James Elliott
b6883a337f
Merge origin/master into feat-settings-ui
2023-03-07 10:12:49 +11:00
James Elliott
ff6be40f5e
feat(oidc): pushed authorization requests ( #4546 )
...
This implements RFC9126 OAuth 2.0 Pushed Authorization Requests. See https://datatracker.ietf.org/doc/html/rfc9126 for the specification details.
2023-03-06 14:58:50 +11:00
James Elliott
ea2350f0e4
refactor: down migrations
2023-02-19 14:59:45 +11:00
James Elliott
a3d7212f23
test: fix test
2023-02-19 14:08:18 +11:00
James Elliott
5be5de02d8
feat: webauthn users
2023-02-17 06:40:40 +11:00
James Elliott
e84ca4956a
refactor: sql updates
2023-02-14 23:35:15 +11:00
James Elliott
526dd8347d
fix: misc
2023-02-12 23:12:31 +11:00
James Elliott
7e56cf2d15
test(suites): fix postgres
2023-02-12 12:48:39 +11:00
James Elliott
be21d73c72
fix: sql migration
2023-02-12 12:25:15 +11:00
James Elliott
3b6f5482b8
fix: multi-cookie domain webauthn
2023-02-12 02:47:03 +11:00
James Elliott
dd781ffc51
refactor: adjust settings components
2022-12-31 18:27:43 +11:00
James Elliott
67381b1318
fix: no webauthn devices doesn't display correctly ( #4537 )
...
* fix: no webauthn devices doesn't display correctly
* refactor: factorize
2022-12-12 12:21:27 +11:00
James Elliott
133f1626ab
Merge remote tracking branch 'origin/master' into feat-settings-ui
2022-11-30 10:00:33 +11:00
James Elliott
3e4ac7821d
refactor: remove pre1 migration path ( #4356 )
...
This removes pre1 migrations and improves a lot of tooling.
2022-11-25 23:44:55 +11:00
James Elliott
5d1b840e2b
refactor: merge master and fix missing rebinds ( #4404 )
...
* build(deps): update module github.com/jackc/pgx/v5 to v5.1.0 (#4365 )
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* docs: add smkent as a contributor for code, design, and ideas (#4367 )
* update README.md
* update .all-contributorsrc
Co-authored-by: allcontributors[bot] <46447321+allcontributors[bot]@users.noreply.github.com>
* build(deps): update module github.com/ory/fosite to v0.43.0 (#4269 )
This updates fosite and refactors our usage out of compose.
* refactor(cmd): restrict bootstrap pnpm tasks to dev environment (#4370 )
* build(deps): update alpine docker tag to v3.16.3 (#4362 )
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* build(deps): update module github.com/ory/x to v0.0.514 (#4368 )
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* refactor: sql formatting (#4371 )
* refactor: sql spacing
* refactor editor config
* docs: clarify cloudflare docs (#4373 )
* build(deps): update dependency @types/react-dom to v18.0.9 (#4379 )
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* build(deps): update typescript-eslint monorepo to v5.43.0 (#4380 )
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* build(deps): update dependency @types/jest to v29.2.3 (#4381 )
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* build(deps): update dependency esbuild to v0.15.14 (#4383 )
* build(deps): update material-ui monorepo to v5.10.14 (#4385 )
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* build(deps): update dependency vite to v3.2.4 (#4386 )
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* build(deps): update font awesome to v6.2.1 (#4389 )
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* build(deps): update dependency typescript to v4.9.3 (#4390 )
* docs: adjust issue templates (#4391 )
* docs: adjust issue templates
* docs: adjust wording
* build(deps): update dependency jest-watch-typeahead to v2.2.1 (#4392 )
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* build(deps): update dependency i18next to v22.0.6 (#4395 )
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* build(deps): update github.com/duosecurity/duo_api_golang digest to 091daa0 (#4396 )
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* build(deps): update traefik docker tag to v2.9.5 (#4398 )
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* build(deps): update module github.com/jackc/pgx/v5 to v5.1.1 (#4400 )
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* build(deps): update mariadb docker tag to v10.10.2 (#4399 )
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* build(deps): update dependency eslint-plugin-react to v7.31.11 (#4401 )
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* build(deps): update dependency eslint to v8.28.0 (#4402 )
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* fix(storage): schema inconsistency (#4262 )
* fix: missing pg rebinds
* fix: refactoring issues
* fix: refactoring issues
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: allcontributors[bot] <46447321+allcontributors[bot]@users.noreply.github.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2022-11-19 17:42:03 +11:00
Stephen Kent
2584e3d328
feat: move webauthn device enrollment flow to new settings ui ( #4376 )
...
