Commit Graph

1279 Commits (86d77bfcd00f6f4ae9541b557b5dd1f66e49d72d)

Author SHA1 Message Date
Max Planck 80b1428849 Added environment variable parsing for:
*session secret
*e-mail service password
*smtp server password
*duo-auth api secret key
*ldap bind password
These still need to be specified in the configuration file
but can have dummy values there while the real values are
passed in via environment variables.
2019-06-07 17:39:04 +02:00
Max Planck cb4eb710fb Added ldap password environment variable. 2019-06-07 17:39:04 +02:00
Clément Michaud 8478216e5d
Update README.md 2019-04-25 13:36:14 +02:00
Clement Michaud dd36902467 3.15.0 2019-04-24 23:55:21 +02:00
Clement Michaud e37ee9e5c7 Add changelog for version 3.15.0. 2019-04-24 23:55:07 +02:00
Clement Michaud 4f63de4020 Remove useless packages from server package.json. 2019-04-24 23:53:23 +02:00
Clement Michaud 186839d6e5 Remove the shared directory and move files to server. 2019-04-17 23:31:56 +02:00
Clement Michaud 5a195f7ebd Update README to mention nginx and Traefik and update images. 2019-04-17 23:06:56 +02:00
Clément Michaud e0dab01442
Update README.md 2019-04-17 00:28:31 +02:00
Clement Michaud 743b84aeaa Change license from MIT to Apache 2.0. 2019-04-16 23:40:15 +02:00
Clement Michaud ab8402314b Add a link to the breaking changes markdown in README. 2019-04-16 22:58:45 +02:00
Clement Michaud b36f2c78f9 3.14.0 2019-04-16 22:53:48 +02:00
Clement Michaud 9e90662a89 Update CHANGELOG.md and add BREAKING.md. 2019-04-16 22:53:42 +02:00
Amir Zarrinkafsh 7d639df0b6 Fix nginx.md examples to reflect latest breaking changes 2019-04-16 21:24:18 +02:00
Clement Michaud 4016ff1bba [BREAKING] Create a suite for Traefik proxy.
* Removal of the Redirect header sent by Authelia /api/verify endpoint.
* Authelia does not consume Host header anymore but X-Forwarded-Proto and X-Forwarded-Host
  to compute the link sent in identity verification emails.
* Authelia used Host header as the application name for U2F authentication but it's now using
  X-Forwarded-* headers.
2019-04-12 09:24:54 +02:00
ViViDboarder 617e929e1a Fix relative paths and add error handling 2019-04-12 09:24:54 +02:00
ViViDboarder 356b82f443 Fix lint error 2019-04-12 09:24:54 +02:00
ViViDboarder 0922b3c215 Build x-original-url from forwarded headers
This is to allow broader support for proxies. In particular, this allows
support with Traefik.

