Commit Graph

85 Commits (7fdcc351d4a5d143ec2823e6331de12274c90532)

Author SHA1 Message Date
James Elliott 7fdcc351d4
Merge remote-tracking branch 'origin/master' into feat-settings-ui
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>

# Conflicts:
#	internal/handlers/handler_register_webauthn.go
#	internal/handlers/webauthn.go
#	internal/handlers/webauthn_test.go
#	internal/mocks/storage.go
#	internal/model/webauthn.go
#	internal/storage/provider.go
#	internal/storage/sql_provider.go
#	web/package.json
#	web/pnpm-lock.yaml
#	web/src/layouts/LoginLayout.tsx
2023-04-11 21:34:45 +10:00
James Elliott 157675f1f3
docs: adjust references of webauthn (#5203)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-10 17:01:23 +10:00
James Elliott 928df8a698
Merge remote-tracking branch 'origin/master' into feat-oidc-auth-mode
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>

# Conflicts:
#	internal/configuration/validator/const.go
2023-04-09 13:19:29 +10:00
James Elliott fa250ea7dd
fix(storage): postgresql webauthn tbl invalid aaguid constraint (#5183)
This fixes an issue with the PostgreSQL schema where the webauthn tables aaguid column had a NOT NULL constraint erroneously.

Fixes #5182

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-08 11:36:34 +10:00
James Elliott b6883a337f
Merge origin/master into feat-settings-ui 2023-03-07 10:12:49 +11:00
James Elliott ff6be40f5e
feat(oidc): pushed authorization requests (#4546)
This implements RFC9126 OAuth 2.0 Pushed Authorization Requests. See https://datatracker.ietf.org/doc/html/rfc9126 for the specification details.
2023-03-06 14:58:50 +11:00
James Elliott ea2350f0e4
refactor: down migrations 2023-02-19 14:59:45 +11:00
James Elliott a3d7212f23
test: fix test 2023-02-19 14:08:18 +11:00
James Elliott 5be5de02d8
feat: webauthn users 2023-02-17 06:40:40 +11:00
James Elliott e84ca4956a
refactor: sql updates 2023-02-14 23:35:15 +11:00
James Elliott 526dd8347d
fix: misc 2023-02-12 23:12:31 +11:00
James Elliott 7e56cf2d15
test(suites): fix postgres 2023-02-12 12:48:39 +11:00
James Elliott be21d73c72
fix: sql migration 2023-02-12 12:25:15 +11:00
James Elliott 3b6f5482b8
fix: multi-cookie domain webauthn 2023-02-12 02:47:03 +11:00
James Elliott dd781ffc51
refactor: adjust settings components 2022-12-31 18:27:43 +11:00
James Elliott 67381b1318
fix: no webauthn devices doesn't display correctly (#4537)
* fix: no webauthn devices doesn't display correctly

* refactor: factorize
2022-12-12 12:21:27 +11:00
James Elliott 133f1626ab
Merge remote tracking branch 'origin/master' into feat-settings-ui 2022-11-30 10:00:33 +11:00
James Elliott 3e4ac7821d
refactor: remove pre1 migration path (#4356)
This removes pre1 migrations and improves a lot of tooling.
2022-11-25 23:44:55 +11:00
James Elliott 5d1b840e2b
refactor: merge master and fix missing rebinds (#4404)
* build(deps): update module github.com/jackc/pgx/v5 to v5.1.0 (#4365)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* docs: add smkent as a contributor for code, design, and ideas (#4367)

* update README.md

* update .all-contributorsrc

Co-authored-by: allcontributors[bot] <46447321+allcontributors[bot]@users.noreply.github.com>

* build(deps): update module github.com/ory/fosite to v0.43.0 (#4269)

This updates fosite and refactors our usage out of compose.

