Commit Graph

1500 Commits (a9635aafd2c86cbae8ddfc36aad98555b1d18e58)

Author SHA1 Message Date
Amir Zarrinkafsh 0d9a5812c7
[Buildkite] Update musl-cross-make toolchain to gcc 9.2.0 (#703)
Built using `musl-1.1.24`, `linux-headers-headers-4.19.88`
2020-03-14 12:45:55 +01:00
Amir Zarrinkafsh 8b80be4061
[Buildkite] Utilise annotations for build notifications (#700)
* [Buildkite] Utilise annotations for artifact and doc bypass notifications

* [Buildkite] Add context to annotations

* [Buildkite] Adjust docs annotation to display for PRs
2020-03-11 10:25:47 +11:00
Amir Zarrinkafsh 7d7ad9bd28
[MISC] Adjust TLS log messages (#701)
* [MISC] Adjust TLS log messages

* [MISC] Fix integration tests
2020-03-10 18:14:28 +11:00
Amir Zarrinkafsh f3fd79d731
[DOCS] Review all docs and adjust since the initial refactoring (#698)
* [DOCS] Review all docs and adjust since the initial refactoring

* [DOCS] Minor tweaks
2020-03-10 09:37:46 +11:00
Clément Michaud c429488738
[FEATURE] [BREAKING] Support writing logs in a file. (#686)
* [FEATURE] Support writing logs in a file.

* Add documentation about logs file path.

* Rename logs_level and logs_file_path into log_level and log_file_path.

* Update BREAKING.md

Fixes #338

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-03-09 20:57:53 +01:00
Amir Zarrinkafsh 6af27cb3f9
[Buildkite] Fix CI docs bypass by ensuring HEAD diff for master is correct (#699) 2020-03-09 17:45:15 +11:00
Amir Zarrinkafsh 7a0d217b67
[Buildkite] Reorder git fetch in pipeline (#697)
This will ensure that we always will have up-to-date refs for the repo post-checkout.
2020-03-09 16:53:13 +11:00
Amir Zarrinkafsh df431b32c8
[Buildkite] Compare to `origin/master` for docs bypass (#696) 2020-03-09 15:59:58 +11:00
James Elliott 49c40ca0a0
[DOCS] Reorganize file auth config docs (#693) 2020-03-09 13:02:14 +11:00
Amir Zarrinkafsh b70c4a744f
[Buildkite] Ignore unnecessary CI steps for docs/* only based commits (#690)
* [Buildkite] Ignore build and deploy steps for [DOCS] only based commits

* [Buildkite] Convert static pipelines into dynamic pipelines

* [Buildkite] Convert dynamic pipeline steps into heredocs

* [Buildkite] Fix indentation for aurpackages.sh

* [Buildkite] Rename docs bypass env variable

* [Buildkite] Fix automatic retries in integration tests
2020-03-09 12:32:07 +11:00
Clément Michaud 3c8babbd4f
[DOCS] Proxy documentation not available anymore. (#692) 2020-03-08 16:29:16 +01:00
Clément Michaud aea1728afc
[RELEASE] v4.6.0 (#688) 2020-03-06 22:26:25 +01:00
Amir Zarrinkafsh cc25b565c7
[MISC] Update Golang and QEMU to v1.14.0 and v4.2.0-6 respectively (#685)
* [MISC] Update Golang and QEMU to v1.14.0 and v4.2.0-6 respectively

* Argon2id memory in MB for Config Template

* Doc Fix

Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2020-03-06 19:40:56 +11:00
James Elliott 26369fff3d
[FEATURE] Support Argon2id password hasing and improved entropy (#679)
* [FEATURE] Support Argon2id Passwords

- Updated go module github.com/simia-tech/crypt
- Added Argon2id support for file based authentication backend
- Made it the default method
- Made it so backwards compatibility with SHA512 exists
- Force seeding of the random string generator used for salts to ensure they are all different
- Added command params to the authelia hash-password command
- Automatically remove {CRYPT} from hashes as they are updated
- Automatically change hashes when they are updated to the configured algorithm
- Made the hashing algorithm parameters completely configurable
- Added reasonably comprehensive test suites
- Updated docs
- Updated config template

* Adjust error output

* Fix unit test

* Add unit tests and argon2 version check

* Fix new unit tests

* Update docs, added tests

* Implement configurable values and more comprehensive testing

* Added cmd params to hash_password, updated docs, misc fixes

* More detailed error for cmd, fixed a typo

* Fixed cmd flag error, minor refactoring

* Requested Changes and Minor refactoring

* Increase entropy

* Update docs for entropy changes

* Refactor to reduce nesting and easier code maintenance

* Cleanup Errors (uniformity for the function call)

* Check salt length, fix docs

* Add Base64 string validation for argon2id

* Cleanup and Finalization
- Moved RandomString function from ./internal/authentication/password_hash.go to ./internal/utils/strings.go
- Added SplitStringToArrayOfStrings func that splits strings into an array with a fixed max string len
- Fixed an error in validator that would allow a zero salt length
- Added a test to verify the upstream crypt module supports our defined random salt chars
- Updated docs
- Removed unused "HashingAlgorithm" string type

