Commit Graph

134 Commits (5bdd26f6c4085aff15664d72d152a162be36f4b8)

Author SHA1 Message Date
alexw1982 adf6b7878d
[DOCS] Add fail2ban security measures (#1344)
* Update measures.md

Closes #1176.
2020-09-30 11:40:26 +10:00
dependabot-preview[bot] 3f65547e3b
[MISC] (deps-dev): Bump github-pages from 207 to 208 in /docs (#1345)
Bumps [github-pages](https://github.com/github/pages-gem) from 207 to 208.
- [Release notes](https://github.com/github/pages-gem/releases)
- [Commits](https://github.com/github/pages-gem/compare/v207...v208)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-09-29 12:22:36 +10:00
thehedgefrog 86ecc03640
Updated secrets.md with a functional DaemonSet (#1287)
* Updated secrets.md with a functional DaemonSet

* changed TCP socket for API endpoints
2020-09-25 09:48:24 +10:00
Amir Zarrinkafsh 607f829431
[DOCS] Clean HAProxy examples (#1338)
Remove headers that are not required and fix a typo.
2020-09-23 17:29:46 +10:00
Amir Zarrinkafsh 5b98b4d090
[BUGFIX] Fix HAProxy redirects (#1333)
Including updates to docs examples.
2020-09-23 09:06:26 +10:00
Amir Zarrinkafsh 8d68886b5b
[DOCS] Fix default layout (#1329) 2020-09-19 00:58:41 +10:00
dependabot-preview[bot] 35a7e954a2
[MISC] (deps): Bump just-the-docs from 0.3.1 to 0.3.2 in /docs (#1320)
Bumps [just-the-docs](https://github.com/pmarsceill/just-the-docs) from 0.3.1 to 0.3.2.
- [Release notes](https://github.com/pmarsceill/just-the-docs/releases)
- [Commits](https://github.com/pmarsceill/just-the-docs/compare/v0.3.1...v0.3.2)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-09-19 00:34:08 +10:00
Amir Zarrinkafsh 771c220d38
[FEATURE] Support updated haproxy-auth-request (#1310)
* [FEATURE] Support updated haproxy-auth-request
This version removes the dependency of lua-socket which seemed to result in many unsupported and broken BSD/Pfsense deployments.

* Fix docs indentation

* Add haproxy-lua-http to TLS enabled configuration
2020-09-10 10:52:57 +10:00
James Elliott a92b0bff1d
[FEATURE] Plain Text Email Notifications (#1238)
* add a plain text email template
* use plain text email template for file based emails
* add config option to SMTP emails named disable_html_emails
  * config option is a boolean that when set to true will only send plain text emails
* add docs for more complex SMTP notifier options
* update template
* add rfc1341 multipart logic to notifier
* check for errors after identity_verification

* * fix nil ptr
* go mod tidy
* remove needless checks

* * use multipart/atlernative instead

* * add rfc5322 compliant date header

* * fix linting issues
2020-08-21 12:16:23 +10:00
Chris Smith c70255f9ef
[DOCS] Add FAQ for Kubernetes deployment (#1252)
* Add note to Kubernetes page about potential OOM

See #1234
2020-08-14 13:30:37 +10:00
dependabot-preview[bot] 33f039c117
[MISC] (deps): Bump github-pages and jekyll in /docs (#1257)
Bumps [github-pages](https://github.com/github/pages-gem) and [jekyll](https://github.com/jekyll/jekyll). These dependencies needed to be updated together.

Updates `github-pages` from 206 to 207
- [Release notes](https://github.com/github/pages-gem/releases)
- [Commits](https://github.com/github/pages-gem/compare/v206...v207)

Updates `jekyll` from 3.8.7 to 3.9.0
- [Release notes](https://github.com/jekyll/jekyll/releases)
- [Changelog](https://github.com/jekyll/jekyll/blob/master/History.markdown)
- [Commits](https://github.com/jekyll/jekyll/compare/v3.8.7...v3.9.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-08-11 21:54:29 +10:00
James Elliott ea1fae6491
[MISC] Storage Schema Versioning Model (#1057)
* [MISC] Storage Schema Versioning Model 

