Commit Graph

3362 Commits (58548701aead2aaff85b086908c46dbdca3cb107)

Author SHA1 Message Date
Amir Zarrinkafsh bd6a8e3ea2
feat: hardened authelia binaries (#2410)
* feat: hardened authelia binaries

This change ensures that all Authelia binaries which are compiled and distributed are hardened with the following standards:

* RELRO
* Stack canary
* NX
* PIE/ASLR
* Stripped RPATH AND RUNPATH
* Stripped Symbols
* Fortify

The musl variants currently [do not support Fortify](https://wiki.musl-libc.org/future-ideas.html#Fortify).

* refactor: docker pull for authelia/crossbuild in background
2021-09-26 12:08:47 +10:00
renovate[bot] bbd85bd558
build(deps): update dependency @types/react-router-dom to v5.3.0 (#2408)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-09-22 14:11:07 +10:00
renovate[bot] 958829f2f5
build(deps): update dependency @types/react to v17.0.24 (#2407)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-09-22 13:58:04 +10:00
contrun 64e7f80d41
docs: update traefik forwardauth link 2021-09-22 13:38:02 +10:00
dependabot[bot] e5ffd8dae9
build(deps): bump tmpl from 1.0.4 to 1.0.5 in /web (#2405)
Bumps [tmpl](https://github.com/daaku/nodejs-tmpl) from 1.0.4 to 1.0.5.
- [Release notes](https://github.com/daaku/nodejs-tmpl/releases)
- [Commits](https://github.com/daaku/nodejs-tmpl/commits/v1.0.5)

---
updated-dependencies:
- dependency-name: tmpl
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-09-22 13:32:42 +10:00
renovate[bot] 0f3bddb15a
build(deps): update module github.com/fasthttp/session/v2 to v2.4.3 (#2402)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-09-22 09:56:35 +10:00
renovate[bot] 6343f70f01
build(deps): update traefik docker tag to v2.5.3 (#2401)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-09-21 10:40:22 +10:00
renovate[bot] fac597cb2f
build(deps): update dependency @types/react to v17.0.22 (#2399)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-09-20 20:18:08 +10:00
Amir Zarrinkafsh 7ab6175cf4
ci(buildkite): fix post-manifest tag cleanup (#2395) 2021-09-18 18:09:19 +10:00
Amir Zarrinkafsh cb0b9a09ab
ci(buildkite): improve logging for post-manifest tag cleanup (#2394) 2021-09-18 15:48:23 +10:00
Amir Zarrinkafsh 7bb878ffff
ci(buildkite): fix ghcr tag cleanup (#2390)
* ci(buildkite): fix ghcr tag cleanup

* ci(buildkite): do not remove empty tags
2021-09-18 00:15:43 +10:00
Amir Zarrinkafsh 57a35abd3b
ci(buildkite): fix index update post release (#2388) 2021-09-17 20:59:41 +10:00
Amir Zarrinkafsh 26aa806e9c
release: v4.31.0 (#2387) 2021-09-17 20:08:15 +10:00
James Elliott aed9099ce2
refactor: factorize startup checks (#2386)
* refactor: factorize startup checks

* refactor: address linting issues
2021-09-17 19:53:59 +10:00
allcontributors[bot] 8e4dc91b81
docs: add you1996 as a contributor for code (#2385)
* docs: update README.md

* docs: update .all-contributorsrc
2021-09-17 15:56:18 +10:00
Clément Michaud 92d328926d
refactor(handlers): lower case error messages (#2289)
* refactor(handlers): lower case error messages

also refactor verifyAuth function to detect malicious activity both with session
cookie and authorization header.

* refacto(handlers): simplify error construction

* fix(handlers): check prefix in authorization header to determine auth method

* fix(handlers): determining the method should be done with headers instead of query arg

* refacto(handlers): rollback changes of verifyAuth

* don't lowercase log messages

* Apply suggestions from code review

Make sure logger errors are not lowercased.

* fix: uppercase logger errors and remove unused param

* Do not lowercase logger errors
* Remove unused param targetURL
* Rename url variable to not conflict with imported package

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-09-17 15:53:40 +10:00
yossbg 05406cfc7b
feat(ntp): check clock sync on startup (#2251)
This adds method to validate the system clock is synchronized on startup. Configuration allows adjusting the server address, enabled state, desync limit, and if the error is fatal.

Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2021-09-17 14:44:35 +10:00
Amir Zarrinkafsh fad6317bb5
ci(buildkite): remove test concurrency step (#2384)
* ci(buildkite): remove test concurrency step

* fix: remove concurrency_group from integration test steps
2021-09-17 11:09:38 +10:00
Amir Zarrinkafsh 57705be468
refactor: use authelia/debpackager:latest manifest (#2383) 2021-09-17 10:08:57 +10:00
Amir Zarrinkafsh 92ec00d7c5
feat: builds with gox and buildx (#2381)
* feat: builds with gox and buildx

This change builds all of Authelia respective binaries in parallel within a single step and distributes as necessary to subsequent steps, we now also build and distribute for the following OS/Architecture: freebsd/amd64.

Our CI/CD pipeline now also utilises docker buildx as a default for builds and pushes.

