3a70f6739b
feat(authentication): file password algorithms ( #3848 )
...
This adds significant enhancements to the file auth provider including multiple additional algorithms.
2022-10-17 21:51:59 +11:00
8eadf72dc7
docs: rule matching concepts ( #4154 )
...
* docs: rule matching concepts
* docs: add named regex note
* docs: adjust wording
* docs: expand match table
* docs: simplify
* docs: fix link
* docs: fix link
2022-10-16 14:11:43 +11:00
3107e493e7
refactor: adjust defaults ( #4137 )
...
* refactor: adjust defaults
* refactor: adjust level
* refactor: adjust level
* refactor: fix templates
2022-10-07 13:52:01 +11:00
dc79c8ea59
refactor: any ( #4133 )
...
* refactor: any
* refactor: fix test
2022-10-05 16:05:23 +11:00
3f39914c8f
refactor: private key decoding and generators ( #4116 )
2022-10-03 11:52:29 +11:00
c8fa19e6bd
feat(notification): add disable_starttls option ( #3855 )
...
This adds a boolean option to SMTP which disables StartTLS for SMTP servers that ignore standards.
2022-10-02 13:51:19 +11:00
6810c91d34
feat(oidc): issuer jwk certificates ( #3989 )
...
This allows for JWKs to include certificate information, either signed via Global PKI, Enterprise PKI, or self-signed.
2022-10-02 13:07:40 +11:00
66ea374227
feat(authentication): permit feature detection failures ( #4061 )
...
This adds a configuration option which permits the failure of feature detection (control type OIDs and extension OIDs).
2022-10-02 07:44:18 +11:00
ed7092c59a
feat: envoy support ( #3793 )
...
Adds support for Envoy and Istio using the X-Authelia-URL header. The documentation will be published just before the release.
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2022-10-01 21:47:09 +10:00
9c72bc8977
ci: gen github tmpl locales and commitlint ( #3759 )
...
This adds several automatic generators for Authelia docs etc.
2022-09-16 14:21:05 +10:00
2325031052
refactor: clean up uri checking functions ( #3943 )
2022-09-03 11:51:02 +10:00
84f9e0c021
fix(configuration): incorrect deprecated version ( #3935 )
2022-09-01 12:44:53 +10:00
342497a869
refactor(server): use errgroup to supervise services ( #3755 )
...
Uses the errgroup package and pattern for supervising services like servers etc.
2022-08-09 07:50:12 +10:00
2d26b4e115
refactor: fix linter directives for go 1.19 and golangci-lint 1.48.0 ( #3798 )
2022-08-07 11:24:00 +10:00
df016be29e
fix(notification): incorrect date header format ( #3684 )
...
* fix(notification): incorrect date header format
The date header in the email envelopes was incorrectly formatted missing a space between the `Date:` header and the value of this header. This also refactors the notification templates system allowing people to manually override the envelope itself.
* test: fix tests and linting issues
* fix: misc issues
* refactor: misc refactoring
* docs: add example for envelope with message id
* refactor: organize smtp notifier
* refactor: move subject interpolation
* refactor: include additional placeholders
* docs: fix missing link
* docs: gravity
* fix: rcpt to command
* refactor: remove mid
* refactor: apply suggestions
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
* refactor: include pid
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2022-07-18 10:56:09 +10:00
f115f77df8
fix(web): offline_access consent description ( #3679 )
2022-07-11 16:24:09 +10:00
03d56a31ad
refactor: address code review ( #3675 )
...
Addresses code review for #3653 .
2022-07-08 20:56:22 +10:00
290a38e424
fix(configuration): address parsing failure ( #3653 )
...
This fixes an issue with parsing address types from strings.
2022-07-05 14:43:12 +10:00
beeb9eae90
docs: fix config template lint ( #3618 )
2022-06-28 17:28:49 +10:00
f355a45ff3
fix(configuration): storage encryption_key required log grammar issue ( #3617 )
2022-06-28 17:13:47 +10:00
e1ee5a5d07
fix(configuration): missing password_reset disable key ( #3616 )
2022-06-28 16:41:30 +10:00
2b6b6ef1f0
docs: roadmap permalinks ( #3614 )
2022-06-28 13:55:50 +10:00
d2f1e5d36d
feat(configuration): automatically map old keys ( #3199 )
...
This performs automatic remapping of deprecated configuration keys in most situations.
2022-06-28 13:15:50 +10:00
e2e1d6d30b
docs: update integration guides to reference get started ( #3573 )
2022-06-22 22:58:23 +10:00
25b5c1ee2e
feat(authentication): unauthenticated ldap bind ( #3291 )
...
This allows configuring unauthenticated LDAP binding.
2022-06-17 21:03:47 +10:00
b2c60ef898
feat: major documentation refresh ( #3475 )
...
This marks the launch of the new documentation website.
2022-06-15 17:51:47 +10:00
5304178165
ci: add dedicated authelia-gen command ( #3463 )
...
Adds a dedicated authelia code/doc gen command.
2022-06-14 22:40:00 +10:00
001589cd6d
feat(metrics): implement prometheus metrics ( #3234 )
...
