Commit Graph

139 Commits (78a9faacfead1bbf05459941f6534950da76bb09)

Author SHA1 Message Date
James Elliott c555c10496
docs: add matrix space information and update readme (#2061)
* docs: add matrix space information and update readme

We recently created a Matrix Space which includes both the original room, and a new contributing room. This commit also performs some basic housekeeping on the README.md, including but not limited to: factorizing the security section, adjusting the main description, clearly outlining areas where help is wanted, adding information related to the helm chart, adding more details in the features summary, grammar, and misc other changes.

* docs: update security to be in line with the readme
2021-06-06 15:53:28 +10:00
Clément Michaud 168404fbb4
doc: reword the sponsor section of readme (#1994)
Also add an explicit mention on the fact that the team is looking
for sponsorship to organize an audit of the code or a pen test.
2021-05-10 09:53:34 +10:00
James Elliott ddea31193b
feature(oidc): add support for OpenID Connect
OpenID connect has become a standard when it comes to authentication and
in order to fix a security concern around forwarding authentication and authorization information
it has been decided to add support for it.

This feature is in beta version and only enabled when there is a configuration for it.
Before enabling it in production, please consider that it's in beta with potential bugs and that there
are several production critical features still missing such as all OIDC related data is stored in
configuration or memory. This means you are potentially going to experience issues with HA
deployments, or when restarting a single instance specifically related to OIDC.

We are still working on adding the remaining set of features before making it GA as soon as possible.

Related to #189

Co-authored-by: Clement Michaud <clement.michaud34@gmail.com>
2021-05-05 00:15:36 +02:00
allcontributors[bot] d1d0aa967d
docs: add jonbayl as a contributor (#1930)
* docs: update README.md

* docs: update .all-contributorsrc

Co-authored-by: allcontributors[bot] <46447321+allcontributors[bot]@users.noreply.github.com>
2021-04-18 19:13:40 +10:00
allcontributors[bot] a6ebf4ad4c
docs: add lavih as a contributor (#1913)
* docs: update README.md

* docs: update .all-contributorsrc

Co-authored-by: allcontributors[bot] <46447321+allcontributors[bot]@users.noreply.github.com>
2021-04-14 20:08:53 +10:00
James Elliott 08e674b62f
docs: refactor several areas of documentation (#1726)
Updated all links to use https://www.authelia.com/docs/.
Removed all comment sections from documented configuration on the documentation site and replaced them with their own sections.
Made all documentation inside config.template.yml double hashes, and made all commented configuration sections single quoted.
Added .yamllint.yaml to express our desired YAML styles.
Added a style guide.
Refactored many documentation areas to be 120 char widths where possible. It's by no means exhaustive but is a large start.
Added a statelessness guide for the pending Kubernetes chart introduction.
Added labels to configuration documentation and made many areas uniform.
2021-04-11 21:25:03 +10:00
allcontributors[bot] 2a74e8cdcf
docs: add wuhanstudio as a contributor (#1903)
* docs: update README.md

* docs: update .all-contributorsrc

Co-authored-by: allcontributors[bot] <46447321+allcontributors[bot]@users.noreply.github.com>
2021-04-11 07:13:00 +10:00
allcontributors[bot] d43d477265
docs: add craSH as a contributor (#1820)
* docs: update README.md

* docs: update .all-contributorsrc

Co-authored-by: allcontributors[bot] <46447321+allcontributors[bot]@users.noreply.github.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2021-03-13 09:39:40 +11:00
allcontributors[bot] ac329c53e3
docs: add mardom1 as a contributor (#1804)
* docs: update README.md

* docs: update .all-contributorsrc

Co-authored-by: allcontributors[bot] <46447321+allcontributors[bot]@users.noreply.github.com>
2021-03-11 12:15:31 +11:00
allcontributors[bot] 8191ca2330
docs: add dchidell as a contributor (#1803)
* docs: update README.md

* docs: update .all-contributorsrc

Co-authored-by: allcontributors[bot] <46447321+allcontributors[bot]@users.noreply.github.com>
2021-03-11 12:13:22 +11:00
allcontributors[bot] 28922c762b
docs: add except as a contributor (#1802)
* docs: update README.md

* docs: update .all-contributorsrc

Co-authored-by: allcontributors[bot] <46447321+allcontributors[bot]@users.noreply.github.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2021-03-11 12:11:09 +11:00
James Elliott c310049faa
refactor(authentication): use crypto constant time compare (#1800)
* refactor(authentication): use crypto constant time compare

Improve security with usage of the crypto/subtle ConstantTimeCompare() method for hash comparison.