* refactor(cmd): restrict bootstrap pnpm tasks to dev environment (#4370)

* build(deps): update alpine docker tag to v3.16.3 (#4362)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* build(deps): update module github.com/ory/x to v0.0.514 (#4368)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* refactor: sql formatting (#4371)

* refactor: sql spacing

* refactor editor config

* docs: clarify cloudflare docs (#4373)

* build(deps): update dependency @types/react-dom to v18.0.9 (#4379)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* build(deps): update typescript-eslint monorepo to v5.43.0 (#4380)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* build(deps): update dependency @types/jest to v29.2.3 (#4381)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* build(deps): update dependency esbuild to v0.15.14 (#4383)

* build(deps): update material-ui monorepo to v5.10.14 (#4385)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* build(deps): update dependency vite to v3.2.4 (#4386)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* build(deps): update font awesome to v6.2.1 (#4389)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* build(deps): update dependency typescript to v4.9.3 (#4390)

* docs: adjust issue templates (#4391)

* docs: adjust issue templates

* docs: adjust wording

* build(deps): update dependency jest-watch-typeahead to v2.2.1 (#4392)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* build(deps): update dependency i18next to v22.0.6 (#4395)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* build(deps): update github.com/duosecurity/duo_api_golang digest to 091daa0 (#4396)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* build(deps): update traefik docker tag to v2.9.5 (#4398)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* build(deps): update module github.com/jackc/pgx/v5 to v5.1.1 (#4400)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* build(deps): update mariadb docker tag to v10.10.2 (#4399)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* build(deps): update dependency eslint-plugin-react to v7.31.11 (#4401)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* build(deps): update dependency eslint to v8.28.0 (#4402)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* fix(storage): schema inconsistency (#4262)

* fix: missing pg rebinds

* fix: refactoring issues

* fix: refactoring issues

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: allcontributors[bot] <46447321+allcontributors[bot]@users.noreply.github.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2022-11-19 17:42:03 +11:00
Stephen Kent 2584e3d328
feat: move webauthn device enrollment flow to new settings ui (#4376)
The current 2-factor authentication method registration flow requires
email verification for both initial 2FA registration, and 2FA
re-registration even if the user is already logged in with 2FA.

This change removes email ID verification for users who are already
logged in with 2-factor authentication. Users who have only completed
first factor authentication (password) are still required to complete
email ID verification.
2022-11-19 16:48:47 +11:00
James Elliott 194d34106e
fix(storage): schema inconsistency (#4262) 2022-11-19 16:47:09 +11:00
James Elliott 36dbc96b14
refactor: sql formatting (#4371)
* refactor: sql spacing

* refactor editor config
2022-11-14 12:54:30 +11:00
James Elliott ad68f33aeb
build(deps): update module github.com/ory/fosite to v0.43.0 (#4269)
This updates fosite and refactors our usage out of compose.
2022-11-13 14:26:10 +11:00
James Elliott 53c1b645ee
fix(storage): postgresql default port incorrect (#4251)
This fixes a typo with the default port for PostgreSQL in 4.37.

Fixes #4249
2022-10-24 06:09:38 +11:00
James Elliott 69c4c02d03
feat(storage): tls connection support (#4233)
This adds support to PostgreSQL and MySQL to connect via TLS via the standard TLS configuration options.
2022-10-22 19:27:59 +11:00
James Elliott 1ea29cb2c2
feat(storage): unix socket support (#4231)
Support for unix sockets for MySQL and PostgreSQL.
2022-10-22 16:41:27 +11:00
James Elliott 1d821a0d3a
fix(storage): mysql timestamp parsed incorrectly (#4230)
The timestamps in MySQL were not being parsed correctly. The driver treats all timestamp and datetime objects the same which is not correct.
2022-10-22 15:25:12 +11:00
James Elliott 3aaca0604f
feat(oidc): implicit consent (#4080)
This adds multiple consent modes to OpenID Connect clients. Specifically it allows configuration of a new consent mode called implicit which never asks for user consent.
2022-10-20 13:16:36 +11:00
James Elliott 24e41aed84
feat(commands): add webauthn device commands (#3671) 2022-10-19 18:17:55 +11:00
James Elliott 2325031052
refactor: clean up uri checking functions (#3943) 2022-09-03 11:51:02 +10:00
Amir Zarrinkafsh 2d26b4e115
refactor: fix linter directives for go 1.19 and golangci-lint 1.48.0 (#3798) 2022-08-07 11:24:00 +10:00
James Elliott b2cbcf3913
fix(handlers): consent session prevents standard flow (#3668)
This fixes an issue where consent sessions prevent the standard workflow.
2022-07-26 15:43:39 +10:00
andreas-berg af64f83506
fix(storage): typo in oidc update query (#3535)
This fixes an erroneous quotation mark in one of the OpenID Connect SQL Queries.

