Commit Graph

884 Commits (72156285156e1e5985b949966fa901c6a213050d)

Author SHA1 Message Date
James Elliott 17db704f4d
test(authentication): add missing type tests (#5483)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-25 12:26:19 +10:00
James Elliott fbbeef3ae8
test(authentication): add missing tests (#5482)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-25 11:17:35 +10:00
James Elliott f1b3fc7b31
test(handlers): add missing tests (#5480)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-25 07:58:00 +10:00
James Elliott 2e8a460a66
test: add misc missing tests (#5479)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-24 22:33:05 +10:00
James Elliott e784a72735
test(authorization): add missing tests (#5478)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-24 19:23:46 +10:00
James Elliott f724818c44
test(authentication): file provider (#5473)
Add additional tests to the file provider.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-24 05:57:53 +10:00
James Elliott 65f69aeb4e
feat(oidc): jwk selection by id (#5464)
This adds support for JWK selection by ID on a per-client basis, and allows multiple JWK's for the same algorithm.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-22 21:14:32 +10:00
James Elliott 83c4cb8a94
docs: misc fixes (#5462)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-20 10:11:50 +10:00
renovate[bot] 90c0bce3a4
build(deps): update ghcr.io/k3d-io/k3d docker tag to v5.5.1 (#5461)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-05-19 23:49:22 +10:00
renovate[bot] 5ce36d37cd
build(deps): update ghcr.io/k3d-io/k3d docker tag to v5.5.0 (#5450)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-05-18 08:00:59 +10:00
James Elliott 65ecfe4b9a
feat(oidc): private_key_jwt client auth (#5280)
This adds support for the private_key_jwt client authentication method.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2023-05-15 10:32:10 +10:00
James Elliott cef374cdc1
feat(oidc): multiple jwk algorithms (#5279)
This adds support for multiple JWK algorithms and keys and allows for per-client algorithm choices.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-15 10:03:19 +10:00
James Elliott 1dbfbc5f88
feat(oidc): client_secret_jwt client auth (#5253)
This adds the authentication machinery for the client_secret_jwt to the Default Client Authentication Strategy.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-15 09:51:59 +10:00
renovate[bot] 1d99e42436
build(deps): update mariadb docker tag to v10.11.3 (#5429)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-05-12 15:40:35 +10:00
renovate[bot] 70df11be16
build(deps): update alpine docker tag to v3.18.0 (#5421)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-05-10 13:06:31 +10:00
James Elliott 6c472d8627
refactor(configuration): umask from query (#5416)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-09 21:25:56 +10:00
James Elliott 998ffe5255
refactor: strip word and from duration (#5412)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-08 15:57:11 +10:00
James Elliott a0deacff55
refactor: misc consistency fixes (#5406)
Misc consistency fixes to docs and related content.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-08 13:51:17 +10:00
James Elliott 713f8e9ab7
fix(configuration): fail to parse large int duration (#5408)
Large integers used with the duration common  syntax failed to parse if they exceeded the ability to fit into an int32.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-08 13:30:49 +10:00
James Elliott b219a85e12
refactor(model): use recommended semver regex (#5403)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-07 17:51:35 +10:00
James Elliott fb5c285c25
feat(authentication): suport ldap over unix socket (#5397)
This adds support for LDAP unix sockets using the ldapi scheme. In addition it improves all of the address related parsing significantly deprecating old options.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-07 16:39:17 +10:00
James Elliott 90d190121d
feat(server): listen on unix sockets (#5038)
This allows listening on unix sockets.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-07 15:48:26 +10:00
James Elliott 73861ff17a
build(deps): update module github.com/go-ldap/ldap/v3 to b50d289 (#5396)
This fixes various issues.

Fixes #4199

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-06 13:02:04 +10:00
renovate[bot] 60cb20906c
build(deps): update redis docker tag to v7 (#3260)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-05-06 09:43:33 +10:00
James Elliott 7785a33ade
build(deps): update module github.com/fasthttp/session to v2.5.0 (#5391)
This offers redis v7 full compatibility.