* refactor: clean up docker helper

* Remove `authelia-scripts docker push-image` command as all pushes will be performed with buildx and manifests
* Rename the --arch flag to --container
* Add Dockerfile.dev for users that want to build an Authelia container from source without utilising suites
* Set Dockerfile.dev as default for `authelia-scripts docker build` command

* refactor: variant -> container
2021-09-16 22:39:18 +10:00
renovate[bot] e1ca24344a
build(deps): update dependency prettier to v2.4.1 (#2382)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-09-16 19:59:26 +10:00
Amir Zarrinkafsh 11032bdf93
fix(server): remove obselete memory check warning (#2380)
Given the fact that many Linux OSes are defaulting to CGroups v2 and also Authelia changing the default memory config for argon2id this warning is now obselete.
2021-09-16 12:26:34 +10:00
Alex Gustafsson a88c5588e8
feat: add config flag to hash-password tool (#2047)
This change implements a --config flag for the hash-password which parses the config and validates it just as it would at run-time. The values specified in the config replace those specified as parameters.

* feat(cmd): add config flag to hash-password tool
* fix(cmd): fix linting issue

Closes: #1709.
2021-09-16 10:20:42 +10:00
renovate[bot] 69f37d4161
build(deps): update dependency @types/react to v17.0.21 (#2379)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-09-15 12:01:25 +10:00
renovate[bot] 746e429a14
build(deps): update module github.com/mitchellh/mapstructure to v1.4.2 (#2378)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-09-15 11:43:33 +10:00
renovate[bot] 8e155328b4
build(deps): update dependency @types/react-router-dom to v5.1.9 (#2377)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-09-15 11:24:41 +10:00
Amir Zarrinkafsh 4e94d264dd
ci(buildkite): force module index update on tagged release (#2376) 2021-09-14 20:29:23 +10:00
Amir Zarrinkafsh 7f22db10d8
release: v4.30.5 (#2375) 2021-09-14 17:57:16 +10:00
Amir Zarrinkafsh 719447b719
build(deps): update swagger-ui to v3.52.2 (#2374) 2021-09-14 16:17:13 +10:00
Amir Zarrinkafsh 1c6ea4b061
build(deps): update module modernc.org/sqlite to v1.13.0 (#2373)
This update provides support for freebsd/amd64 on the sqlite driver.
2021-09-14 15:56:50 +10:00
renovate[bot] dd8199d127
build(deps): update dependency eslint-import-resolver-typescript to v2.5.0 (#2370)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-09-14 08:35:53 +10:00
Amir Zarrinkafsh e4d1efacaa
ci(buildkite): update to authelia/debpackager (#2362) 2021-09-13 18:46:53 +10:00
Amir Zarrinkafsh 4b3e7ac724
build(deps): update swagger-ui to v3.52.1 (#2367) 2021-09-13 18:33:51 +10:00
renovate[bot] 763938a0b7
build(deps): update dependency @testing-library/react to v12.1.0 (#2368) 2021-09-11 22:47:28 +10:00
renovate[bot] a091b341da
build(deps): update dependency @craco/craco to v6.3.0 (#2366)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-09-11 16:00:13 +10:00
renovate[bot] 9cff1bb133
build(deps): update dependency typescript to v4.4.3 (#2364) 2021-09-11 11:46:23 +10:00
renovate[bot] 36c2730e3a
build(deps): update module github.com/fasthttp/router to v1.4.3 (#2361)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-09-10 21:32:28 +10:00
renovate[bot] fd0f9b3116
build(deps): update module github.com/knadh/koanf to v1.2.3 (#2360)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-09-10 21:15:08 +10:00
renovate[bot] 8cda5ef003
build(deps): update golang docker tag to v1.17.1 (#2359)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-09-10 09:30:52 +10:00
renovate[bot] d61826cc60
build(deps): update module github.com/valyala/fasthttp to v1.30.0 (#2358)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-09-10 08:53:52 +10:00
renovate[bot] b770939983
build(deps): update dependency prettier to v2.4.0 (#2357)
* build(deps): update dependency prettier to v2.4.0

* fix(web): jsxbracketsameline -> bracketsameline

Prettier 2.4 has renamed the jsxBracketSameLine option to bracketSameLine.

Co-authored-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-09-10 08:27:50 +10:00
renovate[bot] dca3ba0cfb
build(deps): pin dependency husky to 7.0.2 (#2356)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-09-09 13:44:43 +10:00
renovate[bot] dedd44ea0d
build(deps): pin dependencies (#2355)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-09-09 13:30:00 +10:00
James Elliott 2f03b02fc9
fix(session): handle redis logging properly (#2350)
This catches redis logs and displays them via our logging utility.
2021-09-09 13:08:21 +10:00
James Elliott f1b2b4d79e
docs(oidc): remove invalid footnote (#2354)
Removes the footnote from beta2.
2021-09-09 12:24:47 +10:00
Amir Zarrinkafsh cc765115b2
ci: add husky with pre-commit and commit-msg hooks (#2352)
* ci: add husky with pre-commit and commit-msg hooks

This change includes two new hooks as part of our GitHub workflow with husky:

* `pre-commit`: Performs linting with golangci-lint and eslint/prettier
* `commit-msg`: Ensures that the commit messages conform to our guidelines and will error and provide context to a user when they do not.

The `prepare` command which has been included is executed each time a `yarn install` is executed.

* ci: extend @commitlint/config-conventional configuration

* fix: lint all dot js files
2021-09-09 12:22:11 +10:00
renovate[bot] 4da10f9cea
build(deps): update haproxy docker tag to v2.4.4 (#2351)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-09-08 09:52:49 +10:00
renovate[bot] b6cc98b5cb
build(deps): update dependency axios to v0.21.4 (#2347)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-09-07 10:44:49 +10:00
Amir Zarrinkafsh 84f370aa68
fix(suites): prevent dev workflow overriding .healthcheck.env (#2345) 2021-09-06 20:51:58 +10:00
renovate[bot] 612f6d5674
build(deps): update dependency @types/react to v17.0.20 (#2344)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-09-05 20:17:18 +10:00