e19eafcfc5
[MISC] (deps): Bump @types/node from 14.0.4 to 14.0.5 in /web ( #1042 )
...
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node ) from 14.0.4 to 14.0.5.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases )
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2020-05-22 08:19:50 +10:00
b5f27b7451
[MISC] (deps): Bump github.com/fasthttp/router from 1.1.1 to 1.1.2 ( #1041 )
...
Bumps [github.com/fasthttp/router](https://github.com/fasthttp/router ) from 1.1.1 to 1.1.2.
- [Release notes](https://github.com/fasthttp/router/releases )
- [Commits](https://github.com/fasthttp/router/compare/v1.1.1...v1.1.2 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-05-22 08:04:45 +10:00
08d412ece8
[DOCS] Add FAQs to Traefik2 ( #1038 )
...
Closes #997 .
2020-05-21 16:48:54 +02:00
3249448d5c
[RELEASE] v4.19.0 ( #1037 )
2020-05-21 16:13:58 +10:00
0f100d4f7b
[DEPRECATE] Warning for PUBLIC_DIR environment variable ( #938 )
2020-05-21 14:51:28 +10:00
b264e63235
[DEV] Fix permission issue with dev workflow. ( #1033 )
...
* [DEV] Fix permission issue with dev workflow.
nginx backend was facing permission denied errors because the permissions of the html
files were too restricted. Moreover those files were added to the docker image while they
could just be mounted as other services.
* Fix Kubernetes integration test
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-05-21 14:35:22 +10:00
7488206195
[BUGFIX] Relax CSP for trusted-types ( #1036 )
...
This will need to be revisited to re-introduce trusted-types when we have a clear handle on all the libraries and their implementation to support this.
2020-05-21 13:16:37 +10:00
fcd0b5e46a
[FEATURE] Allow Authelia to listen on a specified path ( #1027 )
...
* [FEATURE] Allow Authelia to listen on a specified path
* Fix linting and add a couple typescript types
* Template index.html to support base_url
* Update docs and configuration template
* Access base path from body attribute.
* Update CSP
* Fix unit test
Also remove check for body as this will never get triggered, react itself is loaded inside the body so this has to always be successful.
* Template index.html with ${PUBLIC_URL}
* Define PUBLIC_URL in .env(s)
* Add docs clarification
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
Co-authored-by: Clement Michaud <clement.michaud34@gmail.com>
2020-05-21 12:20:55 +10:00
469daedd36
[FEATURE] Delay 1FA Authentication ( #993 )
...
* adaptively delay 1FA by the actual execution time of authentication
* should grow and shrink over time as successful attempts are made
* uses the average of the last 10 successful attempts to calculate
* starts at an average of 1000ms
* minimum is 250ms
* a random delay is added to the largest of avg or minimum
* the random delay is between 0ms and 85ms
* bump LDAP suite to 80s timeout
* bump regulation scenario to 45s
* add mutex locking
* amend logging
* add docs
* add tests
Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
2020-05-21 00:03:15 +02:00
147d0879e3
[MISC] (deps): Bump @types/node from 14.0.3 to 14.0.4 in /web ( #1035 )
...
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node ) from 14.0.3 to 14.0.4.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases )
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-05-20 18:05:07 +10:00
bd288347c4
[MISC] (deps): Bump typescript from 3.9.2 to 3.9.3 in /web ( #1034 )
...
Bumps [typescript](https://github.com/Microsoft/TypeScript ) from 3.9.2 to 3.9.3.
- [Release notes](https://github.com/Microsoft/TypeScript/releases )
- [Commits](https://github.com/Microsoft/TypeScript/compare/v3.9.2...v3.9.3 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-05-20 09:42:59 +10:00
969a50cbec
[MISC] (deps): Bump @types/node from 14.0.1 to 14.0.3 in /web ( #1032 )
...
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node ) from 14.0.1 to 14.0.3.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases )
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-05-19 21:59:07 +02:00
d09d636d94
[MISC] (deps): Bump @types/jest from 25.2.2 to 25.2.3 in /web ( #1031 )
...
Bumps [@types/jest](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/jest ) from 25.2.2 to 25.2.3.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases )
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/jest )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2020-05-19 08:39:15 +10:00
41bbb73e9d
[MISC] (deps): [Security] Bump activesupport in /docs ( #1030 )
...
