Commit Graph

1979 Commits (bc983ce9f591487b0a17ba993c7002c88f256ca4)

Author SHA1 Message Date
Amir Zarrinkafsh aa03981024
fix(notification): don't remove file based notifier on start up (#1862)
Attempting to run Authelia with least privilege principle as the `nobody` user and a file based notifier will cause issues during start up as the user cannot remove the notification file.

Given that ioutil.WriteFile truncates the file before writing the removal should not be necessary.

Fixes #1846.
2021-03-31 13:27:31 +11:00
RDW 1db23e5228
fix: exit setup.sh if missing pre-requisites (#1863)
* fix: fix early exit in setup.sh script

Running the script with missing prerequisites
doesn't fail, but instead warns the user
that return statements aren't allowed here.

* Apply suggestions from code review

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-03-30 22:37:34 +11:00
James Elliott 6ea62657d9
release: v4.27.4 (#1872) 2021-03-30 16:34:11 +11:00
Amir Zarrinkafsh 661d82587e
fix: remove health checks on compose examples (#1871)
Traefik does not add routes for containers via the Docker provider if the health check does not return healthy, this causes inadvertent user experience issues when attempting the pre-made compose examples.

This change removes the health checks for said examples and also ensures that Traefik logs are written to stdout so a user can view them within the Docker container logs.

Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2021-03-30 16:17:11 +11:00
renovate[bot] dbb819dfa5
build(deps): update traefik docker tag to v1.7.29 (#1869)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-03-30 11:37:38 +11:00
renovate[bot] 122c9126db
build(deps): update module github.com/workiva/go-datastructures to v1.0.53 (#1868)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-03-30 11:15:30 +11:00
renovate[bot] 0c893a2880
build(deps): update module github.com/valyala/fasthttp to v1.23.0 (#1867)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-03-30 10:36:31 +11:00
Amir Zarrinkafsh e816a2e563
ci: publish docker images to ghcr (#1860)
* ci: publish docker images to ghcr

* ci: remove ghcr images with no tags

* ci: remove unnecessary ghcr jq args for empty tags

* ci: move ghcr empty tag clean up

Publishes Docker container images on both DockerHub and GitHub Container Registry.
2021-03-30 09:17:19 +11:00
James Elliott 92f3de28bb
release: v4.27.3 (#1866) 2021-03-29 12:24:05 +11:00
Amir Zarrinkafsh 6855898f92
build(deps): update swagger-ui to v3.45.0 (#1861) 2021-03-29 10:55:09 +11:00
renovate[bot] 1f3cf34080
build(deps): update dependency @types/node to v14.14.37 (#1859)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-03-28 02:21:52 +11:00
renovate[bot] 5ab334dcdc
build(deps): update haproxy docker tag to v2.3.8 (#1858)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-03-28 02:06:58 +11:00
renovate[bot] 322592f679
build(deps): update module github.com/fasthttp/router to v1.3.10 (#1856)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-03-27 09:13:15 +11:00
renovate[bot] 77e21165c9
build(deps): update arm64v8/alpine docker tag to v3.13.3 (#1855)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-03-26 13:54:11 +11:00
renovate[bot] 2177c93aef
build(deps): update arm32v7/alpine docker tag to v3.13.3 (#1854)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-03-26 13:22:22 +11:00
renovate[bot] e6929cdf3e
build(deps): update alpine docker tag to v3.13.3 (#1853)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-03-26 11:30:30 +11:00
renovate[bot] 13ba4d1795
build(deps): update dependency @types/jest to v26.0.22 (#1851)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-03-26 10:40:48 +11:00
renovate[bot] b1d18cab9d
build(deps): update dependency @types/node to v14.14.36 (#1852)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-03-26 09:52:01 +11:00
renovate[bot] 2b75e98402
build(deps): update module github.com/jackc/pgx/v4 to v4.11.0 (#1850)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-03-26 09:04:32 +11:00
renovate[bot] 6d4d1d5e2f
build(deps): update traefik docker tag to v2.4.8 (#1848)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-03-24 19:34:55 +01:00
James Elliott 5b9f505e6c
docs: add issue templates (#1847)
* docs: add issue templates
* ci: skip .github/ dir
2021-03-24 09:50:11 +11:00
renovate[bot] 7a88c848ad
build(deps): update dependency @types/react-dom to v17.0.3 (#1845)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-03-23 20:12:11 +11:00
James Elliott a44f0cf959
fix: redis sentinel secret missing (#1839)
* fix: redis sentinel secret missing

