Commit Graph

104 Commits (bb24cf16f7e4acca576d2477e84fe58ca924b106)

Author SHA1 Message Date
Clément Michaud ce7b6b8167
Build docker image upfront in CI and use it in integration tests. (#555)
* Build docker image upfront in CI and use it in integration tests.

Previously, the development workflow was broken because the container
generated from Dockerfile.CI was used in dev environments but the binary
was not pre-built as it is on buildkite. I propose to just remove that
image and use the "to be published" image instead in integration tests.

This will have several advantages:
- Fix the dev workflow.
- Remove CI arch from authelia-scripts build command
- Optimize CI time in buildkite since we'll cache a way small artifact
- We don't build authelia more than once for earch arch.

* Fix suites and only build ARM images on master or tagged commits

* Optimise pipeline dependencies and Kubernetes suite to utilise cache

* Run unit tests and docker image build in parallel.

* Fix suite trying to write on read only fs.

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-01-17 20:46:51 +01:00
Amir Zarrinkafsh 9b8be0fef0 Remove Travis and promote Buildkite (#545)
* Remove Travis and promote Buildkite

* Add Docker Size badge to README.md

* Call MicroBadger webhook to update metadata for shields

Add updateMicroBadger function and refactor publishDockerReadme to be called explicitly instead of on every deployManifest call.
2020-01-16 21:57:44 +01:00
James Elliott 242386e279 Force TLS and valid x509 certs in SMTP Notifier by default
- Adjust AUTH LOGIN functionality to be closer to AUTH PLAIN
- Removed: secure (notifier smtp conf) boolean string
- Added: disable_verify_cert (notifier smtp conf) boolean
    - disables X509 validation of certificates
- Added: disable_require_tls (notifier smtp conf) boolean
    - allows emails to be sent over plain text (for non-authenticated only)
- Added: trusted_cert (notifier smtp conf) string (path)
    - allows specifying the path of a PEM format cert to add to trusted cert pool
- Make SMTP notifier return errors on connection over plain text
- Make SMTP notifier return errors on TLS connection with invalid certs
- Implemented various debug logging for the SMTP notifier
- Implemented explicit SMTP closes on errors (previously left con open)
- Split SMTPNotifier Send func to seperate funcs for:
    - writing future test suites and startup checks more easily
    - organization and readability
- Add details of changes to docs/security.yml
- Adjust config.yml's (template and test) for the changes
2020-01-10 17:37:16 +01:00
James Elliott a39245a8e8 Fixed duplicate key in kube example
- rules key was duplicated in the ingress.yml
2020-01-10 17:37:16 +01:00
Amir Zarrinkafsh 7dc4ac5cd9 Create a suite for HAProxy 2020-01-10 11:41:01 +01:00
Silver Bullet eeefec2fac Update references to remove hash router
* Update references to remove hash router

