authelia

Author	SHA1	Message	Date
Clement Michaud	56fdc40290	Every public endpoints return 200 with harmonized error messages or 401 Now, /verify can return 401 or 403 depending on the user authentication. Every public API endpoints and pages return 200 with error message in JSON body or 401 if the user is not authorized. This policy makes it complicated for an attacker to know what is the source of the failure and hide server-side bugs (not returning 500), bugs being potential threats.	2017-10-14 11:57:38 +02:00
Clement Michaud	0a33b2d5ee	Add logs to detect redis connection issues earlier Before this fix, the application was simply crashing during execution when connection to redis was failing. Now, it is correctly handled with failing promises and logs have been enabled to clearly see the problem	2017-09-22 20:52:05 +02:00
Clement Michaud	50636587a8	Notifications to users do not use notifyjs anymore. They are more common and located in the form areas to improve visibility on mobile devices.	2017-09-02 16:33:57 +02:00
Clement Michaud	c12a085f8e	Replace mocha integration tests by cucumber tests	2017-07-31 22:20:33 +02:00