77c3058368
build(deps): update mariadb docker tag to v10.6.0 ( #1958 )
...
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-04-29 15:59:16 +10:00
b952e9e71d
build(deps): update haproxy docker tag to v2.3.10 ( #1942 )
...
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-04-24 10:43:48 +02:00
db55325152
fix(suites): ensure k8s suite utilises the registry cache ( #1921 )
2021-04-15 12:07:19 +10:00
4318bb1e0c
build(deps): update alpine docker tag to v3.13.5 ( #1915 )
...
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-04-15 08:54:56 +10:00
d33d6c2f00
ci: add yamllint ( #1895 )
...
This change implements yamllint and adjusts all yaml files to abide by our linting setup. This excludes config.template.yml as this will be done in an alternate commit.
2021-04-11 06:51:00 +10:00
ad7808d430
build(deps): update traefik docker tag to v1.7.30 ( #1897 )
...
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-04-09 09:32:21 +10:00
771a0f362e
build(deps): update alpine docker tag to v3.13.4 ( #1877 )
...
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-04-01 12:47:51 +11:00
92da7a21de
build(deps): update haproxy docker tag to v2.3.9 ( #1873 )
...
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-03-31 13:52:05 +11:00
dbb819dfa5
build(deps): update traefik docker tag to v1.7.29 ( #1869 )
...
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-03-30 11:37:38 +11:00
5ab334dcdc
build(deps): update haproxy docker tag to v2.3.8 ( #1858 )
...
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-03-28 02:06:58 +11:00
e6929cdf3e
build(deps): update alpine docker tag to v3.13.3 ( #1853 )
...
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-03-26 11:30:30 +11:00
6d4d1d5e2f
build(deps): update traefik docker tag to v2.4.8 ( #1848 )
...
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-03-24 19:34:55 +01:00
e7c9d55c23
build(deps): update haproxy docker tag to v2.3.7 ( #1834 )
...
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-03-17 08:51:46 +11:00
e041143f87
feat(session): add redis sentinel provider ( #1768 )
...
* feat(session): add redis sentinel provider
* refactor(session): use int for ports as per go standards
* refactor(configuration): adjust tests and validation
* refactor(configuration): add err format consts
* refactor(configuration): explicitly map redis structs
* refactor(session): merge redis/redis sentinel providers
* refactor(session): add additional checks to redis providers
* feat(session): add redis cluster provider
* fix: update config for new values
* fix: provide nil certpool to affected tests/mocks
* test: add additional tests to cover uncovered code
* docs: expand explanation of host and nodes relation for redis
* ci: add redis-sentinel to suite highavailability, add redis-sentinel quorum
* fix(session): sentinel password
* test: use redis alpine library image for redis sentinel, use expose instead of ports, use redis ip, adjust redis ip range, adjust redis config
* test: make entrypoint.sh executable, fix entrypoint.sh if/elif
* test: add redis failover tests
* test: defer docker start, adjust sleep, attempt logout before login, attempt visit before login and tune timeouts, add additional logging
* test: add sentinel integration test
* test: add secondary node failure to tests, fix password usage, bump test timeout, add sleep
* feat: use sentinel failover cluster
* fix: renamed addrs to sentineladdrs upstream
* test(session): sentinel failover
* test: add redis standard back into testing
* test: move redis standalone test to traefik2
* fix/docs: apply suggestions from code review
2021-03-10 10:03:05 +11:00
073c558296
build(deps): update traefik docker tag to v2.4.7 ( #1790 )
...
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-03-09 14:18:48 +11:00
4dce8f9496
perf(authorizer): preload access control lists ( #1640 )
...
* adjust session refresh to always occur (for disabled users)
* feat: adds filtering option for Request Method in ACL's
* simplify flow of internal/authorization/authorizer.go's methods
* implement query string checking
* utilize authorizer.Object fully
* make matchers uniform
* add tests
* add missing request methods
* add frontend enhancements to handle request method
* add request method to 1FA Handler Suite
* add internal ACL representations (preparsing)
* expand on access_control next
* add docs
* remove unnecessary slice for network names and instead just use a plain string
* add warning for ineffectual bypass policy (due to subjects)
* add user/group wildcard support
* fix(authorization): allow subject rules to match anonymous users
* feat(api): add new params
* docs(api): wording adjustments
* test: add request method into testing and proxy docs
* test: add several checks and refactor schema validation for ACL
* test: add integration test for methods acl
* refactor: apply suggestions from code review
* docs(authorization): update description
2021-03-05 15:18:31 +11:00
455b859047
build(deps): update haproxy docker tag to v2.3.6 ( #1779 )
...
