92084bc5b2
[MISC] Add http debug routes ( #848 )
...
* [MISC] Add debug endpoints to Authelia
* enabled only with trace logging
* allows go tool pprof usage when enabled
* enables both the expvarhandler and pprofhandler from fasthttp
* simplify tls/non-tls listen and serve
* make it easy to define custom settings of the fasthttp server in the future
* make name param optional
* add note about the trace setting in the documentation
2020-04-11 14:59:58 +10:00
f05bce66f0
[MISC] (deps): Bump go.mongodb.org/mongo-driver from 1.3.1 to 1.3.2 ( #836 )
...
Bumps [go.mongodb.org/mongo-driver](https://github.com/mongodb/mongo-go-driver ) from 1.3.1 to 1.3.2.
- [Release notes](https://github.com/mongodb/mongo-go-driver/releases )
- [Commits](https://github.com/mongodb/mongo-go-driver/compare/v1.3.1...v1.3.2 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
2020-04-08 22:56:01 +02:00
580152b40b
[FEATURE] Include darwin based binaries for OSX ( #814 )
...
Build and publish binary artifacts for Authelia which can be run directly from OSX.
2020-04-03 16:13:24 +11:00
8405b4fee1
[MISC] (deps): Bump github.com/go-ldap/ldap/v3 from 3.1.7 to 3.1.8 ( #812 )
...
Bumps [github.com/go-ldap/ldap/v3](https://github.com/go-ldap/ldap ) from 3.1.7 to 3.1.8.
- [Release notes](https://github.com/go-ldap/ldap/releases )
- [Commits](https://github.com/go-ldap/ldap/compare/v3.1.7...v3.1.8 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-04-01 22:06:25 +02:00
376333affe
[MISC] (deps): Bump github.com/spf13/cobra from 0.0.6 to 0.0.7 ( #795 )
...
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra ) from 0.0.6 to 0.0.7.
- [Release notes](https://github.com/spf13/cobra/releases )
- [Commits](https://github.com/spf13/cobra/compare/v0.0.6...0.0.7 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-03-30 10:36:39 +11:00
40fb13ba3c
[FEATURE] TOTP Tuning Configuration Options and Fix Timer Graphic ( #773 )
...
* Add period TOPT config key to define the time in seconds each OTP is rotated
* Add skew TOTP config to define how many keys either side of the current one should be considered valid
* Add tests and set minimum values
* Update config template
* Use unix epoch for position calculation and Fix QR gen
* This resolves the timer resetting improperly at the 0 seconds mark and allows for periods longer than 1 minute
* Generate QR based on period
* Fix OTP timer graphic
2020-03-25 12:48:20 +11:00
7cf39cb3a1
[MISC] (deps): Bump github.com/sirupsen/logrus from 1.4.2 to 1.5.0 ( #774 )
...
Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus ) from 1.4.2 to 1.5.0.
- [Release notes](https://github.com/sirupsen/logrus/releases )
- [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md )
- [Commits](https://github.com/sirupsen/logrus/compare/v1.4.2...v1.5.0 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-03-24 10:42:32 +11:00
42d09da6ca
[MISC] (deps): Bump github.com/fasthttp/router from 0.6.1 to 0.7.0 ( #737 )
...
Bumps [github.com/fasthttp/router](https://github.com/fasthttp/router ) from 0.6.1 to 0.7.0.
- [Release notes](https://github.com/fasthttp/router/releases )
- [Commits](https://github.com/fasthttp/router/compare/v0.6.1...v0.7.0 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-03-19 23:28:29 +11:00
89a81b7a05
[DEPS] Bump go.mongodb.org/mongo-driver from 1.1.3 to 1.3.1 ( #731 )
...
Bumps [go.mongodb.org/mongo-driver](https://github.com/mongodb/mongo-go-driver ) from 1.1.3 to 1.3.1.
- [Release notes](https://github.com/mongodb/mongo-go-driver/releases )
- [Commits](https://github.com/mongodb/mongo-go-driver/compare/v1.1.3...v1.3.1 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-03-19 20:32:50 +11:00
57cb342d0a
[DEPS] Bump github.com/lib/pq from 1.2.0 to 1.3.0 ( #732 )
...
Bumps [github.com/lib/pq](https://github.com/lib/pq ) from 1.2.0 to 1.3.0.