In commit 9ae2096, the redirection parameter is changed in the example `nginx.conf`, and also in other places like `internal/middlewares/identity_verification.go`:

```
- link := fmt.Sprintf("%s://%s/#%s?token=%s", ctx.XForwardedProto(),
+ link := fmt.Sprintf("%s://%s%s?token=%s", ctx.XForwardedProto(),
```
2020-01-10 11:33:18 +01:00
Amir Zarrinkafsh e8ea1d814c Update to Alpine linux 3.11.2 2020-01-02 17:54:47 +11:00
Amir Zarrinkafsh 2fb20882d9
Utilise Buildkite for Authelia CI/CD (#507)
Publish steps are currently disabled.
2019-12-27 22:07:53 +11:00
Amir Zarrinkafsh fabb76754e
Rename org from clems4ever to authelia
Also fix references from config.yml to configuration.yml
2019-12-24 13:14:52 +11:00
Clement Michaud c3569d9bd0 Use static version of Authelia in suites when in CI.
This is to avoid the multiple reloads due to the frontend modules
being installed at the startup of the suite and randomly preventing
Authelia from starting.
2019-12-09 13:03:12 +01:00
Clement Michaud b4a8c4f0ec Introduce version command to Authelia to check the version
The version command displays the tag and the commit hash of the
built commit along with the time when the build was done.
2019-12-09 13:03:12 +01:00
Clement Michaud 3d20142292 Allow administrator to provide a Google Analytics tracking ID.
Providing a GA tracking ID allows administrators to analyze
how the portal is used by their users in large environments,
i.e., with many users.
This will make even more sense when we have users and admins
management interfaces.
2019-12-08 14:31:48 +01:00
Clement Michaud d077ad10da Update expiration timeouts from milliseconds to seconds. 2019-12-07 14:36:24 +01:00
Clement Michaud e21da43fd6 Add support for LDAP over TLS. 2019-12-06 21:33:47 +01:00
Clement Michaud 135cf718d5 Fix DuoPush suite and do some clean up. 2019-12-05 11:05:24 +01:00
Clement Michaud b89f63e9c1 Fix and parallelize integration tests. 2019-12-05 11:05:24 +01:00
Clement Michaud c78a732c6a Rewrite and fix remaining suites in Go. 2019-12-05 11:05:24 +01:00
Clement Michaud 9ae2096d2a Rewrite authelia frontend to improve user experience.
This refactoring simplify the code of the frontend and prepare the
portal for receiving a user settings page and an admin page.
2019-12-05 11:05:24 +01:00
Clement Michaud 3b2d733367 Move source code into internal directory to follow standard project layout.
https://github.com/golang-standards/project-layout
2019-11-17 16:30:33 +01:00
Clement Michaud a06b69dd45 Provide commands to migrate database from v3 to v4. 2019-11-17 16:30:33 +01:00
Clement Michaud 6303485fd2 Add support for PostgreSQL. 2019-11-16 23:39:26 +01:00
Clement Michaud b2ced06402 Fix Kubernetes suite tests.
Also deploy kubernetes dashboard prior to authelia services to ease
debugging of the suite.
2019-11-16 23:39:26 +01:00
Clement Michaud e20112f209 Remove retry mechanism from mysql provider.
The retry logic is implemented in the reflex service script instead.
2019-11-16 23:39:26 +01:00
Clement Michaud 5b836fc4cf Cleanup documentation.
Remove mention of Mongo and basic suites. Also adapt some part
to changes made to authelia-scripts.
2019-11-16 23:39:26 +01:00
Clement Michaud bd19ee48fd Deprecate mongo and add mariadb as storage backend option. 2019-11-16 23:39:26 +01:00
Clement Michaud a991379a74 Declare suites as Go structs and bootstrap e2e test framework in Go.
Some tests are not fully rewritten in Go, a typescript wrapper is called
instead until we remove the remaining TS tests and dependencies.

Also, dockerize every components (mainly Authelia backend, frontend and kind)
so that the project does not interfere with user host anymore (open ports for instance).
The only remaining intrusive change is the one done during bootstrap to add entries in /etc/hosts.
It will soon be avoided using authelia.com domain that I own.
2019-11-15 20:23:06 +01:00
Clement Michaud b9fea361c9 Create suite for testing the docker image.
Running this suite is the first advice given by the
bootstrap script to help the user move forward.

This commit also updates the documentation to reflect
changes introduced by the Go rewrite.
2019-11-03 16:53:47 +01:00
Clement Michaud 828f565290 Bootstrap Go implementation of Authelia.
This is going to be the v4.

Expected improvements:
- More reliable due to static typing.
- Bump of performance.
- Improvement of logging.
- Authelia can be shipped as a single binary.
- Will likely work on ARM architecture.
2019-10-28 23:28:59 +01:00
Clement Michaud 4016ff1bba [BREAKING] Create a suite for Traefik proxy.
* Removal of the Redirect header sent by Authelia /api/verify endpoint.
* Authelia does not consume Host header anymore but X-Forwarded-Proto and X-Forwarded-Host
  to compute the link sent in identity verification emails.
* Authelia used Host header as the application name for U2F authentication but it's now using
  X-Forwarded-* headers.
2019-04-12 09:24:54 +02:00
ViViDboarder 0922b3c215 Build x-original-url from forwarded headers
This is to allow broader support for proxies. In particular, this allows
support with Traefik.