* refactor: use consts for authentication_backend.file.password errs

* fix: unit test for new default port

* test: cover additional misses

* test: fix windows/linux specific test error

* test: more windows specific tests

* test: remove superfluous url.IsAbs

* test: validator 100% coverage
2021-03-22 20:04:09 +11:00
renovate[bot] 7ccbaaffe3
build(deps): update dependency query-string to v7 (#1840)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-03-19 11:03:23 +11:00
Amir Zarrinkafsh 66b010cb59
docs: fix haproxy examples for /api/verify?auth=basic (#1835)
The previous examples did not appropriately pass through the WWW-Authenticate header and 401 when the user was unauthenticated therefore not resulting in a basic auth login prompt.

Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2021-03-18 19:56:08 +11:00
renovate[bot] 8ff018c82f
build(deps): update dependency @types/jest to v26.0.21 (#1837)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-03-17 21:03:07 +01:00
renovate[bot] e7c9d55c23
build(deps): update haproxy docker tag to v2.3.7 (#1834)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-03-17 08:51:46 +11:00
renovate[bot] ef03751f5f
build(deps): update font awesome (#1833)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-03-16 21:46:32 +01:00
renovate[bot] 3cb5a5e7ee
build(deps): update dependency @types/node to v14.14.35 (#1830)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-03-16 09:52:30 +11:00
James Elliott a0248cd096
test(suites): short mode skip suites testing (#1823)
This PR changes the suites tests so if go test -short is used, they are skipped per go standards and a message is displayed. Additionally removed some redundant types from suite_high_availability_test.go and adjusted a warning about a nil req var.
2021-03-14 18:08:26 +11:00
James Elliott 4f5bda768b
release: v4.27.2 (#1822) 2021-03-13 16:34:39 +11:00
James Elliott e3e8df26f2
refactor(session): use github.com/fasthttp/session/v2 instead of github.com/authelia/session/v2 (#1809)
Reverts to the upstream library instead of our maintenance fork.
2021-03-13 16:06:19 +11:00
James Elliott 391c8671e9
fix(handlers): log user as '<anonymous>' instead of a blank string (#1808) 2021-03-13 15:52:07 +11:00
Amir Zarrinkafsh 25fe7b1ebe
fix(web): fix compilation and running in development mode (#1821)
During a `yarn start` the react frontend would throw the following errors during compilation:

```
Starting the development server...

Compiled with warnings.

./src/index.css (./node_modules/css-loader/dist/cjs.js??ref--5-oneOf-4-1!./node_modules/postcss-loader/src??postcss!./src/index.css)
Warning

Greetings, time traveller. We are in the golden age of prefix-less CSS, where Autoprefixer is no longer needed for your stylesheet.

./node_modules/@fortawesome/fontawesome-svg-core/styles.css (./node_modules/css-loader/dist/cjs.js??ref--5-oneOf-4-1!./node_modules/postcss-loader/src??postcss!./node_modules/@fortawesome/fontawesome-svg-core/styles.css)
Warning

Greetings, time traveller. We are in the golden age of prefix-less CSS, where Autoprefixer is no longer needed for your stylesheet.

./src/components/FingerTouchIcon.module.css (./node_modules/css-loader/dist/cjs.js??ref--5-oneOf-5-1!./node_modules/postcss-loader/src??postcss!./src/components/FingerTouchIcon.module.css)
Warning

Greetings, time traveller. We are in the golden age of prefix-less CSS, where Autoprefixer is no longer needed for your stylesheet.

./src/components/PushNotificationIcon.module.css (./node_modules/css-loader/dist/cjs.js??ref--5-oneOf-5-1!./node_modules/postcss-loader/src??postcss!./src/components/PushNotificationIcon.module.css)
Warning

Greetings, time traveller. We are in the golden age of prefix-less CSS, where Autoprefixer is no longer needed for your stylesheet.

Search for the keywords to learn more about each warning.
To ignore, add // eslint-disable-next-line to the line before.
```

