- Adjust AUTH LOGIN functionality to be closer to AUTH PLAIN
- Removed: secure (notifier smtp conf) boolean string
- Added: disable_verify_cert (notifier smtp conf) boolean
- disables X509 validation of certificates
- Added: disable_require_tls (notifier smtp conf) boolean
- allows emails to be sent over plain text (for non-authenticated only)
- Added: trusted_cert (notifier smtp conf) string (path)
- allows specifying the path of a PEM format cert to add to trusted cert pool
- Make SMTP notifier return errors on connection over plain text
- Make SMTP notifier return errors on TLS connection with invalid certs
- Implemented various debug logging for the SMTP notifier
- Implemented explicit SMTP closes on errors (previously left con open)
- Split SMTPNotifier Send func to seperate funcs for:
- writing future test suites and startup checks more easily
- organization and readability
- Add details of changes to docs/security.yml
- Adjust config.yml's (template and test) for the changes
* Update references to remove hash router
In commit 9ae2096, the redirection parameter is changed in the example `nginx.conf`, and also in other places like `internal/middlewares/identity_verification.go`:
```
- link := fmt.Sprintf("%s://%s/#%s?token=%s", ctx.XForwardedProto(),
+ link := fmt.Sprintf("%s://%s%s?token=%s", ctx.XForwardedProto(),
```
These should only run on the master or tagged branches. This also means that while we are utilising Travis that there aren't long 20-30 blocks waiting on a PR to go green due to the build steps.
- Added a warning for users who attempt authentication on servers that don't allow STARTTLS (they are transmitted in plain text)
- Included a note when AUTH fails due to no supported mechanisms including the mechanisms supported (PLAIN and LOGIN)
- If the STARTTLS extension is advertised we automatically STARTTLS before authenticating or sending
- Uses the secure config key to determine if we should verify the cert. By default it does not verify the cert (should not break any configs)
- Attempt auth when the config has a SMTP password and the server supports the AUTH extension and either the PLAIN or LOGIN mechanism
- Check the mechanisms supported by the server and use PLAIN or LOGIN depending on which is supported
- Changed secure key to use boolean values instead of strings
- Arranged SMTP notifier properties/vars to be in the same order
- Log the steps for STARTTLS (debug only)
- Log the steps for AUTH (debug only)
- Make the DN concatenation uniform between both Users and Groups
- Make it possible to use a blank or commented out additional_users_dn or additional_groups_dn for ldap backends
- Fixes#508
Authelia needs to know with what IP was the request originating in
order to apply network based ACL rules. Authelia already supported
X-Forwarded-For but X-Real-IP is another way to define it. It takes
precedence over X-Forwarded-For.
Providing a list of suites test to authelia-scripts will run the
tests of each of them sequentially.
For instance, authelia-scripts suites test Standalone,BypassAll.
This is to avoid the multiple reloads due to the frontend modules
being installed at the startup of the suite and randomly preventing
Authelia from starting.
Amir Zarrinkafsh
James Elliott
Silver Bullet
mqmq0
Clement Michaud
Mike Kusold