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-03-04 14:15:01 +11:00
92154a1193
build(deps): update traefik docker tag to v2.4.6 ( #1774 )
...
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-03-02 15:07:51 +11:00
64b01b2811
build(deps): update mariadb docker tag to v10.5.9 ( #1757 )
...
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-02-23 12:49:16 +11:00
17bf3f860b
build(deps): update osixia/openldap docker tag to v1.5.0 ( #1749 )
...
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-02-22 22:08:23 +11:00
36d02f9cf5
build(deps): update traefik docker tag to v2.4.5 ( #1742 )
...
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-02-22 16:21:43 +11:00
59b3c2cbd8
build(deps): update haproxy docker tag to v2.3.5 ( #1737 )
...
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-02-22 15:06:10 +11:00
74721a9f41
feat: go:embed static assets ( #1733 )
...
* feat: go:embed static assets
Go 1.16 introduced the ability to embed files within a generated binary directly with the go tool chain. This simplifies our dependencies and the significantly improves the development workflow for future developers.
Key points to note:
Due to the inability to embed files that do not reside within the local package we need to duplicate our `config.template.yml` within `internal/configuration`.
To avoid issues with the development workflow empty mock files have been included within `internal/server/public_html`. These are substituted with the respective generated files during the CI/CD and build workflows.
* fix(suites): increase ldap suite test timeout
* fix(server): fix swagger asset CSP
2021-02-22 10:07:06 +11:00
79b2b742a8
build(deps): update alpine docker tag to v3.13.2 ( #1728 )
...
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-02-18 10:49:39 +11:00
23f8a059fe
build(deps): update traefik docker tag to v2.4.2 ( #1685 )
...
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-02-03 09:42:29 +11:00
3d6a9dfca4
build(deps): update traefik docker tag to v2.4.1 ( #1681 )
...
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-02-02 10:35:49 +11:00
d17c7e7fc0
refactor(suites): simplify kubernetes suite ( #1680 )
...
This PR achieves the following goals:
* Utilise upstream version of kind instead of a patched version which allows binding to networks other than the default "kind"
* Utilises the registry cache which is setup one level above the kind cluster
The former point was required to successfully run our integration tests in a Kubernetes environment, however this is now possible without running a patched version of kind.
The second point is because DockerHub has introduced rate limiting for container downloads. If there are a large number of CI jobs nodes may occasionally be rejected due to the Kubernetes suite not pulling down from the registry cache.
2021-02-02 09:53:44 +11:00
006f1eb43b
build(deps): update mariadb docker tag to v10.5.8 ( #1660 )
...
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-01-31 12:22:12 +11:00
985aaaa76b
build(deps): update alpine docker tag to v3.13.1 ( #1659 )
...
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-01-31 12:06:09 +11:00
ea913d2992
build(deps): update traefik docker tag to v1.7.28 ( #1657 )
...
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-01-31 11:32:49 +11:00
ed5e9264f8
build(deps): update mariadb docker tag to v10.4.17 ( #1652 )
2021-01-31 09:28:43 +11:00
d4d781ae52
build(deps): update alpine docker tag to v3.13.1 ( #1649 )
...
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-01-31 01:04:46 +11:00
72ec9713b3
build(deps): update traefik docker tag ( #1674 )
...
* build(deps): update traefik docker tag
* fix(suites): fix traefik2 empty args for matcher PathPrefix
Co-authored-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-01-31 00:30:41 +11:00
14192e11ac
build(deps): update osixia/phpldapadmin docker tag to v0.9.0 ( #1673 )
...
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-01-30 22:52:54 +11:00
6627a54594
build(deps): update osixia/openldap docker tag to v1.4.0 ( #1672 )
...
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-01-30 22:28:05 +11:00
d8685418e8
build(deps): update alpine docker tag to v3.12.3 ( #1647 )
...
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-01-30 22:11:42 +11:00
353b65066c
[MISC] (deps): Bump golang in /internal/suites/example/compose/authelia ( #1620 )
...
