James Elliott
7fdcc351d4
Merge remote-tracking branch 'origin/master' into feat-settings-ui
...
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
# Conflicts:
# internal/handlers/handler_register_webauthn.go
# internal/handlers/webauthn.go
# internal/handlers/webauthn_test.go
# internal/mocks/storage.go
# internal/model/webauthn.go
# internal/storage/provider.go
# internal/storage/sql_provider.go
# web/package.json
# web/pnpm-lock.yaml
# web/src/layouts/LoginLayout.tsx
2023-04-11 21:34:45 +10:00
James Elliott
928df8a698
Merge remote-tracking branch 'origin/master' into feat-oidc-auth-mode
...
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
# Conflicts:
# internal/configuration/validator/const.go
2023-04-09 13:19:29 +10:00
James Elliott
2dcfc0b04c
feat(handlers): authz authrequest authelia url ( #5181 )
...
This adjusts the AuthRequest Authz implementation behave similarly to the other implementations in as much as Authelia can return the relevant redirection to the proxy and the proxy just utilizes it if possible. In addition it swaps the HAProxy examples over to the ForwardAuth implementation as that's now supported.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-08 14:48:55 +10:00
James Elliott
b6883a337f
Merge origin/master into feat-settings-ui
2023-03-07 10:12:49 +11:00
James Elliott
ff6be40f5e
feat(oidc): pushed authorization requests ( #4546 )
...
This implements RFC9126 OAuth 2.0 Pushed Authorization Requests. See https://datatracker.ietf.org/doc/html/rfc9126 for the specification details.
2023-03-06 14:58:50 +11:00
James Elliott
8b8d6ce417
Merge remote-tracking branch origin/master into feat-settings-ui
2023-02-28 20:07:42 +11:00
James Elliott
a345490826
feat(server): handle head method ( #5003 )
...
This implements some HEAD method handlers for various static resources and the /api/health endpoint.
2023-02-28 20:01:09 +11:00
James Elliott
e84ca4956a
refactor: sql updates
2023-02-14 23:35:15 +11:00
James Elliott
8c057f65a5
Merge remote-tracking branch 'origin/master' into feat-settings-ui
2023-02-11 21:53:34 +11:00
James Elliott
2888ee7f41
refactor(commands): services ( #4914 )
...
Misc refactoring of the services logic to simplify the
2023-02-11 21:45:26 +11:00
James Elliott
d7be1c1359
refactor: reduce complexity
2023-02-01 22:10:38 +11:00
James Elliott
3af20a7daf
build(deps): use @simplewebauthn/browser
2023-01-30 16:37:53 +11:00
James Elliott
7d17c39c52
Merge origin/master into feat-settings-ui
2023-01-25 22:11:41 +11:00
James Elliott
65705a646d
feat(server): customizable authz endpoints ( #4296 )
...
This allows users to customize the authz endpoints.
Closes #2753 , Fixes #3716
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2023-01-25 20:36:40 +11:00
James Elliott
bd279900ca
Merge remote-tracking branch 'origin/master' into feat-settings-ui
2023-01-20 17:56:06 +11:00
James Elliott
cf4010b4fb
fix(oidc): csp blocks form_post response form submit ( #4719 )
...
This fixes an issue where the form_post response never gets submitted.
Fixes #4669
2023-01-08 07:04:06 +11:00
James Elliott
49d421e910
Merge remote-tracking branch 'origin/master' into feat-settings-ui
...
# Conflicts:
# api/openapi.yml
# web/src/views/DeviceRegistration/RegisterWebauthn.tsx
# web/src/views/LoginPortal/SecondFactor/WebauthnMethod.tsx
2023-01-07 11:50:19 +11:00
James Elliott
1c3219e93f
perf(server): cached openapi document ( #4674 )
...
This should lead to a small performance gain by caching the openapi.yml with etags as well as eliminating the use of nonce crypto generation when not required.
2023-01-03 14:49:02 +11:00
James Elliott
917ac89e38
refactor: 2fa api
2023-01-01 22:16:28 +11:00
James Elliott
dd781ffc51
refactor: adjust settings components
2022-12-31 18:27:43 +11:00
James Elliott
4a2fd3dea7
Merge remote-tracking branch 'origin/master' into feat-settings-ui
2022-12-23 16:08:47 +11:00
James Elliott
3ba2eae20e
fix(server): verify endpoint 405ing non-get/head reqs ( #4607 )
...
Fixes an issue specific to envoy that prevents the verify endpoint working with requests not using the GET or HEAD methods.
2022-12-21 18:47:20 +11:00
James Elliott
a186dca3bf
Merge remote-tracking branch 'origin/master' into feat-settings-ui
...
