Commit Graph

339 Commits (48ded6a507598f24d2af8c2f2c943a5b4c75566f)

Author SHA1 Message Date
James Elliott 11543fd0bf
docs: escape handlebars (#3462) 2022-06-02 19:29:15 +10:00
James Elliott 2037a0ee4f
fix(commands): hash-password usage instructions (#3437)
This fixes the hash-password usage instructions and ensures it uses mostly a configuration source based config. In addition it updates our recommended argon2id parameters with the RFC recommendations.
2022-06-02 09:18:45 +10:00
dependabot[bot] e1d52d57e0
build(deps): bump nokogiri from 1.13.4 to 1.13.6 in /docs (#3404)
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.13.4 to 1.13.6.
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.13.4...v1.13.6)

---
updated-dependencies:
- dependency-name: nokogiri
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2022-05-20 09:28:26 +10:00
James Elliott 2800e1436c
docs: add crowdin (#3381) 2022-05-16 13:42:58 +10:00
James Elliott 28626113b7
ci: crowdin commit lint etc (#3372) 2022-05-16 10:54:31 +10:00
Zhao Xiang Lim ee7b304f66
docs: fix missing backtick in file authentication docs (#3348)
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2022-05-12 09:44:37 +10:00
James Elliott 0f9c79e80a
docs: add sql supported version info (#3334) 2022-05-10 13:41:07 +10:00
James Elliott 45df1ec7d0
docs: fix missing format char (#3318) 2022-05-07 14:24:28 +10:00
James Elliott 1060bcee06
docs: caddy integration (#3307)
This adds docs on integration with Caddy.

Closes #1241
2022-05-07 09:18:28 +10:00
Amir Zarrinkafsh dde80dda29
docs: update portainer missing scopes (#3313) 2022-05-06 23:16:08 +10:00
James Elliott 0855ea2f71
fix(server): missing cache and xss headers (#3289)
Addresses documentation and a couple of headers which were missed.
2022-05-04 14:47:23 +10:00
James Elliott c7d992f341
fix(authentication): follow ldap referrals (#3251)
This ensures we are able to follow referrals for LDAP password modify operations when permit_referrals is true.

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2022-05-02 11:51:38 +10:00
James Elliott 555746e771
refactor: exclude id from sqlite3 migration (#3242)
* refactor: exclude id from sqlite3 table recreate

* docs: add migration docs
2022-04-25 21:11:56 +10:00
dependabot[bot] 52727f9d2c
build(deps): bump nokogiri from 1.13.3 to 1.13.4 in /docs (#3168)
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.13.3 to 1.13.4.
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/v1.13.4/CHANGELOG.md)
- [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.13.3...v1.13.4)

---
updated-dependencies:
- dependency-name: nokogiri
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2022-04-19 16:33:11 +10:00
James Elliott e99fb7a08f
feat(configuration): configurable default second factor method (#3081)
This allows configuring the default second factor method.
2022-04-18 09:58:24 +10:00
Helvio Pedreschi de6d1698be
docs: update portainer ce and ee (#3202)
This adds some additional docs to Portainer docs specifically around Portainer EE.

Closes #3203

Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2022-04-16 13:35:01 +10:00
James Elliott 4710de33a4
refactor(configuration): remove ptr for duoapi and notifier (#3200)
This adds to the ongoing effort to remove all pointers to structs in the configuration without breaking backwards compatibility.
2022-04-16 09:34:26 +10:00
James Elliott 92aba8eb0b
feat(server): zxcvbn password policy server side (#3151)
This is so the zxcvbn ppolicy is checked on the server.
2022-04-15 19:30:51 +10:00
Helvio Pedreschi 71511a5c4f
docs: fix typo (#3191)
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2022-04-15 10:43:04 +10:00
James Elliott e7112bfbd6
feat(oidc): client id claims (#3150)
Adds the authorized party (azp) and client_id registered claims to ID Tokens.
2022-04-09 16:55:24 +10:00
James Elliott 66a450ed38
feat(oidc): pre-configured consent (#3118)
Allows users to pre-configure consent if enabled by the client configuration by selecting a checkbox during consent.

Closes #2598
2022-04-08 15:35:21 +10:00
James Elliott 4503ac07be
fix(web): lowercase locales are not consistent with localization platforms (#3141)
This fixes an issue with localization platforms and the docs regarding localization, and the forcing locale names to lowercase.
2022-04-08 14:53:46 +10:00
James Elliott 2da50f6128
docs: add k8s important notes (#3140)
Add some implementation notes about k8s.

Fixes #2882
2022-04-08 14:15:35 +10:00
Lorenz Schmid 5f51dcdb51
docs: fix missing backtick (#3136)
Fix formatting error introduced in #3131

Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2022-04-08 09:33:14 +10:00
James Elliott 9b6bcca1ba
feat(totp): secret customization (#2681)
Allow customizing the shared secrets size specifically for apps which don't support 256bit shared secrets.
2022-04-08 09:01:01 +10:00
Lorenz Schmid efccf77c10
docs(oidc): seafile integration example (#3131)
- Adds description and callback URL for the Seafile file server.
- Orders the entries in the two OIDC integration tables by name.
2022-04-08 07:11:43 +10:00
James Elliott ad84c8c33e
feat(oidc): opaque subject identifiers (#3129)
This is a meta commit for a feature originally implemented in 0a970aef8a documenting the change from using the username as a subject identifier to a specification compliant subject identifier in the form of RFC4122 UUID V4 subject identifiers. This is a required change in order to be compliant with the specification as per https://openid.net/specs/openid-connect-core-1_0.html#SubjectIDTypes. Relying parties which utilize the subject identifier / sub claim may need manual intervention in order to relink accounts. Users who have issues will have to consult with the documentation of their individual relying parties in order to relink accounts. Users who utilized the subject identifier as a means to provision their users are also encouraged to utilize the preferred_username claim from the profile scope.
2022-04-07 17:35:54 +10:00
James Elliott 8bb8207808
feat(oidc): pairwise subject identifiers (#3116)
Allows configuring clients with a sector identifier to allow pairwise subject types.
2022-04-07 16:13:01 +10:00
James Elliott 0a970aef8a
feat(oidc): persistent storage (#2965)
This moves the OpenID Connect storage from memory into the SQL storage, making it persistent and allowing it to be used with clustered deployments like the rest of Authelia.
2022-04-07 15:33:53 +10:00
James Elliott 06fd7105ea
refactor(templates): utilize more accurate naming (#3125) 2022-04-07 13:05:20 +10:00
James Elliott 4ebd8fdf4e
feat(oidc): provide cors config including options handlers (#3005)
This adjusts the CORS headers appropriately for OpenID Connect. This includes responding to OPTIONS requests appropriately. Currently this is only configured to operate when the Origin scheme is HTTPS; but can easily be expanded in the future to include additional Origins.
2022-04-07 10:58:51 +10:00
Clément Michaud 3ca438e3d5
feat: implement mutual tls in the web server (#3065)
Mutual TLS helps prevent untrusted clients communicating with services like Authelia. This can be utilized to reduce the attack surface.

Fixes #3041
2022-04-05 09:57:47 +10:00
James Elliott a2eb0316c8
feat(web): password reset custom url (#3111)
This allows providing a custom URL for password resets. If provided the disable_reset_password option is ignored, the password reset API is disabled, and the button provided in the UI to reset the password redirects users to the configured endpoint.

Closes #1934, Closes #2854

Co-authored-by: you1996 <youssri@flyweight.tech>
2022-04-04 17:46:55 +10:00
James Elliott aac4c4772c
feat(web): i18n asset overrides (#3040)
This allows overriding translation files in folders with lowercase RFC5646 / BCP47 Format language codes. This also fixes an issues where languages which don't expressly match the language code specified due to having a variant will also match the existing codes.

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2022-04-04 12:15:26 +10:00
Manuel Nuñez bfd5d66ed8
feat(notification): password reset notification custom templates (#2828)
Implemented a system to allow overriding email templates, including the remote IP, and sending email notifications when the password was reset successfully.

Closes #2755, Closes #2756

Co-authored-by: Manuel Nuñez <@mind-ar>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2022-04-03 22:24:51 +10:00
James Elliott 9e05066097
refactor(handlers): ppolicy (#3103)
Add tests and makes the password policy a provider so the configuration can be loaded to memory on startup.
2022-04-03 21:58:27 +10:00
James Elliott 36cf662458
refactor: misc password policy refactoring (#3102)
Add tests and makes the password policy a provider so the configuration can be loaded to memory on startup.
2022-04-03 10:48:26 +10:00
Manuel Nuñez 8659ba394d
feat(authentication): password policy (#2723)
Implement a password policy with visual feedback in the web portal.

Co-authored-by: Manuel Nuñez <@mind-ar>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2022-04-03 08:32:57 +10:00
bgh-github cd2d88f9f3
docs: add oidc details for miniflux app (#3096)
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2022-04-02 17:28:48 +11:00
James Elliott 4d7f930e74
docs: fix regex examples (#3094) 2022-04-02 16:41:16 +11:00
bgh-github ce69cb2414
docs: fix oidc applications table display (#3088) 2022-04-02 15:09:47 +11:00
James Elliott 3c1bb3ec19
feat(authorization): domain regex match with named groups (#2789)
This adds an option to match domains by regex including two special named matching groups. User matches the username of the user, and Group matches the groups a user is a member of. These are both case-insensitive and you can see examples in the docs.
2022-04-01 22:38:49 +11:00
James Elliott 0116506330
feat(oidc): implement amr claim (#2969)
This adds the amr claim which stores methods used to authenticate with Authelia by the users session.
2022-04-01 22:18:58 +11:00
James Elliott b2d35d88ec
feat(configuration): allow rfc4918 http verbs in acl (#2988)
This allows the HTTP Method verbs from RFC4918 to be used. See https://datatracker.ietf.org/doc/html/rfc4918 for more information.
2022-04-01 21:53:10 +11:00
James Elliott f65643caff
docs: fix missing single quote (#3029) 2022-03-17 16:29:43 +11:00
Alestrix d393d80aee
docs: adjust acl policy example to be possible (#3008)
An access control policy with a policy of bypass and subjects is not configurable, this addresses an example in the docs which shows this misconfiguration erroneously.

Fixes #3006
2022-03-14 23:30:47 +11:00
Dennis Gaida 1e549caf15
Small description fix for OIDC groups (#3007)
OIDC groups claim actually contains the user's groups, not the user's display name.
2022-03-14 23:26:10 +11:00
James Elliott 5af58c7df1
docs(oidc): add subject storage to storage beta (#2987) 2022-03-10 09:19:15 +11:00
James Elliott 337dd61468
docs: add docs about remember me duration (#2979)
This documents disabling remember me.
2022-03-09 13:25:11 +11:00
James Elliott 6d937cf6cc
refactor(model): rename from models (#2968) 2022-03-06 16:47:40 +11:00