Commit Graph

2592 Commits (ad84c8c33e7112798b59b96d56d616e588934c94)

Author SHA1 Message Date
James Elliott ad84c8c33e
feat(oidc): opaque subject identifiers (#3129)
This is a meta commit for a feature originally implemented in 0a970aef8a documenting the change from using the username as a subject identifier to a specification compliant subject identifier in the form of RFC4122 UUID V4 subject identifiers. This is a required change in order to be compliant with the specification as per https://openid.net/specs/openid-connect-core-1_0.html#SubjectIDTypes. Relying parties which utilize the subject identifier / sub claim may need manual intervention in order to relink accounts. Users who have issues will have to consult with the documentation of their individual relying parties in order to relink accounts. Users who utilized the subject identifier as a means to provision their users are also encouraged to utilize the preferred_username claim from the profile scope.
2022-04-07 17:35:54 +10:00
James Elliott 8bb8207808
feat(oidc): pairwise subject identifiers (#3116)
Allows configuring clients with a sector identifier to allow pairwise subject types.
2022-04-07 16:13:01 +10:00
James Elliott 0a970aef8a
feat(oidc): persistent storage (#2965)
This moves the OpenID Connect storage from memory into the SQL storage, making it persistent and allowing it to be used with clustered deployments like the rest of Authelia.
2022-04-07 15:33:53 +10:00
James Elliott 06fd7105ea
refactor(templates): utilize more accurate naming (#3125) 2022-04-07 13:05:20 +10:00
James Elliott 4ebd8fdf4e
feat(oidc): provide cors config including options handlers (#3005)
This adjusts the CORS headers appropriately for OpenID Connect. This includes responding to OPTIONS requests appropriately. Currently this is only configured to operate when the Origin scheme is HTTPS; but can easily be expanded in the future to include additional Origins.
2022-04-07 10:58:51 +10:00
renovate[bot] a694cf851f
build(deps): update module github.com/fasthttp/router to v1.4.8 (#3126)
* build(deps): update module github.com/fasthttp/router to v1.4.8

* fix: go.sum

Co-authored-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2022-04-06 21:42:17 +10:00
renovate[bot] 6dde133cc1
build(deps): update module github.com/fasthttp/session/v2 to v2.4.9 (#3127)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2022-04-06 20:58:13 +10:00
James Elliott b325965a55
build(deps): update module github.com/go-webauthn/webauthn to v0.3.0 (#3123) 2022-04-06 14:45:01 +10:00
renovate[bot] a6a924cf79
build(deps): update dependency eslint-plugin-import to v2.26.0 (#3121)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2022-04-06 09:34:20 +10:00
renovate[bot] 5f4ce14615
build(deps): update dependency @testing-library/jest-dom to v5.16.4 (#3119)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2022-04-06 08:22:27 +10:00
renovate[bot] d96c93ef2b
build(deps): update module github.com/valyala/fasthttp to v1.35.0 (#3120)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2022-04-06 07:57:23 +10:00
renovate[bot] 89b78f0ad3
build(deps): update dependency vite to v2.9.1 (#3079)
* build(deps): update dependency vite to v2.9.1

* fix(web): load correct vite env vars

Co-authored-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2022-04-05 15:43:52 +10:00
renovate[bot] 004490c7b1
build(deps): update dependency alpine to v3.15.4 (#3114)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-04-05 11:15:43 +10:00
renovate[bot] 3ea41edbaa
build(deps): update typescript-eslint monorepo to v5.18.0 (#3113)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-04-05 10:55:29 +10:00
Clément Michaud 3ca438e3d5
feat: implement mutual tls in the web server (#3065)
Mutual TLS helps prevent untrusted clients communicating with services like Authelia. This can be utilized to reduce the attack surface.

Fixes #3041
2022-04-05 09:57:47 +10:00
James Elliott a2eb0316c8
feat(web): password reset custom url (#3111)
This allows providing a custom URL for password resets. If provided the disable_reset_password option is ignored, the password reset API is disabled, and the button provided in the UI to reset the password redirects users to the configured endpoint.

Closes #1934, Closes #2854

Co-authored-by: you1996 <youssri@flyweight.tech>
2022-04-04 17:46:55 +10:00
James Elliott b8280dfed6
build(deps): update dependency swagger-ui to 4.10.3 (#3110) 2022-04-04 14:59:27 +10:00
James Elliott 73212671fc
build(web): remove unused types (#3109) 2022-04-04 13:19:07 +10:00
James Elliott fb59ff6972
build: enable empty out dir vite option (#3107) 2022-04-04 12:55:09 +10:00
James Elliott aac4c4772c
feat(web): i18n asset overrides (#3040)
This allows overriding translation files in folders with lowercase RFC5646 / BCP47 Format language codes. This also fixes an issues where languages which don't expressly match the language code specified due to having a variant will also match the existing codes.

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2022-04-04 12:15:26 +10:00
James Elliott ee9ce27ccf
ci: codeql only on code changes (#3108) 2022-04-04 10:02:33 +10:00
James Elliott 2502d89682
fix(server): respond with 404/405 appropriately (#3087)
This adjusts the not found handler to not respond with a 404 on not found endpoints that are part of the /api or /.well-known folders, and respond with a 405 when the method isn't implemented.