- [Release notes](https://github.com/lib/pq/releases )
- [Commits](https://github.com/lib/pq/compare/v1.2.0...v1.3.0 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-03-19 20:09:10 +11:00
ebd13cad46
[DEPS] Bump github.com/mattn/go-sqlite3 from 1.11.0 to 1.13.0 ( #729 )
...
Bumps [github.com/mattn/go-sqlite3](https://github.com/mattn/go-sqlite3 ) from 1.11.0 to 1.13.0.
- [Release notes](https://github.com/mattn/go-sqlite3/releases )
- [Commits](https://github.com/mattn/go-sqlite3/compare/v1.11.0...v1.13.0 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-03-19 19:46:49 +11:00
e174853564
[DEPS] Bump github.com/fasthttp/session from 1.1.3 to 1.1.7 ( #730 )
...
Bumps [github.com/fasthttp/session](https://github.com/fasthttp/session ) from 1.1.3 to 1.1.7.
- [Release notes](https://github.com/fasthttp/session/releases )
- [Commits](https://github.com/fasthttp/session/compare/v1.1.3...v1.1.7 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-03-19 19:28:17 +11:00
309695fa7f
[DEPS] Bump github.com/spf13/cobra from 0.0.5 to 0.0.6 ( #733 )
...
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra ) from 0.0.5 to 0.0.6.
- [Release notes](https://github.com/spf13/cobra/releases )
- [Commits](https://github.com/spf13/cobra/compare/0.0.5...v0.0.6 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-03-19 17:40:58 +11:00
de2bf6e5bc
[DEPS] Bump github.com/golang/mock from 1.3.1 to 1.4.3 ( #728 )
...
Bumps [github.com/golang/mock](https://github.com/golang/mock ) from 1.3.1 to 1.4.3.
- [Release notes](https://github.com/golang/mock/releases )
- [Changelog](https://github.com/golang/mock/blob/master/.goreleaser.yml )
- [Commits](https://github.com/golang/mock/compare/1.3.1...v1.4.3 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-03-19 17:16:59 +11:00
29b78508ea
[DEPS] Bump github.com/stretchr/testify from 1.4.0 to 1.5.1 ( #727 )
...
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify ) from 1.4.0 to 1.5.1.
- [Release notes](https://github.com/stretchr/testify/releases )
- [Commits](https://github.com/stretchr/testify/compare/v1.4.0...v1.5.1 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-03-19 16:51:22 +11:00
298d56dea3
[DEPS] Fix gopkg.in/ldap.v3 import for dependabot ( #726 )
2020-03-19 15:22:46 +11:00
3666343be8
[DEPS] Bump github.com/otiai10/copy from 1.0.2 to 1.1.1 ( #720 )
...
Bumps [github.com/otiai10/copy](https://github.com/otiai10/copy ) from 1.0.2 to 1.1.1.
- [Release notes](https://github.com/otiai10/copy/releases )
- [Commits](https://github.com/otiai10/copy/compare/v1.0.2...v1.1.1 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-03-19 14:11:28 +11:00
18c7f06655
[DEPS] Bump github.com/fasthttp/router from 0.5.2 to 0.6.1 ( #719 )
...
Bumps [github.com/fasthttp/router](https://github.com/fasthttp/router ) from 0.5.2 to 0.6.1.
- [Release notes](https://github.com/fasthttp/router/releases )
- [Commits](https://github.com/fasthttp/router/compare/v0.5.2...v0.6.1 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-03-19 13:51:32 +11:00
ca0b3388bc
[DEPS] Bump gopkg.in/yaml.v2 from 2.2.4 to 2.2.8 ( #718 )
...
Bumps [gopkg.in/yaml.v2](https://github.com/go-yaml/yaml ) from 2.2.4 to 2.2.8.
- [Release notes](https://github.com/go-yaml/yaml/releases )
- [Commits](https://github.com/go-yaml/yaml/compare/v2.2.4...v2.2.8 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-03-19 13:04:29 +11:00
4a9997b959
[DEPS] Bump github.com/Workiva/go-datastructures from 1.0.50 to 1.0.52 ( #717 )
...
Bumps [github.com/Workiva/go-datastructures](https://github.com/Workiva/go-datastructures ) from 1.0.50 to 1.0.52.
- [Release notes](https://github.com/Workiva/go-datastructures/releases )
- [Commits](https://github.com/Workiva/go-datastructures/compare/v1.0.50...v1.0.52 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-03-19 12:33:00 +11:00
7e7148c804
[DEPS] Bump github.com/go-sql-driver/mysql from 1.4.1 to 1.5.0 ( #716 )
...