This in turn would mean that the server would never finish loading.
This change will allow the code to compile and run appropriately both in production and development modes.
2021-03-13 14:09:51 +11:00
renovate[bot] e5a6b6b85d
build(deps): update dependency @types/node to v14.14.34 (#1814)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-03-13 10:47:21 +11:00
dependabot[bot] cb41f5a643
build(deps): bump react-dev-utils from 11.0.3 to 11.0.4 in /web (#1813)
Bumps [react-dev-utils](https://github.com/facebook/create-react-app/tree/HEAD/packages/react-dev-utils) from 11.0.3 to 11.0.4.
- [Release notes](https://github.com/facebook/create-react-app/releases)
- [Changelog](https://github.com/facebook/create-react-app/blob/master/CHANGELOG-1.x.md)
- [Commits](https://github.com/facebook/create-react-app/commits/HEAD/packages/react-dev-utils)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2021-03-13 10:14:05 +11:00
renovate[bot] 28239214f6
build(deps): update dependency chai to v4.3.4 (#1816)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2021-03-13 09:55:32 +11:00
allcontributors[bot] d43d477265
docs: add craSH as a contributor (#1820)
* docs: update README.md

* docs: update .all-contributorsrc

Co-authored-by: allcontributors[bot] <46447321+allcontributors[bot]@users.noreply.github.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2021-03-13 09:39:40 +11:00
James Elliott 1a43ca7b8a
docs(authorization): document changed resources behavior (#1819)
I missed documenting this change, but prior to 4.27.0 the query param was never considered when matching resources. But that's no longer the case.

Fixes #1817
2021-03-13 09:36:22 +11:00
James Elliott 5e72f8e8c7
build(deps): update to golang 1.16.2 explicitly (#1818) 2021-03-13 09:32:13 +11:00
James Elliott 5a5efa5e02
fix(server): send 404 on missing api endpoints instead of 405 (#1806)
Returns a 404 instead of 405 on bad API endpoints. The original issue was resolved in 3487fd392e however this resolves another issue that's related. Additionally this ensures the behavior is tested.
Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>

Fixes #1520
Closes #1534
2021-03-11 18:36:58 +11:00
James Elliott 2fabfecb55
release: v4.27.1 (#1801) 2021-03-11 12:29:07 +11:00
allcontributors[bot] ac329c53e3
docs: add mardom1 as a contributor (#1804)
* docs: update README.md

* docs: update .all-contributorsrc

Co-authored-by: allcontributors[bot] <46447321+allcontributors[bot]@users.noreply.github.com>
2021-03-11 12:15:31 +11:00
allcontributors[bot] 8191ca2330
docs: add dchidell as a contributor (#1803)
* docs: update README.md

* docs: update .all-contributorsrc

Co-authored-by: allcontributors[bot] <46447321+allcontributors[bot]@users.noreply.github.com>
2021-03-11 12:13:22 +11:00
allcontributors[bot] 28922c762b
docs: add except as a contributor (#1802)
* docs: update README.md

* docs: update .all-contributorsrc

Co-authored-by: allcontributors[bot] <46447321+allcontributors[bot]@users.noreply.github.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2021-03-11 12:11:09 +11:00
James Elliott c310049faa
refactor(authentication): use crypto constant time compare (#1800)
* refactor(authentication): use crypto constant time compare

Improve security with usage of the crypto/subtle ConstantTimeCompare() method for hash comparison.

Fixes #1799

* docs: add explicit labels for chat types
2021-03-11 12:08:49 +11:00
David Chidell 5cf11f87c8
docs(authorizer): important headers for access-control networks (#1794)
* Document X-Forwarded-For capabilities within access-control networks

Adds a short paragraph detailing X-Forwarded-For header behaviour
into the documentation.

* Update docs/configuration/access-control.md

Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>

Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2021-03-11 10:18:39 +11:00
dependabot[bot] c4864ca64c
build(deps): bump elliptic from 6.5.3 to 6.5.4 in /web (#1796)
Bumps [elliptic](https://github.com/indutny/elliptic) from 6.5.3 to 6.5.4.
- [Release notes](https://github.com/indutny/elliptic/releases)
- [Commits](https://github.com/indutny/elliptic/compare/v6.5.3...v6.5.4)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2021-03-10 16:11:36 +11:00
James Elliott 1e46ec6c44
ci: restore dependabot rules (#1797)
Restores the dependabot rules in buildkite for the purpose of security fixes which are handled by dependabot still.
2021-03-10 15:53:33 +11:00
James Elliott 98b47227ee
release: v4.27.0 (#1795) 2021-03-10 11:53:49 +11:00