Commit Graph

853 Commits (63908266180192a5293289eb0363eea1b4d5cfd2)

Author SHA1 Message Date
Clément Michaud 6390826618
[MISC] Add several logs to help users detect misconfiguration issues (#639)
* Help users detect misconfiguration of their protected domain.

Sometimes users try to visit an URL pointing to a domain which is
not protected by Authelia and thus authentication fails. This log
line will help users detect those cases.

* Add a log to detect bad schemes in target URLs.

This helps users detect when an URL is http while it should be https.
Indeed, cookies are transported solely over a secure connection for
security reasons.
2020-02-19 09:39:07 +11:00
Clément Michaud c578c8651d
[MISC] Add unit tests to authorization module and trace logs. (#638)
This aims to help debug #637.
2020-02-19 09:15:09 +11:00
Amir Zarrinkafsh 6530780817
[MISC] Utilise Probot for PR commentary (#633)
Remove Buildkite trigger for commentary.
2020-02-14 18:50:38 +11:00
Clément Michaud 4643e488db
[MISC] Fail with an error message when X-Forwarded-* headers are missing (#631)
* Fail with an error message when X-Forwarded-* headers are missing.

* Remove useless comments.
2020-02-13 13:12:37 +11:00
Amir Zarrinkafsh 2ffbea50af [MISC] Update QEMU to v4.2.0-4 (#629) 2020-02-10 21:38:53 +11:00
Amir Zarrinkafsh f1a89de2e7
[MISC] Restructure repo folder layout (#628) 2020-02-09 18:04:27 +01:00
Clément Michaud c2c4d9da79
Add a goreport card badge (#627) 2020-02-07 17:59:12 +01:00
Amir Zarrinkafsh 5588014ea7 [Buildkite] Fix agent key allocation for build step (#624) 2020-02-06 09:18:56 +01:00
Clément Michaud 915b6b5436
[FIX] Prevent crash when storage config is nil (#623)
* Prevent crash when storage config is nil.

* Fix google analytics configuration.

Fixes #622.
2020-02-06 13:53:02 +11:00
Clément Michaud a63d55201f
[MISC] Improve documentation around headers used by verify endpoint. (#620)
* Explicit document missing X-Forwarded-Proto and X-Fowarded-Host headers.

* Add the name of the authorization header in error messages.

* Add error and debug logs about X-Original-URL header.

* Add error log when not able to parse target URL in verify endpoint.

* Fix unit tests.
2020-02-06 13:24:25 +11:00
Clément Michaud c1aecf0afc
Add authelia directory in the PATH of docker images. (#621) 2020-02-06 10:02:18 +11:00
Amir Zarrinkafsh 27b8a1b0fe
[Buildkite] Fix issues with releases in CD pipeline (#617)
* [Buildkite] Fix changelog output for github releases

Fetch is required to grab the latest tag, this will ensure the correct data is generated

* [Buildkite] Only clean tags on pushes to master

Also ensure that master tag is not removed on github API failures.

* [Buildkite] Fix tag publishing for releases

* [Buildkite] Minor tweaks to github changelog output
2020-02-05 23:24:19 +11:00
Clement Michaud 9b99420ca0 4.3.0 2020-02-05 09:51:36 +01:00
Clément Michaud d1d02d9eae
[FIX] Redirect to default URL after 1FA when default policy is one_factor. (#611)
* Redirect to default URL after 1FA when default policy is one_factor.

User is now redirected to the default redirection URL after 1FA if
the default policy is set to one_factor and there is no target URL
or if the target URL is unsafe.

Also, if the default policy is set to one_factor and the user is already
authenticated, if she visits the login portal, the 'already authenticated'
view is displayed with a logout button.

This fixes #581.

* Update users.yml

* Fix permissions issue causing suite test failure
2020-02-05 08:18:02 +11:00
Amir Zarrinkafsh 9c9d8518eb
[Buildkite] Perform PR commentary in pipeline and remove github action (#614)
* [Buildkite] Perform PR commentary in pipeline and remove github action

* [Buildkite] Optimise deployment post-command hook
2020-02-03 20:07:01 +11:00
Amir Zarrinkafsh 9f904eb27e
[MISC] Make bootstrap.sh OSX friendly (#613)
Fixes #610.
2020-02-03 18:25:53 +11:00
Clément Michaud 4d981b3934
Use forked version of checkout action 2020-02-02 22:54:34 +01:00
Clément Michaud d8f20ea7a9
Update comment.yml 2020-02-02 22:34:49 +01:00
Clément Michaud 8a07fc5c67
Update comment.yml 2020-02-02 22:30:45 +01:00
Clément Michaud 4df798e067
Update comment.yml 2020-02-02 12:23:24 +01:00
Amir Zarrinkafsh 6245dd68e9
[MISC] Change github action comment plugin (#609) 2020-02-01 18:12:58 +01:00
Amir Zarrinkafsh 006c9e20db
[FIX] Fix token associated with github actions (#607) 2020-02-02 00:47:23 +11:00
Clément Michaud 7f19078efb
[MISC] Document usage of env variables for setting secrets. (#606)
Closes #579.
2020-02-02 00:17:39 +11:00
Clément Michaud ea9b408b70
[FIX] Fix default redirection URL not taken into account (#600)
* Remove unused mongo docker-compose file.

