Commit Graph

1259 Commits (b770d3cb6c572ec313f16e44dcba9d2ef1cc92b6)

Author SHA1 Message Date
James Elliott 6e946dc859 Added sec warn, more debug logging detail
- Added a warning for users who attempt authentication on servers that don't allow STARTTLS (they are transmitted in plain text)
- Included a note when AUTH fails due to no supported mechanisms including the mechanisms supported (PLAIN and LOGIN)
2019-12-28 09:35:01 +01:00
James Elliott c4b56a6002 Implement SMTP StartTLS and Adaptive Auth
- If the STARTTLS extension is advertised we automatically STARTTLS before authenticating or sending
- Uses the secure config key to determine if we should verify the cert. By default it does not verify the cert (should not break any configs)
- Attempt auth when the config has a SMTP password and the server supports the AUTH extension and either the PLAIN or LOGIN mechanism
- Check the mechanisms supported by the server and use PLAIN or LOGIN depending on which is supported
- Changed secure key to use boolean values instead of strings
- Arranged SMTP notifier properties/vars to be in the same order
- Log the steps for STARTTLS (debug only)
- Log the steps for AUTH (debug only)
2019-12-28 09:35:01 +01:00
Clement Michaud 716e017521 Add early checks for user hashes. 2019-12-28 09:08:54 +01:00
Clement Michaud 1ee442e86f Improve logs of password hashing to help troubleshoot issues. 2019-12-28 09:08:54 +01:00
Amir Zarrinkafsh d037fb2728 Allow authelia-scripts to be called in e2etest setup 2019-12-28 09:08:18 +01:00
Amir Zarrinkafsh 2fb20882d9
Utilise Buildkite for Authelia CI/CD (#507)
Publish steps are currently disabled.
2019-12-27 22:07:53 +11:00
Mike Kusold 511b0b3c62 Distribute authelia-scripts in docker image
Building and copying the authelia-scripts binary so that migrations can
easily be ran.
2019-12-24 14:23:02 +11:00
Amir Zarrinkafsh fabb76754e
Rename org from clems4ever to authelia
Also fix references from config.yml to configuration.yml
2019-12-24 13:14:52 +11:00
Amir Zarrinkafsh 3a330c3383
Move Buildkite CI tooling to new repo 2019-12-23 10:13:17 +11:00
Amir Zarrinkafsh 2d062284d6
Move Buildkite CI tooling to new repo
https://github.com/authelia/buildkite
https://hub.docker.com/r/authelia/buildkite
2019-12-22 05:58:21 +11:00
Amir Zarrinkafsh 3fb84fabc2 Update README.md 2019-12-21 19:13:01 +01:00
Amir Zarrinkafsh 90bd13cb4c Add README.md with usage instructions 2019-12-21 19:13:01 +01:00
Amir Zarrinkafsh 1f7cf5c172 Example docker-compose.yml for nodes and registrycache 2019-12-21 19:13:01 +01:00
Amir Zarrinkafsh 8939ca4f65 Rename abc user to buildkite 2019-12-21 19:13:01 +01:00
Amir Zarrinkafsh 9e7dac1107 Add Buildkite CI tooling 2019-12-21 19:13:01 +01:00
James Elliott 09b4e4e57e Allow blank additional_groups_dn and additional_users_dn
- Make the DN concatenation uniform between both Users and Groups
- Make it possible to use a blank or commented out additional_users_dn or additional_groups_dn for ldap backends
- Fixes #508
2019-12-19 23:29:16 +01:00
James Elliott f3cf092433 Fix second_factor_method creation length
- mobile_push is 11 characters long, but db init sets it to 10.
2019-12-19 23:27:04 +01:00
James Elliott a189c28af3 Fix PostgreSQL Update Second Factor Method Pref
- column name is second_factor_method, not method
2019-12-19 23:27:04 +01:00
Clement Michaud bdf0c07a41 Display correct RemoteIP in logs. 2019-12-11 19:01:16 +01:00
Clement Michaud 4dd6260ac8 Revert "Read X-Real-Ip as the remote IP provided by the proxy."
This reverts commit fccb55f714.

Avoid exposing Authelia to more attacks by only keeping X-Forwarded-For.
2019-12-11 08:29:32 +01:00
Clement Michaud fccb55f714 Read X-Real-Ip as the remote IP provided by the proxy.
Authelia needs to know with what IP was the request originating in
order to apply network based ACL rules. Authelia already supported
X-Forwarded-For but X-Real-IP is another way to define it. It takes
precedence over X-Forwarded-For.
2019-12-10 23:47:05 +01:00
Clement Michaud f6d2029e2c Introduce architecture schema in the README. 2019-12-10 12:27:42 +01:00
Clement Michaud da2b3b8370 Add a way to run multiple suites with authelia-scripts.
Providing a list of suites test to authelia-scripts will run the
tests of each of them sequentially.

