Commit Graph

3002 Commits (394dafde01484d8d478f7c9d8801fa99ae9e4a05)

Author SHA1 Message Date
James Elliott c01759715c
fix(models): potential panic generating jti (#2669)
This ensures that at the time the JWT is generated for identity verification requests that a panic can't occur and instead an error will be returned.
2021-12-04 15:48:22 +11:00
James Elliott 5a223b5a56
fix(storage): don't check exp against time using sql (#2676)
This is already checked by JWT validation. There is no need and it's leading to timezone issues.

Fixes #2672
2021-12-04 15:34:20 +11:00
renovate[bot] 09fbffa3ac
build(deps): update golang docker tag to v1.17.4 (#2674)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-12-04 12:21:38 +11:00
renovate[bot] b7bf9d52b1
build(deps): update dependency @testing-library/jest-dom to v5.16.0 (#2671)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-12-04 09:37:01 +11:00
renovate[bot] 7838e83483
build(deps): update module github.com/golang-jwt/jwt/v4 to v4.2.0 (#2670)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-12-04 08:47:21 +11:00
James Elliott 0ab94597df
release: v4.33.0 (#2665) 2021-12-03 18:07:22 +11:00
James Elliott 95a5e326a5
fix(storage): postgres schema hardcoded for tables query (#2667)
This removes the hardcoded schema value from the PostgreSQL existing tables query, making it compatible with the new schema config option.
2021-12-03 17:29:55 +11:00
James Elliott ec1cc3d64e
ci: skip deploy aur step on master branch (#2668) 2021-12-03 17:10:09 +11:00
James Elliott a689ffe372
ci: publish authelia-git aur only on releases (#2666) 2021-12-03 15:56:31 +11:00
James Elliott 255aaeb2ad
feat(storage): encrypt u2f key (#2664)
Adds encryption to the U2F public keys. While the public keys cannot be used to authenticate, only to validate someone is authenticated, if a rogue operator changed these in the database they may be able to bypass 2FA. This prevents that.
2021-12-03 11:04:11 +11:00
James Elliott 104a61ecd6
refactor(web): only fetch totp conf if required (#2663)
Prevents the TOTP user config from being requested when the user has not registered or is already authenticated 2FA.
2021-12-02 21:28:16 +11:00
James Elliott f0119b5c75
docs: update fail2ban example (#2661)
Updates the fail2ban examples to align with new messages.

Fixes #2649.
2021-12-02 17:09:47 +11:00
James Elliott 9045b75344
fix(storage): rebind all queries (#2662)
Fixes an issue in the new storage system. We forgot to rebind a few queries to the PostgreSQL compatible format.
2021-12-02 17:06:04 +11:00
James Elliott f90ca855e3
feat(storage): postgresql schema and ssl options (#2659)
Adds the schema name and all ssl options for PostgreSQL. Also a significant refactor of the storage validation process.
2021-12-02 16:36:03 +11:00
allcontributors[bot] 252b844b46
docs: add kaysond as a contributor for doc (#2660)
* docs: update README.md

* docs: update .all-contributorsrc

Co-authored-by: allcontributors[bot] <46447321+allcontributors[bot]@users.noreply.github.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-12-02 16:01:29 +11:00
Aram Akhavan 5b3fa1fffb
docs: consistent naming for configuration file (#2626)
* change all instances (file names and docs) of "config.template.yml" to "configuration.template.yml" so its consistent with the expectations of the Dockerfile

* Keep config.template.yml named as is

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>

* Update index.html

* revert filename changes and add a note about docker

* refactor: apply suggestions from code review

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-12-02 15:50:05 +11:00
James Elliott a79e4dc592
fix(storage): duo/u2f upsert failure on postgresql (#2658)
This replaces the standard duo_devices upsert with a PostgreSQL specific one and ensures the u2f_devices upsert uses the new unique key for the ON CONFLICT check.
2021-12-02 15:16:45 +11:00
James Elliott bf9ab360bd
refactor(handlers): utilize referer for auth logging rm/rd (#2655)
This utilizes the referrer query parameters instead of current request query parameters for logging the requested URI and method. Minor performance improvements to header peek/sets.
2021-12-02 13:21:46 +11:00
James Elliott f3f3b31b12
refactor(storage): totp_configurations table (#2657)
Rename column totp_period to period.
2021-12-02 12:24:10 +11:00
James Elliott 2075e76015
fix(storage): new auth log schema request method length (#2656)
This is a fix to the authentication_logs schema that prevents the VARCHAR from being insufficient for HTTP request methods such as PATCH, DELETE, OPTIONS, CONNECT.
2021-12-02 11:36:04 +11:00
renovate[bot] 6aed9f9561
build(deps): update dependency jest to v27.4.3 (#2651)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-12-02 10:14:48 +11:00
renovate[bot] 26eac00647
build(deps): update module github.com/mitchellh/mapstructure to v1.4.3 (#2653)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-12-02 08:56:17 +11:00
James Elliott 7df242f1e3
refactor: remove ioutil (#2635)
Was deprecated in 1.16 and has more performant options available.
2021-12-02 00:14:15 +11:00
James Elliott 8a12af97ab
refactor: remove previously deprecated options (#2629)
This removes the deprecated logging, host, port, and tls options per our deprecation policy.
2021-12-02 00:01:32 +11:00
James Elliott ad8e844af6
feat(totp): algorithm and digits config (#2634)
Allow users to configure the TOTP Algorithm and Digits. This should be used with caution as many TOTP applications do not support it. Some will also fail to notify the user that there is an issue. i.e. if the algorithm in the QR code is sha512, they continue to generate one time passwords with sha1. In addition this drastically refactors TOTP in general to be more user friendly by not forcing them to register a new device if the administrator changes the period (or algorithm).

