Commit Graph

34 Commits (ba1ed1252c52ce1d42018d9f40a99f77d49f45af)

Author SHA1 Message Date
James Elliott 8c057f65a5
Merge remote-tracking branch 'origin/master' into feat-settings-ui 2023-02-11 21:53:34 +11:00
James Elliott 2888ee7f41
refactor(commands): services (#4914)
Misc refactoring of the services logic to simplify the
2023-02-11 21:45:26 +11:00
James Elliott d7be1c1359
refactor: reduce complexity 2023-02-01 22:10:38 +11:00
James Elliott 3af20a7daf
build(deps): use @simplewebauthn/browser 2023-01-30 16:37:53 +11:00
James Elliott 7d17c39c52
Merge origin/master into feat-settings-ui 2023-01-25 22:11:41 +11:00
James Elliott 65705a646d
feat(server): customizable authz endpoints (#4296)
This allows users to customize the authz endpoints.

Closes #2753, Fixes #3716

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2023-01-25 20:36:40 +11:00
James Elliott bd279900ca
Merge remote-tracking branch 'origin/master' into feat-settings-ui 2023-01-20 17:56:06 +11:00
James Elliott cf4010b4fb
fix(oidc): csp blocks form_post response form submit (#4719)
This fixes an issue where the form_post response never gets submitted.

Fixes #4669
2023-01-08 07:04:06 +11:00
James Elliott 49d421e910
Merge remote-tracking branch 'origin/master' into feat-settings-ui
# Conflicts:
#	api/openapi.yml
#	web/src/views/DeviceRegistration/RegisterWebauthn.tsx
#	web/src/views/LoginPortal/SecondFactor/WebauthnMethod.tsx
2023-01-07 11:50:19 +11:00
James Elliott 1c3219e93f
perf(server): cached openapi document (#4674)
This should lead to a small performance gain by caching the openapi.yml with etags as well as eliminating the use of nonce crypto generation when not required.
2023-01-03 14:49:02 +11:00
James Elliott 917ac89e38
refactor: 2fa api 2023-01-01 22:16:28 +11:00
James Elliott dd781ffc51
refactor: adjust settings components 2022-12-31 18:27:43 +11:00
James Elliott 4a2fd3dea7
Merge remote-tracking branch 'origin/master' into feat-settings-ui 2022-12-23 16:08:47 +11:00
James Elliott 3ba2eae20e
fix(server): verify endpoint 405ing non-get/head reqs (#4607)
Fixes an issue specific to envoy that prevents the verify endpoint working with requests not using the GET or HEAD methods.
2022-12-21 18:47:20 +11:00
James Elliott a186dca3bf
Merge remote-tracking branch 'origin/master' into feat-settings-ui
# Conflicts:
#	api/openapi.yml
2022-12-17 15:47:34 +11:00
James Elliott d13247ce43
refactor(server): simplify templating and url derivation (#4547)
This refactors a few areas of the server templating and related functions.
2022-12-17 11:49:05 +11:00
Stephen Kent 2584e3d328
feat: move webauthn device enrollment flow to new settings ui (#4376)
The current 2-factor authentication method registration flow requires
email verification for both initial 2FA registration, and 2FA
re-registration even if the user is already logged in with 2FA.

This change removes email ID verification for users who are already
logged in with 2-factor authentication. Users who have only completed
first factor authentication (password) are still required to complete
email ID verification.
2022-11-19 16:48:47 +11:00
James Elliott 1a1b85489c
feat: settings ui device details (#4369)
This adds details to the settings ui.
2022-11-14 13:19:18 +11:00
James Elliott 9b66bb4fe2
Merge remote-tracking branch 'origin/master' into feat-settings-ui
# Conflicts:
#	internal/model/webauthn.go
2022-11-13 09:19:22 +11:00
Clément Michaud a69ba22f46 feat: implement a ui for supporting multiple u2f devices 2022-10-30 09:52:49 +01:00
James Elliott a283fda6d6
fix(oidc): handle authorization post requests (#4270)
This fixes an issue where the authorization endpoint was not handling post requests as per the specification. It also fixes the missing CORS middleware on the authorization endpoint.
2022-10-26 19:14:43 +11:00
James Elliott 3aaca0604f
feat(oidc): implicit consent (#4080)
This adds multiple consent modes to OpenID Connect clients. Specifically it allows configuration of a new consent mode called implicit which never asks for user consent.
2022-10-20 13:16:36 +11:00
James Elliott ed7092c59a
feat: envoy support (#3793)
Adds support for Envoy and Istio using the X-Authelia-URL header. The documentation will be published just before the release.

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2022-10-01 21:47:09 +10:00
James Elliott 15110b732a
fix(server): i18n etags missing (#3973)
This fixes missing etags from locales assets.
2022-09-16 11:19:16 +10:00
James Elliott d2f1e5d36d
feat(configuration): automatically map old keys (#3199)
This performs automatic remapping of deprecated configuration keys in most situations.
2022-06-28 13:15:50 +10:00
James Elliott 001589cd6d
feat(metrics): implement prometheus metrics (#3234)
Adds ability to record metrics and gather them for Prometheus.
2022-06-14 17:20:13 +10:00
James Elliott 5e3a1fd863
fix(server): handled errors not logged correctly (#3507)
This fixes an issue where errors handled by the ErrorHandler were not correctly logged. It also ensures the errors are logged with fields to make them easy to diagnose.

Fixes #3506
2022-06-12 09:26:28 +10:00
James Elliott a50d425863
refactor(middlewares): convert the bridge to a builder (#3338)
This adjusts the bridge to be utilized as a builder in order to make it more reusable.
2022-06-10 11:34:43 +10:00
James Elliott 0855ea2f71
fix(server): missing cache and xss headers (#3289)
Addresses documentation and a couple of headers which were missed.
2022-05-04 14:47:23 +10:00
James Elliott 556a115c83
fix(server): missing modern security headers (#3288)
This fixes an issue with missing modern security headers such as the X-Content-Type-Options, Referer-Policy, etc.
2022-05-03 12:19:30 +10:00
James Elliott 4710de33a4
refactor(configuration): remove ptr for duoapi and notifier (#3200)
This adds to the ongoing effort to remove all pointers to structs in the configuration without breaking backwards compatibility.
2022-04-16 09:34:26 +10:00
James Elliott 4503ac07be
fix(web): lowercase locales are not consistent with localization platforms (#3141)
This fixes an issue with localization platforms and the docs regarding localization, and the forcing locale names to lowercase.
2022-04-08 14:53:46 +10:00
James Elliott ce6bf74c8d
fix(server): incorrect remote ip logged in error handler (#3139)
This fixes edge cases where the remote IP was not correctly logged. Generally this is not an issue as most errors do not hit this handler, but in instances where a transport error occurs this is important.
2022-04-08 14:13:47 +10:00
James Elliott 4ebd8fdf4e
feat(oidc): provide cors config including options handlers (#3005)
This adjusts the CORS headers appropriately for OpenID Connect. This includes responding to OPTIONS requests appropriately. Currently this is only configured to operate when the Origin scheme is HTTPS; but can easily be expanded in the future to include additional Origins.
2022-04-07 10:58:51 +10:00