* fixup go.sum
* remove pq
* fix int to text issue
* fix incorrect SQL text
* use key_name vs key
* use transactions for all queries during upgrades
* fix missing parenthesis
* move upgrades to their own file
* add provider name for future usage in upgrades
* fix missing create config table values
* fix using the const instead of the provider SQL
* import logging once and reuse
* update docs
* remove db at suite teardown
* apply suggestions from code review
* fix mysql
* make errors more uniform
* style changes
* remove commented code sections
* remove commented code sections
* add schema version type
* add sql mock unit tests
* go mod tidy
* test blank row situations
2020-07-16 15:56:08 +10:00
dependabot-preview[bot] 145a83ee0d
[MISC] (deps): Bump just-the-docs from 0.3.0 to 0.3.1 in /docs (#1205)
Bumps [just-the-docs](https://github.com/pmarsceill/just-the-docs) from 0.3.0 to 0.3.1.
- [Release notes](https://github.com/pmarsceill/just-the-docs/releases)
- [Commits](https://github.com/pmarsceill/just-the-docs/compare/v0.3.0...v0.3.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-07-16 00:11:53 +02:00
Amir Zarrinkafsh c5916cbce6
[DOCS] Adjust Deployment navigation order (#1160) 2020-06-29 16:55:41 +10:00
Amir Zarrinkafsh 697ffd8d73
[DOCS] Fix just-the-docs theme styling (#1159)
This fixes a minor regression due to #1158.
As there was significant styling changes and due to our introduction of the github fork ribbon for the docs the layout also needed to be updated.
2020-06-29 11:20:38 +10:00
dependabot-preview[bot] 997e17cdc6
[MISC] (deps): Bump just-the-docs from 0.2.9 to 0.3.0 in /docs (#1158)
Bumps [just-the-docs](https://github.com/pmarsceill/just-the-docs) from 0.2.9 to 0.3.0.
- [Release notes](https://github.com/pmarsceill/just-the-docs/releases)
- [Commits](https://github.com/pmarsceill/just-the-docs/compare/v0.2.9...v0.3.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-06-29 09:42:14 +10:00
Philipp Staiger 5c4edf2f4d
[FEATURE] Support for subject combinations in ACLs (#1142) 2020-06-25 18:22:42 +10:00
dependabot-preview[bot] 1a76241ad4
[MISC] (deps): Bump just-the-docs from 0.2.7 to 0.2.9 in /docs (#1151)
Bumps [just-the-docs](https://github.com/pmarsceill/just-the-docs) from 0.2.7 to 0.2.9.
- [Release notes](https://github.com/pmarsceill/just-the-docs/releases)
- [Commits](https://github.com/pmarsceill/just-the-docs/compare/v0.2.7...v0.2.9)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-06-23 21:48:15 +02:00
Amir Zarrinkafsh e43bc93047
[FEATURE] Add configurable display name to frontend (#1124)
* [FEATURE] Add configurable display name to frontend
This feature allows users with a LDAP backend to specify an attribute (default is "displayname") to retrieve a users name for the portal greeting.
Similarly for the file based backend a new required key "name" has been introduced.

This can also be used down the line with OIDC as a separate scope.

* Update references from Name to DisplayName
* Update compose bundles to include displayname refs
* Update LDAP automatic profile refresh
* Ensure display name is updated
* Fix bug which prevented trace logging for profile refresh to not trigger
2020-06-19 20:50:21 +10:00
Amir Zarrinkafsh ff7f9a50ab
[FEATURE] Docker simplification and configuration generation (#1113)
* [FEATURE] Docker simplification and configuration generation
The Authelia binary now will attempt to generate configuration based on the latest template assuming that the config location specified on startup does not exist. If a file based backend is selected and the backend cannot be found similarly it will generate a `user_database.yml` based a template.

This will allow more seamless bootstrapping of an environment no matter the deployment method.

We have also squashed the Docker volume requirement down to just `/config` thus removing the requirement for `/var/lib/authelia` this is primarily in attempts to simplify the Docker deployment.