Bumps [github.com/go-sql-driver/mysql](https://github.com/go-sql-driver/mysql ) from 1.4.1 to 1.5.0.
- [Release notes](https://github.com/go-sql-driver/mysql/releases )
- [Changelog](https://github.com/go-sql-driver/mysql/blob/master/CHANGELOG.md )
- [Commits](https://github.com/go-sql-driver/mysql/compare/v1.4.1...v1.5.0 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-03-19 12:11:38 +11:00
26369fff3d
[FEATURE] Support Argon2id password hasing and improved entropy ( #679 )
...
* [FEATURE] Support Argon2id Passwords
- Updated go module github.com/simia-tech/crypt
- Added Argon2id support for file based authentication backend
- Made it the default method
- Made it so backwards compatibility with SHA512 exists
- Force seeding of the random string generator used for salts to ensure they are all different
- Added command params to the authelia hash-password command
- Automatically remove {CRYPT} from hashes as they are updated
- Automatically change hashes when they are updated to the configured algorithm
- Made the hashing algorithm parameters completely configurable
- Added reasonably comprehensive test suites
- Updated docs
- Updated config template
* Adjust error output
* Fix unit test
* Add unit tests and argon2 version check
* Fix new unit tests
* Update docs, added tests
* Implement configurable values and more comprehensive testing
* Added cmd params to hash_password, updated docs, misc fixes
* More detailed error for cmd, fixed a typo
* Fixed cmd flag error, minor refactoring
* Requested Changes and Minor refactoring
* Increase entropy
* Update docs for entropy changes
* Refactor to reduce nesting and easier code maintenance
* Cleanup Errors (uniformity for the function call)
* Check salt length, fix docs
* Add Base64 string validation for argon2id
* Cleanup and Finalization
- Moved RandomString function from ./internal/authentication/password_hash.go to ./internal/utils/strings.go
- Added SplitStringToArrayOfStrings func that splits strings into an array with a fixed max string len
- Fixed an error in validator that would allow a zero salt length
- Added a test to verify the upstream crypt module supports our defined random salt chars
- Updated docs
- Removed unused "HashingAlgorithm" string type
* Update crypt go mod, support argon2id key length and major refactor
* Config Template Update, Final Tests
* Use schema defaults for hash-password cmd
* Iterations check
* Docs requested changes
* Test Coverage, suggested edits
* Wording edit
* Doc changes
* Default sanity changes
* Default sanity changes - docs
* CI Sanity changes
* Memory in MB
2020-03-06 12:38:02 +11:00
e92d3ced3a
Introduce viper in order to read secrets from env variables.
2020-01-22 10:15:25 +11:00
fabb76754e
Rename org from clems4ever to authelia
...
Also fix references from config.yml to configuration.yml
2019-12-24 13:14:52 +11:00
b89f63e9c1
Fix and parallelize integration tests.
2019-12-05 11:05:24 +01:00
a06b69dd45
Provide commands to migrate database from v3 to v4.
2019-11-17 16:30:33 +01:00
6303485fd2
Add support for PostgreSQL.
2019-11-16 23:39:26 +01:00
e20112f209
Remove retry mechanism from mysql provider.
...
The retry logic is implemented in the reflex service script instead.
2019-11-16 23:39:26 +01:00
bd19ee48fd
Deprecate mongo and add mariadb as storage backend option.
2019-11-16 23:39:26 +01:00
a991379a74
Declare suites as Go structs and bootstrap e2e test framework in Go.
...
Some tests are not fully rewritten in Go, a typescript wrapper is called
instead until we remove the remaining TS tests and dependencies.
Also, dockerize every components (mainly Authelia backend, frontend and kind)
so that the project does not interfere with user host anymore (open ports for instance).
The only remaining intrusive change is the one done during bootstrap to add entries in /etc/hosts.
It will soon be avoided using authelia.com domain that I own.
2019-11-15 20:23:06 +01:00
5bd9e831eb
Use pure implementation of crypt to generate and check password hashes.
...
This allows to remove the dependency to libc.
2019-11-01 23:06:31 +01:00
9d7224b7ad
Replace typescript version of authelia-scripts by Go version.
2019-11-01 19:03:22 +01:00
931887a0a7
Use Golang modules to freeze dependencies.
2019-10-29 00:40:45 +01:00
James Elliott
dependabot-preview[bot]
Amir Zarrinkafsh
Clement Michaud