# Conflicts:
# api/openapi.yml
2022-12-17 15:47:34 +11:00
James Elliott
d13247ce43
refactor(server): simplify templating and url derivation ( #4547 )
...
This refactors a few areas of the server templating and related functions.
2022-12-17 11:49:05 +11:00
Stephen Kent
2584e3d328
feat: move webauthn device enrollment flow to new settings ui ( #4376 )
...
The current 2-factor authentication method registration flow requires
email verification for both initial 2FA registration, and 2FA
re-registration even if the user is already logged in with 2FA.
This change removes email ID verification for users who are already
logged in with 2-factor authentication. Users who have only completed
first factor authentication (password) are still required to complete
email ID verification.
2022-11-19 16:48:47 +11:00
James Elliott
1a1b85489c
feat: settings ui device details ( #4369 )
...
This adds details to the settings ui.
2022-11-14 13:19:18 +11:00
James Elliott
9b66bb4fe2
Merge remote-tracking branch 'origin/master' into feat-settings-ui
...
# Conflicts:
# internal/model/webauthn.go
2022-11-13 09:19:22 +11:00
Clément Michaud
a69ba22f46
feat: implement a ui for supporting multiple u2f devices
2022-10-30 09:52:49 +01:00
James Elliott
a283fda6d6
fix(oidc): handle authorization post requests ( #4270 )
...
This fixes an issue where the authorization endpoint was not handling post requests as per the specification. It also fixes the missing CORS middleware on the authorization endpoint.
2022-10-26 19:14:43 +11:00
James Elliott
3aaca0604f
feat(oidc): implicit consent ( #4080 )
...
This adds multiple consent modes to OpenID Connect clients. Specifically it allows configuration of a new consent mode called implicit which never asks for user consent.
2022-10-20 13:16:36 +11:00
James Elliott
ed7092c59a
feat: envoy support ( #3793 )
...
Adds support for Envoy and Istio using the X-Authelia-URL header. The documentation will be published just before the release.
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2022-10-01 21:47:09 +10:00
James Elliott
15110b732a
fix(server): i18n etags missing ( #3973 )
...
This fixes missing etags from locales assets.
2022-09-16 11:19:16 +10:00
James Elliott
d2f1e5d36d
feat(configuration): automatically map old keys ( #3199 )
...
This performs automatic remapping of deprecated configuration keys in most situations.
2022-06-28 13:15:50 +10:00
James Elliott
001589cd6d
feat(metrics): implement prometheus metrics ( #3234 )
...
Adds ability to record metrics and gather them for Prometheus.
2022-06-14 17:20:13 +10:00
James Elliott
5e3a1fd863
fix(server): handled errors not logged correctly ( #3507 )
...
This fixes an issue where errors handled by the ErrorHandler were not correctly logged. It also ensures the errors are logged with fields to make them easy to diagnose.
Fixes #3506
2022-06-12 09:26:28 +10:00
James Elliott
a50d425863
refactor(middlewares): convert the bridge to a builder ( #3338 )
...
This adjusts the bridge to be utilized as a builder in order to make it more reusable.
2022-06-10 11:34:43 +10:00
James Elliott
0855ea2f71
fix(server): missing cache and xss headers ( #3289 )
...
Addresses documentation and a couple of headers which were missed.
2022-05-04 14:47:23 +10:00
James Elliott
556a115c83
fix(server): missing modern security headers ( #3288 )
...
This fixes an issue with missing modern security headers such as the X-Content-Type-Options, Referer-Policy, etc.
2022-05-03 12:19:30 +10:00
James Elliott
4710de33a4
refactor(configuration): remove ptr for duoapi and notifier ( #3200 )
...
This adds to the ongoing effort to remove all pointers to structs in the configuration without breaking backwards compatibility.
2022-04-16 09:34:26 +10:00
James Elliott
4503ac07be
fix(web): lowercase locales are not consistent with localization platforms ( #3141 )
...
This fixes an issue with localization platforms and the docs regarding localization, and the forcing locale names to lowercase.
2022-04-08 14:53:46 +10:00
James Elliott
ce6bf74c8d
fix(server): incorrect remote ip logged in error handler ( #3139 )
...
This fixes edge cases where the remote IP was not correctly logged. Generally this is not an issue as most errors do not hit this handler, but in instances where a transport error occurs this is important.
2022-04-08 14:13:47 +10:00
James Elliott
4ebd8fdf4e
feat(oidc): provide cors config including options handlers ( #3005 )
...
This adjusts the CORS headers appropriately for OpenID Connect. This includes responding to OPTIONS requests appropriately. Currently this is only configured to operate when the Origin scheme is HTTPS; but can easily be expanded in the future to include additional Origins.
2022-04-07 10:58:51 +10:00