Users with the old volume mappings have two options:
1. Change their mappings to conform to `/config`
2. Change the container entrypoint from `authelia --config /config/configuration.yml` to their old mapping

* Adjust paths relative to `/etc/authelia` and simplify to single volume for compose
* Add generation for file backend based user database
* Refactor Docker volumes and paths to /config
* Refactor Docker WORKDIR to /app
* Fix integration tests
* Update BREAKING.md for v4.20.0
* Run go mod tidy
* Fix log_file_path in miscellaneous.md docs
* Generate config and userdb with 0600 permissions
* Fix log_file_path in config.template.yml
2020-06-17 16:25:35 +10:00
Amir Zarrinkafsh 2b8acb1a0b
[DOCS] Fix link for K8s setup (#1110) 2020-06-11 16:02:50 +10:00
Clement Michaud 1a1f86adf9
[DOCS] Main logo redirects to root of www.authelia.com. 2020-06-10 22:25:40 +02:00
Clement Michaud 5fc54be078
[DOCS] Try to remove url from docs config. 2020-06-10 21:24:36 +02:00
Clement Michaud fa0c27edea
[DOCS] Add trailing slash in baseurl of documentation. 2020-06-10 21:20:21 +02:00
Clement Michaud 7d4bbd7cea
Serve docs under www.authelia.com/docs. 2020-06-10 21:08:06 +02:00
Clément Michaud b68ed06a0b
[MISC] Configure docs to be served under /docs base url. (#1105) 2020-06-10 21:00:49 +02:00
Clément Michaud 2c0fa811a2
[DOCS] Improve documentation around Remote-User and Remote-Groups usage. (#1091)
* [DOCS] Improve documentation around Remote-User and Remote-Groups usage.

* Update docs/deployment/supported-proxies/index.md

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-06-08 17:17:24 +10:00
Clément Michaud 17f9ab3371
[DOCS] Add google analytics tracking to the documentation. (#1093)
This will allow us to analyze how the documentation is used in order to improve it
accordingly.
2020-06-08 00:44:40 +02:00
Clément Michaud 945eb4a8bf
[DOCS] Add fork me on github ribbon to documentation. (#1081)
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-06-04 13:37:19 +10:00
Clément Michaud d6bea97a93
[DOCS] Add a roadmap section to the documentation. (#1062)
* [DOCS] Add a roadmap section to the documentation.

Adding the roadmap will likely help people figure out what are the next big
topics that might be missing for them to take the leap and use Authelia.
Maybe some users are also waiting for a feature to unlock some use cases.

* Apply suggestions from code review

Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2020-06-01 16:55:58 +10:00
dependabot-preview[bot] 15abe5053a
[MISC] (deps): Bump github-pages and jekyll in /docs (#1051)
Bumps [github-pages](https://github.com/github/pages-gem) and [jekyll](https://github.com/jekyll/jekyll). These dependencies needed to be updated together.

Updates `github-pages` from 204 to 206
- [Release notes](https://github.com/github/pages-gem/releases)
- [Commits](https://github.com/github/pages-gem/compare/v204...v206)

Updates `jekyll` from 3.8.5 to 3.8.7
- [Release notes](https://github.com/jekyll/jekyll/releases)
- [Changelog](https://github.com/jekyll/jekyll/blob/master/History.markdown)
- [Commits](https://github.com/jekyll/jekyll/compare/v3.8.5...v3.8.7)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-05-26 09:39:54 +10:00
Amir Zarrinkafsh 08d412ece8
[DOCS] Add FAQs to Traefik2 (#1038)
Closes #997.
2020-05-21 16:48:54 +02:00
James Elliott fcd0b5e46a
[FEATURE] Allow Authelia to listen on a specified path (#1027)
* [FEATURE] Allow Authelia to listen on a specified path

* Fix linting and add a couple typescript types

* Template index.html to support base_url

* Update docs and configuration template

* Access base path from body attribute.

* Update CSP

* Fix unit test
Also remove check for body as this will never get triggered, react itself is loaded inside the body so this has to always be successful.

