Commit Graph

191 Commits (4bed5d2461237c3b727463a1b2f579370d8957c5)

Author SHA1 Message Date
James Elliott 7d17c39c52
Merge origin/master into feat-settings-ui 2023-01-25 22:11:41 +11:00
James Elliott 65705a646d
feat(server): customizable authz endpoints (#4296)
This allows users to customize the authz endpoints.

Closes #2753, Fixes #3716

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2023-01-25 20:36:40 +11:00
James Elliott bd279900ca
Merge remote-tracking branch 'origin/master' into feat-settings-ui 2023-01-20 17:56:06 +11:00
Manuel Nuñez 8b29cf7ee8
feat(session): multiple session cookie domains (#3754)
This adds support to configure multiple session cookie domains.

Closes #1198

Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2023-01-12 21:57:44 +11:00
James Elliott cf4010b4fb
fix(oidc): csp blocks form_post response form submit (#4719)
This fixes an issue where the form_post response never gets submitted.

Fixes #4669
2023-01-08 07:04:06 +11:00
renovate[bot] 3d6c67fa33
build(deps): update module github.com/go-webauthn/webauthn to v0.6.0 (#4646)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-01-07 14:21:27 +11:00
James Elliott 49d421e910
Merge remote-tracking branch 'origin/master' into feat-settings-ui
# Conflicts:
#	api/openapi.yml
#	web/src/views/DeviceRegistration/RegisterWebauthn.tsx
#	web/src/views/LoginPortal/SecondFactor/WebauthnMethod.tsx
2023-01-07 11:50:19 +11:00
Manuel Nuñez 2ab50c7f61
test(handlers): add additional coverage (#4698)
* test(handlers): handler_checks_safe_redirection

* test(handlers): password_policy

* test(handlers): health

Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-01-05 09:37:43 +11:00
James Elliott adaf069eab
feat(oidc): per-client pkce enforcement policy (#4692)
This implements a per-client PKCE enforcement policy with the ability to enforce that it's used, and the specific challenge mode.
2023-01-04 02:03:23 +11:00
James Elliott dd781ffc51
refactor: adjust settings components 2022-12-31 18:27:43 +11:00
James Elliott f2ee86472d
revert: 2fa skip 2022-12-30 23:51:52 +11:00
James Elliott 0e2770e72d
Merge remote-tracking branch 'origin/master' into feat-settings-ui 2022-12-27 20:05:02 +11:00
James Elliott f685f247cf
feat(notification): important events notifications (#4644)
This adds important event notifications.
2022-12-27 19:59:08 +11:00
James Elliott a771cc6c2b
fix(notification): missing display name (#4653) 2022-12-27 10:54:58 +11:00
James Elliott 4a2fd3dea7
Merge remote-tracking branch 'origin/master' into feat-settings-ui 2022-12-23 16:08:47 +11:00
James Elliott 0bb657e11c
refactor(notifier): utilize smtp lib (#4403)
This drops a whole heap of code we were maintaining in favor of a SMTP library.

Closes #2678
2022-12-23 16:06:49 +11:00
James Elliott d67554ab88
feat(authentication): ldap time replacements (#4483)
This adds and utilizes several time replacements for both specialized LDAP implementations.

Closes #1964, Closes #1284
2022-12-21 21:31:21 +11:00
James Elliott 728902335b
refactor: const int type stringers (#4588) 2022-12-17 23:39:24 +11:00
James Elliott a186dca3bf
Merge remote-tracking branch 'origin/master' into feat-settings-ui
# Conflicts:
#	api/openapi.yml
2022-12-17 15:47:34 +11:00
James Elliott d13247ce43
refactor(server): simplify templating and url derivation (#4547)
This refactors a few areas of the server templating and related functions.
2022-12-17 11:49:05 +11:00
James Elliott 67381b1318
fix: no webauthn devices doesn't display correctly (#4537)
* fix: no webauthn devices doesn't display correctly

* refactor: factorize
2022-12-12 12:21:27 +11:00
James Elliott 5d1b840e2b
refactor: merge master and fix missing rebinds (#4404)
* build(deps): update module github.com/jackc/pgx/v5 to v5.1.0 (#4365)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* docs: add smkent as a contributor for code, design, and ideas (#4367)

* update README.md

* update .all-contributorsrc

Co-authored-by: allcontributors[bot] <46447321+allcontributors[bot]@users.noreply.github.com>

* build(deps): update module github.com/ory/fosite to v0.43.0 (#4269)

This updates fosite and refactors our usage out of compose.