Bumps [activesupport](https://github.com/rails/rails ) from 6.0.2.1 to 6.0.3.1. **This update includes a security fix.**
- [Release notes](https://github.com/rails/rails/releases )
- [Changelog](https://github.com/rails/rails/blob/v6.0.3.1/activesupport/CHANGELOG.md )
- [Commits](https://github.com/rails/rails/compare/v6.0.2.1...v6.0.3.1 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2020-05-19 08:24:24 +10:00
13e2050d91
[MISC] (deps): Bump golang from 1.14.2-alpine to 1.14.3-alpine ( #1029 )
...
Bumps golang from 1.14.2-alpine to 1.14.3-alpine.
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2020-05-19 08:22:02 +10:00
79a2139896
[MISC] Fix linting error introduced in #1001 ( #1028 )
2020-05-19 07:50:50 +10:00
fe5ebfb75a
[FEATURE] Bump to fasthttp/session/v2 to support redis unix socket. ( #1001 )
...
* [FEATURE] Bump to fasthttp/session/v2 to support redis unix socket.
* Fix lint issues.
* Remove v1 import and fix double import.
* [DOCS] Document use of redis unix socket.
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-05-18 12:45:47 +10:00
29673195b6
[MISC] (deps): Bump golang in /internal/suites/example/compose/authelia ( #1024 )
...
Bumps golang from 1.14.2-alpine to 1.14.3-alpine.
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-05-17 22:17:10 +02:00
675b1b8e26
[RELEASE] v4.18.1 ( #1023 )
2020-05-16 13:37:01 +10:00
a4cf2e675f
[DEPRECATE] Remove Google Analytics ( #1021 )
...
* it doesn't work with our current CSP
* it's probably not used by anyone
* it isn't in harmony with our security purposes
* literally removes all use of it
* suggestions from code review
* remove useless test.
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
Co-authored-by: Clement Michaud <clement.michaud34@gmail.com>
2020-05-16 09:41:42 +10:00
991ce29e4b
[MISC] (deps): Bump @types/qrcode.react from 1.0.0 to 1.0.1 in /web ( #1022 )
...
Bumps [@types/qrcode.react](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/qrcode.react ) from 1.0.0 to 1.0.1.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases )
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/qrcode.react )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-05-15 21:49:34 +02:00
d0b32eb1cc
[MISC] (deps): [Security] Bump handlebars from 4.5.3 to 4.7.6 in /web ( #1020 )
...
Bumps [handlebars](https://github.com/wycats/handlebars.js ) from 4.5.3 to 4.7.6. **This update includes a security fix.**
- [Release notes](https://github.com/wycats/handlebars.js/releases )
- [Changelog](https://github.com/handlebars-lang/handlebars.js/blob/master/release-notes.md )
- [Commits](https://github.com/wycats/handlebars.js/compare/v4.5.3...v4.7.6 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-05-15 09:57:28 +10:00
73bd2e4479
[FIX] Hash Password Cmd Not Encoding Provided Salt ( #999 )
...
* using authelia hash-password if you provide a salt it doesn't encode it as a base64 string
* this causes invalid salts to be stored if a user manually provided one instead of reliance on the automatic generation
* additionally bumped the minimum required salt length to 8 as per reference spec
* additionally removed the maximum salt length as per reference spec (actually 2^32-1 per int32)
* see docs:
* https://tools.ietf.org/html/draft-irtf-cfrg-argon2-10
* https://github.com/P-H-C/phc-winner-argon2
* https://github.com/P-H-C/phc-string-format
* encode all salts
* fix edge case of false positive in CheckPassword
* bump crypt version and fix tests
2020-05-14 15:55:03 +10:00
561a3f551c
[DOCS] Fix typos in proxy examples ( #1015 )
...
Also include global http -> https redirection in Traefik 2.x example.
2020-05-14 13:26:52 +10:00
8339b095c9
[MISC] (deps): Bump github.com/fasthttp/router from 1.1.0 to 1.1.1 ( #1016 )
...
Bumps [github.com/fasthttp/router](https://github.com/fasthttp/router ) from 1.1.0 to 1.1.1.
- [Release notes](https://github.com/fasthttp/router/releases )
- [Commits](https://github.com/fasthttp/router/compare/v1.1.0...v1.1.1 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2020-05-14 08:08:34 +10:00
1b42c6b1a6
[MISC] (deps): Bump @types/jest from 25.2.1 to 25.2.2 in /web ( #1019 )
...
