Implement a password policy with visual feedback in the web portal.
Co-authored-by: Manuel Nuñez <@mind-ar>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
* test(web): drop enzyme in favor of react-testing-library
Enzyme is falling behind in maintenance, it is currently maintained by one primary developer and still does [not support React 17](https://github.com/enzymejs/enzyme/pull/2430) despite it being released in October 2020.
[react-testing-library (RTL)](https://testing-library.com/docs) is [recommended by Facebook](https://reactjs.org/docs/test-utils.html#overview) and encourages writing tests that avoid testing implementation details.
* build(deps): update react monorepo to v17 (major)
* build(deps): remove @types/{enzyme,jest}
* refactor(web): use absolute imports with aliases
Refactors all of the TS/JS frontend to utilise absolute imports along with import aliases.
Each of the paths within `src` are represented with their own alias:
* @assets
* @components
* @constants (new)
* @hooks
* @layouts
* @models
* @services
* @themes
* @utils
* @views
`Routes.ts` and `constant.ts` have been relocated to the constants directory for consistency.
OpenID connect has become a standard when it comes to authentication and
in order to fix a security concern around forwarding authentication and authorization information
it has been decided to add support for it.
This feature is in beta version and only enabled when there is a configuration for it.
Before enabling it in production, please consider that it's in beta with potential bugs and that there
are several production critical features still missing such as all OIDC related data is stored in
configuration or memory. This means you are potentially going to experience issues with HA
deployments, or when restarting a single instance specifically related to OIDC.
We are still working on adding the remaining set of features before making it GA as soon as possible.
Related to #189
Co-authored-by: Clement Michaud <clement.michaud34@gmail.com>
* it doesn't work with our current CSP
* it's probably not used by anyone
* it isn't in harmony with our security purposes
* literally removes all use of it
* suggestions from code review
* remove useless test.
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
Co-authored-by: Clement Michaud <clement.michaud34@gmail.com>
* Add period TOPT config key to define the time in seconds each OTP is rotated
* Add skew TOTP config to define how many keys either side of the current one should be considered valid
* Add tests and set minimum values
* Update config template
* Use unix epoch for position calculation and Fix QR gen
* This resolves the timer resetting improperly at the 0 seconds mark and allows for periods longer than 1 minute
* Generate QR based on period
* Fix OTP timer graphic
* Redirect to default URL after 1FA when default policy is one_factor.
User is now redirected to the default redirection URL after 1FA if
the default policy is set to one_factor and there is no target URL
or if the target URL is unsafe.
Also, if the default policy is set to one_factor and the user is already
authenticated, if she visits the login portal, the 'already authenticated'
view is displayed with a logout button.
This fixes#581.
* Update users.yml
* Fix permissions issue causing suite test failure
Providing a GA tracking ID allows administrators to analyze
how the portal is used by their users in large environments,
i.e., with many users.
This will make even more sense when we have users and admins
management interfaces.
A message is now displayed to the user when he first sign in
in Authelia letting him know that a device must be enrolled.
Also introduce a message letting him know when he is already
authenticated.