Adds ability to record metrics and gather them for Prometheus.
2022-06-14 17:20:13 +10:00
2037a0ee4f
fix(commands): hash-password usage instructions ( #3437 )
...
This fixes the hash-password usage instructions and ensures it uses mostly a configuration source based config. In addition it updates our recommended argon2id parameters with the RFC recommendations.
2022-06-02 09:18:45 +10:00
c7d992f341
fix(authentication): follow ldap referrals ( #3251 )
...
This ensures we are able to follow referrals for LDAP password modify operations when permit_referrals is true.
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2022-05-02 11:51:38 +10:00
e99fb7a08f
feat(configuration): configurable default second factor method ( #3081 )
...
This allows configuring the default second factor method.
2022-04-18 09:58:24 +10:00
e56690c2df
refactor(configuration): ensure all keys are validated ( #3208 )
...
This ensures keys that exist in slices are validated.
2022-04-16 20:48:07 +10:00
dc7ca6f03c
refactor: introduce config key gen ( #3206 )
...
This adjusts the validated keys to utilize a generated code section.
2022-04-16 19:00:39 +10:00
5aa25ec275
fix(configuration): missing valid keys ( #3207 )
...
This fixes an issue with three missing config keys.
2022-04-16 17:49:13 +10:00
4710de33a4
refactor(configuration): remove ptr for duoapi and notifier ( #3200 )
...
This adds to the ongoing effort to remove all pointers to structs in the configuration without breaking backwards compatibility.
2022-04-16 09:34:26 +10:00
92aba8eb0b
feat(server): zxcvbn password policy server side ( #3151 )
...
This is so the zxcvbn ppolicy is checked on the server.
2022-04-15 19:30:51 +10:00
9d5ac4526e
fix(configuration): remove unused password policy option ( #3149 )
...
Removes the min score option from the ZXCVBN policy and adds tests.
2022-04-09 09:21:49 +10:00
44bd70712c
fix(configuration): sector identifier not parsed correctly ( #3142 )
...
This fixes an issue preventing the sector identifier for OpenID Connect clients from being parsed.
2022-04-08 17:38:38 +10:00
66a450ed38
feat(oidc): pre-configured consent ( #3118 )
...
Allows users to pre-configure consent if enabled by the client configuration by selecting a checkbox during consent.
Closes #2598
2022-04-08 15:35:21 +10:00
9b6bcca1ba
feat(totp): secret customization ( #2681 )
...
Allow customizing the shared secrets size specifically for apps which don't support 256bit shared secrets.
2022-04-08 09:01:01 +10:00
8bb8207808
feat(oidc): pairwise subject identifiers ( #3116 )
...
Allows configuring clients with a sector identifier to allow pairwise subject types.
2022-04-07 16:13:01 +10:00
0a970aef8a
feat(oidc): persistent storage ( #2965 )
...
This moves the OpenID Connect storage from memory into the SQL storage, making it persistent and allowing it to be used with clustered deployments like the rest of Authelia.
2022-04-07 15:33:53 +10:00
06fd7105ea
refactor(templates): utilize more accurate naming ( #3125 )
2022-04-07 13:05:20 +10:00
4ebd8fdf4e
feat(oidc): provide cors config including options handlers ( #3005 )
...
This adjusts the CORS headers appropriately for OpenID Connect. This includes responding to OPTIONS requests appropriately. Currently this is only configured to operate when the Origin scheme is HTTPS; but can easily be expanded in the future to include additional Origins.
2022-04-07 10:58:51 +10:00
3ca438e3d5
feat: implement mutual tls in the web server ( #3065 )
...
Mutual TLS helps prevent untrusted clients communicating with services like Authelia. This can be utilized to reduce the attack surface.
Fixes #3041
2022-04-05 09:57:47 +10:00
a2eb0316c8
feat(web): password reset custom url ( #3111 )
...
This allows providing a custom URL for password resets. If provided the disable_reset_password option is ignored, the password reset API is disabled, and the button provided in the UI to reset the password redirects users to the configured endpoint.
Closes #1934 , Closes #2854
Co-authored-by: you1996 <youssri@flyweight.tech>
2022-04-04 17:46:55 +10:00
7230db7cea
refactor(configuration): decode_hooks blackbox and better testing ( #3097 )
2022-04-03 22:44:52 +10:00
bfd5d66ed8
feat(notification): password reset notification custom templates ( #2828 )
...
Implemented a system to allow overriding email templates, including the remote IP, and sending email notifications when the password was reset successfully.
Closes #2755 , Closes #2756
Co-authored-by: Manuel Nuñez <@mind-ar>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2022-04-03 22:24:51 +10:00
9e05066097
refactor(handlers): ppolicy ( #3103 )
...
Add tests and makes the password policy a provider so the configuration can be loaded to memory on startup.
2022-04-03 21:58:27 +10:00
36cf662458
refactor: misc password policy refactoring ( #3102 )
...
Add tests and makes the password policy a provider so the configuration can be loaded to memory on startup.
2022-04-03 10:48:26 +10:00
James Elliott
Manuel Nuñez
Amir Zarrinkafsh
Clément Michaud