Closes #3856

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-05 23:50:35 +10:00
renovate[bot] ede5623485
build(deps): update haproxy docker tag to v2.7.8 (#5366)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-05-03 13:04:56 +10:00
renovate[bot] 20f9b886a8
build(deps): update golang docker tag to v1.20.4 (#5364)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-05-03 05:47:18 +10:00
James Elliott 71a01b9945
i18n: update translation for portal.json (Italian) (#5338) 2023-04-30 15:07:30 +10:00
James Elliott 34ec813370
fix(middlewares): failure to detect remote ip (#5339)
This fixes an edge case where the RemoteIP detection could safely fail with an error, and instead defaults to the TCP packet information.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-30 10:52:45 +10:00
renovate[bot] d78c490649
build(deps): update haproxy docker tag to v2.7.7 (#5328)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-04-28 13:52:51 +10:00
renovate[bot] 04b340350a
build(deps): update traefik docker tag to v2.10.1 (#5326)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-04-28 07:03:26 +10:00
renovate[bot] 8ce111a8fb
build(deps): update envoyproxy/envoy docker tag to v1.26.1 (#5325)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-04-28 01:04:06 +10:00
James Elliott 456ba9947b
i18n: update translations (#5315)
* i18n: update translation for portal.json (German)

* i18n: update translation for portal.json (Hungarian)

* i18n: update translation for portal.json (Slovenian)

* i18n: update translation for portal.json (Chinese Traditional)
2023-04-26 12:35:07 +10:00
renovate[bot] 2213540738
build(deps): update traefik docker tag to v2.10.0 (#5310)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-04-25 18:20:52 +10:00
renovate[bot] 1c64e7731a
build(deps): update node.js to v20 (#5294) 2023-04-24 12:08:40 +10:00
James Elliott 033d3c0408
fix(commands): missing pkcs8 option (#5270)
Several crypto generate situations could not generate PKCS #8 ASN.1 DER format keys. Ths fixes this.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-18 12:16:45 +10:00
renovate[bot] 4050bb6a64
build(deps): update envoyproxy/envoy docker tag to v1.26.0 (#5268)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-04-18 11:43:03 +10:00
James Elliott 616fa3c48d
docs: header consistency (#5266) 2023-04-18 09:53:26 +10:00
James Elliott 4db965e19f
refactor: interfaces (#5252)
Use any alias instead of empty interfaces.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-15 22:35:44 +10:00
James Elliott eaddf11df6
refactor: http verbs etc (#5248)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-15 15:03:14 +10:00
James Elliott d2cdbb23f3
refactor(authentication): remove deprecated func (#5246)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-15 10:51:50 +10:00
James Elliott 370585d1de
refactor(web): webauthn references (#5244)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-15 02:54:24 +10:00
James Elliott 2733fc040c
refactor: webauthn naming (#5243)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-15 02:04:42 +10:00
James Elliott a179775f6f
refactor: misc out of band changes (#5238)
This just implements some changes from feat-settings-ui that are out of scope.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-14 21:42:31 +10:00
James Elliott 0f4f5d5848
fix(commands): no args not enforced on crypto hash generate (#5237)
This fixes an issue where the authelia crypto hash generate command does not require no arguments leading to some confusing output.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-14 20:46:43 +10:00
Manuel Nuñez 56c10eab76
test(configuration): add additional coverage (#4779) 2023-04-13 21:15:28 +10:00
James Elliott 3d2da0b070
feat(oidc): client authentication modes (#5150)
This adds a feature to OpenID Connect 1.0 where clients can be restricted to a specific client authentication mode, as well as implements some backend requirements for the private_key_jwt client authentication mode (and potentially the tls_client_auth / self_signed_tls_client_auth client authentication modes). It also adds some improvements to configuration defaults and validations which will for now be warnings but likely be made into errors.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-13 20:58:18 +10:00
renovate[bot] 85e9792cf3
build(deps): update envoyproxy/envoy docker tag to v1.25.5 (#5229)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-04-13 15:17:54 +10:00
James Elliott c8f75b19af
fix(oidc): default response mode not validated (#5129)
This fixes an issue where the default response mode (i.e. if the mode is omitted) would skip the validations against the allowed response modes.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-11 21:29:02 +10:00
James Elliott dfbbf1a1f3
fix(model): yaml encoding of totp and webauthn fails (#5204)
This fixes an issue where the encoding of the YAML files fails when exporting TOTP/WebAuthn devices.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-11 21:11:11 +10:00