This patch also includes some examples of configuration with Traefik.
2019-04-12 09:24:54 +02:00
Clement Michaud 36d65c284e Add a test checking forwarded headers on bypass-based resources. 2019-04-10 22:34:15 +02:00
Amir Zarrinkafsh c074270b54 Fix attaching User/Groups headers for bypass strategy 2019-04-10 21:32:12 +02:00
Clement Michaud 87e06e6528 Remove bad error message when registering U2F device. 2019-03-31 20:39:20 +02:00
Clement Michaud 8a76b5118d Add network criteria in ACLs to specify policy based on network subnet. 2019-03-31 20:11:07 +02:00
Clement Michaud 3c6e2ae448 3.13.0 2019-03-29 14:12:58 +01:00
Clement Michaud 23658dbcdf Update the CHANGELOG before release of v3.13.0. 2019-03-29 14:12:41 +01:00
Clement Michaud e7c09fddc6 Simplify nginx example configuration. 2019-03-28 23:14:36 +01:00
Clement Michaud 81207b49ad Fix failing second factor when no default redirection url set.
When no default redirection url was set, Duo push second factor was shown as
failing even if authentication was successful.
2019-03-28 22:38:16 +01:00
Clément Michaud e3b6410e79
Merge pull request #344 from nightah/duo-additions
Capture IP address and Target URL in Duo 2FA request
2019-03-27 10:47:23 +01:00
Amir Zarrinkafsh 274c6135c7
Capture IP address and Target URL in Duo 2FA request 2019-03-27 19:44:50 +11:00
Clément Michaud c2810101a4
Update README.md 2019-03-25 09:04:58 +01:00
Clément Michaud 30f47a1451
Merge pull request #342 from clems4ever/duo-push
Add Duo Push Notification option as 2FA.
2019-03-24 23:55:44 +01:00
Clement Michaud 28cc5e7e1b Fix integration tests. 2019-03-24 23:29:46 +01:00
Clement Michaud a4b129a676 Security Key method is not displayed if browser does not support it. 2019-03-24 22:36:49 +01:00
Clement Michaud a717b965c1 Display only available 2FA methods.
For instance Duo Push Notification method is not displayed if the API
is not configured.
2019-03-24 22:23:25 +01:00
Clement Michaud d09a307ff8 Fix redirection after 2FA method change.
Authelia was using links with href="#" that changed the URL when clicked
on. Therefore, this commit removes the href property and apply link style
to tags without href property.
2019-03-24 20:02:55 +01:00
Clement Michaud 4eaafb7115 Update the documentation to include information on Duo. 2019-03-24 18:45:32 +01:00
Clement Michaud ff88ad354f Install /etc/hosts entries from bootstrap script.
This allows to add an entry which is not pointing to localhost but
to a docker container in the Travis virtual env.
2019-03-24 16:43:30 +01:00
Clement Michaud 8ef402511c Add Duo Push Notification option as 2FA. 2019-03-24 15:15:49 +01:00
Clément Michaud 090a74299f
Merge pull request #340 from clems4ever/2fa-opt-state
Display only one 2FA option.
2019-03-23 20:53:37 +01:00
Clement Michaud d9e487c99f Display only one 2FA option.
Displaying only one option at 2FA stage will allow to add more options
like DUO push or OAuth.

The user can switch to other option and in this case the option is
remembered so that next time, the user will see the same option. The
latest option is considered as the prefered option by Authelia.
2019-03-23 19:34:00 +01:00
Clément Michaud 92eb897a03
Merge pull request #336 from clems4ever/fix-bypass-policy
Fix bypass policy
2019-03-23 09:20:41 +01:00
Clement Michaud 40574bc8ec Fix the bypass strategy.
Before this fix an anonymous user was not able to access a resource
that were configured with a bypass policy. This was due to a useless
check of the userid in the auth session. Moreover, in the case of an
anonymous user, we should not check the inactivity period since there
is no session.

Also refactor /verify endpoint for better testability and add tests
in a new suite.
2019-03-22 23:51:36 +01:00
Clément Michaud 55f423a6ae
Merge pull request #334 from clems4ever/log-header-access
Log what is retrieved from headers to help debugging.
2019-03-22 15:50:46 +01:00
Clement Michaud bd5bb497e3 Log stage names as they are running in travis script. 2019-03-22 15:34:42 +01:00
Clement Michaud 9366741980 Forbid test selected with only in CI. 2019-03-22 15:34:42 +01:00
Clement Michaud 6a19f7eb91 Add documentation for nginx proxy. 2019-03-22 15:34:42 +01:00
Clement Michaud 7c3d6cc376 Log what is retrieved from headers to help debugging. 2019-03-22 15:34:38 +01:00
Clément Michaud d858e13d87
Merge pull request #331 from clems4ever/test-kubernetes
Add a suite for Kubernetes.
2019-03-17 08:55:36 +01:00
Clement Michaud 76fa325f08 [BREAKING] Create a suite for kubernetes tests.
Authelia client uses hash router instead of browser router in order to work
with Kubernetes nginx-ingress-controller. This is also better for users having
old browsers.

This commit is breaking because it requires to change the configuration of the
proxy to include the # in the URL of the login portal.
2019-03-16 00:13:27 +01:00
Clement Michaud f8a12b8482 Fix dead link in README of suites. 2019-03-04 00:02:45 +01:00
Clement Michaud f529cd7b38 Make password from hash-password command required. 2019-03-03 23:55:34 +01:00