342497a869
refactor(server): use errgroup to supervise services ( #3755 )
...
Uses the errgroup package and pattern for supervising services like servers etc.
2022-08-09 07:50:12 +10:00
2d26b4e115
refactor: fix linter directives for go 1.19 and golangci-lint 1.48.0 ( #3798 )
2022-08-07 11:24:00 +10:00
df016be29e
fix(notification): incorrect date header format ( #3684 )
...
* fix(notification): incorrect date header format
The date header in the email envelopes was incorrectly formatted missing a space between the `Date:` header and the value of this header. This also refactors the notification templates system allowing people to manually override the envelope itself.
* test: fix tests and linting issues
* fix: misc issues
* refactor: misc refactoring
* docs: add example for envelope with message id
* refactor: organize smtp notifier
* refactor: move subject interpolation
* refactor: include additional placeholders
* docs: fix missing link
* docs: gravity
* fix: rcpt to command
* refactor: remove mid
* refactor: apply suggestions
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
* refactor: include pid
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2022-07-18 10:56:09 +10:00
f115f77df8
fix(web): offline_access consent description ( #3679 )
2022-07-11 16:24:09 +10:00
03d56a31ad
refactor: address code review ( #3675 )
...
Addresses code review for #3653 .
2022-07-08 20:56:22 +10:00
290a38e424
fix(configuration): address parsing failure ( #3653 )
...
This fixes an issue with parsing address types from strings.
2022-07-05 14:43:12 +10:00
beeb9eae90
docs: fix config template lint ( #3618 )
2022-06-28 17:28:49 +10:00
f355a45ff3
fix(configuration): storage encryption_key required log grammar issue ( #3617 )
2022-06-28 17:13:47 +10:00
e1ee5a5d07
fix(configuration): missing password_reset disable key ( #3616 )
2022-06-28 16:41:30 +10:00
2b6b6ef1f0
docs: roadmap permalinks ( #3614 )
2022-06-28 13:55:50 +10:00
d2f1e5d36d
feat(configuration): automatically map old keys ( #3199 )
...
This performs automatic remapping of deprecated configuration keys in most situations.
2022-06-28 13:15:50 +10:00
e2e1d6d30b
docs: update integration guides to reference get started ( #3573 )
2022-06-22 22:58:23 +10:00
25b5c1ee2e
feat(authentication): unauthenticated ldap bind ( #3291 )
...
This allows configuring unauthenticated LDAP binding.
2022-06-17 21:03:47 +10:00
b2c60ef898
feat: major documentation refresh ( #3475 )
...
This marks the launch of the new documentation website.
2022-06-15 17:51:47 +10:00
5304178165
ci: add dedicated authelia-gen command ( #3463 )
...
Adds a dedicated authelia code/doc gen command.
2022-06-14 22:40:00 +10:00
001589cd6d
feat(metrics): implement prometheus metrics ( #3234 )
...
Adds ability to record metrics and gather them for Prometheus.
2022-06-14 17:20:13 +10:00
2037a0ee4f
fix(commands): hash-password usage instructions ( #3437 )
...
This fixes the hash-password usage instructions and ensures it uses mostly a configuration source based config. In addition it updates our recommended argon2id parameters with the RFC recommendations.
2022-06-02 09:18:45 +10:00
c7d992f341
fix(authentication): follow ldap referrals ( #3251 )
...
This ensures we are able to follow referrals for LDAP password modify operations when permit_referrals is true.
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2022-05-02 11:51:38 +10:00
e99fb7a08f
feat(configuration): configurable default second factor method ( #3081 )
...
This allows configuring the default second factor method.
2022-04-18 09:58:24 +10:00
e56690c2df
refactor(configuration): ensure all keys are validated ( #3208 )
...
This ensures keys that exist in slices are validated.
2022-04-16 20:48:07 +10:00
dc7ca6f03c
refactor: introduce config key gen ( #3206 )
...
This adjusts the validated keys to utilize a generated code section.
2022-04-16 19:00:39 +10:00
5aa25ec275
fix(configuration): missing valid keys ( #3207 )
...
This fixes an issue with three missing config keys.
2022-04-16 17:49:13 +10:00
4710de33a4
refactor(configuration): remove ptr for duoapi and notifier ( #3200 )
...
This adds to the ongoing effort to remove all pointers to structs in the configuration without breaking backwards compatibility.
2022-04-16 09:34:26 +10:00
92aba8eb0b
feat(server): zxcvbn password policy server side ( #3151 )
...
This is so the zxcvbn ppolicy is checked on the server.
2022-04-15 19:30:51 +10:00
9d5ac4526e
fix(configuration): remove unused password policy option ( #3149 )
...
Removes the min score option from the ZXCVBN policy and adds tests.
2022-04-09 09:21:49 +10:00
44bd70712c
fix(configuration): sector identifier not parsed correctly ( #3142 )
...
This fixes an issue preventing the sector identifier for OpenID Connect clients from being parsed.
2022-04-08 17:38:38 +10:00
66a450ed38
feat(oidc): pre-configured consent ( #3118 )
...
Allows users to pre-configure consent if enabled by the client configuration by selecting a checkbox during consent.
Closes #2598
2022-04-08 15:35:21 +10:00
9b6bcca1ba
feat(totp): secret customization ( #2681 )
...