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2022-04-04 09:58:01 +10:00
Amir Zarrinkafsh fa143ea029
fix(web): update client rendering method (#3106)
This PR utilises the React 18 Client Rendering API along with createRoot as opposed to the React 17 ReactDOM.render method.
2022-04-04 09:39:18 +10:00
renovate[bot] ec8d71f63f
build(deps): update material-ui monorepo (#3105)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-04-04 07:24:27 +10:00
James Elliott 7230db7cea
refactor(configuration): decode_hooks blackbox and better testing (#3097) 2022-04-03 22:44:52 +10:00
Manuel Nuñez bfd5d66ed8
feat(notification): password reset notification custom templates (#2828)
Implemented a system to allow overriding email templates, including the remote IP, and sending email notifications when the password was reset successfully.

Closes #2755, Closes #2756

Co-authored-by: Manuel Nuñez <@mind-ar>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2022-04-03 22:24:51 +10:00
James Elliott 9e05066097
refactor(handlers): ppolicy (#3103)
Add tests and makes the password policy a provider so the configuration can be loaded to memory on startup.
2022-04-03 21:58:27 +10:00
renovate[bot] 0f6ca55016
build(deps): update dependency eslint-import-resolver-typescript to v2.7.1 (#3104)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-04-03 17:02:59 +10:00
renovate[bot] 0559e33263
build(deps): update dependency prettier to v2.6.2 (#3100)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2022-04-03 16:21:13 +10:00
James Elliott 36cf662458
refactor: misc password policy refactoring (#3102)
Add tests and makes the password policy a provider so the configuration can be loaded to memory on startup.
2022-04-03 10:48:26 +10:00
Manuel Nuñez 8659ba394d
feat(authentication): password policy (#2723)
Implement a password policy with visual feedback in the web portal.

Co-authored-by: Manuel Nuñez <@mind-ar>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2022-04-03 08:32:57 +10:00
bgh-github cd2d88f9f3
docs: add oidc details for miniflux app (#3096)
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2022-04-02 17:28:48 +11:00
James Elliott 4d7f930e74
docs: fix regex examples (#3094) 2022-04-02 16:41:16 +11:00
James Elliott 86dcb54e4a
ci: skip internal/configuration/config.template.yml (#3095) 2022-04-02 16:24:02 +11:00
allcontributors[bot] 1d67072c78
docs: add protvis74 as a contributor for translation (#3091)
Co-authored-by: allcontributors[bot] <46447321+allcontributors[bot]@users.noreply.github.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2022-04-02 15:43:43 +11:00
James Elliott e888d2c4a8
ci: skip codeql on repo or doc files (#3093) 2022-04-02 15:38:52 +11:00
allcontributors[bot] 6ecbc3d7d9
docs: add mind-ar as a contributor for code, translation (#3092)
Co-authored-by: allcontributors[bot] <46447321+allcontributors[bot]@users.noreply.github.com>
2022-04-02 15:36:27 +11:00
allcontributors[bot] 9eca6bbd64
docs: add you1996 as a contributor for design (#3090)
Co-authored-by: allcontributors[bot] <46447321+allcontributors[bot]@users.noreply.github.com>
2022-04-02 15:17:22 +11:00
allcontributors[bot] 89340c5aaa
docs: add bgh-github as a contributor for doc (#3089)
Co-authored-by: allcontributors[bot] <46447321+allcontributors[bot]@users.noreply.github.com>
2022-04-02 15:11:51 +11:00
bgh-github ce69cb2414
docs: fix oidc applications table display (#3088) 2022-04-02 15:09:47 +11:00
yossbg 1bae65ad33
feat(templates): display link in mails sent by authelia (#2785)
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2022-04-01 23:34:17 +11:00
James Elliott 3c1bb3ec19
feat(authorization): domain regex match with named groups (#2789)
This adds an option to match domains by regex including two special named matching groups. User matches the username of the user, and Group matches the groups a user is a member of. These are both case-insensitive and you can see examples in the docs.
2022-04-01 22:38:49 +11:00
James Elliott 0116506330
feat(oidc): implement amr claim (#2969)
This adds the amr claim which stores methods used to authenticate with Authelia by the users session.
2022-04-01 22:18:58 +11:00
James Elliott b2d35d88ec
feat(configuration): allow rfc4918 http verbs in acl (#2988)
This allows the HTTP Method verbs from RFC4918 to be used. See https://datatracker.ietf.org/doc/html/rfc4918 for more information.
2022-04-01 21:53:10 +11:00
protvis74 c3faa38d72
feat(web): add de i18n translation (#3043)
Added German translation to Authelia.

Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2022-04-01 21:25:30 +11:00
Clément Michaud fa2cebf009
ci: introduce github codeql analysis (#3071)
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2022-04-01 09:42:50 +11:00
renovate[bot] 4e6ceeb38d
build(deps): update dependency react-router-dom to v6.3.0 (#3085)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-04-01 09:20:11 +11:00
renovate[bot] 87ef1ad9e1
build(deps): update dependency @testing-library/react to v13 (#3082)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2022-03-31 18:09:32 +11:00
renovate[bot] df9492ca0e
build(deps): update dependency traefik to v2.6.3 (#3075)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-03-31 17:00:08 +11:00
renovate[bot] 67f4bab7a6
build(deps): update dependency @vitejs/plugin-react to v1.3.0 (#3078)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2022-03-31 13:05:31 +11:00