Commit Graph

1577 Commits (6627a54594615f2e0304f5f92576b18380853681)

Author SHA1 Message Date
James Elliott fc034fbabc
[RELEASE] v4.24.0 (#1507) 2020-12-03 18:30:49 +11:00
Amir Zarrinkafsh 0bf192aae0
[CI] Adjust reviewdog filtermode for linting (#1506)
This will ensure that linter errors are picked up for the entire codebase instead of just against the default of [added/modified lines](https://github.com/reviewdog/reviewdog#added-default).
2020-12-03 18:06:42 +11:00
James Elliott 426f5260ad
[FEATURE] LDAP StartTLS (#1500)
* add start_tls config option
* add StartTLS method to the LDAP conn factory and the mock
* implemented use of the StartTLS method when the config is set to true
* add mock unit tests
* add docs
* add TLS min version support
* add tests to tls version method
* fix lint issues
* minor adjustments
* remove SSL3.0
* add tls consts
* deprecate old filter placeholders
* remove redundant fake hashing in file auth provider (to delay username enumeration, was replaced by #993
* make suite ActiveDirectory use StartTLS
* misc adjustments to docs
* suggested changes from code review
* deprecation notice conformity
* add mock test for LDAPS plus StartTLS
2020-12-03 16:23:52 +11:00
dependabot-preview[bot] ba9e89e750
[MISC] (deps): Bump @material-ui/core from 4.11.1 to 4.11.2 in /web (#1504)
Bumps [@material-ui/core](https://github.com/mui-org/material-ui/tree/HEAD/packages/material-ui) from 4.11.1 to 4.11.2.
- [Release notes](https://github.com/mui-org/material-ui/releases)
- [Changelog](https://github.com/mui-org/material-ui/blob/v4.11.2/CHANGELOG.md)
- [Commits](https://github.com/mui-org/material-ui/commits/v4.11.2/packages/material-ui)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-12-03 11:56:46 +11:00
dependabot-preview[bot] 9e90c8b044
[MISC] (deps): Bump @material-ui/icons from 4.9.1 to 4.11.2 in /web (#1503)
Bumps [@material-ui/icons](https://github.com/mui-org/material-ui/tree/HEAD/packages/material-ui-icons) from 4.9.1 to 4.11.2.
- [Release notes](https://github.com/mui-org/material-ui/releases)
- [Changelog](https://github.com/mui-org/material-ui/blob/v4.11.2/CHANGELOG.md)
- [Commits](https://github.com/mui-org/material-ui/commits/v4.11.2/packages/material-ui-icons)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-12-03 11:35:45 +11:00
dependabot-preview[bot] c9837568b5
[MISC] (deps): Bump haproxy in /internal/suites/example/compose/haproxy (#1501)
Bumps haproxy from 2.3.1-alpine to 2.3.2-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-12-03 09:54:21 +11:00
dependabot-preview[bot] e99e7e8be0
[MISC] (deps): Bump @types/jest from 26.0.15 to 26.0.16 in /web (#1498)
Bumps [@types/jest](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/jest) from 26.0.15 to 26.0.16.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/jest)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2020-12-02 10:27:11 +11:00
James Elliott 365304a684
[FEATURE] Add Optional Check for Session Username on VerifyGet (#1427)
* Adding the Session-Username header to the /api/verify endpoint when using cookie auth will check the value stored in the session store for the username and the header value are the same.
* use strings.EqualFold to compare case insensitively
* add docs
* add unit tests
* invalidate session if it is theoretically hijacked and log it as a warning (can only be determined if the header doesn't match the cookie)
* add example PAM script
* go mod tidy
* go mod bump to 1.15
2020-12-02 10:03:44 +11:00
dependabot-preview[bot] 9d3bc378ac
[MISC] (deps): Bump @craco/craco from 5.8.0 to 5.9.0 in /web (#1496)
Bumps [@craco/craco](https://github.com/gsoft-inc/craco) from 5.8.0 to 5.9.0.
- [Release notes](https://github.com/gsoft-inc/craco/releases)
- [Commits](https://github.com/gsoft-inc/craco/compare/v5.8.0...v5.9.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-12-01 08:58:10 +11:00
Amir Zarrinkafsh b0fbf2c4cc
[CI] Exclude non-coverage files from codecov upload (#1495)
* [CI] Exclude non-coverage files from codecov upload

* Ignore React serviceWorker.ts for coverage

As we do not utilise service workers in React gives more accurate coverage percentages when ignored.
2020-11-30 21:12:46 +11:00
Amir Zarrinkafsh d890e7d751
[CI] Add metadata switch for codecov verbose output (#1494) 2020-11-30 12:04:09 +11:00
Amir Zarrinkafsh b786b2e1f5
[MISC] Refactor webdriver port initialization (#1491)
This change aims to factorize code introduced in #1467 for webdriver port customisation within the suites.

Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2020-11-28 11:06:42 +11:00
Amir Zarrinkafsh ba04d1072b
[BUGFIX] Make username_attribute a mandatory placeholder in users_filter (#1449)
* [BUGFIX] Make username_attribute a mandatory placeholder in users_filter

Not including the `username_attribute` in the `users_filter` will cause issues with the LDAP session refresh and will result in session resets when the refresh interval has expired.

This change makes said attribute mandatory for the `users_filter`.

* Update version referenced in docs for fix
2020-11-28 00:30:27 +11:00
Amir Zarrinkafsh aa64d0c4e5
[FEATURE] Support MSAD password reset via unicodePwd attribute (#1460)
* Added `ActiveDirectory` suite for integration tests with Samba AD
* Updated documentation
* Minor styling refactor to suites
* Clean up LDAP user provisioning
* Fix Authelia home splash to reference correct link for webmail
* Add notification message for password complexity errors
* Add password complexity integration test
* Rename implementation default from rfc to custom
* add specific defaults for LDAP (activedirectory implementation)
* add docs to show the new defaults
* add docs explaining the importance of users filter
* add tests
* update instances of LDAP implementation names to use the new consts where applicable
* made the 'custom' case in the UpdatePassword method for the implementation switch the default case instead
* update config examples due to the new defaults
* apply changes from code review
* replace schema default name from MSAD to ActiveDirectory for consistency
* fix missing default for username_attribute
* replace test raising on empty username attribute with not raising on empty

Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2020-11-27 20:59:22 +11:00
dependabot-preview[bot] ffde77bdfd
[MISC] (deps): Bump @types/node from 14.14.9 to 14.14.10 in /web (#1492)
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 14.14.9 to 14.14.10.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-11-25 21:11:33 +11:00
dependabot-preview[bot] d75ce2b5c3
[MISC] (deps): Bump @material-ui/core from 4.11.0 to 4.11.1 in /web (#1490)
Bumps [@material-ui/core](https://github.com/mui-org/material-ui/tree/HEAD/packages/material-ui) from 4.11.0 to 4.11.1.
- [Release notes](https://github.com/mui-org/material-ui/releases)
- [Changelog](https://github.com/mui-org/material-ui/blob/v4.11.1/CHANGELOG.md)
- [Commits](https://github.com/mui-org/material-ui/commits/v4.11.1/packages/material-ui)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-11-25 11:10:14 +11:00
Amir Zarrinkafsh a29eeb52b6
[FEATURE] Add JSON log formatting option (#1488)
This change adds the ability to format Authelia's log output as JSON.

Example below:
```
{"level":"info","msg":"Logging severity set to info","time":"2020-01-01T00:00:00+11:00"}
{"level":"info","msg":"Authelia is listening for non-TLS connections on 0.0.0.0:9091","time":"2020-01-01T00:00:00+11:00"}
```
2020-11-25 10:46:41 +11:00
Amir Zarrinkafsh f1ecc5b82a
[FEATURE] Create dedicated health endpoint (#1489)
This change points the Docker containers healthcheck to the dedicated `/api/health` endpoint and also includes support for Authelia running with a path prefix.
2020-11-25 10:20:52 +11:00
Amir Zarrinkafsh 774c1c0207
[MISC] Consistently utilise correct logging interface (#1487)
This change aims to utilise the correct logging interface consistently.

The only instances where stdlib log is utilised is for tests and when commands that Authelia supports; for example certificate generation, password hashing and config validation.
2020-11-25 09:54:36 +11:00
Amir Zarrinkafsh 9310cead97
[RELEASE] v4.23.3 (#1486) 2020-11-24 13:23:18 +11:00
Amir Zarrinkafsh 1ed59957a3
[BUGFIX] Fix Docker healthcheck script (#1485)
* [MISC] Update Docker healthcheck script

This change now determines the host for Docker healthcheck from the `configuration.yml` that Authelia is started with.

The script has also been run through shellcheck and terminated with a newline in hopes to resolve a number of unreproducible issues.

* Fix healthcheck failing because of CRLF in configuration.yml (#1483)

The configuration.yml might contain CRLF characters. If that's the case, they are included in the results of sed, which breaks the healthcheck, so remove any CR characters in the host/port variables.