Fixes #1226.
2021-12-01 23:11:29 +11:00
Philipp Staiger 01b77384f9
feat(duo): multi device selection (#2137)
Allow users to select and save the preferred duo device and method, depending on availability in the duo account. A default enrollment URL is provided and adjusted if returned by the duo API. This allows auto-enrollment if enabled by the administrator.

Closes #594. Closes #1039.
2021-12-01 14:32:58 +11:00
renovate[bot] 08b6ecb7b1
build(deps): update dependency jest to v27.4.2 (#2648)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-12-01 09:01:04 +11:00
James Elliott ee14fcf3cb
docs: fix tables (#2647) 2021-11-30 22:36:16 +11:00
James Elliott ab8f9b0697
fix(notifier): force use of sender email in smtp from cmd (#2616)
This change addresses an issue with the usage of the full sender configuration option in the MAIL FROM SMTP command. If a user includes a name in the sender this shouldn't be sent in the MAIL FROM command, instead we should extract it and use just the email portion.

Fixes #2571
2021-11-30 22:15:21 +11:00
renovate[bot] 568f210b2b
build(deps): update dependency jest to v27.4.1 (#2646)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-11-30 21:31:00 +11:00
James Elliott 9ceee6c660
feat(storage): only store identity token metadata (#2627)
This change makes it so only metadata about tokens is stored. Tokens can still be resigned due to conversion methods that convert from the JWT type to the database type. This should be more efficient and should mean we don't have to encrypt tokens or token info in the database at least for now.
2021-11-30 17:58:21 +11:00
renovate[bot] b1d37d2069
build(deps): update dependency @types/node to v16.11.11 (#2644)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-11-30 14:13:26 +11:00
renovate[bot] 923df2cb46
build(deps): update typescript-eslint monorepo to v5.5.0 (#2643)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-11-30 10:41:28 +11:00
renovate[bot] 7ea352b730
build(deps): update dependency jest to v27.4.0 (#2642)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-11-30 10:26:13 +11:00
renovate[bot] a85a1b68b9
build(deps): update module github.com/jackc/pgx/v4 to v4.14.1 (#2641)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-11-30 09:33:09 +11:00
James Elliott bc3b0fda35
feat(regulator): enhance authentication logs (#2622)
This adds additional logging to the authentication logs such as type, remote IP, request method, redirect URL, and if the attempt was done during a ban. This also means we log attempts that occur when the attempt was blocked by the regulator for record keeping purposes, as well as record 2FA attempts which can be used to inform admins and later to regulate based on other factors.

Fixes #116, Fixes #1293.
2021-11-29 14:09:14 +11:00
renovate[bot] d45dac39b9
build(deps): update dependency vite-plugin-istanbul to v2.3.0 (#2637)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-11-27 09:52:44 +11:00
renovate[bot] 6ea5711f91
build(deps): update dependency prettier to v2.5.0 (#2633)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-11-26 13:12:09 +11:00
James Elliott 87f3cf71c1
docs(oidc): provide beta intentions clarification and fix typo (#2632) 2021-11-25 16:11:31 +11:00
James Elliott 347bd1be77
feat(storage): encrypted secret values (#2588)
This adds an AES-GCM 256bit encryption layer for storage for sensitive items. This is only TOTP secrets for the time being but this may be expanded later. This will require a configuration change as per https://www.authelia.com/docs/configuration/migration.html#4330.

Closes #682
2021-11-25 12:56:58 +11:00
renovate[bot] eb94960348
build(deps): update dependency @types/react to v17.0.37 (#2630)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-11-25 09:42:51 +11:00
renovate[bot] 290e3f7aaa
build(deps): update alpine docker tag to v3.15.0 (#2631)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-11-25 08:46:44 +11:00
renovate[bot] 4d64b64a53
build(deps): update module github.com/knadh/koanf to v1.3.3 (#2628)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-11-25 03:05:35 +11:00
renovate[bot] c128359c74
build(deps): update haproxy docker tag to v2.5.0 (#2624)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-11-24 11:36:46 +11:00
renovate[bot] a05b03a3d8
build(deps): update dependency @types/node to v16.11.10 (#2623)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-11-24 10:53:16 +11:00
renovate[bot] 06d47d37fa
build(deps): update dependency @testing-library/jest-dom to v5.15.1 (#2620)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-11-24 09:56:18 +11:00
renovate[bot] 3c230bbcc4
build(deps): update module github.com/jmoiron/sqlx to v1.3.4 (#2619) 2021-11-23 21:00:13 +11:00
James Elliott 3695aa8140
feat(storage): primary key for all tables and general qol refactoring (#2431)
This is a massive overhaul to the SQL Storage for Authelia. It facilitates a whole heap of utility commands to help manage the database, primary keys, ensures all database requests use a context for cancellations, and paves the way for a few other PR's which improve the database.

Fixes #1337
2021-11-23 20:45:38 +11:00
renovate[bot] 884dc99083
build(deps): update module github.com/jackc/pgx/v4 to v4.14.0 (#2618)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-11-23 10:45:39 +11:00
renovate[bot] ef8b93d502
build(deps): update dependency @vitejs/plugin-react to v1.1.0 (#2617)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-11-23 10:28:13 +11:00