Bumps golang from 1.15.6-alpine to 1.15.7-alpine.
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2021-01-21 22:14:21 +11:00
7e13d465e9
[MISC] (deps): Bump alpine in /internal/suites/example/compose/kind ( #1611 )
...
Bumps alpine from 3.12.3 to 3.13.0.
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2021-01-18 09:42:44 +11:00
8bab8d47ef
[MISC] Add CLI suite ( #1597 )
...
This change adds a new integration testing suite "CLI".
The intent of this suite is to test, validate and capture coverage for Authelia's commands via the CLI.
2021-01-16 21:25:02 +11:00
8fa76499cb
[MISC] (deps): Bump haproxy in /internal/suites/example/compose/haproxy ( #1601 )
...
Bumps haproxy from 2.3.3-alpine to 2.3.4-alpine.
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-01-15 10:45:36 +11:00
6aa0e5fa7d
[MISC] (deps): Bump haproxy in /internal/suites/example/compose/haproxy ( #1591 )
...
Bumps haproxy from 2.3.2-alpine to 2.3.3-alpine.
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-01-11 10:01:26 +11:00
ee3ce69f9f
[MISC] (deps): Bump alpine in /internal/suites/example/compose/kind ( #1548 )
...
Bumps alpine from 3.12.2 to 3.12.3.
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-12-19 14:11:31 +11:00
7c6a86882f
[MISC] Catch OpenLDAP ppolicy error ( #1508 )
...
* [MISC] Catch OpenLDAP ppolicy error
Further to the discussion over at #361 , this change now ensures that OpenLDAP password complexity errors are caught and appropriately handled.
This change also includes the PasswordComplexity test suite in the LDAP integration suite. This is because a ppolicy has been setup and enforced.
* Remove password history for integration tests
* Adjust max failures due to regulation trigger
* Fix error handling for password resets
* Refactor and include code suggestions
2020-12-16 12:30:03 +11:00
c14af472dd
[MISC] (deps): Bump alpine in /internal/suites/example/compose/kind ( #1531 )
...
Bumps alpine from 3.12.1 to 3.12.2.
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2020-12-14 09:12:55 +11:00
d7fea74177
[MISC] (deps): Bump golang in /internal/suites/example/compose/authelia ( #1512 )
...
Bumps golang from 1.15.5-alpine to 1.15.6-alpine.
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-12-07 12:47:48 +11:00
c9837568b5
[MISC] (deps): Bump haproxy in /internal/suites/example/compose/haproxy ( #1501 )
...
Bumps haproxy from 2.3.1-alpine to 2.3.2-alpine.
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-12-03 09:54:21 +11:00
aa64d0c4e5
[FEATURE] Support MSAD password reset via unicodePwd attribute ( #1460 )
...
* Added `ActiveDirectory` suite for integration tests with Samba AD
* Updated documentation
* Minor styling refactor to suites
* Clean up LDAP user provisioning
* Fix Authelia home splash to reference correct link for webmail
* Add notification message for password complexity errors
* Add password complexity integration test
* Rename implementation default from rfc to custom
* add specific defaults for LDAP (activedirectory implementation)
* add docs to show the new defaults
* add docs explaining the importance of users filter
* add tests
* update instances of LDAP implementation names to use the new consts where applicable
* made the 'custom' case in the UpdatePassword method for the implementation switch the default case instead
* update config examples due to the new defaults
* apply changes from code review
* replace schema default name from MSAD to ActiveDirectory for consistency
* fix missing default for username_attribute
* replace test raising on empty username attribute with not raising on empty
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2020-11-27 20:59:22 +11:00
495e57b46c
[DOCS] Make HAProxy regex case insensitive ( #1478 )
2020-11-24 12:35:38 +11:00
f42b1ea229
[MISC] (deps): Bump haproxy in /internal/suites/example/compose/haproxy ( #1463 )
...
Bumps haproxy from 2.3.0-alpine to 2.3.1-alpine.
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-11-16 11:49:52 +11:00
6e5b930f64
[MISC] (deps): Bump golang in /internal/suites/example/compose/authelia ( #1464 )
...
Bumps golang from 1.15.4-alpine to 1.15.5-alpine.
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-11-16 11:07:44 +11:00
renovate[bot]
Amir Zarrinkafsh
James Elliott
dependabot-preview[bot]
Timo