Commit Graph

33 Commits (60cb20906c8d5ca711c53870c87087c136efc81d)

Author SHA1 Message Date
James Elliott ff6be40f5e
feat(oidc): pushed authorization requests (#4546)
This implements RFC9126 OAuth 2.0 Pushed Authorization Requests. See https://datatracker.ietf.org/doc/html/rfc9126 for the specification details.
2023-03-06 14:58:50 +11:00
Amir Zarrinkafsh 59e82e786c
refactor: collect backend coverage via go build -cover (#4921)
* refactor: collect backend coverage via go build -cover

* refactor: print percentage coverage collected
2023-02-14 14:44:08 +11:00
James Elliott 8e4b660f15
refactor: certs (#4912)
This refactors the suites to use a Enterprise Root CA PKI signed certificate so the CA public certificate can be trusted. This is particularly useful for webauthn in Chrome.
2023-02-11 14:11:40 +11:00
James Elliott 36e817df92
test(suites): load environment into suites (#4762)
* test(suites): load environment into suites

* test(suites): default setup suite

* test(suites): create base suite

* test(suites): fix nil ptr

* test(suites): add logging

* test: fix missing devworkflow path

* refactor: apply suggestions

* refactor: log

* fix: dev workflow requires env file to trigger vite hmr

* fix(suites): fix dynamic configuration in dev workflow for all proxies

* refactor: apply final suggestions

* fix: pass log level to suites

* fix(suites): include pathprefix to prevent react router basename issues

* fix: missing setup logging calls

* fix: gate suite setup funcs

* test: fix lint

* test: fix tmp dir

* fix(suites): fix gitignore of .env.development with vite hmr

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2023-01-25 15:11:05 +11:00
James Elliott 5efc996109
test: fix cli suite (#4686)
* test: fix cli suite

* test: fix cli suite
2023-01-03 21:39:55 +11:00
James Elliott d7ab3bb633
feat(commands): storage import/export commands (#4545)
This adds commands to export and import TOTP configurations and Webauthn devices as YAML.
2022-12-23 15:00:23 +11:00
James Elliott 0130edb870
feat(configuration): env config file discovery (#4618)
This allows Authelia to discover config files and config options via environment variables.

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2022-12-23 11:03:50 +11:00
James Elliott cc1e58e004
feat(configuration): load config from directory (#4616)
This allows specifying paths to a combination of files and directories with the --config option provided none of the specified file paths reside directly inside one of the specified directory paths. The directory paths are not recursive, and load .yml and .yaml files at this time.
2022-12-22 17:34:20 +11:00
James Elliott e3e31e3cbc
refactor(commands): command context (#4539)
This moves a lot of machinery for commands into a context.Context with other struct values. This allows for PreRunE's to reliably load the configuration and avoids use of global vars.
2022-12-22 11:21:29 +11:00
James Elliott d13247ce43
refactor(server): simplify templating and url derivation (#4547)
This refactors a few areas of the server templating and related functions.
2022-12-17 11:49:05 +11:00
James Elliott 3e4ac7821d
refactor: remove pre1 migration path (#4356)
This removes pre1 migrations and improves a lot of tooling.
2022-11-25 23:44:55 +11:00
James Elliott 3a70f6739b
feat(authentication): file password algorithms (#3848)
This adds significant enhancements to the file auth provider including multiple additional algorithms.
2022-10-17 21:51:59 +11:00
James Elliott f355a45ff3
fix(configuration): storage encryption_key required log grammar issue (#3617) 2022-06-28 17:13:47 +10:00
James Elliott fcac438637
feat(commands): enhance crypto generation capabilities (#2842)
This expands the functionality of the certificates and rsa commands and merges them into one command called cypto which can either use the cert or pair subcommands to generate certificates or key-pairs respectively. The rsa, ecdsa, and ed25519 subcommands exist for both the cert and pair commands. A new --ca-path argument for the cert subcommand allows Authelia to sign other certs with CA certs.

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2022-06-27 18:27:57 +10:00
James Elliott 2037a0ee4f
fix(commands): hash-password usage instructions (#3437)
This fixes the hash-password usage instructions and ensures it uses mostly a configuration source based config. In addition it updates our recommended argon2id parameters with the RFC recommendations.
2022-06-02 09:18:45 +10:00
James Elliott 06ba312c28
fix(commands): invalid opaque id service name (#3235)
This fixes the service type being openid_connect instead of openid as expected. This also allows bulk generating opaque identifiers for users.
2022-04-25 18:49:18 +10:00
James Elliott 5a0a15f377
feat(commands): user opaque identifiers commands (#3144)
Add commands for handling user opaque identifiers.
2022-04-09 17:13:19 +10:00
Clément Michaud 3ca438e3d5
feat: implement mutual tls in the web server (#3065)
Mutual TLS helps prevent untrusted clients communicating with services like Authelia. This can be utilized to reduce the attack surface.