* Default redirection URL was not taken into account.

* Fix possible storage options in config template.

* Remove useless checks in u2f registration endpoints.

* Add default redirection url in config of duo suite.

* Fix log line in response handler of 2FA methods.

* Fix integration tests.

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-02-01 13:54:50 +01:00
Amir Zarrinkafsh 05592cbe2d
[MISC] Add github comment workflow for automated builds (#605) 2020-02-01 12:56:11 +01:00
Clément Michaud e303ae0083
[MISC] Remove unused mongo docker-compose file. (#599) 2020-02-01 22:19:26 +11:00
Clément Michaud 426b29c382
[MISC] Add a CONTRIBUTING.md to the project. (#604) 2020-02-01 22:05:43 +11:00
Amir Zarrinkafsh 1b478e8f3d
[Buildkite] Do not persist Docker secret in builds (#603) 2020-02-01 19:10:18 +11:00
Amir Zarrinkafsh 275af90137
[Buildkite] Re-order pipeline to improve security (#598) 2020-01-31 15:16:46 +11:00
Amir Zarrinkafsh 49e739d009
[Buildkite] Add automatic deployment and removal of Docker images for Branches and PRs (#592) 2020-01-30 08:37:11 +01:00
James Elliott 152b33e4fa [FIX] SMTP Notifier Unhandled Error Conditions (#585)
- Only attempt to close the connection once it's established.
- Defer the client Quit/Close so that it always executes at the end.
- Fixes #585
2020-01-28 15:19:54 +11:00
Amir Zarrinkafsh 722cbb63a0 [Buildkite] Remove redundant if clause in post-checkout hook 2020-01-28 10:06:03 +11:00
Amir Zarrinkafsh e646323555 [MISC] Fix AUR badge links in README.md 2020-01-28 10:06:03 +11:00
James Elliott 31ca4f891f [FIX] Disable regulation when max_retries set to 0 (#584)
- Only set regulator to enabled if max_retries is not set to 0, default is false (zero value).
- Added test for the scenario.
- Fixes #584
2020-01-27 22:54:24 +11:00
Amir Zarrinkafsh 25c0b60540 [MISC] Update docs to include updated proxy configuration (#580)
Includes updated documentation for:
* nginx
* Traefik 1.x
* Traefik 2.x
2020-01-27 00:24:49 +01:00
Amir Zarrinkafsh 107126929b Update README.md with AUR references and remove CHANGELOG.md (#576)
* Update README.md
Provide badges and references to the AUR for Arch Linux Authelia packages.
Closes #571 #572.

* Add systemd unit file
Include the unit in future release artifacts.

* Remove CHANGELOG.md
As of future releases Changelog details will dynamically be generated.

* Update README.md
Add badge for authelia-git package.

* Update Changelog to only publish explicit Docker tag
Do not include Major and Minor versions, as these will change over time.
2020-01-24 10:21:17 +01:00
Clement Michaud aca8be40ac Release v4.2.0 2020-01-22 09:12:21 +01:00
Amir Zarrinkafsh 6f669ec8b7 Package config.template.yml in published artifacts 2020-01-22 08:43:06 +01:00
Amir Zarrinkafsh d36fbb73b7 Add example for v3 -> v4 migrations utilising Docker 2020-01-22 11:53:15 +11:00
Amir Zarrinkafsh 9a685fefad Update alpine to 3.11.3 2020-01-22 11:53:15 +11:00
Clement Michaud 2acf8bf21c Add hash-password and migrate commands to authelia binary.
This reduce the size of the docker image and avoid confusing users.

We keep the commands in authelia-scripts too in order to keep the
current workflow of developers.
2020-01-22 11:53:15 +11:00
Clement Michaud bb7781fd2b Use env variables to configure secrets in Standalone suite. 2020-01-22 10:15:25 +11:00
Clement Michaud cab97d5f2f Bind secret environment variable to allow unmarshalling. 2020-01-22 10:15:25 +11:00
Clement Michaud c95c7210d8 Put secrets in env variables of Kubernetes Deployment.
This is preliminary work to bootstrap the Helm chart and rely on
the Kubernetes vault.

WARNING: those variables should never be set in the configuration
in a production environment. They have been set here for ease of
deployment and because this is a showcase.
2020-01-22 10:15:25 +11:00
Clement Michaud e92d3ced3a Introduce viper in order to read secrets from env variables. 2020-01-22 10:15:25 +11:00
Clement Michaud ea86b62527 Add validation for notifier configuration. 2020-01-22 10:15:25 +11:00
Clement Michaud 9b5b091a44 Update CHANGELOG for v4.1.0. 2020-01-21 23:26:14 +01:00
Clément Michaud fffff82735
Create FUNDING.yml 2020-01-21 22:20:13 +01:00
James Elliott 736ed3f212 Misc Spelling Corrections
- Mostly changes to spelling of comments/docs/displayed text
- A few changes to test function names
2020-01-21 12:16:00 +11:00
Clement Michaud 47b34b4026 Escape special LDAP characters as suggested by OWASP.
https://owasp.org/www-project-cheat-sheets/cheatsheets/LDAP_Injection_Prevention_Cheat_Sheet.html
2020-01-21 09:46:17 +11:00