:00
Amir Zarrinkafsh 982e1c2638
ci(buildkite): perform frontend install for renovate deps (#2463) 2021-10-07 10:14:52 +11:00
Amir Zarrinkafsh 26de57a297
ci(buildkite): skip front/backend builds for renovate deps (#2462)
* ci(buildkite): skip front/backend builds for renovate deps

* ci(buildkite): make unit-test artifact compression conditional
2021-10-07 09:45:37 +11:00
Amir Zarrinkafsh 3d312cf3b9
refactor: replace yarn with pnpm (#2424)
* Check for pnpm in authelia-scripts
* Improve husky hooks to check for required apps
* Use pnpm in coverage dockerfile
* Use pnpm in dev workflow
* Stop buildx log truncation
* Ignore pnpm lockfile in yamllint
* Update versions required for docker and docker-compose in contributing docs
2021-09-29 17:24:21 +10:00
Amir Zarrinkafsh f37cb76f6f
feat(web): remove sourcemap generation (#2423) 2021-09-28 17:09:31 +10:00
Amir Zarrinkafsh c9f5b3de88
feat(web): replace babel-loader and terser with esbuild (#2422) 2021-09-28 16:27:06 +10:00
Amir Zarrinkafsh d7763a20ec
build(deps): update swagger-ui to v3.52.3 (#2412) 2021-09-26 12:25:14 +10:00
Amir Zarrinkafsh bd6a8e3ea2
feat: hardened authelia binaries (#2410)
* feat: hardened authelia binaries

This change ensures that all Authelia binaries which are compiled and distributed are hardened with the following standards:

* RELRO
* Stack canary
* NX
* PIE/ASLR
* Stripped RPATH AND RUNPATH
* Stripped Symbols
* Fortify

The musl variants currently [do not support Fortify](https://wiki.musl-libc.org/future-ideas.html#Fortify).

* refactor: docker pull for authelia/crossbuild in background
2021-09-26 12:08:47 +10:00
Amir Zarrinkafsh 92ec00d7c5
feat: builds with gox and buildx (#2381)
* feat: builds with gox and buildx

This change builds all of Authelia respective binaries in parallel within a single step and distributes as necessary to subsequent steps, we now also build and distribute for the following OS/Architecture: freebsd/amd64.

Our CI/CD pipeline now also utilises docker buildx as a default for builds and pushes.

* refactor: clean up docker helper

* Remove `authelia-scripts docker push-image` command as all pushes will be performed with buildx and manifests
* Rename the --arch flag to --container
* Add Dockerfile.dev for users that want to build an Authelia container from source without utilising suites
* Set Dockerfile.dev as default for `authelia-scripts docker build` command

* refactor: variant -> container
2021-09-16 22:39:18 +10:00
Amir Zarrinkafsh 719447b719
build(deps): update swagger-ui to v3.52.2 (#2374) 2021-09-14 16:17:13 +10:00
Amir Zarrinkafsh 4b3e7ac724
build(deps): update swagger-ui to v3.52.1 (#2367) 2021-09-13 18:33:51 +10:00
James Elliott b4e570358e
fix: include major in go.mod module directive (#2278)
* build: include major in go.mod module directive

* fix: xflags

* revert: cobra changes

* fix: mock doc
2021-08-11 11:16:46 +10:00
Amir Zarrinkafsh 6033b7df70
build(deps): update swagger-ui to v3.52.0 (#2276) 2021-08-10 11:20:44 +10:00
Amir Zarrinkafsh 2c3bc4a133
fix(cmd): remove microbadger references (#2243)
MicroBadger is dead, so we need to remove all references of it.
2021-08-05 16:36:45 +10:00
James Elliott a7e867a699
feat(configuration): replace viper with koanf (#2053)
This commit replaces github.com/spf13/viper with github.com/knadh/koanf. Koanf is very similar library to viper, with less dependencies and several quality of life differences. This also allows most config options to be defined by ENV. Lastly it also enables the use of split configuration files which can be configured by setting the --config flag multiple times.

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-08-03 19:55:21 +10:00
Amir Zarrinkafsh 03274c171e
build(deps): update swagger-ui to v3.51.2 (#2222) 2021-08-02 14:55:34 +10:00
James Elliott 31c5c820f0
refactor(authentication): log ldap warning on startup in rare condition (#2141)
This is so on startup administrators who have a LDAP server implementation that may not support password hashing by default are clearly warned. This only triggers if the disable password reset option is not enabled, we cannot find the extension OID for the Extended Password Modify Operation, and the implementation is not Active Directory. Active Directory has it's own method for this which doesn't advertise an OID.
2021-07-04 15:44:11 +10:00
James Elliott ef549f851d
feat(oidc): add additional config options, accurate token times, and refactoring (#1991)
* This gives admins more control over their OIDC installation exposing options that had defaults before. Things like lifespans for authorize codes, access tokens, id tokens, refresh tokens, a option to enable the debug client messages, minimum parameter entropy. It also allows admins to configure the response modes.
* Additionally this records specific values about a users session indicating when they performed a specific authz factor so this is represented in the token accurately. 
* Lastly we also implemented a OIDC key manager which calculates the kid for jwk's using the SHA1 digest instead of being static, or more specifically the first 7 chars. As per https://datatracker.ietf.org/doc/html/draft-ietf-jose-json-web-key#section-8.1.1 the kid should not exceed 8 chars. While it's allowed to exceed 8 chars, it must only be done so with a compelling reason, which we do not have.
2021-07-04 09:44:30 +10:00
Amir Zarrinkafsh c8b51d1190
build(deps): update swagger-ui to v3.51.1 (#2140) 2021-07-02 19:08:10 +10:00
James Elliott cb71df5d9b
feat(authentiation): check ldap support for extended operations on startup (#2133)
* feat(authentiation): check ldap server on startup

