James Elliott
873749a28f
Merge remote-tracking branch 'origin/master' into feat-settings-ui
...
# Conflicts:
# web/package.json
# web/pnpm-lock.yaml
2023-04-21 21:32:32 +10:00
James Elliott
616fa3c48d
docs: header consistency ( #5266 )
2023-04-18 09:53:26 +10:00
James Elliott
29ddc73012
Merge remote-tracking branch 'origin/master' into feat-settings-ui
...
# Conflicts:
# internal/suites/scenario_backend_protection_test.go
2023-04-15 15:05:09 +10:00
James Elliott
eaddf11df6
refactor: http verbs etc ( #5248 )
...
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-15 15:03:14 +10:00
James Elliott
370585d1de
refactor(web): webauthn references ( #5244 )
...
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-15 02:54:24 +10:00
James Elliott
2733fc040c
refactor: webauthn naming ( #5243 )
...
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-15 02:04:42 +10:00
James Elliott
774f64a932
Merge remote tracking branch 'origin/master' into feat-settings-ui
...
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-14 20:58:49 +10:00
James Elliott
3d2da0b070
feat(oidc): client authentication modes ( #5150 )
...
This adds a feature to OpenID Connect 1.0 where clients can be restricted to a specific client authentication mode, as well as implements some backend requirements for the private_key_jwt client authentication mode (and potentially the tls_client_auth / self_signed_tls_client_auth client authentication modes). It also adds some improvements to configuration defaults and validations which will for now be warnings but likely be made into errors.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-13 20:58:18 +10:00
James Elliott
51e1f41620
Merge remote-tracking branch 'origin/master' into feat-settings-ui
...
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-11 22:21:00 +10:00
James Elliott
7fdcc351d4
Merge remote-tracking branch 'origin/master' into feat-settings-ui
...
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
# Conflicts:
# internal/handlers/handler_register_webauthn.go
# internal/handlers/webauthn.go
# internal/handlers/webauthn_test.go
# internal/mocks/storage.go
# internal/model/webauthn.go
# internal/storage/provider.go
# internal/storage/sql_provider.go
# web/package.json
# web/pnpm-lock.yaml
# web/src/layouts/LoginLayout.tsx
2023-04-11 21:34:45 +10:00
James Elliott
c8f75b19af
fix(oidc): default response mode not validated ( #5129 )
...
This fixes an issue where the default response mode (i.e. if the mode is omitted) would skip the validations against the allowed response modes.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-11 21:29:02 +10:00
James Elliott
157675f1f3
docs: adjust references of webauthn ( #5203 )
...
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-10 17:01:23 +10:00
James Elliott
928df8a698
Merge remote-tracking branch 'origin/master' into feat-oidc-auth-mode
...
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
# Conflicts:
# internal/configuration/validator/const.go
2023-04-09 13:19:29 +10:00
James Elliott
2dcfc0b04c
feat(handlers): authz authrequest authelia url ( #5181 )
...
This adjusts the AuthRequest Authz implementation behave similarly to the other implementations in as much as Authelia can return the relevant redirection to the proxy and the proxy just utilizes it if possible. In addition it swaps the HAProxy examples over to the ForwardAuth implementation as that's now supported.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-08 14:48:55 +10:00
James Elliott
d6a8dec0be
build(deps): unbump github.com/go-webauthn/webauthn to v0.5.0 ( #5158 )
...
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-02 16:09:18 +10:00
James Elliott
b6883a337f
Merge origin/master into feat-settings-ui
2023-03-07 10:12:49 +11:00
James Elliott
ff6be40f5e
feat(oidc): pushed authorization requests ( #4546 )
...
This implements RFC9126 OAuth 2.0 Pushed Authorization Requests. See https://datatracker.ietf.org/doc/html/rfc9126 for the specification details.
2023-03-06 14:58:50 +11:00
James Elliott
8b8d6ce417
Merge remote-tracking branch origin/master into feat-settings-ui
2023-02-28 20:07:42 +11:00
James Elliott
a345490826
feat(server): handle head method ( #5003 )
...
This implements some HEAD method handlers for various static resources and the /api/health endpoint.
2023-02-28 20:01:09 +11:00
James Elliott
257bd2a25a
test: fix test
2023-02-19 12:48:11 +11:00
James Elliott
3e53ae7b2e
test: fix test
2023-02-19 12:11:33 +11:00
James Elliott
a6cc022e5c
Merge remote tracking branch origin/master into feat-settings-ui
2023-02-19 11:53:11 +11:00
James Elliott
a13a3c45f2
fix: encoding
2023-02-19 11:48:35 +11:00
James Elliott
ab01fa6bca
fix(handlers): legacy authz failure on nginx ( #4956 )
...