Fixes #3534
2022-06-17 20:14:33 +10:00
James Elliott 555746e771
refactor: exclude id from sqlite3 migration (#3242)
* refactor: exclude id from sqlite3 table recreate

* docs: add migration docs
2022-04-25 21:11:56 +10:00
James Elliott 861bcc898f
refactor: ensure bad consent sessions and identifiers are deleted (#3241) 2022-04-25 17:53:38 +10:00
James Elliott abf1c86ab9
fix(oidc): subject generated for anonymous users (#3238)
Fix and issue that would prevent a correct ID Token from being generated for users who start off anonymous. This also avoids generating one in the first place for anonymous users.
2022-04-25 10:31:05 +10:00
James Elliott 5a0a15f377
feat(commands): user opaque identifiers commands (#3144)
Add commands for handling user opaque identifiers.
2022-04-09 17:13:19 +10:00
James Elliott 0a970aef8a
feat(oidc): persistent storage (#2965)
This moves the OpenID Connect storage from memory into the SQL storage, making it persistent and allowing it to be used with clustered deployments like the rest of Authelia.
2022-04-07 15:33:53 +10:00
James Elliott 70ab8aab15
fix(web): show appropriate default and available methods (#2999)
This ensures that; the method set when a user does not have a preference is a method that is available, that if a user has a preferred method that is not available it is changed to an enabled method with preference put on methods the user has configured, that the frontend does not show the method selection option when only one method is available.
2022-03-28 12:26:30 +11:00
James Elliott 14ad07ffa2
fix(oidc): userinfo jti claim potential panic (#3017)
This fixes a usage of uuid.New() which can potentially panic. Instead we use a uuid.NewRandom() which also generates a UUID V4 instead of a UUID V1. In addition all uuid.NewUUID() calls have been replaced by uuid.NewRandom().
2022-03-16 11:29:46 +11:00
James Elliott 6d937cf6cc
refactor(model): rename from models (#2968) 2022-03-06 16:47:40 +11:00
James Elliott 204cef4d03
fix(storage): webauthn kid too short for some devices (#2957)
This fixes an issue that may cause the kid length of a webauthn device to exceed that length allowed by the database column.
2022-03-04 21:21:08 +11:00
James Elliott 8f05846e21
feat: webauthn (#2707)
This implements Webauthn. Old devices can be used to authenticate via the appid compatibility layer which should be automatic. New devices will be registered via Webauthn, and devices which do not support FIDO2 will no longer be able to be registered. At this time it does not fully support multiple devices (backend does, frontend doesn't allow registration of additional devices). Does not support passwordless.
2022-03-03 22:20:43 +11:00
James Elliott d867fa1a63
fix(storage): return reason for identity verification not being found (#2937)
This includes the reason a token was not found during the identity verification process.
2022-03-02 16:33:47 +11:00
James Elliott 1772a83190
refactor: apply godot recommendations (#2839) 2022-01-31 16:25:15 +11:00
James Elliott d103585aba
fix(storage): use boolean instead of integer (#2776)
This fixes an issue where an integer is used instead of a boolean.
2022-01-13 01:42:41 +11:00
James Elliott c01759715c
fix(models): potential panic generating jti (#2669)
This ensures that at the time the JWT is generated for identity verification requests that a panic can't occur and instead an error will be returned.
2021-12-04 15:48:22 +11:00
James Elliott 5a223b5a56
fix(storage): don't check exp against time using sql (#2676)
This is already checked by JWT validation. There is no need and it's leading to timezone issues.

Fixes #2672
2021-12-04 15:34:20 +11:00
James Elliott 95a5e326a5
fix(storage): postgres schema hardcoded for tables query (#2667)
This removes the hardcoded schema value from the PostgreSQL existing tables query, making it compatible with the new schema config option.
2021-12-03 17:29:55 +11:00
James Elliott 255aaeb2ad
feat(storage): encrypt u2f key (#2664)
Adds encryption to the U2F public keys. While the public keys cannot be used to authenticate, only to validate someone is authenticated, if a rogue operator changed these in the database they may be able to bypass 2FA. This prevents that.
2021-12-03 11:04:11 +11:00