Allow customizing the shared secrets size specifically for apps which don't support 256bit shared secrets.
2022-04-08 09:01:01 +10:00
8bb8207808
feat(oidc): pairwise subject identifiers ( #3116 )
...
Allows configuring clients with a sector identifier to allow pairwise subject types.
2022-04-07 16:13:01 +10:00
0a970aef8a
feat(oidc): persistent storage ( #2965 )
...
This moves the OpenID Connect storage from memory into the SQL storage, making it persistent and allowing it to be used with clustered deployments like the rest of Authelia.
2022-04-07 15:33:53 +10:00
06fd7105ea
refactor(templates): utilize more accurate naming ( #3125 )
2022-04-07 13:05:20 +10:00
4ebd8fdf4e
feat(oidc): provide cors config including options handlers ( #3005 )
...
This adjusts the CORS headers appropriately for OpenID Connect. This includes responding to OPTIONS requests appropriately. Currently this is only configured to operate when the Origin scheme is HTTPS; but can easily be expanded in the future to include additional Origins.
2022-04-07 10:58:51 +10:00
3ca438e3d5
feat: implement mutual tls in the web server ( #3065 )
...
Mutual TLS helps prevent untrusted clients communicating with services like Authelia. This can be utilized to reduce the attack surface.
Fixes #3041
2022-04-05 09:57:47 +10:00
a2eb0316c8
feat(web): password reset custom url ( #3111 )
...
This allows providing a custom URL for password resets. If provided the disable_reset_password option is ignored, the password reset API is disabled, and the button provided in the UI to reset the password redirects users to the configured endpoint.
Closes #1934 , Closes #2854
Co-authored-by: you1996 <youssri@flyweight.tech>
2022-04-04 17:46:55 +10:00
7230db7cea
refactor(configuration): decode_hooks blackbox and better testing ( #3097 )
2022-04-03 22:44:52 +10:00
bfd5d66ed8
feat(notification): password reset notification custom templates ( #2828 )
...
Implemented a system to allow overriding email templates, including the remote IP, and sending email notifications when the password was reset successfully.
Closes #2755 , Closes #2756
Co-authored-by: Manuel Nuñez <@mind-ar>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2022-04-03 22:24:51 +10:00
9e05066097
refactor(handlers): ppolicy ( #3103 )
...
Add tests and makes the password policy a provider so the configuration can be loaded to memory on startup.
2022-04-03 21:58:27 +10:00
36cf662458
refactor: misc password policy refactoring ( #3102 )
...
Add tests and makes the password policy a provider so the configuration can be loaded to memory on startup.
2022-04-03 10:48:26 +10:00
8659ba394d
feat(authentication): password policy ( #2723 )
...
Implement a password policy with visual feedback in the web portal.
Co-authored-by: Manuel Nuñez <@mind-ar>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2022-04-03 08:32:57 +10:00
4d7f930e74
docs: fix regex examples ( #3094 )
2022-04-02 16:41:16 +11:00
3c1bb3ec19
feat(authorization): domain regex match with named groups ( #2789 )
...
This adds an option to match domains by regex including two special named matching groups. User matches the username of the user, and Group matches the groups a user is a member of. These are both case-insensitive and you can see examples in the docs.
2022-04-01 22:38:49 +11:00
b2d35d88ec
feat(configuration): allow rfc4918 http verbs in acl ( #2988 )
...
This allows the HTTP Method verbs from RFC4918 to be used. See https://datatracker.ietf.org/doc/html/rfc4918 for more information.
2022-04-01 21:53:10 +11:00
a0bffe39fc
fix(configuration): expvars and pprof mapped incorrectly ( #3068 )
...
This fixes the configuration mapping of the server enable_pprof and enable_expvars values.
2022-03-28 13:06:31 +11:00
05b8caa711
fix(configuration): incorrect key validation names ( #3033 )
...
This fixes an issue with key validation slice that has missing or extra keys that are not needed.
2022-03-17 23:20:49 +11:00
e65a64c9af
fix(configuration): missing sentinel_username key in validator ( #3027 )
...
This fixes an issue where the sentinel_username is not configurable.
2022-03-17 14:01:31 +11:00
dbe290a1c9
refactor: include url hook func ( #3022 )
...
This adds a hook func for url.URL and *url.URL types to the configuration.
2022-03-16 16:16:46 +11:00
b43ee50368
fix(configuration): remember me duration disabled impossible ( #2997 )
...
This fixes an issue not properly resolved by db6dd32151
2022-03-13 13:51:23 +11:00
db6dd32151
fix(configuration): cannot disable remember me ( #2985 )
...
This allows users to disable remember me again.
2022-03-10 09:01:04 +11:00
6a1c5ed533
fix(configuration): invalid password algorithm tag ( #2972 )
...
This fixes a configuration parsing issue that could potentially occur if we were to change the internal name of the struct field.
2022-03-07 00:01:46 +11:00
1c1030c742
fix(configuration): time duration decode hook panic ( #2960 )
...
This fixes a potential panic in the time duration decode hook when the YAML value is a zero integer.
2022-03-05 16:51:41 +11:00
James Elliott
Amir Zarrinkafsh
Clément Michaud
Manuel Nuñez