Co-authored-by: Berisan <berisan@berisan.dev>
2020-11-24 13:04:06 +11:00
Amir Zarrinkafsh 3832b55312
[DOCS] Fix links in Contributing (#1484) 2020-11-24 12:47:12 +11:00
Timo 495e57b46c
[DOCS] Make HAProxy regex case insensitive (#1478) 2020-11-24 12:35:38 +11:00
dependabot-preview[bot] f811b40957
[MISC] (deps): Bump typescript from 4.0.5 to 4.1.2 in /web (#1474)
Bumps [typescript](https://github.com/Microsoft/TypeScript) from 4.0.5 to 4.1.2.
- [Release notes](https://github.com/Microsoft/TypeScript/releases)
- [Commits](https://github.com/Microsoft/TypeScript/commits)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-11-24 12:04:00 +11:00
dependabot-preview[bot] 154ff8d383
[MISC] (deps): Bump react-scripts from 4.0.0 to 4.0.1 in /web (#1481)
Bumps [react-scripts](https://github.com/facebook/create-react-app/tree/HEAD/packages/react-scripts) from 4.0.0 to 4.0.1.
- [Release notes](https://github.com/facebook/create-react-app/releases)
- [Changelog](https://github.com/facebook/create-react-app/blob/master/CHANGELOG.md)
- [Commits](https://github.com/facebook/create-react-app/commits/react-scripts@4.0.1/packages/react-scripts)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-11-24 11:45:35 +11:00
dependabot-preview[bot] 445310a894
[MISC] (deps): Bump @fortawesome/react-fontawesome in /web (#1482)
Bumps [@fortawesome/react-fontawesome](https://github.com/FortAwesome/react-fontawesome) from 0.1.12 to 0.1.13.
- [Release notes](https://github.com/FortAwesome/react-fontawesome/releases)
- [Changelog](https://github.com/FortAwesome/react-fontawesome/blob/master/CHANGELOG.md)
- [Commits](https://github.com/FortAwesome/react-fontawesome/commits/0.1.13)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-11-24 11:16:37 +11:00
dependabot-preview[bot] 2b45ab40a8
[MISC] (deps): Bump react-ga from 3.2.1 to 3.3.0 in /web (#1479)
Bumps [react-ga](https://github.com/react-ga/react-ga) from 3.2.1 to 3.3.0.
- [Release notes](https://github.com/react-ga/react-ga/releases)
- [Commits](https://github.com/react-ga/react-ga/compare/v3.2.1...v3.3.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-11-23 21:00:25 +11:00
dependabot-preview[bot] ae1f5b0660
[MISC] (deps): Bump @types/react-dom from 16.9.9 to 17.0.0 in /web (#1477)
Bumps [@types/react-dom](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react-dom) from 16.9.9 to 17.0.0.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react-dom)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-11-23 17:34:33 +11:00
dependabot-preview[bot] 402cee46a0
[MISC] (deps): Bump @types/react from 16.9.56 to 17.0.0 in /web (#1476)
Bumps [@types/react](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react) from 16.9.56 to 17.0.0.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-11-23 16:30:56 +11:00
dependabot-preview[bot] 0efe940eee
[MISC] (deps): Bump @types/node from 14.14.8 to 14.14.9 in /web (#1473)
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 14.14.8 to 14.14.9.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-11-20 10:26:23 +11:00
Amir Zarrinkafsh 6db5455762
[CI] Collect coverage from frontend during integration tests (#1472)
This change will allow us to collect frontend code coverage from our Selenium based integration tests.

Given that the frontend is embedded into the Go binary and the integration tests run with a compiled binary in Docker this poses some issues with the instrumented code and the ability for it to run in this manner. To fix this we need to relax Authelia's CSP for the integration tests. This is achieved by setting the env variable `ENVIRONMENT` to `dev`.
2020-11-19 12:50:34 +11:00
dependabot-preview[bot] ec0af02aa3
[MISC] (deps): Bump @types/node from 14.14.7 to 14.14.8 in /web (#1469)
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 14.14.7 to 14.14.8.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-11-18 18:05:03 +11:00
Amir Zarrinkafsh 73a19140d1
[RELEASE] v4.23.2 (#1468) 2020-11-16 22:58:47 +11:00
Amir Zarrinkafsh 50df949520
[BUGFIX] Prevent crash when email has not been set (#1466)
* [BUGFIX] Prevent crash when email has not been set

a83ccd7188 introduced a regression where if a misconfigured deployment presented an empty emails array setting `Remote-*` headers would fail.

If the emails array is empty we now set the `Remote-Email` header to an empty string.