* Update crypt go mod, support argon2id key length and major refactor

* Config Template Update, Final Tests

* Use schema defaults for hash-password cmd

* Iterations check

* Docs requested changes

* Test Coverage, suggested edits

* Wording edit

* Doc changes

* Default sanity changes

* Default sanity changes - docs

* CI Sanity changes

* Memory in MB
2020-03-06 12:38:02 +11:00
Amir Zarrinkafsh 72a3f1e0d7
[BUGFIX] Skip 2FA step if no ACL rule is two_factor (#684)
When no rule is set to two_factor in ACL configuration, 2FA is
considered disabled. Therefore, when a user cannot be redirected
correctly because no target URL is provided or the URL is unsafe,
the user is either redirected to the default URL or to the
'already authenticated' view instead of the second factor view.

Fixes #683
2020-03-06 11:31:09 +11:00
Amir Zarrinkafsh 0dea0fc82e
[FEATURE] Support MySQL as a storage backend. (#678)
* [FEATURE] Support MySQL as a storage backend.

Fixes #512.

* Fix integration tests and include MySQL in docs.
2020-03-05 10:25:52 +11:00
Victor e033a399a7
[DOCS] Update two-factor-basic-auth.md (#680) 2020-03-03 18:37:18 +11:00
Clément Michaud faf43de14f
[FEATURE] Add TLS support. (#677)
* [FEATURE] Add TLS support.

Fixes #368.

* [FEATURE] Introduce OnError hook in suites.

This hook allows to perform actions following an erroneous suite
like displaying the logs of Authelia.

* Display Authelia logs of Standalone suite when tests fail.

* Fix Standalone suite.

* Apply suggestions from code review

* Rename ssl_key and ssl_cert into tls_key and tls_cert.
2020-03-03 18:18:25 +11:00
Clément Michaud 0c43740a4e
[FEATURE] Add command to generate self-signed certs in authelia binary. (#676)
* [FEATURE] Add command to generate self-signed certs in authelia binary.
* Apply suggestions from code review

Fixes #454 

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-03-01 14:08:09 +01:00
Clément Michaud b911c2f0f3
[DOCS] Make link to community doc clickable. (#675) 2020-03-01 21:58:53 +11:00
James Elliott ffc87c1006
[DOCS] Fix Docs Links (#674)
- Fixed a few broken links
2020-03-01 16:58:26 +11:00
Amir Zarrinkafsh ae5533d41b
[Buildkite] Fix always reporting as failure for github artifact step (#673) 2020-03-01 15:56:04 +11:00
James Elliott c358ccca51
[RELEASE] v4.5.1 (#672) 2020-03-01 12:51:26 +11:00
Clément Michaud 8ac30db51d
[DOCS] Create a community section in the documentation. (#671)
* [DOCS] Create a community section in the doc.

This section is meant to host the non-official documentation
produced by the community.

Fixes #582.

* Update index.md
2020-03-01 12:27:22 +11:00
Clément Michaud b311bd5ead
[DOCS] Improve documentation about the integration with proxies. (#669)
* [DOCS] Improve documentation about the integration with proxies.

This improvement resolves #384.

* Update index.md
2020-03-01 12:11:16 +11:00
James Elliott 898f2a807e
[MISC] Add Detailed DUO Push Logging (#664)
* [MISC] Add Detailed DUO Push Logging

- Added trace logging for all response data from the DUO API
- Added warning messages on auth failures
- Added debug logging when DUO auth begins
- Updated mocks/unit tests to use the AutheliaCtx as required
2020-03-01 11:51:11 +11:00
Clément Michaud b5a9e0f047
[DOCS] Update links in README to reference docs.authelia.com. (#667)
* [DOCS] Update links in README to reference docs.authelia.com.

* Move report section of security to the top level page.

* Fix ordering of sub-pages of 2FA feature.
2020-03-01 00:27:23 +01:00
Clément Michaud 3816aa4df2
[FEATURE] Regenerate session IDs after 2FA authentication. (#670)
Session fixation attacks were prevented because a session ID was
regenerated at each first factor authentication but this commit
generalize session regeneration from first to second factor too.

Fixes #180
2020-03-01 00:13:33 +01:00
Amir Zarrinkafsh b007953580
[Buildkite] Optimise deployment dependencies (#668)
* Update all dependencies to allow more parallel jobs.
* Remove concurrency limit for non-master deployments to prevent pipeline blocking.
2020-02-29 15:31:10 +01:00
Amir Zarrinkafsh ac313ac89b
[DOCS] Update from Microbadger to shields.io docker badges (#666) 2020-03-01 00:12:23 +11:00
Clément Michaud 70866825c4
[DOCS] Add pointer to the documentation in README. (#663) 2020-02-29 23:22:43 +11:00
Clément Michaud 9c0e722bd7
[DOCS] Do not let think OAuth won't be supported. (#665)
* [DOCS] Do not let think OAuth won't be supported.

