Commit Graph

679 Commits (a991379a747409893678e4d23868a2ceafce7cf8)

Author SHA1 Message Date
Clément Michaud 6c4d06b2a8
Merge pull request #289 from clems4ever/remove-auth-methods
Introduce "bypass", "one_factor", "two_factor" and "deny" ACL rules
2018-11-17 18:44:36 +01:00
Clement Michaud b53d16d8a1 Introduce Subject and Object in authorization module. 2018-11-17 18:29:10 +01:00
Clement Michaud 97bfafb6eb [BREAKING] Flatten the ACL rules to enable some use cases.
With previous configuration format rules were not ordered between groups and
thus not predictable. Also in some cases `any` must have been a higher
precedence than `groups`. Flattening the rules let the user apply whatever
policy he can think of.

When several rules match the (subject, domain, resource), the first one is
applied.

NOTE: This commit changed the format for declaring ACLs. Be sure to update
your configuration file before upgrading.
2018-11-17 18:08:29 +01:00
Clement Michaud 2bc650fd97 Create a docker-compose.dev.yml to reproduce integration test cases. 2018-11-17 18:08:29 +01:00
Clement Michaud 9fc55543fd Integrate more policy options in ACL rules.
The possible values for ACL policies are now: bypass, one_factor, two_factor,
deny.

This change also deprecate auth_methods because the method is now associated
directly to a resource in the ACLs instead of a domain.
2018-11-17 18:08:29 +01:00
Clément Michaud d898fa2c0c
Merge pull request #293 from clems4ever/closed-redirection
Fix open redirection vulnerability.
2018-11-17 18:04:33 +01:00
Clement Michaud 42581dfe93 Fix open redirection vulnerability.
In order to redirect the user after authentication, Authelia uses
rd query parameter provided by the proxy. However an attacker could
use phishing to make the user be redirected to a bad domain. In order
to avoid the user to be redirected to a bad location, Authelia now
verifies the redirection URL is under the protected domain.
2018-11-17 17:48:20 +01:00
Clement Michaud 8871ccd65e 3.10.0 2018-11-17 15:06:08 +01:00
Clement Michaud eaa3cc34f8 Update changelog before publication of next minor release. 2018-11-17 15:06:07 +01:00
Clément Michaud 5f8e33d6ac
Merge pull request #301 from clems4ever/fix-u2f-2
Fix U2F sign request after U2F library upgrade.
2018-11-17 14:28:11 +01:00
Clement Michaud baa1899536 Fix U2F sign request after u2f library upgrade. 2018-11-17 13:58:48 +01:00
Clément Michaud 76326d5ff7
Merge pull request #302 from clems4ever/improve-doc
Add details on how to deploy Authelia in a dev environment.
2018-11-17 12:21:13 +01:00
Clément Michaud f725f04361
Fix deployment dev documentation. 2018-11-17 12:20:39 +01:00
Clement Michaud de15dc52dd Add details on how to deploy Authelia in a dev environment.
Also improve some part of the documentation.
2018-11-16 15:30:26 +01:00
Clement Michaud 82e51e1a71 Improve CONTRIBUTE section of the README. 2018-11-15 22:47:27 +01:00
Clement Michaud 9a0e5290d1 Use mailcatcher for minimal config setup. 2018-11-15 22:28:29 +01:00
Clement Michaud 43102d9fae Bump nyc dependency. 2018-11-15 22:24:57 +01:00
Clement Michaud 0dd3f18bd5 Bump lodash dependency. 2018-11-15 21:32:51 +01:00
Clement Michaud e7bb729a63 Bump cached-path-relative 2018-11-15 18:24:15 +01:00
Clement Michaud e9d8f604c6 Bump fill-range package. 2018-11-15 18:22:13 +01:00
Clément Michaud 1d6dd9323b
Merge pull request #300 from clems4ever/fix-u2f
Fix U2F authentication by upgrading U2F libraries.
2018-11-06 16:55:13 +01:00
Clement Michaud 7c80515b34 Fix U2F authentication by upgrading libraries. 2018-11-06 15:45:01 +01:00
Clément Michaud 72b3e22987
Merge pull request #298 from clems4ever/fix-npm-audit
Bump grunt and grunt-contrib-watch.
2018-11-03 16:52:02 +01:00
Clement Michaud 798b001986 Bump grunt and grunt-contrib-watch. 2018-11-03 16:19:05 +01:00
Clement Michaud fac17671ee Fix broken link to getting-started in README.md 2018-11-03 13:29:06 +01:00
Clément Michaud 0c238ea9a6
Merge pull request #292 from clems4ever/u2f-polyfill
Make Authelia compatible with Firefox.
2018-10-27 18:47:37 +02:00
Clement Michaud e8c3205e0a Make Authelia compatible with Firefox.
Use the polyfill version of u2f API provided by Google.

https://github.com/mastahyeti/u2f-api

This polyfill is at least compatible with Chrome and
Firefox after enabling the U2F support.