Fixes #1799

* docs: add explicit labels for chat types
2021-03-11 12:08:49 +11:00
allcontributors[bot] 2f4724e7f9
docs: add ThinkChaos as a contributor (#1761)
* docs: update README.md

* docs: update .all-contributorsrc

Co-authored-by: allcontributors[bot] <46447321+allcontributors[bot]@users.noreply.github.com>
2021-02-24 10:39:37 +11:00
Amir Zarrinkafsh 8c79e6beca
ci(buildkite): utilise conventional-changelog for release notes (#1714)
Instead of generating our changelog based on crude modifications utilising git log we now utilise conventional-changelog.

conventional-changelog utilises the angular commit structure to categorise and display the changelog for 3 types (fix,feat,perf) and each of the change scopes are identified in the changelog too.

An example of the output for v4.26.0 can be found below:

# [4.26.0](https://github.com/authelia/authelia/compare/v4.25.2...v4.26.0) (2021-02-02)

### Bug Fixes

* **handlers:** refresh user details on all domains ([#1642](https://github.com/authelia/authelia/issues/1642)) ([60ff16b](60ff16b518))

### Docker Container
* `docker pull authelia/authelia:4.26.0`
2021-02-12 14:00:36 +11:00
allcontributors[bot] 1733762f68
docs: add knnnrd as a contributor (#1703)
* docs: update README.md [skip ci]
* docs: update .all-contributorsrc [skip ci]

Co-authored-by: allcontributors[bot] <46447321+allcontributors[bot]@users.noreply.github.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2021-02-05 14:41:39 +11:00
allcontributors[bot] b963e3c9a0
docs: add laurivosandi as a contributor (#1702)
* docs: update README.md [skip ci]
* docs: update .all-contributorsrc [skip ci]

Co-authored-by: allcontributors[bot] <46447321+allcontributors[bot]@users.noreply.github.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2021-02-05 14:37:34 +11:00
allcontributors[bot] eec6a626af
docs: add TheCatLady as a contributor (#1701)
* docs: update README.md [skip ci]
* docs: update .all-contributorsrc [skip ci]
* fix skipCi option

Co-authored-by: allcontributors[bot] <46447321+allcontributors[bot]@users.noreply.github.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2021-02-05 14:30:44 +11:00
Amir Zarrinkafsh e091032279
docs: update contribution guidelines (#1666)
* docs: update contribution guidelines

* add release commit message type

* update none/empty scope definition

* add go mod tidy post update option
2021-01-30 19:29:07 +11:00
Amir Zarrinkafsh 87af0d3112
[DOCS] Update contributors (#1623)
This change also modifies the contributors to introduce [All Contributors](https://allcontributors.org/).
2021-01-22 14:24:25 +11:00
Andrew Kliskey 6b719ea226
[DOCS] Specify docker tag for readme badges (#1593)
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-01-13 12:48:57 +11:00
Amir Zarrinkafsh e5504fa918
[MISC] Add Buildkite logo to badge (#1554) 2020-12-22 12:29:50 +11:00
Amir Zarrinkafsh 52e6435896
[DOCS] Add Discord badge to README.md (#1542)
* [DOCS] Add Discord badge to README.md

* add to contact section

Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2020-12-16 12:08:51 +11:00
Clément Michaud ea879dc83d
[DOCS] Add a section explaining why Authelia is open source (#1134)
* [DOCS] Add a section explaining why Authelia is open source.