* Template index.html with ${PUBLIC_URL}

* Define PUBLIC_URL in .env(s)

* Add docs clarification

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
Co-authored-by: Clement Michaud <clement.michaud34@gmail.com>
2020-05-21 12:20:55 +10:00
James Elliott 469daedd36
[FEATURE] Delay 1FA Authentication (#993)
* adaptively delay 1FA by the actual execution time of authentication
* should grow and shrink over time as successful attempts are made
* uses the average of the last 10 successful attempts to calculate
* starts at an average of 1000ms
* minimum is 250ms
* a random delay is added to the largest of avg or minimum
* the random delay is between 0ms and 85ms
* bump LDAP suite to 80s timeout
* bump regulation scenario to 45s
* add mutex locking
* amend logging
* add docs
* add tests

Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
2020-05-21 00:03:15 +02:00
dependabot-preview[bot] 41bbb73e9d
[MISC] (deps): [Security] Bump activesupport in /docs (#1030)
Bumps [activesupport](https://github.com/rails/rails) from 6.0.2.1 to 6.0.3.1. **This update includes a security fix.**
- [Release notes](https://github.com/rails/rails/releases)
- [Changelog](https://github.com/rails/rails/blob/v6.0.3.1/activesupport/CHANGELOG.md)
- [Commits](https://github.com/rails/rails/compare/v6.0.2.1...v6.0.3.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2020-05-19 08:24:24 +10:00
Clément Michaud fe5ebfb75a
[FEATURE] Bump to fasthttp/session/v2 to support redis unix socket. (#1001)
* [FEATURE] Bump to fasthttp/session/v2 to support redis unix socket.

* Fix lint issues.

* Remove v1 import and fix double import.

* [DOCS] Document use of redis unix socket.

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-05-18 12:45:47 +10:00
James Elliott a4cf2e675f
[DEPRECATE] Remove Google Analytics (#1021)
* it doesn't work with our current CSP
* it's probably not used by anyone
* it isn't in harmony with our security purposes
* literally removes all use of it
* suggestions from code review
* remove useless test.

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
Co-authored-by: Clement Michaud <clement.michaud34@gmail.com>
2020-05-16 09:41:42 +10:00
James Elliott 73bd2e4479
[FIX] Hash Password Cmd Not Encoding Provided Salt (#999)
* using authelia hash-password if you provide a salt it doesn't encode it as a base64 string
* this causes invalid salts to be stored if a user manually provided one instead of reliance on the automatic generation
* additionally bumped the minimum required salt length to 8 as per reference spec
* additionally removed the maximum salt length as per reference spec (actually 2^32-1 per int32)
* see docs:
  * https://tools.ietf.org/html/draft-irtf-cfrg-argon2-10
  * https://github.com/P-H-C/phc-winner-argon2
  * https://github.com/P-H-C/phc-string-format
* encode all salts
* fix edge case of false positive in CheckPassword
* bump crypt version and fix tests
2020-05-14 15:55:03 +10:00
Amir Zarrinkafsh 561a3f551c
[DOCS] Fix typos in proxy examples (#1015)
Also include global http -> https redirection in Traefik 2.x example.
2020-05-14 13:26:52 +10:00
Clément Michaud 85933dd25d
Document future possibility to use alternative 1FA methods. (#1000) 2020-05-10 07:46:28 +10:00
James Elliott 9e7947a193
[DEPRECATE] Environment Variable Secrets (#905)
* remove ENV usages
* fix reader unit tests
* fix standalone suite
* fix k8s suite
* apply suggestions from code review

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-05-08 11:01:57 +10:00
James Elliott 3f374534ab
[FEATURE] Automatic Profile Refresh - LDAP (#912)
* [FIX] LDAP Not Checking for Updated Groups

* refactor handlers verifyFromSessionCookie
* refactor authorizer selectMatchingObjectRules
* refactor authorizer isDomainMatching
* add authorizer URLHasGroupSubjects method
* add user provider ProviderType method
* update tests
* check for new LDAP groups and update session when:
  * user provider type is LDAP
  * authorization is forbidden
  * URL has rule with group subjects