This patch also includes some examples of configuration with Traefik.
2019-04-12 09:24:54 +02:00
Clement Michaud 8a76b5118d Add network criteria in ACLs to specify policy based on network subnet. 2019-03-31 20:11:07 +02:00
Clement Michaud e7c09fddc6 Simplify nginx example configuration. 2019-03-28 23:14:36 +01:00
Clement Michaud d09a307ff8 Fix redirection after 2FA method change.
Authelia was using links with href="#" that changed the URL when clicked
on. Therefore, this commit removes the href property and apply link style
to tags without href property.
2019-03-24 20:02:55 +01:00
Clement Michaud 8ef402511c Add Duo Push Notification option as 2FA. 2019-03-24 15:15:49 +01:00
Clement Michaud d9e487c99f Display only one 2FA option.
Displaying only one option at 2FA stage will allow to add more options
like DUO push or OAuth.

The user can switch to other option and in this case the option is
remembered so that next time, the user will see the same option. The
latest option is considered as the prefered option by Authelia.
2019-03-23 19:34:00 +01:00
Clement Michaud 6a19f7eb91 Add documentation for nginx proxy. 2019-03-22 15:34:42 +01:00
Clement Michaud 76fa325f08 [BREAKING] Create a suite for kubernetes tests.
Authelia client uses hash router instead of browser router in order to work
with Kubernetes nginx-ingress-controller. This is also better for users having
old browsers.

This commit is breaking because it requires to change the configuration of the
proxy to include the # in the URL of the login portal.
2019-03-16 00:13:27 +01:00
Clement Michaud fce2e35c8a Move swarm docker-compose file to dedicated dir in examples. 2019-03-03 11:39:40 +01:00
Clement Michaud d82ebfab0e Move dockerhub example in a suite. 2019-03-03 11:39:40 +01:00
Clement Michaud c5eb86e0fd Fix e2e test with minimal configuration. 2019-03-03 11:39:40 +01:00
Clement Michaud 561578dffc Remove generated nginx portal configuration. 2019-03-03 11:39:40 +01:00
Clement Michaud eccf08b6b0 Authelia can be run locally while communicating with docker environment. 2019-03-03 11:39:40 +01:00
Clement Michaud 1bc0029651 Introduce authelia-cli to ease development cycle. 2019-03-03 11:39:40 +01:00
Clement Michaud 694840790b Redirect to https://login.example.com to avoid errors due to https://localhost 2019-03-03 11:39:40 +01:00
Clement Michaud 9d7155a969 Almost full authentication workflow with U2F and TOTP. 2019-03-03 11:39:40 +01:00
Clement Michaud fe14bde29b Backend and frontend are reloaded on code change. 2019-03-03 11:39:40 +01:00
ViViDboarder 264a94d4e7 Add ability to search for groups using {uid}
On some LDAP servers, the `uid` attribute is more like a guid, while the
username exists instead in a dedicated field, like `username`. This
means the `uid` is not necessarily equal to `username`.

This is allows referencing using the `uid` to search for groups in the same
way as `dn` so that one can explicitly match the `memberuid` to the `uid` for
the user without the assumptions that come with using `{0}`.
2019-02-27 21:34:18 -08:00
BankaiNoJutsu 3d1448d3cc fix permissions 2018-12-18 16:34:56 +01:00
BankaiNoJutsu 48c204fc68 added all themes, clean and backup of dist, --theme value check 2018-12-18 16:30:23 +01:00
Clement Michaud 91763e97a1 Get IP of the original client when querying /verify. 2018-08-28 23:06:14 +02:00