* Apply suggestions from code review

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>

* Move the Why Open Source? section.
2020-06-21 00:37:47 +10:00
Clément Michaud 6f96e4b119
[DOCS] Add FreeBSD Port as deployment option in README (#1133)
* [DOCS] Add FreeBSD Port as deployment option in README.

* Apply suggestions from code review

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-06-21 00:22:15 +10:00
fossabot fdb7edb054
[MISC] Add license scan report and status (#1064)
* Add license scan report and status

Signed off by: fossabot <badges@fossa.com>

* Update README.md

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-06-02 10:09:31 +10:00
Clément Michaud d6bea97a93
[DOCS] Add a roadmap section to the documentation. (#1062)
* [DOCS] Add a roadmap section to the documentation.

Adding the roadmap will likely help people figure out what are the next big
topics that might be missing for them to take the leap and use Authelia.
Maybe some users are also waiting for a feature to unlock some use cases.

* Apply suggestions from code review

Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2020-06-01 16:55:58 +10:00
James Elliott 3f374534ab
[FEATURE] Automatic Profile Refresh - LDAP (#912)
* [FIX] LDAP Not Checking for Updated Groups

* refactor handlers verifyFromSessionCookie
* refactor authorizer selectMatchingObjectRules
* refactor authorizer isDomainMatching
* add authorizer URLHasGroupSubjects method
* add user provider ProviderType method
* update tests
* check for new LDAP groups and update session when:
  * user provider type is LDAP
  * authorization is forbidden
  * URL has rule with group subjects

* Implement Refresh Interval

* add default values for LDAP user provider
* add default for refresh interval
* add schema validator for refresh interval
* add various tests
* rename hasUserBeenInactiveLongEnough to hasUserBeenInactiveTooLong
* use Authelia ctx clock
* add check to determine if user is deleted, if so destroy the
* make ldap user not found error a const
* implement GetRefreshSettings in mock

* Use user not found const with FileProvider
* comment exports

* use ctx.Clock instead of time pkg

* add debug logging

* use ptr to reference userSession so we don't have to retrieve it again

* add documenation
* add check for 0 refresh interval to reduce CPU cost
* remove badly copied debug msg

* add group change delta message

* add SliceStringDelta
* refactor ldap refresh to use the new func

* improve delta add/remove log message

* fix incorrect logic in SliceStringDelta
* add tests to SliceStringDelta

* add always config option
* add tests for always config option
* update docs

* apply suggestions from code review

Co-Authored-By: Amir Zarrinkafsh <nightah@me.com>

* complete mocks and fix an old one
* show warning when LDAP details failed to update for an unknown reason

* golint fix

* actually fix existing mocks

* use mocks for LDAP refresh testing

* use mocks for LDAP refresh testing for both added and removed groups

* use test mock to verify disabled refresh behaviour
* add information to threat model
* add time const for default Unix() value

* misc adjustments to mocks

* Suggestions from code review

* requested changes
* update emails
* docs updates
* test updates
* misc

* golint fix

* set debug for dev testing

* misc docs and logging updates

* misc grammar/spelling

* use built function for VerifyGet

* fix reviewdog suggestions

* requested changes

* Apply suggestions from code review

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
2020-05-04 21:39:25 +02:00
James Elliott e95c6a294d
[HOTFIX] Prevent Username Enumeration (#950)
* [HOTFIX] Prevent Username Enumeration

* thanks to TheHllm for identifying the bug: https://github.com/TheHllm
* temporarily prevents username enumeration with file auth
* proper calculated and very slightly random fix to come

* closely replicate behaviour

* allow error to bubble up

* Synchronize security documentation.

Co-authored-by: Clement Michaud <clement.michaud34@gmail.com>
2020-05-02 00:32:09 +02:00
Clément Michaud f92480b44b
[DOCS] Add SECURITY.md and update README.md. (#906)
* Add SECURITY.md and update README.md.

* Align README.md and SECURITY.md with the security documentation.
2020-04-24 10:29:30 +10:00
Amir Zarrinkafsh 9eb9d107f1
[DEPRECATE] Remove migration tools from latest version of Authelia (#894)
* [DEPRECATE] Remove migration tools from latest version of Authelia
Also update references to point to container version 4.14.2 for any of the migration examples.