* refactor(cmd): restrict bootstrap pnpm tasks to dev environment (#4370)

* build(deps): update alpine docker tag to v3.16.3 (#4362)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* build(deps): update module github.com/ory/x to v0.0.514 (#4368)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* refactor: sql formatting (#4371)

* refactor: sql spacing

* refactor editor config

* docs: clarify cloudflare docs (#4373)

* build(deps): update dependency @types/react-dom to v18.0.9 (#4379)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* build(deps): update typescript-eslint monorepo to v5.43.0 (#4380)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* build(deps): update dependency @types/jest to v29.2.3 (#4381)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* build(deps): update dependency esbuild to v0.15.14 (#4383)

* build(deps): update material-ui monorepo to v5.10.14 (#4385)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* build(deps): update dependency vite to v3.2.4 (#4386)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* build(deps): update font awesome to v6.2.1 (#4389)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* build(deps): update dependency typescript to v4.9.3 (#4390)

* docs: adjust issue templates (#4391)

* docs: adjust issue templates

* docs: adjust wording

* build(deps): update dependency jest-watch-typeahead to v2.2.1 (#4392)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* build(deps): update dependency i18next to v22.0.6 (#4395)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* build(deps): update github.com/duosecurity/duo_api_golang digest to 091daa0 (#4396)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* build(deps): update traefik docker tag to v2.9.5 (#4398)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* build(deps): update module github.com/jackc/pgx/v5 to v5.1.1 (#4400)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* build(deps): update mariadb docker tag to v10.10.2 (#4399)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* build(deps): update dependency eslint-plugin-react to v7.31.11 (#4401)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* build(deps): update dependency eslint to v8.28.0 (#4402)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* fix(storage): schema inconsistency (#4262)

* fix: missing pg rebinds

* fix: refactoring issues

* fix: refactoring issues

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: allcontributors[bot] <46447321+allcontributors[bot]@users.noreply.github.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2022-11-19 17:42:03 +11:00
Stephen Kent 2584e3d328
feat: move webauthn device enrollment flow to new settings ui (#4376)
The current 2-factor authentication method registration flow requires
email verification for both initial 2FA registration, and 2FA
re-registration even if the user is already logged in with 2FA.

This change removes email ID verification for users who are already
logged in with 2-factor authentication. Users who have only completed
first factor authentication (password) are still required to complete
email ID verification.
2022-11-19 16:48:47 +11:00
Stephen Kent 92b3a5804b
feat: provide webauthn device description from frontend on registration (#4363) 2022-11-13 18:59:21 +11:00
James Elliott ad68f33aeb
build(deps): update module github.com/ory/fosite to v0.43.0 (#4269)
This updates fosite and refactors our usage out of compose.
2022-11-13 14:26:10 +11:00
James Elliott 9b66bb4fe2
Merge remote-tracking branch 'origin/master' into feat-settings-ui
# Conflicts:
#	internal/model/webauthn.go
2022-11-13 09:19:22 +11:00
James Elliott 5a23df4544
refactor: uuid parse bytes (#4311)
Use ParseBytes instead since it supports a byte encoded string.
2022-11-01 10:31:13 +11:00
Clément Michaud a69ba22f46 feat: implement a ui for supporting multiple u2f devices 2022-10-30 09:52:49 +01:00
James Elliott a283fda6d6
fix(oidc): handle authorization post requests (#4270)
This fixes an issue where the authorization endpoint was not handling post requests as per the specification. It also fixes the missing CORS middleware on the authorization endpoint.
2022-10-26 19:14:43 +11:00
James Elliott 3aaca0604f
feat(oidc): implicit consent (#4080)
This adds multiple consent modes to OpenID Connect clients. Specifically it allows configuration of a new consent mode called implicit which never asks for user consent.
2022-10-20 13:16:36 +11:00
James Elliott 3a70f6739b
feat(authentication): file password algorithms (#3848)
This adds significant enhancements to the file auth provider including multiple additional algorithms.
2022-10-17 21:51:59 +11:00
James Elliott dc79c8ea59
refactor: any (#4133)
* refactor: any