The current 2-factor authentication method registration flow requires
email verification for both initial 2FA registration, and 2FA
re-registration even if the user is already logged in with 2FA.
This change removes email ID verification for users who are already
logged in with 2-factor authentication. Users who have only completed
first factor authentication (password) are still required to complete
email ID verification.
2022-11-19 16:48:47 +11:00
James Elliott
194d34106e
fix(storage): schema inconsistency ( #4262 )
2022-11-19 16:47:09 +11:00
James Elliott
36dbc96b14
refactor: sql formatting ( #4371 )
...
* refactor: sql spacing
* refactor editor config
2022-11-14 12:54:30 +11:00
James Elliott
ad68f33aeb
build(deps): update module github.com/ory/fosite to v0.43.0 ( #4269 )
...
This updates fosite and refactors our usage out of compose.
2022-11-13 14:26:10 +11:00
James Elliott
53c1b645ee
fix(storage): postgresql default port incorrect ( #4251 )
...
This fixes a typo with the default port for PostgreSQL in 4.37.
Fixes #4249
2022-10-24 06:09:38 +11:00
James Elliott
69c4c02d03
feat(storage): tls connection support ( #4233 )
...
This adds support to PostgreSQL and MySQL to connect via TLS via the standard TLS configuration options.
2022-10-22 19:27:59 +11:00
James Elliott
1ea29cb2c2
feat(storage): unix socket support ( #4231 )
...
Support for unix sockets for MySQL and PostgreSQL.
2022-10-22 16:41:27 +11:00
James Elliott
1d821a0d3a
fix(storage): mysql timestamp parsed incorrectly ( #4230 )
...
The timestamps in MySQL were not being parsed correctly. The driver treats all timestamp and datetime objects the same which is not correct.
2022-10-22 15:25:12 +11:00
James Elliott
3aaca0604f
feat(oidc): implicit consent ( #4080 )
...
This adds multiple consent modes to OpenID Connect clients. Specifically it allows configuration of a new consent mode called implicit which never asks for user consent.
2022-10-20 13:16:36 +11:00
James Elliott
24e41aed84
feat(commands): add webauthn device commands ( #3671 )
2022-10-19 18:17:55 +11:00
James Elliott
2325031052
refactor: clean up uri checking functions ( #3943 )
2022-09-03 11:51:02 +10:00
Amir Zarrinkafsh
2d26b4e115
refactor: fix linter directives for go 1.19 and golangci-lint 1.48.0 ( #3798 )
2022-08-07 11:24:00 +10:00
James Elliott
b2cbcf3913
fix(handlers): consent session prevents standard flow ( #3668 )
...
This fixes an issue where consent sessions prevent the standard workflow.
2022-07-26 15:43:39 +10:00
andreas-berg
af64f83506
fix(storage): typo in oidc update query ( #3535 )
...
This fixes an erroneous quotation mark in one of the OpenID Connect SQL Queries.
Fixes #3534
2022-06-17 20:14:33 +10:00
James Elliott
555746e771
refactor: exclude id from sqlite3 migration ( #3242 )
...
* refactor: exclude id from sqlite3 table recreate
* docs: add migration docs
2022-04-25 21:11:56 +10:00
James Elliott
861bcc898f
refactor: ensure bad consent sessions and identifiers are deleted ( #3241 )
2022-04-25 17:53:38 +10:00
James Elliott
abf1c86ab9
fix(oidc): subject generated for anonymous users ( #3238 )
...
Fix and issue that would prevent a correct ID Token from being generated for users who start off anonymous. This also avoids generating one in the first place for anonymous users.
2022-04-25 10:31:05 +10:00
James Elliott
5a0a15f377
feat(commands): user opaque identifiers commands ( #3144 )
...
Add commands for handling user opaque identifiers.
2022-04-09 17:13:19 +10:00
James Elliott
0a970aef8a
feat(oidc): persistent storage ( #2965 )
...