Fixes #3041
2022-04-05 09:57:47 +10:00
James Elliott 6d937cf6cc
refactor(model): rename from models (#2968) 2022-03-06 16:47:40 +11:00
James Elliott 8f05846e21
feat: webauthn (#2707)
This implements Webauthn. Old devices can be used to authenticate via the appid compatibility layer which should be automatic. New devices will be registered via Webauthn, and devices which do not support FIDO2 will no longer be able to be registered. At this time it does not fully support multiple devices (backend does, frontend doesn't allow registration of additional devices). Does not support passwordless.
2022-03-03 22:20:43 +11:00
James Elliott 1b2af90e5a
feat(commands): totp qr code in png format (#2673)
This allows exporting the TOTP QR code for easy registration when using `authelia storage totp generate` or `authelia storage totp export`.
2022-03-02 18:50:36 +11:00
James Elliott 3c81e75d79
feat(commands): add access-control check-policy command (#2871)
This adds an access-control command that checks the policy enforcement for a given criteria using a configuration file and refactors the configuration validation command to include all configuration sources.
2022-02-28 14:15:01 +11:00
James Elliott 104a61ecd6
refactor(web): only fetch totp conf if required (#2663)
Prevents the TOTP user config from being requested when the user has not registered or is already authenticated 2FA.
2021-12-02 21:28:16 +11:00
James Elliott f90ca855e3
feat(storage): postgresql schema and ssl options (#2659)
Adds the schema name and all ssl options for PostgreSQL. Also a significant refactor of the storage validation process.
2021-12-02 16:36:03 +11:00
James Elliott ad8e844af6
feat(totp): algorithm and digits config (#2634)
Allow users to configure the TOTP Algorithm and Digits. This should be used with caution as many TOTP applications do not support it. Some will also fail to notify the user that there is an issue. i.e. if the algorithm in the QR code is sha512, they continue to generate one time passwords with sha1. In addition this drastically refactors TOTP in general to be more user friendly by not forcing them to register a new device if the administrator changes the period (or algorithm).

Fixes #1226.
2021-12-01 23:11:29 +11:00
Philipp Staiger 01b77384f9
feat(duo): multi device selection (#2137)
Allow users to select and save the preferred duo device and method, depending on availability in the duo account. A default enrollment URL is provided and adjusted if returned by the duo API. This allows auto-enrollment if enabled by the administrator.

Closes #594. Closes #1039.
2021-12-01 14:32:58 +11:00
James Elliott 9ceee6c660
feat(storage): only store identity token metadata (#2627)
This change makes it so only metadata about tokens is stored. Tokens can still be resigned due to conversion methods that convert from the JWT type to the database type. This should be more efficient and should mean we don't have to encrypt tokens or token info in the database at least for now.
2021-11-30 17:58:21 +11:00
James Elliott 347bd1be77
feat(storage): encrypted secret values (#2588)
This adds an AES-GCM 256bit encryption layer for storage for sensitive items. This is only TOTP secrets for the time being but this may be expanded later. This will require a configuration change as per https://www.authelia.com/docs/configuration/migration.html#4330.

Closes #682
2021-11-25 12:56:58 +11:00
James Elliott a7e867a699
feat(configuration): replace viper with koanf (#2053)
This commit replaces github.com/spf13/viper with github.com/knadh/koanf. Koanf is very similar library to viper, with less dependencies and several quality of life differences. This also allows most config options to be defined by ENV. Lastly it also enables the use of split configuration files which can be configured by setting the --config flag multiple times.

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-08-03 19:55:21 +10:00
James Elliott 0d7b33022c
build: add enhanced information (#2067)
This commit adjusts the build flags to include version information in the LDFLAGS using the -X options. Additionally this makes the information recorded at build time more comprehensive. All build information can now be obtained via the `authelia build` command, and the `authelia version` command is now `authelia --version`. Lastly this adjusts the Dockerfile to utilize docker cache more effectively.
2021-06-18 14:35:43 +10:00
James Elliott a0248cd096
test(suites): short mode skip suites testing (#1823)
This PR changes the suites tests so if go test -short is used, they are skipped per go standards and a message is displayed. Additionally removed some redundant types from suite_high_availability_test.go and adjusted a warning about a nil req var.
2021-03-14 18:08:26 +11:00
Amir Zarrinkafsh 296efe2b32
[MISC] Add missing CLI suite test (#1607)
* [MISC] Add missing CLI suite test

* Add missing test for `authelia version` command in CLI suite.
* Standardise logger calls and swap CSP switch order
2021-01-17 10:23:35 +11:00
Amir Zarrinkafsh 8bab8d47ef
[MISC] Add CLI suite (#1597)
This change adds a new integration testing suite "CLI".

The intent of this suite is to test, validate and capture coverage for Authelia's commands via the CLI.
2021-01-16 21:25:02 +11:00