Bumps [@types/jest](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/jest ) from 25.2.1 to 25.2.2.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases )
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/jest )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2020-05-14 07:52:39 +10:00
e259e6182e
[MISC] (deps): Bump gopkg.in/yaml.v2 from 2.2.8 to 2.3.0 ( #1017 )
...
Bumps [gopkg.in/yaml.v2](https://github.com/go-yaml/yaml ) from 2.2.8 to 2.3.0.
- [Release notes](https://github.com/go-yaml/yaml/releases )
- [Commits](https://github.com/go-yaml/yaml/compare/v2.2.8...v2.3.0 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-05-14 07:19:17 +10:00
1f0b61d682
[MISC] (deps): Bump @types/node from 14.0.0 to 14.0.1 in /web ( #1014 )
...
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node ) from 14.0.0 to 14.0.1.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases )
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-05-13 17:25:31 +10:00
0f92938da5
[MISC] (deps): Bump @types/node from 13.13.5 to 14.0.0 in /web ( #1013 )
...
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node ) from 13.13.5 to 14.0.0.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases )
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-05-13 10:27:26 +10:00
06f9286fbc
[MISC] (deps): Bump typescript from 3.8.3 to 3.9.2 in /web ( #1012 )
...
Bumps [typescript](https://github.com/Microsoft/TypeScript ) from 3.8.3 to 3.9.2.
- [Release notes](https://github.com/Microsoft/TypeScript/releases )
- [Commits](https://github.com/Microsoft/TypeScript/commits )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-05-13 10:02:18 +10:00
5008bcf395
[MISC] (deps): Bump @material-ui/core from 4.9.13 to 4.9.14 in /web ( #1010 )
...
Bumps [@material-ui/core](https://github.com/mui-org/material-ui/tree/HEAD/packages/material-ui ) from 4.9.13 to 4.9.14.
- [Release notes](https://github.com/mui-org/material-ui/releases )
- [Changelog](https://github.com/mui-org/material-ui/blob/master/CHANGELOG.md )
- [Commits](https://github.com/mui-org/material-ui/commits/v4.9.14/packages/material-ui )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-05-12 09:43:44 +10:00
8dafb2948d
[MISC] (deps): Bump react-router-dom from 5.1.2 to 5.2.0 in /web ( #1009 )
...
Bumps [react-router-dom](https://github.com/ReactTraining/react-router ) from 5.1.2 to 5.2.0.
- [Release notes](https://github.com/ReactTraining/react-router/releases )
- [Changelog](https://github.com/ReactTraining/react-router/blob/master/CHANGELOG.md )
- [Commits](https://github.com/ReactTraining/react-router/compare/v5.1.2...v5.2.0 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-05-12 09:00:13 +10:00
3b7baa932d
[MISC] (deps): Bump @types/react-dom from 16.9.7 to 16.9.8 in /web ( #1007 )
...
Bumps [@types/react-dom](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react-dom ) from 16.9.7 to 16.9.8.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases )
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react-dom )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-05-11 13:10:20 +10:00
07f344c21c
[MISC] (deps): Bump @types/react from 16.9.34 to 16.9.35 in /web ( #1006 )
...
Bumps [@types/react](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react ) from 16.9.34 to 16.9.35.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases )
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-05-11 12:48:20 +10:00
7718c48e68
[MISC] (deps): Bump github.com/spf13/viper from 1.6.3 to 1.7.0 ( #1005 )
...
Bumps [github.com/spf13/viper](https://github.com/spf13/viper ) from 1.6.3 to 1.7.0.
- [Release notes](https://github.com/spf13/viper/releases )
- [Commits](https://github.com/spf13/viper/compare/v1.6.3...v1.7.0 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-05-11 09:41:48 +10:00
e2785e37c0
[MISC] (deps): Bump github.com/fasthttp/router from 1.0.4 to 1.1.0 ( #1004 )
...
Bumps [github.com/fasthttp/router](https://github.com/fasthttp/router ) from 1.0.4 to 1.1.0.
- [Release notes](https://github.com/fasthttp/router/releases )
- [Commits](https://github.com/fasthttp/router/compare/v1.0.4...v1.1.0 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-05-11 09:16:49 +10:00
85933dd25d
Document future possibility to use alternative 1FA methods. ( #1000 )
2020-05-10 07:46:28 +10:00
3d43e98bcf
[MISC] (deps): Bump github.com/lib/pq from 1.5.1 to 1.5.2 ( #995 )
...
