Commit Graph

160 Commits (c074270b549f62ec3a952bc3e3e522cd79586e30)

Author SHA1 Message Date
Clement Michaud 8a76b5118d Add network criteria in ACLs to specify policy based on network subnet. 2019-03-31 20:11:07 +02:00
Clement Michaud e7c09fddc6 Simplify nginx example configuration. 2019-03-28 23:14:36 +01:00
Clement Michaud 81207b49ad Fix failing second factor when no default redirection url set.
When no default redirection url was set, Duo push second factor was shown as
failing even if authentication was successful.
2019-03-28 22:38:16 +01:00
Clement Michaud 28cc5e7e1b Fix integration tests. 2019-03-24 23:29:46 +01:00
Clement Michaud a717b965c1 Display only available 2FA methods.
For instance Duo Push Notification method is not displayed if the API
is not configured.
2019-03-24 22:23:25 +01:00
Clement Michaud d09a307ff8 Fix redirection after 2FA method change.
Authelia was using links with href="#" that changed the URL when clicked
on. Therefore, this commit removes the href property and apply link style
to tags without href property.
2019-03-24 20:02:55 +01:00
Clement Michaud 4eaafb7115 Update the documentation to include information on Duo. 2019-03-24 18:45:32 +01:00
Clement Michaud 8ef402511c Add Duo Push Notification option as 2FA. 2019-03-24 15:15:49 +01:00
Clement Michaud d9e487c99f Display only one 2FA option.
Displaying only one option at 2FA stage will allow to add more options
like DUO push or OAuth.

The user can switch to other option and in this case the option is
remembered so that next time, the user will see the same option. The
latest option is considered as the prefered option by Authelia.
2019-03-23 19:34:00 +01:00
Clement Michaud 40574bc8ec Fix the bypass strategy.
Before this fix an anonymous user was not able to access a resource
that were configured with a bypass policy. This was due to a useless
check of the userid in the auth session. Moreover, in the case of an
anonymous user, we should not check the inactivity period since there
is no session.

Also refactor /verify endpoint for better testability and add tests
in a new suite.
2019-03-22 23:51:36 +01:00
Clement Michaud 76fa325f08 [BREAKING] Create a suite for kubernetes tests.
Authelia client uses hash router instead of browser router in order to work
with Kubernetes nginx-ingress-controller. This is also better for users having
old browsers.

