Commit Graph

22 Commits (b98b0fb1fbb281841220d51f9a56e915670abf73)

Author SHA1 Message Date
James Elliott ff6be40f5e
feat(oidc): pushed authorization requests (#4546)
This implements RFC9126 OAuth 2.0 Pushed Authorization Requests. See https://datatracker.ietf.org/doc/html/rfc9126 for the specification details.
2023-03-06 14:58:50 +11:00
James Elliott a345490826
feat(server): handle head method (#5003)
This implements some HEAD method handlers for various static resources and the /api/health endpoint.
2023-02-28 20:01:09 +11:00
James Elliott 2888ee7f41
refactor(commands): services (#4914)
Misc refactoring of the services logic to simplify the
2023-02-11 21:45:26 +11:00
James Elliott 65705a646d
feat(server): customizable authz endpoints (#4296)
This allows users to customize the authz endpoints.

Closes #2753, Fixes #3716

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2023-01-25 20:36:40 +11:00
James Elliott cf4010b4fb
fix(oidc): csp blocks form_post response form submit (#4719)
This fixes an issue where the form_post response never gets submitted.

Fixes #4669
2023-01-08 07:04:06 +11:00
James Elliott 1c3219e93f
perf(server): cached openapi document (#4674)
This should lead to a small performance gain by caching the openapi.yml with etags as well as eliminating the use of nonce crypto generation when not required.
2023-01-03 14:49:02 +11:00
James Elliott 3ba2eae20e
fix(server): verify endpoint 405ing non-get/head reqs (#4607)
Fixes an issue specific to envoy that prevents the verify endpoint working with requests not using the GET or HEAD methods.
2022-12-21 18:47:20 +11:00
James Elliott d13247ce43
refactor(server): simplify templating and url derivation (#4547)
This refactors a few areas of the server templating and related functions.
2022-12-17 11:49:05 +11:00
James Elliott a283fda6d6
fix(oidc): handle authorization post requests (#4270)
This fixes an issue where the authorization endpoint was not handling post requests as per the specification. It also fixes the missing CORS middleware on the authorization endpoint.
2022-10-26 19:14:43 +11:00
James Elliott 3aaca0604f
feat(oidc): implicit consent (#4080)
This adds multiple consent modes to OpenID Connect clients. Specifically it allows configuration of a new consent mode called implicit which never asks for user consent.
2022-10-20 13:16:36 +11:00
James Elliott ed7092c59a
feat: envoy support (#3793)
Adds support for Envoy and Istio using the X-Authelia-URL header. The documentation will be published just before the release.

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2022-10-01 21:47:09 +10:00
James Elliott 15110b732a
fix(server): i18n etags missing (#3973)
This fixes missing etags from locales assets.
2022-09-16 11:19:16 +10:00
James Elliott d2f1e5d36d
feat(configuration): automatically map old keys (#3199)
This performs automatic remapping of deprecated configuration keys in most situations.
2022-06-28 13:15:50 +10:00
James Elliott 001589cd6d
feat(metrics): implement prometheus metrics (#3234)
Adds ability to record metrics and gather them for Prometheus.
2022-06-14 17:20:13 +10:00
James Elliott 5e3a1fd863
fix(server): handled errors not logged correctly (#3507)
This fixes an issue where errors handled by the ErrorHandler were not correctly logged. It also ensures the errors are logged with fields to make them easy to diagnose.

Fixes #3506
2022-06-12 09:26:28 +10:00
James Elliott a50d425863
refactor(middlewares): convert the bridge to a builder (#3338)
This adjusts the bridge to be utilized as a builder in order to make it more reusable.
2022-06-10 11:34:43 +10:00
James Elliott 0855ea2f71
fix(server): missing cache and xss headers (#3289)
Addresses documentation and a couple of headers which were missed.
2022-05-04 14:47:23 +10:00
James Elliott 556a115c83
fix(server): missing modern security headers (#3288)
This fixes an issue with missing modern security headers such as the X-Content-Type-Options, Referer-Policy, etc.
2022-05-03 12:19:30 +10:00
James Elliott 4710de33a4
refactor(configuration): remove ptr for duoapi and notifier (#3200)
This adds to the ongoing effort to remove all pointers to structs in the configuration without breaking backwards compatibility.
2022-04-16 09:34:26 +10:00
James Elliott 4503ac07be
fix(web): lowercase locales are not consistent with localization platforms (#3141)
This fixes an issue with localization platforms and the docs regarding localization, and the forcing locale names to lowercase.
2022-04-08 14:53:46 +10:00
James Elliott ce6bf74c8d
fix(server): incorrect remote ip logged in error handler (#3139)
This fixes edge cases where the remote IP was not correctly logged. Generally this is not an issue as most errors do not hit this handler, but in instances where a transport error occurs this is important.
2022-04-08 14:13:47 +10:00
James Elliott 4ebd8fdf4e
feat(oidc): provide cors config including options handlers (#3005)
This adjusts the CORS headers appropriately for OpenID Connect. This includes responding to OPTIONS requests appropriately. Currently this is only configured to operate when the Origin scheme is HTTPS; but can easily be expanded in the future to include additional Origins.
2022-04-07 10:58:51 +10:00