Commit Graph

1150 Commits (8339b095c951d6c3b1d95277c8cde595da96430a)

Author SHA1 Message Date
Clement Michaud a2258aeb7e 3.16.2 2019-10-28 21:35:43 +01:00
Clement Michaud f86cb05474 Merge tag 'v3.16.1'
3.16.1
2019-10-28 21:34:45 +01:00
Clement Michaud 8d26364787 Remove concurrently package. 2019-10-19 21:25:34 +02:00
snyk-bot 9dec33f23c fix: package.json & package-lock.json to reduce vulnerabilities
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-MONGODB-473855
2019-10-19 18:43:03 +02:00
Clément Michaud eee8c59562
Remove reference to CONTRIBUTORS.md in readme. 2019-10-19 18:34:14 +02:00
Clement Michaud 624a3c740c Remove CONTRIBUTORS.md as the list is provided in Github. 2019-10-19 18:31:11 +02:00
yaleman 73e593d5a7 spelling correction 2019-10-19 18:12:31 +02:00
Clement Michaud cb18a99630 Install xvfb in travis container. 2019-10-19 18:10:23 +02:00
snyk-bot dd6823f227 fix: package.json & package-lock.json to reduce vulnerabilities
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-HELMETCSP-469436
2019-10-19 17:57:40 +02:00
Clement Michaud dd0add9618 Update the footer of emails sent after request initiation. 2019-09-26 17:33:07 +02:00
Clement Michaud 8984e0a980 3.16.1 2019-09-26 00:22:54 +02:00
Clement Michaud f6cc88eb86 Update NPM api key. 2019-09-26 00:22:39 +02:00
Clement Michaud 828baab6b1 3.16.0 2019-09-25 23:56:20 +02:00
Clement Michaud f95515f912 Add changelog for 3.16.0. 2019-09-25 23:56:20 +02:00
Clement Michaud 5fb47ac848 Fix security issue with handlebars. 2019-09-25 22:03:59 +02:00
Nain Tornez 190e85a79d docs: fix urls 2019-09-25 20:51:31 +02:00
Callan Bryant fbe7b77bce Update vulnerable dependencies
* lodash
* mixin-deep
* set-value
* union-value

NPM also updated the schema of package-lock.json.
2019-07-29 14:55:24 +02:00
Max Planck e40777735b Use Node 8.7 to be in line with current master 2019-07-03 17:23:52 +02:00
Max Planck 81e39b93b6 Added the ability for users to configure a CA when using ldaps 2019-07-03 17:23:52 +02:00
Clement Michaud 4979f2bd2d Remove tests with dockerhub image. 2019-06-28 22:40:06 +02:00
Max Planck 21d55a027d Added debugging logging output to track down
*domain mismatches
*session cookie issues
2019-06-07 17:39:04 +02:00
Max Planck 80b1428849 Added environment variable parsing for:
*session secret
*e-mail service password
*smtp server password
*duo-auth api secret key
*ldap bind password
These still need to be specified in the configuration file
but can have dummy values there while the real values are
passed in via environment variables.
2019-06-07 17:39:04 +02:00
Max Planck cb4eb710fb Added ldap password environment variable. 2019-06-07 17:39:04 +02:00
Clément Michaud 8478216e5d
Update README.md 2019-04-25 13:36:14 +02:00
Clement Michaud dd36902467 3.15.0 2019-04-24 23:55:21 +02:00
Clement Michaud e37ee9e5c7 Add changelog for version 3.15.0. 2019-04-24 23:55:07 +02:00
Clement Michaud 4f63de4020 Remove useless packages from server package.json. 2019-04-24 23:53:23 +02:00
Clement Michaud 186839d6e5 Remove the shared directory and move files to server. 2019-04-17 23:31:56 +02:00
Clement Michaud 5a195f7ebd Update README to mention nginx and Traefik and update images. 2019-04-17 23:06:56 +02:00
Clément Michaud e0dab01442
Update README.md 2019-04-17 00:28:31 +02:00
Clement Michaud 743b84aeaa Change license from MIT to Apache 2.0. 2019-04-16 23:40:15 +02:00
Clement Michaud ab8402314b Add a link to the breaking changes markdown in README. 2019-04-16 22:58:45 +02:00
Clement Michaud b36f2c78f9 3.14.0 2019-04-16 22:53:48 +02:00
Clement Michaud 9e90662a89 Update CHANGELOG.md and add BREAKING.md. 2019-04-16 22:53:42 +02:00
Amir Zarrinkafsh 7d639df0b6 Fix nginx.md examples to reflect latest breaking changes 2019-04-16 21:24:18 +02:00
Clement Michaud 4016ff1bba [BREAKING] Create a suite for Traefik proxy.
* Removal of the Redirect header sent by Authelia /api/verify endpoint.
* Authelia does not consume Host header anymore but X-Forwarded-Proto and X-Forwarded-Host
  to compute the link sent in identity verification emails.
* Authelia used Host header as the application name for U2F authentication but it's now using
  X-Forwarded-* headers.
2019-04-12 09:24:54 +02:00
ViViDboarder 617e929e1a Fix relative paths and add error handling 2019-04-12 09:24:54 +02:00
ViViDboarder 356b82f443 Fix lint error 2019-04-12 09:24:54 +02:00
ViViDboarder 0922b3c215 Build x-original-url from forwarded headers
This is to allow broader support for proxies. In particular, this allows
support with Traefik.

This patch also includes some examples of configuration with Traefik.
2019-04-12 09:24:54 +02:00
Clement Michaud 36d65c284e Add a test checking forwarded headers on bypass-based resources. 2019-04-10 22:34:15 +02:00
Amir Zarrinkafsh c074270b54 Fix attaching User/Groups headers for bypass strategy 2019-04-10 21:32:12 +02:00
Clement Michaud 87e06e6528 Remove bad error message when registering U2F device. 2019-03-31 20:39:20 +02:00
Clement Michaud 8a76b5118d Add network criteria in ACLs to specify policy based on network subnet. 2019-03-31 20:11:07 +02:00
Clement Michaud 3c6e2ae448 3.13.0 2019-03-29 14:12:58 +01:00
Clement Michaud 23658dbcdf Update the CHANGELOG before release of v3.13.0. 2019-03-29 14:12:41 +01:00
Clement Michaud e7c09fddc6 Simplify nginx example configuration. 2019-03-28 23:14:36 +01:00
Clement Michaud 81207b49ad Fix failing second factor when no default redirection url set.
When no default redirection url was set, Duo push second factor was shown as
failing even if authentication was successful.
2019-03-28 22:38:16 +01:00
Clément Michaud e3b6410e79
Merge pull request #344 from nightah/duo-additions
Capture IP address and Target URL in Duo 2FA request
2019-03-27 10:47:23 +01:00
Amir Zarrinkafsh 274c6135c7
Capture IP address and Target URL in Duo 2FA request 2019-03-27 19:44:50 +11:00
Clément Michaud c2810101a4
Update README.md 2019-03-25 09:04:58 +01:00