* refactor: fix test
2022-10-05 16:05:23 +11:00
James Elliott 6810c91d34
feat(oidc): issuer jwk certificates (#3989)
This allows for JWKs to include certificate information, either signed via Global PKI, Enterprise PKI, or self-signed.
2022-10-02 13:07:40 +11:00
James Elliott ed7092c59a
feat: envoy support (#3793)
Adds support for Envoy and Istio using the X-Authelia-URL header. The documentation will be published just before the release.

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2022-10-01 21:47:09 +10:00
James Elliott 8cdf4a5624
fix(authorization): regex subj doesn't redirect anon user (#4037)
This fixes an issue with the authorization policies where if the Domain Regex or Resources criteria would incorrectly return 403 Forbidden statuses instead of 302 Found statuses.

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2022-09-26 14:33:08 +10:00
Manuel Nuñez ca85992ac6
fix(handlers): verify handler (#3956)
When an anonymous user tries to access a forbidden resource with no subject, we should response with 403.

Fixes #3084
2022-09-05 08:21:30 +10:00
James Elliott 2325031052
refactor: clean up uri checking functions (#3943) 2022-09-03 11:51:02 +10:00
James Elliott 319a8cf9d4
fix(notification): text emails not encoded properly (#3854)
This fixes an issue where the plain text portion of emails is not encoded with quoted printable encoding.
2022-08-27 07:39:20 +10:00
James Elliott 9c00104cb2
fix(utils): domain suffix improperly checked (#3799) 2022-08-07 21:13:56 +10:00
Amir Zarrinkafsh 2d26b4e115
refactor: fix linter directives for go 1.19 and golangci-lint 1.48.0 (#3798) 2022-08-07 11:24:00 +10:00
James Elliott b2cbcf3913
fix(handlers): consent session prevents standard flow (#3668)
This fixes an issue where consent sessions prevent the standard workflow.
2022-07-26 15:43:39 +10:00
James Elliott df016be29e
fix(notification): incorrect date header format (#3684)
* fix(notification): incorrect date header format

The date header in the email envelopes was incorrectly formatted missing a space between the `Date:` header and the value of this header. This also refactors the notification templates system allowing people to manually override the envelope itself.

* test: fix tests and linting issues

* fix: misc issues

* refactor: misc refactoring

* docs: add example for envelope with message id

* refactor: organize smtp notifier

* refactor: move subject interpolation

* refactor: include additional placeholders

* docs: fix missing link

* docs: gravity

* fix: rcpt to command

* refactor: remove mid

* refactor: apply suggestions

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>

* refactor: include pid

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2022-07-18 10:56:09 +10:00
James Elliott f115f77df8
fix(web): offline_access consent description (#3679) 2022-07-11 16:24:09 +10:00
James Elliott ce779b2533
refactor(middlewares): factorize responses (#3628) 2022-07-08 22:18:52 +10:00
James Elliott 24f5caed97
refactor: factorize verify handler (#3662)
This factorizes a few sections of the /api/verify handler and improves both the code flow and error output of the section of code.
2022-07-08 12:32:43 +10:00
Manuel Nuñez da012ab2d6
fix(handlers): fix redirect with timed out sessions on rules with bypass policy (#3599)
This change replaced a returned error with a warning when the idle timeout was exceeded.

Fixes #3587
2022-07-05 09:58:35 +10:00
James Elliott d9c7cd6564
fix(model): potential panic (#3538)
This fixes a potential panic in the conversion from a fosite.Requester to an *OAuth2Session object.
2022-06-17 22:25:14 +10:00
James Elliott b2c60ef898
feat: major documentation refresh (#3475)
This marks the launch of the new documentation website.
2022-06-15 17:51:47 +10:00
James Elliott 001589cd6d
feat(metrics): implement prometheus metrics (#3234)
Adds ability to record metrics and gather them for Prometheus.
2022-06-14 17:20:13 +10:00
James Elliott 607bbcc324
fix(handler): oidc two factor handling (#3512) 2022-06-14 15:17:11 +10:00