When no rule is set to two_factor in ACL configuration, 2FA is
considered disabled. Therefore, when a user cannot be redirected
correctly because no target URL is provided or the URL is unsafe,
the user is either redirected to the default URL or to the
'already authenticated' view instead of the second factor view.
Fixes#683
* Redirect to default URL after 1FA when default policy is one_factor.
User is now redirected to the default redirection URL after 1FA if
the default policy is set to one_factor and there is no target URL
or if the target URL is unsafe.
Also, if the default policy is set to one_factor and the user is already
authenticated, if she visits the login portal, the 'already authenticated'
view is displayed with a logout button.
This fixes#581.
* Update users.yml
* Fix permissions issue causing suite test failure
* Encode URL set to rd parameter.
URL encoding that parameter solves PR #476.
Some URL parameters set during redirection were magically disappearing
after the redirection due to the authentication process. By using URL encoding,
those parameters should not be stripped anymore.
* Fix integration tests.
* Build docker image upfront in CI and use it in integration tests.
Previously, the development workflow was broken because the container
generated from Dockerfile.CI was used in dev environments but the binary
was not pre-built as it is on buildkite. I propose to just remove that
image and use the "to be published" image instead in integration tests.
This will have several advantages:
- Fix the dev workflow.
- Remove CI arch from authelia-scripts build command
- Optimize CI time in buildkite since we'll cache a way small artifact
- We don't build authelia more than once for earch arch.
* Fix suites and only build ARM images on master or tagged commits
* Optimise pipeline dependencies and Kubernetes suite to utilise cache
* Run unit tests and docker image build in parallel.
* Fix suite trying to write on read only fs.
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
Providing a GA tracking ID allows administrators to analyze
how the portal is used by their users in large environments,
i.e., with many users.
This will make even more sense when we have users and admins
management interfaces.
When a user use Authelia for the first time no device is enrolled in DB.
Now we test that the user does see the "not registered" message when
no device is enrolled and see the standard 2FA method when a device is
already enrolled.
A message is now displayed to the user when he first sign in
in Authelia letting him know that a device must be enrolled.
Also introduce a message letting him know when he is already
authenticated.
dependabot-preview[bot]
dependabot[bot]
Amir Zarrinkafsh
Clément Michaud
James Elliott