* Add additional case for unit tests
2020-11-16 22:22:16 +11:00
Amir Zarrinkafsh 8e32a4b65f
[CI] Add ability to customise the chromedriver port (#1467)
The development workflow expects chromedriver to be run on the host on port 4444.
There is currently no mechanism to modify this behaviour at runtime, so if another service is running on 4444 tests will just fail silently.

This change introduces the `CHROMEDRIVER_PORT` environment variable which can be utilised to set a custom port.
2020-11-16 21:59:24 +11:00
Amir Zarrinkafsh f2e0f16d39
[CI] Update QEMU to v5.1.0-7 (#1457) 2020-11-16 21:22:09 +11:00
Amir Zarrinkafsh 106c9032ad
[CI] Fix development workflow (#1465)
Since merging #1135 and utilising Go templating to enable/disable the rememeber me and password reset features these have stopped working in the development workflow.
During frontend development if someone wants to modify these values they should modify the `.env.development` file accordingly.
2020-11-16 20:58:29 +11:00
dependabot-preview[bot] f42b1ea229
[MISC] (deps): Bump haproxy in /internal/suites/example/compose/haproxy (#1463)
Bumps haproxy from 2.3.0-alpine to 2.3.1-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-11-16 11:49:52 +11:00
dependabot-preview[bot] 6e5b930f64
[MISC] (deps): Bump golang in /internal/suites/example/compose/authelia (#1464)
Bumps golang from 1.15.4-alpine to 1.15.5-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-11-16 11:07:44 +11:00
dependabot-preview[bot] 7c5dd9af2c
[MISC] (deps): Bump golang from 1.15.4-alpine to 1.15.5-alpine (#1462)
Bumps golang from 1.15.4-alpine to 1.15.5-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-11-16 10:27:51 +11:00
dependabot-preview[bot] daaf4da217
[MISC] (deps): Bump arm32v7/alpine from 3.12.0 to 3.12.1 (#1452)
Bumps arm32v7/alpine from 3.12.0 to 3.12.1.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-11-13 11:02:41 +11:00
Lukas Klass 518bc67ef9
[DOCS] Clarify use of multiple subjects in ACLs and their logical evaluation (#1454)
* Clarify use of multiple subjects and their logical evaluation

* Update docs/configuration/access-control.md

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-11-13 10:30:23 +11:00
Amir Zarrinkafsh f392f51df6
[MISC] Append log file instead of overwriting (#1450)
* [MISC] Append log file instead of overwriting

If Authelia is restarted when a `log_file_path` is defined upon restart the log file is overwritten as opposed to appending the existing file.

This change ensures that the log file will be appended to, users will need to ensure that they rotate/truncate this over time especially if running in `debug` or `trace`.

* Amend documentation for log_file_path
2020-11-13 10:14:45 +11:00
Amir Zarrinkafsh 29af1aac6a
[DOCS] Update session docs to clarify encryption (#1448)
This looks like it just fell out of sync with what actually already exists within the [`config.template.yml`](695cd5bf8f/config.template.yml (L291)).
2020-11-13 07:45:46 +11:00
Amir Zarrinkafsh 695cd5bf8f
[RELEASE] v4.23.1 (#1446) 2020-11-11 16:07:46 +11:00
dependabot-preview[bot] 0e1cfbd478
[MISC] (deps): Bump @types/node from 14.14.6 to 14.14.7 in /web (#1438)
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 14.14.6 to 14.14.7.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-11-11 15:49:57 +11:00
Amir Zarrinkafsh 423cd09f26
[BUGFIX] Dynamically determine healthcheck URL (#1444) 2020-11-11 15:22:09 +11:00
Amir Zarrinkafsh 2834f3f8e8
[BUGFIX] Fix re-rendering callbacks (#1445)
b34b10322b introduced a regression where including deps in the associated useCallback functions would cause React to re-render components.
This resulted in unexpected symptoms like multiple Duo push requests, even if a successful or errored request had already been received.

Empty deps/no re-rendering for the respective callbacks is an expected result therefore we can safely ignore these issues the linter is suggesting needs to be fixed.
2020-11-11 14:51:42 +11:00
dependabot-preview[bot] 2b1baacd82
[MISC] (deps): Bump react-ga from 3.2.0 to 3.2.1 in /web (#1440)
Bumps [react-ga](https://github.com/react-ga/react-ga) from 3.2.0 to 3.2.1.
- [Release notes](https://github.com/react-ga/react-ga/releases)
- [Commits](https://github.com/react-ga/react-ga/compare/v3.2.0...v3.2.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-11-10 13:39:25 +11:00
Amir Zarrinkafsh cca8480c0b
[CI] Run codecov in verbose mode (#1439)
This is to support the codecov team in identifying and resolving an issue.
2020-11-10 10:58:09 +11:00