* [Buildkite] Prevent docs commit if there are no changes
2020-02-29 23:07:23 +11:00
Clément Michaud f821793afb
[Buildkite] Change commit author of commits in gh-pages to autheliabot. (#662) 2020-02-29 22:29:55 +11:00
Amir Zarrinkafsh a268a16c6e
[BUGFIX] Prevent clobbering of CNAME for docs (#661) 2020-02-29 17:20:07 +11:00
Clément Michaud a9f8958187
[BUGFIX] Add jekyll dependency in Gemfile. (#660)
* [BUGFIX] Add jekyll dependency in Gemfile.

* [Buildkite] Optimise documentation sync step

* [DOC] Fix merge conflict for index.md

* [DOC] Fix formatting issues
2020-02-29 16:15:03 +11:00
Clément Michaud adf7bbaf5b
[DOCS] Bootstrap new documentation website based on just-the-docs (#659) 2020-02-29 01:43:59 +01:00
Amir Zarrinkafsh 150a2e177a
[Buildkite] Enable automatic retries for failed github artifact step (#658)
* [Buildkite] Enable automatic retries for failed github artifact step

This is to handle failures which may occur when attempting to upload assets, per: https://buildkite.com/authelia/authelia/builds/465#537f931f-efc3-4f7b-9527-c927c1425a52.

* [Buildkite] Ensure GitHub artifact step is reported as a failure

When the initial command fails and we remove the release, we need to ensure that the exit status is reported as non-zero to trigger the automatic retry.
2020-02-28 22:58:44 +01:00
Clément Michaud 7102b258a1
[RELEASE] v4.5.0 (#657) 2020-02-28 01:23:53 +01:00
James Elliott fc05b973ad
[FEATURE] Redis DB Index Selection (#653)
* [FEATURE] Redis DB Number Selection
- Allow users to specify the DB number
- This is so users who use their redis for multiple purposes can have clear demarcation between their data

* revert: import order

* Add default/example to config template with docs

* Set DB Index property name to be more clear
2020-02-28 11:14:44 +11:00
Paul Williams 829757d3bc
[FEATURE] Support secure websocket connections. (#656)
* Add WSS support for insecure scheme detection

WSS connections were broken by the introduction of this check. Adding WSS as a supported scheme for secure connections prevents a 401 being returned for an authorised connection.

* Add tests for WSS

Also extend HTTPS tests to ensure they do not catch WSS URLs
2020-02-28 10:28:53 +11:00
Clément Michaud 82d8e1d57a
[BUGFIX] Fix crash when no emails or groups are retrieved from LDAP. (#651)
* [BUGFIX] Fix crash when no emails or groups are retrieved from LDAP.

If group or email attribute configured by user in configuration is not
found in user object the list of attributes in LDAP search result is empty.
This change introduces a check before accessing the first element of the
list which previously led to out of bound access.

Fixes #647.

* [MISC] Change log level of LDAP connection creation to trace.
2020-02-27 23:21:07 +01:00
Clément Michaud efb567f3d5
Fix development workflow. (#649)
Suites cannot be run locally anymore following the move of the example
directory into the suites directory.
2020-02-27 10:44:29 +01:00
James Elliott e1cd524f65
[FEATURE] SMTPS support (#643)
* [FEATURE] SMTPS Support
- Added port_tls option to enable SMTPS, off by default.

* Remove configuration variable for SMTPS

Instead we enable SMTPS on port 465 only. The reason for this is so we don't require an additional configuration variable.

* Add SMTPS warning and updated docs

* Adjust SMTPS warning
2020-02-20 12:09:46 +11:00
Amir Zarrinkafsh 4c09df9868
[Buildkite] Fix AUR version tagging (#645)
Need to fetch all tags prior to extracting the correct version.
2020-02-20 11:04:07 +11:00
Amir Zarrinkafsh 447b2461e4
[Buildkite] Automate CD for AUR packages (#644)
* [Buildkite] Automate continuous deployment for AUR packages

* [Buildkite] Make AUR deploy step conditional
2020-02-20 10:25:28 +11:00
Amir Zarrinkafsh d80becc343
[FIX] Changelog generation for github releases (#641) 2020-02-19 12:25:41 +11:00
Amir Zarrinkafsh fc526bc927
[RELEASE] 4.4.0 2020-02-19 10:01:34 +11:00
Clément Michaud 6390826618
[MISC] Add several logs to help users detect misconfiguration issues (#639)
* Help users detect misconfiguration of their protected domain.

Sometimes users try to visit an URL pointing to a domain which is
not protected by Authelia and thus authentication fails. This log
line will help users detect those cases.

* Add a log to detect bad schemes in target URLs.

This helps users detect when an URL is http while it should be https.
Indeed, cookies are transported solely over a secure connection for
security reasons.
2020-02-19 09:39:07 +11:00
Clément Michaud c578c8651d
[MISC] Add unit tests to authorization module and trace logs. (#638)
This aims to help debug #637.
2020-02-19 09:15:09 +11:00
Amir Zarrinkafsh 6530780817
[MISC] Utilise Probot for PR commentary (#633)
Remove Buildkite trigger for commentary.
2020-02-14 18:50:38 +11:00