* fix: redis sentinel secret missing
* refactor: use consts for authentication_backend.file.password errs
* fix: unit test for new default port
* test: cover additional misses
* test: fix windows/linux specific test error
* test: more windows specific tests
* test: remove superfluous url.IsAbs
* test: validator 100% coverage
The previous examples did not appropriately pass through the WWW-Authenticate header and 401 when the user was unauthenticated therefore not resulting in a basic auth login prompt.
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
This PR changes the suites tests so if go test -short is used, they are skipped per go standards and a message is displayed. Additionally removed some redundant types from suite_high_availability_test.go and adjusted a warning about a nil req var.
During a `yarn start` the react frontend would throw the following errors during compilation:
```
Starting the development server...
Compiled with warnings.
./src/index.css (./node_modules/css-loader/dist/cjs.js??ref--5-oneOf-4-1!./node_modules/postcss-loader/src??postcss!./src/index.css)
Warning
Greetings, time traveller. We are in the golden age of prefix-less CSS, where Autoprefixer is no longer needed for your stylesheet.
./node_modules/@fortawesome/fontawesome-svg-core/styles.css (./node_modules/css-loader/dist/cjs.js??ref--5-oneOf-4-1!./node_modules/postcss-loader/src??postcss!./node_modules/@fortawesome/fontawesome-svg-core/styles.css)
Warning
Greetings, time traveller. We are in the golden age of prefix-less CSS, where Autoprefixer is no longer needed for your stylesheet.
./src/components/FingerTouchIcon.module.css (./node_modules/css-loader/dist/cjs.js??ref--5-oneOf-5-1!./node_modules/postcss-loader/src??postcss!./src/components/FingerTouchIcon.module.css)
Warning
Greetings, time traveller. We are in the golden age of prefix-less CSS, where Autoprefixer is no longer needed for your stylesheet.
./src/components/PushNotificationIcon.module.css (./node_modules/css-loader/dist/cjs.js??ref--5-oneOf-5-1!./node_modules/postcss-loader/src??postcss!./src/components/PushNotificationIcon.module.css)
Warning
Greetings, time traveller. We are in the golden age of prefix-less CSS, where Autoprefixer is no longer needed for your stylesheet.
Search for the keywords to learn more about each warning.
To ignore, add // eslint-disable-next-line to the line before.
```
This in turn would mean that the server would never finish loading.
This change will allow the code to compile and run appropriately both in production and development modes.
I missed documenting this change, but prior to 4.27.0 the query param was never considered when matching resources. But that's no longer the case.
Fixes#1817
Returns a 404 instead of 405 on bad API endpoints. The original issue was resolved in 3487fd392e however this resolves another issue that's related. Additionally this ensures the behavior is tested.
Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
Fixes#1520Closes#1534
* refactor(authentication): use crypto constant time compare
Improve security with usage of the crypto/subtle ConstantTimeCompare() method for hash comparison.
Fixes#1799
* docs: add explicit labels for chat types
* Document X-Forwarded-For capabilities within access-control networks
Adds a short paragraph detailing X-Forwarded-For header behaviour
into the documentation.
* Update docs/configuration/access-control.md
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
* fix(configuration): lower argon2id default memory requirements
The current default hashing value of 1024MB (1GB) is far too aggressive to cover all use cases.
Reducing this number and encouraging users to to read the documentation and tune will result in less issues and a better user experience.
* test: fix broken tests
* [FEATURE] Add auth query param to /api/verify (#1353)
When `/api/verify` is called with `?auth=basic`, use the standard
Authorization header instead of Proxy-Authorization.
* [FIX] Better basic auth error reporting
* [FIX] Return 401 when using basic auth instead of redirecting
* [TESTS] Add tests for auth=basic query param
* [DOCS] Mention auth=basic argument and provide nginx example
* docs: add/adjust basic auth query arg docs for proxies
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>