[HOWTO] Enable U2F in Firefox >= 57:
Navigate to 'about:config' and search for 'u2f' option.
Double-click on the line to toggle the option.
2018-10-27 18:22:01 +02:00
Clément Michaud bfaaf6214f
Merge pull request #287 from clems4ever/keep-logged-in
Add a "keep me logged in" checkbox.
2018-10-23 21:02:24 +02:00
Clement Michaud 05c423c6f8 Add integration test for keep me logged in feature. 2018-10-23 20:41:02 +02:00
Clement Michaud 4c3b5cfbb3 Implement Keep me logged in feature. 2018-10-21 16:11:31 +02:00
Clement Michaud 059c5936f5 Add 'keep me logged in' checkbox in first factor page. 2018-10-21 15:25:28 +02:00
Clement Michaud ad6b064063 Fix typing issue when using Dockerfile.dev. 2018-10-21 15:25:09 +02:00
Clement Michaud a8460d3c7b Add a Dockerfile.dev for manual testing during development.
In some cases mounting node_modules in the container leads to
shared library linking issues (libcrypt.so) for instance.
2018-10-21 15:23:25 +02:00
Clément Michaud d923ae334a
Merge pull request #284 from clems4ever/bump-request
Bump request package.
2018-10-13 23:25:18 +02:00
Clement Michaud a21c15d451 Bump request package. 2018-10-13 19:21:32 +02:00
Clément Michaud e70f0914f3
Merge pull request #283 from clems4ever/fix-docs
Fix broken links in documentation.
2018-10-13 19:20:17 +02:00
Clement Michaud b59371941e Fix broken links in documentation. 2018-10-13 11:47:28 +02:00
Clément Michaud 269f74cd7b
Merge pull request #282 from clems4ever/update-deps
Update bootstrap and randomatic dependencies.
2018-10-13 11:46:40 +02:00
Clément Michaud 6c6eea02a1
Merge branch 'master' into update-deps 2018-10-13 10:52:57 +02:00
Clément Michaud 33bede9e5f
Merge pull request #281 from p-rintz/patch-1
Changed minimal config to provide for a working installation + docker swarm example
2018-10-13 10:31:24 +02:00
Clement Michaud 96ecea203f Update bootstrap and randomatic dependencies. 2018-10-13 10:16:18 +02:00
Philipp Rintz ed9b593ddf
Uncommented filesystem notifier 2018-10-12 16:18:17 +02:00
Philipp Rintz 04cd62dd3e
Changed the comment about the config location 2018-10-12 15:57:46 +02:00
Philipp Rintz 10ffaf0f4f
Cut down on comments, change directory of users_db
I removed some (parts) of comments as requested. Also changed the directory of the users_database.yml. I would add the one/two volume issue into the docker swarm config then.
2018-10-12 15:54:15 +02:00
Philipp Rintz ef51061246
Fixed formatting 2018-10-12 07:58:53 +02:00
Philipp Rintz 5eafeb65f7
Config example fixed 2018-10-12 07:56:27 +02:00
Philipp Rintz 48c1bb5136
Minimal example config for docker swarm
Currently missing: reverse proxy, since I am using traefik and I do not have it fully working yet with the internal traefik tools.
2018-10-12 07:52:44 +02:00
Philipp Rintz 326a763343
Changed example file location for users_database
If using Docker as a medium for Authelia, having both the storage and users_database in one directory is preferable due to only one volume being needed. /etc/authelia cant be this directory, since there are other files in there, hence the subdirectory.
2018-10-12 07:39:04 +02:00
Philipp Rintz 323848736a
Added some documentation snippets 2018-10-12 07:36:45 +02:00
Philipp Rintz c4a57728e9
Include minimal working config in minimal example
Changed the minimal config example to include at least the minimal config settings to result in a working Authelia installation.
2018-10-12 07:32:32 +02:00