* Implement Refresh Interval

* add default values for LDAP user provider
* add default for refresh interval
* add schema validator for refresh interval
* add various tests
* rename hasUserBeenInactiveLongEnough to hasUserBeenInactiveTooLong
* use Authelia ctx clock
* add check to determine if user is deleted, if so destroy the
* make ldap user not found error a const
* implement GetRefreshSettings in mock

* Use user not found const with FileProvider
* comment exports

* use ctx.Clock instead of time pkg

* add debug logging

* use ptr to reference userSession so we don't have to retrieve it again

* add documenation
* add check for 0 refresh interval to reduce CPU cost
* remove badly copied debug msg

* add group change delta message

* add SliceStringDelta
* refactor ldap refresh to use the new func

* improve delta add/remove log message

* fix incorrect logic in SliceStringDelta
* add tests to SliceStringDelta

* add always config option
* add tests for always config option
* update docs

* apply suggestions from code review

Co-Authored-By: Amir Zarrinkafsh <nightah@me.com>

* complete mocks and fix an old one
* show warning when LDAP details failed to update for an unknown reason

* golint fix

* actually fix existing mocks

* use mocks for LDAP refresh testing

* use mocks for LDAP refresh testing for both added and removed groups

* use test mock to verify disabled refresh behaviour
* add information to threat model
* add time const for default Unix() value

* misc adjustments to mocks

* Suggestions from code review

* requested changes
* update emails
* docs updates
* test updates
* misc

* golint fix

* set debug for dev testing

* misc docs and logging updates

* misc grammar/spelling

* use built function for VerifyGet

* fix reviewdog suggestions

* requested changes

* Apply suggestions from code review

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
2020-05-04 21:39:25 +02:00
Clément Michaud da5c722cf8
[DOCS] Introduce an FAQ and document forwarded authentication. (#962)
* add FAQ docs section
* add forwarded authentication section to deployments > supported proxies
* apply suggestions from code review

Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-05-03 13:18:13 +10:00
Amir Zarrinkafsh 310c5dc09b
[DOCS] Harmonize Remote-User and Remote-Groups headers in nginx example (#963)
Fixes #957.

Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
2020-05-02 17:10:26 +02:00
Amir Zarrinkafsh 6d8f45513f
[DOCS] Update secrets examples for Docker Compose (#948)
* [DOCS] Update secrets examples for Docker Compose

* Fix typo

* Include examples for Docker Secrets and bind mounted secret files
2020-05-01 16:58:40 +10:00
James Elliott c9e8a924e0
[FEATURE] Buffer size configuration and additional http error handling (#944)
* implement read buffer size config option
* implement write buffer size config option
* implement fasthttp ErrorHandler so we can log errors to Authelia as well
* add struct/schema validation
* add default value
* add docs
* add config key to validator
* refactoring
* apply suggestions from code review

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-04-30 12:03:05 +10:00
Dimitris Zervas c9efae05ad
[DOCS] Add jira auto-login with http headers documentation (#868)
* Add jira auto-login with http headers documentation

* Update two-factor-basic-auth.md

* Create using-remote-user-header-for-sso-with-jira.md
2020-04-29 12:34:05 +10:00
Amir Zarrinkafsh f8bd506326
[FEATURE] Embed static assets in Go binary (#916)
* [FEATURE] Embed static assets in Go binary

* Refactor/consolidate code and specify public_html via configuration

* Update docs and config template for assets

* Update AUR package pre-requisites and systemd unit

* Include static assets as Buildkite and GitHub artifacts

* Remove references to PUBLIC_DIR

* Only serve assets via embedded filesystem and remove configuration references

* Update authelia-scripts helper to build the embedded filesystem

* Mock the embedded filesystem for unit tests
Add to gitignore to ensure this isn't overwritten.

* Move go:generate to satisfy linter
2020-04-29 00:07:20 +10:00
Amir Zarrinkafsh ff2df8b039
[DOCS] Fix HAProxy typo (#937) 2020-04-28 21:00:10 +10:00
Amir Zarrinkafsh 69859aa5d4
[DOCS] Update HAProxy code syntax style (#936) 2020-04-28 20:53:06 +10:00