This PR adds a startup check to the LDAP authentication backend. It additionally adds support for checking supportedExtension OIDs, currently only checking passwdModifyOID (1.3.6.1.4.1.4203.1.11.3). This can relatively easily be enhanced to add detection for other rootDSE capabilities like supportedControl and supportedCapabilities as necessary.

* test(authentication): add unit tests for new feature

* refactor(authentication): factorize ldap user provider newup

* refactor: minor adjustments
2021-07-02 09:16:16 +10:00
Amir Zarrinkafsh 756aee507f
refactor: cra build path (#2117)
* refactor: cra build path

The `authelia-scripts` helper currently performs steps to move files around in different stages of development and CI/CD.

We now utilise the `BUILD_PATH` environment variable to adjust the output directory for the web frontend from the default of `./web/build/` simplifying the helper somewhat.

Additionally we no longer build the Go binary in the unit test stage of our CI/CD as this is not necessary.

* fix: build output directory in coverage dockerfile
2021-06-25 21:53:20 +10:00
Amir Zarrinkafsh 41f1162651
build(deps): update swagger-ui to v3.51.0 (#2118) 2021-06-25 18:46:50 +10:00
Amir Zarrinkafsh 8db0bc9ae1
refactor: drop qemu binary requirement (#2116)
QEMU binaries no longer need to be baked into containers.
2021-06-24 18:24:47 +10:00
Amir Zarrinkafsh 4cab3a4a4e
refactor: drop cgo requirement for sqlite (#2101)
* refactor: drop cgo requirement for sqlite

Replace github.com/mattn/go-sqlite3 with modernc.org/sqlite which drops our CGO requirement.

* refactor: newline for consistency with dockerfiles
2021-06-22 10:45:33 +10:00
James Elliott 0d7b33022c
build: add enhanced information (#2067)
This commit adjusts the build flags to include version information in the LDFLAGS using the -X options. Additionally this makes the information recorded at build time more comprehensive. All build information can now be obtained via the `authelia build` command, and the `authelia version` command is now `authelia --version`. Lastly this adjusts the Dockerfile to utilize docker cache more effectively.
2021-06-18 14:35:43 +10:00
James Elliott ef3c2faeb5
fix(authorization): configuration reports 2fa disabled with 2fa oidc clients (#2089)
This resolves an issue where if you have zero two_factor ACL rules but enabled two_factor OIDC clients, 2FA is reported as disabled.
2021-06-18 11:38:01 +10:00
Amir Zarrinkafsh 8a171e6344
ci(golangci-lint): replace golint with revive linter (#2078)
Remove deprecated `golint` linter and replace with `revive` linter.

Also fix outstanding issues due to upgraded linters.
2021-06-11 10:30:53 +10:00
Amir Zarrinkafsh 50878b1e7f
build(deps): update swagger-ui to v3.50.0 (#2070) 2021-06-08 10:59:03 +10:00
James Elliott cef35fadcd
feat(configuration): add error and warn log levels (#2050)
This is so levels like warn and error can be used to exclude info or warn messages. Additionally there is a reasonable refactoring of logging moving the log config options to the logging key because there are a significant number of log options now. This also decouples the expvars and pprof handlers from the log level, and they are now configured by server.enable_expvars and server.enable_pprof at any logging level.
2021-06-01 14:09:50 +10:00
Amir Zarrinkafsh 05df642f3e
feat: add option to keep stdout logging with log_file_path (#2037)
Currently if a `log_file_path` is defined Authelia will redirect all logging from standard output to said defined location. This change allows users to keep standard output logging along with a defined `log_file_path`.
2021-05-31 14:02:54 +10:00
Amir Zarrinkafsh a31a17b222
fix(cmd): retry clean tag logic for dockerhub (#1976)
This change will ensure that if the curl command for the cleaning of Docker tags on DockerHub fails it will be reattempted up to 2 more times (total of 3) with a 10 second sleep between each attempt.

The clean tag logic itself within curl attempts to execute the http request upto 3 times so this will ensure a maximum of 9 attempts.
2021-05-05 17:09:31 +10:00