* [DOCS] Remove v4 release statement in README.md
2020-04-22 13:55:30 +10:00
jess aae665eff2
[MISC] Activating Open Collective (#601)
* Added financial contributors to the README

* Update README.md

* Update README.md

* Add logos to README.md

* Update README.md

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
2020-04-09 00:10:33 +02:00
Amir Zarrinkafsh a71ca1903d
[RELEASE] v4.11.0 (#810) 2020-04-01 10:53:48 +11:00
Amir Zarrinkafsh 5fc3b26cf5
[RELEASE] v4.10.0 (#799) 2020-03-31 12:04:22 +11:00
Amir Zarrinkafsh 6f116202f4
[RELEASE] v4.9.1 (#790) 2020-03-28 19:53:03 +11:00
Amir Zarrinkafsh 85cd75ffdf
[DOCS] Minor tweaks for compose bundles (#786) 2020-03-27 11:51:16 +11:00
Amir Zarrinkafsh e843a52a04
[Docker] Include docker-compose.yml examples to run Authelia (#642)
* [Docker] Create Lite docker-compose.yml example

* [Docker] Update README.md with 3 compose bundles {Local,Lite,Full}

* [DOCS] Update Traefik2 proxy example

* [Docker] Create Local docker-compose.yml example

* [MISC] Update examples to utilise Traefik 2.2
This change enables global http -> https redirection.

* [Docker] Update Local compose to utilise loopback address

* [Docker] Drop compose version to 3.3 to cater for more distros

* [DOCS] Adjust Getting Started

* [Docker] Tweak Local bundle setup for OSX

* [Docker] Optimise setup.sh for Local bundle

* [Docker] Fix read-only mounting of user database

* [DOCS] Implement feedback for compose bundles

* [DOCS] Provide feedback on self-signed certificates

* [DOCS] Implement additional feedback for compose bundles

Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
2020-03-27 10:43:10 +11:00
James Elliott c366233152
[RELEASE] v4.9.0 (#780) 2020-03-25 13:24:12 +11:00
Clément Michaud 8dc1f898d8
[RELEASE] v4.8.0 (#765) 2020-03-21 15:22:49 +01:00
Amir Zarrinkafsh 4f95865d56
[RELEASE] v4.7.2 (#714) 2020-03-16 20:32:06 +11:00
Amir Zarrinkafsh 7145ccc228
[RELEASE] v4.7.1 (#712) 2020-03-15 23:41:56 +11:00
Amir Zarrinkafsh c575fda619
[RELEASE] v4.7.0 (#708) 2020-03-15 19:07:02 +11:00
Clément Michaud aea1728afc
[RELEASE] v4.6.0 (#688) 2020-03-06 22:26:25 +01:00
James Elliott c358ccca51
[RELEASE] v4.5.1 (#672) 2020-03-01 12:51:26 +11:00
Clément Michaud b5a9e0f047
[DOCS] Update links in README to reference docs.authelia.com. (#667)
* [DOCS] Update links in README to reference docs.authelia.com.

* Move report section of security to the top level page.

* Fix ordering of sub-pages of 2FA feature.
2020-03-01 00:27:23 +01:00
Amir Zarrinkafsh ac313ac89b
[DOCS] Update from Microbadger to shields.io docker badges (#666) 2020-03-01 00:12:23 +11:00
Clément Michaud 70866825c4
[DOCS] Add pointer to the documentation in README. (#663) 2020-02-29 23:22:43 +11:00
Clément Michaud 7102b258a1
[RELEASE] v4.5.0 (#657) 2020-02-28 01:23:53 +01:00
Amir Zarrinkafsh fc526bc927
[RELEASE] 4.4.0 2020-02-19 10:01:34 +11:00
Amir Zarrinkafsh f1a89de2e7
[MISC] Restructure repo folder layout (#628) 2020-02-09 18:04:27 +01:00
Clément Michaud c2c4d9da79
Add a goreport card badge (#627) 2020-02-07 17:59:12 +01:00