Bumps [github.com/lib/pq](https://github.com/lib/pq ) from 1.5.1 to 1.5.2.
- [Release notes](https://github.com/lib/pq/releases )
- [Commits](https://github.com/lib/pq/compare/v1.5.1...v1.5.2 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-05-09 02:24:24 +10:00
d2c914ed6c
[BUGFIX] Prevent lite bundle redis panic ( #994 )
2020-05-08 23:00:14 +10:00
332a68541c
[MISC] Refactor Authentication ( #987 )
...
* only do salt validation in validate salt
* fix tests
* remove panic(err.Error())
* use file mode const
* do hash cleanup on file read instead of check password
* design ConfigAlgoToCryptoAlgo and implement it
* split HashPassword func into functional chunks that could theoretically be reused
2020-05-08 13:38:22 +10:00
aa242142c0
[RELEASE] 4.18.0 ( #990 )
...
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-05-08 11:36:07 +10:00
df1fd31092
[MISC] (deps): Bump github.com/go-ldap/ldap/v3 from 3.1.9 to 3.1.10 ( #991 )
...
Bumps [github.com/go-ldap/ldap/v3](https://github.com/go-ldap/ldap ) from 3.1.9 to 3.1.10.
- [Release notes](https://github.com/go-ldap/ldap/releases )
- [Commits](https://github.com/go-ldap/ldap/compare/v3.1.9...v3.1.10 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-05-08 11:20:46 +10:00
9e7947a193
[DEPRECATE] Environment Variable Secrets ( #905 )
...
* remove ENV usages
* fix reader unit tests
* fix standalone suite
* fix k8s suite
* apply suggestions from code review
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-05-08 11:01:57 +10:00
a70e460ff4
[BUGFIX] Add routes for files in the root path ( #988 )
2020-05-07 13:29:12 +02:00
6aa97fa56b
[MISC] (deps): Bump github.com/go-ldap/ldap/v3 from 3.1.8 to 3.1.9 ( #986 )
...
Bumps [github.com/go-ldap/ldap/v3](https://github.com/go-ldap/ldap ) from 3.1.8 to 3.1.9.
- [Release notes](https://github.com/go-ldap/ldap/releases )
- [Commits](https://github.com/go-ldap/ldap/compare/v3.1.8...v3.1.9 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-05-06 20:44:35 +02:00
b658676768
[DEPRECATE] Remove OSX (darwin) based Dockerfile ( #985 )
...
Missed in #967 .
2020-05-06 18:53:49 +10:00
c3fc560242
[CI] Fix race condition on Docker tag clean up ( #984 )
...
Prior to this change if there was a branch/PR build which had not yet published manifests and a master build running simultaneously, assuming the master build finished publishing manifests before former it would clean up the architecture tagged containers (-{amd64,arm32v7,arm64v8}) which would result in the manifest step failing for the branch or PR build.
These should not be considered in either of the clean up steps because they're removed as part of a successful manifest being published.
2020-05-06 13:28:44 +10:00
af5754bcab
[MISC] Add coverage for Remote-User and Remote-Groups ( #982 )
...
* Fix dev workflow.
* Fix dev workflow.
* Cover Remote-User and Remote-Groups using Traefik.
* Cover Remote-User and Remote-Groups using HAProxy.
* Fix redirection after unauthorized response when using HAProxy.
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-05-06 11:50:37 +10:00
cc06ab6c18
[CI] Add gocritic linter ( #977 )
...
* [CI] Add gocritic linter
* Implement gocritic recommendations
The outstanding recommendations are due to be addressed in #959 and #971 respectively.
* Fix implementation tests
* Fix remaining linting issues.
* Fix tests.
Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
2020-05-06 10:52:06 +10:00
50f12bc4a4
[SECURITY] Fix Authentication HTTP Status Codes ( #959 )
...
* [FIX] Send correct HTTP status codes for 1FA
* use harmonious func to handle all 1FA attempt errors
* use same harmonious func to handle 2FA attempt errors
* always send a 401 which is correct according to https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/401
* fix tests
* refactor isTargetURLAuthorized
* fix padding and imports
* harmonize remaining return messages
* fixup docs and layout of verifySessionHasUpToDateProfile
2020-05-06 07:27:38 +10:00
dependabot-preview[bot]
Amir Zarrinkafsh
Clément Michaud
James Elliott