This moves the OpenID Connect storage from memory into the SQL storage, making it persistent and allowing it to be used with clustered deployments like the rest of Authelia.
2022-04-07 15:33:53 +10:00
James Elliott
70ab8aab15
fix(web): show appropriate default and available methods ( #2999 )
...
This ensures that; the method set when a user does not have a preference is a method that is available, that if a user has a preferred method that is not available it is changed to an enabled method with preference put on methods the user has configured, that the frontend does not show the method selection option when only one method is available.
2022-03-28 12:26:30 +11:00
James Elliott
14ad07ffa2
fix(oidc): userinfo jti claim potential panic ( #3017 )
...
This fixes a usage of uuid.New() which can potentially panic. Instead we use a uuid.NewRandom() which also generates a UUID V4 instead of a UUID V1. In addition all uuid.NewUUID() calls have been replaced by uuid.NewRandom().
2022-03-16 11:29:46 +11:00
James Elliott
6d937cf6cc
refactor(model): rename from models ( #2968 )
2022-03-06 16:47:40 +11:00
James Elliott
204cef4d03
fix(storage): webauthn kid too short for some devices ( #2957 )
...
This fixes an issue that may cause the kid length of a webauthn device to exceed that length allowed by the database column.
2022-03-04 21:21:08 +11:00
James Elliott
8f05846e21
feat: webauthn ( #2707 )
...
This implements Webauthn. Old devices can be used to authenticate via the appid compatibility layer which should be automatic. New devices will be registered via Webauthn, and devices which do not support FIDO2 will no longer be able to be registered. At this time it does not fully support multiple devices (backend does, frontend doesn't allow registration of additional devices). Does not support passwordless.
2022-03-03 22:20:43 +11:00
James Elliott
d867fa1a63
fix(storage): return reason for identity verification not being found ( #2937 )
...
This includes the reason a token was not found during the identity verification process.
2022-03-02 16:33:47 +11:00
James Elliott
1772a83190
refactor: apply godot recommendations ( #2839 )
2022-01-31 16:25:15 +11:00
James Elliott
d103585aba
fix(storage): use boolean instead of integer ( #2776 )
...
This fixes an issue where an integer is used instead of a boolean.
2022-01-13 01:42:41 +11:00
James Elliott
c01759715c
fix(models): potential panic generating jti ( #2669 )
...
This ensures that at the time the JWT is generated for identity verification requests that a panic can't occur and instead an error will be returned.
2021-12-04 15:48:22 +11:00
James Elliott
5a223b5a56
fix(storage): don't check exp against time using sql ( #2676 )
...
This is already checked by JWT validation. There is no need and it's leading to timezone issues.
Fixes #2672
2021-12-04 15:34:20 +11:00
James Elliott
95a5e326a5
fix(storage): postgres schema hardcoded for tables query ( #2667 )
...
This removes the hardcoded schema value from the PostgreSQL existing tables query, making it compatible with the new schema config option.
2021-12-03 17:29:55 +11:00
James Elliott
255aaeb2ad
feat(storage): encrypt u2f key ( #2664 )
...
Adds encryption to the U2F public keys. While the public keys cannot be used to authenticate, only to validate someone is authenticated, if a rogue operator changed these in the database they may be able to bypass 2FA. This prevents that.
2021-12-03 11:04:11 +11:00
James Elliott
104a61ecd6
refactor(web): only fetch totp conf if required ( #2663 )
...
Prevents the TOTP user config from being requested when the user has not registered or is already authenticated 2FA.
2021-12-02 21:28:16 +11:00
James Elliott
9045b75344
fix(storage): rebind all queries ( #2662 )
...
Fixes an issue in the new storage system. We forgot to rebind a few queries to the PostgreSQL compatible format.
2021-12-02 17:06:04 +11:00
James Elliott
f90ca855e3
feat(storage): postgresql schema and ssl options ( #2659 )
...
Adds the schema name and all ssl options for PostgreSQL. Also a significant refactor of the storage validation process.
2021-12-02 16:36:03 +11:00
James Elliott
a79e4dc592
fix(storage): duo/u2f upsert failure on postgresql ( #2658 )
...
This replaces the standard duo_devices upsert with a PostgreSQL specific one and ensures the u2f_devices upsert uses the new unique key for the ON CONFLICT check.
2021-12-02 15:16:45 +11:00