7 Commits (9445878ca2c26c8898255ab43f6464aab0c3c286)

Author	SHA1	Message	Date
Amir Zarrinkafsh	8c77f4f931	fix(api): /api/checks/safe-redirection missing schemas (#2340) ... The following schemas for /api/checks/safe-redirection were missed in #2082: * handlers.checkURIWithinDomainRequestBody * handlers.checkURIWithinDomainResponseBody	2021-09-04 21:48:49 +10:00
Clément Michaud	bc983ce9f5	fix: user is now redirected when authenticated (#2082) ... * fix(handlers,web): user is now redirected when authenticated Fix: #1788 * remove dead code and fix ci issues * fix infinite loop in frontend * fix issue with integration tests * handle bot recommendation * fix integration test & add dot to comment * fix last integration test * Update api/openapi.yml Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com> * Update web/src/services/SafeRedirection.ts Co-authored-by: Amir Zarrinkafsh <nightah@me.com> * Update web/src/services/SafeRedirection.ts Co-authored-by: Amir Zarrinkafsh <nightah@me.com> * Update api/openapi.yml * Update openapi.yml * refactor: valid -> safe * refactor: adjust merge conflicts * Apply suggestions from code review Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com> * fix: adjust test return messaging Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com> Co-authored-by: Amir Zarrinkafsh <nightah@me.com>	2021-08-02 16:15:38 +10:00
James Elliott	f0cb75e1e1	fix(handlers): logout redirection validation (#1908)	2021-04-13 10:38:12 +02:00
James Elliott	d33d6c2f00	ci: add yamllint (#1895) ... This change implements yamllint and adjusts all yaml files to abide by our linting setup. This excludes config.template.yml as this will be done in an alternate commit.	2021-04-11 06:51:00 +10:00
Amir Zarrinkafsh	6855898f92	build(deps): update swagger-ui to v3.45.0 (#1861)	2021-03-29 10:55:09 +11:00
James Elliott	4dce8f9496	perf(authorizer): preload access control lists (#1640) ... * adjust session refresh to always occur (for disabled users) * feat: adds filtering option for Request Method in ACL's * simplify flow of internal/authorization/authorizer.go's methods * implement query string checking * utilize authorizer.Object fully * make matchers uniform * add tests * add missing request methods * add frontend enhancements to handle request method * add request method to 1FA Handler Suite * add internal ACL representations (preparsing) * expand on access_control next * add docs * remove unnecessary slice for network names and instead just use a plain string * add warning for ineffectual bypass policy (due to subjects) * add user/group wildcard support * fix(authorization): allow subject rules to match anonymous users * feat(api): add new params * docs(api): wording adjustments * test: add request method into testing and proxy docs * test: add several checks and refactor schema validation for ACL * test: add integration test for methods acl * refactor: apply suggestions from code review * docs(authorization): update description	2021-03-05 15:18:31 +11:00
Amir Zarrinkafsh	3487fd392e	[FEATURE] Add API docs and swagger-ui (#1544) ... * [FEATURE] Add API docs and swagger-ui This change will serve out swagger-ui at the `/api/` root path. * Update descriptions and summaries in API spec * Utilise frontend assets from unit testing for Docker build steps * Fix tag for /api/user/* endpoints * Fix response schema for /api/user/info/2fa_method * Template and inject the session name during runtime into swagger-ui This change also factorises and renames index.go into template.go, this can now be generically utilised to template any file. * Fix integration tests * Add U2F endpoints * Change swagger directory to api This change is to more closely conform to the golang-standards project layout. * Add authentication for u2f endpoints * Modify u2f endpoint descriptions * Rename and fix u2f 2fa sign endpoints * Fix request body for /api/secondfactor/u2f/sign endpoint Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>	2021-01-03 15:28:46 +11:00