For instance, authelia-scripts suites test Standalone,BypassAll.
2019-12-10 12:27:09 +01:00
Clement Michaud e0d4ed2a07 Strip v of TRAVIS_TAG before extracting binary. 2019-12-10 10:29:06 +01:00
Clement Michaud bd2ddc5e90 Strip v prefix in git tag name when publishing in Docker. 2019-12-10 09:21:54 +01:00
Clement Michaud d4e236bc66 Update README to announce v4 has been released. 2019-12-09 13:03:12 +01:00
Clement Michaud c3569d9bd0 Use static version of Authelia in suites when in CI.
This is to avoid the multiple reloads due to the frontend modules
being installed at the startup of the suite and randomly preventing
Authelia from starting.
2019-12-09 13:03:12 +01:00
Clement Michaud 26798cdf3a Add a check for enclosing parenthesis in LDAP users and groups filters. 2019-12-09 13:03:12 +01:00
Clement Michaud 31776d2d94 Update CHANGELOG before releasing stable v4. 2019-12-09 13:03:12 +01:00
Clement Michaud b4a8c4f0ec Introduce version command to Authelia to check the version
The version command displays the tag and the commit hash of the
built commit along with the time when the build was done.
2019-12-09 13:03:12 +01:00
Amir Zarrinkafsh 55460035f7 Fix README.md publication and tag cleanup for DockerHub 2019-12-09 08:22:10 +01:00
Amir Zarrinkafsh d158632452 Fix README.md publication and tag cleanup for DockerHub 2019-12-09 08:22:10 +01:00
Clement Michaud f4f5d17684 Add host parameter to configure the interface Authelia listens on. 2019-12-08 19:07:19 +01:00
Clement Michaud 6f1ec2094d Fix HighAvailability suite randomness. 2019-12-08 16:41:28 +01:00
Clement Michaud 3d20142292 Allow administrator to provide a Google Analytics tracking ID.
Providing a GA tracking ID allows administrators to analyze
how the portal is used by their users in large environments,
i.e., with many users.
This will make even more sense when we have users and admins
management interfaces.
2019-12-08 14:31:48 +01:00
Clement Michaud 3faa63e8ed Use lower case database table names. 2019-12-08 14:31:48 +01:00
Clement Michaud 7c3f8c0460 Fix backend unit tests. 2019-12-08 14:31:48 +01:00
Clement Michaud df33bef478 Test user does see the not registered message.
When a user use Authelia for the first time no device is enrolled in DB.
Now we test that the user does see the "not registered" message when
no device is enrolled and see the standard 2FA method when a device is
already enrolled.
2019-12-08 14:31:48 +01:00
Clement Michaud 5f8726fe87 Let the user know device is not enrolled.
A message is now displayed to the user when he first sign in
in Authelia letting him know that a device must be enrolled.

Also introduce a message letting him know when he is already
authenticated.
2019-12-08 14:31:48 +01:00
Clement Michaud 5942e00412 Introduce hasU2F and hasTOTP in user info. 2019-12-08 14:31:48 +01:00
Clément Michaud 778f069013
Update README.md 2019-12-07 14:39:21 +01:00
Clement Michaud d077ad10da Update expiration timeouts from milliseconds to seconds. 2019-12-07 14:36:24 +01:00
Amir Zarrinkafsh fed51cc17d Clean up README files 2019-12-07 10:40:55 +01:00
Amir Zarrinkafsh 419512472b Publish sha256sum of Github artifacts
Signed-off-by: Amir Zarrinkafsh <nightah@me.com>
2019-12-07 10:40:55 +01:00
Clement Michaud cc50a7eec5 Add a warning log when /%23/ characters are detected. 2019-12-06 22:34:57 +01:00
Clement Michaud e21da43fd6 Add support for LDAP over TLS. 2019-12-06 21:33:47 +01:00
Clement Michaud 336276be98 Be able to run scenarii in isolation for each suite. 2019-12-06 07:11:54 +01:00
Clement Michaud 2b544346f3 Update BREAKING.md and CHANGELOG.md 2019-12-05 23:20:12 +01:00
Clement Michaud 61c1365ba2 Update README and documentation to close refactoring. 2019-12-05 23:20:12 +01:00
Clement Michaud 3aacb34571 Raise sign in timeout of security key to 30 seconds. 2019-12-05 23:20:12 +01:00