Since nginx doesn't do portal URL detection we have to skip returning an error on the legacy authz implementation when the portal URL isn't detected. This issue only exists in unreleased versions.
2023-02-18 16:56:53 +11:00
James Elliott
e5cdb175b4
feat: cred props
2023-02-18 15:36:58 +11:00
James Elliott
5be5de02d8
feat: webauthn users
2023-02-17 06:40:40 +11:00
James Elliott
e84ca4956a
refactor: sql updates
2023-02-14 23:35:15 +11:00
James Elliott
ee56740f46
Merge remote-tracking branch 'origin/master' into feat-settings-ui
2023-02-13 06:33:46 +11:00
renovate[bot]
6499dcf210
build(deps): update module github.com/go-webauthn/webauthn to v0.7.1 ( #4920 )
...
* build(deps): update module github.com/go-webauthn/webauthn to v0.7.1
* test: fix for upstream changes
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-02-13 06:30:19 +11:00
James Elliott
3b6f5482b8
fix: multi-cookie domain webauthn
2023-02-12 02:47:03 +11:00
James Elliott
d7be1c1359
refactor: reduce complexity
2023-02-01 22:10:38 +11:00
James Elliott
3af20a7daf
build(deps): use @simplewebauthn/browser
2023-01-30 16:37:53 +11:00
James Elliott
7d17c39c52
Merge origin/master into feat-settings-ui
2023-01-25 22:11:41 +11:00
James Elliott
65705a646d
feat(server): customizable authz endpoints ( #4296 )
...
This allows users to customize the authz endpoints.
Closes #2753 , Fixes #3716
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2023-01-25 20:36:40 +11:00
James Elliott
bd279900ca
Merge remote-tracking branch 'origin/master' into feat-settings-ui
2023-01-20 17:56:06 +11:00
Manuel Nuñez
8b29cf7ee8
feat(session): multiple session cookie domains ( #3754 )
...
This adds support to configure multiple session cookie domains.
Closes #1198
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2023-01-12 21:57:44 +11:00
James Elliott
cf4010b4fb
fix(oidc): csp blocks form_post response form submit ( #4719 )
...
This fixes an issue where the form_post response never gets submitted.
Fixes #4669
2023-01-08 07:04:06 +11:00
renovate[bot]
3d6c67fa33
build(deps): update module github.com/go-webauthn/webauthn to v0.6.0 ( #4646 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-01-07 14:21:27 +11:00
James Elliott
49d421e910
Merge remote-tracking branch 'origin/master' into feat-settings-ui
...
# Conflicts:
# api/openapi.yml
# web/src/views/DeviceRegistration/RegisterWebauthn.tsx
# web/src/views/LoginPortal/SecondFactor/WebauthnMethod.tsx
2023-01-07 11:50:19 +11:00
Manuel Nuñez
2ab50c7f61
test(handlers): add additional coverage ( #4698 )
...
* test(handlers): handler_checks_safe_redirection
* test(handlers): password_policy
* test(handlers): health
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-01-05 09:37:43 +11:00
James Elliott
adaf069eab
feat(oidc): per-client pkce enforcement policy ( #4692 )
...
This implements a per-client PKCE enforcement policy with the ability to enforce that it's used, and the specific challenge mode.
2023-01-04 02:03:23 +11:00
James Elliott
dd781ffc51
refactor: adjust settings components
2022-12-31 18:27:43 +11:00
James Elliott
f2ee86472d
revert: 2fa skip
2022-12-30 23:51:52 +11:00
James Elliott
0e2770e72d
Merge remote-tracking branch 'origin/master' into feat-settings-ui
2022-12-27 20:05:02 +11:00
James Elliott
f685f247cf
feat(notification): important events notifications ( #4644 )
...
This adds important event notifications.
2022-12-27 19:59:08 +11:00
James Elliott
a771cc6c2b
fix(notification): missing display name ( #4653 )
2022-12-27 10:54:58 +11:00
James Elliott
4a2fd3dea7
Merge remote-tracking branch 'origin/master' into feat-settings-ui
2022-12-23 16:08:47 +11:00
James Elliott
0bb657e11c
refactor(notifier): utilize smtp lib ( #4403 )
...
This drops a whole heap of code we were maintaining in favor of a SMTP library.
Closes #2678
2022-12-23 16:06:49 +11:00
James Elliott
d67554ab88
feat(authentication): ldap time replacements ( #4483 )
...
This adds and utilizes several time replacements for both specialized LDAP implementations.
Closes #1964 , Closes #1284
2022-12-21 21:31:21 +11:00
James Elliott
728902335b
refactor: const int type stringers ( #4588 )
2022-12-17 23:39:24 +11:00