This commit is breaking because it requires to change the configuration of the
proxy to include the # in the URL of the login portal.
2019-03-16 00:13:27 +01:00
Clement Michaud f8a12b8482 Fix dead link in README of suites. 2019-03-04 00:02:45 +01:00
Clement Michaud 06aa9803bf Update the documentation to include info about suites and authelia-scripts. 2019-03-03 11:40:32 +01:00
Clement Michaud 6ce0ae5d90 Remove description of suites and use suite name instead. 2019-03-03 11:39:41 +01:00
Clement Michaud e8d7fe4111 Move users_database.yml files to dedicated suites. 2019-03-03 11:39:41 +01:00
Clement Michaud 4c0bb2ce7f Rename some suites and add a README for each of them. 2019-03-03 11:39:41 +01:00
Clement Michaud 6d45692906 Create a specific suite for short timeouts to let humans use simple suite. 2019-03-03 11:39:41 +01:00
Clement Michaud 716ae9d378 Bump mocha to use forbidOnly and forbidPending options. 2019-03-03 11:39:40 +01:00
Clement Michaud c534753c2c Increase timeout to prepare environment to 30 seconds. 2019-03-03 11:39:40 +01:00
Clement Michaud d82ebfab0e Move dockerhub example in a suite. 2019-03-03 11:39:40 +01:00
Clement Michaud 8bf87b6b47 Rename minimal suite into simple. 2019-03-03 11:39:40 +01:00
Clement Michaud a1c9bb6302 Improve authelia-scripts to add suites with Docker-based Authelia server. 2019-03-03 11:39:40 +01:00
Clement Michaud 38271e3335 Better integrate Docker related commands in authelia-scripts. 2019-03-03 11:39:40 +01:00
Clement Michaud a56e5adc42 Create /tmp/authelia/db directory when starting minimal suite. 2019-03-03 11:39:40 +01:00
Clement Michaud d2ae2524b7 Create database directory before running integration tests. 2019-03-03 11:39:40 +01:00
Clement Michaud 4adb0569ac Display Authelia server logs when tests fail. 2019-03-03 11:39:40 +01:00
Clement Michaud ecdc91b221 Leave more room for Authelia to spawn and terminate. 2019-03-03 11:39:40 +01:00
Clement Michaud 7ee1e39b8d Build before running integration tests. 2019-03-03 11:39:40 +01:00
Clement Michaud b3d381bfa7 Fix integration and unit tests. 2019-03-03 11:39:40 +01:00
Clement Michaud 5614bea827 Fix unit tests. 2019-03-03 11:39:40 +01:00
Clement Michaud 50d4ab1368 Finish migrating integration tests to mocha. 2019-03-03 11:39:40 +01:00
Clement Michaud 29e2799021 Use driver methods for minimal suite. 2019-03-03 11:39:40 +01:00
Clement Michaud 3702d6607d Replace WaitRedirected assertion by VerifyUrlIs. 2019-03-03 11:39:40 +01:00
Clement Michaud 036d1a4f51 Replace SeeNotification by VerifyNotificationDisplayed assertion. 2019-03-03 11:39:40 +01:00
Clement Michaud c487ed0a37 Migrate more tests to mocha. 2019-03-03 11:39:40 +01:00
Clement Michaud 7c2fd91271 Add basic authentication related tests. 2019-03-03 11:39:40 +01:00
Clement Michaud 595ee97182 Add test behavior VisitPageAndWaitUrlIs. 2019-03-03 11:39:40 +01:00
Clement Michaud c579355c5b Migrate more Cucumber tests into Mocha. 2019-03-03 11:39:40 +01:00
Clement Michaud efceb66ffa Migrate some tests to mocha. 2019-03-03 11:39:40 +01:00
Clement Michaud c5af4498ab Introduce the concept of suite in authelia-scripts. 2019-03-03 11:39:40 +01:00
Clement Michaud e37cca5d45 Add config file in complete suite and remove useless files. 2019-03-03 11:39:40 +01:00
Clement Michaud cc973c5df3 Rename e2e suites. 2019-03-03 11:39:40 +01:00
Clement Michaud d3a790627e Fix inactivity Ãe2e tests. 2019-03-03 11:39:40 +01:00
Clement Michaud d2a547eca6 Fix e2e tests for complete configuration. 2019-03-03 11:39:40 +01:00
Clement Michaud 387187b152 Move minimal configuration into suites directory. 2019-03-03 11:39:40 +01:00
Clement Michaud c5eb86e0fd Fix e2e test with minimal configuration. 2019-03-03 11:39:40 +01:00
Clement Michaud eccf08b6b0 Authelia can be run locally while communicating with docker environment. 2019-03-03 11:39:40 +01:00
Clement Michaud b53d16d8a1 Introduce Subject and Object in authorization module. 2018-11-17 18:29:10 +01:00
Clement Michaud 97bfafb6eb [BREAKING] Flatten the ACL rules to enable some use cases.
With previous configuration format rules were not ordered between groups and
thus not predictable. Also in some cases `any` must have been a higher
precedence than `groups`. Flattening the rules let the user apply whatever
policy he can think of.

When several rules match the (subject, domain, resource), the first one is
applied.

NOTE: This commit changed the format for declaring ACLs. Be sure to update
your configuration file before upgrading.
2018-11-17 18:08:29 +01:00
Clement Michaud 42581dfe93 Fix open redirection vulnerability.
In order to redirect the user after authentication, Authelia uses
rd query parameter provided by the proxy. However an attacker could
use phishing to make the user be redirected to a bad domain. In order
to avoid the user to be redirected to a bad location, Authelia now
verifies the redirection URL is under the protected domain.
2018-11-17 17:48:20 +01:00